1793: Authentication failure with full gecos

alle****@gmai***** (Google Code) (Is this you? Claim this profile.)
Sept. 15, 2010
What version are you running?

What's the URL of the page containing the problem?

What steps will reproduce the problem?
1. login user that use NIS with full gecos 

What is the expected output? What do you see instead?
expected login.
see "InternalError at /account/login/":


Request Method: POST
Request URL: http://reviewboard.xxx/account/login/
Django Version: 1.1.1
Python Version: 2.5.2
Installed Applications:
Installed Middleware:

File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/core/handlers/base.py" in get_response
  98.                     response = middleware_method(request, e)
File "/usr/lib/python2.5/site-packages/Djblets-0.5.5-py2.5.egg/djblets/log/middleware.py" in process_exception
  220.                       request.user, request.build_absolute_uri(),
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/contrib/auth/middleware.py" in __get__
  9.             request._cached_user = get_user(request)
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/contrib/auth/__init__.py" in get_user
  84.         user_id = request.session[SESSION_KEY]
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/contrib/sessions/backends/base.py" in __getitem__
  46.         return self._session[key]
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/contrib/sessions/backends/base.py" in _get_session
  172.                 self._session_cache = self.load()
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/contrib/sessions/backends/db.py" in load
  16.                 expire_date__gt=datetime.datetime.now()
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/db/models/manager.py" in get
  120.         return self.get_query_set().get(*args, **kwargs)
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/db/models/query.py" in get
  300.         num = len(clone)
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/db/models/query.py" in __len__
  81.                 self._result_cache = list(self.iterator())
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/db/models/query.py" in iterator
  238.         for row in self.query.results_iter():
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/db/models/sql/query.py" in results_iter
  287.         for rows in self.execute_sql(MULTI):
File "/usr/lib/python2.5/site-packages/Django-1.1.1-py2.5.egg/django/db/models/sql/query.py" in execute_sql
  2369.         cursor.execute(sql, params)
File "/usr/lib/python2.5/site-packages/Djblets-0.5.5-py2.5.egg/djblets/log/middleware.py" in execute
  49.             return self.cursor.execute(sql, params)

Exception Type: InternalError at /account/login/
Exception Value: current transaction is aborted, commands ignored until end of transaction block

What operating system are you using? What browser?
Linux Gentoo. Opera 10.10, Firefox 3.0.3

Please provide any additional information below.
Authentication Method in RB - NIS.
Users without gecos login normally.
#1 chipx86
This doesn't really show any code in Review Board, so I'm not able to see what's going on.

Where did that specific error information come from? A log file, or the page itself? If the page, can you provide the entire page as HTML so I can dig in more?
  • +NeedInfo
#2 alle****@gmai***** (Google Code) (Is this you? Claim this profile.)
Yes, it`s a page. HTML attached.
  • +
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html lang="en">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <meta name="robots" content="NONE,NOARCHIVE">
      <title>InternalError at /account/login/</title>
      <style type="text/css">
        html * { padding:0; margin:0; }
        body * { padding:10px 20px; }
        body * * { padding:0; }
        body { font:small sans-serif; }
        body>div { border-bottom:1px solid #ddd; }
        h1 { font-weight:normal; }
        h2 { margin-bottom:.8em; }
        h2 span { font-size:80%; color:#666; font-weight:normal; }
        h3 { margin:1em 0 .5em 0; }
        h4 { margin:0 0 .5em 0; font-weight: normal; }
        table { border:1px solid #ccc; border-collapse: collapse; width:100%; background:white; }
        tbody td, tbody th { vertical-align:top; padding:2px 3px; }
        thead th { padding:1px 6px 1px 3px; background:#fefefe; text-align:left; font-weight:normal; font-size:11px; border:1px solid #
#3 chipx86
I think I'll need to know more about the particular SQL query that's happening. Can you look at the gecos data for one of the failing users and let me know what sort of data you see in it? I'm mainly interested in special, non-alphanumeric characters in any fields.
#4 alle****@gmai***** (Google Code) (Is this you? Claim this profile.)
full passwd record with gecos:

tester:x:789:10:tester,everywhere,(4) 3-9,(4) 3-9:/home/tester:/bin/csh
#5 alle****@gmai***** (Google Code) (Is this you? Claim this profile.)
Is previous info enough? Or something else needed?
#6 chipx86
Yeah, this should now be fixed on master (b7889fc) and release-1.0.x (25e4965).

This will be part of the upcoming Review Board 1.5 RC2 release. However, you can make the fix yourself short-term. This will help to verify it, though from your example and from others, it appears to work in my testing.

Open reviewboard/reviewboard/accounts/backends.py and find 'get_or_create_user' in the 'NISBackend' class. There will be a line that looks like:

    names = passwd[4].split(' ', 1)

Change that to:

    names = passwd[4].split(',')[0].split(' ', 1)
  • -NeedInfo
  • +Milestone-Release1.5
  • +chipx86
#7 alle****@gmai***** (Google Code) (Is this you? Claim this profile.)
It's work! Thanks!!!