citadel/serv_listsub.c

   1 /*
   2  * $Id$
   3  *
   4  * This module handles self-service subscription/unsubscription to mail lists.
   5  *
   6  * Copyright (C) 2002 by Art Cancro and others.
   7  * This code is released under the terms of the GNU General Public License.
   8  *
   9  */
  10
  11 #include "sysdep.h"
  12 #include <stdlib.h>
  13 #include <unistd.h>
  14 #include <stdio.h>
  15 #include <fcntl.h>
  16 #include <ctype.h>
  17 #include <signal.h>
  18 #include <pwd.h>
  19 #include <errno.h>
  20 #include <sys/types.h>
  21 #include <dirent.h>
  22 #if TIME_WITH_SYS_TIME
  23 # include <sys/time.h>
  24 # include <time.h>
  25 #else
  26 # if HAVE_SYS_TIME_H
  27 #  include <sys/time.h>
  28 # else
  29 #  include <time.h>
  30 # endif
  31 #endif
  32
  33 #include <sys/wait.h>
  34 #include <string.h>
  35 #include <limits.h>
  36 #include "citadel.h"
  37 #include "server.h"
  38 #include "sysdep_decls.h"
  39 #include "citserver.h"
  40 #include "support.h"
  41 #include "config.h"
  42 #include "dynloader.h"
  43 #include "room_ops.h"
  44 #include "user_ops.h"
  45 #include "policy.h"
  46 #include "database.h"
  47 #include "msgbase.h"
  48 #include "tools.h"
  49 #include "internet_addressing.h"
  50 #include "serv_network.h"
  51 #include "clientsocket.h"
  52 #include "file_ops.h"
  53
  54 #ifndef HAVE_SNPRINTF
  55 #include "snprintf.h"
  56 #endif
  57
  58
  59 /*
  60  * Generate a randomizationalisticized token to use for authentication of
  61  * a subscribe or unsubscribe request.
  62  */
  63 void listsub_generate_token(char *buf) {
  64         char sourcebuf[SIZ];
  65         static int seq = 0;
  66
  67         /* Theo, please sit down and shut up.  This key doesn't have to be
  68          * tinfoil-hat secure, it just needs to be reasonably unguessable
  69          * and unique.
  70          */
  71         sprintf(sourcebuf, "%lx",
  72                 (long) (++seq + getpid() + time(NULL))
  73         );
  74
  75         /* Convert it to base64 so it looks cool */
  76         encode_base64(buf, sourcebuf);
  77 }
  78
  79
  80 /*
  81  * Enter a subscription request
  82  */
  83 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
  84         struct quickroom qrbuf;
  85         FILE *ncfp;
  86         char filename[SIZ];
  87         char token[SIZ];
  88         char confirmation_request[SIZ];
  89         char urlroom[SIZ];
  90
  91         if (getroom(&qrbuf, room) != 0) {
  92                 cprintf("%d There is no list called '%s'\n", ERROR, room);
  93                 return;
  94         }
  95
  96         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
  97                 cprintf("%d '%s' "
  98                         "does not accept subscribe/unsubscribe requests.\n",
  99                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 100                 return;
 101         }
 102
 103         listsub_generate_token(token);
 104
 105         begin_critical_section(S_NETCONFIGS);
 106         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 107         ncfp = fopen(filename, "a");
 108         if (ncfp != NULL) {
 109                 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
 110                         email,
 111                         subtype,
 112                         token,
 113                         time(NULL),
 114                         webpage
 115                 );
 116                 fclose(ncfp);
 117         }
 118         end_critical_section(S_NETCONFIGS);
 119
 120         /* Generate and send the confirmation request */
 121
 122         urlesc(urlroom, qrbuf.QRname);
 123
 124         snprintf(confirmation_request, sizeof confirmation_request,
 125                 "Content-type: text/html\n\n"
 126                 "<HTML><BODY>"
 127                 "Someone (probably you) has submitted a request to subscribe\n"
 128                 "&lt;%s&gt; to the <B>%s</B> mailing list.<BR><BR>\n"
 129                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 130                 "Please click here to confirm this request.</A><BR><BR>\n"
 131                 "If this request has been submitted in error and you do not\n"
 132                 "wish to receive the '%s' mailing list, simply do nothing,\n"
 133                 "and you will not receive any further mailings.\n"
 134                 "</BODY></HTML>\n",
 135
 136                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 137         );
 138
 139         quickie_message(        /* This delivers the message */
 140                 "Citadel",
 141                 email,
 142                 NULL,
 143                 confirmation_request,
 144                 FMT_RFC822
 145         );
 146
 147         cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
 148 }
 149
 150
 151 /*
 152  * Enter an unsubscription request
 153  */
 154 void do_unsubscribe(char *room, char *email, char *webpage) {
 155         struct quickroom qrbuf;
 156         FILE *ncfp;
 157         char filename[SIZ];
 158         char token[SIZ];
 159         char buf[SIZ];
 160         char confirmation_request[SIZ];
 161         char urlroom[SIZ];
 162         char scancmd[SIZ];
 163         char scanemail[SIZ];
 164         int found_sub = 0;
 165
 166         if (getroom(&qrbuf, room) != 0) {
 167                 cprintf("%d There is no list called '%s'\n",
 168                         ERROR+ROOM_NOT_FOUND, room);
 169                 return;
 170         }
 171
 172         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 173                 cprintf("%d '%s' "
 174                         "does not accept subscribe/unsubscribe requests.\n",
 175                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 176                 return;
 177         }
 178
 179         listsub_generate_token(token);
 180
 181         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 182
 183         /*
 184          * Make sure there's actually a subscription there to remove
 185          */
 186         begin_critical_section(S_NETCONFIGS);
 187         ncfp = fopen(filename, "r");
 188         if (ncfp != NULL) {
 189                 while (fgets(buf, sizeof buf, ncfp) != NULL) {
 190                         buf[strlen(buf)-1] = 0;
 191                         extract(scancmd, buf, 0);
 192                         extract(scanemail, buf, 1);
 193                         if ((!strcasecmp(scancmd, "listrecp"))
 194                            || (!strcasecmp(scancmd, "digestrecp"))) {
 195                                 if (!strcasecmp(scanemail, email)) {
 196                                         ++found_sub;
 197                                 }
 198                         }
 199                 }
 200                 fclose(ncfp);
 201         }
 202         end_critical_section(S_NETCONFIGS);
 203
 204         if (found_sub == 0) {
 205                 cprintf("%d '%s' is not subscribed to '%s'.\n",
 206                         ERROR+NO_SUCH_USER,
 207                         email, qrbuf.QRname);
 208                 return;
 209         }
 210
 211         /*
 212          * Ok, now enter the unsubscribe-pending entry.
 213          */
 214         begin_critical_section(S_NETCONFIGS);
 215         ncfp = fopen(filename, "a");
 216         if (ncfp != NULL) {
 217                 fprintf(ncfp, "unsubpending|%s|%s|%ld|%s\n",
 218                         email,
 219                         token,
 220                         time(NULL),
 221                         webpage
 222                 );
 223                 fclose(ncfp);
 224         }
 225         end_critical_section(S_NETCONFIGS);
 226
 227         /* Generate and send the confirmation request */
 228
 229         urlesc(urlroom, qrbuf.QRname);
 230
 231         snprintf(confirmation_request, sizeof confirmation_request,
 232                 "Content-type: text/html\n\n"
 233                 "<HTML><BODY>"
 234                 "Someone (probably you) has submitted a request "
 235                 "to un subscribe\n"
 236                 "&lt;%s&gt; from the <B>%s</B> mailing list.<BR><BR>\n"
 237                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 238                 "Please click here to confirm this request.</A><BR><BR>\n"
 239                 "If this request has been submitted in error and you do not\n"
 240                 "wish to unsubscribe from the "
 241                 "'%s' mailing list, simply do nothing,\n"
 242                 "and you will remain subscribed to the list.\n"
 243                 "</BODY></HTML>\n",
 244
 245                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 246         );
 247
 248         quickie_message(        /* This delivers the message */
 249                 "Citadel",
 250                 email,
 251                 NULL,
 252                 confirmation_request,
 253                 FMT_RFC822
 254         );
 255
 256         cprintf("%d Unubscription noted; confirmation request sent\n", CIT_OK);
 257 }
 258
 259
 260 /*
 261  * Confirm a subscribe/unsubscribe request.
 262  */
 263 void do_confirm(char *room, char *token) {
 264         struct quickroom qrbuf;
 265         FILE *ncfp;
 266         char filename[SIZ];
 267         char line_token[SIZ];
 268         long line_offset;
 269         int line_length;
 270         char buf[SIZ];
 271         char cmd[SIZ];
 272         char email[SIZ];
 273         char subtype[SIZ];
 274         int success = 0;
 275
 276         if (getroom(&qrbuf, room) != 0) {
 277                 cprintf("%d There is no list called '%s'\n",
 278                         ERROR+ROOM_NOT_FOUND, room);
 279                 return;
 280         }
 281
 282         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 283                 cprintf("%d '%s' "
 284                         "does not accept subscribe/unsubscribe requests.\n",
 285                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 286                 return;
 287         }
 288
 289         begin_critical_section(S_NETCONFIGS);
 290         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 291         ncfp = fopen(filename, "r+");
 292         if (ncfp != NULL) {
 293                 while (line_offset = ftell(ncfp),
 294                       (fgets(buf, sizeof buf, ncfp) != NULL) ) {
 295                         buf[strlen(buf)-1] = 0;
 296                         line_length = strlen(buf);
 297                         extract(cmd, buf, 0);
 298                         if (!strcasecmp(cmd, "subpending")) {
 299                                 extract(email, buf, 1);
 300                                 extract(subtype, buf, 2);
 301                                 extract(line_token, buf, 3);
 302                                 if (!strcasecmp(token, line_token)) {
 303                                         if (!strcasecmp(subtype, "digest")) {
 304                                                 strcpy(buf, "digestrecp|");
 305                                         }
 306                                         else {
 307                                                 strcpy(buf, "listrecp|");
 308                                         }
 309                                         strcat(buf, email);
 310                                         strcat(buf, "|");
 311                                         /* SLEAZY HACK: pad the line out so
 312                                          * it's the same length as the line
 313                                          * we're replacing.
 314                                          */
 315                                         while (strlen(buf) < line_length) {
 316                                                 strcat(buf, " ");
 317                                         }
 318                                         fseek(ncfp, line_offset, SEEK_SET);
 319                                         fprintf(ncfp, "%s\n", buf);
 320                                         ++success;
 321                                 }
 322                         }
 323                 }
 324                 fclose(ncfp);
 325         }
 326         end_critical_section(S_NETCONFIGS);
 327
 328         if (success) {
 329                 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
 330         }
 331         else {
 332                 cprintf("%d Invalid token.\n", ERROR);
 333         }
 334
 335 }
 336
 337
 338
 339 /*
 340  * process subscribe/unsubscribe requests and confirmations
 341  */
 342 void cmd_subs(char *cmdbuf) {
 343
 344         char opr[SIZ];
 345         char room[SIZ];
 346         char email[SIZ];
 347         char subtype[SIZ];
 348         char token[SIZ];
 349         char webpage[SIZ];
 350
 351         extract(opr, cmdbuf, 0);
 352         if (!strcasecmp(opr, "subscribe")) {
 353                 extract(subtype, cmdbuf, 3);
 354                 if ( (strcasecmp(subtype, "list"))
 355                    && (strcasecmp(subtype, "digest")) ) {
 356                         cprintf("%d Invalid subscription type.\n", ERROR);
 357                 }
 358                 else {
 359                         extract(room, cmdbuf, 1);
 360                         extract(email, cmdbuf, 2);
 361                         extract(webpage, cmdbuf, 4);
 362                         do_subscribe(room, email, subtype, webpage);
 363                 }
 364         }
 365         else if (!strcasecmp(opr, "unsubscribe")) {
 366                 extract(room, cmdbuf, 1);
 367                 extract(email, cmdbuf, 2);
 368                 extract(webpage, cmdbuf, 4);
 369                 do_unsubscribe(room, email, webpage);
 370         }
 371         else if (!strcasecmp(opr, "confirm")) {
 372                 extract(room, cmdbuf, 1);
 373                 extract(token, cmdbuf, 2);
 374                 do_confirm(room, token);
 375         }
 376         else {
 377                 cprintf("%d Invalid command\n", ERROR);
 378         }
 379 }
 380
 381
 382 /*
 383  * Module entry point
 384  */
 385 char *Dynamic_Module_Init(void)
 386 {
 387         CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
 388         return "$Id$";
 389 }