Auth Panic hmac.c while Local Validation

Aki Tuomi aki.tuomi at open-xchange.com
Tue Sep 15 20:07:17 EEST 2020


> On 15/09/2020 19:39 Mrinal Sharma <msharma at smithmicro.com> wrote:
> 
>  
> I am trying to use a newly added Local Validation functionality in dovecot version 2.3.11.  I am running dovecot inside a Docker container With base  image " debian:buster-slim". When I try to login through below command , a crash is seen.
> 
> '''
> a1 login admin eyJhbGci44444zUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2fyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbIm9wZW5pZCJdLCJleffiOjE3MDAxODAwNTksInN1YiI6ImFkbWluIiwiaWF0IjoxNjAwMTc5NzU5LCJhdXRob3JpdGllcyI6WyJST0xFX0FETUlOIiwiUk9MRV9VU0VSIl0sImp0aSI6ImRyOUV0MVVJWkdJZkZ0emFVZW5VRzRzcmQtQSIsImNsaWVudF9pZCI6IndlYl9hcHAifQ.T9BTZYW52p0VG9gxmTb-cf5GXF5jTOjdkqMaUMAGX-tffffft7YfdPptphGKE8FO9opxcnL--Bjy9ip-XYuWqA
> ''''
> 
> Crash:
> dovecot_1                          | Sep 15 16:11:50 auth: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= HMAC_MAX_CONTEXT_SIZE)
> dovecot_1                          | Sep 15 16:11:50 auth: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x3d) [0x7ff77b36beed] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7ff77b36c00e] -> /usr/lib/dovecot/libdovecot.so.0(+0xf465b) [0x7ff77b37565b] -> /usr/lib/dovecot/libdovecot.so.0(+0xf46f1) [0x7ff77b3756f1] -> /usr/lib/dovecot/libdovecot.so.0(+0x514a6) [0x7ff77b2d24a6] -> /usr/lib/dovecot/libdovecot.so.0(+0x52415) [0x7ff77b2d3415] -> /usr/lib/dovecot/libdovecot.so.0(+0x59c09) [0x7ff77b2dac09] -> /usr/lib/dovecot/libdovecot.so.0(oauth2_try_parse_jwt+0x7bb) [0x7ff77b2db60b] -> dovecot/auth(+0x3bf71) [0x55576d3cdf71] -> dovecot/auth(db_oauth2_lookup+0x350) [0x55576d3cf030] -> dovecot/auth(auth_request_default_verify_plain_continue+0x2d6) [0x55576d3b3386] -> dovecot/auth(auth_request_verify_plain_callback_finish+0x5c) [0x55576d3b214c] -> dovecot/auth(auth_request_verify_plain_callback+0x51) [0x55576d3b2281] -> dovecot/auth(+0x30171) [0x55576d
 3c2171] -> dovecot/auth(+0x27ebb) [0x55576d3b9ebb] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7ff77b38b989] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x131) [0x7ff77b38ced1] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7ff77b38ba2c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7ff77b38bba0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ff77b3059c3] -> dovecot/auth(main+0x3e1) [0x55576d3a6fa1] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7ff77b03809b] -> dovecot/auth(_start+0x2a) [0x55576d3a713a]
> dovecot_1                          | Sep 15 16:11:50 auth-worker(25): Debug: conn unix:auth-worker (pid=24,uid=101): Disconnected: Connection closed (fd=-1)
> dovecot_1                          | Sep 15 16:11:50 imap-login: Debug: Ignoring unknown passdb extra field: temp
> 
> 
> dovecot --version
> 2.3.11.3 (502c39af9)
> 
> 
> 
> dovecot -n
> # 2.3.11.3 (502c39af9): /etc/dovecot/dovecot.conf
> # OS: Linux 4.19.76-linuxkit x86_64 Debian 10.5 fuse.grpcfuse
> # Hostname: 45e39b46f6ab
> auth_debug = yes
> auth_mechanisms = plain oauthbearer xoauth2
> auth_verbose = yes
> disable_plaintext_auth = no
> doveadm_password = # hidden, use -P to show it
> log_path = /dev/stdout
> mail_debug = yes
> mail_location = maildir:/data/imap_store/%n
> mail_plugins = " quota"
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Greeting {
>     auto = create
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     auto = no
>     special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   driver = pam
> }
> passdb {
>   args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
>   driver = oauth2
>   mechanisms = plain login
> }
> plugin {
>   quota = maildir:User quota
>   quota_rule = *:storage=5MB
>   quota_status_nouser = DUNNO
>   quota_status_overquota = 552 5.2.2 Mailbox is full
>   quota_status_success = DUNNO
> }
> protocols = imap lmtp
> service doveadm {
>   inet_listener http {
>     port = 80
>   }
> }
> service lmtp {
>   inet_listener lmtp {
>     address = *
>     port = 24
>   }
>   process_min_avail = 5
> }
> ssl = no
> userdb {
>   driver = passwd
> }
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> protocol lmtp {
>   mail_plugins = quota
>   postmaster_address = postmaster at domainname
> }
> protocol lda {
>   mail_plugins = " quota notify push_notification"
> }
> protocol imap {
>   imap_metadata = yes
>   mail_plugins = " quota imap_quota quota"
> }
> 
> Any help would be appreciated. 
> 
> Thanks,
> Mrinal

Are you using HMAC keys? What size?

Aki


More information about the dovecot mailing list