diff options
| author | Timothy Pearson <[email protected]> | 2019-02-21 00:03:05 -0600 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2019-02-21 00:03:05 -0600 |
| commit | 81b65a2d55757651f28fe31e7d41e3bb11f3ad76 (patch) | |
| tree | 16a44bb0db9d8b21713f2d2f866e0ff6625ca0fe | |
| parent | a7e5e023a27424cb1eb3eae9256f0fa88b0e0797 (diff) | |
| download | libtdeldap-81b65a2d55757651f28fe31e7d41e3bb11f3ad76.tar.gz libtdeldap-81b65a2d55757651f28fe31e7d41e3bb11f3ad76.zip | |
Correctly set permissions on LDAP configuration file to only allow owner / group, since this file contains a multi-master replication password in plain text
| -rw-r--r-- | src/libtdeldap.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 26ef2e1..0f293e9 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -3375,6 +3375,11 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac delete systemconfig; + if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) { + if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc"); + return -1; + } + return 0; } |