s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates

[kai/samba.git] / source4 / dsdb / schema / schema_init.c

diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index 0a9dedff8ad38d3598b7881865b673a9e1628836..a4c29f1aa54f050166d9fd343738647c16f4cd7c 100644 (file)
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -818,6 +818,7 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
        const struct ldb_val *info_val;
        struct ldb_val info_val_default;
        struct dsdb_schema *schema;
+       struct loadparm_context *lp_ctx = NULL;
        int ret;
 
        schema = dsdb_new_schema(mem_ctx);
@@ -869,8 +870,20 @@ int dsdb_schema_from_ldb_results(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
                schema->fsmo.we_are_master = false;
        }
 
-       DEBUG(5, ("schema_fsmo_init: we are master: %s\n",
-                 (schema->fsmo.we_are_master?"yes":"no")));
+       lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
+                                               struct loadparm_context);
+       if (lp_ctx) {
+               bool allowed = lpcfg_parm_bool(lp_ctx, NULL,
+                                               "dsdb", "schema update allowed",
+                                               false);
+               schema->fsmo.update_allowed = allowed;
+       } else {
+               schema->fsmo.update_allowed = false;
+       }
+
+       DEBUG(5, ("schema_fsmo_init: we are master[%s] updates allowed[%s]\n",
+                 (schema->fsmo.we_are_master?"yes":"no"),
+                 (schema->fsmo.update_allowed?"yes":"no")));
 
        *schema_out = schema;
        return LDB_SUCCESS;