• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • pam-auth-plugin
    • None
    • FreeBSD 10.0

      Hi,

      I installed jenkins-1.545, under FreeBSD-10.0RC5.

      For this installation, I enabled a feature which I don't
      normally use. In the configuration setup,
      I enabled security, and used Unix security. This uses the
      PAM plugin for Jenkins.

      I enabled "Matrix security", and created one user "jenkins"
      and gave the user all the permissions.

      The "jenkins" user was already created in /etc/passwd.

      I validated that I could login as "jenkins" from the command-line.

      When I tried to login via the jenkins web interface as "jenkins",
      I saw this error traceback in /var/log/jenkins.log:

      JNA: Callback org.jvnet.libpam.PAM$1@
      66732173 threw the following exception:
      Invalid file format
      at com.sun.jna.NativeLibrary.loadLibrary(NativeLibrary.java:166)
      at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:239)
      at com.sun.jna.Library$Handler.<init>(Library.java:140)
      at com.sun.jna.Native.loadLibrary(Native.java:366)
      at com.sun.jna.Native.loadLibrary(Native.java:351)
      at org.jvnet.libpam.impl.CLibrary$Instance.init(CLibrary.java:127)
      at org.jvnet.libpam.impl.CLibrary$Instance.access$000(CLibrary.java:124)
      at org.jvnet.libpam.impl.CLibrary.<clinit>(CLibrary.java:122)
      at org.jvnet.libpam.PAM$1.callback(PAM.java:80)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at com.sun.jna.NativeLibrary.getInstance(NativeLibrary.java:239)
      at com.sun.jna.Library$Handler.<init>(Library.java:140)
      at com.sun.jna.Native.loadLibrary(Native.java:366)
      at com.sun.jna.Native.loadLibrary(Native.java:351)
      at org.jvnet.libpam.impl.CLibrary$Instance.init(CLibrary.java:127)
      at org.jvnet.libpam.impl.CLibrary$Instance.access$000(CLibrary.java:124)
      at org.jvnet.libpam.impl.CLibrary.<clinit>(CLibrary.java:122)
      at org.jvnet.libpam.PAM$1.callback(PAM.java:80)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      java:57)
      sorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:622)
      lbackReference.java:394)
      eference.java:424)
      at com.sun.jna.Native.invokeInt(Native Method)
      at com.sun.jna.Function.invoke(Function.java:344)
      at com.sun.jna.Function.invoke(Function.java:276)
      at com.sun.jna.Library$Handler.invoke(Library.java:216)

      and the login failed.

      After further investigation of the source code, it looks like in Jenkins,
      one of the modules
      used in PAM authentication is this one:
      http://libpam4j.kohsuke.org/

      libpam4j has some hardcoded logic about the size
      of certain C data structures such as "struct passwd" gets the logic
      wrong, becaue in FreeBSD, those structures have changed since
      this code was written.

          [JENKINS-21507] libpam4j problem under FreeBSD 10

          R. Tyler Croy added a comment -

          kohsuke, I'm going to take a look at this and see if I can bounce you a pull request since I'm running FreeBSD on my laptop these days

          R. Tyler Croy added a comment - kohsuke , I'm going to take a look at this and see if I can bounce you a pull request since I'm running FreeBSD on my laptop these days

          R. Tyler Croy added a comment -

          I've set up a pull request that builds and runs some basic (new) tests properly on FreeBSD -CURRENT. I've not built up a whole Jenkins based on this library change though to test whether it really solves this problem

          R. Tyler Croy added a comment - I've set up a pull request that builds and runs some basic (new) tests properly on FreeBSD -CURRENT. I've not built up a whole Jenkins based on this library change though to test whether it really solves this problem

          Is there a new version of this PAM plugin with your changes that I can test?
          I am setting up some Jenkins build for FreeBSD and would like to test this.
          Thanks!

          Craig Rodrigues added a comment - Is there a new version of this PAM plugin with your changes that I can test? I am setting up some Jenkins build for FreeBSD and would like to test this. Thanks!

          Anthony Williams added a comment - - edited

          I have created a Pull Request (https://github.com/jenkinsci/jna/pull/2) against the jenkinsci/jna repository which resolves this problem. The existing libpam4j library works under FreeBSD 10, but the jna library does not as it is expecting the system .so files to be in a different format (I believe this is because the one it is trying to load is now a symlink under FreeBSD 10), throwing an exception.

          I have tested this change by building the patched version of jna and including it in a local build of Jenkins, and it appears to be functionally sound under FreeBSD 10 - multiple users have been able to log in successfully, and has been seen to work on several recent Jenkins builds.

          Note that this is a backported fix from https://github.com/twall/jna/issues/279.

          Thanks,
          Anthony

          Anthony Williams added a comment - - edited I have created a Pull Request ( https://github.com/jenkinsci/jna/pull/2 ) against the jenkinsci/jna repository which resolves this problem. The existing libpam4j library works under FreeBSD 10, but the jna library does not as it is expecting the system .so files to be in a different format (I believe this is because the one it is trying to load is now a symlink under FreeBSD 10), throwing an exception. I have tested this change by building the patched version of jna and including it in a local build of Jenkins, and it appears to be functionally sound under FreeBSD 10 - multiple users have been able to log in successfully, and has been seen to work on several recent Jenkins builds. Note that this is a backported fix from https://github.com/twall/jna/issues/279 . Thanks, Anthony

          Upgrading to JNA 4.1.0 will also fix this: https://issues.jenkins-ci.org/browse/JENKINS-24521

          Craig Rodrigues added a comment - Upgrading to JNA 4.1.0 will also fix this: https://issues.jenkins-ci.org/browse/JENKINS-24521

          Craig Rodrigues added a comment - - edited

          I just built Jenkins from trunk, and it looks like this problem is
          now fixed, due to fixes for JENKINS-24521 and JENKINS-24527.
          I'll close this issue out when I can confirm that a release build of Jenkins is fixed.

          Craig Rodrigues added a comment - - edited I just built Jenkins from trunk, and it looks like this problem is now fixed, due to fixes for JENKINS-24521 and JENKINS-24527 . I'll close this issue out when I can confirm that a release build of Jenkins is fixed.

          Verified that this problem is fixed by checkout out git hash tag
          c7369f2cd6cfa4a5cdbe49d1e8c1b0766f398db8 , which will be close
          to what is in release 1.586

          Craig Rodrigues added a comment - Verified that this problem is fixed by checkout out git hash tag c7369f2cd6cfa4a5cdbe49d1e8c1b0766f398db8 , which will be close to what is in release 1.586

            rodrigc Craig Rodrigues
            rodrigc Craig Rodrigues
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: