Bug 1210763 - [ovirt-hosted-engine-setup] script doesn't validate user input for username for iscsi storage domain > 50 characters.
Summary: [ovirt-hosted-engine-setup] script doesn't validate user input for username ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-hosted-engine-setup
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ovirt-3.6.0-rc
: 3.6.0
Assignee: Sandro Bonazzola
QA Contact: Elad
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-04-10 13:52 UTC by akotov
Modified: 2019-10-10 09:47 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, the length of a username wasn't checked, even though the database field was limited to store only 50 characters. A user could enter a username longer than 50 characters, causing an error while storing the username into the database during the setup. With this release, username length is now validated to ensure it can fit in the database. The user can no longer enter usernames which may cause the database insert to fail due to their length. Please note: work is in progress to modify the database to allow longer usernames, so in future this limitation will be lifted.
Clone Of:
Environment:
Last Closed: 2016-03-09 19:11:38 UTC
oVirt Team: Integration
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:0375 0 normal SHIPPED_LIVE ovirt-hosted-engine-setup bug fix and enhancement update 2016-03-09 23:48:34 UTC
oVirt gerrit 42596 0 master MERGED packaging: setup: Verify iSCSI username and password length Never

Description akotov 2015-04-10 13:52:22 UTC
Description of problem:

hosted-engine --deploy fails with internal engine error

2015-04-08 17:36:44,251 INFO  [org.ovirt.engine.core.bll.AddDiskCommand] (ajp-/127.0.0.1:8702-7) [35de27da] Running command: AddDiskCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-12345
6789aaa Type: SystemAction group CREATE_DISK with role type USER,  ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CONFIGURE_SCSI_GENERIC_IO with role type ADMIN
2015-04-08 17:36:44,312 INFO  [org.ovirt.engine.core.utils.transaction.TransactionSupport] (ajp-/127.0.0.1:8702-7) [35de27da] transaction rolled back
2015-04-08 17:36:44,313 ERROR [org.ovirt.engine.core.bll.AddDiskCommand] (ajp-/127.0.0.1:8702-7) [35de27da] Command org.ovirt.engine.core.bll.AddDiskCommand throw exception: org.springframework.dao.DataIntegrity
ViolationException: CallableStatementCallback; SQL [{call insertstorage_server_connections(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)}]; ERROR: value too long for type character varying(50)
  Where: SQL statement "INSERT INTO storage_server_connections(connection, id, iqn, port,portal, password, storage_type, user_name,mount_options,vfs_type,nfs_version,nfs_timeo,nfs_retrans) VALUES( $1 ,  $2 ,  $3
 , $4 , $5 ,  $6 ,  $7 ,  $8 , $9 , $10 , $11 , $12 , $13 )"
PL/pgSQL function "insertstorage_server_connections" line 2 at SQL statement; nested exception is org.postgresql.util.PSQLException: ERROR: value too long for type character varying(50)
  Where: SQL statement "INSERT INTO storage_server_connections(connection, id, iqn, port,portal, password, storage_type, user_name,mount_options,vfs_type,nfs_version,nfs_timeo,nfs_retrans) VALUES( $1 ,  $2 ,  $3
 , $4 , $5 ,  $6 ,  $7 ,  $8 , $9 , $10 , $11 , $12 , $13 )"
PL/pgSQL function "insertstorage_server_connections" line 2 at SQL statement
        at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.doTranslate(SQLStateSQLExceptionTranslator.java:101) [spring-jdbc.jar:3.1.1.RELEASE]


Caused by: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(50)
  Where: SQL statement "INSERT INTO storage_server_connections(connection, id, iqn, port,portal, password, storage_type, user_name,mount_options,vfs_type,nfs_version,nfs_timeo,nfs_retrans) VALUES( $1 ,  $2 ,  $3 , $4 , $5 ,  $6 ,  $7 ,  $8 , $9 , $10 , $11 , $12 , $13 )"
PL/pgSQL function "insertstorage_server_connections" line 2 at SQL statement


Version-Release number of selected component (if applicable):

latest

How reproducible:

Always

Steps to Reproduce:
1. hosted-engine --deploy, specify username for iscsi storage domain > 50 characters

Actual results:

RuntimeError('Cannot add the Hosted Engine VM Disk to the engine',)
Expected results:

User gets a warning that username is not valid, as database limits it to 50 characters [ varying(50)]

Additional info:

Comment 4 Elad 2015-08-02 14:21:13 UTC
User and password length validation is done:


Entered a username with more than 50 characters: 

[ ERROR ] Username should not be longer than 50 characters.

Entered a password with more than 50 characters: 

 Please specify the iSCSI portal password: 
[ ERROR ] Password should not be longer than 50 characters.

Verified using: 
ovirt-3.6.0-alpha3
ovirt-hosted-engine-ha-1.3.0-0.0.master.20150615153650.20150615153645.git5f8c290.el7.noarch
ovirt-hosted-engine-setup-1.3.0-0.0.master.20150729070044.git26149d7.el7.noarch
iptables-services-1.4.21-13.el7.x86_64
iptables-1.4.21-13.el7.x86_64
vdsm-4.17.0-1229.git8299061.el7.noarch

Comment 5 Eyal Edri 2015-11-15 08:04:10 UTC
wrong component, changed to hosted-engine-setup

Comment 8 errata-xmlrpc 2016-03-09 19:11:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0375.html


Note You need to log in before you can comment on or make changes to this bug.