diff options
| author | Stefan Metzmacher <metze@samba.org> | 2011-11-11 12:12:17 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2011-11-15 09:46:30 +0100 |
| commit | e7e9f1e2dd279beaaf9d94b39378d24548a531cd (patch) | |
| tree | 60df5df4063dcdca9f803331f29018df6d054129 | |
| parent | be091eddec3715c5807f03fdc3d83ffc5a857433 (diff) | |
| download | samba-e7e9f1e2dd279beaaf9d94b39378d24548a531cd.tar.gz samba-e7e9f1e2dd279beaaf9d94b39378d24548a531cd.tar.bz2 samba-e7e9f1e2dd279beaaf9d94b39378d24548a531cd.zip | |
s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates
By default schema updates are not allowed anymore, as we don't have
complete validation code to prevent database corruption.
metze
| -rw-r--r-- | source4/dsdb/schema/schema.h | 1 | ||||
| -rw-r--r-- | source4/dsdb/schema/schema_init.c | 17 | ||||
| -rw-r--r-- | source4/dsdb/schema/schema_set.c | 1 |
3 files changed, 17 insertions, 2 deletions
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index 58cf82b297..b1ae76882a 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -237,6 +237,7 @@ struct dsdb_schema { struct { bool we_are_master; + bool update_allowed; struct ldb_dn *master_dn; } fsmo; diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 0a9dedff8a..a4c29f1aa5 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -818,6 +818,7 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_val *info_val; struct ldb_val info_val_default; struct dsdb_schema *schema; + struct loadparm_context *lp_ctx = NULL; int ret; schema = dsdb_new_schema(mem_ctx); @@ -869,8 +870,20 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, schema->fsmo.we_are_master = false; } - DEBUG(5, ("schema_fsmo_init: we are master: %s\n", - (schema->fsmo.we_are_master?"yes":"no"))); + lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), + struct loadparm_context); + if (lp_ctx) { + bool allowed = lpcfg_parm_bool(lp_ctx, NULL, + "dsdb", "schema update allowed", + false); + schema->fsmo.update_allowed = allowed; + } else { + schema->fsmo.update_allowed = false; + } + + DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n", + (schema->fsmo.we_are_master?"yes":"no"), + (schema->fsmo.update_allowed?"yes":"no"))); *schema_out = schema; return LDB_SUCCESS; diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 6f735db486..4142842eee 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -712,6 +712,7 @@ WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb, goto nomem; } schema->fsmo.we_are_master = true; + schema->fsmo.update_allowed = true; schema->fsmo.master_dn = ldb_dn_new(schema, ldb, "@PROVISION_SCHEMA_MASTER"); if (!schema->fsmo.master_dn) { goto nomem; |