From: Amos Jeffries Date: Thu, 17 Feb 2011 14:57:33 +0000 (+1300) Subject: squidclient: send cachemgr password via -w option X-Git-Tag: take03^2~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f3e5473fe62668ba3f5284339ff955fbe69a775;p=thirdparty%2Fsquid.git squidclient: send cachemgr password via -w option Preparation for internal cachemgr updates to use real proxy-auth. The cachamgr password may now be sent in three ways: Deprecated: mgr:info@password Current Option: -w password mgr:info Preferred: -u username -w password mgr:info The old explicit @ syntax is now deprecated for visible use. The background systems will still send it that way for cache_object: URLs. Use of this overrides any -w option set. So it is still possible to login to a proxy with one set of credentials and pass a separate password to the cachemgr. The long-term plan is to drop @ completely in future. The current option of just -w will convert the password to @ syntax in the background but not add Proxy-Authentication headers. This may die in future. The preferred alternative is to use -u and -w which triggers addition of real Proxy-Authenticate headers. The username is not yet used by cachemgr but may be required by the proxy ACL configuration. --- diff --git a/tools/squidclient.cc b/tools/squidclient.cc index fa4d14159c..44101650a2 100644 --- a/tools/squidclient.cc +++ b/tools/squidclient.cc @@ -395,7 +395,15 @@ main(int argc, char *argv[]) /* Build the HTTP request */ if (strncmp(url, "mgr:", 4) == 0) { char *t = xstrdup(url + 4); - snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t); + const char *at = NULL; + if (!strrchr(t, '@')) { // ignore any -w password if @ is explicit already. + at = proxy_password; + } + // embed the -w proxy password into old-style cachemgr URLs + if (at) + snprintf(url, BUFSIZ, "cache_object://%s/%s@%s", hostname, t, at); + else + snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t); xfree(t); } if (put_file) {