Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21507

libpam4j problem under FreeBSD 10

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: pam-auth-plugin
    • Labels:
      None
    • Environment:
      FreeBSD 10.0
    • Similar Issues:

      Description

      Hi,

      I installed jenkins-1.545, under FreeBSD-10.0RC5.

      For this installation, I enabled a feature which I don't
      normally use. In the configuration setup,
      I enabled security, and used Unix security. This uses the
      PAM plugin for Jenkins.

      I enabled "Matrix security", and created one user "jenkins"
      and gave the user all the permissions.

      The "jenkins" user was already created in /etc/passwd.

      I validated that I could login as "jenkins" from the command-line.

      When I tried to login via the jenkins web interface as "jenkins",
      I saw this error traceback in /var/log/jenkins.log:

      JNA: Callback org.jvnet.libpam.PAM$1@
      66732173 threw the following exception:
      Invalid file format
      at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:166)
      at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:239)
      at com.sun.jna.Library$Handler.<init>(Library.java:140)
      at com.sun.jna.Native.loadLibrary(Native.java:366)
      at com.sun.jna.Native.loadLibrary(Native.java:351)
      at org.jvnet.libpam.impl.CLibrary$Instance.init(CLibrary.java:127)
      at org.jvnet.libpam.impl.CLibrary$Instance.access$000(CLibrary.java:124)
      at org.jvnet.libpam.impl.CLibrary.<clinit>(CLibrary.java:122)
      at org.jvnet.libpam.PAM$1.callback(PAM.java:80)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:239)
      at com.sun.jna.Library$Handler.<init>(Library.java:140)
      at com.sun.jna.Native.loadLibrary(Native.java:366)
      at com.sun.jna.Native.loadLibrary(Native.java:351)
      at org.jvnet.libpam.impl.CLibrary$Instance.init(CLibrary.java:127)
      at org.jvnet.libpam.impl.CLibrary$Instance.access$000(CLibrary.java:124)
      at org.jvnet.libpam.impl.CLibrary.<clinit>(CLibrary.java:122)
      at org.jvnet.libpam.PAM$1.callback(PAM.java:80)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      java:57)
      sorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:622)
      lbackReference.java:394)
      eference.java:424)
      at com.sun.jna.Native.invokeInt(Native Method)
      at com.sun.jna.Function.invoke(Function.java:344)
      at com.sun.jna.Function.invoke(Function.java:276)
      at com.sun.jna.Library$Handler.invoke(Library.java:216)

      and the login failed.

      After further investigation of the source code, it looks like in Jenkins,
      one of the modules
      used in PAM authentication is this one:
      http://libpam4j.kohsuke.org/

      libpam4j has some hardcoded logic about the size
      of certain C data structures such as "struct passwd" gets the logic
      wrong, becaue in FreeBSD, those structures have changed since
      this code was written.

        Attachments

          Issue Links

            Activity

            Hide
            rtyler R. Tyler Croy added a comment -

            Kohsuke Kawaguchi, I'm going to take a look at this and see if I can bounce you a pull request since I'm running FreeBSD on my laptop these days

            Show
            rtyler R. Tyler Croy added a comment - Kohsuke Kawaguchi , I'm going to take a look at this and see if I can bounce you a pull request since I'm running FreeBSD on my laptop these days
            Hide
            rtyler R. Tyler Croy added a comment -

            I've set up a pull request that builds and runs some basic (new) tests properly on FreeBSD -CURRENT. I've not built up a whole Jenkins based on this library change though to test whether it really solves this problem

            Show
            rtyler R. Tyler Croy added a comment - I've set up a pull request that builds and runs some basic (new) tests properly on FreeBSD -CURRENT. I've not built up a whole Jenkins based on this library change though to test whether it really solves this problem
            Hide
            rodrigc Craig Rodrigues added a comment -

            Is there a new version of this PAM plugin with your changes that I can test?
            I am setting up some Jenkins build for FreeBSD and would like to test this.
            Thanks!

            Show
            rodrigc Craig Rodrigues added a comment - Is there a new version of this PAM plugin with your changes that I can test? I am setting up some Jenkins build for FreeBSD and would like to test this. Thanks!
            Hide
            adfw Anthony Williams added a comment - - edited

            I have created a Pull Request (https://github.com/jenkinsci/jna/pull/2) against the jenkinsci/jna repository which resolves this problem. The existing libpam4j library works under FreeBSD 10, but the jna library does not as it is expecting the system .so files to be in a different format (I believe this is because the one it is trying to load is now a symlink under FreeBSD 10), throwing an exception.

            I have tested this change by building the patched version of jna and including it in a local build of Jenkins, and it appears to be functionally sound under FreeBSD 10 - multiple users have been able to log in successfully, and has been seen to work on several recent Jenkins builds.

            Note that this is a backported fix from https://github.com/twall/jna/issues/279.

            Thanks,
            Anthony

            Show
            adfw Anthony Williams added a comment - - edited I have created a Pull Request ( https://github.com/jenkinsci/jna/pull/2 ) against the jenkinsci/jna repository which resolves this problem. The existing libpam4j library works under FreeBSD 10, but the jna library does not as it is expecting the system .so files to be in a different format (I believe this is because the one it is trying to load is now a symlink under FreeBSD 10), throwing an exception. I have tested this change by building the patched version of jna and including it in a local build of Jenkins, and it appears to be functionally sound under FreeBSD 10 - multiple users have been able to log in successfully, and has been seen to work on several recent Jenkins builds. Note that this is a backported fix from https://github.com/twall/jna/issues/279 . Thanks, Anthony
            Hide
            rodrigc Craig Rodrigues added a comment -

            Upgrading to JNA 4.1.0 will also fix this: https://issues.jenkins-ci.org/browse/JENKINS-24521

            Show
            rodrigc Craig Rodrigues added a comment - Upgrading to JNA 4.1.0 will also fix this: https://issues.jenkins-ci.org/browse/JENKINS-24521
            Hide
            rodrigc Craig Rodrigues added a comment - - edited

            I just built Jenkins from trunk, and it looks like this problem is
            now fixed, due to fixes for JENKINS-24521 and JENKINS-24527.
            I'll close this issue out when I can confirm that a release build of Jenkins is fixed.

            Show
            rodrigc Craig Rodrigues added a comment - - edited I just built Jenkins from trunk, and it looks like this problem is now fixed, due to fixes for JENKINS-24521 and JENKINS-24527 . I'll close this issue out when I can confirm that a release build of Jenkins is fixed.
            Hide
            rodrigc Craig Rodrigues added a comment -

            Verified that this problem is fixed by checkout out git hash tag
            c7369f2cd6cfa4a5cdbe49d1e8c1b0766f398db8 , which will be close
            to what is in release 1.586

            Show
            rodrigc Craig Rodrigues added a comment - Verified that this problem is fixed by checkout out git hash tag c7369f2cd6cfa4a5cdbe49d1e8c1b0766f398db8 , which will be close to what is in release 1.586

              People

              Assignee:
              rodrigc Craig Rodrigues
              Reporter:
              rodrigc Craig Rodrigues
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: