minor fix (credentials were only set for the first target)

2025-02-03 05:04:11 +03:00 · 2012-06-04 22:30:12 +00:00 · 2012-06-04 22:30:12 +00:00 · f94ebe3107
commit f94ebe3107
parent 738073105e
2 changed files with 19 additions and 7 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1017,17 +1017,16 @@ def __setHTTPAuthentication():
        if not aCredRegExp:
            raise sqlmapSyntaxException, errMsg

-        authUsername = aCredRegExp.group(1)
-        authPassword = aCredRegExp.group(2)
+        conf.authUsername = aCredRegExp.group(1)
+        conf.authPassword = aCredRegExp.group(2)

-        passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
-        passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
+        kb.passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()

        if aTypeLower == "basic":
-            authHandler = SmartHTTPBasicAuthHandler(passwordMgr)
+            authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr)

        elif aTypeLower == "digest":
-            authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
+            authHandler = urllib2.HTTPDigestAuthHandler(kb.passwordMgr)

        elif aTypeLower == "ntlm":
            try:
@ -1038,7 +1037,7 @@ def __setHTTPAuthentication():
                errMsg += "http://code.google.com/p/python-ntlm/"
                raise sqlmapMissingDependence, errMsg

-            authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
+            authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
    else:
        debugMsg = "setting the HTTP(s) authentication certificate"
        logger.debug(debugMsg)
@ -1374,6 +1373,8 @@ def __setConfAttributes():
    debugMsg = "initializing the configuration"
    logger.debug(debugMsg)

+    conf.authUsername = None
+    conf.authPassword = None
    conf.boundaries = []
    conf.cj = None
    conf.dbmsConnector = None
@ -1522,6 +1523,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    if flushAll:
        kb.headerPaths = {}
        kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
+        kb.passwordMgr = None
        kb.scanOnlyGoogleGETs = None
        kb.tamperFunctions = []
        kb.targetUrls = oset()
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -34,6 +34,7 @@ from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.exception import sqlmapUserQuitException
+from lib.core.option import authHandler
 from lib.core.option import __setDBMS
 from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
@ -331,6 +332,14 @@ def __setResultsFile():

        logger.info("using '%s' as results file" % conf.resultsFilename)

+def __setAuthCred():
+    """
+    Adds authentication credentials (if any) for current target to the password manager (used by connection handler).
+    """
+
+    if kb.passwordMgr:
+        kb.passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), conf.authUsername, conf.authPassword)
+
 def __createFilesDir():
    """
    Create the file directory.
@ -440,3 +449,4 @@ def setupTargetEnv():
    __setHashDB()
    __resumeHashDBValues()
    __setResultsFile()
+    __setAuthCred()