From: Garming Sam <garming@catalyst.net.nz>
Date: Fri, 10 Mar 2017 01:31:10 +0000 (+1300)
Subject: getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret
X-Git-Tag: tdb-1.3.13~481
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2863551e90a0c211a3b7cb42cf0cf37408939e17;p=thirdparty%2Fsamba.git

getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 82a176260b1..1038a87ff24 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1338,6 +1338,11 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
 		goto denied;
 	}
 
+	/*
+	 * The SID list needs to include itself as well as the tokenGroups.
+	 *
+	 * TODO determine if sIDHistory is required for this check
+	 */
 	werr = samdb_result_sid_array_ndr(b_state->sam_ctx_system, obj_res->msgs[0],
 					 mem_ctx, "tokenGroups", &token_sids, object_sid);
 	if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {