diff options
| author | Bill MacAllister <whm@dropbox.com> | 2016-06-01 18:48:31 +0000 |
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2018-05-27 17:33:31 -0700 |
| commit | 48a2962830eccfd28bc5d7f0541bf28e0a3ff7b1 (patch) | |
| tree | fcb1965a892e35ea34267585217b5ff21f3ec61d | |
| parent | 635bd213d11085e128abccb1c7d8cbac49b6705e (diff) | |
Update handling of long host names
| -rw-r--r-- | perl/lib/Wallet/Config.pm | 14 | ||||
| -rw-r--r-- | perl/lib/Wallet/Kadmin/AD.pm | 14 |
2 files changed, 23 insertions, 5 deletions
diff --git a/perl/lib/Wallet/Config.pm b/perl/lib/Wallet/Config.pm index 5d40978..09db609 100644 --- a/perl/lib/Wallet/Config.pm +++ b/perl/lib/Wallet/Config.pm @@ -463,10 +463,22 @@ default PATH. our $AD_MSKTUTIL = 'msktutil'; +=item AD_SERVICE_LENGTH + +The maximum length of a unique identifier, samAccountName, for Active +Directory keytab objects. If the indentifier exceeds this length then +it will be trunciated and an integer will be appended to the end of +the identifier. This parameter is here in hopes that at some point +in the future Microsoft will remove the limitation. + +=cut + +our $AD_SERVICE_LENGTH = '20'; + =item AD_SERVICE_LIMIT Used to limit the number of iterations used in attempting to find a -unique account name for service principals. Defaults to 999. +unique account name for principals. Defaults to 999. =cut diff --git a/perl/lib/Wallet/Kadmin/AD.pm b/perl/lib/Wallet/Kadmin/AD.pm index 9749a2a..a599142 100644 --- a/perl/lib/Wallet/Kadmin/AD.pm +++ b/perl/lib/Wallet/Kadmin/AD.pm @@ -272,15 +272,21 @@ sub get_account_id { $this_id =~ s/.*?=//xms; } else { my ($this_type, $this_cn) = split '/', $this_princ, 2; - if ($Wallet::Config::AD_SERVICE_PREFIX && $this_type = 'service') { - $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; + my $max_len; + if ($this_type eq 'host') { + $max_len = $Wallet::Config::AD_SERVICE_LENGTH - 1; + } else { + $max_len = $Wallet::Config::AD_SERVICE_LENGTH; + if ($Wallet::Config::AD_SERVICE_PREFIX) { + $this_cn = $Wallet::Config::AD_SERVICE_PREFIX . $this_cn; + } } my $loop_limit = $Wallet::Config::AD_SERVICE_LIMIT; - if (length($this_cn)>20) { + if (length($this_cn)>$max_len) { my $cnt = 0; my $this_dn; my $suffix_size = length("$loop_limit"); - my $this_prefix = substr($this_cn, 0, 20-$suffix_size); + my $this_prefix = substr($this_cn, 0, $max_len - $suffix_size); my $this_format = "%0${suffix_size}i"; while ($cnt<$loop_limit) { $this_cn = $this_prefix . sprintf($this_format, $cnt); |