break;
}
}
+ if (ProxyAuthorization.password && !ProxyAuthorization.user) {
+ std::cerr << "ERROR: Proxy authentication password (-w) is given, but username (-u) is missing\n";
+ exit(EXIT_FAILURE);
+ }
+ if (OriginAuthorization.password && !OriginAuthorization.user) {
+ std::cerr << "ERROR: WWW authentication password (-W) is given, but username (-U) is missing\n";
+ exit(EXIT_FAILURE);
+ }
}
#if _SQUID_WINDOWS_
{
}
#endif
/* Build the HTTP request */
+ const char *pathPassword = nullptr;
if (strncmp(url, "mgr:", 4) == 0) {
char *t = xstrdup(url + 4);
- const char *at = nullptr;
- if (!strrchr(t, '@')) { // ignore any -w password if @ is explicit already.
- at = ProxyAuthorization.password;
+ // XXX: Bail on snprintf() failures
+ snprintf(url, sizeof(url), "http://%s:%hu/squid-internal-mgr/%s", Transport::Config.hostname, Transport::Config.port, t);
+ if (const auto at = strrchr(url, '@')) {
+ if (!OriginAuthorization.user) {
+ std::cerr << "ERROR: Embedding a password in a cache manager command requires " <<
+ "providing a username with -U: mgr:" << t << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ *at = 0; // send password in Authorization header, not URL
+ pathPassword = at + 1; // the now-removed embedded @password overwrites OriginAuthorization.password further below
}
- // embed the -w proxy password into old-style cachemgr URLs
- if (at)
- snprintf(url, sizeof(url), "cache_object://%s/%s@%s", Transport::Config.hostname, t, at);
- else
- snprintf(url, sizeof(url), "cache_object://%s/%s", Transport::Config.hostname, t);
xfree(t);
}
if (put_file) {
}
if (ProxyAuthorization.user)
ProxyAuthorization.commit(msg);
- if (OriginAuthorization.user)
+ if (OriginAuthorization.user) {
+ const auto savedPassword = OriginAuthorization.password;
+ if (pathPassword)
+ OriginAuthorization.password = pathPassword;
OriginAuthorization.commit(msg);
+ OriginAuthorization.password = savedPassword; // restore the global password setting
+ }
#if HAVE_GSSAPI
if (www_neg) {
if (host) {