sssd/0110-UTIL-Use-max-15-characters-for-AD-host-UPN.patch

From c6f1bc32774a7cf2f8678499dfbced420be3a3a1 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Tue, 14 Mar 2017 10:34:00 +0100
Subject: [PATCH 110/135] UTIL: Use max 15 characters for AD host UPN
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We do not want to use host principal with AD
"host/name.domain.tld@DOMAIN.TLD" because it does not work.
We need to use correct user principal for AD hosts. And we cannot
rely all fallback "*$" because of other principals in keytab.

The NetBIOS naming convention allows for 16 characters in a NetBIOS
name. Microsoft, however, limits NetBIOS names to 15 characters and
uses the 16th character as a NetBIOS suffix.
https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name

Resolves:
https://pagure.io/SSSD/sssd/issue/3329

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 src/util/sss_krb5.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index d461cf881566af37f31524c16f6a5f1511a5dc89..a3f066e8add5b7d7575c1e0f537c5729e4a0dad0 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -51,7 +51,13 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx,
             *c = toupper(*c);
         }
 
-        primary = talloc_asprintf(mem_ctx, "%s$", shortname);
+        /* The samAccountName is recommended to be less than 20 characters.
+         * This is only for users and groups. For machine accounts,
+         * the real limit is caused by NetBIOS protocol.
+         * NetBIOS names are limited to 16 (15 + $)
+         * https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name
+         */
+        primary = talloc_asprintf(mem_ctx, "%.15s$", shortname);
         talloc_free(shortname);
         return primary;
     }
-- 
2.12.2