getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret

author Garming Sam <garming@catalyst.net.nz>

Fri, 10 Mar 2017 01:31:10 +0000 (14:31 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Mon, 13 Mar 2017 04:10:12 +0000 (05:10 +0100)
author Garming Sam <garming@catalyst.net.nz>
Fri, 10 Mar 2017 01:31:10 +0000 (14:31 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Mon, 13 Mar 2017 04:10:12 +0000 (05:10 +0100)
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c

index 82a176260b174044f56f66bb0a23f626794b9f4e..1038a87ff2424f560896ada4594b18cbcfdb94ef 100644 (file)
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1338,6 +1338,11 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
                 goto denied;
         }
  
+       /*
+        * The SID list needs to include itself as well as the tokenGroups.
+        *
+        * TODO determine if sIDHistory is required for this check
+        */
         werr = samdb_result_sid_array_ndr(b_state->sam_ctx_system, obj_res->msgs[0],
                                          mem_ctx, "tokenGroups", &token_sids, object_sid);
         if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {
author	Garming Sam <garming@catalyst.net.nz>
	Fri, 10 Mar 2017 01:31:10 +0000 (14:31 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 13 Mar 2017 04:10:12 +0000 (05:10 +0100)