From 81b65a2d55757651f28fe31e7d41e3bb11f3ad76 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Thu, 21 Feb 2019 00:03:05 -0600
Subject: [PATCH] Correctly set permissions on LDAP configuration file to only
 allow owner / group, since this file contains a multi-master replication
 password in plain text

---
 src/libtdeldap.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 26ef2e1..0f293e9 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -3375,6 +3375,11 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
 
 	delete systemconfig;
 
+	if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
+		if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
+		return -1;
+	}
+
 	return 0;
 }