git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c4aa78b
)
getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret
author
Garming Sam
<garming@catalyst.net.nz>
Fri, 10 Mar 2017 01:31:10 +0000
(14:31 +1300)
committer
Andrew Bartlett
<abartlet@samba.org>
Mon, 13 Mar 2017 04:10:12 +0000
(
05:10
+0100)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/rpc_server/drsuapi/getncchanges.c
patch
|
blob
|
history
diff --git
a/source4/rpc_server/drsuapi/getncchanges.c
b/source4/rpc_server/drsuapi/getncchanges.c
index 82a176260b174044f56f66bb0a23f626794b9f4e..1038a87ff2424f560896ada4594b18cbcfdb94ef 100644
(file)
--- a/
source4/rpc_server/drsuapi/getncchanges.c
+++ b/
source4/rpc_server/drsuapi/getncchanges.c
@@
-1338,6
+1338,11
@@
static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
goto denied;
}
+ /*
+ * The SID list needs to include itself as well as the tokenGroups.
+ *
+ * TODO determine if sIDHistory is required for this check
+ */
werr = samdb_result_sid_array_ndr(b_state->sam_ctx_system, obj_res->msgs[0],
mem_ctx, "tokenGroups", &token_sids, object_sid);
if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {