public/admc
1
0
Fork 0
mirror of https://github.com/altlinux/admc.git synced 2025-03-22 02:50:30 +03:00
Code Issues Projects Releases Wiki Activity

add comment about extra ace

Browse Source
This commit is contained in:
Dmitry Degtyarev 2021-04-08 13:18:00 +04:00
parent ffd4d0ead5
commit f878815fc2
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/adldap/ad_interface.cpp
View File

@ -1077,6 +1077,13 @@ bool AdInterface::create_gpo(const QString &display_name, QString &dn_out) {
struct security_descriptor domain_sd;
ndr_security_pull_security_descriptor(ndr_pull, NDR_SCALARS|NDR_BUFFERS, &domain_sd);
// TODO: not sure why but my
// gp_create_gpt_security_descriptor() call creates an
// sd that has 1 extra ace than samba's version
// (ACL:S-1-5-11:5/3/0x00000000)
// sid = S-1-5-11 = SID_NT_AUTHENTICATED_USERS
// type = 5 = SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT
// Create sysvol descriptor from domain descriptor (not
// one to one, some modifications are needed)
struct security_descriptor *sysvol_sd;