I am trying to use a newly added Local Validation functionality in dovecot version 2.3.11. I am running dovecot inside a Docker container With base image " debian:buster-slim". When I try to login through below command , a crash is seen. ''' a1 login admin eyJhbGci44444zUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2fyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbIm9wZW5pZCJdLCJleffiOjE3MDAxODAwNTksInN1YiI6ImFkbWluIiwiaWF0IjoxNjAwMTc5NzU5LCJhdXRob3JpdGllcyI6WyJST0xFX0FETUlOIiwiUk9MRV9VU0VSIl0sImp0aSI6ImRyOUV0MVVJWkdJZkZ0emFVZW5VRzRzcmQtQSIsImNsaWVudF9pZCI6IndlYl9hcHAifQ.T9BTZYW52p0VG9gxmTb-cf5GXF5jTOjdkqMaUMAGX-tffffft7YfdPptphGKE8FO9opxcnL--Bjy9ip-XYuWqA '''' Crash: dovecot_1 | Sep 15 16:11:50 auth: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= HMAC_MAX_CONTEXT_SIZE) dovecot_1 | Sep 15 16:11:50 auth: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x3d) [0x7ff77b36beed] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7ff77b36c00e] -> /usr/lib/dovecot/libdovecot.so.0(+0xf465b) [0x7ff77b37565b] -> /usr/lib/dovecot/libdovecot.so.0(+0xf46f1) [0x7ff77b3756f1] -> /usr/lib/dovecot/libdovecot.so.0(+0x514a6) [0x7ff77b2d24a6] -> /usr/lib/dovecot/libdovecot.so.0(+0x52415) [0x7ff77b2d3415] -> /usr/lib/dovecot/libdovecot.so.0(+0x59c09) [0x7ff77b2dac09] -> /usr/lib/dovecot/libdovecot.so.0(oauth2_try_parse_jwt+0x7bb) [0x7ff77b2db60b] -> dovecot/auth(+0x3bf71) [0x55576d3cdf71] -> dovecot/auth(db_oauth2_lookup+0x350) [0x55576d3cf030] -> dovecot/auth(auth_request_default_verify_plain_continue+0x2d6) [0x55576d3b3386] -> dovecot/auth(auth_request_verify_plain_callback_finish+0x5c) [0x55576d3b214c] -> dovecot/auth(auth_request_verify_plain_callback+0x51) [0x55576d3b2281] -> dovecot/auth(+0x30171) [0x55576d3c2171] -> dovecot/auth(+0x27ebb) [0x55576d3b9ebb] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7ff77b38b989] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x131) [0x7ff77b38ced1] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7ff77b38ba2c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7ff77b38bba0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ff77b3059c3] -> dovecot/auth(main+0x3e1) [0x55576d3a6fa1] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7ff77b03809b] -> dovecot/auth(_start+0x2a) [0x55576d3a713a] dovecot_1 | Sep 15 16:11:50 auth-worker(25): Debug: conn unix:auth-worker (pid=24,uid=101): Disconnected: Connection closed (fd=-1) dovecot_1 | Sep 15 16:11:50 imap-login: Debug: Ignoring unknown passdb extra field: temp dovecot --version 2.3.11.3 (502c39af9) dovecot -n # 2.3.11.3 (502c39af9): /etc/dovecot/dovecot.conf # OS: Linux 4.19.76-linuxkit x86_64 Debian 10.5 fuse.grpcfuse # Hostname: 45e39b46f6ab auth_debug = yes auth_mechanisms = plain oauthbearer xoauth2 auth_verbose = yes disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it log_path = /dev/stdout mail_debug = yes mail_location = maildir:/data/imap_store/%n mail_plugins = " quota" namespace inbox { inbox = yes location mailbox Drafts { special_use = \Drafts } mailbox Greeting { auto = create } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = no special_use = \Trash } prefix } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-oauth2.plain.conf.ext driver = oauth2 mechanisms = plain login } plugin { quota = maildir:User quota quota_rule = *:storage=5MB quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO } protocols = imap lmtp service doveadm { inet_listener http { port = 80 } } service lmtp { inet_listener lmtp { address = * port = 24 } process_min_avail = 5 } ssl = no userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = quota postmaster_address = postmaster at domainname } protocol lda { mail_plugins = " quota notify push_notification" } protocol imap { imap_metadata = yes mail_plugins = " quota imap_quota quota" } Any help would be appreciated. Thanks, Mrinal
> On 15/09/2020 19:39 Mrinal Sharma <msharma at smithmicro.com> wrote: > > > I am trying to use a newly added Local Validation functionality in dovecot version 2.3.11. I am running dovecot inside a Docker container With base image " debian:buster-slim". When I try to login through below command , a crash is seen. > > ''' > a1 login admin eyJhbGci44444zUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2fyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbIm9wZW5pZCJdLCJleffiOjE3MDAxODAwNTksInN1YiI6ImFkbWluIiwiaWF0IjoxNjAwMTc5NzU5LCJhdXRob3JpdGllcyI6WyJST0xFX0FETUlOIiwiUk9MRV9VU0VSIl0sImp0aSI6ImRyOUV0MVVJWkdJZkZ0emFVZW5VRzRzcmQtQSIsImNsaWVudF9pZCI6IndlYl9hcHAifQ.T9BTZYW52p0VG9gxmTb-cf5GXF5jTOjdkqMaUMAGX-tffffft7YfdPptphGKE8FO9opxcnL--Bjy9ip-XYuWqA > '''' > > Crash: > dovecot_1 | Sep 15 16:11:50 auth: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= HMAC_MAX_CONTEXT_SIZE) > dovecot_1 | Sep 15 16:11:50 auth: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x3d) [0x7ff77b36beed] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7ff77b36c00e] -> /usr/lib/dovecot/libdovecot.so.0(+0xf465b) [0x7ff77b37565b] -> /usr/lib/dovecot/libdovecot.so.0(+0xf46f1) [0x7ff77b3756f1] -> /usr/lib/dovecot/libdovecot.so.0(+0x514a6) [0x7ff77b2d24a6] -> /usr/lib/dovecot/libdovecot.so.0(+0x52415) [0x7ff77b2d3415] -> /usr/lib/dovecot/libdovecot.so.0(+0x59c09) [0x7ff77b2dac09] -> /usr/lib/dovecot/libdovecot.so.0(oauth2_try_parse_jwt+0x7bb) [0x7ff77b2db60b] -> dovecot/auth(+0x3bf71) [0x55576d3cdf71] -> dovecot/auth(db_oauth2_lookup+0x350) [0x55576d3cf030] -> dovecot/auth(auth_request_default_verify_plain_continue+0x2d6) [0x55576d3b3386] -> dovecot/auth(auth_request_verify_plain_callback_finish+0x5c) [0x55576d3b214c] -> dovecot/auth(auth_request_verify_plain_callback+0x51) [0x55576d3b2281] -> dovecot/auth(+0x30171) [0x55576d3c2171] -> dovecot/auth(+0x27ebb) [0x55576d3b9ebb] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7ff77b38b989] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x131) [0x7ff77b38ced1] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7ff77b38ba2c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7ff77b38bba0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ff77b3059c3] -> dovecot/auth(main+0x3e1) [0x55576d3a6fa1] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7ff77b03809b] -> dovecot/auth(_start+0x2a) [0x55576d3a713a]> dovecot_1 | Sep 15 16:11:50 auth-worker(25): Debug: conn unix:auth-worker (pid=24,uid=101): Disconnected: Connection closed (fd=-1) > dovecot_1 | Sep 15 16:11:50 imap-login: Debug: Ignoring unknown passdb extra field: temp > > > dovecot --version > 2.3.11.3 (502c39af9) > > > > dovecot -n > # 2.3.11.3 (502c39af9): /etc/dovecot/dovecot.conf > # OS: Linux 4.19.76-linuxkit x86_64 Debian 10.5 fuse.grpcfuse > # Hostname: 45e39b46f6ab > auth_debug = yes > auth_mechanisms = plain oauthbearer xoauth2 > auth_verbose = yes > disable_plaintext_auth = no > doveadm_password = # hidden, use -P to show it > log_path = /dev/stdout > mail_debug = yes > mail_location = maildir:/data/imap_store/%n > mail_plugins = " quota" > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Greeting { > auto = create > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > auto = no > special_use = \Trash > } > prefix > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-oauth2.plain.conf.ext > driver = oauth2 > mechanisms = plain login > } > plugin { > quota = maildir:User quota > quota_rule = *:storage=5MB > quota_status_nouser = DUNNO > quota_status_overquota = 552 5.2.2 Mailbox is full > quota_status_success = DUNNO > } > protocols = imap lmtp > service doveadm { > inet_listener http { > port = 80 > } > } > service lmtp { > inet_listener lmtp { > address = * > port = 24 > } > process_min_avail = 5 > } > ssl = no > userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > mail_plugins = quota > postmaster_address = postmaster at domainname > } > protocol lda { > mail_plugins = " quota notify push_notification" > } > protocol imap { > imap_metadata = yes > mail_plugins = " quota imap_quota quota" > } > > Any help would be appreciated. > > Thanks, > MrinalAre you using HMAC keys? What size? Aki
No, this is the mistake I did. The access token generated is based on RS256. This issue can be closed. I have sent another mail wherein I see "Cannot load key: Invalid dovecot key version". Thank you for the Quick response. Mrinal -----Original Message----- From: Aki Tuomi <aki.tuomi at open-xchange.com> Sent: Tuesday, September 15, 2020 1:07 PM To: Mrinal Sharma <msharma at smithmicro.com>; dovecot at dovecot.org Subject: Re: Auth Panic hmac.c while Local Validation CAUTION - EXTERNAL EMAIL This email originated from outside of Smith Micro Software. Do not click links or open attachments unless you recognize the sender and know the content is safe.> On 15/09/2020 19:39 Mrinal Sharma <msharma at smithmicro.com> wrote: > > > I am trying to use a newly added Local Validation functionality in dovecot version 2.3.11. I am running dovecot inside a Docker container With base image " debian:buster-slim". When I try to login through below command , a crash is seen. > > ''' > a1 login admin > eyJhbGci44444zUxMiIsInR5cCI6IkpXVCJ9.eyJ1c2fyX25hbWUiOiJhZG1pbiIsInNjb > 3BlIjpbIm9wZW5pZCJdLCJleffiOjE3MDAxODAwNTksInN1YiI6ImFkbWluIiwiaWF0Ijo > xNjAwMTc5NzU5LCJhdXRob3JpdGllcyI6WyJST0xFX0FETUlOIiwiUk9MRV9VU0VSIl0sI > mp0aSI6ImRyOUV0MVVJWkdJZkZ0emFVZW5VRzRzcmQtQSIsImNsaWVudF9pZCI6IndlYl9 > hcHAifQ.T9BTZYW52p0VG9gxmTb-cf5GXF5jTOjdkqMaUMAGX-tffffft7YfdPptphGKE8 > FO9opxcnL--Bjy9ip-XYuWqA > '''' > > Crash: > dovecot_1 | Sep 15 16:11:50 auth: Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= HMAC_MAX_CONTEXT_SIZE) > dovecot_1 | Sep 15 16:11:50 auth: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x3d) [0x7ff77b36beed] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7ff77b36c00e] -> /usr/lib/dovecot/libdovecot.so.0(+0xf465b) [0x7ff77b37565b] -> /usr/lib/dovecot/libdovecot.so.0(+0xf46f1) [0x7ff77b3756f1] -> /usr/lib/dovecot/libdovecot.so.0(+0x514a6) [0x7ff77b2d24a6] -> /usr/lib/dovecot/libdovecot.so.0(+0x52415) [0x7ff77b2d3415] -> /usr/lib/dovecot/libdovecot.so.0(+0x59c09) [0x7ff77b2dac09] -> /usr/lib/dovecot/libdovecot.so.0(oauth2_try_parse_jwt+0x7bb) [0x7ff77b2db60b] -> dovecot/auth(+0x3bf71) [0x55576d3cdf71] -> dovecot/auth(db_oauth2_lookup+0x350) [0x55576d3cf030] -> dovecot/auth(auth_request_default_verify_plain_continue+0x2d6) [0x55576d3b3386] -> dovecot/auth(auth_request_verify_plain_callback_finish+0x5c) [0x55576d3b214c] -> dovecot/auth(auth_request_verify_plain_callback+0x51) [0x55576d3b2281] -> dovecot/auth(+0x30171) [0x55576d3c2171] -> dovecot/auth(+0x27ebb) [0x55576d3b9ebb] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7ff77b38b989] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x131) [0x7ff77b38ced1] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x4c) [0x7ff77b38ba2c] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7ff77b38bba0] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7ff77b3059c3] -> dovecot/auth(main+0x3e1) [0x55576d3a6fa1] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7ff77b03809b] -> dovecot/auth(_start+0x2a) [0x55576d3a713a]> dovecot_1 | Sep 15 16:11:50 auth-worker(25): Debug: conn unix:auth-worker (pid=24,uid=101): Disconnected: Connection closed (fd=-1) > dovecot_1 | Sep 15 16:11:50 imap-login: Debug: Ignoring unknown passdb extra field: temp > > > dovecot --version > 2.3.11.3 (502c39af9) > > > > dovecot -n > # 2.3.11.3 (502c39af9): /etc/dovecot/dovecot.conf # OS: Linux > 4.19.76-linuxkit x86_64 Debian 10.5 fuse.grpcfuse # Hostname: > 45e39b46f6ab auth_debug = yes auth_mechanisms = plain oauthbearer > xoauth2 auth_verbose = yes disable_plaintext_auth = no > doveadm_password = # hidden, use -P to show it log_path = /dev/stdout > mail_debug = yes mail_location = maildir:/data/imap_store/%n > mail_plugins = " quota" > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Greeting { > auto = create > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > auto = no > special_use = \Trash > } > prefix > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-oauth2.plain.conf.ext > driver = oauth2 > mechanisms = plain login > } > plugin { > quota = maildir:User quota > quota_rule = *:storage=5MB > quota_status_nouser = DUNNO > quota_status_overquota = 552 5.2.2 Mailbox is full > quota_status_success = DUNNO > } > protocols = imap lmtp > service doveadm { > inet_listener http { > port = 80 > } > } > service lmtp { > inet_listener lmtp { > address = * > port = 24 > } > process_min_avail = 5 > } > ssl = no > userdb { > driver = passwd > } > userdb { > args = /etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol lmtp { > mail_plugins = quota > postmaster_address = postmaster at domainname } protocol lda { > mail_plugins = " quota notify push_notification" > } > protocol imap { > imap_metadata = yes > mail_plugins = " quota imap_quota quota" > } > > Any help would be appreciated. > > Thanks, > MrinalAre you using HMAC keys? What size? Aki