From 4b04d68bb8264a583ad4fce86de83c12edf7045f Mon Sep 17 00:00:00 2001
From: Jim Garlick <garlick.jim@gmail.com>
Date: Mon, 20 Jan 2025 18:56:23 -0800
Subject: [PATCH] diod: require --no-auth if not build with munge

Problem: If diod is configured to require authentication, but
was built without munge support, it still runs.

Make that a fatal error.
Log a message if users will be allowed to connect without authentication.
---
 src/cmd/diod.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/cmd/diod.c b/src/cmd/diod.c
index f536f17e..7e034510 100644
--- a/src/cmd/diod.c
+++ b/src/cmd/diod.c
@@ -231,6 +231,12 @@ main(int argc, char **argv)
         msg_exit ("--runas-uid and allsquash cannot be used together");
     if (mode == SRV_FILEDES && (rfdno == -1 || wfdno == -1))
         msg_exit ("--rfdno,wfdno must be used together");
+#ifndef HAVE_LIBMUNGE
+    if (diod_conf_get_auth_required ()) {
+        msg_exit ("diod was built without authentication support."
+                  " Run with --no-auth.");
+    }
+#endif
 
     diod_conf_validate_exports ();
 
@@ -605,6 +611,8 @@ _service_run (srvmode_t mode, int rfdno, int wfdno)
                   " Run as a normal user or add --runasuser or --allsquash options.");
 #endif
     }
+    msg ("%s authentication is required",
+         diod_conf_get_auth_required () ? "MUNGE" : "No");
 
     /* clear umask */
     umask (0);