minor fix (credentials were only set for the first target)

lib/core/option.py

@@ -1017,17 +1017,16 @@ def __setHTTPAuthentication():
         if not aCredRegExp:
             raise sqlmapSyntaxException, errMsg
 
-        authUsername = aCredRegExp.group(1)
+        conf.authUsername = aCredRegExp.group(1)
-        authPassword = aCredRegExp.group(2)
+        conf.authPassword = aCredRegExp.group(2)
 
-        passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
+        kb.passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
-        passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
 
         if aTypeLower == "basic":
-            authHandler = SmartHTTPBasicAuthHandler(passwordMgr)
+            authHandler = SmartHTTPBasicAuthHandler(kb.passwordMgr)
 
         elif aTypeLower == "digest":
-            authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
+            authHandler = urllib2.HTTPDigestAuthHandler(kb.passwordMgr)
 
         elif aTypeLower == "ntlm":
             try:
@@ -1038,7 +1037,7 @@ def __setHTTPAuthentication():
                 errMsg += "http://code.google.com/p/python-ntlm/"
                 raise sqlmapMissingDependence, errMsg
 
-            authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
+            authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
     else:
         debugMsg = "setting the HTTP(s) authentication certificate"
         logger.debug(debugMsg)
@@ -1374,6 +1373,8 @@ def __setConfAttributes():
     debugMsg = "initializing the configuration"
     logger.debug(debugMsg)
 
+    conf.authUsername = None
+    conf.authPassword = None
     conf.boundaries = []
     conf.cj = None
     conf.dbmsConnector = None
@@ -1522,6 +1523,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     if flushAll:
         kb.headerPaths = {}
         kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
+        kb.passwordMgr = None
         kb.scanOnlyGoogleGETs = None
         kb.tamperFunctions = []
         kb.targetUrls = oset()

lib/core/target.py

@@ -34,6 +34,7 @@ from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.exception import sqlmapUserQuitException
+from lib.core.option import authHandler
 from lib.core.option import __setDBMS
 from lib.core.option import __setKnowledgeBaseAttributes
 from lib.core.session import resumeConfKb
@@ -331,6 +332,14 @@ def __setResultsFile():
 
         logger.info("using '%s' as results file" % conf.resultsFilename)
 
+def __setAuthCred():
+    """
+    Adds authentication credentials (if any) for current target to the password manager (used by connection handler).
+    """
+
+    if kb.passwordMgr:
+        kb.passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), conf.authUsername, conf.authPassword)
+
 def __createFilesDir():
     """
     Create the file directory.
@@ -440,3 +449,4 @@ def setupTargetEnv():
     __setHashDB()
     __resumeHashDBValues()
     __setResultsFile()
+    __setAuthCred()