summaryrefslogtreecommitdiff
path: root/source4/dsdb/samdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-11-11 16:55:37 +0100
committerStefan Metzmacher <metze@samba.org>2011-11-15 13:00:07 +0100
commitc1fd56fdd408c814158e9d4eaed58da08db8efc7 (patch)
tree417ee5c61d7417d2030f6f06703a587f0a4aed12 /source4/dsdb/samdb
parent0be0da9650fd3eb6f094854b61e60c35349edb26 (diff)
downloadsamba-c1fd56fdd408c814158e9d4eaed58da08db8efc7.tar.gz
samba-c1fd56fdd408c814158e9d4eaed58da08db8efc7.tar.bz2
samba-c1fd56fdd408c814158e9d4eaed58da08db8efc7.zip
s4:dsdb/schema_data: reject schema update unless they're allowed
"dsdb:schema update allowed = yes" is now needed in smb.conf to enable schema updates, as schema updates are a currenty a good way to prevent samba from startup again, because of errors in the schema definition. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
Diffstat (limited to 'source4/dsdb/samdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_data.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
index acf8186fb1..3e0bb9c9c4 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -179,6 +179,12 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
+ if (!schema->fsmo.update_allowed && !rodc) {
+ ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+ "schema_data_add: updates are not allowed: reject request\n");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
/*
* the provision code needs to create
@@ -317,6 +323,12 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req
return LDB_ERR_UNWILLING_TO_PERFORM;
}
+ if (!schema->fsmo.update_allowed && !rodc) {
+ ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+ "schema_data_add: updates are not allowed: reject request\n");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
return ldb_next_request(module, req);
}