diff options
author | Andrew Bartlett <abartlet@samba.org> | 2023-01-25 16:01:48 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-02-03 09:35:08 +0000 |
commit | c7658589fa53a7905678361409341a916b0d41f5 (patch) | |
tree | 29f9621dcdcdacd735a89392f907ae0a468cfc1c | |
parent | dee9067386531241846680e50dc892cc906b0a07 (diff) | |
download | samba-c7658589fa53a7905678361409341a916b0d41f5.tar.gz |
s4-drsuapi: Clarify role of drs_security_access_check_nc_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10635
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1838f349c94b878de1740af35351a2e8e0c8cffb)
-rw-r--r-- | source4/rpc_server/drsuapi/getncchanges.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index 57bd50b1268..ca805d9f958 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -2830,7 +2830,11 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ user_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]; - /* all clients must have GUID_DRS_GET_CHANGES */ + /* + * all clients must have GUID_DRS_GET_CHANGES. This finds the + * actual NC root of the given value and checks that, allowing + * REPL_OBJ to work safely + */ werr = drs_security_access_check_nc_root(sam_ctx, mem_ctx, session_info->security_token, |