domain.py: Force schema upgrade to be used only on the schema master

While this may be enforced at lower levels, it would be better to warn
earlier rather than later.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 6702bc3bcf0b6a98ae258c3eeb0bead7d282d9f7..9db2304c1d51cb24d29c50dea428b6d44fc85696 100644 (file)
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -58,6 +58,7 @@ from samba.netcmd import (
     SuperCommand,
     Option
     )
+from samba.netcmd.fsmo import get_fsmo_roleowner
 from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
 from samba.samba3 import Samba3
 from samba.samba3 import param as s3param
@@ -4081,6 +4082,12 @@ class cmd_domain_schema_upgrade(Command):
             print("Temporarily overriding 'dsdb:schema update allowed' setting")
             updates_allowed_overriden = True
 
+        own_dn = ldb.Dn(samdb, samdb.get_dsServiceName())
+        master = get_fsmo_roleowner(samdb, str(samdb.get_schema_basedn()),
+                                    'schema')
+        if own_dn != master:
+            raise CommandError("This server is not the schema master.")
+
         # if specific LDIF files were specified, just apply them
         if ldf_files:
             schema_updates = ldf_files.split(",")