Correctly set permissions on LDAP configuration file to only allow owner / group, since this file contains a multi-master replication password in plain text

(cherry picked from commit 81b65a2d55)
5 years ago · fac096dec8
parent 8e9965e8ed
commit fac096dec8
1 changed files with 5 additions and 0 deletions
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@ -2860,6 +2860,11 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac

 	delete systemconfig;

+	if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
+		if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
+		return -1;
+	}
+
 	return 0;
 }