summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2008-08-27 10:45:43 +0200
committerKarolin Seeger <kseeger@samba.org>2008-08-27 12:08:39 +0200
commit9a89e30229442ae6336328c9e37b3121c188df01 (patch)
tree3544727ac07bad99d1c522ac98b096b19e2e37ef
parentdc3f6b0861f83070b32a718d337fc755f5b18fee (diff)
downloadsamba-9a89e30229442ae6336328c9e37b3121c188df01.tar.gz
samba-9a89e30229442ae6336328c9e37b3121c188df01.tar.bz2
samba-9a89e30229442ae6336328c9e37b3121c188df01.zip
ldb: Fix permissions of group_mapping.ldb.
This one fixes bug #5715 and CVE-2008-3789. (cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97) (This used to be commit 2eaf4ed62220246bcc1a9702166b0b4f381fdae3)
-rw-r--r--source3/groupdb/mapping_ldb.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c
index 6775f612e7..ce65d7c46d 100644
--- a/source3/groupdb/mapping_ldb.c
+++ b/source3/groupdb/mapping_ldb.c
@@ -74,7 +74,13 @@ static bool init_group_mapping(void)
if (ret != LDB_SUCCESS) {
goto failed;
}
-
+
+ /* force the permissions on the ldb to 0600 - this will fix
+ existing databases as well as new ones */
+ if (chmod(db_path, 0600) != 0) {
+ goto failed;
+ }
+
if (!existed) {
/* initialise the ldb with an index */
struct ldb_ldif *ldif;