From: Amos Jeffries Date: Wed, 30 Mar 2011 12:38:06 +0000 (-0600) Subject: squidclient: send cachemgr password via -w option X-Git-Tag: SQUID_3_1_12~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=012299a19286d993aea606c3cd90f2ffdd9afb6e;p=thirdparty%2Fsquid.git squidclient: send cachemgr password via -w option Preparation for internal cachemgr updates to use real proxy-auth. The cachamgr password may now be sent in three ways: Deprecated: mgr:info@password Current Option: -w password mgr:info Preferred: -u username -w password mgr:info The old explicit @ syntax is now deprecated for visible use. The background systems will still send it that way for cache_object: URLs. Use of this overrides any -w option set. So it is still possible to login to a proxy with one set of credentials and pass a separate password to the cachemgr. The long-term plan is to drop @ completely in future. The current option of just -w will convert the password to @ syntax in the background but not add Proxy-Authentication headers. This may die in future. The preferred alternative is to use -u and -w which triggers addition of real Proxy-Authenticate headers. The username is not yet used by cachemgr but may be required by the proxy ACL configuration. --- diff --git a/tools/squidclient.cc b/tools/squidclient.cc index 4ba5ba5351..77e9a83e6a 100644 --- a/tools/squidclient.cc +++ b/tools/squidclient.cc @@ -343,7 +343,15 @@ main(int argc, char *argv[]) /* Build the HTTP request */ if (strncmp(url, "mgr:", 4) == 0) { char *t = xstrdup(url + 4); - snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t); + const char *at = NULL; + if (!strrchr(t, '@')) { // ignore any -w password if @ is explicit already. + at = proxy_password; + } + // embed the -w proxy password into old-style cachemgr URLs + if (at) + snprintf(url, BUFSIZ, "cache_object://%s/%s@%s", hostname, t, at); + else + snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t); xfree(t); } if (put_file) {