Dovecot threading implementation
Hi, I was trying to compare avrious thread refs/references implementation, both server side and client side. While testing dovecot, it looks to me that issuing thread=references or thread=refs I get the same response, while the refs drafts says it should reverse the date ordering inside a branch. Is this correct? Does Dovecot implements references and refs with same sorting? Also, cyrus has subject grouping included in references (which is bad!). What's dovecot doing in references alg? Thanks for any help, Gabriele Sonicle S.r.l. : http://www.sonicle.com Music: http://www.gabrielebulfon.com Quantum Mechanics : http://www.cdbaby.com/cd/gabrielebulfon
passdb {driver = shadow args = override_username=%variable}
Hello list I want to implement override_username = %variable for the "shadow" driver, so that the following works: passdb { driver = shadow args = override_username=%Ln } by "%variable", I mean "Variables" at http://wiki.dovecot.org/Variables. I've hacked up a solution with strtok(3C), but that's a hack and a possible security hole, and I'd rather not implement it. What I really want is to be able to leverage Dovecot's var_expand() call, which, looking at the code, appears to be the function responsible for %variable expansion and formatting. The relevant piece of code seems to be this excerpt in auth/passdb-shadow.c: static enum passdb_result shadow_lookup(struct auth_request *request, struct spwd **spw_r) { auth_request_log_debug(request, AUTH_SUBSYS_DB, "lookup"); *spw_r = getspnam(request->user); if (*spw_r == NULL) { auth_request_log_unknown_user(request, AUTH_SUBSYS_DB); return PASSDB_RESULT_USER_UNKNOWN; } when request->user contains 'u...@domain.tld', I want the code to be able to process "override_username", determine that the format is %Ln so that request->user is lowercased, and everything after the "@" sign is stripped. Therefore, if this user happens to exist in the shadow file, authentication will succeed. Currently, the "shadow" driver only appears to support "args = blocking=no". Please advise.
[2.2.25 auth issue] auth-request.c: line 1049 (auth_request_lookup_credentials): assertion failed: (request->credentials_scheme == scheme)
Hello, Since updating to 2.2.25, we do have the following issue (seems to be related to the new auth policy code): Jul 9 00:00:14 LXmail01 dovecot: auth-worker(6558): sql(u...@domain.org,*.*.*.*,): unknown user Jul 9 00:00:14 LXmail01 dovecot: auth: Panic: file auth-request.c: line 1049 (auth_request_lookup_credentials): assertion failed: (request->credentials_scheme == scheme) Jul 9 00:00:14 LXmail01 dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x8d57e) [0x7f197bd8157e] -> /usr/lib64/dovecot/libdovecot.so.0(+0x8d65e) [0x7f197bd8165e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f197bd201f6] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x1a15a) [0x7f197c44715a] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x26f8f) [0x7f197c453f8f] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x19d2b) [0x7f197c446d2b] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](auth_request_lookup_credentials_callback+0x68) [0x7f197c4 46e28] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](passdb_handle_credentials+0x92) [0x7f197c457742] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x2af06) [0x7f197c457f06] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x2065a) [0x7f197c44d65a] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7f197bd94edc] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_in ternal+0xff) [0x7f197bd9633f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) [0x7f197bd94f65] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7f197bd95118] -> /usr /lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f197bd26663] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](main+0x3a1) [0x7f197c43cbe1] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f197b30ab15] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0xfdd1) [0x7f197c43cdd1] Jul 9 00:00:14 LXmail01 dovecot: auth: Fatal: master: service(auth): child 6555 killed with signal 6 (core dumps disabled) Jul 9 00:00:14 LXmail01 dovecot: pop3-login: Warning: Auth connection closed with 1 pending requests (max 1 secs, pid=8133, EOF) Environment is MySQL passdb/userdb, we are using plain scheme as default and password_noscheme field. In 2.2.24 and below auth worked without scratch. Reverting all policy-related commits in 2.2.25 fixes this, but I have not dug the details. KR, Alex
Raw backtrace multiple passwords not allowed
Hi Recently enabled support for encrypted passwords on my proxies - CRAM-MD5, DIGEST-MD5, NTLM and APOP to support some new users. Most users are working perfectly though every so often I see this happening in the logs: Jul 09 06:32:51 auth: Error: ldap(u...@domain.com,192.168.10.90,): Multiple password values not supported Jul 09 06:32:51 auth: Panic: file passdb-ldap.c: line 99 (ldap_lookup_finish): assertion failed: (password == NULL || scheme != NULL) Jul 09 06:32:51 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x86aae) [0x7ff4db08faae] -> /usr/lib64/dovecot/libdovecot.so.0(+0x86b8e) [0x7ff4db08fb8e] -> /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff4db033b5d] -> /usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x720b) [0x7ff4d967a20b] -> /usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x5e2f) [0x7ff4d9678e2f] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) [0x7ff4db0a338c] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) [0x7ff4db0a47ef] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) [0x7ff4db0a3415] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) [0x7ff4db0a35c8] -> /usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ff4db03a033] -> dovecot/auth [13 wait, 1 passdb, 0 userdb](main+0x39c) [0x7ff4db5454ac] -> /lib64/libc.so.6(__libc_start_main+0xf5) [0x7ff4da61fb15] -> dovecot/auth [13 wait, 1 passdb, 0 userdb](+0xf6a1) [0x7ff4db5456a1] Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 pending requests (max 0 secs, pid=8759, EOF) Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 pending requests (max 1 secs, pid=8764, EOF) Password debug shows: Jul 09 06:38:25 auth: Debug: ldap(u...@domain.com,192.168.10.90,): Credentials: 4b616e6761733138 Jul 09 06:38:27 auth: Debug: client passdb out: FAIL2541 user=u...@domain.compass=NotPasswordoriginal_user=user Jul 09 06:38:37 auth: Debug: passwd-file(tassiedevil,192.168.10.90,): username changed user -> u...@domain.com Jul 09 06:38:37 auth: Debug: passwd-file(u...@domain.com,192.168.10.90,): Allowing any password Jul 09 06:38:37 auth: Debug: ldap(u...@domain.com,192.168.10.90,): pass search: base=o=domains,dc=mail,dc=com scope=subtree filter=(&(objectClass=mail)(status=active)(|(|(mail=u...@domain.com)(&(uid=u...@domain.com)))(&(enabledService=shadowaddress)(shadowAddress u...@domain.com fields=mail,userPlaintextPassword,userPlaintextPassword,mailstoreHost Jul 09 06:38:37 auth: Debug: ldap(u...@domain.com,192.168.10.90,): result: mail=u...@domain.com userPlaintextPassword=NotPassword; mail,userPlaintextPassword unused Jul 09 06:38:37 auth: Debug: ldap(u...@domain.com,192.168.10.90,): result: mail=u...@domain.com userPlaintextPassword=NotPassword; mailstoreHost missing Jul 09 06:38:37 auth: Debug: ldap(u...@domain.com,192.168.10.90,): PLAIN( Jenni) != 'NotPassword' Jul 09 06:38:39 auth: Debug: client passdb out: FAIL2826 user=u...@domain.comoriginal_user=user This particular user has a space in their password.. some other users do not when seeing this error. I run multiple passdb and config is: passdb { args = /etc/dovecot/dovecot-ldap-proxy-alias.conf.ext default_fields = nopassword=y password= driver = ldap result_failure = continue-fail result_internalfail = continue-fail result_success = continue-ok } passdb { args = scheme=plain username_format=%l@%d /etc/dovecot/passwd.domains default_fields = nopassword=y password= driver = passwd-file result_success = continue-fail } passdb { args = /etc/dovecot/dovecot-ldap-proxy.conf.ext driver = ldap } LDAP passdb specifies 'PLAIN' as default_pass_scheme. [root@S605 dovecot]# dovecot --version 2.2.24 (a82c823) Any ideas what's going on here?