Hi,

I installed the module today and I notice there is no actual support for the secret key (or Varnish Control Key as named in the settings of this module).
The variable is being requested, but never used and it took me some time to figure out that was the reason it was not working for me as I have varnish set to use the secret key.

I checked the code and made the implementation to support the secret key.
Here I post the patch, it works for me, please review and confirm that this works and if is ok then our friends from the Varnish Module can include this in the module.

Best regards,
Nestor

CommentFileSizeAuthor
#8 808314.patch488 bytesburningdog
#2 varnish.module.with_auth.patch1.21 KBnestor.mata

Comments

EvanDonovan’s picture

EvanDonovan commented
Status: Needs review » Active

Patch is not attached.

nestor.mata’s picture

nestor.mata commented
StatusFileSize
new varnish.module.with_auth.patch1.21 KB

Sorry, the patch was missing

nestor.mata’s picture

nestor.mata commented
Status: Active » Needs review

Setting the thread to needs review

interx’s picture

interx commented

On ubuntu the standard varnish startup script includes a secretfile.
I've tested the patch and it works fine when using a secret, thanks.

Personally I'd omit the watchdog call on success, but call it only on failure like it's done a bit lower.

if ($status['code'] != 200) {
  watchdog('varnish', t('Authentication to server failed!'));
  return FALSE;
}

The patch needs to be cleaned up (indenting, if (), string concatenation etc) to fit the coding standards ;)

joshk’s picture

joshk commented
Status: Needs review » Fixed

Cleaned up and integrated. Thanks for taking the lead on this!

loekvangool’s picture

loekvangool commented
Status: Fixed » Needs work

This was not fixed or was broken again. There is no declaration of $secret hence no secret is used.

20-Jul release needs the $secret declaration back.

cweagans’s picture

cweagans
He/Him
Primary language English
Location Boise, ID, USA
commented
Status: Needs work » Needs review

The code should read like this in varnish.module at line 208:

    // Do we need to authenticate?
    if ($status['code'] == 107) { // Require authentication
      $secret = variable_get('varnish_control_key', '');
      $challenge = substr($status['msg'], 0, 32);
      $pack = $challenge ."\x0A". $secret ."\x0A". $challenge ."\x0A";
      $key = hash('sha256', $pack);

      socket_write($client, "auth $key\n");
      $status = _varnish_read_socket($client);
      if ($status['code'] != 200) {
        watchdog('varnish', 'Authentication to server failed!', array(), WATCHDOG_ERROR);
      }
    }
burningdog’s picture

burningdog commented
StatusFileSize
new 808314.patch488 bytes

+1 for #7. Patch attached, if the one-line addition above isn't obvious enough.

burningdog’s picture

burningdog commented

I couldn't get authentication with varnish working. Or rather, applying the above patch and putting my secret key into the drupal varnish config page worked...but then broke after a few days. Could just be my setup, though - I ended up restarting varnish without the secret key required (and making sure my firewall settings only allow access from the correct ip). The module authentication algorithm looks like it follows the varnish documentation at
http://www.varnish-cache.org/trac/wiki/CLI#Authentication:Thegorydetails

...so is this just me? Can someone else get varnish authentication working?

aaron.r.carlton’s picture

aaron.r.carlton commented

+1 for patch #7/#8 Thanks!

catch’s picture

catch
he/him
Primary language English
commented
Title: No support for secret key in varnish. Here is patch » Secret key variable is never used
Category: feature » bug
Status: Needs review » Reviewed & tested by the community

Ran into this, patch is fine, RTBC.

steven jones’s picture

steven jones commented

Patch is good.

rwohleb’s picture

rwohleb
he/him
Primary language English
commented

Yep, patch in #8 works for me.

Willem van den Ende’s picture

Willem van den Ende commented

+1 for this patch

joostvdl’s picture

joostvdl commented

Patch tested. Works OK!

resveld’s picture

resveld commented

patch works fine!

Edward Clement Lee’s picture

Edward Clement Lee commented

+1 for patch (#8)

fabsor’s picture

fabsor commented
Status: Reviewed & tested by the community » Fixed

Commited! Thanks for your work, and for your patience =)

steven jones’s picture

steven jones commented

Lovely.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.