|
|
@ -2860,9 +2860,19 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
|
|
|
|
|
|
|
|
|
|
|
|
delete systemconfig;
|
|
|
|
delete systemconfig;
|
|
|
|
|
|
|
|
|
|
|
|
if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
|
|
|
|
if ((machineRole == ROLE_PRIMARY_REALM_CONTROLLER) || (machineRole == ROLE_SECONDARY_REALM_CONTROLLER)) {
|
|
|
|
if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
|
|
|
|
// The file may contain multi-master replication secrets, therefore only root should be able to read it
|
|
|
|
return -1;
|
|
|
|
if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
|
|
|
|
|
|
|
|
if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
// Normal users should be allowed to read realm configuration data in order to launch realm administration utilities
|
|
|
|
|
|
|
|
if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
|
|
|
|
|
|
|
|
if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
return 0;
|
|
|
|