diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-11-11 16:55:37 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-11-15 13:00:07 +0100 |
commit | c1fd56fdd408c814158e9d4eaed58da08db8efc7 (patch) | |
tree | 417ee5c61d7417d2030f6f06703a587f0a4aed12 /source4/dsdb/samdb/ldb_modules | |
parent | 0be0da9650fd3eb6f094854b61e60c35349edb26 (diff) | |
download | samba-c1fd56fdd408c814158e9d4eaed58da08db8efc7.tar.gz samba-c1fd56fdd408c814158e9d4eaed58da08db8efc7.tar.bz2 samba-c1fd56fdd408c814158e9d4eaed58da08db8efc7.zip |
s4:dsdb/schema_data: reject schema update unless they're allowed
"dsdb:schema update allowed = yes" is now needed in smb.conf
to enable schema updates, as schema updates are a currenty a good
way to prevent samba from startup again, because of errors in
the schema definition.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb/ldb_modules')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/schema_data.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c index acf8186fb1..3e0bb9c9c4 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_data.c +++ b/source4/dsdb/samdb/ldb_modules/schema_data.c @@ -179,6 +179,12 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_UNWILLING_TO_PERFORM; } + if (!schema->fsmo.update_allowed && !rodc) { + ldb_debug_set(ldb, LDB_DEBUG_ERROR, + "schema_data_add: updates are not allowed: reject request\n"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) { /* * the provision code needs to create @@ -317,6 +323,12 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req return LDB_ERR_UNWILLING_TO_PERFORM; } + if (!schema->fsmo.update_allowed && !rodc) { + ldb_debug_set(ldb, LDB_DEBUG_ERROR, + "schema_data_add: updates are not allowed: reject request\n"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + return ldb_next_request(module, req); } |