From 6470dfef5f9bb8aae5665ec19a137b84adaad4fb Mon Sep 17 00:00:00 2001 From: Andri Yngvason Date: Sun, 5 Nov 2023 21:12:36 +0000 Subject: [PATCH] Relax auth parameter sanitation Since more authentication modes have been added, it's no longer a requirement to have key files set. --- src/main.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/main.c b/src/main.c index fecb6571..29c00257 100644 --- a/src/main.c +++ b/src/main.c @@ -1017,18 +1017,14 @@ int check_cfg_sanity(struct cfg* cfg) if (!nvnc_has_auth()) { nvnc_log(NVNC_LOG_ERROR, "Authentication can't be enabled because it was not selected during build"); - return -1; - } - - if (!cfg->certificate_file && !cfg->rsa_private_key_file) { - nvnc_log(NVNC_LOG_ERROR, "Authentication enabled, but missing certificate_file"); rc = -1; } - if (!cfg->private_key_file && !cfg->rsa_private_key_file) { - nvnc_log(NVNC_LOG_ERROR, "Authentication enabled, but missing private_key_file"); + if (!!cfg->certificate_file != !!cfg->private_key_file) { + nvnc_log(NVNC_LOG_ERROR, "Need both certificate_file and private_key_file for TLS"); rc = -1; } + if (!cfg->username && !cfg->enable_pam) { nvnc_log(NVNC_LOG_ERROR, "Authentication enabled, but missing username"); rc = -1; @@ -1038,6 +1034,11 @@ int check_cfg_sanity(struct cfg* cfg) nvnc_log(NVNC_LOG_ERROR, "Authentication enabled, but missing password"); rc = -1; } + + if (cfg->relax_encryption) { + nvnc_log(NVNC_LOG_WARNING, "Authentication enabled with relaxed encryption; not all sessions are guaranteed to be encrypted"); + } + return rc; }