summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRatan Gupta <ratagupt@in.ibm.com>2018-10-06 12:07:35 +0530
committerNagaraju Goruganti <ngorugan@in.ibm.com>2018-10-23 23:32:50 -0500
commit9891f2f8f330cfe678098342bd1cb536e5810233 (patch)
tree6c78cd592678ef1d5c011b579cb780d014c28cfe
parent156754745b44c341c54febab526e3b0d9b5d118f (diff)
downloadphosphor-user-manager-9891f2f8f330cfe678098342bd1cb536e5810233.zip
phosphor-user-manager-9891f2f8f330cfe678098342bd1cb536e5810233.tar.gz
phosphor-ldap-conf: change the permissions of the nslcd.conf file
If bindDN password is being written in the file then change the permission of the file to 640 so that it is not world readable. If bindDN password is not written then permission would be 644 which is default. Change-Id: I567285ad75e18c2a38c37918d3d3a5e61b0b39ea Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com> Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
-rw-r--r--phosphor-ldap-config/ldap_configuration.cpp17
1 files changed, 17 insertions, 0 deletions
diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp
index c84927d..4bbcbed 100644
--- a/phosphor-ldap-config/ldap_configuration.cpp
+++ b/phosphor-ldap-config/ldap_configuration.cpp
@@ -69,6 +69,8 @@ void Config::delete_()
void Config::writeConfig()
{
std::stringstream confData;
+ auto isPwdTobeWritten = false;
+
confData << "uid root\n";
confData << "gid root\n\n";
confData << "ldap_version 3\n\n";
@@ -82,6 +84,7 @@ void Config::writeConfig()
if (!lDAPBINDDNpassword().empty())
{
confData << "bindpw " << lDAPBINDDNpassword() << "\n";
+ isPwdTobeWritten = true;
}
confData << "\n";
switch (lDAPSearchScope())
@@ -137,6 +140,20 @@ void Config::writeConfig()
try
{
std::fstream stream(configFilePath.c_str(), std::fstream::out);
+ // remove the read permission from others if password is being written.
+ // nslcd forces this behaviour.
+ auto permission = fs::perms::owner_read | fs::perms::owner_write |
+ fs::perms::group_read;
+ if (isPwdTobeWritten)
+ {
+ fs::permissions(configFilePath, permission);
+ }
+ else
+ {
+ fs::permissions(configFilePath,
+ permission | fs::perms::others_read);
+ }
+
stream << confData.str();
stream.flush();
stream.close();
OpenPOWER on IntegriCloud