diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2019-02-21 00:03:05 -0600 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2019-02-21 09:04:36 +0100 |
commit | fac096dec8bc6602b0af21b68be77506a5d7e04c (patch) | |
tree | 7cb4a79e73170aa3dd0bc1e9f91af56fda10cbe7 | |
parent | 8e9965e8edb0d9f04372eaf7644b17d55897d09e (diff) | |
download | libtdeldap-fac096dec8bc6602b0af21b68be77506a5d7e04c.tar.gz libtdeldap-fac096dec8bc6602b0af21b68be77506a5d7e04c.zip |
Correctly set permissions on LDAP configuration file to only allow owner / group, since this file contains a multi-master replication password in plain text
(cherry picked from commit 81b65a2d55757651f28fe31e7d41e3bb11f3ad76)
-rw-r--r-- | src/libtdeldap.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index c756baf..70b9c15 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -2860,6 +2860,11 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac delete systemconfig; + if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) { + if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc"); + return -1; + } + return 0; } |