[Dovecot] Crash: imap process, Dovecot 1.2.4, related to ACLs (backtrace included)
Hi,
I started experimenting with ACLs and found I could reliably and reproducibly crash the IMAP process when trying to create a subfolder of a folder that has has ACLs set. The folder is called "Sent" with an ACL of "owner lrwstipke". I wanted to be able to have certain folders the the user cannot delete but where subfolders can be created freely.
Relevant information follows and I hope the backtrace is useful (lots of "value optimized out" entries). You can also find everything from below on https://daff.pseudoterminal.org/misc/dovecot/.
Please tell me if I can provide more information.
dovecot -n:
# 1.2.4: /usr/local/etc/dovecot.conf # OS: Linux 2.6.26-2-686 i686 Debian 5.0.2 log_timestamp: %Y-%m-%d %H:%M:%S protocols: managesieve imap imaps pop3 pop3s login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login mail_access_groups: mail mail_privileged_group: mail mail_location: maildir:~/Maildir mail_drop_priv_before_exec: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): autocreate acl mail_plugins(imap): autocreate acl mail_plugins(pop3): mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve namespace: type: public separator: . prefix: Public. location: maildir:/var/mail/public:CONTROL=~/Maildir/control/public:INDEX=~/Maildir/index/public list: yes namespace: type: private separator: . prefix: Backup. location: maildir:~/Maildir-backup hidden: yes list: no namespace: type: private separator: . inbox: yes list: yes subscriptions: yes lda: log_path: info_log_path: auth_socket_path: /var/run/dovecot/auth-master postmaster_address: postmaster@mailtest0.rise-s.com mail_plugins: sieve acl auth default: mechanisms: plain login passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: static args: uid=vmail gid=vmail home=/var/vmail/%Ld/%Ln allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve sieve_global_path: /etc/dovecot/sieve/default.sieve sieve_global_dir: /etc/dovecot/sieve/global/ sieve_before: /etc/dovecot/sieve/before/ autocreate: Trash autocreate2: Drafts autocreate3: Sent autocreate4: INBOX.Spam autosubscribe: Trash autosubscribe2: Drafts autosubscribe3: Sent autosubscribe4: INBOX.Spam acl: vfile:/etc/dovecot/acl
Log entry:
Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos@example1.rise-s.com): Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): assertion failed: (!update->rights.global) Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos@example1.rise-s.com): Raw backtrace: imap [0x80f1ec1] -> imap [0x80f1f42] -> imap [0x80f18c9] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7dddcf6] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so(acl_object_update+0x18) [0xb7ddb1a8] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7de2ac7] -
imap(cmd_create+0xf9) [0x80618d9] -> imap [0x80679fc] -> imap [0x8067a99] -> imap(client_handle_input+0x2d) [0x8067c0d] -> imap(client_input+0x5f) [0x806856f] -> imap(io_loop_handler_run+0xe0) [0x80fac40] -> imap(io_loop_run+0x20) [0x80fa0b0] -> imap(main+0x5ea) [0x807104a] -> /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7e15455] -> imap [0x8060291] Aug 28 01:08:01 mailtest0 dovecot: dovecot: child 1588 (imap) killed with signal 6 (core dumped)
Backtrace:
#0 0xb7f70424 in __kernel_vsyscall () No symbol table info available. #1 0xb7e2a640 in raise () from /lib/i686/cmov/libc.so.6 No symbol table info available. #2 0xb7e2c018 in abort () from /lib/i686/cmov/libc.so.6 No symbol table info available. #3 0x080f1ed5 in default_fatal_finish (type=<value optimized out>, status=0) at failures.c:160 backtrace = 0x93e5628 "imap [0x80f1ec1] -> imap [0x80f1f42] -> imap [0x80f18c9] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7dddcf6] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so(acl_object_update+0x18) [0xb"... #4 0x080f1f42 in i_internal_fatal_handler (type=LOG_TYPE_PANIC, status=0, fmt=0xb7de3094 "file %s: line %d (%s): assertion failed: (%s)", args=0xbff8b9c4 "�3d\004") at failures.c:440 No locals. #5 0x080f18c9 in i_panic (format=0xb7de3094 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:207 No locals. #6 0xb7dddcf6 in acl_backend_vfile_object_update (_aclobj=0x942c270, update=0xbff8bad0) at acl-backend-vfile.c:1124 dotlock = <value optimized out> path = <value optimized out> i = <value optimized out> fd = <value optimized out> changed = <value optimized out> __PRETTY_FUNCTION__ = "acl_backend_vfile_object_update" #7 0xb7ddb1a8 in acl_object_update (aclobj=0x942c270, update=0xbff8bad0) at acl-api.c:122 No locals. #8 0xb7de2ac7 in acl_mailbox_create (storage=0x93f2c88, name=0x93f9d98 "Sent.2008", directory=false) at acl-storage.c:160 astorage = <value optimized out> ret = <value optimized out> #9 0x080618d9 in cmd_create (cmd=0x93f4ce0) at cmd-create.c:42 ns = <value optimized out> mailbox = 0x93f9d98 "Sent.2008" full_mailbox = 0x93f9d98 "Sent.2008" directory = <value optimized out> #10 0x080679fc in client_command_input (cmd=0x93f4ce0) at client.c:611 client = (struct client *) 0x93f48a0 command = <value optimized out> __PRETTY_FUNCTION__ = "client_command_input" #11 0x08067a99 in client_command_input (cmd=0x93f4ce0) at client.c:660 client = (struct client *) 0x93f48a0 command = <value optimized out> __PRETTY_FUNCTION__ = "client_command_input" #12 0x08067c0d in client_handle_input (client=0x93f48a0) at client.c:701 _data_stack_cur_id = 3 ret = false remove_io = <value optimized out> handled_commands = false __PRETTY_FUNCTION__ = "client_handle_input" #13 0x0806856f in client_input (client=0x93f48a0) at client.c:752 cmd = <value optimized out> output = (struct ostream *) 0x93f4a54 bytes = <value optimized out> __PRETTY_FUNCTION__ = "client_input" #14 0x080fac40 in io_loop_handler_run (ioloop=0x93ed9b0) at ioloop-epoll.c:208 ctx = (struct ioloop_handler_context *) 0x93edab8 event = (const struct epoll_event *) 0x93edaf8 list = (struct io_list *) 0x93f4ab0 io = (struct io_file *) 0x942c888 tv = {tv_sec = 1799, tv_usec = 999357} t_id = 2 msecs = <value optimized out> ret = 1 i = 0 j = 0 call = <value optimized out> #15 0x080fa0b0 in io_loop_run (ioloop=0x93ed9b0) at ioloop.c:335 No locals. #16 0x0807104a in main (argc=Cannot access memory at address 0x634 ) at main.c:327 No locals.
On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos wrote:
Hi,
I started experimenting with ACLs and found I could reliably and reproducibly crash the IMAP process when trying to create a subfolder of a folder that has has ACLs set. The folder is called "Sent" with an ACL of "owner lrwstipke". I wanted to be able to have certain folders the the user cannot delete but where subfolders can be created freely. .. acl: vfile:/etc/dovecot/acl
You created a global ACL, right? So /etc/dovecot/acl/Sent?
On Friday 28 August 2009 19:42:47 Timo Sirainen wrote:
On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos wrote:
Hi,
I started experimenting with ACLs and found I could reliably and reproducibly crash the IMAP process when trying to create a subfolder of a folder that has has ACLs set. The folder is called "Sent" with an ACL of "owner lrwstipke". I wanted to be able to have certain folders the the user cannot delete but where subfolders can be created freely.
..
acl: vfile:/etc/dovecot/acl
You created a global ACL, right? So /etc/dovecot/acl/Sent?
Exactly right. It contains the line "owner lrwstipke".
I just now reproduced the crash again. None of the Maildir folders contain anything pertaining to ACLs (no dovecot-acl or dovecot-acl-list files) and the Sent folder is the only one with an ACL set. The log file again shows
Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): assertion failed: (!update-
rights.global)
Anything else I can provide?
Andreas
Andreas Ntaflos Vienna, Austria
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4
On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos wrote:
Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos@example1.rise-s.com): Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): assertion failed: (!update->rights.global)
Finally had time to look at this. I think the fix should be that global ACLs simply shouldn't be copied to child mailboxes. Is this also what you want? i.e. user can't delete mails from "Sent", but can delete from "Sent/child".
On Monday 14 September 2009 03:11:55 Timo Sirainen wrote:
On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos wrote:
Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos@example1.rise-s.com): Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): assertion failed: (!update->rights.global)
Finally had time to look at this. I think the fix should be that global ACLs simply shouldn't be copied to child mailboxes. Is this also what you want? i.e. user can't delete mails from "Sent", but can delete from "Sent/child".
Thanks for not forgetting this :) I'll try out the patch first thing tomorrow.
What I initially wanted to achieve was to have some folders (such as Sent, Drafts, Trash and INBOX/Spam) that the user wouldn't be able to delete, but creating subfolders would be allowed. The ACL setting of "owner lrwstipek" should do that, if I'm not mistaken.
I had more plans of setting ACLs on other folders such as Public/Spam and Public/Ham (no deletion, no subfolders), however, I am not sure anymore if ACLs are really the way to go. I've had a hard time getting them right, as I described in [1] and [2]. But that's unrelated to this crash issue.
I'll report back ASAP after applying the patch.
Thanks again,
Andreas
[1] http://dovecot.org/pipermail/dovecot/2009-September/042551.html [2] http://dovecot.org/pipermail/dovecot/2009-September/042558.html
Andreas Ntaflos Vienna, Austria
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4
On Monday 14 September 2009 03:26:45 Andreas Ntaflos wrote:
On Monday 14 September 2009 03:11:55 Timo Sirainen wrote:
On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos wrote:
Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos@example1.rise-s.com): Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): assertion failed: (!update->rights.global)
Finally had time to look at this. I think the fix should be that global ACLs simply shouldn't be copied to child mailboxes. Is this also what you want? i.e. user can't delete mails from "Sent", but can delete from "Sent/child".
Thanks for not forgetting this :) I'll try out the patch first thing tomorrow.
So after some testing I think I can confirm that this crash is gone on my test server. I am in the process of setting up another mail server (which will go into production eventually) and will be testing this fix again.
Is this patch in 1.2.5 as well? Didn't see anything mentioned in the release notes [1].
Anyway, thanks for taking care of the problem, Timo!
Andreas
[1] http://dovecot.org/list/dovecot-news/2009-September/000137.html
Andreas Ntaflos Vienna, Austria
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4
On Sep 14, 2009, at 12:26 PM, Andreas Ntaflos wrote:
Thanks for not forgetting this :) I'll try out the patch first thing tomorrow.
Is this patch in 1.2.5 as well? Didn't see anything mentioned in the release notes [1].
It's in 1.2.5. I mention only the most important fixes in release
notes, otherwise they'd become pretty huge.
participants (3)
-
Andreas Ntaflos
-
Andreas Ntaflos
-
Timo Sirainen