s4-ldb: display security descriptors with correct SDL for known SIDs

This makes it much easier to compare SDs

diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c
index 10a733382aa3062dfc2f063a4aa824b2927ac008..88888bf0a7473f911d7ec6b673860c9a4f12962d 100644 (file)
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -406,7 +406,7 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct
                talloc_free(sd);
                return -1;
        }
-       out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
+       out->data = (uint8_t *)sddl_encode(mem_ctx, sd, samdb_domain_sid_cache_only(ldb));
        talloc_free(sd);
        if (out->data == NULL) {
                return -1;

diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c
index 39a460763cf216bc1ace24c86afdf0a137eeb15b..44ae23b26c629dc0db78ecc1ae85821e938a1ace 100644 (file)
--- a/source4/lib/ldb/tools/cmdline.c
+++ b/source4/lib/ldb/tools/cmdline.c
@@ -33,6 +33,7 @@
 #include "auth/auth.h"
 #include "ldb_wrap.h"
 #include "param/param.h"
+#include "dsdb/common/proto.h"
 #endif
 
 static struct ldb_cmdline options; /* needs to be static for older compilers */
@@ -321,6 +322,11 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb,
                goto failed;
        }
 
+#if (_SAMBA_BUILD_ >= 4)
+       /* get the domain SID into the cache for SDDL processing */
+       samdb_domain_sid(ldb);
+#endif
+
        return ret;
 
 failed: