From fac096dec8bc6602b0af21b68be77506a5d7e04c Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Thu, 21 Feb 2019 00:03:05 -0600
Subject: [PATCH] Correctly set permissions on LDAP configuration file to only
 allow owner / group, since this file contains a multi-master replication
 password in plain text

(cherry picked from commit 81b65a2d55757651f28fe31e7d41e3bb11f3ad76)
---
 src/libtdeldap.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index c756baf..70b9c15 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -2860,6 +2860,11 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
 
 	delete systemconfig;
 
+	if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
+		if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
+		return -1;
+	}
+
 	return 0;
 }