Mailinglist Archive: opensuse-bugs (2150 mails)

< Previous Next >
[Bug 874094] New: Dovecot passwd-file authentication and AppArmor
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 17 Apr 2014 07:19:21 +0000
  • Message-id: <bug-874094-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=874094

https://bugzilla.novell.com/show_bug.cgi?id=874094#c0


Summary: Dovecot passwd-file authentication and AppArmor
Classification: openSUSE
Product: openSUSE 13.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 13.1
Status: NEW
Severity: Normal
Priority: P5 - None
Component: AppArmor
AssignedTo: suse-beta@xxxxxxxxx
ReportedBy: neocube216@xxxxxxxxx
QAContact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101
Firefox/28.0

No profile for dovecot's passwd-file in apparmor.

Reproducible: Always

Steps to Reproduce:
I have opensuse 13.1 and package dovecot21-2.1.17-2.1.2.x86_64, whole system
updated.
I use virtual users and passwd-file authentication, this is output dovecot -n:
<pre>
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.10-7-desktop x86_64 openSUSE 13.1 (x86_64)
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
first_valid_gid = 999
first_valid_uid = 999
last_valid_gid = 999
last_valid_uid = 999
mail_location = maildir:~
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
passdb {
args = /etc/dovecot/vpasswd
driver = passwd-file
}
pop3_uidl_format = %g
protocols = imap pop3
ssl = no
userdb {
args = uid=vmail gid=vmail home=/var/spool/mail/%u
driver = static
}
</pre>
User 999 and group 999 is vmail. Here is content my vpasswd file (only for
test):
<pre>
user1@xxxxxxxxxxx:{PLAIN}password
</pre>
I set these Permissions:
<pre>
-r-------- 1 dovecot root ... vpasswd
</pre>
Test over telnet:
<pre>
telnet localhost 110
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
USER user1@xxxxxxxxxxx
+OK
PASS password
-ERR Authentication failed.
</pre>

Actual Results:
In mail log is this error:
<pre>
dovecot: auth: Error: passwd-file /etc/dovecot/vpasswd:
open(/etc/dovecot/vpasswd) failed: Permission denied (euid=482(dovecot)
egid=479(dovecot) missing +w perm: /etc/dovecot/vpasswd, dir owned by 0:0
mode=0755)
dovecot: auth:
passwd-file(user1@xxxxxxxxxxx,::1,<C8+XuiP38wAAAAAAAAAAAAAAAAAAAAAB>): no
passwd file: /etc/dovecot/vpasswd
</pre>

Expected Results:
Authentication in telnet:
<pre>
+OK Logged in.
</pre>
in mail log:
<pre>
dovecot: pop3-login: Login: user=<user1@xxxxxxxxxxx>, method=PLAIN, rip=::1,
lip=::1, mpid=6125, secured, session=<jGl6zzf3TwAAAAAAAAAAAAAAAAAAAAAB>
</pre>

Problem is IMHO in AppArmor, repair:
Into file:
<pre>
/etc/apparmor.d/local/usr.lib.dovecot.auth:
</pre>
add row:
<pre>
/etc/dovecot/vpasswd r,
</pre>
and then it works properly!

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
Follow Ups