From 4d0537d4c31a71797188d2861685b0682ed9e760 Mon Sep 17 00:00:00 2001
From: "Johan T. Halseth" <johanth@gmail.com>
Date: Wed, 30 Sep 2020 12:07:10 +0200
Subject: [PATCH] config: enforce safe use of TLS

---
 config.go        |  7 ++++---
 lncfg/address.go | 23 ++++++++++++++++-------
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/config.go b/config.go
index 5bfdc55c8..409a4fb98 100644
--- a/config.go
+++ b/config.go
@@ -1176,9 +1176,10 @@ func ValidateConfig(cfg Config, usageMessage string) (*Config, error) {
 
 	// For each of the RPC listeners (REST+gRPC), we'll ensure that users
 	// have specified a safe combo for authentication. If not, we'll bail
-	// out with an error.
+	// out with an error. Since we don't allow disabling TLS for gRPC
+	// connections we pass in tlsActive=true.
 	err = lncfg.EnforceSafeAuthentication(
-		cfg.RPCListeners, !cfg.NoMacaroons,
+		cfg.RPCListeners, !cfg.NoMacaroons, true,
 	)
 	if err != nil {
 		return nil, err
@@ -1189,7 +1190,7 @@ func ValidateConfig(cfg Config, usageMessage string) (*Config, error) {
 		cfg.RESTListeners = nil
 	} else {
 		err = lncfg.EnforceSafeAuthentication(
-			cfg.RESTListeners, !cfg.NoMacaroons,
+			cfg.RESTListeners, !cfg.NoMacaroons, !cfg.DisableRestTLS,
 		)
 		if err != nil {
 			return nil, err
diff --git a/lncfg/address.go b/lncfg/address.go
index 2c1770e4f..84a90ce98 100644
--- a/lncfg/address.go
+++ b/lncfg/address.go
@@ -48,11 +48,13 @@ func NormalizeAddresses(addrs []string, defaultPort string,
 }
 
 // EnforceSafeAuthentication enforces "safe" authentication taking into account
-// the interfaces that the RPC servers are listening on, and if macaroons are
-// activated or not. To protect users from using dangerous config combinations,
-// we'll prevent disabling authentication if the server is listening on a public
-// interface.
-func EnforceSafeAuthentication(addrs []net.Addr, macaroonsActive bool) error {
+// the interfaces that the RPC servers are listening on, and if macaroons and
+// TLS is activated or not. To protect users from using dangerous config
+// combinations, we'll prevent disabling authentication if the server is
+// listening on a public interface.
+func EnforceSafeAuthentication(addrs []net.Addr, macaroonsActive,
+	tlsActive bool) error {
+
 	// We'll now examine all addresses that this RPC server is listening
 	// on. If it's a localhost address or a private address, we'll skip it,
 	// otherwise, we'll return an error if macaroons are inactive.
@@ -62,10 +64,17 @@ func EnforceSafeAuthentication(addrs []net.Addr, macaroonsActive bool) error {
 		}
 
 		if !macaroonsActive {
-			return fmt.Errorf("Detected RPC server listening on "+
+			return fmt.Errorf("detected RPC server listening on "+
 				"publicly reachable interface %v with "+
 				"authentication disabled! Refusing to start "+
-				"with --no-macaroons specified.", addr)
+				"with --no-macaroons specified", addr)
+		}
+
+		if !tlsActive {
+			return fmt.Errorf("detected RPC server listening on "+
+				"publicly reachable interface %v with "+
+				"encryption disabled! Refusing to start "+
+				"with --notls specified", addr)
 		}
 	}