s4-drs: removed dsdb_validate_client_flags()

This test is in the wrong place. We end up validating our own flags.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

source4/dsdb/common/util.c

@@ -2413,35 +2413,6 @@ int dsdb_find_sid_by_dn(struct ldb_context *ldb,
 }
 
 
-int dsdb_validate_client_flags(struct ldb_context *ldb,
-			       const struct repsFromTo1 *client_rf)
-{
-	int ret;
-	TALLOC_CTX *tmp_ctx = talloc_new(ldb);
-
-	if (client_rf->replica_flags & DRSUAPI_DRS_WRIT_REP) {
-		bool is_rodc;
-		ret = samdb_is_rodc(ldb, &client_rf->source_dsa_invocation_id, &is_rodc);
-		if (ret != LDB_SUCCESS) {
-			talloc_free(tmp_ctx);
-			return ret;
-		}
-		if (is_rodc) {
-			DEBUG(0,("Client %s claimed to be WRIT_REP, but is RODC\n",
-				 GUID_string(tmp_ctx, &client_rf->source_dsa_invocation_id)));
-			talloc_free(tmp_ctx);
-			return LDB_ERR_UNWILLING_TO_PERFORM;
-		}
-	}
-
-	/* TODO: we may need to validate more client flags here, if they
-	   are security sensitive */
-
-	talloc_free(tmp_ctx);
-	return LDB_SUCCESS;
-}
-
-
 /*
   load a repsFromTo blob list for a given partition GUID
   attr must be "repsFrom" or "repsTo"
@@ -3598,7 +3569,6 @@ const char *samdb_forest_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
 	return forest_name;
 }
 
-
 /*
    validate that an invocationID belongs to the specified user sid.
    The user SID must be a domain controller account (either RODC or

source4/dsdb/repl/drepl_out_helpers.c

@@ -271,13 +271,6 @@ static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
 	struct drsuapi_DsGetNCChanges *r;
 	struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector;
 	struct tevent_req *subreq;
-	int ret;
-
-	/* check that the client isn't lying about being a RODC */
-	ret = dsdb_validate_client_flags(service->samdb, rf1);
-	if (ret != LDB_SUCCESS) {
-		return;
-	}
 
 	if ((rf1->replica_flags & DRSUAPI_DRS_WRIT_REP) == 0) {
 		return;