getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret

[sfrench/samba-autobuild/.git] / source4 / rpc_server / drsuapi / getncchanges.c

diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 82a176260b174044f56f66bb0a23f626794b9f4e..1038a87ff2424f560896ada4594b18cbcfdb94ef 100644 (file)
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1338,6 +1338,11 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
                goto denied;
        }
 
+       /*
+        * The SID list needs to include itself as well as the tokenGroups.
+        *
+        * TODO determine if sIDHistory is required for this check
+        */
        werr = samdb_result_sid_array_ndr(b_state->sam_ctx_system, obj_res->msgs[0],
                                         mem_ctx, "tokenGroups", &token_sids, object_sid);
        if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {