getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret

Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Garming Sam <garming@catalyst.net.nz> 2017-03-10 14:31:10 +1300
committer: Andrew Bartlett <abartlet@samba.org> 2017-03-13 05:10:12 +0100
commit: 2863551e90a0c211a3b7cb42cf0cf37408939e17 (patch)
tree: c23add6f6b17090d66a8e55d81c274c283382be7 /source4
parent: c4aa78ba875f3a9ca4e586823ce63826da8daa90 (diff)
download: samba-2863551e90a0c211a3b7cb42cf0cf37408939e17.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 82a176260b1..1038a87ff24 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1338,6 +1338,11 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
 		goto denied;
 	}
 
+	/*
+	 * The SID list needs to include itself as well as the tokenGroups.
+	 *
+	 * TODO determine if sIDHistory is required for this check
+	 */
 	werr = samdb_result_sid_array_ndr(b_state->sam_ctx_system, obj_res->msgs[0],
 					 mem_ctx, "tokenGroups", &token_sids, object_sid);
 	if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {
author	Garming Sam <garming@catalyst.net.nz>	2017-03-10 14:31:10 +1300
committer	Andrew Bartlett <abartlet@samba.org>	2017-03-13 05:10:12 +0100
commit	2863551e90a0c211a3b7cb42cf0cf37408939e17 (patch)
tree	c23add6f6b17090d66a8e55d81c274c283382be7 /source4
parent	c4aa78ba875f3a9ca4e586823ce63826da8daa90 (diff)
download	samba-2863551e90a0c211a3b7cb42cf0cf37408939e17.tar.gz