summaryrefslogtreecommitdiff
path: root/source4/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c21
1 files changed, 10 insertions, 11 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index df8305e155..354ebf0f85 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -105,7 +105,6 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
const char *rdn;
const struct dsdb_attribute *rdn_sa;
unsigned int instanceType;
- int rodc_filtered_flags;
instanceType = ldb_msg_find_attr_as_uint(msg, "instanceType", 0);
if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
@@ -206,19 +205,19 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
continue;
}
- /* if the recipient is a RODC, then we should not add any
- * RODC filtered attribute */
- /* TODO: This is not strictly correct, as it doesn't allow for administrators
- to setup some users to transfer passwords to specific RODCs. To support that
- we would instead remove this check and rely on extended ACL checking in the dsdb
- acl module. */
- rodc_filtered_flags = SEARCH_FLAG_RODC_ATTRIBUTE | SEARCH_FLAG_CONFIDENTIAL;
- if ((replica_flags & DRSUAPI_DRS_WRIT_REP) == 0 &&
- (sa->searchFlags & rodc_filtered_flags)) {
+ /*
+ * If the recipient is a RODC, then we should not add any
+ * RODC filtered attribute
+ *
+ * TODO: This is not strictly correct, as it doesn't allow for administrators
+ * to setup some users to transfer passwords to specific RODCs. To support that
+ * we would instead remove this check and rely on extended ACL checking in the dsdb
+ * acl module.
+ */
+ if (dsdb_attr_in_rodc_fas(replica_flags, sa)) {
continue;
}
-
obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time;
obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version;
obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id;