Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30379

If we set Configure Global Security of jenkins as unix mode,"Out of Memory" error message appears when many clients login through this mode many times.

    Details

    • Similar Issues:

      Description

      We doubt whehter there is a memory leak in the method of callback in Class PAM of libpam4j-1.9.jar.
      It calls libc.calloc(pam_response.SIZE,num_msg); but the function of free is not called.

      //PAMSecurityRealm.java

      @Override
      protected synchronized UserDetails authenticate(String username, String password) throws AuthenticationException {
      try

      { UnixUser uu = new PAM(serviceName).authenticate(username, password); // I never understood why Acegi insists on keeping the password... return new User(username,"",true,true,true,true, toAuthorities(uu)); }

      catch (PAMException e)

      { throw new BadCredentialsException(e.getMessage(),e); }

      }

      ######################################
      //class PAM

      public PAM(String serviceName) throws PAMException {
      pam_conv conv = new pam_conv(new PamCallback() {
      public int callback(int num_msg, Pointer msg, Pointer resp, Pointer _) {
      LOGGER.fine("pam_conv num_msg="+num_msg);
      if(password==null)
      return PAM_CONV_ERR;

      // allocates pam_response[num_msg]. the caller will free this
      Pointer m = libc.calloc(pam_response.SIZE,num_msg);
      resp.setPointer(0,m);

      for( int i=0; i<num_msg; i++ ) {
      pam_message pm = new pam_message(msg.getPointer(POINTER_SIZE*i));
      LOGGER.fine(pm.msg_style+":"+pm.msg);
      if(pm.msg_style==PAM_PROMPT_ECHO_OFF)

      { pam_response r = new pam_response(m.share(pam_response.SIZE*i)); r.setResp(password); r.write(); // write to (*resp)[i] }

      }

      return PAM_SUCCESS;
      }
      });

      PointerByReference phtr = new PointerByReference();
      check(libpam.pam_start(serviceName,null,conv,phtr), "pam_start failed");
      pht = new pam_handle_t(phtr.getValue());
      }

      public UnixUser authenticate(String username, String password) throws PAMException {
      this.password = password;
      try

      { check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed"); check(libpam.pam_authenticate(pht,0),"pam_authenticate failed"); // several different error code seem to be used to represent authentication failures // check(libpam.pam_acct_mgmt(pht,0),"pam_acct_mgmt failed"); PointerByReference r = new PointerByReference(); check(libpam.pam_get_item(pht,PAM_USER,r),"pam_get_item failed"); String userName = r.getValue().getString(0); passwd pwd = libc.getpwnam(userName); if(pwd==null) throw new PAMException("Authentication succeeded but no user information is available"); return new UnixUser(userName,pwd); }

      finally

      { this.password = null; }

      }

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              leowang leo wang
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: