date:20160709

Dovecot threading implementation

2016-07-09 Thread Gabriele Bulfon

Hi,
I was trying to compare avrious thread refs/references implementation, both 
server side and client side.
While testing dovecot, it looks to me that issuing thread=references or 
thread=refs I get the same response, while the refs drafts says it should 
reverse the date ordering inside a branch.
Is this correct? Does Dovecot implements references and refs with same sorting?
Also, cyrus has subject grouping included in references (which is bad!). What's 
dovecot doing in references alg?
Thanks for any help,
Gabriele

Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon

passdb {driver = shadow args = override_username=%variable}

2016-07-09 Thread UNIX admin

Hello list

I want to implement override_username = %variable for the "shadow"
driver, so that the following works:

passdb {
  driver = shadow
  args = override_username=%Ln
}

by "%variable", I mean "Variables" at http://wiki.dovecot.org/Variables.

I've hacked up a solution with strtok(3C), but that's a hack and a
possible security hole, and I'd rather not implement it.
What I really want is to be able to leverage Dovecot's var_expand()
call, which, looking at the code, appears to be the function
responsible for %variable expansion and formatting.

The relevant piece of code seems to be this excerpt in auth/passdb-shadow.c:

static enum passdb_result
shadow_lookup(struct auth_request *request, struct spwd **spw_r)
{
auth_request_log_debug(request, AUTH_SUBSYS_DB, "lookup");

*spw_r = getspnam(request->user);
if (*spw_r == NULL) {
auth_request_log_unknown_user(request, AUTH_SUBSYS_DB);
return PASSDB_RESULT_USER_UNKNOWN;
}

when request->user contains 'u...@domain.tld', I want the code to be
able to process "override_username", determine that the format is %Ln
so that request->user is lowercased, and everything after the "@" sign
is stripped. Therefore, if this user happens to exist in the shadow
file, authentication will succeed.

Currently, the "shadow" driver only appears to support "args = blocking=no".

Please advise.

[2.2.25 auth issue] auth-request.c: line 1049 (auth_request_lookup_credentials): assertion failed: (request->credentials_scheme == scheme)

2016-07-09 Thread Alexey Asemov (Alex/AT)


Hello,

Since updating to 2.2.25, we do have the following issue (seems to be 
related to the new auth policy code):


Jul  9 00:00:14 LXmail01 dovecot: auth-worker(6558): 
sql(u...@domain.org,*.*.*.*,): unknown user
Jul  9 00:00:14 LXmail01 dovecot: auth: Panic: file auth-request.c: line 
1049 (auth_request_lookup_credentials): assertion failed: 
(request->credentials_scheme == scheme)
Jul  9 00:00:14 LXmail01 dovecot: auth: Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x8d57e) [0x7f197bd8157e] -> 
/usr/lib64/dovecot/libdovecot.so.0(+0x8d65e) [0x7f197bd8165e] ->
 /usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7f197bd201f6] -> 
dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x1a15a) [0x7f197c44715a] -> 
dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x26f8f)
[0x7f197c453f8f] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0x19d2b) 
[0x7f197c446d2b] -> dovecot/auth [1 wait, 0 passdb, 0 
userdb](auth_request_lookup_credentials_callback+0x68) [0x7f197c4
46e28] -> dovecot/auth [1 wait, 0 passdb, 0 
userdb](passdb_handle_credentials+0x92) [0x7f197c457742] -> dovecot/auth 
[1 wait, 0 passdb, 0 userdb](+0x2af06) [0x7f197c457f06] -> dovecot/auth [1
 wait, 0 passdb, 0 userdb](+0x2065a) [0x7f197c44d65a] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) 
[0x7f197bd94edc] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_in
ternal+0xff) [0x7f197bd9633f] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) 
[0x7f197bd94f65] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7f197bd95118] -> /usr
/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f197bd26663] 
-> dovecot/auth [1 wait, 0 passdb, 0 userdb](main+0x3a1) 
[0x7f197c43cbe1] -> /lib64/libc.so.6(__libc_start_main+0xf5)
[0x7f197b30ab15] -> dovecot/auth [1 wait, 0 passdb, 0 userdb](+0xfdd1) 
[0x7f197c43cdd1]
Jul  9 00:00:14 LXmail01 dovecot: auth: Fatal: master: service(auth): 
child 6555 killed with signal 6 (core dumps disabled)
Jul  9 00:00:14 LXmail01 dovecot: pop3-login: Warning: Auth connection 
closed with 1 pending requests (max 1 secs, pid=8133, EOF)


Environment is MySQL passdb/userdb, we are using plain scheme as default 
and password_noscheme field. In 2.2.24 and below auth worked without 
scratch. Reverting all policy-related commits in 2.2.25 fixes this, but 
I have not dug the details.


KR,

Alex

Raw backtrace multiple passwords not allowed

2016-07-09 Thread Leon Kyneur


Hi

Recently enabled support for encrypted passwords on my proxies - 
CRAM-MD5, DIGEST-MD5, NTLM and APOP to support some new users. Most 
users are working perfectly though every so often I see this happening 
in the logs:


Jul 09 06:32:51 auth: Error: 
ldap(u...@domain.com,192.168.10.90,): Multiple 
password values not supported
Jul 09 06:32:51 auth: Panic: file passdb-ldap.c: line 99 
(ldap_lookup_finish): assertion failed: (password == NULL || scheme != NULL)
Jul 09 06:32:51 auth: Error: Raw backtrace: 
/usr/lib64/dovecot/libdovecot.so.0(+0x86aae) [0x7ff4db08faae] -> 
/usr/lib64/dovecot/libdovecot.so.0(+0x86b8e) [0x7ff4db08fb8e] -> 
/usr/lib64/dovecot/libdovecot.so.0(i_fatal+0) [0x7ff4db033b5d] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x720b) [0x7ff4d967a20b] -> 
/usr/lib64/dovecot/auth/libauthdb_ldap.so(+0x5e2f) [0x7ff4d9678e2f] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_call_io+0x4c) 
[0x7ff4db0a338c] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xff) 
[0x7ff4db0a47ef] -> 
/usr/lib64/dovecot/libdovecot.so.0(io_loop_handler_run+0x25) 
[0x7ff4db0a3415] -> /usr/lib64/dovecot/libdovecot.so.0(io_loop_run+0x38) 
[0x7ff4db0a35c8] -> 
/usr/lib64/dovecot/libdovecot.so.0(master_service_run+0x13) 
[0x7ff4db03a033] -> dovecot/auth [13 wait, 1 passdb, 0 
userdb](main+0x39c) [0x7ff4db5454ac] -> 
/lib64/libc.so.6(__libc_start_main+0xf5) [0x7ff4da61fb15] -> 
dovecot/auth [13 wait, 1 passdb, 0 userdb](+0xf6a1) [0x7ff4db5456a1]
Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 
pending requests (max 0 secs, pid=8759, EOF)
Jul 09 06:32:51 imap-login: Warning: Auth connection closed with 1 
pending requests (max 1 secs, pid=8764, EOF)


Password debug shows:
Jul 09 06:38:25 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): Credentials: 
4b616e6761733138
Jul 09 06:38:27 auth: Debug: client passdb out: FAIL2541 
user=u...@domain.compass=NotPasswordoriginal_user=user
Jul 09 06:38:37 auth: Debug: 
passwd-file(tassiedevil,192.168.10.90,): username 
changed user -> u...@domain.com
Jul 09 06:38:37 auth: Debug: 
passwd-file(u...@domain.com,192.168.10.90,): Allowing 
any password
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): pass search: 
base=o=domains,dc=mail,dc=com scope=subtree 
filter=(&(objectClass=mail)(status=active)(|(|(mail=u...@domain.com)(&(uid=u...@domain.com)))(&(enabledService=shadowaddress)(shadowAddress 
u...@domain.com 
fields=mail,userPlaintextPassword,userPlaintextPassword,mailstoreHost
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): result: 
mail=u...@domain.com userPlaintextPassword=NotPassword; 
mail,userPlaintextPassword unused
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): result: 
mail=u...@domain.com userPlaintextPassword=NotPassword; mailstoreHost 
missing
Jul 09 06:38:37 auth: Debug: 
ldap(u...@domain.com,192.168.10.90,): PLAIN( Jenni) != 
'NotPassword'
Jul 09 06:38:39 auth: Debug: client passdb out: FAIL2826 
user=u...@domain.comoriginal_user=user



This particular user has a space in their password.. some other users do 
not when seeing this error.


I run multiple passdb and config is:
passdb {
  args = /etc/dovecot/dovecot-ldap-proxy-alias.conf.ext
  default_fields = nopassword=y password=
  driver = ldap
  result_failure = continue-fail
  result_internalfail = continue-fail
  result_success = continue-ok
}
passdb {
  args = scheme=plain username_format=%l@%d /etc/dovecot/passwd.domains
  default_fields = nopassword=y password=
  driver = passwd-file
  result_success = continue-fail
}
passdb {
  args = /etc/dovecot/dovecot-ldap-proxy.conf.ext
  driver = ldap
}

 LDAP passdb specifies 'PLAIN' as default_pass_scheme.

[root@S605 dovecot]# dovecot --version
2.2.24 (a82c823)

Any ideas what's going on here?

Dovecot threading implementation

passdb {driver = shadow args = override_username=%variable}

[2.2.25 auth issue] auth-request.c: line 1049 (auth_request_lookup_credentials): assertion failed: (request->credentials_scheme == scheme)

Raw backtrace multiple passwords not allowed

4 matches

Site Navigation

Mail list logo

Footer information