From 2eaf4ed62220246bcc1a9702166b0b4f381fdae3 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 27 Aug 2008 10:45:43 +0200
Subject: [PATCH] ldb: Fix permissions of group_mapping.ldb.

This one fixes bug #5715 and CVE-2008-3789.
(cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97)
---
 source/groupdb/mapping_ldb.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c
index 6775f61..ce65d7c 100644
--- a/source/groupdb/mapping_ldb.c
+++ b/source/groupdb/mapping_ldb.c
@@ -74,7 +74,13 @@ static bool init_group_mapping(void)
 	if (ret != LDB_SUCCESS) {
 		goto failed;
 	}
-	
+
+	/* force the permissions on the ldb to 0600 - this will fix
+	   existing databases as well as new ones */
+	if (chmod(db_path, 0600) != 0) {
+		goto failed;
+	}
+
 	if (!existed) {
 		/* initialise the ldb with an index */
 		struct ldb_ldif *ldif;
-- 
1.5.4.4