From 6306f8888a64318d4033563b4b43f569285ab498 Mon Sep 17 00:00:00 2001
From: David Maloney <David_Maloney@rapid7.com>
Date: Tue, 15 Nov 2011 08:52:18 -0800
Subject: [PATCH] Fix to the username normalisation routine to deal with creds
 that have no username (i.e. VNC)

---
 lib/msf/core/db.rb | 34 +++++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 11 deletions(-)

diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb
index 36c324028a..f92604a2ca 100644
--- a/lib/msf/core/db.rb
+++ b/lib/msf/core/db.rb
@@ -973,25 +973,37 @@ class DBManager
 
 		ret = {}
 
+		#Check to see if the creds already exist. We look also for a downcased username with the
+		#same password because we can fairly safely assume they are not in fact two seperate creds.
+		#this allows us to hedge against duplication of creds in the DB.
+
+		if duplicate_ok
 		# If duplicate usernames are okay, find by both user and password (allows
 		# for actual duplicates to get modified updated_at, sources, etc)
-		if duplicate_ok
-			cred = service.creds.find_by_user_and_ptype_and_pass(token[0] || "", ptype, token[1] || "")
-			unless cred
-				dcu = token[0].downcase
-				cred = service.creds.find_by_user_and_ptype_and_pass( dcu || "", ptype, token[1] || "")
+			if token[0].nil? or token[0].empty?
+				cred = service.creds.find_or_initalize_by_user_and_ptype_and_pass(token[0] || "", ptype, token[1] || "")
+			else
+				cred = service.creds.find_by_user_and_ptype_and_pass(token[0] || "", ptype, token[1] || "")
 				unless cred
-					cred = service.creds.find_or_initalize_by_user_and_ptype_and_pass(token[0] || "", ptype, token[1] || "")
+					dcu = token[0].downcase
+					cred = service.creds.find_by_user_and_ptype_and_pass( dcu || "", ptype, token[1] || "")
+					unless cred
+						cred = service.creds.find_or_initalize_by_user_and_ptype_and_pass(token[0] || "", ptype, token[1] || "")
+					end
 				end
 			end
 		else
 			# Create the cred by username only (so we can change passwords)
-			cred = service.creds.find_by_user_and_ptype(token[0] || "", ptype)
-			unless cred
-				dcu = token[0].downcase
-				cred = service.creds.find_by_user_and_ptype_and_pass( dcu || "", ptype, token[1] || "")
+			if token[0].nil? or token[0].empty?
+				cred = service.creds.find_or_initialize_by_user_and_ptype(token[0] || "", ptype)
+			else
+				cred = service.creds.find_by_user_and_ptype(token[0] || "", ptype)
 				unless cred
-					cred = service.creds.find_or_initialize_by_user_and_ptype(token[0] || "", ptype)
+					dcu = token[0].downcase
+					cred = service.creds.find_by_user_and_ptype_and_pass( dcu || "", ptype, token[1] || "")
+					unless cred
+						cred = service.creds.find_or_initialize_by_user_and_ptype(token[0] || "", ptype)
+					end
 				end
 			end
 		end