From c1fd56fdd408c814158e9d4eaed58da08db8efc7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 11 Nov 2011 16:55:37 +0100
Subject: s4:dsdb/schema_data: reject schema update unless they're allowed

"dsdb:schema update allowed = yes" is now needed in smb.conf
to enable schema updates, as schema updates are a currenty a good
way to prevent samba from startup again, because of errors in
the schema definition.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104
---
 source4/dsdb/samdb/ldb_modules/schema_data.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'source4/dsdb')

diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
index acf8186fb1..3e0bb9c9c4 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -179,6 +179,12 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
 		return LDB_ERR_UNWILLING_TO_PERFORM;
 	}
 
+	if (!schema->fsmo.update_allowed && !rodc) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_add: updates are not allowed: reject request\n");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
 		/*
 		 * the provision code needs to create
@@ -317,6 +323,12 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req
 		return LDB_ERR_UNWILLING_TO_PERFORM;
 	}
 
+	if (!schema->fsmo.update_allowed && !rodc) {
+		ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+			  "schema_data_add: updates are not allowed: reject request\n");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	return ldb_next_request(module, req);
 }
 
-- 
cgit