Correctly set permissions on LDAP configuration file to only allow owner / group, since this file contains a multi-master replication password in plain text

(cherry picked from commit 81b65a2d55757651f28fe31e7d41e3bb11f3ad76)
author: Timothy Pearson <[email protected]> 2019-02-21 00:03:05 -0600
committer: Slávek Banko <[email protected]> 2019-02-21 09:04:36 +0100
commit: fac096dec8bc6602b0af21b68be77506a5d7e04c (patch)
tree: 7cb4a79e73170aa3dd0bc1e9f91af56fda10cbe7
parent: 8e9965e8edb0d9f04372eaf7644b17d55897d09e (diff)
download: libtdeldap-fac096dec8bc6602b0af21b68be77506a5d7e04c.tar.gz
libtdeldap-fac096dec8bc6602b0af21b68be77506a5d7e04c.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index c756baf..70b9c15 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -2860,6 +2860,11 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
 
 	delete systemconfig;
 
+	if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
+		if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
+		return -1;
+	}
+
 	return 0;
 }
author	Timothy Pearson <[email protected]>	2019-02-21 00:03:05 -0600
committer	Slávek Banko <[email protected]>	2019-02-21 09:04:36 +0100
commit	fac096dec8bc6602b0af21b68be77506a5d7e04c (patch)
tree	7cb4a79e73170aa3dd0bc1e9f91af56fda10cbe7
parent	8e9965e8edb0d9f04372eaf7644b17d55897d09e (diff)
download	libtdeldap-fac096dec8bc6602b0af21b68be77506a5d7e04c.tar.gz libtdeldap-fac096dec8bc6602b0af21b68be77506a5d7e04c.zip