s4-backupkey: Comply with [MS-BKRP] 2.2.1

[MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name
field SHOULD contain the name of the DNS domain assigned to the server."

In fact Windows 7 clients don't seem to care. Also in certificates
generated by native AD the domain name (after CN=) is encoded as
UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently
we just leave the encoding as it is for now.

Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index f748cd1c395c9af40f879e864d08bed40fccd78b..07af1c0adba38639331620ea745e5007cf7bffea 100644 (file)
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -1184,8 +1184,7 @@ static WERROR bkrp_do_retreive_client_wrap_key(struct dcesrv_call_state *dce_cal
                if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
                        /* Ok we can be in this case if there was no certs */
                        struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
-                       char *dn = talloc_asprintf(mem_ctx, "CN=%s.%s",
-                                                       lpcfg_netbios_name(lp_ctx),
+                       char *dn = talloc_asprintf(mem_ctx, "CN=%s",
                                                        lpcfg_realm(lp_ctx));
 
                        WERROR werr =  generate_bkrp_cert(mem_ctx, dce_call, ldb_ctx, dn);