allow_nets=local in passdb gets "auth: Panic"
Hi,
I have the following configuration in my dovecot.conf for Dovecot 2.2.21:
passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24 }
This triggers "auth: Panic" on POP3/IMAP logins as the below:
Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets: Invalid network 'local' Dec 22 14:57:39 localhost dovecot: auth: Panic: file net.c: line 1137 (net_is_in_network): assertion failed: (IPADDR_IS_V6(ip) == IPADDR_IS_V6(net_ip))
doveadm auth test <username> <password> is no problem as expected.
What's wrong?
Regards,
-- -- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- GitHub Home: https://GitHub.com/fumiyas/ -- PGP Fingerprint: BBE1 A1C9 525A 292E 6729 CDEC ADC2 9DCA 5E1C CBCA
On 22 Dec 2015, at 01:10, SATOH Fumiyasu <fumiyas@osstech.jp> wrote:
Hi,
I have the following configuration in my dovecot.conf for Dovecot 2.2.21:
passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24 }
This triggers "auth: Panic" on POP3/IMAP logins as the below:
Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets: Invalid network 'local' Dec 22 14:57:39 localhost dovecot: auth: Panic: file net.c: line 1137 (net_is_in_network): assertion failed: (IPADDR_IS_V6(ip) == IPADDR_IS_V6(net_ip))
doveadm auth test <username> <password>is no problem as expected.What's wrong?
allow_nets can only contain IP/network ranges. You can't use any names like "local". Anyway, it still shouldn't crash. This fixes it:
https://github.com/dovecot/core/commit/f53a1b98d6792a3aa28474fca0901b1de035f...
At Mon, 4 Jan 2016 14:19:52 -0500, Timo Sirainen wrote:
passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24 }
This triggers "auth: Panic" on POP3/IMAP logins as the below:
Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets: Invalid network 'local' Dec 22 14:57:39 localhost dovecot: auth: Panic: file net.c: line 1137 (net_is_in_network): assertion failed: (IPADDR_IS_V6(ip) == IPADDR_IS_V6(net_ip))
doveadm auth test <username> <password>is no problem as expected.What's wrong?
allow_nets can only contain IP/network ranges. You can't use any names like "local". Anyway, it still shouldn't crash. This fixes it:
Dovecot 2.2.15 has the following change:
+ passdb allow_nets=local matches lookups that don't contain an IP
address (internally done by Dovecot services)I use the "allow_nets=local" to allow administrtors to run
doveadm auth test username. If allow_nets has no "local",
it is failed (rejected?). Is this a bug?
# doveadm auth test foobar Password: correct-password passdb: foobar auth failed extra fields: user=foobar
https://github.com/dovecot/core/commit/f53a1b98d6792a3aa28474fca0901b1de035f...
Thank you!
-- -- Name: SATOH Fumiyasu @ OSS Technology Corp. (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- GitHub Home: https://GitHub.com/fumiyas/ -- PGP Fingerprint: BBE1 A1C9 525A 292E 6729 CDEC ADC2 9DCA 5E1C CBCA
On 05 Jan 2016, at 10:31, SATOH Fumiyasu <fumiyas@osstech.jp> wrote:
At Mon, 4 Jan 2016 14:19:52 -0500, Timo Sirainen wrote:
Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets: Invalid network 'local' Dec 22 14:57:39 localhost dovecot: auth: Panic: file net.c: line 1137 (net_is_in_network): assertion failed: (IPADDR_IS_V6(ip) == IPADDR_IS_V6(net_ip))
doveadm auth test <username> <password>is no problem as expected.What's wrong?
allow_nets can only contain IP/network ranges. You can't use any names like "local". Anyway, it still shouldn't crash. This fixes it:
Dovecot 2.2.15 has the following change:
+ passdb allow_nets=local matches lookups that don't contain an IP address (internally done by Dovecot services)I use the "allow_nets=local" to allow administrtors to run
doveadm auth test username. If allow_nets has no "local", it is failed (rejected?). Is this a bug?
Oh, I forgot entirely that exists. And looks like it was buggy. Fixed:
https://github.com/dovecot/core/commit/e7ff41f105ef1e7577ff0fa34554478e95efd...
participants (2)
-
SATOH Fumiyasu
-
Timo Sirainen