From: Arvid Requate Date: Mon, 7 Jul 2014 16:25:29 +0000 (+0200) Subject: s4-backupkey: Comply with [MS-BKRP] 2.2.1 X-Git-Tag: tevent-0.9.23~51 X-Git-Url: http://git.samba.org/samba.git/?p=gd%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=007c3978a46d5f50051605752a76d12f30c5a0de s4-backupkey: Comply with [MS-BKRP] 2.2.1 [MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name field SHOULD contain the name of the DNS domain assigned to the server." In fact Windows 7 clients don't seem to care. Also in certificates generated by native AD the domain name (after CN=) is encoded as UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently we just leave the encoding as it is for now. Signed-off-by: Arvid Requate Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam --- diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index f748cd1c395..07af1c0adba 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -1184,8 +1184,7 @@ static WERROR bkrp_do_retreive_client_wrap_key(struct dcesrv_call_state *dce_cal if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { /* Ok we can be in this case if there was no certs */ struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx; - char *dn = talloc_asprintf(mem_ctx, "CN=%s.%s", - lpcfg_netbios_name(lp_ctx), + char *dn = talloc_asprintf(mem_ctx, "CN=%s", lpcfg_realm(lp_ctx)); WERROR werr = generate_bkrp_cert(mem_ctx, dce_call, ldb_ctx, dn);