I'm the FreeBSD port maintainer for dovecot and I just added this patch to the port in SVN. 489515. On Sun, Jan 6, 2019 at 11:39 AM Stephan Bosch <stephan at rename-it.nl> wrote:> > Op 06/01/2019 om 18:12 schreef John Fawcett: > > On 06/01/2019 11:37, Stephan Bosch wrote: > >> Op 06/01/2019 om 03:35 schreef John Fawcett: > >>> On 06/01/2019 02:26, John Fawcett wrote: > >>> > >>>> Can't see anything in the Dovecot 2.3.4 code that would give this > >>>> problem, setting > >>>> > >>>> stats_writer_socket_path > >>>> > >>>> will overwrite the default value and dovecot does not attempt to > >>>> open a socket in that case. > >>>> > >>>> Using your configuration (though not FreeBSD) I don't get the > >>>> net_connect_unix error whether I use a blank setting or leave the > >>>> default. In the case of leaving the default I do get an additional > >>>> process (dovecot/stats). No errors on connecting to the imap service > >>>> or by running preauth (with the dovecot daemon already running). > >>>> > >>>> The net_connect_unix() error with a zero length socket name is > >>>> inexplicable to me, unless it's got a non printing character in it > >>>> or there is something different happening on FreeBSD. > >>>> > >>>> One suggestion is to run with the default setting, but look at > >>>> resolving the permission problem for the default socket creation at > >>>> /var/run/dovecot/stats-writer rather than working round it. > >>>> > >>>> John > >>>> > >>> Just following up, I don't get the error when I run preauth as root > with > >>> -u parameter. I do get something similar when I run as the user (this > >>> wil the socket path set to blank) > >>> > >>> Centos 7: > >>> > >>> Error: net_connect_unix() failed: Connection refused > >>> > >>> FreeBSD 11.2: > >>> > >>> Error: net_connect_unix() failed: No such file or directory > >>> > >>> So it's close. If I get time I'll see if I can track it down. > >> Does this fix it? > >> > >> diff --git a/src/lib-master/master-service.c > >> b/src/lib-master/master-service.c > >> index 3de11fa1b..3c60a7a39 100644 > >> --- a/src/lib-master/master-service.c > >> +++ b/src/lib-master/master-service.c > >> @@ -341,7 +341,7 @@ master_service_init(const char *name, enum > >> master_service_flags flags, > >> if ((flags & MASTER_SERVICE_FLAG_DONT_SEND_STATS) == 0) { > >> /* Initialize stats-client early so it can see all > >> events. */ > >> value = getenv(DOVECOT_STATS_WRITER_SOCKET_PATH); > >> - if (value != NULL) > >> + if (value != NULL && *value != '\0') > >> service->stats_client > >> stats_client_init(value, FALSE); > >> } > >> > >> > >> Regards, > >> > >> Stephan. > >> > > Hi Stephan > > > > that fixes the issue that I reproduced. For the OP he will probably need > > to wait for this to be picked up for FreeBSD ports. > > > > This code seems safer than the original but it is still a mystery as to > > why DOVECOT_STATS_WRITER_SOCKET_PATH is being put into the environment > > as an empty string (changed behaviour reported by OP compared to > 2.3.2.1_1). > > Behavior changed because the code I patched didn't exist in 2.3.2.1. > > Regards, > > Stephan. > >-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190106/98b03b6a/attachment.html>
and stupid me missed a character, the full fix is in SVN r489516. On Sun, Jan 6, 2019 at 11:47 AM Larry Rosenman <larryrtx at gmail.com> wrote:> I'm the FreeBSD port maintainer for dovecot and I just added this patch to > the port in SVN. 489515. > > On Sun, Jan 6, 2019 at 11:39 AM Stephan Bosch <stephan at rename-it.nl> > wrote: > >> >> Op 06/01/2019 om 18:12 schreef John Fawcett: >> > On 06/01/2019 11:37, Stephan Bosch wrote: >> >> Op 06/01/2019 om 03:35 schreef John Fawcett: >> >>> On 06/01/2019 02:26, John Fawcett wrote: >> >>> >> >>>> Can't see anything in the Dovecot 2.3.4 code that would give this >> >>>> problem, setting >> >>>> >> >>>> stats_writer_socket_path >> >>>> >> >>>> will overwrite the default value and dovecot does not attempt to >> >>>> open a socket in that case. >> >>>> >> >>>> Using your configuration (though not FreeBSD) I don't get the >> >>>> net_connect_unix error whether I use a blank setting or leave the >> >>>> default. In the case of leaving the default I do get an additional >> >>>> process (dovecot/stats). No errors on connecting to the imap service >> >>>> or by running preauth (with the dovecot daemon already running). >> >>>> >> >>>> The net_connect_unix() error with a zero length socket name is >> >>>> inexplicable to me, unless it's got a non printing character in it >> >>>> or there is something different happening on FreeBSD. >> >>>> >> >>>> One suggestion is to run with the default setting, but look at >> >>>> resolving the permission problem for the default socket creation at >> >>>> /var/run/dovecot/stats-writer rather than working round it. >> >>>> >> >>>> John >> >>>> >> >>> Just following up, I don't get the error when I run preauth as root >> with >> >>> -u parameter. I do get something similar when I run as the user (this >> >>> wil the socket path set to blank) >> >>> >> >>> Centos 7: >> >>> >> >>> Error: net_connect_unix() failed: Connection refused >> >>> >> >>> FreeBSD 11.2: >> >>> >> >>> Error: net_connect_unix() failed: No such file or directory >> >>> >> >>> So it's close. If I get time I'll see if I can track it down. >> >> Does this fix it? >> >> >> >> diff --git a/src/lib-master/master-service.c >> >> b/src/lib-master/master-service.c >> >> index 3de11fa1b..3c60a7a39 100644 >> >> --- a/src/lib-master/master-service.c >> >> +++ b/src/lib-master/master-service.c >> >> @@ -341,7 +341,7 @@ master_service_init(const char *name, enum >> >> master_service_flags flags, >> >> if ((flags & MASTER_SERVICE_FLAG_DONT_SEND_STATS) == 0) { >> >> /* Initialize stats-client early so it can see all >> >> events. */ >> >> value = getenv(DOVECOT_STATS_WRITER_SOCKET_PATH); >> >> - if (value != NULL) >> >> + if (value != NULL && *value != '\0') >> >> service->stats_client >> >> stats_client_init(value, FALSE); >> >> } >> >> >> >> >> >> Regards, >> >> >> >> Stephan. >> >> >> > Hi Stephan >> > >> > that fixes the issue that I reproduced. For the OP he will probably need >> > to wait for this to be picked up for FreeBSD ports. >> > >> > This code seems safer than the original but it is still a mystery as to >> > why DOVECOT_STATS_WRITER_SOCKET_PATH is being put into the environment >> > as an empty string (changed behaviour reported by OP compared to >> 2.3.2.1_1). >> >> Behavior changed because the code I patched didn't exist in 2.3.2.1. >> >> Regards, >> >> Stephan. >> >> > > -- > Larry Rosenman http://www.lerctr.org/~ler > Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com > US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106 >-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 (c) E-Mail: larryrtx at gmail.com US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190106/1acdf462/attachment.html>
Hi, many thanks for the quick replies and patch. So quick that I'm not able to respond in the same timeframe. Yes, I am working with FreeBSD pre-built packages; I still intend check out the ports from svn or do my own build, but have not had time yet. To answer specific question: On Sun, 6 Jan 2019, John Fawcett wrote:> One suggestion is to run with the default setting, but look at resolving > the permission problem for the default socket creation at > /var/run/dovecot/stats-writer rather than working round it.Potentially, though it's less logical that the daemon dovecot (which runs as a system user / priviledged) should not be accepting stats from an unpriviledged source. Yes, one could seek to get stats for all dovecot activity on the server. Assuming clients are trusted to feed valid stats and not cause some horrible DoS or similar. So I am heading for the opoosite where dovecot is really the self-contained 'imap' command without crossing any priviledge boundary; just a process consuing CPU and RAM resources like any other. To date I haven't used any of the dovecot stats (not dismissing them, just haven't had a cause to) Thanks again -- Mark