Closed jamshid closed 6 years ago
Can still reproduce this bug, tried using latest libpam4j-1.8.jar and jna-4.1.0.jar. I notice CLibrary is using the non-threadsafe getpwnam
instead of getpwnam_r
(http://man7.org/linux/man-pages/man3/getpwnam.3.html), so I guess that's why it fails with multiple threads? Is that intentional?
https://github.com/kohsuke/libpam4j/blob/master/src/main/java/org/jvnet/libpam/impl/CLibrary.java
public static passwd loadPasswd(String userName) throws PAMException {
passwd pwd = libc.getpwnam(userName);
Btw I know the PAM
class says "Instances are thread unsafe and non reentrant." but I'm not reusing an instance of PAM
, I'm creating an independent one in each thread. I guess it needs to be a singleton with synchronized
methods.
I pushed a potential fix into a branch, that should fix this. I'm not sure whether my assumptions with regard to the memory sizes are sound, but it should work. The testsuite completes.
Thank you @kohsuke and @matthiasblaesing!
This will be released to maven repos as org.kohsuke libpam4j 1.10?
When I run the test program https://gist.github.com/jamshid/8776435 (written for another bug) I get inconsistent results from getGroups() and sometimes some corruption in the getShell() result. Tested on CentOS 6.5 and Ubuntu 13.
I added the user gw-john with:
The program starts 1000 threads doing PAM.authenticate() and outputs the user's info, but many of the results do not list the gw-admin group and there's even some garbage (seen on Ubuntu 13). Btw I usually get the inconsistent groups even with 10 threads.
Any ideas? I guess I should try a non-java version to see if it's reproducible.