From 247d187576637efd490b5337a246d01083c4438c Mon Sep 17 00:00:00 2001
From: Jonathon Reinhart <Jonathon.Reinhart@gmail.com>
Date: Wed, 31 Mar 2021 22:38:16 -0400
Subject: [PATCH] Don't allow a configuration requiring auth with a non-TLS
 listener

This fixes #26
---
 config.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/config.go b/config.go
index 8e4894d..155069a 100644
--- a/config.go
+++ b/config.go
@@ -157,6 +157,14 @@ func splitProto(s string) protoAddr {
 func setupListeners() {
 	for _, listenAddr := range strings.Split(*listenStr, " ") {
 		pa := splitProto(listenAddr)
+
+		if localAuthRequired() && pa.protocol == "" {
+			log.WithField("address", pa.address).
+				Fatal("Local authentication (via allowed_users file) " +
+				      "not allowed with non-TLS listener")
+		}
+
+
 		listenAddrs = append(listenAddrs, pa)
 	}
 }