Fix (we are not using certificate but PEM private key file in this particular authentication; also, auxiliary cert_file is holding certificate chain that is ignored by python itself)

stamparm · stamparm · commit a3defc175dcd · 2013-09-11T23:17:18.000+02:00
diff --git a/extra/shutils/_sqlmap.py b/extra/shutils/_sqlmap.py
diff --git a/lib/core/enums.py b/lib/core/enums.py
@@ -323,4 +323,4 @@ class AUTH_TYPE:
     BASIC = "basic"
     DIGEST = "digest"
     NTLM = "ntlm"
-    CERT = "cert"
+    PKI = "pki"
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -27,6 +27,7 @@
 from lib.controller.checks import checkConnection
 from lib.core.common import Backend
 from lib.core.common import boldifyMessage
+from lib.core.common import checkFile
 from lib.core.common import dataToStdout
 from lib.core.common import getPublicTypeMembers
 from lib.core.common import extractRegexResult
@@ -133,8 +134,8 @@
 from lib.request.connect import Connect as Request
 from lib.request.dns import DNSServer
 from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler
-from lib.request.certhandler import HTTPSCertAuthHandler
 from lib.request.httpshandler import HTTPSHandler
+from lib.request.pkihandler import HTTPSPKIAuthHandler
 from lib.request.rangehandler import HTTPRangeHandler
 from lib.request.redirecthandler import SmartRedirectHandler
 from lib.request.templates import getPageTemplate
@@ -1102,17 +1103,17 @@ def _setAuthCred():
 
 def _setHTTPAuthentication():
     """
-    Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
-    username and password for first three methods, or key file and certification file for
-    certificate authentication
+    Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or PKI),
+    username and password for first three methods, or PEM private key file for
+    PKI authentication
     """
 
     global authHandler
 
-    if not conf.authType and not conf.authCred and not conf.authCert:
+    if not conf.authType and not conf.authCred and not conf.authPrivate:
         return
 
-    elif conf.authType and not conf.authCred and not conf.authCert:
+    elif conf.authType and not conf.authCred and not conf.authPrivate:
         errMsg = "you specified the HTTP authentication type, but "
         errMsg += "did not provide the credentials"
         raise SqlmapSyntaxException(errMsg)
@@ -1122,15 +1123,15 @@ def _setHTTPAuthentication():
         errMsg += "but did not provide the type"
         raise SqlmapSyntaxException(errMsg)
 
-    if not conf.authCert:
+    if not conf.authPrivate:
         debugMsg = "setting the HTTP authentication type and credentials"
         logger.debug(debugMsg)
 
         aTypeLower = conf.authType.lower()
 
-        if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.CERT):
+        if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.PKI):
             errMsg = "HTTP authentication type value must be "
-            errMsg += "Basic, Digest, NTLM or Cert"
+            errMsg += "Basic, Digest, NTLM or PKI"
             raise SqlmapSyntaxException(errMsg)
         elif aTypeLower in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST):
             regExp = "^(.*?):(.*?)$"
@@ -1140,9 +1141,9 @@ def _setHTTPAuthentication():
             regExp = "^(.*\\\\.*):(.*?)$"
             errMsg = "HTTP NTLM authentication credentials value must "
             errMsg += "be in format 'DOMAIN\username:password'"
-        elif aTypeLower == AUTH_TYPE.CERT:
-            errMsg = "HTTP Cert authentication require "
-            errMsg += "usage of option `--auth-cert`"
+        elif aTypeLower == AUTH_TYPE.PKI:
+            errMsg = "HTTP PKI authentication require "
+            errMsg += "usage of option `--auth-pki`"
             raise SqlmapSyntaxException(errMsg)
 
         aCredRegExp = re.search(regExp, conf.authCred)
@@ -1174,26 +1175,12 @@ def _setHTTPAuthentication():
 
             authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
     else:
-        debugMsg = "setting the HTTP(s) authentication certificate"
+        debugMsg = "setting the HTTP(s) authentication PEM private key"
         logger.debug(debugMsg)
 
-        aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.authCert)
-
-        if not aCertRegExp:
-            errMsg = "HTTP authentication certificate option "
-            errMsg += "must be in format 'key_file,cert_file'"
-            raise SqlmapSyntaxException(errMsg)
-
-        # os.path.expanduser for support of paths with ~
-        key_file = os.path.expanduser(aCertRegExp.group(1))
-        cert_file = os.path.expanduser(aCertRegExp.group(2))
-
-        for ifile in (key_file, cert_file):
-            if not os.path.exists(ifile):
-                errMsg = "file '%s' does not exist" % ifile
-                raise SqlmapSyntaxException(errMsg)
-
-        authHandler = HTTPSCertAuthHandler(key_file, cert_file)
+        key_file = os.path.expanduser(conf.authPrivate)
+        checkFile(key_file)
+        authHandler = HTTPSPKIAuthHandler(key_file)
 
 def _setHTTPMethod():
     """
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -35,7 +35,7 @@
                                "headers":           "string",
                                "authType":          "string",
                                "authCred":          "string",
-                               "authCert":          "string",
+                               "authPrivate":       "string",
                                "proxy":             "string",
                                "proxyCred":         "string",
                                "proxyFile":         "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -117,15 +117,14 @@ def cmdLineParser():
 
         request.add_option("--auth-type", dest="authType",
                            help="HTTP authentication type "
-                                "(Basic, Digest, NTLM or Cert)")
+                                "(Basic, Digest, NTLM or PKI)")
 
         request.add_option("--auth-cred", dest="authCred",
                            help="HTTP authentication credentials "
                                 "(name:password)")
 
-        request.add_option("--auth-cert", dest="authCert",
-                           help="HTTP authentication certificate ("
-                                "key_file,cert_file)")
+        request.add_option("--auth-private", dest="authPrivate",
+                           help="HTTP authentication PEM private key file")
 
         request.add_option("--proxy", dest="proxy",
                            help="Use a proxy to connect to the target URL")
diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py
@@ -10,14 +10,13 @@
 
 from lib.core.data import conf
 
-class HTTPSCertAuthHandler(urllib2.HTTPSHandler):
-    def __init__(self, key_file, cert_file):
+class HTTPSPKIAuthHandler(urllib2.HTTPSHandler):
+    def __init__(self, key_file):
         urllib2.HTTPSHandler.__init__(self)
         self.key_file = key_file
-        self.cert_file = cert_file
 
     def https_open(self, req):
         return self.do_open(self.getConnection, req)
 
     def getConnection(self, host, timeout=None):
-        return httplib.HTTPSConnection(host, key_file=self.key_file, cert_file=self.cert_file, timeout=conf.timeout)
+        return httplib.HTTPSConnection(host, key_file=self.key_file, timeout=conf.timeout)
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -78,18 +78,18 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
 
 # HTTP Authentication type. Useful only if the target URL requires
 # HTTP Basic, Digest or NTLM authentication and you have such data.
-# Valid: Basic, Digest, NTLM or Cert
+# Valid: Basic, Digest, NTLM or PKI
 authType = 
 
 # HTTP authentication credentials. Useful only if the target URL requires
 # HTTP Basic, Digest or NTLM authentication and you have such data.
 # Syntax: username:password
 authCred = 
 
-# HTTP Authentication certificate. Useful only if the target URL requires
-# logon certificate and you have such data.
-# Syntax: key_file,cert_file
-authCert = 
+# HTTP Authentication PEM private key. Useful only if the target URL requires
+# PKI authentication and you have such data.
+# Syntax: key_file
+authPrivate = 
 
 # Use a proxy to connect to the target URL.
 # Syntax: http://address:port
