[4.1] 564250a Use "none" to disable authentication

PÃ¥l Hermunn Johansen hermunn at varnish-software.com
Wed Sep 7 11:52:12 CEST 2016 

commit 564250aec47047375c4bbbe4ab983f5723e04ebe
Author: Pål Hermunn Johansen <hermunn at varnish-software.com>
Date:   Wed Sep 7 11:50:17 2016 +0200

    Use "none" to disable authentication
    
    This is an adaptation of b2c18706f2d4b100 by Federico G. Schwindt.
    
    Previously you needed an empty argument (''), which didn't play very
    well along sysv init scripts and was not documented. Now both "none"
    and the empty argument work, but an extra warning is echoed if the
    empty argument is used.
    
    The documentation only mentions "none" for disabling the secret, since
    this is the only way of doing it in the next version.
    
    Fixes #2007.

diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index 7440302..ae4ce15 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -717,6 +717,11 @@ main(int argc, char * const *argv)
 	if (S_arg != NULL && *S_arg == '\0') {
 		fprintf(stderr,
 		    "Warning: Empty -S argument, no CLI authentication.\n");
+		fprintf(stderr, "Warning: For forward compatibility,"
+		    " please switch to using -S none\n");
+	} else if (S_arg != NULL && !strcmp(S_arg, "none")) {
+		fprintf(stderr,
+		    "Warning: CLI authentication disabled.\n");
 	} else if (S_arg != NULL) {
 		VJ_master(JAIL_MASTER_FILE);
 		o = open(S_arg, O_RDONLY, 0);
@@ -817,7 +822,7 @@ main(int argc, char * const *argv)
 	if (d_flag)
 		mgt_cli_setup(0, 1, 1, "debug", cli_stdin_close, NULL);
 
-	if (*S_arg != '\0')
+	if (strcmp(S_arg, "none"))
 		mgt_cli_secret(S_arg);
 
 	if (M_arg != NULL)
diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst
index 351ba15..78a285b 100644
--- a/doc/sphinx/reference/varnishd.rst
+++ b/doc/sphinx/reference/varnishd.rst
@@ -123,11 +123,11 @@ OPTIONS
   *vmod_dir* read only as these can potentially be used to escalate
   privileges from the CLI.
 
--S file
+-S secret-file
 
   Path to a file containing a secret used for authorizing access to
   the management port. If not provided a new secret will be drawn
-  from the system PRNG.
+  from the system PRNG.  To disable authentication use ``none``.
 
 -s <[name=]type[,options]>

More information about the varnish-commit mailing list