Don't search the whole tree for the domains's sid

This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.

Andrew Bartlett
(This used to be commit 52947fc0c019e57438a21e54953601b6cc08eb49)

1 files changed, 18 insertions, 4 deletions

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 3be60ac452..807c0289f7 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1004,7 +1004,13 @@ struct ldb_dn *samdb_sites_dn(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx)
 const struct dom_sid *samdb_domain_sid(struct ldb_context *ldb)
 {
 	TALLOC_CTX *tmp_ctx;
-	struct dom_sid *domain_sid;
+	const struct dom_sid *domain_sid;
+	const char *attrs[] = {
+		"objectSid",
+		NULL
+	};
+	struct ldb_result *res;
+	int ret;
 
 	/* see if we have a cached copy */
 	domain_sid = (struct dom_sid *)ldb_get_opaque(ldb, "cache.domain_sid");
@@ -1017,9 +1023,17 @@ const struct dom_sid *samdb_domain_sid(struct ldb_context *ldb)
 		goto failed;
 	}
 
-	/* find the domain_sid */
-	domain_sid = samdb_search_dom_sid(ldb, tmp_ctx, ldb_get_default_basedn(ldb),
-					  "objectSid", "objectClass=domainDNS");
+	ret = ldb_search_exp_fmt(ldb, tmp_ctx, &res, ldb_get_default_basedn(ldb), LDB_SCOPE_BASE, attrs, "objectSid=*");
+
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+	
+	if (res->count != 1) {
+		goto failed;
+	}
+
+	domain_sid = samdb_result_dom_sid(tmp_ctx, res->msgs[0], "objectSid");
 	if (domain_sid == NULL) {
 		goto failed;
 	}