citadel/serv_listsub.c

   1 /*
   2  * $Id$
   3  *
   4  * This module handles self-service subscription/unsubscription to mail lists.
   5  *
   6  * Copyright (C) 2002 by Art Cancro and others.
   7  * This code is released under the terms of the GNU General Public License.
   8  *
   9  */
  10
  11 #include "sysdep.h"
  12 #include <stdlib.h>
  13 #include <unistd.h>
  14 #include <stdio.h>
  15 #include <fcntl.h>
  16 #include <ctype.h>
  17 #include <signal.h>
  18 #include <pwd.h>
  19 #include <errno.h>
  20 #include <sys/types.h>
  21 #include <dirent.h>
  22 #if TIME_WITH_SYS_TIME
  23 # include <sys/time.h>
  24 # include <time.h>
  25 #else
  26 # if HAVE_SYS_TIME_H
  27 #  include <sys/time.h>
  28 # else
  29 #  include <time.h>
  30 # endif
  31 #endif
  32
  33 #include <sys/wait.h>
  34 #include <string.h>
  35 #include <limits.h>
  36 #include "citadel.h"
  37 #include "server.h"
  38 #include "sysdep_decls.h"
  39 #include "citserver.h"
  40 #include "support.h"
  41 #include "config.h"
  42 #include "dynloader.h"
  43 #include "room_ops.h"
  44 #include "user_ops.h"
  45 #include "policy.h"
  46 #include "database.h"
  47 #include "msgbase.h"
  48 #include "tools.h"
  49 #include "internet_addressing.h"
  50 #include "serv_network.h"
  51 #include "clientsocket.h"
  52 #include "file_ops.h"
  53
  54 #ifndef HAVE_SNPRINTF
  55 #include "snprintf.h"
  56 #endif
  57
  58
  59 /*
  60  * Generate a randomizationalisticized token to use for authentication of
  61  * a subscribe or unsubscribe request.
  62  */
  63 void listsub_generate_token(char *buf) {
  64         char sourcebuf[SIZ];
  65         static int seq = 0;
  66
  67         /* Theo, please sit down and shut up.  This key doesn't have to be
  68          * tinfoil-hat secure, it just needs to be reasonably unguessable
  69          * and unique.
  70          */
  71         sprintf(sourcebuf, "%lx",
  72                 (long) (++seq + getpid() + time(NULL))
  73         );
  74
  75         /* Convert it to base64 so it looks cool */
  76         encode_base64(buf, sourcebuf);
  77 }
  78
  79
  80 /*
  81  * Enter a subscription request
  82  */
  83 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
  84         struct quickroom qrbuf;
  85         FILE *ncfp;
  86         char filename[SIZ];
  87         char token[SIZ];
  88         char confirmation_request[SIZ];
  89         char buf[SIZ];
  90         char urlroom[SIZ];
  91         char scancmd[SIZ];
  92         char scanemail[SIZ];
  93         int found_sub = 0;
  94
  95         if (getroom(&qrbuf, room) != 0) {
  96                 cprintf("%d There is no list called '%s'\n", ERROR, room);
  97                 return;
  98         }
  99
 100         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 101                 cprintf("%d '%s' "
 102                         "does not accept subscribe/unsubscribe requests.\n",
 103                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 104                 return;
 105         }
 106
 107         listsub_generate_token(token);
 108
 109         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 110
 111         /*
 112          * Make sure the requested address isn't already subscribed
 113          */
 114         begin_critical_section(S_NETCONFIGS);
 115         ncfp = fopen(filename, "r");
 116         if (ncfp != NULL) {
 117                 while (fgets(buf, sizeof buf, ncfp) != NULL) {
 118                         buf[strlen(buf)-1] = 0;
 119                         extract(scancmd, buf, 0);
 120                         extract(scanemail, buf, 1);
 121                         if ((!strcasecmp(scancmd, "listrecp"))
 122                            || (!strcasecmp(scancmd, "digestrecp"))) {
 123                                 if (!strcasecmp(scanemail, email)) {
 124                                         ++found_sub;
 125                                 }
 126                         }
 127                 }
 128                 fclose(ncfp);
 129         }
 130         end_critical_section(S_NETCONFIGS);
 131
 132         if (found_sub != 0) {
 133                 cprintf("%d '%s' is already subscribed to '%s'.\n",
 134                         ERROR,
 135                         email, qrbuf.QRname);
 136                 return;
 137         }
 138
 139         /*
 140          * Now add it to the file
 141          */
 142         begin_critical_section(S_NETCONFIGS);
 143         ncfp = fopen(filename, "a");
 144         if (ncfp != NULL) {
 145                 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
 146                         email,
 147                         subtype,
 148                         token,
 149                         time(NULL),
 150                         webpage
 151                 );
 152                 fclose(ncfp);
 153         }
 154         end_critical_section(S_NETCONFIGS);
 155
 156         /* Generate and send the confirmation request */
 157
 158         urlesc(urlroom, qrbuf.QRname);
 159
 160         snprintf(confirmation_request, sizeof confirmation_request,
 161                 "Content-type: text/html\n\n"
 162                 "<HTML><BODY>"
 163                 "Someone (probably you) has submitted a request to subscribe\n"
 164                 "&lt;%s&gt; to the <B>%s</B> mailing list.<BR><BR>\n"
 165                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 166                 "Please click here to confirm this request.</A><BR><BR>\n"
 167                 "If this request has been submitted in error and you do not\n"
 168                 "wish to receive the '%s' mailing list, simply do nothing,\n"
 169                 "and you will not receive any further mailings.\n"
 170                 "</BODY></HTML>\n",
 171
 172                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 173         );
 174
 175         quickie_message(        /* This delivers the message */
 176                 "Citadel",
 177                 email,
 178                 NULL,
 179                 confirmation_request,
 180                 FMT_RFC822
 181         );
 182
 183         cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
 184 }
 185
 186
 187 /*
 188  * Enter an unsubscription request
 189  */
 190 void do_unsubscribe(char *room, char *email, char *webpage) {
 191         struct quickroom qrbuf;
 192         FILE *ncfp;
 193         char filename[SIZ];
 194         char token[SIZ];
 195         char buf[SIZ];
 196         char confirmation_request[SIZ];
 197         char urlroom[SIZ];
 198         char scancmd[SIZ];
 199         char scanemail[SIZ];
 200         int found_sub = 0;
 201
 202         if (getroom(&qrbuf, room) != 0) {
 203                 cprintf("%d There is no list called '%s'\n",
 204                         ERROR+ROOM_NOT_FOUND, room);
 205                 return;
 206         }
 207
 208         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 209                 cprintf("%d '%s' "
 210                         "does not accept subscribe/unsubscribe requests.\n",
 211                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 212                 return;
 213         }
 214
 215         listsub_generate_token(token);
 216
 217         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 218
 219         /*
 220          * Make sure there's actually a subscription there to remove
 221          */
 222         begin_critical_section(S_NETCONFIGS);
 223         ncfp = fopen(filename, "r");
 224         if (ncfp != NULL) {
 225                 while (fgets(buf, sizeof buf, ncfp) != NULL) {
 226                         buf[strlen(buf)-1] = 0;
 227                         extract(scancmd, buf, 0);
 228                         extract(scanemail, buf, 1);
 229                         if ((!strcasecmp(scancmd, "listrecp"))
 230                            || (!strcasecmp(scancmd, "digestrecp"))) {
 231                                 if (!strcasecmp(scanemail, email)) {
 232                                         ++found_sub;
 233                                 }
 234                         }
 235                 }
 236                 fclose(ncfp);
 237         }
 238         end_critical_section(S_NETCONFIGS);
 239
 240         if (found_sub == 0) {
 241                 cprintf("%d '%s' is not subscribed to '%s'.\n",
 242                         ERROR+NO_SUCH_USER,
 243                         email, qrbuf.QRname);
 244                 return;
 245         }
 246
 247         /*
 248          * Ok, now enter the unsubscribe-pending entry.
 249          */
 250         begin_critical_section(S_NETCONFIGS);
 251         ncfp = fopen(filename, "a");
 252         if (ncfp != NULL) {
 253                 fprintf(ncfp, "unsubpending|%s|%s|%ld|%s\n",
 254                         email,
 255                         token,
 256                         time(NULL),
 257                         webpage
 258                 );
 259                 fclose(ncfp);
 260         }
 261         end_critical_section(S_NETCONFIGS);
 262
 263         /* Generate and send the confirmation request */
 264
 265         urlesc(urlroom, qrbuf.QRname);
 266
 267         snprintf(confirmation_request, sizeof confirmation_request,
 268                 "Content-type: text/html\n\n"
 269                 "<HTML><BODY>"
 270                 "Someone (probably you) has submitted a request "
 271                 "to unsubscribe\n"
 272                 "&lt;%s&gt; from the <B>%s</B> mailing list.<BR><BR>\n"
 273                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 274                 "Please click here to confirm this request.</A><BR><BR>\n"
 275                 "If this request has been submitted in error and you do\n"
 276                 "<i>not</i> wish to unsubscribe from the "
 277                 "'%s' mailing list, simply do nothing,\n"
 278                 "and you will remain subscribed to the list.\n"
 279                 "</BODY></HTML>\n",
 280
 281                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 282         );
 283
 284         quickie_message(        /* This delivers the message */
 285                 "Citadel",
 286                 email,
 287                 NULL,
 288                 confirmation_request,
 289                 FMT_RFC822
 290         );
 291
 292         cprintf("%d Unubscription noted; confirmation request sent\n", CIT_OK);
 293 }
 294
 295
 296 /*
 297  * Confirm a subscribe/unsubscribe request.
 298  */
 299 void do_confirm(char *room, char *token) {
 300         struct quickroom qrbuf;
 301         FILE *ncfp;
 302         char filename[SIZ];
 303         char line_token[SIZ];
 304         long line_offset;
 305         int line_length;
 306         char buf[SIZ];
 307         char cmd[SIZ];
 308         char email[SIZ];
 309         char subtype[SIZ];
 310         int success = 0;
 311         char address_to_unsubscribe[SIZ];
 312         char scancmd[SIZ];
 313         char scanemail[SIZ];
 314         char *holdbuf = NULL;
 315         int linelen = 0;
 316         int buflen = 0;
 317
 318         strcpy(address_to_unsubscribe, "");
 319
 320         if (getroom(&qrbuf, room) != 0) {
 321                 cprintf("%d There is no list called '%s'\n",
 322                         ERROR+ROOM_NOT_FOUND, room);
 323                 return;
 324         }
 325
 326         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 327                 cprintf("%d '%s' "
 328                         "does not accept subscribe/unsubscribe requests.\n",
 329                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 330                 return;
 331         }
 332
 333         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 334         begin_critical_section(S_NETCONFIGS);
 335         ncfp = fopen(filename, "r+");
 336         if (ncfp != NULL) {
 337                 while (line_offset = ftell(ncfp),
 338                       (fgets(buf, sizeof buf, ncfp) != NULL) ) {
 339                         buf[strlen(buf)-1] = 0;
 340                         line_length = strlen(buf);
 341                         extract(cmd, buf, 0);
 342                         if (!strcasecmp(cmd, "subpending")) {
 343                                 extract(email, buf, 1);
 344                                 extract(subtype, buf, 2);
 345                                 extract(line_token, buf, 3);
 346                                 if (!strcasecmp(token, line_token)) {
 347                                         if (!strcasecmp(subtype, "digest")) {
 348                                                 strcpy(buf, "digestrecp|");
 349                                         }
 350                                         else {
 351                                                 strcpy(buf, "listrecp|");
 352                                         }
 353                                         strcat(buf, email);
 354                                         strcat(buf, "|");
 355                                         /* SLEAZY HACK: pad the line out so
 356                                          * it's the same length as the line
 357                                          * we're replacing.
 358                                          */
 359                                         while (strlen(buf) < line_length) {
 360                                                 strcat(buf, " ");
 361                                         }
 362                                         fseek(ncfp, line_offset, SEEK_SET);
 363                                         fprintf(ncfp, "%s\n", buf);
 364                                         ++success;
 365                                 }
 366                         }
 367                         if (!strcasecmp(cmd, "unsubpending")) {
 368                                 extract(line_token, buf, 2);
 369                                 if (!strcasecmp(token, line_token)) {
 370                                         extract(address_to_unsubscribe, buf, 1);
 371                                 }
 372                         }
 373                 }
 374                 fclose(ncfp);
 375         }
 376         end_critical_section(S_NETCONFIGS);
 377
 378         /*
 379          * If "address_to_unsubscribe" contains something, then we have to
 380          * make another pass at the file, stripping out lines referring to
 381          * that address.
 382          */
 383         if (strlen(address_to_unsubscribe) > 0) {
 384                 holdbuf = mallok(SIZ);
 385                 begin_critical_section(S_NETCONFIGS);
 386                 ncfp = fopen(filename, "r+");
 387                 if (ncfp != NULL) {
 388                         while (line_offset = ftell(ncfp),
 389                               (fgets(buf, sizeof buf, ncfp) != NULL) ) {
 390                                 buf[strlen(buf)-1]=0;
 391                                 extract(scancmd, buf, 0);
 392                                 extract(scanemail, buf, 1);
 393                                 if ( (!strcasecmp(scancmd, "listrecp"))
 394                                    && (!strcasecmp(scanemail,
 395                                                 address_to_unsubscribe)) ) {
 396                                         ++success;
 397                                 }
 398                                 else if ( (!strcasecmp(scancmd, "digestrecp"))
 399                                    && (!strcasecmp(scanemail,
 400                                                 address_to_unsubscribe)) ) {
 401                                         ++success;
 402                                 }
 403                                 else if ( (!strcasecmp(scancmd, "subpending"))
 404                                    && (!strcasecmp(scanemail,
 405                                                 address_to_unsubscribe)) ) {
 406                                         ++success;
 407                                 }
 408                                 else if ( (!strcasecmp(scancmd, "unsubpending"))
 409                                    && (!strcasecmp(scanemail,
 410                                                 address_to_unsubscribe)) ) {
 411                                         ++success;
 412                                 }
 413                                 else {  /* Not relevant, so *keep* it! */
 414                                         linelen = strlen(buf);
 415                                         holdbuf = reallok(holdbuf,
 416                                                 (buflen + linelen + 2) );
 417                                         strcpy(&holdbuf[buflen], buf);
 418                                         buflen += linelen;
 419                                         strcpy(&holdbuf[buflen], "\n");
 420                                         buflen += 1;
 421                                 }
 422                         }
 423                         fclose(ncfp);
 424                 }
 425                 ncfp = fopen(filename, "w");
 426                 if (ncfp != NULL) {
 427                         fwrite(holdbuf, buflen+1, 1, ncfp);
 428                         fclose(ncfp);
 429                 }
 430                 end_critical_section(S_NETCONFIGS);
 431                 phree(holdbuf);
 432         }
 433
 434         /*
 435          * Did we do anything useful today?
 436          */
 437         if (success) {
 438                 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
 439         }
 440         else {
 441                 cprintf("%d Invalid token.\n", ERROR);
 442         }
 443
 444 }
 445
 446
 447
 448 /*
 449  * process subscribe/unsubscribe requests and confirmations
 450  */
 451 void cmd_subs(char *cmdbuf) {
 452
 453         char opr[SIZ];
 454         char room[SIZ];
 455         char email[SIZ];
 456         char subtype[SIZ];
 457         char token[SIZ];
 458         char webpage[SIZ];
 459
 460         extract(opr, cmdbuf, 0);
 461         if (!strcasecmp(opr, "subscribe")) {
 462                 extract(subtype, cmdbuf, 3);
 463                 if ( (strcasecmp(subtype, "list"))
 464                    && (strcasecmp(subtype, "digest")) ) {
 465                         cprintf("%d Invalid subscription type '%s'\n",
 466                                 ERROR+ILLEGAL_VALUE, subtype);
 467                 }
 468                 else {
 469                         extract(room, cmdbuf, 1);
 470                         extract(email, cmdbuf, 2);
 471                         extract(webpage, cmdbuf, 4);
 472                         do_subscribe(room, email, subtype, webpage);
 473                 }
 474         }
 475         else if (!strcasecmp(opr, "unsubscribe")) {
 476                 extract(room, cmdbuf, 1);
 477                 extract(email, cmdbuf, 2);
 478                 extract(webpage, cmdbuf, 3);
 479                 do_unsubscribe(room, email, webpage);
 480         }
 481         else if (!strcasecmp(opr, "confirm")) {
 482                 extract(room, cmdbuf, 1);
 483                 extract(token, cmdbuf, 2);
 484                 do_confirm(room, token);
 485         }
 486         else {
 487                 cprintf("%d Invalid command\n", ERROR);
 488         }
 489 }
 490
 491
 492 /*
 493  * Module entry point
 494  */
 495 char *Dynamic_Module_Init(void)
 496 {
 497         CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
 498         return "$Id$";
 499 }