summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/dsdb/common/util.c30
-rw-r--r--source4/dsdb/repl/drepl_out_helpers.c7
2 files changed, 0 insertions, 37 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 0a2583f45c..3a04797f82 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2413,35 +2413,6 @@ int dsdb_find_sid_by_dn(struct ldb_context *ldb,
}
-int dsdb_validate_client_flags(struct ldb_context *ldb,
- const struct repsFromTo1 *client_rf)
-{
- int ret;
- TALLOC_CTX *tmp_ctx = talloc_new(ldb);
-
- if (client_rf->replica_flags & DRSUAPI_DRS_WRIT_REP) {
- bool is_rodc;
- ret = samdb_is_rodc(ldb, &client_rf->source_dsa_invocation_id, &is_rodc);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return ret;
- }
- if (is_rodc) {
- DEBUG(0,("Client %s claimed to be WRIT_REP, but is RODC\n",
- GUID_string(tmp_ctx, &client_rf->source_dsa_invocation_id)));
- talloc_free(tmp_ctx);
- return LDB_ERR_UNWILLING_TO_PERFORM;
- }
- }
-
- /* TODO: we may need to validate more client flags here, if they
- are security sensitive */
-
- talloc_free(tmp_ctx);
- return LDB_SUCCESS;
-}
-
-
/*
load a repsFromTo blob list for a given partition GUID
attr must be "repsFrom" or "repsTo"
@@ -3598,7 +3569,6 @@ const char *samdb_forest_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
return forest_name;
}
-
/*
validate that an invocationID belongs to the specified user sid.
The user SID must be a domain controller account (either RODC or
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 55357509f0..60dccffb23 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -271,13 +271,6 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
struct drsuapi_DsGetNCChanges *r;
struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector;
struct tevent_req *subreq;
- int ret;
-
- /* check that the client isn't lying about being a RODC */
- ret = dsdb_validate_client_flags(service->samdb, rf1);
- if (ret != LDB_SUCCESS) {
- return;
- }
if ((rf1->replica_flags & DRSUAPI_DRS_WRIT_REP) == 0) {
return;