From e7e9f1e2dd279beaaf9d94b39378d24548a531cd Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 11 Nov 2011 12:12:17 +0100 Subject: [PATCH] s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates By default schema updates are not allowed anymore, as we don't have complete validation code to prevent database corruption. metze --- source4/dsdb/schema/schema.h | 1 + source4/dsdb/schema/schema_init.c | 17 +++++++++++++++-- source4/dsdb/schema/schema_set.c | 1 + 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index 58cf82b2973..b1ae76882ab 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -237,6 +237,7 @@ struct dsdb_schema { struct { bool we_are_master; + bool update_allowed; struct ldb_dn *master_dn; } fsmo; diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 0a9dedff8ad..a4c29f1aa54 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -818,6 +818,7 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct ldb_val *info_val; struct ldb_val info_val_default; struct dsdb_schema *schema; + struct loadparm_context *lp_ctx = NULL; int ret; schema = dsdb_new_schema(mem_ctx); @@ -869,8 +870,20 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, schema->fsmo.we_are_master = false; } - DEBUG(5, ("schema_fsmo_init: we are master: %s\n", - (schema->fsmo.we_are_master?"yes":"no"))); + lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"), + struct loadparm_context); + if (lp_ctx) { + bool allowed = lpcfg_parm_bool(lp_ctx, NULL, + "dsdb", "schema update allowed", + false); + schema->fsmo.update_allowed = allowed; + } else { + schema->fsmo.update_allowed = false; + } + + DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n", + (schema->fsmo.we_are_master?"yes":"no"), + (schema->fsmo.update_allowed?"yes":"no"))); *schema_out = schema; return LDB_SUCCESS; diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c index 6f735db4862..4142842eee7 100644 --- a/source4/dsdb/schema/schema_set.c +++ b/source4/dsdb/schema/schema_set.c @@ -712,6 +712,7 @@ WERROR dsdb_set_schema_from_ldif(struct ldb_context *ldb, goto nomem; } schema->fsmo.we_are_master = true; + schema->fsmo.update_allowed = true; schema->fsmo.master_dn = ldb_dn_new(schema, ldb, "@PROVISION_SCHEMA_MASTER"); if (!schema->fsmo.master_dn) { goto nomem; -- 2.34.1