citadel/serv_listsub.c

   1 /*
   2  * $Id$
   3  *
   4  * This module handles self-service subscription/unsubscription to mail lists.
   5  *
   6  * Copyright (C) 2002 by Art Cancro and others.
   7  * This code is released under the terms of the GNU General Public License.
   8  *
   9  */
  10
  11 #include "sysdep.h"
  12 #include <stdlib.h>
  13 #include <unistd.h>
  14 #include <stdio.h>
  15 #include <fcntl.h>
  16 #include <ctype.h>
  17 #include <signal.h>
  18 #include <pwd.h>
  19 #include <errno.h>
  20 #include <sys/types.h>
  21 #include <dirent.h>
  22 #if TIME_WITH_SYS_TIME
  23 # include <sys/time.h>
  24 # include <time.h>
  25 #else
  26 # if HAVE_SYS_TIME_H
  27 #  include <sys/time.h>
  28 # else
  29 #  include <time.h>
  30 # endif
  31 #endif
  32
  33 #include <sys/wait.h>
  34 #include <string.h>
  35 #include <limits.h>
  36 #include "citadel.h"
  37 #include "server.h"
  38 #include "sysdep_decls.h"
  39 #include "citserver.h"
  40 #include "support.h"
  41 #include "config.h"
  42 #include "dynloader.h"
  43 #include "room_ops.h"
  44 #include "user_ops.h"
  45 #include "policy.h"
  46 #include "database.h"
  47 #include "msgbase.h"
  48 #include "tools.h"
  49 #include "internet_addressing.h"
  50 #include "serv_network.h"
  51 #include "clientsocket.h"
  52 #include "file_ops.h"
  53
  54 #ifndef HAVE_SNPRINTF
  55 #include "snprintf.h"
  56 #endif
  57
  58
  59 /*
  60  * Generate a randomizationalisticized token to use for authentication of
  61  * a subscribe or unsubscribe request.
  62  */
  63 void listsub_generate_token(char *buf) {
  64         char sourcebuf[SIZ];
  65         static int seq = 0;
  66
  67         /* Theo, please sit down and shut up.  This key doesn't have to be
  68          * tinfoil-hat secure, it just needs to be reasonably unguessable
  69          * and unique.
  70          */
  71         sprintf(sourcebuf, "%lx",
  72                 (long) (++seq + getpid() + time(NULL))
  73         );
  74
  75         /* Convert it to base64 so it looks cool */
  76         encode_base64(buf, sourcebuf);
  77 }
  78
  79
  80 /*
  81  * Enter a subscription request
  82  */
  83 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
  84         struct quickroom qrbuf;
  85         FILE *ncfp;
  86         char filename[SIZ];
  87         char token[SIZ];
  88         char confirmation_request[SIZ];
  89         char urlroom[SIZ];
  90
  91         if (getroom(&qrbuf, room) != 0) {
  92                 cprintf("%d There is no list called '%s'\n", ERROR, room);
  93                 return;
  94         }
  95
  96         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
  97                 cprintf("%d '%s' "
  98                         "does not accept subscribe/unsubscribe requests.\n",
  99                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 100                 return;
 101         }
 102
 103         listsub_generate_token(token);
 104
 105         begin_critical_section(S_NETCONFIGS);
 106         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 107         ncfp = fopen(filename, "a");
 108         if (ncfp != NULL) {
 109                 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
 110                         email,
 111                         subtype,
 112                         token,
 113                         time(NULL),
 114                         webpage
 115                 );
 116                 fclose(ncfp);
 117         }
 118         end_critical_section(S_NETCONFIGS);
 119
 120         /* Generate and send the confirmation request */
 121
 122         urlesc(urlroom, qrbuf.QRname);
 123
 124         snprintf(confirmation_request, sizeof confirmation_request,
 125                 "Content-type: text/html\n\n"
 126                 "<HTML><BODY>"
 127                 "Someone (probably you) has submitted a request to subscribe\n"
 128                 "&lt;%s&gt; to the <B>%s</B> mailing list.<BR><BR>\n"
 129                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 130                 "Please click here to confirm this request.</A><BR><BR>\n"
 131                 "If this request has been submitted in error and you do not\n"
 132                 "wish to receive the '%s' mailing list, simply do nothing,\n"
 133                 "and you will not receive any further mailings.\n"
 134                 "</BODY></HTML>\n",
 135
 136                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 137         );
 138
 139         quickie_message(        /* This delivers the message */
 140                 "Citadel",
 141                 email,
 142                 NULL,
 143                 confirmation_request,
 144                 FMT_RFC822
 145         );
 146
 147         cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
 148 }
 149
 150
 151 /*
 152  * Enter an unsubscription request
 153  */
 154 void do_unsubscribe(char *room, char *email, char *webpage) {
 155         struct quickroom qrbuf;
 156         FILE *ncfp;
 157         char filename[SIZ];
 158         char token[SIZ];
 159         char buf[SIZ];
 160         char confirmation_request[SIZ];
 161         char urlroom[SIZ];
 162         char scancmd[SIZ];
 163         char scanemail[SIZ];
 164         int found_sub = 0;
 165
 166         if (getroom(&qrbuf, room) != 0) {
 167                 cprintf("%d There is no list called '%s'\n",
 168                         ERROR+ROOM_NOT_FOUND, room);
 169                 return;
 170         }
 171
 172         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 173                 cprintf("%d '%s' "
 174                         "does not accept subscribe/unsubscribe requests.\n",
 175                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 176                 return;
 177         }
 178
 179         listsub_generate_token(token);
 180
 181         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 182
 183         /*
 184          * Make sure there's actually a subscription there to remove
 185          */
 186         begin_critical_section(S_NETCONFIGS);
 187         ncfp = fopen(filename, "a");
 188         if (ncfp != NULL) {
 189                 while (fgets(buf, sizeof buf, ncfp) != NULL) {
 190                         extract(scancmd, buf, 0);
 191                         extract(scanemail, buf, 1);
 192                         if ((!strcasecmp(scancmd, "listrecp"))
 193                            || (!strcasecmp(scancmd, "digestrecp"))) {
 194                                 if (!strcasecmp(scanemail, email)) {
 195                                         ++found_sub;
 196                                 }
 197                         }
 198                 }
 199                 fclose(ncfp);
 200         }
 201         end_critical_section(S_NETCONFIGS);
 202
 203         if (found_sub == 0) {
 204                 cprintf("%d <%s> is not subscribed to '%s'.\n",
 205                         ERROR+NO_SUCH_USER,
 206                         email, qrbuf.QRname);
 207                 return;
 208         }
 209
 210         /*
 211          * Ok, now enter the unsubscribe-pending entry.
 212          */
 213         begin_critical_section(S_NETCONFIGS);
 214         ncfp = fopen(filename, "a");
 215         if (ncfp != NULL) {
 216                 fprintf(ncfp, "unsubpending|%s|%s|%ld|%s\n",
 217                         email,
 218                         token,
 219                         time(NULL),
 220                         webpage
 221                 );
 222                 fclose(ncfp);
 223         }
 224         end_critical_section(S_NETCONFIGS);
 225
 226         /* Generate and send the confirmation request */
 227
 228         urlesc(urlroom, qrbuf.QRname);
 229
 230         snprintf(confirmation_request, sizeof confirmation_request,
 231                 "Content-type: text/html\n\n"
 232                 "<HTML><BODY>"
 233                 "Someone (probably you) has submitted a request "
 234                 "to un subscribe\n"
 235                 "&lt;%s&gt; from the <B>%s</B> mailing list.<BR><BR>\n"
 236                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 237                 "Please click here to confirm this request.</A><BR><BR>\n"
 238                 "If this request has been submitted in error and you do not\n"
 239                 "wish to unsubscribe from the "
 240                 "'%s' mailing list, simply do nothing,\n"
 241                 "and you will remain subscribed to the list.\n"
 242                 "</BODY></HTML>\n",
 243
 244                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 245         );
 246
 247         quickie_message(        /* This delivers the message */
 248                 "Citadel",
 249                 email,
 250                 NULL,
 251                 confirmation_request,
 252                 FMT_RFC822
 253         );
 254
 255         cprintf("%d Unubscription noted; confirmation request sent\n", CIT_OK);
 256 }
 257
 258
 259 /*
 260  * Confirm a subscribe/unsubscribe request.
 261  */
 262 void do_confirm(char *room, char *token) {
 263         struct quickroom qrbuf;
 264         FILE *ncfp;
 265         char filename[SIZ];
 266         char line_token[SIZ];
 267         long line_offset;
 268         int line_length;
 269         char buf[SIZ];
 270         char cmd[SIZ];
 271         char email[SIZ];
 272         char subtype[SIZ];
 273         int success = 0;
 274
 275         if (getroom(&qrbuf, room) != 0) {
 276                 cprintf("%d There is no list called '%s'\n",
 277                         ERROR+ROOM_NOT_FOUND, room);
 278                 return;
 279         }
 280
 281         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 282                 cprintf("%d '%s' "
 283                         "does not accept subscribe/unsubscribe requests.\n",
 284                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 285                 return;
 286         }
 287
 288         begin_critical_section(S_NETCONFIGS);
 289         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 290         ncfp = fopen(filename, "r+");
 291         if (ncfp != NULL) {
 292                 while (line_offset = ftell(ncfp),
 293                       (fgets(buf, sizeof buf, ncfp) != NULL) ) {
 294                         buf[strlen(buf)-1] = 0;
 295                         line_length = strlen(buf);
 296                         extract(cmd, buf, 0);
 297                         if (!strcasecmp(cmd, "subpending")) {
 298                                 extract(email, buf, 1);
 299                                 extract(subtype, buf, 2);
 300                                 extract(line_token, buf, 3);
 301                                 if (!strcasecmp(token, line_token)) {
 302                                         if (!strcasecmp(subtype, "digest")) {
 303                                                 strcpy(buf, "digestrecp|");
 304                                         }
 305                                         else {
 306                                                 strcpy(buf, "listrecp|");
 307                                         }
 308                                         strcat(buf, email);
 309                                         strcat(buf, "|");
 310                                         /* SLEAZY HACK: pad the line out so
 311                                          * it's the same length as the line
 312                                          * we're replacing.
 313                                          */
 314                                         while (strlen(buf) < line_length) {
 315                                                 strcat(buf, " ");
 316                                         }
 317                                         fseek(ncfp, line_offset, SEEK_SET);
 318                                         fprintf(ncfp, "%s\n", buf);
 319                                         ++success;
 320                                 }
 321                         }
 322                 }
 323                 fclose(ncfp);
 324         }
 325         end_critical_section(S_NETCONFIGS);
 326
 327         if (success) {
 328                 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
 329         }
 330         else {
 331                 cprintf("%d Invalid token.\n", ERROR);
 332         }
 333
 334 }
 335
 336
 337
 338 /*
 339  * process subscribe/unsubscribe requests and confirmations
 340  */
 341 void cmd_subs(char *cmdbuf) {
 342
 343         char opr[SIZ];
 344         char room[SIZ];
 345         char email[SIZ];
 346         char subtype[SIZ];
 347         char token[SIZ];
 348         char webpage[SIZ];
 349
 350         extract(opr, cmdbuf, 0);
 351         if (!strcasecmp(opr, "subscribe")) {
 352                 extract(subtype, cmdbuf, 3);
 353                 if ( (strcasecmp(subtype, "list"))
 354                    && (strcasecmp(subtype, "digest")) ) {
 355                         cprintf("%d Invalid subscription type.\n", ERROR);
 356                 }
 357                 else {
 358                         extract(room, cmdbuf, 1);
 359                         extract(email, cmdbuf, 2);
 360                         extract(webpage, cmdbuf, 4);
 361                         do_subscribe(room, email, subtype, webpage);
 362                 }
 363         }
 364         else if (!strcasecmp(opr, "unsubscribe")) {
 365                 extract(room, cmdbuf, 1);
 366                 extract(email, cmdbuf, 2);
 367                 extract(webpage, cmdbuf, 4);
 368                 do_unsubscribe(room, email, webpage);
 369         }
 370         else if (!strcasecmp(opr, "confirm")) {
 371                 extract(room, cmdbuf, 1);
 372                 extract(token, cmdbuf, 2);
 373                 do_confirm(room, token);
 374         }
 375         else {
 376                 cprintf("%d Invalid command\n", ERROR);
 377         }
 378 }
 379
 380
 381 /*
 382  * Module entry point
 383  */
 384 char *Dynamic_Module_Init(void)
 385 {
 386         CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
 387         return "$Id$";
 388 }