diod: require --no-auth if not build with munge

Problem: If diod is configured to require authentication, but was built without munge support, it still runs. Make that a fatal error. Log a message if users will be allowed to connect without authentication.
chaos · Jan 21, 2025 · 4b04d68 · 4b04d68
1 parent 45ae4ac
commit 4b04d68
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/cmd/diod.c b/src/cmd/diod.c
@@ -231,6 +231,12 @@ main(int argc, char **argv)
         msg_exit ("--runas-uid and allsquash cannot be used together");
     if (mode == SRV_FILEDES && (rfdno == -1 || wfdno == -1))
         msg_exit ("--rfdno,wfdno must be used together");
+#ifndef HAVE_LIBMUNGE
+    if (diod_conf_get_auth_required ()) {
+        msg_exit ("diod was built without authentication support."
+                  " Run with --no-auth.");
+    }
+#endif
 
     diod_conf_validate_exports ();
 
@@ -605,6 +611,8 @@ _service_run (srvmode_t mode, int rfdno, int wfdno)
                   " Run as a normal user or add --runasuser or --allsquash options.");
 #endif
     }
+    msg ("%s authentication is required",
+         diod_conf_get_auth_required () ? "MUNGE" : "No");
 
     /* clear umask */
     umask (0);