citadel/serv_listsub.c

   1 /*
   2  * $Id$
   3  *
   4  * This module handles self-service subscription/unsubscription to mail lists.
   5  *
   6  * Copyright (C) 2002 by Art Cancro and others.
   7  * This code is released under the terms of the GNU General Public License.
   8  *
   9  */
  10
  11 #include "sysdep.h"
  12 #include <stdlib.h>
  13 #include <unistd.h>
  14 #include <stdio.h>
  15 #include <fcntl.h>
  16 #include <ctype.h>
  17 #include <signal.h>
  18 #include <pwd.h>
  19 #include <errno.h>
  20 #include <sys/types.h>
  21 #include <dirent.h>
  22 #if TIME_WITH_SYS_TIME
  23 # include <sys/time.h>
  24 # include <time.h>
  25 #else
  26 # if HAVE_SYS_TIME_H
  27 #  include <sys/time.h>
  28 # else
  29 #  include <time.h>
  30 # endif
  31 #endif
  32
  33 #include <sys/wait.h>
  34 #include <string.h>
  35 #include <limits.h>
  36 #include "citadel.h"
  37 #include "server.h"
  38 #include "sysdep_decls.h"
  39 #include "citserver.h"
  40 #include "support.h"
  41 #include "config.h"
  42 #include "dynloader.h"
  43 #include "room_ops.h"
  44 #include "user_ops.h"
  45 #include "policy.h"
  46 #include "database.h"
  47 #include "msgbase.h"
  48 #include "tools.h"
  49 #include "internet_addressing.h"
  50 #include "serv_network.h"
  51 #include "clientsocket.h"
  52 #include "file_ops.h"
  53
  54 #ifndef HAVE_SNPRINTF
  55 #include "snprintf.h"
  56 #endif
  57
  58
  59 /*
  60  * Generate a randomizationalisticized token to use for authentication of
  61  * a subscribe or unsubscribe request.
  62  */
  63 void listsub_generate_token(char *buf) {
  64         char sourcebuf[SIZ];
  65         static int seq = 0;
  66
  67         /* Theo, please sit down and shut up.  This key doesn't have to be
  68          * tinfoil-hat secure, it just needs to be reasonably unguessable
  69          * and unique.
  70          */
  71         sprintf(sourcebuf, "%lx",
  72                 (long) (++seq + getpid() + time(NULL))
  73         );
  74
  75         /* Convert it to base64 so it looks cool */
  76         encode_base64(buf, sourcebuf);
  77 }
  78
  79
  80 /*
  81  * Enter a subscription request
  82  */
  83 void do_subscribe(char *room, char *email, char *subtype, char *webpage) {
  84         struct quickroom qrbuf;
  85         FILE *ncfp;
  86         char filename[SIZ];
  87         char token[SIZ];
  88         char confirmation_request[SIZ];
  89         char urlroom[SIZ];
  90
  91         if (getroom(&qrbuf, room) != 0) {
  92                 cprintf("%d There is no list called '%s'\n", ERROR, room);
  93                 return;
  94         }
  95
  96         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
  97                 cprintf("%d '%s' "
  98                         "does not accept subscribe/unsubscribe requests.\n",
  99                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 100                 return;
 101         }
 102
 103         listsub_generate_token(token);
 104
 105         begin_critical_section(S_NETCONFIGS);
 106         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 107         ncfp = fopen(filename, "a");
 108         if (ncfp != NULL) {
 109                 fprintf(ncfp, "subpending|%s|%s|%s|%ld|%s\n",
 110                         email,
 111                         subtype,
 112                         token,
 113                         time(NULL),
 114                         webpage
 115                 );
 116                 fclose(ncfp);
 117         }
 118         end_critical_section(S_NETCONFIGS);
 119
 120         /* Generate and send the confirmation request */
 121
 122         urlesc(urlroom, qrbuf.QRname);
 123
 124         snprintf(confirmation_request, sizeof confirmation_request,
 125                 "Content-type: text/html\n\n"
 126                 "<HTML><BODY>"
 127                 "Someone (probably you) has submitted a request to subscribe\n"
 128                 "&lt;%s&gt; to the <B>%s</B> mailing list.<BR><BR>\n"
 129                 "<A HREF=\"http://%s?room=%s&token=%s&cmd=confirm\">"
 130                 "Please click here to confirm this request.</A><BR><BR>\n"
 131                 "If this request has been submitted in error and you do not\n"
 132                 "wish to receive the '%s' mailing list, simply do nothing,\n"
 133                 "and you will not receive any further mailings.\n"
 134                 "</BODY></HTML>\n",
 135
 136                 email, qrbuf.QRname, webpage, urlroom, token, qrbuf.QRname
 137         );
 138
 139         quickie_message(        /* This delivers the message */
 140                 "Citadel",
 141                 email,
 142                 NULL,
 143                 confirmation_request,
 144                 FMT_RFC822
 145         );
 146
 147         cprintf("%d Subscription entered; confirmation request sent\n", CIT_OK);
 148 }
 149
 150
 151 /*
 152  * Confirm a subscribe/unsubscribe request.
 153  */
 154 void do_confirm(char *room, char *token) {
 155         struct quickroom qrbuf;
 156         FILE *ncfp;
 157         char filename[SIZ];
 158         char line_token[SIZ];
 159         long line_offset;
 160         int line_length;
 161         char buf[SIZ];
 162         char cmd[SIZ];
 163         char email[SIZ];
 164         char subtype[SIZ];
 165         int success = 0;
 166
 167         if (getroom(&qrbuf, room) != 0) {
 168                 cprintf("%d There is no list called '%s'\n", ERROR, room);
 169                 return;
 170         }
 171
 172         if ((qrbuf.QRflags2 & QR2_SELFLIST) == 0) {
 173                 cprintf("%d '%s' "
 174                         "does not accept subscribe/unsubscribe requests.\n",
 175                         ERROR+HIGHER_ACCESS_REQUIRED, qrbuf.QRname);
 176                 return;
 177         }
 178
 179         begin_critical_section(S_NETCONFIGS);
 180         assoc_file_name(filename, sizeof filename, &qrbuf, "netconfigs");
 181         ncfp = fopen(filename, "r+");
 182         if (ncfp != NULL) {
 183                 while (line_offset = ftell(ncfp),
 184                       (fgets(buf, sizeof buf, ncfp) != NULL) ) {
 185                         buf[strlen(buf)-1] = 0;
 186                         line_length = strlen(buf);
 187                         extract(cmd, buf, 0);
 188                         if (!strcasecmp(cmd, "subpending")) {
 189                                 extract(email, buf, 1);
 190                                 extract(subtype, buf, 2);
 191                                 extract(line_token, buf, 3);
 192                                 if (!strcasecmp(token, line_token)) {
 193                                         if (!strcasecmp(subtype, "digest")) {
 194                                                 strcpy(buf, "digestrecp|");
 195                                         }
 196                                         else {
 197                                                 strcpy(buf, "listrecp|");
 198                                         }
 199                                         strcat(buf, email);
 200                                         strcat(buf, "|");
 201                                         /* SLEAZY HACK: pad the line out so
 202                                          * it's the same length as the line
 203                                          * we're replacing.
 204                                          */
 205                                         while (strlen(buf) < line_length) {
 206                                                 strcat(buf, " ");
 207                                         }
 208                                         fseek(ncfp, line_offset, SEEK_SET);
 209                                         fprintf(ncfp, "%s\n", buf);
 210                                         ++success;
 211                                 }
 212                         }
 213                 }
 214                 fclose(ncfp);
 215         }
 216         end_critical_section(S_NETCONFIGS);
 217
 218         if (success) {
 219                 cprintf("%d %d operation(s) confirmed.\n", CIT_OK, success);
 220         }
 221         else {
 222                 cprintf("%d Invalid token.\n", ERROR);
 223         }
 224
 225 }
 226
 227
 228
 229 /*
 230  * process subscribe/unsubscribe requests and confirmations
 231  */
 232 void cmd_subs(char *cmdbuf) {
 233
 234         char opr[SIZ];
 235         char room[SIZ];
 236         char email[SIZ];
 237         char subtype[SIZ];
 238         char token[SIZ];
 239         char webpage[SIZ];
 240
 241         extract(opr, cmdbuf, 0);
 242         if (!strcasecmp(opr, "subscribe")) {
 243                 extract(subtype, cmdbuf, 3);
 244                 if ( (strcasecmp(subtype, "list"))
 245                    && (strcasecmp(subtype, "digest")) ) {
 246                         cprintf("%d Invalid subscription type.\n", ERROR);
 247                 }
 248                 else {
 249                         extract(room, cmdbuf, 1);
 250                         extract(email, cmdbuf, 2);
 251                         extract(webpage, cmdbuf, 4);
 252                         do_subscribe(room, email, subtype, webpage);
 253                 }
 254         }
 255         else if (!strcasecmp(opr, "unsubscribe")) {
 256                 cprintf("%d not yet implemented\n", ERROR);
 257         }
 258         else if (!strcasecmp(opr, "confirm")) {
 259                 extract(room, cmdbuf, 1);
 260                 extract(token, cmdbuf, 2);
 261                 do_confirm(room, token);
 262         }
 263         else {
 264                 cprintf("%d Invalid command\n", ERROR);
 265         }
 266 }
 267
 268
 269 /*
 270  * Module entry point
 271  */
 272 char *Dynamic_Module_Init(void)
 273 {
 274         CtdlRegisterProtoHook(cmd_subs, "SUBS", "List subscribe/unsubscribe");
 275         return "$Id$";
 276 }