dovecot - Aug 2009 - Crash: imap process, Dovecot 1.2.4, related to ACLs (backtrace included)

Hi, 

I started experimenting with ACLs and found I could reliably and reproducibly 
crash the IMAP process when trying to create a subfolder of a folder that has 
has ACLs set. The folder is called "Sent" with an ACL of "owner
lrwstipke". I
wanted to be able to have certain folders the the user cannot delete but where 
subfolders can be created freely.

Relevant information follows and I hope the backtrace is useful (lots of 
"value optimized out" entries). You can also find everything from
below on
<https://daff.pseudoterminal.org/misc/dovecot/>.

Please tell me if I can provide more information.

dovecot -n:
==========# 1.2.4: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.26-2-686 i686 Debian 5.0.2
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: managesieve imap imaps pop3 pop3s
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login
mail_access_groups: mail
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mail_drop_priv_before_exec: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve
mail_plugins(default): autocreate acl
mail_plugins(imap): autocreate acl
mail_plugins(pop3):
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve
namespace:
  type: public
  separator: .
  prefix: Public.
  location: 
maildir:/var/mail/public:CONTROL=~/Maildir/control/public:INDEX=~/Maildir/index/public
  list: yes
namespace:
  type: private
  separator: .
  prefix: Backup.
  location: maildir:~/Maildir-backup
  hidden: yes
  list: no
namespace:
  type: private
  separator: .
  inbox: yes
  list: yes
  subscriptions: yes
lda:
  log_path:
  info_log_path:
  auth_socket_path: /var/run/dovecot/auth-master
  postmaster_address: postmaster at mailtest0.rise-s.com
  mail_plugins: sieve acl
auth default:
  mechanisms: plain login
  passdb:
    driver: pam
  passdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
  userdb:
    driver: passwd
  userdb:
    driver: static
    args: uid=vmail gid=vmail home=/var/vmail/%Ld/%Ln allow_all_users=yes
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail
plugin:
  sieve: ~/.dovecot.sieve
  sieve_dir: ~/sieve
  sieve_global_path: /etc/dovecot/sieve/default.sieve
  sieve_global_dir: /etc/dovecot/sieve/global/
  sieve_before: /etc/dovecot/sieve/before/
  autocreate: Trash
  autocreate2: Drafts
  autocreate3: Sent
  autocreate4: INBOX.Spam
  autosubscribe: Trash
  autosubscribe2: Drafts
  autosubscribe3: Sent
  autosubscribe4: INBOX.Spam
  acl: vfile:/etc/dovecot/acl

Log entry:
=========
Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos at example1.rise-s.com):
Panic: file acl-backend-vfile.c: line 1124 (acl_backend_vfile_object_update): 
assertion failed: (!update->rights.global)
Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos at example1.rise-s.com):
Raw backtrace: imap [0x80f1ec1] -> imap [0x80f1f42] -> imap [0x80f18c9]
->
/usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7dddcf6] -> 
/usr/local/lib/dovecot/imap/lib01_acl_plugin.so(acl_object_update+0x18) 
[0xb7ddb1a8] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7de2ac7]
-
> imap(cmd_create+0xf9) [0x80618d9] -> imap [0x80679fc] -> imap
[0x8067a99] ->
imap(client_handle_input+0x2d) [0x8067c0d] -> imap(client_input+0x5f) 
[0x806856f] -> imap(io_loop_handler_run+0xe0) [0x80fac40] -> 
imap(io_loop_run+0x20) [0x80fa0b0] -> imap(main+0x5ea) [0x807104a] -> 
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7e15455] -> imap 
[0x8060291]
Aug 28 01:08:01 mailtest0 dovecot: dovecot: child 1588 (imap) killed with 
signal 6 (core dumped)

Backtrace:
=========
#0  0xb7f70424 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7e2a640 in raise () from /lib/i686/cmov/libc.so.6
No symbol table info available.
#2  0xb7e2c018 in abort () from /lib/i686/cmov/libc.so.6
No symbol table info available.
#3  0x080f1ed5 in default_fatal_finish (type=<value optimized out>,
status=0)
at failures.c:160
        backtrace = 0x93e5628 "imap [0x80f1ec1] -> imap [0x80f1f42]
-> imap
[0x80f18c9] -> /usr/local/lib/dovecot/imap/lib01_acl_plugin.so [0xb7dddcf6]
->
/usr/local/lib/dovecot/imap/lib01_acl_plugin.so(acl_object_update+0x18) 
[0xb"...
#4  0x080f1f42 in i_internal_fatal_handler (type=LOG_TYPE_PANIC, status=0, 
fmt=0xb7de3094 "file %s: line %d (%s): assertion failed: (%s)", 
args=0xbff8b9c4 "?3?d\004")
    at failures.c:440
No locals.
#5  0x080f18c9 in i_panic (format=0xb7de3094 "file %s: line %d (%s):
assertion
failed: (%s)") at failures.c:207
No locals.
#6  0xb7dddcf6 in acl_backend_vfile_object_update (_aclobj=0x942c270, 
update=0xbff8bad0) at acl-backend-vfile.c:1124
        dotlock = <value optimized out>
        path = <value optimized out>
        i = <value optimized out>
        fd = <value optimized out>
        changed = <value optimized out>
        __PRETTY_FUNCTION__ = "acl_backend_vfile_object_update"
#7  0xb7ddb1a8 in acl_object_update (aclobj=0x942c270, update=0xbff8bad0) at 
acl-api.c:122
No locals.
#8  0xb7de2ac7 in acl_mailbox_create (storage=0x93f2c88, name=0x93f9d98 
"Sent.2008", directory=false) at acl-storage.c:160
        astorage = <value optimized out>
        ret = <value optimized out>
#9  0x080618d9 in cmd_create (cmd=0x93f4ce0) at cmd-create.c:42
        ns = <value optimized out>
        mailbox = 0x93f9d98 "Sent.2008"
        full_mailbox = 0x93f9d98 "Sent.2008"
        directory = <value optimized out>
#10 0x080679fc in client_command_input (cmd=0x93f4ce0) at client.c:611
        client = (struct client *) 0x93f48a0
        command = <value optimized out>
        __PRETTY_FUNCTION__ = "client_command_input"
#11 0x08067a99 in client_command_input (cmd=0x93f4ce0) at client.c:660
        client = (struct client *) 0x93f48a0
        command = <value optimized out>
        __PRETTY_FUNCTION__ = "client_command_input"
#12 0x08067c0d in client_handle_input (client=0x93f48a0) at client.c:701
        _data_stack_cur_id = 3
        ret = false
        remove_io = <value optimized out>
        handled_commands = false
        __PRETTY_FUNCTION__ = "client_handle_input"
#13 0x0806856f in client_input (client=0x93f48a0) at client.c:752
        cmd = <value optimized out>
        output = (struct ostream *) 0x93f4a54
        bytes = <value optimized out>
        __PRETTY_FUNCTION__ = "client_input"
#14 0x080fac40 in io_loop_handler_run (ioloop=0x93ed9b0) at ioloop-epoll.c:208
        ctx = (struct ioloop_handler_context *) 0x93edab8
        event = (const struct epoll_event *) 0x93edaf8
        list = (struct io_list *) 0x93f4ab0
        io = (struct io_file *) 0x942c888
        tv = {tv_sec = 1799, tv_usec = 999357}
        t_id = 2
        msecs = <value optimized out>
        ret = 1
        i = 0
        j = 0
        call = <value optimized out>
#15 0x080fa0b0 in io_loop_run (ioloop=0x93ed9b0) at ioloop.c:335
No locals.
#16 0x0807104a in main (argc=Cannot access memory at address 0x634
) at main.c:327
No locals.

On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos
wrote:
> Hi, 
> 
> I started experimenting with ACLs and found I could reliably and
reproducibly
> crash the IMAP process when trying to create a subfolder of a folder that
has
> has ACLs set. The folder is called "Sent" with an ACL of
"owner lrwstipke". I
> wanted to be able to have certain folders the the user cannot delete but
where
> subfolders can be created freely.
..
>   acl: vfile:/etc/dovecot/acl
You created a global ACL, right? So /etc/dovecot/acl/Sent?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090828/5f2070e3/attachment-0002.bin>

On Fri, 2009-08-28 at 02:46 +0200, Andreas Ntaflos
wrote:
> Aug 28 01:08:01 mailtest0 dovecot: IMAP(andreas.ntaflos at
example1.rise-s.com):
> Panic: file acl-backend-vfile.c: line 1124
(acl_backend_vfile_object_update):
> assertion failed: (!update->rights.global)
Finally had time to look at this. I think the fix should be that global
ACLs simply shouldn't be copied to child mailboxes. Is this also what
you want? i.e. user can't delete mails from "Sent", but can delete
from
"Sent/child".

http://hg.dovecot.org/dovecot-1.2/rev/6df681067e0a

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090913/81a2bcb2/attachment-0002.bin>