diff --git a/src/plugins/acl/acl-attributes.c b/src/plugins/acl/acl-attributes.c
index 7590521a4b..7b44451fce 100644
--- a/src/plugins/acl/acl-attributes.c
+++ b/src/plugins/acl/acl-attributes.c
@@ -138,7 +138,7 @@ int acl_attribute_set(struct mailbox_transaction_context *t,
 		      enum mail_attribute_type type, const char *key,
 		      const struct mail_attribute_value *value)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(t->box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(t->box);
 
 	if (acl_have_attribute_rights(t->box) < 0)
 		return -1;
@@ -152,7 +152,7 @@ int acl_attribute_get(struct mailbox *box,
 		      enum mail_attribute_type type, const char *key,
 		      struct mail_attribute_value *value_r)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 
 	if (acl_have_attribute_rights(box) < 0)
 		return -1;
@@ -166,7 +166,7 @@ struct mailbox_attribute_iter *
 acl_attribute_iter_init(struct mailbox *box, enum mail_attribute_type type,
 			const char *prefix)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	struct acl_mailbox_attribute_iter *aiter;
 
 	aiter = i_new(struct acl_mailbox_attribute_iter, 1);
@@ -214,7 +214,7 @@ const char *acl_attribute_iter_next(struct mailbox_attribute_iter *iter)
 {
 	struct acl_mailbox_attribute_iter *aiter =
 		(struct acl_mailbox_attribute_iter *)iter;
-	struct acl_mailbox *abox = ACL_CONTEXT(iter->box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(iter->box);
 	const char *key;
 
 	if (aiter->super == NULL)
@@ -230,7 +230,7 @@ int acl_attribute_iter_deinit(struct mailbox_attribute_iter *iter)
 {
 	struct acl_mailbox_attribute_iter *aiter =
 		(struct acl_mailbox_attribute_iter *)iter;
-	struct acl_mailbox *abox = ACL_CONTEXT(iter->box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(iter->box);
 	int ret = aiter->failed ? -1 : 0;
 
 	if (aiter->super != NULL) {
diff --git a/src/plugins/acl/acl-backend-vfile-acllist.c b/src/plugins/acl/acl-backend-vfile-acllist.c
index aadfd4065e..4baab1bf0f 100644
--- a/src/plugins/acl/acl-backend-vfile-acllist.c
+++ b/src/plugins/acl/acl-backend-vfile-acllist.c
@@ -312,7 +312,7 @@ acl_backend_vfile_acllist_try_rebuild(struct acl_backend_vfile *backend)
 	}
 	if (ret == 0) {
 		struct acl_user *auser = ACL_USER_CONTEXT(ns->user);
-
+		i_assert(auser != NULL);
 		backend->acllist_mtime = st.st_mtime;
 		backend->acllist_last_check = ioloop_time;
 		/* FIXME: dict rebuild is expensive, try to avoid it */
diff --git a/src/plugins/acl/acl-lookup-dict.c b/src/plugins/acl/acl-lookup-dict.c
index a6c5e2e15e..063e8b5ad7 100644
--- a/src/plugins/acl/acl-lookup-dict.c
+++ b/src/plugins/acl/acl-lookup-dict.c
@@ -302,6 +302,8 @@ acl_lookup_dict_iterate_visible_init(struct acl_lookup_dict *dict)
 	unsigned int i;
 	pool_t pool;
 
+	i_assert(auser != NULL);
+
 	pool = pool_alloconly_create("acl lookup dict iter", 1024);
 	iter = p_new(pool, struct acl_lookup_dict_iter, 1);
 	iter->pool = pool;
diff --git a/src/plugins/acl/acl-mailbox-list.c b/src/plugins/acl/acl-mailbox-list.c
index 4a16f62628..ad0bea8152 100644
--- a/src/plugins/acl/acl-mailbox-list.c
+++ b/src/plugins/acl/acl-mailbox-list.c
@@ -41,7 +41,7 @@ static const char *acl_storage_right_names[ACL_STORAGE_RIGHT_COUNT] = {
 };
 
 #define ACL_LIST_ITERATE_CONTEXT(obj) \
-	MODULE_CONTEXT(obj, acl_mailbox_list_module)
+	MODULE_CONTEXT_REQUIRE(obj, acl_mailbox_list_module)
 
 struct acl_mailbox_list_module acl_mailbox_list_module =
 	MODULE_CONTEXT_INIT(&mailbox_list_module_register);
diff --git a/src/plugins/acl/acl-mailbox.c b/src/plugins/acl/acl-mailbox.c
index 7902e5eaa7..5ebf783c6a 100644
--- a/src/plugins/acl/acl-mailbox.c
+++ b/src/plugins/acl/acl-mailbox.c
@@ -15,7 +15,7 @@
 #include <sys/stat.h>
 
 #define ACL_MAIL_CONTEXT(obj) \
-	MODULE_CONTEXT(obj, acl_mail_module)
+	MODULE_CONTEXT_REQUIRE(obj, acl_mail_module)
 
 struct acl_transaction_context {
 	union mailbox_transaction_module_context module_ctx;
@@ -26,14 +26,14 @@ static struct acl_transaction_context acl_transaction_failure;
 
 struct acl_object *acl_mailbox_get_aclobj(struct mailbox *box)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 
 	return abox->aclobj;
 }
 
 int acl_mailbox_right_lookup(struct mailbox *box, unsigned int right_idx)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(box->list);
 	int ret;
 
@@ -56,7 +56,7 @@ int acl_mailbox_right_lookup(struct mailbox *box, unsigned int right_idx)
 
 static bool acl_is_readonly(struct mailbox *box)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	enum acl_storage_rights save_right;
 
 	if (abox->module_ctx.super.is_readonly(box))
@@ -81,7 +81,7 @@ static bool acl_is_readonly(struct mailbox *box)
 
 static void acl_mailbox_free(struct mailbox *box)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 
 	acl_object_deinit(&abox->aclobj);
 	abox->module_ctx.super.free(box);
@@ -89,7 +89,7 @@ static void acl_mailbox_free(struct mailbox *box)
 
 static void acl_mailbox_copy_acls_from_parent(struct mailbox *box)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(box->list);
 	struct acl_object *parent_aclobj;
 	struct acl_object_list_iter *iter;
@@ -116,7 +116,7 @@ static int
 acl_mailbox_create(struct mailbox *box, const struct mailbox_update *update,
 		   bool directory)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	int ret;
 
 	if (!mailbox_is_autocreated(box)) {
@@ -155,7 +155,7 @@ acl_mailbox_create(struct mailbox *box, const struct mailbox_update *update,
 static int
 acl_mailbox_update(struct mailbox *box, const struct mailbox_update *update)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	int ret;
 
 	ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_ADMIN);
@@ -181,7 +181,7 @@ static void acl_mailbox_fail_not_found(struct mailbox *box)
 static int
 acl_mailbox_delete(struct mailbox *box)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	int ret;
 
 	ret = acl_mailbox_right_lookup(box, ACL_STORAGE_RIGHT_DELETE);
@@ -197,7 +197,7 @@ acl_mailbox_delete(struct mailbox *box)
 static int
 acl_mailbox_rename(struct mailbox *src, struct mailbox *dest)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(src);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(src);
 	int ret;
 
 	/* renaming requires rights to delete the old mailbox */
@@ -387,7 +387,7 @@ static int
 acl_save_begin(struct mail_save_context *ctx, struct istream *input)
 {
 	struct mailbox *box = ctx->transaction->box;
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	enum acl_storage_rights save_right;
 
 	save_right = (box->flags & MAILBOX_FLAG_POST_SESSION) != 0 ?
@@ -427,7 +427,7 @@ static int
 acl_copy(struct mail_save_context *ctx, struct mail *mail)
 {
 	struct mailbox_transaction_context *t = ctx->transaction;
-	struct acl_mailbox *abox = ACL_CONTEXT(t->box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(t->box);
 
 	if (!acl_copy_has_rights(ctx, mail)) {
 		mailbox_save_cancel(&ctx);
@@ -450,6 +450,8 @@ acl_transaction_commit(struct mailbox_transaction_context *ctx,
 		return -1;
 	}
 
+	i_assert(abox != NULL);
+
 	ret = abox->module_ctx.super.transaction_commit(ctx, changes_r);
 	if (abox->no_read_right) {
 		/* don't allow IMAP client to see what UIDs the messages got */
@@ -461,7 +463,7 @@ acl_transaction_commit(struct mailbox_transaction_context *ctx,
 static int acl_mailbox_exists(struct mailbox *box, bool auto_boxes,
 			      enum mailbox_existence *existence_r)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	const char *const *rights;
 	unsigned int i;
 
@@ -487,7 +489,7 @@ static int acl_mailbox_exists(struct mailbox *box, bool auto_boxes,
 
 static int acl_mailbox_open_check_acl(struct mailbox *box)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 	struct acl_mailbox_list *alist = ACL_LIST_CONTEXT(box->list);
 	const unsigned int *idx_arr = alist->rights.acl_storage_right_idx;
 	enum acl_storage_rights open_right;
@@ -529,7 +531,7 @@ static int acl_mailbox_open_check_acl(struct mailbox *box)
 
 static int acl_mailbox_open(struct mailbox *box)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 
 	if (acl_mailbox_open_check_acl(box) < 0)
 		return -1;
@@ -541,7 +543,7 @@ static int acl_mailbox_get_status(struct mailbox *box,
 				  enum mailbox_status_items items,
 				  struct mailbox_status *status_r)
 {
-	struct acl_mailbox *abox = ACL_CONTEXT(box);
+	struct acl_mailbox *abox = ACL_CONTEXT_REQUIRE(box);
 
 	if (abox->module_ctx.super.get_status(box, items, status_r) < 0)
 		return -1;
diff --git a/src/plugins/acl/acl-plugin.h b/src/plugins/acl/acl-plugin.h
index 862a7d99f2..ba6d59bd67 100644
--- a/src/plugins/acl/acl-plugin.h
+++ b/src/plugins/acl/acl-plugin.h
@@ -8,6 +8,8 @@
 
 #define ACL_CONTEXT(obj) \
 	MODULE_CONTEXT(obj, acl_storage_module)
+#define ACL_CONTEXT_REQUIRE(obj) \
+	MODULE_CONTEXT_REQUIRE(obj, acl_storage_module)
 #define ACL_LIST_CONTEXT(obj) \
 	MODULE_CONTEXT(obj, acl_mailbox_list_module)
 #define ACL_USER_CONTEXT(obj) \
diff --git a/src/plugins/acl/acl-shared-storage.c b/src/plugins/acl/acl-shared-storage.c
index abac56ca6a..5ebe0601fd 100644
--- a/src/plugins/acl/acl-shared-storage.c
+++ b/src/plugins/acl/acl-shared-storage.c
@@ -84,6 +84,7 @@ int acl_shared_namespaces_add(struct mail_namespace *ns)
 	struct acl_lookup_dict_iter *iter;
 	const char *name;
 
+	i_assert(auser != NULL && alist != NULL);
 	i_assert(ns->type == MAIL_NAMESPACE_TYPE_SHARED);
 	i_assert(strcmp(storage->name, MAIL_SHARED_STORAGE_NAME) == 0);
 
diff --git a/src/plugins/acl/acl-storage.c b/src/plugins/acl/acl-storage.c
index fceeb2c599..a59c8891d7 100644
--- a/src/plugins/acl/acl-storage.c
+++ b/src/plugins/acl/acl-storage.c
@@ -19,6 +19,7 @@ static void acl_user_deinit(struct mail_user *user)
 {
 	struct acl_user *auser = ACL_USER_CONTEXT(user);
 
+	i_assert(auser != NULL);
 	acl_lookup_dict_deinit(&auser->acl_lookup_dict);
 	auser->module_ctx.super.deinit(user);
 }