Robert Kudyba
2019-Mar-28 14:08 UTC
configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
dovecot-2.3.3-1.fc29.x86_64 Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207) [0x7fe76dff1207] -> /usr/lib64/dovecot/libdovecot.so.0(+0x4972b) [0x7fe76dfe972b] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_request_destroy+0x107) [0x7fe76e02cf87] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_deinit+0x4c) [0x7fe76e03b9ec] -> dovecot/auth(auth_policy_deinit+0x1e) [0x55facfdb350e] -> dovecot/auth(main+0x3e1) [0x55facfdae3c1] -> /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fe76dd93413] -> dovecot/auth(_start+0x2e) [0x55facfdae57e] Mar 28 10:04:47 auth: Fatal: master: service(auth): child 31162 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps - set /proc/sys/fs/suid_dumpable to 2) Mar 28 10:04:48 master: Info: Dovecot v2.3.3 (dcead646b) starting up for imap, pop3 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190328/0e1d94a7/attachment.html>
Aki Tuomi
2019-Mar-28 14:29 UTC
configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 16:08 Robert Kudyba via dovecot <dovecot@dovecot.org> wrote: </div> <div> <br> </div> <div> <br> </div> <div class=""> <div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;"> <span class="" style="font-variant-ligatures: no-common-ligatures;">dovecot-2.3.3-1.fc29.x86_64</span> </div> </div> <div class=""> <br class=""> </div> <div class=""> <div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;"> <span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0)</span> </div> <div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;"> <span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207) [0x7fe76dff1207] -> /usr/lib64/dovecot/libdovecot.so.0(+0x4972b) [0x7fe76dfe972b] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_request_destroy+0x107) [0x7fe76e02cf87] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_deinit+0x4c) [0x7fe76e03b9ec] -> dovecot/auth(auth_policy_deinit+0x1e) [0x55facfdb350e] -> dovecot/auth(main+0x3e1) [0x55facfdae3c1] -> /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fe76dd93413] -> dovecot/auth(_start+0x2e) [0x55facfdae57e]</span> </div> <div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;"> <span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:47 auth: Fatal: master: service(auth): child 31162 killed with signal 6 (core not dumped - <a class="" href="https://dovecot.org/bugreport.html#coredumps">https://dovecot.org/bugreport.html#coredumps</a> - set /proc/sys/fs/suid_dumpable to 2)</span> </div> <div class="" style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;"> <span class="" style="font-variant-ligatures: no-common-ligatures;">Mar 28 10:04:48 master: Info: Dovecot v2.3.3 (dcead646b) starting up for imap, pop3</span> </div> </div> <div class=""> <span class="" style="font-variant-ligatures: no-common-ligatures;"><br class=""></span> </div> </blockquote> <div> Hi, </div> <div> <br> </div> <div> this is a known issue as DOV-3019 and we are fixing this. It happens during auth process shutdown if there are pending requests. </div> <div class="io-ox-signature"> <pre>--- Aki Tuomi</pre> </div> </body> </html>
Robert Kudyba
2019-Mar-28 19:31 UTC
configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
> On Mar 28, 2019, at 10:29 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> On 28 March 2019 16:08 Robert Kudyba via dovecot <dovecot at dovecot.org> wrote: >> >> >> dovecot-2.3.3-1.fc29.x86_64 >> >> Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) >> Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207) [0x7fe76dff1207] -> /usr/lib64/dovecot/libdovecot.so.0(+0x4972b) [0x7fe76dfe972b] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_request_destroy+0x107) [0x7fe76e02cf87] -> /usr/lib64/dovecot/libdovecot.so.0(http_client_deinit+0x4c) [0x7fe76e03b9ec] -> dovecot/auth(auth_policy_deinit+0x1e) [0x55facfdb350e] -> dovecot/auth(main+0x3e1) [0x55facfdae3c1] -> /lib64/libc.so.6(__libc_start_main+0xf3) [0x7fe76dd93413] -> dovecot/auth(_start+0x2e) [0x55facfdae57e] >> Mar 28 10:04:47 auth: Fatal: master: service(auth): child 31162 killed with signal 6 (core not dumped - https://dovecot.org/bugreport.html#coredumps <https://urldefense.proofpoint.com/v2/url?u=https-3A__dovecot.org_bugreport.html-23coredumps&d=DwMCaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=IGBmGF0IssHPP5aIO3xrxNm2mUwwDP12018rdFC0vuo&s=IoU3mYEwgiux42XqobrYw4SyE39GjhvuBXoXWA42HKY&e=> - set /proc/sys/fs/suid_dumpable to 2) >> Mar 28 10:04:48 master: Info: Dovecot v2.3.3 (dcead646b) starting up for imap, pop3 >> > Hi, > > this is a known issue as DOV-3019 and we are fixing this. It happens during auth process shutdown if there are pending requests.Another issue is that the dovecot logs always report the offending URL or IP as what?s in /etc/dovecot/conf.d/95-auth.conf in our case: auth_policy_server_url = https://ourdomain:8084/ <https://dsm.dsm.fordham.edu:8084/> These are HTTP errors in the logs: Mar 28 09:58:04 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=lmNw8SeFoMl/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=51616 resp=<hidden> Mar 28 09:58:04 auth: Debug: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy request https://ourdomain:8084/?command=allow <https://dsm.dsm.fordham.edu:8084/?command=allow> Mar 28 09:58:04 auth: Debug: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy server request JSON: {"device_id":"","login":"unclroot","protocol":"imap","pwhash":"68","remote":"127.0.0.1","tls":false} Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Error: 9003 Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Submitted (requests left=3) Mar 28 09:58:04 auth: Error: policy(unclroot,127.0.0.1,<lmNw8SeFoMl/AAAB>): Policy server HTTP error: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Destroy (requests left=3) Mar 28 09:58:04 auth: Debug: http-client[1]: request [Req11: POST https://ourdomain:8084/?command=allow]: <https://dsm.dsm.fordham.edu:8084/?command=allow%5D:> Free (requests left=2) So wforce is always recording the ?bad? IP as 127.0.0.1 or the FQDN, and not the actual user IP. Is there another place to set this? Perhaps I have to set this in wforce.conf? webserver("0.0.0.0:8084", ?ourpassword") -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190328/636313e2/attachment.html>
Possibly Parallel Threads
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed
- configuring Dovecot with wforced and auth_policy_server_url with https results in assertion failed