[JENKINS-21507] libpam4j problem under FreeBSD 10 - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: pam-auth-plugin
Labels:
None
Environment:
FreeBSD 10.0

Similar Issues:

Show

Description

Hi,

I installed jenkins-1.545, under FreeBSD-10.0RC5.

For this installation, I enabled a feature which I don't
normally use. In the configuration setup,
I enabled security, and used Unix security. This uses the
PAM plugin for Jenkins.

I enabled "Matrix security", and created one user "jenkins"
and gave the user all the permissions.

The "jenkins" user was already created in /etc/passwd.

I validated that I could login as "jenkins" from the command-line.

When I tried to login via the jenkins web interface as "jenkins",
I saw this error traceback in /var/log/jenkins.log:

JNA: Callback org.jvnet.libpam.PAM$1@
66732173 threw the following exception:
Invalid file format
at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:166)
at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:239)
at com.sun.jna.Library$Handler.<init>(Library.java:140)
at com.sun.jna.Native.loadLibrary(Native.java:366)
at com.sun.jna.Native.loadLibrary(Native.java:351)
at org.jvnet.libpam.impl.CLibrary$Instance.init(CLibrary.java:127)
at org.jvnet.libpam.impl.CLibrary$Instance.access$000(CLibrary.java:124)
at org.jvnet.libpam.impl.CLibrary.<clinit>(CLibrary.java:122)
at org.jvnet.libpam.PAM$1.callback(PAM.java:80)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:239)
at com.sun.jna.Library$Handler.<init>(Library.java:140)
at com.sun.jna.Native.loadLibrary(Native.java:366)
at com.sun.jna.Native.loadLibrary(Native.java:351)
at org.jvnet.libpam.impl.CLibrary$Instance.init(CLibrary.java:127)
at org.jvnet.libpam.impl.CLibrary$Instance.access$000(CLibrary.java:124)
at org.jvnet.libpam.impl.CLibrary.<clinit>(CLibrary.java:122)
at org.jvnet.libpam.PAM$1.callback(PAM.java:80)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
java:57)
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:622)
lbackReference.java:394)
eference.java:424)
at com.sun.jna.Native.invokeInt(Native Method)
at com.sun.jna.Function.invoke(Function.java:344)
at com.sun.jna.Function.invoke(Function.java:276)
at com.sun.jna.Library$Handler.invoke(Library.java:216)

and the login failed.

After further investigation of the source code, it looks like in Jenkins,
one of the modules
used in PAM authentication is this one:
http://libpam4j.kohsuke.org/

libpam4j has some hardcoded logic about the size
of certain C data structures such as "struct passwd" gets the logic
wrong, becaue in FreeBSD, those structures have changed since
this code was written.

Attachments

Issue Links

is related to

JENKINS-24527 Update jna-posix so that it can compile with JNA 4.1.0

Resolved

JENKINS-24521 Update jna from 3.3.0-jenkins to 4.1.0 (or newer)

Resolved

Activity

Ascending order - Click to sort in descending order

R. Tyler Croy added a comment - 2014-01-26 01:16

kohsuke, I'm going to take a look at this and see if I can bounce you a pull request since I'm running FreeBSD on my laptop these days

R. Tyler Croy added a comment - 2014-01-26 01:16 kohsuke , I'm going to take a look at this and see if I can bounce you a pull request since I'm running FreeBSD on my laptop these days

R. Tyler Croy added a comment - 2014-01-26 05:31

I've set up a pull request that builds and runs some basic (new) tests properly on FreeBSD -CURRENT. I've not built up a whole Jenkins based on this library change though to test whether it really solves this problem

R. Tyler Croy added a comment - 2014-01-26 05:31 I've set up a pull request that builds and runs some basic (new) tests properly on FreeBSD -CURRENT. I've not built up a whole Jenkins based on this library change though to test whether it really solves this problem

Craig Rodrigues added a comment - 2014-02-07 22:45

Is there a new version of this PAM plugin with your changes that I can test?
I am setting up some Jenkins build for FreeBSD and would like to test this.
Thanks!

Craig Rodrigues added a comment - 2014-02-07 22:45 Is there a new version of this PAM plugin with your changes that I can test? I am setting up some Jenkins build for FreeBSD and would like to test this. Thanks!

Anthony Williams added a comment - 2014-06-06 22:47 - edited

I have created a Pull Request (https://github.com/jenkinsci/jna/pull/2) against the jenkinsci/jna repository which resolves this problem. The existing libpam4j library works under FreeBSD 10, but the jna library does not as it is expecting the system .so files to be in a different format (I believe this is because the one it is trying to load is now a symlink under FreeBSD 10), throwing an exception.

I have tested this change by building the patched version of jna and including it in a local build of Jenkins, and it appears to be functionally sound under FreeBSD 10 - multiple users have been able to log in successfully, and has been seen to work on several recent Jenkins builds.

Note that this is a backported fix from https://github.com/twall/jna/issues/279.

Thanks,
Anthony

Anthony Williams added a comment - 2014-06-06 22:47 - edited I have created a Pull Request ( https://github.com/jenkinsci/jna/pull/2 ) against the jenkinsci/jna repository which resolves this problem. The existing libpam4j library works under FreeBSD 10, but the jna library does not as it is expecting the system .so files to be in a different format (I believe this is because the one it is trying to load is now a symlink under FreeBSD 10), throwing an exception. I have tested this change by building the patched version of jna and including it in a local build of Jenkins, and it appears to be functionally sound under FreeBSD 10 - multiple users have been able to log in successfully, and has been seen to work on several recent Jenkins builds. Note that this is a backported fix from https://github.com/twall/jna/issues/279 . Thanks, Anthony

Craig Rodrigues added a comment - 2014-10-04 21:06

Upgrading to JNA 4.1.0 will also fix this: https://issues.jenkins-ci.org/browse/JENKINS-24521

Craig Rodrigues added a comment - 2014-10-04 21:06 Upgrading to JNA 4.1.0 will also fix this: https://issues.jenkins-ci.org/browse/JENKINS-24521

Craig Rodrigues added a comment - 2014-10-26 19:53 - edited

I just built Jenkins from trunk, and it looks like this problem is
now fixed, due to fixes for ~~JENKINS-24521~~ and ~~JENKINS-24527~~.
I'll close this issue out when I can confirm that a release build of Jenkins is fixed.

Craig Rodrigues added a comment - 2014-10-26 19:53 - edited I just built Jenkins from trunk, and it looks like this problem is now fixed, due to fixes for JENKINS-24521 and JENKINS-24527 . I'll close this issue out when I can confirm that a release build of Jenkins is fixed.

Craig Rodrigues added a comment - 2014-10-26 23:01

Verified that this problem is fixed by checkout out git hash tag
c7369f2cd6cfa4a5cdbe49d1e8c1b0766f398db8 , which will be close
to what is in release 1.586

Craig Rodrigues added a comment - 2014-10-26 23:01 Verified that this problem is fixed by checkout out git hash tag c7369f2cd6cfa4a5cdbe49d1e8c1b0766f398db8 , which will be close to what is in release 1.586

People

Assignee:: Craig Rodrigues

Reporter:: Craig Rodrigues

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2014-01-26 01:03

Updated:: 2014-10-26 23:01

Resolved:: 2014-10-26 23:01