Bug#934528: email gate and db/LDAP

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#934528: email gate and db/LDAP
From: Osamu Aoki <osamu@debian.org>
Date: Sun, 11 Aug 2019 23:27:46 +0000
Message-id: <[🔎] 20190811232746.GA5641@goofy.osamu.debian.net>
Reply-to: Osamu Aoki <osamu@debian.org>, 934528@bugs.debian.org

Source: developers-reference
Version: 3.4.26, 11.0.1
Severity: wishlist

Please mention email gate

https://lists.debian.org/debian-devel/1999/12/msg00627.html

by From: Jason Gunthorpe <jgg@ualberta.ca>

On Fri, 10 Dec 1999, Juan Cespedes wrote:

> I connect directly to db.debian.org, and I _think_ I get that message
> directly from db.debian.org.

Strange Strange

> BTW, is there any way to change the settings in the developper
> database without using the WWW server at db.debian.org? I remember
> there was a `change@db.debian.org', but I don't know how does it work.

There is of course the mailgateway.. If you run man ud-mailgate on a box
you can get the information on how to use it..

Jason

TITLE INFORMATION: ud-mailgate(1)
AUTHOR INFORMATION: userdir-ldap
DATE INFORMATION: 28 Sep 1999

NAME
ud-mailgate - PGP mail gateway to the LDAP directory

SYNOPSIS

ud-mailgate function

DESCRIPTION

ud-mailgate implements a PGP secured mail gateway to an LDAP directory that
allows users to safely and conviently effect changes to their entries. It
makes use of PGP signed input messages to positivly identify the user and
to confirm the validity of the request. Furthermore it implements a replay
cache that prevents the gateway from accepting the same message more than
once.

There are three functions logically split into 3 sperate email addresses
that are implemented by the gateway: ping, new password and
changes. The function to act on is the first argument to the program.

ud-mailgate was designed to take its message on stdin from a mailsystem like
Exim, with full message headers intact. It transparently decodes PGP/MIME
and PGP clearsigned messages and passes them through GnuPG for verification.
Support for PGP2.x users is maintained by passing options to GunPG that
generate encrypted messages they are able to decode, however this option
is only enabled for PGP2.x keys, OpenPGP keys use the new packet formats.

Error handling is currently done by generating a bounce message and passing
descriptive error text to the mailer. For mailers like Exim this generates a
very hard to read message, but it does have the relevent information
embedded in it.

PING

The ping command simply returns the users public record. It is usefull for
testing the gateway and for the requester to get a basic dump of their
record. In future this address might 'freshen' the record to indicate the
user is alive. Any PGP signed message will produce a reply.

NEW PASSWORD

If a user looses their password they can request that a new one be generated
for them. This is done by sending the phrase "Please change my Debian
password" to chpasswd@db.debian.org. The phrase is required to prevent the
daemon from triggering on arbitary signed email. The best way to invoke this
feature is with echo "Please change my Debian password" | gpg
--clearsign | mail chpasswd@db.debian.org
After validating the request the daemon will generate a new random password,
set it in the directory and respond with an ecrpyted message containing the
new password. The password can be changed using one of the other interface
methods.

CHANGES

An address is provided for making almost arbitary changes to the contents of
the record. The daemon parse its input line by line and acts on each line in
a command oriented manner. Anything, except for passwords, can be changed
using this mechanism. Note however that because this is a mail gateway it
does stringent checking on its input. The other tools allow fields to be set
to virtually anything, the gateway requires specific field formats to be met.

o Arbitary Change
A line of the form 'field: value' will change the contents of the field
to value. Some simple checks are performed on value to make sure that it is
not sent to nonsense. The values that can be changed are: c, l,
facsimiletelephonenumber, telephonenumber, postaladdress, postalcode,
loginshell, emailforward, ircnick, onvacation, and onvacation. See
ud-info(1) for information on the meanings of each field type.

o Latitude/Longitude Change
The daemon has a special parser to help changing latitude and longitude
values. It accepts several common formats for position information and
converts them to one of the standard forms. The permitted types are
D = Degrees, M = Minutes, S = Seconds, x = n,s,e,w
+-DDD.DDDDD, +- DDDMM.MMMM, +-DDDMMSS.SSSS [standard forms]
DDxMM.MMMM, DD:MM.MMMM x, DD:MM:SS.SSS X
and the request format is 'Lat: xxx Long: xxx' where xxx is one of the
permitted types. The resulting response will include how the input was
parsed and the value in decimal degrees.

o SSH RSA Authentication key load
Part of the replicated dataset is a virtual .ssh/authorized_keys file for
each user. The change address is the simplest way to set the RSA key(s) you
intend to use. Simply place a key on a line by itself, the full SSH key
format specification is supported, see sshd(8). Probably the most common way
to use this function will be cat .ssh/identity.pub | gpg --clearsign |
mail change@debian.org which will set the authentication key to the
identity you are using.

Multiple keys per user are supported, but they must all be sent at once.

o DNS Zone Entry
The only way to get a debian.net address is to use this mail gateway. It
will verify the request and prevent name collisions automatically. Requests
can take two forms: 'foo in a 1.2.3.4' or 'foo in cname foo.bar.'
The precise form is critical and must not be deviated from.

Like the SSH function above, multiple hosts are supported, but they must all
be sent at once. The debian.net zone is only reloaded once per day at
midnight -0700.

o Show Function
If the single word 'show' appears on a line then a PGP encrypted version
of the entire record will be attached to the result email.

After processing the requests the daemon will generate a report which contains
each input command and the action taken. If there are any parsing errors
processing stops immediately, but valid changes up to that point are
processed.

NOTES

In this document PGP refers to any message or key that GnuPG is
able to generate or parse, specificaly it includes both PGP2.x and OpenPGP
(aka GnuPG) keys.

Due to the replay cache the clock on the computer that generates the
signatures has to be accurate to at least one day. If it is off by several
months or more then the deamon will outright reject all messages.

Examples are given using GnuPG, but PGP 2.x can also be used. The correct
options to generate a clear signed ascii armored message in 'filter' mode
are pgp -fast which does the same as gpg --clearsign

Debian.org machines rely on secured replication to transfer login data out
of the database. Replication is performed at 15 min intervals so it can take
a short while before any changes made take effect.

FILES

o /etc/userdir-ldap/userdir-ldap.conf
Configuration variables to select what server and what base DN to use.

AUTHOR

userdir-ldap was written by Jason Gunthorpe <jgg@debian.org>.

-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

Reply to:

Prev by Date: Bug#934527: Sphinx conversion needs to take care appendix etc.
Next by Date: Bug#934529: New incoming system
Previous by thread: Bug#934527: Sphinx conversion needs to take care appendix etc.
Next by thread: Bug#934529: New incoming system
Index(es):
- Date
- Thread