dovecot - Jun 2015 - centos 7 dovecot 2.2.10 segmentation fault on devcot/auth using ldap driver in userdb

dovecot 2.2.10 packaged by centos 7

configuring ldap driver on userdb cause imap crash during login

userdb {
  driver = ldap
  args = /etc/dovecot/dovecot-ldap-userdb.conf3.ext
 
  # Default fields can be used to specify defaults that LDAP may override
  #default_fields = home=/home/virtual/%u
}


#ldap conf
---------------
hosts = myDChost
base = dc=company,dc=testdomain,dc=dom
ldap_version = 3
auth_bind = yes
auth_bind_userdn = windowsdomain\%u
user_filter = (&(objectclass=person)(|(mail=%u)(sAMAccountName=%n)))
user_attrs
=uid=vmail,=gid=vmail,=home=/users/vmail/maildomain.com/%n,=mail_location=maildir:/users/vmail/maildomain.com/%n/Maildir
tls = yes
tls_require_cert = never


dovecot -n
---------------
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-229.4.2.el7.x86_64 x86_64 CentOS Linux release
7.1.1503 (Core)  xfs
auth_debug = yes
auth_mechanisms = plain login
listen = *
mail_debug = yes
mail_location = maildir:/users/vmail/maildomain.com/%n/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location   mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix }
passdb {
  args = /etc/dovecot/dovecot-ldap.conf2.ext
  driver = ldap
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/mail.maildomain.com.crt.pem
ssl_key = </etc/pki/dovecot/private/mail.maildomain.com.key.pem
userdb {
  args = /etc/dovecot/dovecot-ldap-userdb.conf3.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = " quota sieve"
  passdb {
    args = password=foo
    driver = static
  }
}
protocol lda {
  mail_plugins = " sieve"
}

core dump
-------------
gdb /usr/libexec/dovecot/auth /var/core/25122
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/libexec/dovecot/auth...Reading symbols from
/usr/lib/debug/usr/libexec/dovecot/auth.debug...done.
done.
[New LWP 25122]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Missing separate debuginfo for /usr/lib64/libnssckbi.so
Try: yum --enablerepo='*debug*' install
/usr/lib/debug/.build-id/1e/a2171aee7143d971607597b24f2a97e9276cbb.debug
Core was generated by `dovecot/auth'.
Program terminated with signal 11, Segmentation fault.
#0  db_ldap_handle_request_result (res=0x0, idx=<optimized out>,
request=<optimized out>, conn=<optimized out>) at db-ldap.c:819
819            request->callback(conn, request, res->msg);
(gdb) bt full
#0  db_ldap_handle_request_result (res=0x0, idx=<optimized out>,
request=<optimized out>, conn=<optimized out>) at db-ldap.c:819
        _data_stack_cur_id = 3
        srequest = <optimized out>
        ret = <optimized out>
        final_result = <optimized out>
        named_res = <optimized out>
#1  db_ldap_handle_result (res=<optimized out>, conn=<optimized
out>) at
db-ldap.c:886
        auth_request = 0x7f3704fa2620
        idx = <optimized out>
        msgid = <optimized out>
#2  ldap_input (conn=<optimized out>) at db-ldap.c:918
        timeout = {tv_sec = 0, tv_usec = 0}
        res = 0x7f3704b1b530
        msg = 0x7f370489fcb0
        prev_reply_diff = <optimized out>
        ret = <optimized out>
#3  0x00007f3702a19a47 in io_loop_call_io (io=0x7f37046dbad0) at
ioloop.c:388
        ioloop = 0x7f37046bd7b0
        t_id = 2
#4  0x00007f3702a1a8cf in io_loop_handler_run
(ioloop=ioloop at entry=0x7f37046bd7b0) at ioloop-epoll.c:220
        ctx = 0x7f37046c5450
        events = <optimized out>
        list = 0x7f3704998170
        io = <optimized out>
        tv = {tv_sec = 0, tv_usec = 999118}
        events_count = <optimized out>
        msecs = <optimized out>
        ret = 1
        i = 0
        call = <optimized out>
        __FUNCTION__ = "io_loop_handler_run"
#5  0x00007f3702a19598 in io_loop_run (ioloop=0x7f37046bd7b0) at
ioloop.c:412
        __FUNCTION__ = "io_loop_run"
#6  0x00007f37029c69e3 in master_service_run (service=0x7f37046bd640,
callback=<optimized out>) at master-service.c:571
No locals.
#7  0x00007f3702ea77f1 in main (argc=1, argv=0x7f37046bd390) at main.c:393
        c = <optimized out>

* Andrea Lisci <andrelisci at gmail.com>:
> dovecot 2.2.10 packaged by centos 7
> 
> configuring ldap driver on userdb cause imap crash during login
SELinux enabled?

p at rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstra?e 15, 81669 M?nchen
 
Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

The crash seems involved with bad handled AD response

DSID-0C090627,.comment:.In.order.to.perform.this.operation.a.successful.bind.must.be.completed.on.the.connection.

when this occurs dovecot got a segmentation fault

this bug probably has been corrected (changelogs aren't clear) because this
response is well handled on  dovecot-2.2.18-2.fc21.x86_64

2015-06-17 23:03 GMT+02:00 Andrea Lisci <andrelisci at gmail.com>:
> dovecot 2.2.10 packaged by centos 7
>
> configuring ldap driver on userdb cause imap crash during login
>
> userdb {
>   driver = ldap
>   args = /etc/dovecot/dovecot-ldap-userdb.conf3.ext
>
>   # Default fields can be used to specify defaults that LDAP may override
>   #default_fields = home=/home/virtual/%u
> }
>
>
> #ldap conf
> ---------------
> hosts = myDChost
> base = dc=company,dc=testdomain,dc=dom
> ldap_version = 3
> auth_bind = yes
> auth_bind_userdn = windowsdomain\%u
> user_filter = (&(objectclass=person)(|(mail=%u)(sAMAccountName=%n)))
> user_attrs > =uid=vmail,=gid=vmail,=home=/users/vmail/
>
maildomain.com/%n,=mail_location=maildir:/users/vmail/maildomain.com/%n/Maildir
> tls = yes
> tls_require_cert = never
>
>
> dovecot -n
> ---------------
> # 2.2.10: /etc/dovecot/dovecot.conf
> # OS: Linux 3.10.0-229.4.2.el7.x86_64 x86_64 CentOS Linux release
> 7.1.1503 (Core)  xfs
> auth_debug = yes
> auth_mechanisms = plain login
> listen = *
> mail_debug = yes
> mail_location = maildir:/users/vmail/maildomain.com/%n/Maildir
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> mbox_write_locks = fcntl
> namespace inbox {
>   inbox = yes
>   location >   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix > }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf2.ext
>   driver = ldap
> }
> plugin {
>   sieve = ~/.dovecot.sieve
>   sieve_dir = ~/sieve
> }
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>     group = postfix
>     mode = 0600
>     user = postfix
>   }
> }
> ssl = required
> ssl_cert = </etc/pki/dovecot/certs/mail.maildomain.com.crt.pem
> ssl_key = </etc/pki/dovecot/private/mail.maildomain.com.key.pem
> userdb {
>   args = /etc/dovecot/dovecot-ldap-userdb.conf3.ext
>   driver = ldap
> }
> protocol lmtp {
>   mail_plugins = " quota sieve"
>   passdb {
>     args = password=foo
>     driver = static
>   }
> }
> protocol lda {
>   mail_plugins = " sieve"
> }
>
> core dump
> -------------
> gdb /usr/libexec/dovecot/auth /var/core/25122
> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-64.el7
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/libexec/dovecot/auth...Reading symbols from
> /usr/lib/debug/usr/libexec/dovecot/auth.debug...done.
> done.
> [New LWP 25122]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Missing separate debuginfo for /usr/lib64/libnssckbi.so
> Try: yum --enablerepo='*debug*' install
> /usr/lib/debug/.build-id/1e/a2171aee7143d971607597b24f2a97e9276cbb.debug
> Core was generated by `dovecot/auth'.
> Program terminated with signal 11, Segmentation fault.
> #0  db_ldap_handle_request_result (res=0x0, idx=<optimized out>,
> request=<optimized out>, conn=<optimized out>) at db-ldap.c:819
> 819            request->callback(conn, request, res->msg);
> (gdb) bt full
> #0  db_ldap_handle_request_result (res=0x0, idx=<optimized out>,
> request=<optimized out>, conn=<optimized out>) at db-ldap.c:819
>         _data_stack_cur_id = 3
>         srequest = <optimized out>
>         ret = <optimized out>
>         final_result = <optimized out>
>         named_res = <optimized out>
> #1  db_ldap_handle_result (res=<optimized out>, conn=<optimized
out>) at
> db-ldap.c:886
>         auth_request = 0x7f3704fa2620
>         idx = <optimized out>
>         msgid = <optimized out>
> #2  ldap_input (conn=<optimized out>) at db-ldap.c:918
>         timeout = {tv_sec = 0, tv_usec = 0}
>         res = 0x7f3704b1b530
>         msg = 0x7f370489fcb0
>         prev_reply_diff = <optimized out>
>         ret = <optimized out>
> #3  0x00007f3702a19a47 in io_loop_call_io (io=0x7f37046dbad0) at
> ioloop.c:388
>         ioloop = 0x7f37046bd7b0
>         t_id = 2
> #4  0x00007f3702a1a8cf in io_loop_handler_run
> (ioloop=ioloop at entry=0x7f37046bd7b0) at ioloop-epoll.c:220
>         ctx = 0x7f37046c5450
>         events = <optimized out>
>         list = 0x7f3704998170
>         io = <optimized out>
>         tv = {tv_sec = 0, tv_usec = 999118}
>         events_count = <optimized out>
>         msecs = <optimized out>
>         ret = 1
>         i = 0
>         call = <optimized out>
>         __FUNCTION__ = "io_loop_handler_run"
> #5  0x00007f3702a19598 in io_loop_run (ioloop=0x7f37046bd7b0) at
> ioloop.c:412
>         __FUNCTION__ = "io_loop_run"
> #6  0x00007f37029c69e3 in master_service_run (service=0x7f37046bd640,
> callback=<optimized out>) at master-service.c:571
> No locals.
> #7  0x00007f3702ea77f1 in main (argc=1, argv=0x7f37046bd390) at main.c:393
>         c = <optimized out>
>
>