s4-drs: allow getncchanges from RODC with WRIT_REP set

w2k8r2 is setting this bit as a RODC. Instead of refusing the
replication, we now remove the bit from req8, which means other places
in the code that check this bit can stay the same

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index dcf1dbef5c3304368f6c18d1518a633a231b7741..ba47b9b04028352d3a2545d67cfae4df3de3d1f3 100644 (file)
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -772,10 +772,10 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
                                                     samdb_domain_sid(b_state->sam_ctx));
        if (security_level == SECURITY_RO_DOMAIN_CONTROLLER &&
            (req8->replica_flags & DRSUAPI_DRS_WRIT_REP)) {
-               DEBUG(0,(__location__ ": Attempt to do writeable replication by RODC %s\n",
+               DEBUG(3,(__location__ ": Removing WRIT_REP flag for replication by RODC %s\n",
                         dom_sid_string(mem_ctx,
                                        dce_call->conn->auth_state.session_info->security_token->user_sid)));
-               return WERR_DS_DRA_INVALID_PARAMETER;
+               req8->replica_flags &= ~DRSUAPI_DRS_WRIT_REP;
        }