From e7e9f1e2dd279beaaf9d94b39378d24548a531cd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 11 Nov 2011 12:12:17 +0100 Subject: s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates By default schema updates are not allowed anymore, as we don't have complete validation code to prevent database corruption. metze --- source4/dsdb/schema/schema_init.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'source4/dsdb/schema/schema_init.c') diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 0a9dedff8a..a4c29f1aa5 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -818,6 +818,7 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_val *info_val; struct ldb_val info_val_default; struct dsdb_schema *schema; + struct loadparm_context *lp_ctx = NULL; int ret; schema = dsdb_new_schema(mem_ctx); @@ -869,8 +870,20 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, schema->fsmo.we_are_master = false; } - DEBUG(5, ("schema_fsmo_init: we are master: %s\n", - (schema->fsmo.we_are_master?"yes":"no"))); + lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), + struct loadparm_context); + if (lp_ctx) { + bool allowed = lpcfg_parm_bool(lp_ctx, NULL, + "dsdb", "schema update allowed", + false); + schema->fsmo.update_allowed = allowed; + } else { + schema->fsmo.update_allowed = false; + } + + DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n", + (schema->fsmo.we_are_master?"yes":"no"), + (schema->fsmo.update_allowed?"yes":"no"))); *schema_out = schema; return LDB_SUCCESS; -- cgit