Re: Dovecot v2.3.19 released: User/PassDB lookups fail after update

Hi!

Thank you for reporting this issue. I can reproduce it locally, and we'll take a look at it.

Aki

On 15/05/2022 10:35 Ralf Becker rb@egroupware.org wrote:

After updating to 2.3.19 (from 2.3.16) passdb and userdb lookups fail:

root@backup:~# doveadm user rb@egroupware.org; doveadm log errors

userdb lookup: user rb@egroupware.org doesn't exist field    value

May 15 07:22:18 Panic: auth: file userdb-blocking.c: line 124 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL) May 15 07:22:18 Error: auth: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x41) [0x7f019a651c91] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x22) [0x7f019a651db2] -> /usr/lib/dovecot/libdovecot.so.0(+0x10b0bb) [0x7f019a65f0bb] -> /usr/lib/dovecot/libdovecot.so.0(+0x10b157) [0x7f019a65f157] -> /usr/lib/dovecot/libdovecot.so.0(+0x5d375) [0x7f019a5b1375] -> dovecot/auth 0 wait, 0 passdb, 0 userdb [0x55e256d287a7] -> dovecot/auth 0 wait, 0 passdb, 0 userdb [0x55e256d2c54b] -> dovecot/auth 0 wait, 0 passdb, 0 userdb [0x55e256d49ca7] -> dovecot/auth 0 wait, 0 passdb, 0 userdb [0x55e256d3db86] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0x15f) [0x7f019a67576f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0xcf) [0x7f019a67702f] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x54) [0x7f019a675a54] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7f019a675bc0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x17) [0x7f019a5e7207] -> dovecot/auth 0 wait, 0 passdb, 0 userdb [0x55e256d29588] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7f019a2de0b3] -> dovecot/auth 0 wait, 0 passdb, 0 userdb [0x55e256d2976e] May 15 07:22:19 Fatal: auth: master: service(auth): child 19 killed with signal 6 (core dumped) May 15 07:22:19 Error: replicator: auth-master: userdb list: Disconnected unexpectedly May 15 07:22:19 Error: replicator: listing users failed, can't replicate existing data May 15 07:22:19 Error: doveadm(arash 2student@bb-trunk.egroupware.de): User doesn't exist May 15 07:22:19 Error: doveadm(arash teacher@bb-trunk.egroupware.de): User doesn't exist May 15 07:22:20 Error: doveadm(christoph thyssen@bb-trunk.egroupware.de): User doesn't exist May 15 07:23:21 Error: doveadm(arash student@bb-trunk.egroupware.de): User doesn't exist May 15 07:24:02 Error: doveadm(schieder@uni-kl.de@bb-trunk.egroupware.de): User doesn't exist May 15 07:24:07 Error: doveadm(sabour@uni-kl.de@bb-trunk.egroupware.de): User doesn't exist May 15 07:24:24 Error: doveadm(ralf.imaptest@outdoor-training.de@bb-trunk.egroupware.de): User doesn't exist May 15 07:24:31 Error: doveadm(arash tolou@bb-trunk.egroupware.de): User doesn't exist May 15 07:24:31 Error: doveadm(becker_r@uni-kl.de@bb-trunk.egroupware.de): User doesn't exist May 15 07:24:49 Error: doveadm(olat.vcrp.de:2723414355@bb-trunk.egroupware.de): User doesn't exist May 15 07:24:56 Error: doveadm(olat.vcrp.de:1167852044@bb-trunk.egroupware.de): User doesn't exist

Reverting back to 2.3.16 fixes the problem for now.

My doveadm config -n is attached. We use a hourly updated local sqlight database and a dict for userdb.

Any ideas?

Ralf

Am 10.05.22 um 08:33 schrieb Aki Tuomi:

...

Hi all!

We are pleased to release v2.3.19 of Dovecot.

The docker images have been upgraded to use bullseye as base image.

https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot

Regards, Aki Tuomi Open-Xchange oy

--

• Added mail_user_session_finished event, which is emitted when the mail user session is finished (e.g. imap, pop3, lmtp). It also includes fields with some process statistics information. See https://doc.dovecot.org/admin_manual/list_of_events/ for more information.
• Added process_shutdown_filter setting. When an event matches the filter, the process will be shutdown after the current connection(s) have finished. This is intended to reduce memory usage of long-running imap processes that keep a lot of memory allocated instead of freeing it to the OS.
• auth: Add cache hit indicator to auth passdb/userdb finished events. See https://doc.dovecot.org/admin_manual/list_of_events/ for more information.
• doveadm deduplicate: Performance is improved significantly.
• imapc: COPY commands were sent one mail at a time to the remote IMAP server. Now the copying is buffered, so multiple mails can be copied with a single COPY command.
• lib-lua: Add a Lua interface to Dovecot's HTTP client library. See https://doc.dovecot.org/admin_manual/lua/ for more information.

• auth: Cache lookup would use incorrect cache key after username change.
• auth: Improve handling unexpected LDAP connection errors/hangs. Try to fix up these cases by reconnecting to the LDAP server and aborting LDAP requests earlier.
• auth: Process crashed if userdb iteration was attempted while auth-workers were already full handling auth requests.
• auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary introspection requests.
• dict: Timeouts may have been leaked at deinit.
• director: Ring may have become unstable if a backend's tag was changed. It could also have caused director process to crash.
• doveadm kick: Numeric parameter was treated as IP address.
• doveadm: Proxying can panic when flushing print output. Fixes Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed: (ioloop == current_ioloop).
• doveadm sync: BROKENCHAR was wrongly changed to '_' character when migrating mailboxes. This was set by default to %, so any mailbox names containing % characters were modified to "_25".
• imapc: Copying or moving mails with doveadm to an imapc mailbox could have produced "Error: Syncing mailbox '[...]' failed" Errors. The operation itself succeeded but attempting to sync the destination mailbox failed.
• imapc: Prevent index log synchronization errors when two or more imapc sessions are adding messages to the same mailbox index files, i.e. INDEX=MEMORY is not used.
• indexer: Process was slowly leaking memory for each indexing request.
• lib-fts: fts header filters caused binary content to be sent to the indexer with non-default configuration.
• doveadm-server: Process could hang in some situations when printing output to TCP client, e.g. when printing doveadm sync state.
• lib-index: dovecot.index.log files were often read and parsed entirely, rather than only the parts that were actually necessary. This mainly increased CPU usage.
• lmtp-proxy: Session ID forwarding would cause same session IDs being used when delivering same mail to multiple backends.
• log: Log prefix update may have been lost if log process was busy. This could have caused log prefixes to be empty or in some cases reused between sessions, i.e. log lines could have been logged for the wrong user/session.
• mail_crypt: Plugin crashes if it's loaded only for some users. Fixes Panic: Module context mail_crypt_user_module missing.
• mail_crypt: When LMTP was delivering mails to both recipients with mail encryption enabled and not enabled, the non-encrypted recipients may have gotten mails encrypted anyway. This happened when the first recipient was encrypted (mail_crypt_save_version=2) and the 2nd recipient was not encrypted (mail_crypt_save_version=0).
• pop3: Session would crash if empty line was sent.
• stats: HTTP server leaked memory.
• submission-login: Long credentials, such as OAUTH2 tokens, were refused during SASL interactive due to submission server applying line length limits.
• submission-login: When proxying to remote host, authentication was not using interactive SASL when logging in using long credentials such as OAUTH2 tokens. This caused authentication to fail due to line length constraints in SMTP protocol.
• submission: Terminating the client connection with QUIT command after mail transaction is started with MAIL command and before it is finished with DATA/BDAT can cause a segfault crash.
• virtual: doveadm search queries with mailbox-guid as the only parameter crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records): assertion failed: (result != 0)

-- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0