[PATCH 06/10] s4-backupkey: Comply with [MS-BKRP] 2.2.1
Arvid Requate
requate at univention.de
Mon Jul 7 11:14:59 MDT 2014
[MS-BKRP] 2.2.1 specifies "The Common Name field of the Subject name
field SHOULD contain the name of the DNS domain assigned to the server."
In fact Windows 7 clients don't seem to care. Also in certificates
generated by native AD the domain name (after CN=) is encoded as
UTF-16LE. Since hx509_parse_name only supports UTF-8 strings currently
we just leave the encoding as it is for now. Windows 7 clients don't seem to
care anyway.
Signed-off-by: Arvid Requate <requate at univention.de>
---
source4/rpc_server/backupkey/dcesrv_backupkey.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c
b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 046efb9..737d609 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -1185,8 +1185,7 @@ static WERROR bkrp_do_retreive_client_wrap_key(struct
dcesrv_call_state *dce_cal
if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND))
{
/* Ok we can be in this case if there was no certs */
struct loadparm_context *lp_ctx = dce_call->conn-
>dce_ctx->lp_ctx;
- char *dn = talloc_asprintf(mem_ctx, "CN=%s.%s",
-
lpcfg_netbios_name(lp_ctx),
+ char *dn = talloc_asprintf(mem_ctx, "CN=%s",
lpcfg_realm(lp_ctx));
WERROR werr = generate_bkrp_cert(mem_ctx, dce_call,
ldb_ctx, dn);
--
2.0.0.rc2
More information about the samba-technical
mailing list