diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-04-22 16:41:32 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-04-22 19:36:16 +1000 |
commit | 1f92df90fdb0ade233af52df1fbc9e76bddb4fd0 (patch) | |
tree | f5ca098158231e4af72147458cd7301ec188190b | |
parent | 90230ce27eaa81e02273f0120b7cdc99879514ac (diff) | |
download | samba-1f92df90fdb0ade233af52df1fbc9e76bddb4fd0.tar.gz samba-1f92df90fdb0ade233af52df1fbc9e76bddb4fd0.tar.bz2 samba-1f92df90fdb0ade233af52df1fbc9e76bddb4fd0.zip |
s4-drs: removed dsdb_validate_client_flags()
This test is in the wrong place. We end up validating our own flags.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/dsdb/common/util.c | 30 | ||||
-rw-r--r-- | source4/dsdb/repl/drepl_out_helpers.c | 7 |
2 files changed, 0 insertions, 37 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 0a2583f45c..3a04797f82 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2413,35 +2413,6 @@ int dsdb_find_sid_by_dn(struct ldb_context *ldb, } -int dsdb_validate_client_flags(struct ldb_context *ldb, - const struct repsFromTo1 *client_rf) -{ - int ret; - TALLOC_CTX *tmp_ctx = talloc_new(ldb); - - if (client_rf->replica_flags & DRSUAPI_DRS_WRIT_REP) { - bool is_rodc; - ret = samdb_is_rodc(ldb, &client_rf->source_dsa_invocation_id, &is_rodc); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - if (is_rodc) { - DEBUG(0,("Client %s claimed to be WRIT_REP, but is RODC\n", - GUID_string(tmp_ctx, &client_rf->source_dsa_invocation_id))); - talloc_free(tmp_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - } - - /* TODO: we may need to validate more client flags here, if they - are security sensitive */ - - talloc_free(tmp_ctx); - return LDB_SUCCESS; -} - - /* load a repsFromTo blob list for a given partition GUID attr must be "repsFrom" or "repsTo" @@ -3598,7 +3569,6 @@ const char *samdb_forest_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) return forest_name; } - /* validate that an invocationID belongs to the specified user sid. The user SID must be a domain controller account (either RODC or diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 55357509f0..60dccffb23 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -271,13 +271,6 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) struct drsuapi_DsGetNCChanges *r; struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector; struct tevent_req *subreq; - int ret; - - /* check that the client isn't lying about being a RODC */ - ret = dsdb_validate_client_flags(service->samdb, rf1); - if (ret != LDB_SUCCESS) { - return; - } if ((rf1->replica_flags & DRSUAPI_DRS_WRIT_REP) == 0) { return; |