Merge pull request #43 from aws/hostname_limit

Handle domain name length for host machine
aws · Mar 25, 2023 · d030c13 · d030c13
2 parents 528b111 + 8bc5903
commit d030c13
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/auth/kerberos/src/krb.cpp b/auth/kerberos/src/krb.cpp
@@ -8,6 +8,9 @@
 // renew the ticket 1 hrs before the expiration
 #define RENEW_TICKET_HOURS 1
 #define SECONDS_IN_HOUR 3600
+// Active Directory uses NetBIOS computer names that do not exceed 15 characters.
+// https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/naming-conventions-for-computer-domain-site-ou
+#define HOST_NAME_LENGTH_LIMIT 15
 
 static const std::string install_path_for_decode_exe =
     "/usr/sbin/credentials_fetcher_utf16_private.exe";
@@ -105,11 +108,21 @@ static std::pair<int, std::string> get_machine_principal( std::string domain_nam
         return result;
     }
 
+    std::string host_name = hostname_result.second;
+
+    // truncate the hostname to the host name size limit defined by microsoft
+    if(host_name.length() > HOST_NAME_LENGTH_LIMIT){
+        cf_logger.logger( LOG_ERR, "WARNING: %s:%d hostname exceeds 15 characters,
+             "this can cause problems in getting kerberos tickets, please reduce hostname length",
+             __func__, __LINE__ );
+        host_name = host_name.substr(0,HOST_NAME_LENGTH_LIMIT);
+    }
+
     /**
      * Machine principal is of the format EC2AMAZ-Q5VJZQ$@CONTOSO.COM'
      */
     result.first = 0;
-    result.second = hostname_result.second + "$@" + realm_name_result.second;
+    result.second = host_name + "$@" + realm_name_result.second;
 
     return result;
 }

diff --git a/package/credentials-fetcher.spec b/package/credentials-fetcher.spec
@@ -16,9 +16,9 @@ Source0:        https://github.com/aws/credentials-fetcher/archive/refs/tags/%{v
 
 BuildRequires:  cmake3 make chrpath openldap-clients grpc-devel gcc-c++ glib2-devel boost-devel 
 BuildRequires:  openssl-devel zlib-devel protobuf-devel re2-devel krb5-devel systemd-devel
-BuildRequires:  systemd-rpm-macros dotnet grpc-plugins
+BuildRequires:  systemd-rpm-macros dotnet-sdk-6.0 grpc-plugins
 
-Requires: bind-utils openldap openldap-clients awscli
+Requires: bind-utils openldap openldap-clients awscli dotnet-runtime-6.0
 
 # No one likes you i686
 ExcludeArch:    i686 armv7hl ppc64le