s4:dsdb/schema_data: reject schema update unless they're allowed

author Stefan Metzmacher <metze@samba.org>

Fri, 11 Nov 2011 15:55:37 +0000 (16:55 +0100)

committer Stefan Metzmacher <metze@samba.org>

Tue, 15 Nov 2011 12:00:07 +0000 (13:00 +0100)
author Stefan Metzmacher <metze@samba.org>
Fri, 11 Nov 2011 15:55:37 +0000 (16:55 +0100)
committer Stefan Metzmacher <metze@samba.org>
Tue, 15 Nov 2011 12:00:07 +0000 (13:00 +0100)
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c

index acf8186fb1c2448ff0bbed4505603ce54015d36c..3e0bb9c9c47585701b4e20a11870de21754e3bed 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -179,6 +179,12 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
                 return LDB_ERR_UNWILLING_TO_PERFORM;
         }
  
+       if (!schema->fsmo.update_allowed && !rodc) {
+               ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+                         "schema_data_add: updates are not allowed: reject request\n");
+               return LDB_ERR_UNWILLING_TO_PERFORM;
+       }
+
         if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
                 /*
                  * the provision code needs to create
@@ -317,6 +323,12 @@ static int schema_data_modify(struct ldb_module *module, struct ldb_request *req
                 return LDB_ERR_UNWILLING_TO_PERFORM;
         }
  
+       if (!schema->fsmo.update_allowed && !rodc) {
+               ldb_debug_set(ldb, LDB_DEBUG_ERROR,
+                         "schema_data_add: updates are not allowed: reject request\n");
+               return LDB_ERR_UNWILLING_TO_PERFORM;
+       }
+
         return ldb_next_request(module, req);
  }
author	Stefan Metzmacher <metze@samba.org>
	Fri, 11 Nov 2011 15:55:37 +0000 (16:55 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 15 Nov 2011 12:00:07 +0000 (13:00 +0100)