git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: be091ed)
s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates
authorStefan Metzmacher <metze@samba.org>
Fri, 11 Nov 2011 11:12:17 +0000 (12:12 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 15 Nov 2011 08:46:30 +0000 (09:46 +0100)
By default schema updates are not allowed anymore, as we don't have
complete validation code to prevent database corruption.

metze

source4/dsdb/schema/schema.h patch | blob | history
source4/dsdb/schema/schema_init.c patch | blob | history
source4/dsdb/schema/schema_set.c patch | blob | history

diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h
index 58cf82b2973adb915467137af7eb85b52beb7ab7..b1ae76882ab035733c62da1bae7b90ae31a9876a 100644 (file)
--- a/source4/dsdb/schema/schema.h
+++ b/source4/dsdb/schema/schema.h
@@ -237,6 +237,7 @@ struct dsdb_schema {
 
        struct {
                bool we_are_master;
+               bool update_allowed;
                struct ldb_dn *master_dn;
        } fsmo;
 
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index 0a9dedff8ad38d3598b7881865b673a9e1628836..a4c29f1aa54f050166d9fd343738647c16f4cd7c 100644 (file)
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -818,6 +818,7 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
        const struct ldb_val *info_val;
        struct ldb_val info_val_default;
        struct dsdb_schema *schema;
+       struct loadparm_context *lp_ctx = NULL;
        int ret;
 
        schema = dsdb_new_schema(mem_ctx);
@@ -869,8 +870,20 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
                schema->fsmo.we_are_master = false;
        }
 
-       DEBUG(5, ("schema_fsmo_init: we are master: %s\n",
-                 (schema->fsmo.we_are_master?"yes":"no")));
+       lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+                                               struct loadparm_context);
+       if (lp_ctx) {
+               bool allowed = lpcfg_parm_bool(lp_ctx, NULL,
+                                               "dsdb", "schema update allowed",
+                                               false);
+               schema->fsmo.update_allowed = allowed;
+       } else {
+               schema->fsmo.update_allowed = false;
+       }
+
+       DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n",
+                 (schema->fsmo.we_are_master?"yes":"no"),
+                 (schema->fsmo.update_allowed?"yes":"no")));
 
        *schema_out = schema;
        return LDB_SUCCESS;
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index 6f735db48629edca286fa9175bbf599c8f408e32..4142842eee7b2b76274b880deb367855c1770e61 100644 (file)
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -712,6 +712,7 @@ WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb,
                goto nomem;
        }
        schema->fsmo.we_are_master = true;
+       schema->fsmo.update_allowed = true;
        schema->fsmo.master_dn = ldb_dn_new(schema, ldb, "@PROVISION_SCHEMA_MASTER");
        if (!schema->fsmo.master_dn) {
                goto nomem;
Samba Shared Repository