diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2019-02-21 00:03:05 -0600 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2019-02-21 00:03:05 -0600 |
commit | 81b65a2d55757651f28fe31e7d41e3bb11f3ad76 (patch) | |
tree | 16a44bb0db9d8b21713f2d2f866e0ff6625ca0fe /src | |
parent | a7e5e023a27424cb1eb3eae9256f0fa88b0e0797 (diff) | |
download | libtdeldap-81b65a2d55757651f28fe31e7d41e3bb11f3ad76.tar.gz libtdeldap-81b65a2d55757651f28fe31e7d41e3bb11f3ad76.zip |
Correctly set permissions on LDAP configuration file to only allow owner / group, since this file contains a multi-master replication password in plain text
Diffstat (limited to 'src')
-rw-r--r-- | src/libtdeldap.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 26ef2e1..0f293e9 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -3375,6 +3375,11 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac delete systemconfig; + if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) { + if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc"); + return -1; + } + return 0; } |