From 1f92df90fdb0ade233af52df1fbc9e76bddb4fd0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 22 Apr 2010 16:41:32 +1000 Subject: s4-drs: removed dsdb_validate_client_flags() This test is in the wrong place. We end up validating our own flags. Pair-Programmed-With: Andrew Bartlett --- source4/dsdb/common/util.c | 30 ------------------------------ source4/dsdb/repl/drepl_out_helpers.c | 7 ------- 2 files changed, 37 deletions(-) (limited to 'source4') diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 0a2583f45c..3a04797f82 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -2413,35 +2413,6 @@ int dsdb_find_sid_by_dn(struct ldb_context *ldb, } -int dsdb_validate_client_flags(struct ldb_context *ldb, - const struct repsFromTo1 *client_rf) -{ - int ret; - TALLOC_CTX *tmp_ctx = talloc_new(ldb); - - if (client_rf->replica_flags & DRSUAPI_DRS_WRIT_REP) { - bool is_rodc; - ret = samdb_is_rodc(ldb, &client_rf->source_dsa_invocation_id, &is_rodc); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return ret; - } - if (is_rodc) { - DEBUG(0,("Client %s claimed to be WRIT_REP, but is RODC\n", - GUID_string(tmp_ctx, &client_rf->source_dsa_invocation_id))); - talloc_free(tmp_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; - } - } - - /* TODO: we may need to validate more client flags here, if they - are security sensitive */ - - talloc_free(tmp_ctx); - return LDB_SUCCESS; -} - - /* load a repsFromTo blob list for a given partition GUID attr must be "repsFrom" or "repsTo" @@ -3598,7 +3569,6 @@ const char *samdb_forest_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) return forest_name; } - /* validate that an invocationID belongs to the specified user sid. The user SID must be a domain controller account (either RODC or diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c index 55357509f0..60dccffb23 100644 --- a/source4/dsdb/repl/drepl_out_helpers.c +++ b/source4/dsdb/repl/drepl_out_helpers.c @@ -271,13 +271,6 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req) struct drsuapi_DsGetNCChanges *r; struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector; struct tevent_req *subreq; - int ret; - - /* check that the client isn't lying about being a RODC */ - ret = dsdb_validate_client_flags(service->samdb, rf1); - if (ret != LDB_SUCCESS) { - return; - } if ((rf1->replica_flags & DRSUAPI_DRS_WRIT_REP) == 0) { return; -- cgit