From: Garming Sam <garming@catalyst.net.nz>
Date: Wed, 13 Dec 2017 02:27:20 +0000 (+1300)
Subject: domain.py: Force schema upgrade to be used only on the schema master
X-Git-Tag: talloc-2.1.11~107
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2d831f23d5a5513b4d4c767dbfe5de555afae30;p=thirdparty%2Fsamba.git

domain.py: Force schema upgrade to be used only on the schema master

While this may be enforced at lower levels, it would be better to warn
earlier rather than later.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 6702bc3bcf0..9db2304c1d5 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -58,6 +58,7 @@ from samba.netcmd import (
     SuperCommand,
     Option
     )
+from samba.netcmd.fsmo import get_fsmo_roleowner
 from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
 from samba.samba3 import Samba3
 from samba.samba3 import param as s3param
@@ -4081,6 +4082,12 @@ class cmd_domain_schema_upgrade(Command):
             print("Temporarily overriding 'dsdb:schema update allowed' setting")
             updates_allowed_overriden = True
 
+        own_dn = ldb.Dn(samdb, samdb.get_dsServiceName())
+        master = get_fsmo_roleowner(samdb, str(samdb.get_schema_basedn()),
+                                    'schema')
+        if own_dn != master:
+            raise CommandError("This server is not the schema master.")
+
         # if specific LDIF files were specified, just apply them
         if ldf_files:
             schema_updates = ldf_files.split(",")