4967: When using NIS authentication (might be identical with the others), if a user get a name too long it break the server. Rooted in the database field that are too short in case the returned firstname, fullname, email is too long.

Reported by:	lmarecha 2 years
Unassigned

What version are you running?

3.0.19
4.0.6

What's the URL of the page containing the problem?

none - authentication problem

What steps will reproduce the problem?

setup reviewboard with NIS (not tested with other but might be identical
open welcome page
login with username password
failure something broke

What is the expected output? What do you see instead?

expected: Get to the dashboard
result: Error page something broke

What operating system are you using? What browser?

Linux RH/Ubuntu
Chrome, firefox,edge

Please provide any additional information below.

I had the issue with dev RB3 and fixed it in a custom package. Today I had some user trying to login into RB4 and they got the “something broke” page. As it was installed from pip, I did not fix it.

The log report that it try to put a field greater than the max size defined in the db schema. I tracked it back to the NIS layer.

Root cause if that one of the field returned by NIS was way greater than 30 char and it caused the db to refuse it.
Most of the user never get this issue, but some of them have extra long name in the NIS, or the NIS returning with extra char (ie email).

There is two solutions:
1. Increase the db field to store all
2. Change the NIS provider to strip to the maxchar of the database

What I did as a quick fix was changing the NIS layer to strip it and log it.
Our NIS was returning something like
firstname, lastname firstname.lastname@nisdomain
Firstname is always good as it split on “,”
Lastname being the rest it was getting too long

Ex:
firstname : John
lastname : DoeLongFamillyNameWithAncestorInIt John.DoeLongFamillyNameWithAncestorInIt@vvdev.nonprod.sw.company.com

The “John.DoeLongFamillyNameWithAncestorInIt@vvdev.nonprod.sw.company.com” is an example, but same issue arise with just extra long name.

So that’s the fix I added to prevent the “something broke”, I strip them to 30 char, I could strip on the <> but then I still had some user with extra long name reporting issue.

To add/change in reviewboard\reviewboard\accounts\backends\nis.py

                # The user does not exist, or there was an error
                # communicating with NIS.
                return None

        names = passwd[4].split(',')[0].split(' ', 1)
        first_name = names[0]
        last_name = None

        if len(names) > 1:
            last_name = names[1]

        email = '%s@%s' % (username, settings.NIS_EMAIL_DOMAIN)

        if len(first_name) > 30:
            logging.info("First name too long (" + first_name  + "), truncating to: " + first_name[:30])
            first_name = first_name[:30]
        if len(last_name) > 30:
            logging.info("last name too long (" + last_name  + "), truncating to: " + last_name[:30])
            last_name = last_name[:30]
        if len(email) > 30:
            logging.info("email too long (" + email  + "), truncating to: " + email[:30])
            email = email[:30]

        user = User(username=username,
                    password='',
                    first_name=first_name,
                    last_name=last_name or '',
                    email=email)
        user.is_staff = False
        user.is_superuser = False

#1 lmarecha

Didn't test with other authntication provider, but if name are greater than the limitation of the db field lenght, they would get the same error.

#2 lmarecha

Still same with 4.0.11

Welcome to the Splat alpha!