squidclient: send cachemgr password via -w option

Preparation for internal cachemgr updates to use real proxy-auth.

The cachamgr password may now be sent in three ways:
  Deprecated:      mgr:info@password
  Current Option:  -w password mgr:info
  Preferred:       -u username -w password mgr:info

The old explicit @ syntax is now deprecated for visible use. The background
systems will still send it that way for cache_object: URLs. Use of this
overrides any -w option set. So it is still possible to login to a proxy
with one set of credentials and pass a separate password to the cachemgr.
The long-term plan is to drop @ completely in future.

The current option of just -w will convert the password to @ syntax in the
background but not add Proxy-Authentication headers. This may die in future.

The preferred alternative is to use -u and -w which triggers addition of real
Proxy-Authenticate headers. The username is not yet used by cachemgr but
may be required by the proxy ACL configuration.

diff --git a/tools/squidclient.cc b/tools/squidclient.cc
index fa4d14159cea6c3a2a461fdfa1dc84bff80b1466..44101650a2cb9b5fac311524ad397cdf4ae45f0e 100644 (file)
--- a/tools/squidclient.cc
+++ b/tools/squidclient.cc
@@ -395,7 +395,15 @@ main(int argc, char *argv[])
     /* Build the HTTP request */
     if (strncmp(url, "mgr:", 4) == 0) {
         char *t = xstrdup(url + 4);
-        snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t);
+        const char *at = NULL;
+        if (!strrchr(t, '@')) { // ignore any -w password if @ is explicit already.
+            at = proxy_password;
+        }
+        // embed the -w proxy password into old-style cachemgr URLs
+        if (at)
+            snprintf(url, BUFSIZ, "cache_object://%s/%s@%s", hostname, t, at);
+        else
+            snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t);
         xfree(t);
     }
     if (put_file) {