Varnish module configuration

--000000000000e6cdb805b422ea3b
Content-Type: text/plain; charset="UTF-8"

https://metacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCLI.pm

I don't know if I'm doing something wrong.  I'm trying to use this CLI
against an upgraded Varnish server and it seems the new version is built
with a secret being required to connect remotely.

I think the relevant sections are below.

For #1, I couldn't find any examples online, but my guess is I can just
modify my like this:
    my $varnish = Varnish::CLI->new( secret => 'ENTER_LONG_STRING_HERE' );

It asks for the contents of my secret (/etc/varnish/secret) file which is
GUID-like and I entered that directly in the line above.  I tried with both
single quotes and none.

If I have #1 right, I think I've confirmed a "107" is being returned with a
telnet session, but it doesn't appear that #2 is working right as this
comes directly on the screen:
    "Connection failed: authentication required, but no secret given\n"

I don't understand this syntax:
        if( not $self->secret() ){

My guess is it evaluates if my secret variable is empty?

My next steps might be:
-Setup a network sniffer
-Try to figure out if this 0.03 version doesn't deal with the challenge
properly with the latest Varnish

#1
--------------
If you have started your Varnish CLI with a secret, you must will have to
pass the contents
of your secret file, otherwise authentication will fail...  Makes sense!! :)
Remember - complete contents of the secret file (including a newline if it
exists!)

    my $varnish = Varnish::CLI->new( secret => $secret );
--------------

#2
--------------
    # A 107 response on connection means the Varnish CLI expects
authentication
    if( $self->last_status() == 107 ){
        if( not $self->secret() ){
            croak( "Connection failed: authentication required, but no
secret given\n" );
        }

        my $challenge = substr( $self->last_lines()->[0], 0, 32 );
        my $auth = sha256_hex( $challenge . "\n" . $self->secret() .
$challenge . "\n" );
        $self->send( "auth $auth" );
        if( $self->last_status != 200 ){
            croak( "Authentication failed!\n" );
        }
    }
--------------
....

--000000000000e6cdb805b422ea3b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div><a href=3D"https://metacpan.org/source/RCL/Varnish-CL=
I-0.03/lib%2FVarnish%2FCLI.pm">https://metacpan.org/source/RCL/Varnish-CLI-=
0.03/lib%2FVarnish%2FCLI.pm</a></div><div><br></div><div>I don&#39;t know i=
f I&#39;m doing something wrong.=C2=A0 I&#39;m trying to use this CLI again=
st an upgraded Varnish server and it seems the new version is built with a =
secret being required to connect remotely.</div><div><br></div><div>I think=
 the relevant sections are below.</div><div><br></div><div>For #1, I couldn=
&#39;t find any examples online, but my guess is I can just modify my like =
this:</div><div>=C2=A0=C2=A0=C2=A0 my $varnish =3D Varnish::CLI-&gt;new( se=
cret =3D&gt; &#39;ENTER_LONG_STRING_HERE&#39; ); <br></div><div><br></div><=
div>It asks for the contents of my secret (/etc/varnish/secret) file which =
is GUID-like and I entered that directly in the line above.=C2=A0 I tried w=
ith both single quotes and none.<br></div><div><br></div><div>If I have #1 =
right, I think I&#39;ve confirmed a &quot;107&quot; is being returned with =
a telnet session, but it doesn&#39;t appear that #2 is working right as thi=
s comes directly on the screen:<br></div><div>=C2=A0=C2=A0=C2=A0 &quot;Conn=
ection failed: authentication required, but no secret given\n&quot; <br></d=
iv><div><br></div><div>I don&#39;t understand this syntax:</div><div>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if( not $self-&gt;secret() ){ <br></div><div><b=
r></div><div>My guess is it evaluates if my secret variable is empty?</div>=
<div><br></div><div>My next steps might be:</div><div>-Setup a network snif=
fer</div><div>-Try to figure out if this 0.03 version doesn&#39;t deal with=
 the challenge properly with the latest Varnish<br></div><div><br></div><di=
v>#1<br></div><div>--------------<br></div><div>If you have started your Va=
rnish CLI with a secret, you must will have to pass the contents<br>of your=
 secret file, otherwise authentication will fail...=C2=A0 Makes sense!! :)<=
br>Remember - complete contents of the secret file (including a newline if =
it exists!)<br>=C2=A0<br>=C2=A0 =C2=A0 my $varnish =3D Varnish::CLI-&gt;new=
( secret =3D&gt; $secret );<br></div><div>
--------------=C2=A0</div><div><br></div><div>#2<br></div><div>
--------------

</div><div>=C2=A0 =C2=A0 # A 107 response on connection means the Varnish C=
LI expects authentication<br>=C2=A0 =C2=A0 if( $self-&gt;last_status() =3D=
=3D 107 ){<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 if( not $self-&gt;secret() ){<br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 croak( &quot;Connection failed: a=
uthentication required, but no secret given\n&quot; );<br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 }<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 my $challenge =3D substr( $self-&gt;last_lines()-&gt;[0], 0, 32 );<b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0 my $auth =3D sha256_hex( $challenge . &quot;\=
n&quot; . $self-&gt;secret() . $challenge . &quot;\n&quot; );<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 $self-&gt;send( &quot;auth $auth&quot; );<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 if( $self-&gt;last_status !=3D 200 ){<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 croak( &quot;Authentication failed!\n&quot; );<=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>=C2=A0 =C2=A0 }</div><div>
-------------- <br></div><div>...<br></div></div>

--000000000000e6cdb805b422ea3b--
0
marco
11/15/2020 10:42:14 AM
perl.beginners 29382 articles. 4 followers. Follow

3 Replies
8 Views

Similar Articles

[PageSpeed] 7

--0000000000005bd23105b4234611
Content-Type: text/plain; charset="UTF-8"

OK, so I found a spot where the module is loaded from and a new object is
created:

    my $varnish = Varnish::CLI->new( host    => $VarnishHost,
                                     port    => $self->{VarnishAdminPort}
// 6082,
                                     secret  => $self->{VarnishSecret} //
'',
                                   ) or return;

I don't understand this line above:
secret  => $self->{VarnishSecret} // '',

Am I looking for a hash now?  I tried various things.  "//" must be a
comment?  I entered my GUID in different places without luck:
secret  => $self->{'MY_GUID'} // '',
secret  => $self->{VarnishSecret} // 'MY_GUID',

On Sun, Nov 15, 2020 at 6:42 AM Marco Shaw <marco.shaw@gmail.com> wrote:

> https://metacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCLI.pm
>
> I don't know if I'm doing something wrong.  I'm trying to use this CLI
> against an upgraded Varnish server and it seems the new version is built
> with a secret being required to connect remotely.
>
> I think the relevant sections are below.
>
> For #1, I couldn't find any examples online, but my guess is I can just
> modify my like this:
>     my $varnish = Varnish::CLI->new( secret => 'ENTER_LONG_STRING_HERE' );
>
> It asks for the contents of my secret (/etc/varnish/secret) file which is
> GUID-like and I entered that directly in the line above.  I tried with both
> single quotes and none.
>
> If I have #1 right, I think I've confirmed a "107" is being returned with
> a telnet session, but it doesn't appear that #2 is working right as this
> comes directly on the screen:
>     "Connection failed: authentication required, but no secret given\n"
>
> I don't understand this syntax:
>         if( not $self->secret() ){
>
> My guess is it evaluates if my secret variable is empty?
>
> My next steps might be:
> -Setup a network sniffer
> -Try to figure out if this 0.03 version doesn't deal with the challenge
> properly with the latest Varnish
>
> #1
> --------------
> If you have started your Varnish CLI with a secret, you must will have to
> pass the contents
> of your secret file, otherwise authentication will fail...  Makes sense!!
> :)
> Remember - complete contents of the secret file (including a newline if it
> exists!)
>
>     my $varnish = Varnish::CLI->new( secret => $secret );
> --------------
>
> #2
> --------------
>     # A 107 response on connection means the Varnish CLI expects
> authentication
>     if( $self->last_status() == 107 ){
>         if( not $self->secret() ){
>             croak( "Connection failed: authentication required, but no
> secret given\n" );
>         }
>
>         my $challenge = substr( $self->last_lines()->[0], 0, 32 );
>         my $auth = sha256_hex( $challenge . "\n" . $self->secret() .
> $challenge . "\n" );
>         $self->send( "auth $auth" );
>         if( $self->last_status != 200 ){
>             croak( "Authentication failed!\n" );
>         }
>     }
> --------------
> ...
>

--0000000000005bd23105b4234611
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><div>OK, so I found a spot wher=
e the module is loaded from and a new object is created:<br></div><div dir=
=3D"ltr"><br>=C2=A0 =C2=A0 my $varnish =3D Varnish::CLI-&gt;new( host =C2=
=A0 =C2=A0=3D&gt; $VarnishHost,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0port =C2=A0 =C2=A0=3D&gt; $self-&gt;{VarnishAdminPort} =
// 6082,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0secret=
 =C2=A0=3D&gt; $self-&gt;{VarnishSecret} // &#39;&#39;,<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0) or return;</div><div dir=3D"ltr"><b=
r></div><div>I don&#39;t understand this line above:</div><div>
secret =C2=A0=3D&gt; $self-&gt;{VarnishSecret} // &#39;&#39;, <br></div><di=
v><br></div><div>Am I looking for a hash now?=C2=A0 I tried various things.=
=C2=A0 &quot;//&quot; must be a comment?=C2=A0 I entered my GUID in differe=
nt places without luck:</div><div>
secret =C2=A0=3D&gt; $self-&gt;{&#39;MY_GUID&#39;} // &#39;&#39;, <br></div=
><div>
secret =C2=A0=3D&gt; $self-&gt;{VarnishSecret} // &#39;MY_GUID&#39;,

</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">=
On Sun, Nov 15, 2020 at 6:42 AM Marco Shaw &lt;<a href=3D"mailto:marco.shaw=
@gmail.com">marco.shaw@gmail.com</a>&gt; wrote:<br></div><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><a href=3D"https://m=
etacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCLI.pm" target=3D"_=
blank">https://metacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCLI=
..pm</a></div><div><br></div><div>I don&#39;t know if I&#39;m doing somethin=
g wrong.=C2=A0 I&#39;m trying to use this CLI against an upgraded Varnish s=
erver and it seems the new version is built with a secret being required to=
 connect remotely.</div><div><br></div><div>I think the relevant sections a=
re below.</div><div><br></div><div>For #1, I couldn&#39;t find any examples=
 online, but my guess is I can just modify my like this:</div><div>=C2=A0=
=C2=A0=C2=A0 my $varnish =3D Varnish::CLI-&gt;new( secret =3D&gt; &#39;ENTE=
R_LONG_STRING_HERE&#39; ); <br></div><div><br></div><div>It asks for the co=
ntents of my secret (/etc/varnish/secret) file which is GUID-like and I ent=
ered that directly in the line above.=C2=A0 I tried with both single quotes=
 and none.<br></div><div><br></div><div>If I have #1 right, I think I&#39;v=
e confirmed a &quot;107&quot; is being returned with a telnet session, but =
it doesn&#39;t appear that #2 is working right as this comes directly on th=
e screen:<br></div><div>=C2=A0=C2=A0=C2=A0 &quot;Connection failed: authent=
ication required, but no secret given\n&quot; <br></div><div><br></div><div=
>I don&#39;t understand this syntax:</div><div>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if( not $self-&gt;secret() ){ <br></div><div><b=
r></div><div>My guess is it evaluates if my secret variable is empty?</div>=
<div><br></div><div>My next steps might be:</div><div>-Setup a network snif=
fer</div><div>-Try to figure out if this 0.03 version doesn&#39;t deal with=
 the challenge properly with the latest Varnish<br></div><div><br></div><di=
v>#1<br></div><div>--------------<br></div><div>If you have started your Va=
rnish CLI with a secret, you must will have to pass the contents<br>of your=
 secret file, otherwise authentication will fail...=C2=A0 Makes sense!! :)<=
br>Remember - complete contents of the secret file (including a newline if =
it exists!)<br>=C2=A0<br>=C2=A0 =C2=A0 my $varnish =3D Varnish::CLI-&gt;new=
( secret =3D&gt; $secret );<br></div><div>
--------------=C2=A0</div><div><br></div><div>#2<br></div><div>
--------------

</div><div>=C2=A0 =C2=A0 # A 107 response on connection means the Varnish C=
LI expects authentication<br>=C2=A0 =C2=A0 if( $self-&gt;last_status() =3D=
=3D 107 ){<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 if( not $self-&gt;secret() ){<br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 croak( &quot;Connection failed: a=
uthentication required, but no secret given\n&quot; );<br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 }<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 my $challenge =3D substr( $self-&gt;last_lines()-&gt;[0], 0, 32 );<b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0 my $auth =3D sha256_hex( $challenge . &quot;\=
n&quot; . $self-&gt;secret() . $challenge . &quot;\n&quot; );<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 $self-&gt;send( &quot;auth $auth&quot; );<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 if( $self-&gt;last_status !=3D 200 ){<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 croak( &quot;Authentication failed!\n&quot; );<=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>=C2=A0 =C2=A0 }</div><div>
-------------- <br></div><div>...<br></div></div>
</blockquote></div></div>

--0000000000005bd23105b4234611--
0
marco
11/15/2020 11:07:47 AM
--000000000000f1722305b423593c
Content-Type: text/plain; charset="UTF-8"

'//' is the defined-or operator. See

https://stackoverflow.com/a/12911432/870552



On Sun, Nov 15, 2020 at 11:08 AM Marco Shaw <marco.shaw@gmail.com> wrote:

>
> OK, so I found a spot where the module is loaded from and a new object is
> created:
>
>     my $varnish = Varnish::CLI->new( host    => $VarnishHost,
>                                      port    => $self->{VarnishAdminPort}
> // 6082,
>                                      secret  => $self->{VarnishSecret} //
> '',
>                                    ) or return;
>
> I don't understand this line above:
> secret  => $self->{VarnishSecret} // '',
>
> Am I looking for a hash now?  I tried various things.  "//" must be a
> comment?  I entered my GUID in different places without luck:
> secret  => $self->{'MY_GUID'} // '',
> secret  => $self->{VarnishSecret} // 'MY_GUID',
>
> On Sun, Nov 15, 2020 at 6:42 AM Marco Shaw <marco.shaw@gmail.com> wrote:
>
>> https://metacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCLI.pm
>>
>> I don't know if I'm doing something wrong.  I'm trying to use this CLI
>> against an upgraded Varnish server and it seems the new version is built
>> with a secret being required to connect remotely.
>>
>> I think the relevant sections are below.
>>
>> For #1, I couldn't find any examples online, but my guess is I can just
>> modify my like this:
>>     my $varnish = Varnish::CLI->new( secret => 'ENTER_LONG_STRING_HERE'
>> );
>>
>> It asks for the contents of my secret (/etc/varnish/secret) file which is
>> GUID-like and I entered that directly in the line above.  I tried with both
>> single quotes and none.
>>
>> If I have #1 right, I think I've confirmed a "107" is being returned with
>> a telnet session, but it doesn't appear that #2 is working right as this
>> comes directly on the screen:
>>     "Connection failed: authentication required, but no secret given\n"
>>
>> I don't understand this syntax:
>>         if( not $self->secret() ){
>>
>> My guess is it evaluates if my secret variable is empty?
>>
>> My next steps might be:
>> -Setup a network sniffer
>> -Try to figure out if this 0.03 version doesn't deal with the challenge
>> properly with the latest Varnish
>>
>> #1
>> --------------
>> If you have started your Varnish CLI with a secret, you must will have to
>> pass the contents
>> of your secret file, otherwise authentication will fail...  Makes sense!!
>> :)
>> Remember - complete contents of the secret file (including a newline if
>> it exists!)
>>
>>     my $varnish = Varnish::CLI->new( secret => $secret );
>> --------------
>>
>> #2
>> --------------
>>     # A 107 response on connection means the Varnish CLI expects
>> authentication
>>     if( $self->last_status() == 107 ){
>>         if( not $self->secret() ){
>>             croak( "Connection failed: authentication required, but no
>> secret given\n" );
>>         }
>>
>>         my $challenge = substr( $self->last_lines()->[0], 0, 32 );
>>         my $auth = sha256_hex( $challenge . "\n" . $self->secret() .
>> $challenge . "\n" );
>>         $self->send( "auth $auth" );
>>         if( $self->last_status != 200 ){
>>             croak( "Authentication failed!\n" );
>>         }
>>     }
>> --------------
>> ...
>>
>

-- 
Andrew Solomon
Director, Geekuni <https://geekuni.com/>
P: +44 7931 946 062
E: andrew@geekuni.com

--000000000000f1722305b423593c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>&#39;//&#39; is the defined-or operator. See=C2=A0</d=
iv><div><br></div><div><a href=3D"https://stackoverflow.com/a/12911432/8705=
52">https://stackoverflow.com/a/12911432/870552</a><br></div><div><br></div=
><div><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=
=3D"gmail_attr">On Sun, Nov 15, 2020 at 11:08 AM Marco Shaw &lt;<a href=3D"=
mailto:marco.shaw@gmail.com">marco.shaw@gmail.com</a>&gt; wrote:<br></div><=
blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=
=3D"ltr"><br></div><div>OK, so I found a spot where the module is loaded fr=
om and a new object is created:<br></div><div dir=3D"ltr"><br>=C2=A0 =C2=A0=
 my $varnish =3D Varnish::CLI-&gt;new( host =C2=A0 =C2=A0=3D&gt; $VarnishHo=
st,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0port =C2=
=A0 =C2=A0=3D&gt; $self-&gt;{VarnishAdminPort} // 6082,<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0secret =C2=A0=3D&gt; $self-&gt=
;{VarnishSecret} // &#39;&#39;,<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0) or return;</div><div dir=3D"ltr"><br></div><div>I don&#39;t =
understand this line above:</div><div>
secret =C2=A0=3D&gt; $self-&gt;{VarnishSecret} // &#39;&#39;, <br></div><di=
v><br></div><div>Am I looking for a hash now?=C2=A0 I tried various things.=
=C2=A0 &quot;//&quot; must be a comment?=C2=A0 I entered my GUID in differe=
nt places without luck:</div><div>
secret =C2=A0=3D&gt; $self-&gt;{&#39;MY_GUID&#39;} // &#39;&#39;, <br></div=
><div>
secret =C2=A0=3D&gt; $self-&gt;{VarnishSecret} // &#39;MY_GUID&#39;,

</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">=
On Sun, Nov 15, 2020 at 6:42 AM Marco Shaw &lt;<a href=3D"mailto:marco.shaw=
@gmail.com" target=3D"_blank">marco.shaw@gmail.com</a>&gt; wrote:<br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div><a =
href=3D"https://metacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCL=
I.pm" target=3D"_blank">https://metacpan.org/source/RCL/Varnish-CLI-0.03/li=
b%2FVarnish%2FCLI.pm</a></div><div><br></div><div>I don&#39;t know if I&#39=
;m doing something wrong.=C2=A0 I&#39;m trying to use this CLI against an u=
pgraded Varnish server and it seems the new version is built with a secret =
being required to connect remotely.</div><div><br></div><div>I think the re=
levant sections are below.</div><div><br></div><div>For #1, I couldn&#39;t =
find any examples online, but my guess is I can just modify my like this:</=
div><div>=C2=A0=C2=A0=C2=A0 my $varnish =3D Varnish::CLI-&gt;new( secret =
=3D&gt; &#39;ENTER_LONG_STRING_HERE&#39; ); <br></div><div><br></div><div>I=
t asks for the contents of my secret (/etc/varnish/secret) file which is GU=
ID-like and I entered that directly in the line above.=C2=A0 I tried with b=
oth single quotes and none.<br></div><div><br></div><div>If I have #1 right=
, I think I&#39;ve confirmed a &quot;107&quot; is being returned with a tel=
net session, but it doesn&#39;t appear that #2 is working right as this com=
es directly on the screen:<br></div><div>=C2=A0=C2=A0=C2=A0 &quot;Connectio=
n failed: authentication required, but no secret given\n&quot; <br></div><d=
iv><br></div><div>I don&#39;t understand this syntax:</div><div>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 if( not $self-&gt;secret() ){ <br></div><div><b=
r></div><div>My guess is it evaluates if my secret variable is empty?</div>=
<div><br></div><div>My next steps might be:</div><div>-Setup a network snif=
fer</div><div>-Try to figure out if this 0.03 version doesn&#39;t deal with=
 the challenge properly with the latest Varnish<br></div><div><br></div><di=
v>#1<br></div><div>--------------<br></div><div>If you have started your Va=
rnish CLI with a secret, you must will have to pass the contents<br>of your=
 secret file, otherwise authentication will fail...=C2=A0 Makes sense!! :)<=
br>Remember - complete contents of the secret file (including a newline if =
it exists!)<br>=C2=A0<br>=C2=A0 =C2=A0 my $varnish =3D Varnish::CLI-&gt;new=
( secret =3D&gt; $secret );<br></div><div>
--------------=C2=A0</div><div><br></div><div>#2<br></div><div>
--------------

</div><div>=C2=A0 =C2=A0 # A 107 response on connection means the Varnish C=
LI expects authentication<br>=C2=A0 =C2=A0 if( $self-&gt;last_status() =3D=
=3D 107 ){<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 if( not $self-&gt;secret() ){<br>=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 croak( &quot;Connection failed: a=
uthentication required, but no secret given\n&quot; );<br>=C2=A0 =C2=A0 =C2=
=A0 =C2=A0 }<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<br>=C2=A0 =C2=A0 =C2=A0 =
=C2=A0 my $challenge =3D substr( $self-&gt;last_lines()-&gt;[0], 0, 32 );<b=
r>=C2=A0 =C2=A0 =C2=A0 =C2=A0 my $auth =3D sha256_hex( $challenge . &quot;\=
n&quot; . $self-&gt;secret() . $challenge . &quot;\n&quot; );<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 $self-&gt;send( &quot;auth $auth&quot; );<br>=C2=A0 =C2=
=A0 =C2=A0 =C2=A0 if( $self-&gt;last_status !=3D 200 ){<br>=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 croak( &quot;Authentication failed!\n&quot; );<=
br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 }<br>=C2=A0 =C2=A0 }</div><div>
-------------- <br></div><div>...<br></div></div>
</blockquote></div></div>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
 class=3D"gmail_signature"><div dir=3D"ltr"><div><div dir=3D"ltr"><font fac=
e=3D"arial, sans-serif">Andrew Solomon<br>Director, <a href=3D"https://geek=
uni.com/" target=3D"_blank">Geekuni</a><br>P: +44 7931 946 062<br>E: <a hre=
f=3D"mailto:andrew@geekuni.com" target=3D"_blank">andrew@geekuni.com</a></f=
ont></div></div></div></div>

--000000000000f1722305b423593c--
0
andrew
11/15/2020 11:13:18 AM
> On Nov 15, 2020, at 2:42 AM, Marco Shaw <marco.shaw@gmail.com> wrote:
>=20
> =
https://metacpan.org/source/RCL/Varnish-CLI-0.03/lib%2FVarnish%2FCLI.pm
>=20
> I don't know if I'm doing something wrong.  I'm trying to use this CLI =
against an upgraded Varnish server and it seems the new version is built =
with a secret being required to connect remotely.
>=20
> I think the relevant sections are below.
>=20
> For #1, I couldn't find any examples online, but my guess is I can =
just modify my like this:
>     my $varnish =3D Varnish::CLI->new( secret =3D> =
'ENTER_LONG_STRING_HERE' );=20
>=20
> It asks for the contents of my secret (/etc/varnish/secret) file which =
is GUID-like and I entered that directly in the line above.  I tried =
with both single quotes and none.

Try reading the contents of the /etc/varnish/secret file into a variable =
and pass that to the new() method:

        my $secret;
        {
            local $/;
            open my $fh, '<', =E2=80=98/etc/varnish/secret or die "can't =
open secret file: $!";
            $secret =3D <$fh>;
        }

>=20
> If I have #1 right, I think I've confirmed a "107" is being returned =
with a telnet session, but it doesn't appear that #2 is working right as =
this comes directly on the screen:
>     "Connection failed: authentication required, but no secret =
given\n"=20
>=20
> I don't understand this syntax:
>         if( not $self->secret() ){=20

$self appears to be an object, normally a pointer to a hash.
$self->secret() executes a call to the object method secret() and =
returns a value, which is probably the secret key.
( not $self->secret() ) is a logical expression negating the value =
returned by the secret() method.

Therefore, as you have correctly surmised, the expression will evaluate =
to true if $self has no secret value.=20

>=20
> My guess is it evaluates if my secret variable is empty?
>=20
0
jimsgibson
11/15/2020 2:22:24 PM
Reply: