citadel/serv_listsub.c

   1 /*
   2  * $Id$
   3  *
   4  * This module handles self-service subscription/unsubscription to mail lists.
   5  *
   6  * Copyright (C) 2002 by Art Cancro and others.
   7  * This code is released under the terms of the GNU General Public License.
   8  *
   9  */
  10
  11 #include "sysdep.h"
  12 #include <stdlib.h>
  13 #include <unistd.h>
  14 #include <stdio.h>
  15 #include <fcntl.h>
  16 #include <ctype.h>
  17 #include <signal.h>
  18 #include <pwd.h>
  19 #include <errno.h>
  20 #include <sys/types.h>
  21 #include <dirent.h>
  22 #if TIME_WITH_SYS_TIME
  23 # include <sys/time.h>
  24 # include <time.h>
  25 #else
  26 # if HAVE_SYS_TIME_H
  27 #  include <sys/time.h>
  28 # else
  29 #  include <time.h>
  30 # endif
  31 #endif
  32
  33 #include <sys/wait.h>
  34 #include <string.h>
  35 #include <limits.h>
  36 #include "citadel.h"
  37 #include "server.h"
  38 #include "sysdep_decls.h"
  39 #include "citserver.h"
  40 #include "support.h"
  41 #include "config.h"
  42 #include "dynloader.h"
  43 #include "room_ops.h"
  44 #include "user_ops.h"
  45 #include "policy.h"
  46 #include "database.h"
  47 #include "msgbase.h"
  48 #include "tools.h"
  49 #include "internet_addressing.h"
  50 #include "serv_network.h"
  51 #include "clientsocket.h"
  52 #include "file_ops.h"
  53
  54 #ifndef HAVE_SNPRINTF
  55 #include "snprintf.h"
  56 #endif
  57
  58
  59 /*
  60  * Generate a randomizationalisticized token to use for authentication of
  61  * a subscribe or unsubscribe request.
  62  */
  63 void listsub_generate_token(char *buf) {
  64         char sourcebuf[SIZ];
  65         static int seq = 0;
  66
  67         /* Theo, please sit down and shut up.  This key doesn't have to be
  68          * tinfoil-hat secure, it just needs to be reasonably unguessable
  69          * and unique.
  70          */
  71         sprintf(sourcebuf, "%lx",
  72                 (long) (++seq + getpid() + time(NULL))
  73         );
  74
  75         /* Convert it to base64 so it looks cool */
  76         encode_base64(buf, sourcebuf);
  77 }
  78
  79
  80 /*
  81  * Enter a subscription request
  82  */
  83 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
  84         struct quickroom qrbuf;
  85         FILE *ncfp;
  86         char filename[SIZ];
  87         char token[SIZ];
  88         char confirmation_request[SIZ];
  89         char buf[SIZ];
  90         char urlroom[SIZ];
  91         char scancmd[SIZ];
  92         char scanemail[SIZ];
  93         int found_sub = 0;
  94
  95         if (getroom(&qrbuf, room) != 0) {
  96                 cprintf("%d There is no list called '%s'\n", ERROR, room);
  97                 return;
  98         }
  99
 100         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 101                 cprintf("%d '%s' "
 102                         "does not accept subscribe/unsubscribe requests.\n",
 103                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 104                 return;
 105         }
 106
 107         listsub_generate_token(token);
 108
 109         /*
 110          * Make sure the requested address isn't already subscribed
 111          */
 112         begin_critical_section(S_NETCONFIGS);
 113         ncfp = fopen(filename, "r");
 114         if (ncfp != NULL) {
 115                 while (fgets(buf, sizeof buf, ncfp) != NULL) {
 116                         buf[strlen(buf)-1] = 0;
 117                         extract(scancmd, buf, 0);
 118                         extract(scanemail, buf, 1);
 119                         if ((!strcasecmp(scancmd, "listrecp"))
 120                            || (!strcasecmp(scancmd, "digestrecp"))) {
 121                                 if (!strcasecmp(scanemail, email)) {
 122                                         ++found_sub;
 123                                 }
 124                         }
 125                 }
 126                 fclose(ncfp);
 127         }
 128         end_critical_section(S_NETCONFIGS);
 129
 130         if (found_sub != 0) {
 131                 cprintf("%d '%s' is already subscribed to '%s'.\n",
 132                         ERROR,
 133                         email, qrbuf.QRname);
 134                 return;
 135         }
 136
 137         /*
 138          * Now add it to the file
 139          */
 140         begin_critical_section(S_NETCONFIGS);
 141         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 142         ncfp = fopen(filename, "a");
 143         if (ncfp != NULL) {
 144                 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
 145                         email,
 146                         subtype,
 147                         token,
 148                         time(NULL),
 149                         webpage
 150                 );
 151                 fclose(ncfp);
 152         }
 153         end_critical_section(S_NETCONFIGS);
 154
 155         /* Generate and send the confirmation request */
 156
 157         urlesc(urlroom, qrbuf.QRname);
 158
 159         snprintf(confirmation_request, sizeof confirmation_request,
 160                 "Content-type: text/html\n\n"
 161                 "<HTML><BODY>"
 162                 "Someone (probably you) has submitted a request to subscribe\n"
 163                 "&lt;%s&gt; to the <B>%s</B> mailing list.<BR><BR>\n"
 164                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 165                 "Please click here to confirm this request.</A><BR><BR>\n"
 166                 "If this request has been submitted in error and you do not\n"
 167                 "wish to receive the '%s' mailing list, simply do nothing,\n"
 168                 "and you will not receive any further mailings.\n"
 169                 "</BODY></HTML>\n",
 170
 171                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 172         );
 173
 174         quickie_message(        /* This delivers the message */
 175                 "Citadel",
 176                 email,
 177                 NULL,
 178                 confirmation_request,
 179                 FMT_RFC822
 180         );
 181
 182         cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
 183 }
 184
 185
 186 /*
 187  * Enter an unsubscription request
 188  */
 189 void do_unsubscribe(char *room, char *email, char *webpage) {
 190         struct quickroom qrbuf;
 191         FILE *ncfp;
 192         char filename[SIZ];
 193         char token[SIZ];
 194         char buf[SIZ];
 195         char confirmation_request[SIZ];
 196         char urlroom[SIZ];
 197         char scancmd[SIZ];
 198         char scanemail[SIZ];
 199         int found_sub = 0;
 200
 201         if (getroom(&qrbuf, room) != 0) {
 202                 cprintf("%d There is no list called '%s'\n",
 203                         ERROR+ROOM_NOT_FOUND, room);
 204                 return;
 205         }
 206
 207         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 208                 cprintf("%d '%s' "
 209                         "does not accept subscribe/unsubscribe requests.\n",
 210                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 211                 return;
 212         }
 213
 214         listsub_generate_token(token);
 215
 216         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 217
 218         /*
 219          * Make sure there's actually a subscription there to remove
 220          */
 221         begin_critical_section(S_NETCONFIGS);
 222         ncfp = fopen(filename, "r");
 223         if (ncfp != NULL) {
 224                 while (fgets(buf, sizeof buf, ncfp) != NULL) {
 225                         buf[strlen(buf)-1] = 0;
 226                         extract(scancmd, buf, 0);
 227                         extract(scanemail, buf, 1);
 228                         if ((!strcasecmp(scancmd, "listrecp"))
 229                            || (!strcasecmp(scancmd, "digestrecp"))) {
 230                                 if (!strcasecmp(scanemail, email)) {
 231                                         ++found_sub;
 232                                 }
 233                         }
 234                 }
 235                 fclose(ncfp);
 236         }
 237         end_critical_section(S_NETCONFIGS);
 238
 239         if (found_sub == 0) {
 240                 cprintf("%d '%s' is not subscribed to '%s'.\n",
 241                         ERROR+NO_SUCH_USER,
 242                         email, qrbuf.QRname);
 243                 return;
 244         }
 245
 246         /*
 247          * Ok, now enter the unsubscribe-pending entry.
 248          */
 249         begin_critical_section(S_NETCONFIGS);
 250         ncfp = fopen(filename, "a");
 251         if (ncfp != NULL) {
 252                 fprintf(ncfp, "unsubpending|%s|%s|%ld|%s\n",
 253                         email,
 254                         token,
 255                         time(NULL),
 256                         webpage
 257                 );
 258                 fclose(ncfp);
 259         }
 260         end_critical_section(S_NETCONFIGS);
 261
 262         /* Generate and send the confirmation request */
 263
 264         urlesc(urlroom, qrbuf.QRname);
 265
 266         snprintf(confirmation_request, sizeof confirmation_request,
 267                 "Content-type: text/html\n\n"
 268                 "<HTML><BODY>"
 269                 "Someone (probably you) has submitted a request "
 270                 "to unsubscribe\n"
 271                 "&lt;%s&gt; from the <B>%s</B> mailing list.<BR><BR>\n"
 272                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 273                 "Please click here to confirm this request.</A><BR><BR>\n"
 274                 "If this request has been submitted in error and you do\n"
 275                 "<i>not</i> wish to unsubscribe from the "
 276                 "'%s' mailing list, simply do nothing,\n"
 277                 "and you will remain subscribed to the list.\n"
 278                 "</BODY></HTML>\n",
 279
 280                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 281         );
 282
 283         quickie_message(        /* This delivers the message */
 284                 "Citadel",
 285                 email,
 286                 NULL,
 287                 confirmation_request,
 288                 FMT_RFC822
 289         );
 290
 291         cprintf("%d Unubscription noted; confirmation request sent\n", CIT_OK);
 292 }
 293
 294
 295 /*
 296  * Confirm a subscribe/unsubscribe request.
 297  */
 298 void do_confirm(char *room, char *token) {
 299         struct quickroom qrbuf;
 300         FILE *ncfp;
 301         char filename[SIZ];
 302         char line_token[SIZ];
 303         long line_offset;
 304         int line_length;
 305         char buf[SIZ];
 306         char cmd[SIZ];
 307         char email[SIZ];
 308         char subtype[SIZ];
 309         int success = 0;
 310
 311         if (getroom(&qrbuf, room) != 0) {
 312                 cprintf("%d There is no list called '%s'\n",
 313                         ERROR+ROOM_NOT_FOUND, room);
 314                 return;
 315         }
 316
 317         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 318                 cprintf("%d '%s' "
 319                         "does not accept subscribe/unsubscribe requests.\n",
 320                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 321                 return;
 322         }
 323
 324         begin_critical_section(S_NETCONFIGS);
 325         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 326         ncfp = fopen(filename, "r+");
 327         if (ncfp != NULL) {
 328                 while (line_offset = ftell(ncfp),
 329                       (fgets(buf, sizeof buf, ncfp) != NULL) ) {
 330                         buf[strlen(buf)-1] = 0;
 331                         line_length = strlen(buf);
 332                         extract(cmd, buf, 0);
 333                         if (!strcasecmp(cmd, "subpending")) {
 334                                 extract(email, buf, 1);
 335                                 extract(subtype, buf, 2);
 336                                 extract(line_token, buf, 3);
 337                                 if (!strcasecmp(token, line_token)) {
 338                                         if (!strcasecmp(subtype, "digest")) {
 339                                                 strcpy(buf, "digestrecp|");
 340                                         }
 341                                         else {
 342                                                 strcpy(buf, "listrecp|");
 343                                         }
 344                                         strcat(buf, email);
 345                                         strcat(buf, "|");
 346                                         /* SLEAZY HACK: pad the line out so
 347                                          * it's the same length as the line
 348                                          * we're replacing.
 349                                          */
 350                                         while (strlen(buf) < line_length) {
 351                                                 strcat(buf, " ");
 352                                         }
 353                                         fseek(ncfp, line_offset, SEEK_SET);
 354                                         fprintf(ncfp, "%s\n", buf);
 355                                         ++success;
 356                                 }
 357                         }
 358                 }
 359                 fclose(ncfp);
 360         }
 361         end_critical_section(S_NETCONFIGS);
 362
 363         if (success) {
 364                 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
 365         }
 366         else {
 367                 cprintf("%d Invalid token.\n", ERROR);
 368         }
 369
 370 }
 371
 372
 373
 374 /*
 375  * process subscribe/unsubscribe requests and confirmations
 376  */
 377 void cmd_subs(char *cmdbuf) {
 378
 379         char opr[SIZ];
 380         char room[SIZ];
 381         char email[SIZ];
 382         char subtype[SIZ];
 383         char token[SIZ];
 384         char webpage[SIZ];
 385
 386         extract(opr, cmdbuf, 0);
 387         if (!strcasecmp(opr, "subscribe")) {
 388                 extract(subtype, cmdbuf, 3);
 389                 if ( (strcasecmp(subtype, "list"))
 390                    && (strcasecmp(subtype, "digest")) ) {
 391                         cprintf("%d Invalid subscription type.\n", ERROR);
 392                 }
 393                 else {
 394                         extract(room, cmdbuf, 1);
 395                         extract(email, cmdbuf, 2);
 396                         extract(webpage, cmdbuf, 4);
 397                         do_subscribe(room, email, subtype, webpage);
 398                 }
 399         }
 400         else if (!strcasecmp(opr, "unsubscribe")) {
 401                 extract(room, cmdbuf, 1);
 402                 extract(email, cmdbuf, 2);
 403                 extract(webpage, cmdbuf, 4);
 404                 do_unsubscribe(room, email, webpage);
 405         }
 406         else if (!strcasecmp(opr, "confirm")) {
 407                 extract(room, cmdbuf, 1);
 408                 extract(token, cmdbuf, 2);
 409                 do_confirm(room, token);
 410         }
 411         else {
 412                 cprintf("%d Invalid command\n", ERROR);
 413         }
 414 }
 415
 416
 417 /*
 418  * Module entry point
 419  */
 420 char *Dynamic_Module_Init(void)
 421 {
 422         CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
 423         return "$Id$";
 424 }