diff options
| author | Stefan Metzmacher <metze@samba.org> | 2011-11-11 12:12:17 +0100 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2011-11-15 09:46:30 +0100 |
| commit | e7e9f1e2dd279beaaf9d94b39378d24548a531cd (patch) | |
| tree | 60df5df4063dcdca9f803331f29018df6d054129 /source4/dsdb | |
| parent | be091eddec3715c5807f03fdc3d83ffc5a857433 (diff) | |
| download | samba-e7e9f1e2dd279beaaf9d94b39378d24548a531cd.tar.gz samba-e7e9f1e2dd279beaaf9d94b39378d24548a531cd.tar.bz2 samba-e7e9f1e2dd279beaaf9d94b39378d24548a531cd.zip | |
s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates
By default schema updates are not allowed anymore, as we don't have
complete validation code to prevent database corruption.
metze
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/schema/schema.h | 1 | ||||
| -rw-r--r-- | source4/dsdb/schema/schema_init.c | 17 | ||||
| -rw-r--r-- | source4/dsdb/schema/schema_set.c | 1 |
3 files changed, 17 insertions, 2 deletions
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index 58cf82b297..b1ae76882a 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -237,6 +237,7 @@ struct dsdb_schema { struct { bool we_are_master; + bool update_allowed; struct ldb_dn *master_dn; } fsmo; diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 0a9dedff8a..a4c29f1aa5 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -818,6 +818,7 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_val *info_val; struct ldb_val info_val_default; struct dsdb_schema *schema; + struct loadparm_context *lp_ctx = NULL; int ret; schema = dsdb_new_schema(mem_ctx); @@ -869,8 +870,20 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, schema->fsmo.we_are_master = false; } - DEBUG(5, ("schema_fsmo_init: we are master: %s\n", - (schema->fsmo.we_are_master?"yes":"no"))); + lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), + struct loadparm_context); + if (lp_ctx) { + bool allowed = lpcfg_parm_bool(lp_ctx, NULL, + "dsdb", "schema update allowed", + false); + schema->fsmo.update_allowed = allowed; + } else { + schema->fsmo.update_allowed = false; + } + + DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n", + (schema->fsmo.we_are_master?"yes":"no"), + (schema->fsmo.update_allowed?"yes":"no"))); *schema_out = schema; return LDB_SUCCESS; diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 6f735db486..4142842eee 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -712,6 +712,7 @@ WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb, goto nomem; } schema->fsmo.we_are_master = true; + schema->fsmo.update_allowed = true; schema->fsmo.master_dn = ldb_dn_new(schema, ldb, "@PROVISION_SCHEMA_MASTER"); if (!schema->fsmo.master_dn) { goto nomem; |