OK, so I found a spot where the module is loaded from and a new object is
created:
my $varnish = Varnish::CLI->new( host => $VarnishHost,
port => $self->{VarnishAdminPort}
// 6082,
secret => $self->{VarnishSecret} //
'',
) or return;
I don't understand this line above:
secret => $self->{VarnishSecret} // '',
Am I looking for a hash now? I tried various things. "//" must be a
comment? I entered my GUID in different places without luck:
secret => $self->{'MY_GUID'} // '',
secret => $self->{VarnishSecret} // 'MY_GUID',
On Sun, Nov 15, 2020 at 6:42 AM Marco Shaw <[email protected]> wrote:
> https://metacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCLI.pm
>
> I don't know if I'm doing something wrong. I'm trying to use this CLI
> against an upgraded Varnish server and it seems the new version is built
> with a secret being required to connect remotely.
>
> I think the relevant sections are below.
>
> For #1, I couldn't find any examples online, but my guess is I can just
> modify my like this:
> my $varnish = Varnish::CLI->new( secret => 'ENTER_LONG_STRING_HERE' );
>
> It asks for the contents of my secret (/etc/varnish/secret) file which is
> GUID-like and I entered that directly in the line above. I tried with both
> single quotes and none.
>
> If I have #1 right, I think I've confirmed a "107" is being returned with
> a telnet session, but it doesn't appear that #2 is working right as this
> comes directly on the screen:
> "Connection failed: authentication required, but no secret given\n"
>
> I don't understand this syntax:
> if( not $self->secret() ){
>
> My guess is it evaluates if my secret variable is empty?
>
> My next steps might be:
> -Setup a network sniffer
> -Try to figure out if this 0.03 version doesn't deal with the challenge
> properly with the latest Varnish
>
> #1
> --------------
> If you have started your Varnish CLI with a secret, you must will have to
> pass the contents
> of your secret file, otherwise authentication will fail... Makes sense!!
> :)
> Remember - complete contents of the secret file (including a newline if it
> exists!)
>
> my $varnish = Varnish::CLI->new( secret => $secret );
> --------------
>
> #2
> --------------
> # A 107 response on connection means the Varnish CLI expects
> authentication
> if( $self->last_status() == 107 ){
> if( not $self->secret() ){
> croak( "Connection failed: authentication required, but no
> secret given\n" );
> }
>
> my $challenge = substr( $self->last_lines()->[0], 0, 32 );
> my $auth = sha256_hex( $challenge . "\n" . $self->secret() .
> $challenge . "\n" );
> $self->send( "auth $auth" );
> if( $self->last_status != 200 ){
> croak( "Authentication failed!\n" );
> }
> }
> --------------
> ...
>
