|
|
e6ac7e |
diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
|
|
|
e6ac7e |
index 1ec4e15..fb5146e 100644
|
|
|
e6ac7e |
--- a/tools/cachemgr.cc
|
|
|
e6ac7e |
+++ b/tools/cachemgr.cc
|
|
|
e6ac7e |
@@ -354,7 +354,7 @@ auth_html(const char *host, int port, const char *user_name)
|
|
|
e6ac7e |
|
|
|
e6ac7e |
printf("Manager name:
|
|
|
e6ac7e |
|
|
|
e6ac7e |
- printf("size=\"30\" VALUE=\"%s\">\n", user_name);
|
|
|
e6ac7e |
+ printf("size=\"30\" VALUE=\"%s\">\n", rfc1738_escape(user_name));
|
|
|
e6ac7e |
|
|
|
e6ac7e |
printf("Password:
|
|
|
e6ac7e |
|
|
|
e6ac7e |
@@ -418,7 +418,7 @@ menu_url(cachemgr_request * req, const char *action)
|
|
|
e6ac7e |
script_name,
|
|
|
e6ac7e |
req->hostname,
|
|
|
e6ac7e |
req->port,
|
|
|
e6ac7e |
- safe_str(req->user_name),
|
|
|
e6ac7e |
+ rfc1738_escape(safe_str(req->user_name)),
|
|
|
e6ac7e |
action,
|
|
|
e6ac7e |
safe_str(req->pub_auth));
|
|
|
e6ac7e |
return url;
|
|
|
e6ac7e |
@@ -1073,8 +1073,8 @@ make_pub_auth(cachemgr_request * req)
|
|
|
e6ac7e |
const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s",
|
|
|
e6ac7e |
req->hostname,
|
|
|
e6ac7e |
(int) now,
|
|
|
e6ac7e |
- req->user_name ? req->user_name : "",
|
|
|
e6ac7e |
- req->passwd);
|
|
|
e6ac7e |
+ rfc1738_escape(safe_str(req->user_name)),
|
|
|
e6ac7e |
+ rfc1738_escape(req->passwd));
|
|
|
e6ac7e |
debug("cmgr: pre-encoded for pub: %s\n", buf);
|
|
|
e6ac7e |
|
|
|
e6ac7e |
const int encodedLen = base64_encode_len(bufLen);
|
|
|
e6ac7e |
@@ -1089,8 +1089,6 @@ decode_pub_auth(cachemgr_request * req)
|
|
|
e6ac7e |
char *buf;
|
|
|
e6ac7e |
const char *host_name;
|
|
|
e6ac7e |
const char *time_str;
|
|
|
e6ac7e |
- const char *user_name;
|
|
|
e6ac7e |
- const char *passwd;
|
|
|
e6ac7e |
|
|
|
e6ac7e |
debug("cmgr: decoding pub: '%s'\n", safe_str(req->pub_auth));
|
|
|
e6ac7e |
safe_free(req->passwd);
|
|
|
e6ac7e |
@@ -1119,17 +1117,21 @@ decode_pub_auth(cachemgr_request * req)
|
|
|
e6ac7e |
|
|
|
e6ac7e |
debug("cmgr: decoded time: '%s' (now: %d)\n", time_str, (int) now);
|
|
|
e6ac7e |
|
|
|
e6ac7e |
+ char *user_name;
|
|
|
e6ac7e |
if ((user_name = strtok(NULL, "|")) == NULL) {
|
|
|
e6ac7e |
xfree(buf);
|
|
|
e6ac7e |
return;
|
|
|
e6ac7e |
}
|
|
|
e6ac7e |
+ rfc1738_unescape(user_name);
|
|
|
e6ac7e |
|
|
|
e6ac7e |
debug("cmgr: decoded uname: '%s'\n", user_name);
|
|
|
e6ac7e |
|
|
|
e6ac7e |
+ char *passwd;
|
|
|
e6ac7e |
if ((passwd = strtok(NULL, "|")) == NULL) {
|
|
|
e6ac7e |
xfree(buf);
|
|
|
e6ac7e |
return;
|
|
|
e6ac7e |
}
|
|
|
e6ac7e |
+ rfc1738_unescape(passwd);
|
|
|
e6ac7e |
|
|
|
e6ac7e |
debug("cmgr: decoded passwd: '%s'\n", passwd);
|
|
|
e6ac7e |
|
|
|
76e176 |
diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
|
|
|
76e176 |
index fb5146e..388c87b 100644
|
|
|
76e176 |
--- a/tools/cachemgr.cc
|
|
|
76e176 |
+++ b/tools/cachemgr.cc
|
|
|
76e176 |
@@ -1069,14 +1069,20 @@ make_pub_auth(cachemgr_request * req)
|
|
|
76e176 |
if (!req->passwd || !strlen(req->passwd))
|
|
|
76e176 |
return;
|
|
|
76e176 |
|
|
|
76e176 |
+ auto *rfc1738_username = xstrdup(rfc1738_escape(safe_str(req->user_name)));
|
|
|
76e176 |
+ auto *rfc1738_passwd = xstrdup(rfc1738_escape(req->passwd));
|
|
|
76e176 |
+
|
|
|
76e176 |
/* host | time | user | passwd */
|
|
|
76e176 |
const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s",
|
|
|
76e176 |
req->hostname,
|
|
|
76e176 |
(int) now,
|
|
|
76e176 |
- rfc1738_escape(safe_str(req->user_name)),
|
|
|
76e176 |
- rfc1738_escape(req->passwd));
|
|
|
76e176 |
+ rfc1738_username,
|
|
|
76e176 |
+ rfc1738_passwd);
|
|
|
76e176 |
debug("cmgr: pre-encoded for pub: %s\n", buf);
|
|
|
76e176 |
|
|
|
76e176 |
+ safe_free(rfc1738_username);
|
|
|
76e176 |
+ safe_free(rfc1738_passwd);
|
|
|
76e176 |
+
|
|
|
76e176 |
const int encodedLen = base64_encode_len(bufLen);
|
|
|
76e176 |
req->pub_auth = (char *) xmalloc(encodedLen);
|
|
|
76e176 |
base64_encode_str(req->pub_auth, encodedLen, buf, bufLen);
|