Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30379

If we set Configure Global Security of jenkins as unix mode,"Out of Memory" error message appears when many clients login through this mode many times.

    XMLWordPrintable

Details

    Description

      We doubt whehter there is a memory leak in the method of callback in Class PAM of libpam4j-1.9.jar.
      It calls libc.calloc(pam_response.SIZE,num_msg); but the function of free is not called.

      //PAMSecurityRealm.java

      @Override
      protected synchronized UserDetails authenticate(String username, String password) throws AuthenticationException {
      try

      { UnixUser uu = new PAM(serviceName).authenticate(username, password); // I never understood why Acegi insists on keeping the password... return new User(username,"",true,true,true,true, toAuthorities(uu)); }

      catch (PAMException e)

      { throw new BadCredentialsException(e.getMessage(),e); }

      }

      ######################################
      //class PAM

      public PAM(String serviceName) throws PAMException {
      pam_conv conv = new pam_conv(new PamCallback() {
      public int callback(int num_msg, Pointer msg, Pointer resp, Pointer _) {
      LOGGER.fine("pam_conv num_msg="+num_msg);
      if(password==null)
      return PAM_CONV_ERR;

      // allocates pam_response[num_msg]. the caller will free this
      Pointer m = libc.calloc(pam_response.SIZE,num_msg);
      resp.setPointer(0,m);

      for( int i=0; i<num_msg; i++ ) {
      pam_message pm = new pam_message(msg.getPointer(POINTER_SIZE*i));
      LOGGER.fine(pm.msg_style+":"+pm.msg);
      if(pm.msg_style==PAM_PROMPT_ECHO_OFF)

      { pam_response r = new pam_response(m.share(pam_response.SIZE*i)); r.setResp(password); r.write(); // write to (*resp)[i] }

      }

      return PAM_SUCCESS;
      }
      });

      PointerByReference phtr = new PointerByReference();
      check(libpam.pam_start(serviceName,null,conv,phtr), "pam_start failed");
      pht = new pam_handle_t(phtr.getValue());
      }

      public UnixUser authenticate(String username, String password) throws PAMException {
      this.password = password;
      try

      { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); // several different error code seem to be used to represent authentication failures // check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); }

      finally

      { this.password = null; }

      }

      Attachments

        Activity

          People

            Unassigned Unassigned
            leowang leo wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: