projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add support for -bP config
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
3386088d 5/* Copyright (c) University of Cambridge 1995 - 2015 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH		 14/* Recursively called function */
15
55414b25
JH		 16static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
96c065cb 18
059ec3d9
PH		 19#ifdef STAND_ALONE
20#ifndef SUPPORT_CRYPTEQ
21#define SUPPORT_CRYPTEQ
22#endif
23#endif
24
96c065cb
PH		 25#ifdef LOOKUP_LDAP
26#include "lookups/ldap.h"
27#endif
28
059ec3d9
PH		 29#ifdef SUPPORT_CRYPTEQ
30#ifdef CRYPT_H
31#include <crypt.h>
32#endif
33#ifndef HAVE_CRYPT16
34extern char* crypt16(char*, char*);
35#endif
36#endif
37
96c065cb
PH		 38/* The handling of crypt16() is a mess. I will record below the analysis of the
39mess that was sent to me. We decided, however, to make changing this very low
40priority, because in practice people are moving away from the crypt()
41algorithms nowadays, so it doesn't seem worth it.
42
43<quote>
44There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45the first 8 characters of the password using a 20-round version of crypt
46(standard crypt does 25 rounds). It then crypts the next 8 characters,
47or an empty block if the password is less than 9 characters, using a
4820-round version of crypt and the same salt as was used for the first
49block. Charaters after the first 16 are ignored. It always generates
50a 16-byte hash, which is expressed together with the salt as a string
51of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57and OSF/1. This is the same as the standard crypt if given a password
58of 8 characters or less. If given more, it first does the same as crypt
59using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60using as salt the first two base 64 digits from the first hash block.
61If the password is more than 16 characters then it crypts the 17th to 24th
62characters using as salt the first two base 64 digits from the second hash
63block. And so on: I've seen references to it cutting off the password at
6440 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71Exim has something it calls "crypt16". It will either use a native
72crypt16 or its own implementation. A native crypt16 will presumably
73be the one that I called "crypt16" above. The internal "crypt16"
74function, however, is a two-block-maximum implementation of what I called
75"bigcrypt". The documentation matches the internal code.
76
77I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78that crypt16 and bigcrypt were different things.
79
80Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81to whatever it is using under that name. This unfortunately sets a
82precedent for using "{crypt16}" to identify two incompatible algorithms
83whose output can't be distinguished. With "{crypt16}" thus rendered
84ambiguous, I suggest you deprecate it and invent two new identifiers
85for the two algorithms.
86
87Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88of the password separately means they can be cracked separately, so
89the double-length hash only doubles the cracking effort instead of
90squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91bcrypt ({CRYPT}$2a$).
92</quote>
93*/
059ec3d9
PH		 94
95
059ec3d9 96
059ec3d9
PH		 97/*************************************************
98* Local statics and tables *
99*************************************************/
100
101/* Table of item names, and corresponding switch numbers. The names must be in
102alphabetical order. */
103
104static uschar *item_table[] = {
723c72e6 105 US"acl",
9d1c15ef 106 US"certextract",
1a46a8c5 107 US"dlfunc",
089fc87a 108 US"env",
059ec3d9 109 US"extract",
29f89cad 110 US"filter",
059ec3d9
PH		 111 US"hash",
112 US"hmac",
113 US"if",
ed0512a1
JH		 114#ifdef EXPERIMENTAL_INTERNATIONAL
115 US"imapfolder",
116#endif
059ec3d9 117 US"length",
aa26e137 118 US"listextract",
059ec3d9 119 US"lookup",
29f89cad 120 US"map",
059ec3d9 121 US"nhash",
1a46a8c5 122 US"perl",
fffda43a
TK		 123 US"prvs",
124 US"prvscheck",
059ec3d9
PH		 125 US"readfile",
126 US"readsocket",
29f89cad 127 US"reduce",
059ec3d9
PH		 128 US"run",
129 US"sg",
ac4ef9bd 130 US"sort",
059ec3d9
PH		 131 US"substr",
132 US"tr" };
133
134enum {
723c72e6 135 EITEM_ACL,
9d1c15ef 136 EITEM_CERTEXTRACT,
1a46a8c5 137 EITEM_DLFUNC,
089fc87a 138 EITEM_ENV,
059ec3d9 139 EITEM_EXTRACT,
29f89cad 140 EITEM_FILTER,
059ec3d9
PH		 141 EITEM_HASH,
142 EITEM_HMAC,
143 EITEM_IF,
ed0512a1
JH		 144#ifdef EXPERIMENTAL_INTERNATIONAL
145 EITEM_IMAPFOLDER,
146#endif
059ec3d9 147 EITEM_LENGTH,
aa26e137 148 EITEM_LISTEXTRACT,
059ec3d9 149 EITEM_LOOKUP,
29f89cad 150 EITEM_MAP,
059ec3d9 151 EITEM_NHASH,
1a46a8c5 152 EITEM_PERL,
fffda43a
TK		 153 EITEM_PRVS,
154 EITEM_PRVSCHECK,
059ec3d9
PH		 155 EITEM_READFILE,
156 EITEM_READSOCK,
29f89cad 157 EITEM_REDUCE,
059ec3d9
PH		 158 EITEM_RUN,
159 EITEM_SG,
ac4ef9bd 160 EITEM_SORT,
059ec3d9
PH		 161 EITEM_SUBSTR,
162 EITEM_TR };
163
164/* Tables of operator names, and corresponding switch numbers. The names must be
165in alphabetical order. There are two tables, because underscore is used in some
166cases to introduce arguments, whereas for other it is part of the name. This is
167an historical mis-design. */
168
169static uschar *op_table_underscore[] = {
170 US"from_utf8",
171 US"local_part",
172 US"quote_local_part",
83e029d5 173 US"reverse_ip",
f90d018c 174 US"time_eval",
4e08fd50
JH		 175 US"time_interval"
176#ifdef EXPERIMENTAL_INTERNATIONAL
177 ,US"utf8_domain_from_alabel",
178 US"utf8_domain_to_alabel",
179 US"utf8_localpart_from_alabel",
180 US"utf8_localpart_to_alabel"
181#endif
182 };
059ec3d9
PH		 183
184enum {
185 EOP_FROM_UTF8,
186 EOP_LOCAL_PART,
187 EOP_QUOTE_LOCAL_PART,
83e029d5 188 EOP_REVERSE_IP,
f90d018c 189 EOP_TIME_EVAL,
4e08fd50
JH		 190 EOP_TIME_INTERVAL
191#ifdef EXPERIMENTAL_INTERNATIONAL
192 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
193 EOP_UTF8_DOMAIN_TO_ALABEL,
194 EOP_UTF8_LOCALPART_FROM_ALABEL,
195 EOP_UTF8_LOCALPART_TO_ALABEL
196#endif
197 };
059ec3d9
PH		 198
199static uschar *op_table_main[] = {
200 US"address",
29f89cad 201 US"addresses",
059ec3d9
PH		 202 US"base62",
203 US"base62d",
204 US"domain",
205 US"escape",
206 US"eval",
207 US"eval10",
208 US"expand",
209 US"h",
210 US"hash",
211 US"hex2b64",
c393f931 212 US"hexquote",
fc4a7f70
JH		 213 US"ipv6denorm",
214 US"ipv6norm",
059ec3d9
PH		 215 US"l",
216 US"lc",
217 US"length",
a64a3dfa
JH		 218 US"listcount",
219 US"listnamed",
059ec3d9
PH		 220 US"mask",
221 US"md5",
222 US"nh",
223 US"nhash",
224 US"quote",
9e3331ea 225 US"randint",
059ec3d9 226 US"rfc2047",
9c57cbc0 227 US"rfc2047d",
059ec3d9
PH		 228 US"rxquote",
229 US"s",
230 US"sha1",
9ef9101c 231 US"sha256",
059ec3d9
PH		 232 US"stat",
233 US"str2b64",
234 US"strlen",
235 US"substr",
b9c2e32f
AR		 236 US"uc",
237 US"utf8clean" };
059ec3d9
PH		 238
239enum {
0539a19d 240 EOP_ADDRESS = nelem(op_table_underscore),
29f89cad 241 EOP_ADDRESSES,
059ec3d9
PH		 242 EOP_BASE62,
243 EOP_BASE62D,
244 EOP_DOMAIN,
245 EOP_ESCAPE,
246 EOP_EVAL,
247 EOP_EVAL10,
248 EOP_EXPAND,
249 EOP_H,
250 EOP_HASH,
251 EOP_HEX2B64,
c393f931 252 EOP_HEXQUOTE,
fc4a7f70
JH		 253 EOP_IPV6DENORM,
254 EOP_IPV6NORM,
059ec3d9
PH		 255 EOP_L,
256 EOP_LC,
257 EOP_LENGTH,
a64a3dfa
JH		 258 EOP_LISTCOUNT,
259 EOP_LISTNAMED,
059ec3d9
PH		 260 EOP_MASK,
261 EOP_MD5,
262 EOP_NH,
263 EOP_NHASH,
264 EOP_QUOTE,
9e3331ea 265 EOP_RANDINT,
059ec3d9 266 EOP_RFC2047,
9c57cbc0 267 EOP_RFC2047D,
059ec3d9
PH		 268 EOP_RXQUOTE,
269 EOP_S,
270 EOP_SHA1,
9ef9101c 271 EOP_SHA256,
059ec3d9
PH		 272 EOP_STAT,
273 EOP_STR2B64,
274 EOP_STRLEN,
275 EOP_SUBSTR,
b9c2e32f
AR		 276 EOP_UC,
277 EOP_UTF8CLEAN };
059ec3d9
PH		 278
279
280/* Table of condition names, and corresponding switch numbers. The names must
281be in alphabetical order. */
282
283static uschar *cond_table[] = {
284 US"<",
285 US"<=",
286 US"=",
287 US"==", /* Backward compatibility */
288 US">",
289 US">=",
333eea9c 290 US"acl",
059ec3d9 291 US"and",
f3766eb5 292 US"bool",
6a8de854 293 US"bool_lax",
059ec3d9
PH		 294 US"crypteq",
295 US"def",
296 US"eq",
297 US"eqi",
298 US"exists",
299 US"first_delivery",
0ce9abe6
PH		 300 US"forall",
301 US"forany",
059ec3d9
PH		 302 US"ge",
303 US"gei",
304 US"gt",
305 US"gti",
76dca828
PP		 306 US"inlist",
307 US"inlisti",
059ec3d9
PH		 308 US"isip",
309 US"isip4",
310 US"isip6",
311 US"ldapauth",
312 US"le",
313 US"lei",
314 US"lt",
315 US"lti",
316 US"match",
317 US"match_address",
318 US"match_domain",
32d668a5 319 US"match_ip",
059ec3d9
PH		 320 US"match_local_part",
321 US"or",
322 US"pam",
323 US"pwcheck",
324 US"queue_running",
325 US"radius",
326 US"saslauthd"
327};
328
329enum {
330 ECOND_NUM_L,
331 ECOND_NUM_LE,
332 ECOND_NUM_E,
333 ECOND_NUM_EE,
334 ECOND_NUM_G,
335 ECOND_NUM_GE,
333eea9c 336 ECOND_ACL,
059ec3d9 337 ECOND_AND,
f3766eb5 338 ECOND_BOOL,
6a8de854 339 ECOND_BOOL_LAX,
059ec3d9
PH		 340 ECOND_CRYPTEQ,
341 ECOND_DEF,
342 ECOND_STR_EQ,
343 ECOND_STR_EQI,
344 ECOND_EXISTS,
345 ECOND_FIRST_DELIVERY,
0ce9abe6
PH		 346 ECOND_FORALL,
347 ECOND_FORANY,
059ec3d9
PH		 348 ECOND_STR_GE,
349 ECOND_STR_GEI,
350 ECOND_STR_GT,
351 ECOND_STR_GTI,
76dca828
PP		 352 ECOND_INLIST,
353 ECOND_INLISTI,
059ec3d9
PH		 354 ECOND_ISIP,
355 ECOND_ISIP4,
356 ECOND_ISIP6,
357 ECOND_LDAPAUTH,
358 ECOND_STR_LE,
359 ECOND_STR_LEI,
360 ECOND_STR_LT,
361 ECOND_STR_LTI,
362 ECOND_MATCH,
363 ECOND_MATCH_ADDRESS,
364 ECOND_MATCH_DOMAIN,
32d668a5 365 ECOND_MATCH_IP,
059ec3d9
PH		 366 ECOND_MATCH_LOCAL_PART,
367 ECOND_OR,
368 ECOND_PAM,
369 ECOND_PWCHECK,
370 ECOND_QUEUE_RUNNING,
371 ECOND_RADIUS,
372 ECOND_SASLAUTHD
373};
374
375
059ec3d9
PH		 376/* Types of table entry */
377
7e75538e 378enum vtypes {
059ec3d9
PH		 379 vtype_int, /* value is address of int */
380 vtype_filter_int, /* ditto, but recognized only when filtering */
381 vtype_ino, /* value is address of ino_t (not always an int) */
382 vtype_uid, /* value is address of uid_t (not always an int) */
383 vtype_gid, /* value is address of gid_t (not always an int) */
11d7e4fa 384 vtype_bool, /* value is address of bool */
059ec3d9
PH		 385 vtype_stringptr, /* value is address of pointer to string */
386 vtype_msgbody, /* as stringptr, but read when first required */
387 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH		 388 vtype_msgheaders, /* the message's headers, processed */
389 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH		 390 vtype_localpart, /* extract local part from string */
391 vtype_domain, /* extract domain from string */
362145b5 392 vtype_string_func, /* value is string returned by given function */
059ec3d9
PH		 393 vtype_todbsdin, /* value not used; generate BSD inbox tod */
394 vtype_tode, /* value not used; generate tod in epoch format */
f5787926 395 vtype_todel, /* value not used; generate tod in epoch/usec format */
059ec3d9
PH		 396 vtype_todf, /* value not used; generate full tod */
397 vtype_todl, /* value not used; generate log tod */
398 vtype_todlf, /* value not used; generate log file datestamp tod */
399 vtype_todzone, /* value not used; generate time zone only */
400 vtype_todzulu, /* value not used; generate zulu tod */
401 vtype_reply, /* value not used; get reply from headers */
402 vtype_pid, /* value not used; result is pid */
403 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH		 404 vtype_load_avg, /* value not used; result is int from os_getloadavg */
405 vtype_pspace, /* partition space; value is T/F for spool/log */
9d1c15ef
JH		 406 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
407 vtype_cert /* SSL certificate */
80a47a2c
TK		 408 #ifndef DISABLE_DKIM
409 ,vtype_dkim /* Lookup of value in DKIM signature */
410 #endif
7e75538e
JH		 411};
412
413/* Type for main variable table */
414
415typedef struct {
416 const char *name;
417 enum vtypes type;
418 void *value;
419} var_entry;
420
421/* Type for entries pointing to address/length pairs. Not currently
422in use. */
423
424typedef struct {
425 uschar **address;
426 int *length;
427} alblock;
059ec3d9 428
362145b5
JH		 429static uschar * fn_recipients(void);
430
059ec3d9
PH		 431/* This table must be kept in alphabetical order. */
432
433static var_entry var_table[] = {
38a0a95f
PH		 434 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
435 they will be confused with user-creatable ACL variables. */
525239c1
JH		 436 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
437 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
438 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
439 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
440 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
441 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
442 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
443 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
444 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
445 { "acl_narg", vtype_int, &acl_narg },
059ec3d9
PH		 446 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
447 { "address_data", vtype_stringptr, &deliver_address_data },
448 { "address_file", vtype_stringptr, &address_file },
449 { "address_pipe", vtype_stringptr, &address_pipe },
2d07a215 450 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
059ec3d9
PH		 451 { "authenticated_id", vtype_stringptr, &authenticated_id },
452 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
453 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP		 454#ifdef WITH_CONTENT_SCAN
455 { "av_failed", vtype_int, &av_failed },
456#endif
8523533c
TK		 457#ifdef EXPERIMENTAL_BRIGHTMAIL
458 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
459 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
460 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
461 { "bmi_deliver", vtype_int, &bmi_deliver },
462#endif
059ec3d9
PH		 463 { "body_linecount", vtype_int, &body_linecount },
464 { "body_zerocount", vtype_int, &body_zerocount },
465 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
466 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
467 { "caller_gid", vtype_gid, &real_gid },
468 { "caller_uid", vtype_uid, &real_uid },
055e2cb4 469 { "callout_address", vtype_stringptr, &callout_address },
059ec3d9
PH		 470 { "compile_date", vtype_stringptr, &version_date },
471 { "compile_number", vtype_stringptr, &version_cnumber },
98b8312f
HSHR		 472 { "config_dir", vtype_stringptr, &config_main_directory },
473 { "config_file", vtype_stringptr, &config_main_filename },
e5a9dba6 474 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK		 475#ifdef EXPERIMENTAL_DCC
476 { "dcc_header", vtype_stringptr, &dcc_header },
477 { "dcc_result", vtype_stringptr, &dcc_result },
478#endif
8523533c
TK		 479#ifdef WITH_OLD_DEMIME
480 { "demime_errorlevel", vtype_int, &demime_errorlevel },
481 { "demime_reason", vtype_stringptr, &demime_reason },
fb2274d4 482#endif
80a47a2c
TK		 483#ifndef DISABLE_DKIM
484 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
485 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
486 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
487 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
488 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
489 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 490 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 491 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK		 492 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
493 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
494 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
495 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
496 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
497 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
498 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
499 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 500 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 501 { "dkim_signers", vtype_stringptr, &dkim_signers },
80a47a2c
TK		 502 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
503 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
4840604e
TL		 504#endif
505#ifdef EXPERIMENTAL_DMARC
506 { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
8c8b8274 507 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
4840604e
TL		 508 { "dmarc_status", vtype_stringptr, &dmarc_status },
509 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
510 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
8523533c 511#endif
059ec3d9 512 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 513 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH		 514 { "dnslist_text", vtype_stringptr, &dnslist_text },
515 { "dnslist_value", vtype_stringptr, &dnslist_value },
516 { "domain", vtype_stringptr, &deliver_domain },
517 { "domain_data", vtype_stringptr, &deliver_domain_data },
774ef2d7
JH		 518#ifdef EXPERIMENTAL_EVENT
519 { "event_data", vtype_stringptr, &event_data },
520
521 /*XXX want to use generic vars for as many of these as possible*/
522 { "event_defer_errno", vtype_int, &event_defer_errno },
523
524 { "event_name", vtype_stringptr, &event_name },
525#endif
059ec3d9
PH		 526 { "exim_gid", vtype_gid, &exim_gid },
527 { "exim_path", vtype_stringptr, &exim_path },
528 { "exim_uid", vtype_uid, &exim_uid },
71224040 529 { "exim_version", vtype_stringptr, &version_string },
8523533c
TK		 530#ifdef WITH_OLD_DEMIME
531 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 532#endif
362145b5 533 { "headers_added", vtype_string_func, &fn_hdrs_added },
059ec3d9
PH		 534 { "home", vtype_stringptr, &deliver_home },
535 { "host", vtype_stringptr, &deliver_host },
536 { "host_address", vtype_stringptr, &deliver_host_address },
537 { "host_data", vtype_stringptr, &host_data },
b08b24c8 538 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9 539 { "host_lookup_failed", vtype_int, &host_lookup_failed },
a7538db1 540 { "host_port", vtype_int, &deliver_host_port },
059ec3d9
PH		 541 { "inode", vtype_ino, &deliver_inode },
542 { "interface_address", vtype_stringptr, &interface_address },
543 { "interface_port", vtype_int, &interface_port },
0ce9abe6 544 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH		 545 #ifdef LOOKUP_LDAP
546 { "ldap_dn", vtype_stringptr, &eldap_dn },
547 #endif
548 { "load_average", vtype_load_avg, NULL },
549 { "local_part", vtype_stringptr, &deliver_localpart },
550 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
551 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
552 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
553 { "local_scan_data", vtype_stringptr, &local_scan_data },
554 { "local_user_gid", vtype_gid, &local_user_gid },
555 { "local_user_uid", vtype_uid, &local_user_uid },
556 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 557 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 558 { "log_space", vtype_pspace, (void *)FALSE },
4e0983dc 559 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
059ec3d9 560 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK		 561#ifdef WITH_CONTENT_SCAN
562 { "malware_name", vtype_stringptr, &malware_name },
563#endif
d677b2f2 564 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH		 565 { "message_age", vtype_int, &message_age },
566 { "message_body", vtype_msgbody, &message_body },
567 { "message_body_end", vtype_msgbody_end, &message_body_end },
568 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 569 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 570 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 571 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 572 { "message_id", vtype_stringptr, &message_id },
2e0c1448 573 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 574 { "message_size", vtype_int, &message_size },
eb02f5df
JH		 575#ifdef EXPERIMENTAL_INTERNATIONAL
576 { "message_smtputf8", vtype_bool, &message_smtputf8 },
577#endif
8523533c
TK		 578#ifdef WITH_CONTENT_SCAN
579 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
580 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
581 { "mime_boundary", vtype_stringptr, &mime_boundary },
582 { "mime_charset", vtype_stringptr, &mime_charset },
583 { "mime_content_description", vtype_stringptr, &mime_content_description },
584 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
585 { "mime_content_id", vtype_stringptr, &mime_content_id },
586 { "mime_content_size", vtype_int, &mime_content_size },
587 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
588 { "mime_content_type", vtype_stringptr, &mime_content_type },
589 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
590 { "mime_filename", vtype_stringptr, &mime_filename },
591 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
592 { "mime_is_multipart", vtype_int, &mime_is_multipart },
593 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
594 { "mime_part_count", vtype_int, &mime_part_count },
595#endif
059ec3d9
PH		 596 { "n0", vtype_filter_int, &filter_n[0] },
597 { "n1", vtype_filter_int, &filter_n[1] },
598 { "n2", vtype_filter_int, &filter_n[2] },
599 { "n3", vtype_filter_int, &filter_n[3] },
600 { "n4", vtype_filter_int, &filter_n[4] },
601 { "n5", vtype_filter_int, &filter_n[5] },
602 { "n6", vtype_filter_int, &filter_n[6] },
603 { "n7", vtype_filter_int, &filter_n[7] },
604 { "n8", vtype_filter_int, &filter_n[8] },
605 { "n9", vtype_filter_int, &filter_n[9] },
606 { "original_domain", vtype_stringptr, &deliver_domain_orig },
607 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
608 { "originator_gid", vtype_gid, &originator_gid },
609 { "originator_uid", vtype_uid, &originator_uid },
610 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
611 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
612 { "pid", vtype_pid, NULL },
858e91c2
JH		 613#ifndef DISABLE_PRDR
614 { "prdr_requested", vtype_bool, &prdr_requested },
615#endif
059ec3d9 616 { "primary_hostname", vtype_stringptr, &primary_hostname },
a3c86431 617#ifdef EXPERIMENTAL_PROXY
a3bddaa8
TL		 618 { "proxy_host_address", vtype_stringptr, &proxy_host_address },
619 { "proxy_host_port", vtype_int, &proxy_host_port },
a3c86431 620 { "proxy_session", vtype_bool, &proxy_session },
eb57651e
TL		 621 { "proxy_target_address",vtype_stringptr, &proxy_target_address },
622 { "proxy_target_port", vtype_int, &proxy_target_port },
a3c86431 623#endif
fffda43a
TK		 624 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
625 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
626 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH		 627 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
628 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
629 { "rcpt_count", vtype_int, &rcpt_count },
630 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
631 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
632 { "received_count", vtype_int, &received_count },
633 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH		 634 { "received_ip_address", vtype_stringptr, &interface_address },
635 { "received_port", vtype_int, &interface_port },
059ec3d9 636 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 637 { "received_time", vtype_int, &received_time },
059ec3d9 638 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 639 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
362145b5 640 { "recipients", vtype_string_func, &fn_recipients },
059ec3d9 641 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK		 642#ifdef WITH_CONTENT_SCAN
643 { "regex_match_string", vtype_stringptr, &regex_match_string },
644#endif
059ec3d9
PH		 645 { "reply_address", vtype_reply, NULL },
646 { "return_path", vtype_stringptr, &return_path },
647 { "return_size_limit", vtype_int, &bounce_return_size_limit },
181d9bf8 648 { "router_name", vtype_stringptr, &router_name },
059ec3d9
PH		 649 { "runrc", vtype_int, &runrc },
650 { "self_hostname", vtype_stringptr, &self_hostname },
651 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 652 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH		 653 { "sender_address_domain", vtype_domain, &sender_address },
654 { "sender_address_local_part", vtype_localpart, &sender_address },
655 { "sender_data", vtype_stringptr, &sender_data },
656 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
1705dd20 657 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
059ec3d9
PH		 658 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
659 { "sender_host_address", vtype_stringptr, &sender_host_address },
660 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
11d7e4fa 661 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
059ec3d9
PH		 662 { "sender_host_name", vtype_host_lookup, NULL },
663 { "sender_host_port", vtype_int, &sender_host_port },
664 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF		 665 { "sender_rate", vtype_stringptr, &sender_rate },
666 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
667 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 668 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 669 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH		 670 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
671 { "sending_port", vtype_int, &sending_port },
8e669ac1 672 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH		 673 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
674 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
b01dd148 675 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 676 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH		 677 { "sn0", vtype_filter_int, &filter_sn[0] },
678 { "sn1", vtype_filter_int, &filter_sn[1] },
679 { "sn2", vtype_filter_int, &filter_sn[2] },
680 { "sn3", vtype_filter_int, &filter_sn[3] },
681 { "sn4", vtype_filter_int, &filter_sn[4] },
682 { "sn5", vtype_filter_int, &filter_sn[5] },
683 { "sn6", vtype_filter_int, &filter_sn[6] },
684 { "sn7", vtype_filter_int, &filter_sn[7] },
685 { "sn8", vtype_filter_int, &filter_sn[8] },
686 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c 687#ifdef WITH_CONTENT_SCAN
c5f280e2 688 { "spam_action", vtype_stringptr, &spam_action },
8523533c
TK		 689 { "spam_bar", vtype_stringptr, &spam_bar },
690 { "spam_report", vtype_stringptr, &spam_report },
691 { "spam_score", vtype_stringptr, &spam_score },
692 { "spam_score_int", vtype_stringptr, &spam_score_int },
693#endif
694#ifdef EXPERIMENTAL_SPF
65a7d8c3 695 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK		 696 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
697 { "spf_received", vtype_stringptr, &spf_received },
698 { "spf_result", vtype_stringptr, &spf_result },
699 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
700#endif
059ec3d9 701 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 702 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 703 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK		 704#ifdef EXPERIMENTAL_SRS
705 { "srs_db_address", vtype_stringptr, &srs_db_address },
706 { "srs_db_key", vtype_stringptr, &srs_db_key },
707 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
708 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
709 { "srs_recipient", vtype_stringptr, &srs_recipient },
710 { "srs_status", vtype_stringptr, &srs_status },
711#endif
059ec3d9 712 { "thisaddress", vtype_stringptr, &filter_thisaddress },
817d9f57 713
d9b2312b 714 /* The non-(in,out) variables are now deprecated */
817d9f57
JH		 715 { "tls_bits", vtype_int, &tls_in.bits },
716 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
717 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
d9b2312b
JH		 718
719 { "tls_in_bits", vtype_int, &tls_in.bits },
720 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
721 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
44662487 722 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
9d1c15ef
JH		 723 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
724 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
d9b2312b 725 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
4b57b15d 726#if defined(SUPPORT_TLS)
d9b2312b
JH		 727 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
728#endif
817d9f57 729 { "tls_out_bits", vtype_int, &tls_out.bits },
cb9d95ae 730 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
817d9f57 731 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
594706ea
JH		 732#ifdef EXPERIMENTAL_DANE
733 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
734#endif
44662487 735 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
9d1c15ef
JH		 736 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
737 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
817d9f57 738 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
4b57b15d 739#if defined(SUPPORT_TLS)
817d9f57 740 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
7be682ca 741#endif
594706ea
JH		 742#ifdef EXPERIMENTAL_DANE
743 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
744#endif
d9b2312b 745
613dd4ae 746 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
4b57b15d 747#if defined(SUPPORT_TLS)
613dd4ae
JH		 748 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
749#endif
817d9f57 750
059ec3d9
PH		 751 { "tod_bsdinbox", vtype_todbsdin, NULL },
752 { "tod_epoch", vtype_tode, NULL },
f5787926 753 { "tod_epoch_l", vtype_todel, NULL },
059ec3d9
PH		 754 { "tod_full", vtype_todf, NULL },
755 { "tod_log", vtype_todl, NULL },
756 { "tod_logfile", vtype_todlf, NULL },
757 { "tod_zone", vtype_todzone, NULL },
758 { "tod_zulu", vtype_todzulu, NULL },
181d9bf8 759 { "transport_name", vtype_stringptr, &transport_name },
059ec3d9 760 { "value", vtype_stringptr, &lookup_value },
aec45841 761 { "verify_mode", vtype_stringptr, &verify_mode },
059ec3d9
PH		 762 { "version_number", vtype_stringptr, &version_string },
763 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
764 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
765 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
766 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
767 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
768 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
769};
770
0539a19d 771static int var_table_size = nelem(var_table);
059ec3d9
PH		 772static uschar var_buffer[256];
773static BOOL malformed_header;
774
775/* For textual hashes */
776
1ba28e2b
PP		 777static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
778 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
779 "0123456789";
059ec3d9
PH		 780
781enum { HMAC_MD5, HMAC_SHA1 };
782
783/* For numeric hashes */
784
785static unsigned int prime[] = {
786 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
787 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
788 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
789
790/* For printing modes in symbolic form */
791
792static uschar *mtable_normal[] =
793 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
794
795static uschar *mtable_setid[] =
796 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
797
798static uschar *mtable_sticky[] =
799 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
800
801
802
803/*************************************************
804* Tables for UTF-8 support *
805*************************************************/
806
807/* Table of the number of extra characters, indexed by the first character
808masked with 0x3f. The highest number for a valid UTF-8 character is in fact
8090x3d. */
810
811static uschar utf8_table1[] = {
812 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
813 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
814 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
815 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
816
817/* These are the masks for the data bits in the first byte of a character,
818indexed by the number of additional bytes. */
819
820static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
821
822/* Get the next UTF-8 character, advancing the pointer. */
823
824#define GETUTF8INC(c, ptr) \
825 c = *ptr++; \
826 if ((c & 0xc0) == 0xc0) \
827 { \
828 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
829 int s = 6*a; \
830 c = (c & utf8_table2[a]) << s; \
831 while (a-- > 0) \
832 { \
833 s -= 6; \
834 c |= (*ptr++ & 0x3f) << s; \
835 } \
836 }
837
838
839/*************************************************
840* Binary chop search on a table *
841*************************************************/
842
843/* This is used for matching expansion items and operators.
844
845Arguments:
846 name the name that is being sought
847 table the table to search
848 table_size the number of items in the table
849
850Returns: the offset in the table, or -1
851*/
852
853static int
854chop_match(uschar *name, uschar **table, int table_size)
855{
856uschar **bot = table;
857uschar **top = table + table_size;
858
859while (top > bot)
860 {
861 uschar **mid = bot + (top - bot)/2;
862 int c = Ustrcmp(name, *mid);
863 if (c == 0) return mid - table;
864 if (c > 0) bot = mid + 1; else top = mid;
865 }
866
867return -1;
868}
869
870
871
872/*************************************************
873* Check a condition string *
874*************************************************/
875
876/* This function is called to expand a string, and test the result for a "true"
877or "false" value. Failure of the expansion yields FALSE; logged unless it was a
be7a5781
JH		 878forced fail or lookup defer.
879
880We used to release all store used, but this is not not safe due
881to ${dlfunc } and ${acl }. In any case expand_string_internal()
882is reasonably careful to release what it can.
059ec3d9 883
6a8de854
PP		 884The actual false-value tests should be replicated for ECOND_BOOL_LAX.
885
059ec3d9
PH		 886Arguments:
887 condition the condition string
888 m1 text to be incorporated in panic error
889 m2 ditto
890
891Returns: TRUE if condition is met, FALSE if not
892*/
893
894BOOL
895expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
896{
897int rc;
059ec3d9
PH		 898uschar *ss = expand_string(condition);
899if (ss == NULL)
900 {
901 if (!expand_string_forcedfail && !search_find_defer)
902 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
903 "for %s %s: %s", condition, m1, m2, expand_string_message);
904 return FALSE;
905 }
906rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
907 strcmpic(ss, US"false") != 0;
059ec3d9
PH		 908return rc;
909}
910
911
912
17c76198 913
9e3331ea
TK		 914/*************************************************
915* Pseudo-random number generation *
916*************************************************/
917
918/* Pseudo-random number generation. The result is not "expected" to be
919cryptographically strong but not so weak that someone will shoot themselves
920in the foot using it as a nonce in some email header scheme or whatever
921weirdness they'll twist this into. The result should ideally handle fork().
922
923However, if we're stuck unable to provide this, then we'll fall back to
924appallingly bad randomness.
925
17c76198
PP		 926If SUPPORT_TLS is defined then this will not be used except as an emergency
927fallback.
9e3331ea
TK		 928
929Arguments:
930 max range maximum
931Returns a random number in range [0, max-1]
932*/
933
17c76198
PP		 934#ifdef SUPPORT_TLS
935# define vaguely_random_number vaguely_random_number_fallback
936#endif
9e3331ea 937int
17c76198 938vaguely_random_number(int max)
9e3331ea 939{
17c76198
PP		 940#ifdef SUPPORT_TLS
941# undef vaguely_random_number
942#endif
9e3331ea
TK		 943 static pid_t pid = 0;
944 pid_t p2;
945#if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
946 struct timeval tv;
947#endif
948
949 p2 = getpid();
950 if (p2 != pid)
951 {
952 if (pid != 0)
953 {
954
955#ifdef HAVE_ARC4RANDOM
956 /* cryptographically strong randomness, common on *BSD platforms, not
957 so much elsewhere. Alas. */
46ca7017 958#ifndef NOT_HAVE_ARC4RANDOM_STIR
9e3331ea 959 arc4random_stir();
46ca7017 960#endif
9e3331ea
TK		 961#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
962#ifdef HAVE_SRANDOMDEV
963 /* uses random(4) for seeding */
964 srandomdev();
965#else
966 gettimeofday(&tv, NULL);
967 srandom(tv.tv_sec | tv.tv_usec | getpid());
968#endif
969#else
970 /* Poor randomness and no seeding here */
971#endif
972
973 }
974 pid = p2;
975 }
976
977#ifdef HAVE_ARC4RANDOM
978 return arc4random() % max;
979#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
980 return random() % max;
981#else
982 /* This one returns a 16-bit number, definitely not crypto-strong */
983 return random_number(max);
984#endif
985}
986
17c76198
PP		 987
988
9e3331ea 989
059ec3d9
PH		 990/*************************************************
991* Pick out a name from a string *
992*************************************************/
993
994/* If the name is too long, it is silently truncated.
995
996Arguments:
997 name points to a buffer into which to put the name
998 max is the length of the buffer
999 s points to the first alphabetic character of the name
1000 extras chars other than alphanumerics to permit
1001
1002Returns: pointer to the first character after the name
1003
1004Note: The test for *s != 0 in the while loop is necessary because
1005Ustrchr() yields non-NULL if the character is zero (which is not something
1006I expected). */
1007
55414b25
JH		 1008static const uschar *
1009read_name(uschar *name, int max, const uschar *s, uschar *extras)
059ec3d9
PH		 1010{
1011int ptr = 0;
1012while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1013 {
1014 if (ptr < max-1) name[ptr++] = *s;
1015 s++;
1016 }
1017name[ptr] = 0;
1018return s;
1019}
1020
1021
1022
1023/*************************************************
1024* Pick out the rest of a header name *
1025*************************************************/
1026
1027/* A variable name starting $header_ (or just $h_ for those who like
1028abbreviations) might not be the complete header name because headers can
1029contain any printing characters in their names, except ':'. This function is
1030called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1031on the end, if the name was terminated by white space.
1032
1033Arguments:
1034 name points to a buffer in which the name read so far exists
1035 max is the length of the buffer
1036 s points to the first character after the name so far, i.e. the
1037 first non-alphameric character after $header_xxxxx
1038
1039Returns: a pointer to the first character after the header name
1040*/
1041
55414b25
JH		 1042static const uschar *
1043read_header_name(uschar *name, int max, const uschar *s)
059ec3d9
PH		 1044{
1045int prelen = Ustrchr(name, '_') - name + 1;
1046int ptr = Ustrlen(name) - prelen;
1047if (ptr > 0) memmove(name, name+prelen, ptr);
1048while (mac_isgraph(*s) && *s != ':')
1049 {
1050 if (ptr < max-1) name[ptr++] = *s;
1051 s++;
1052 }
1053if (*s == ':') s++;
1054name[ptr++] = ':';
1055name[ptr] = 0;
1056return s;
1057}
1058
1059
1060
1061/*************************************************
1062* Pick out a number from a string *
1063*************************************************/
1064
1065/* Arguments:
1066 n points to an integer into which to put the number
1067 s points to the first digit of the number
1068
1069Returns: a pointer to the character after the last digit
1070*/
1071
1072static uschar *
1073read_number(int *n, uschar *s)
1074{
1075*n = 0;
1076while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1077return s;
1078}
1079
55414b25
JH		 1080static const uschar *
1081read_cnumber(int *n, const uschar *s)
1082{
1083*n = 0;
1084while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1085return s;
1086}
1087
059ec3d9
PH		 1088
1089
1090/*************************************************
1091* Extract keyed subfield from a string *
1092*************************************************/
1093
1094/* The yield is in dynamic store; NULL means that the key was not found.
1095
1096Arguments:
1097 key points to the name of the key
1098 s points to the string from which to extract the subfield
1099
1100Returns: NULL if the subfield was not found, or
1101 a pointer to the subfield's data
1102*/
1103
1104static uschar *
55414b25 1105expand_getkeyed(uschar *key, const uschar *s)
059ec3d9
PH		 1106{
1107int length = Ustrlen(key);
1108while (isspace(*s)) s++;
1109
1110/* Loop to search for the key */
1111
1112while (*s != 0)
1113 {
1114 int dkeylength;
1115 uschar *data;
55414b25 1116 const uschar *dkey = s;
059ec3d9
PH		 1117
1118 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1119 dkeylength = s - dkey;
1120 while (isspace(*s)) s++;
1121 if (*s == '=') while (isspace((*(++s))));
1122
1123 data = string_dequote(&s);
1124 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1125 return data;
1126
1127 while (isspace(*s)) s++;
1128 }
1129
1130return NULL;
1131}
1132
1133
1134
9d1c15ef
JH		 1135static var_entry *
1136find_var_ent(uschar * name)
1137{
1138int first = 0;
1139int last = var_table_size;
1140
1141while (last > first)
1142 {
1143 int middle = (first + last)/2;
1144 int c = Ustrcmp(name, var_table[middle].name);
1145
1146 if (c > 0) { first = middle + 1; continue; }
1147 if (c < 0) { last = middle; continue; }
1148 return &var_table[middle];
1149 }
1150return NULL;
1151}
059ec3d9
PH		 1152
1153/*************************************************
1154* Extract numbered subfield from string *
1155*************************************************/
1156
1157/* Extracts a numbered field from a string that is divided by tokens - for
1158example a line from /etc/passwd is divided by colon characters. First field is
1159numbered one. Negative arguments count from the right. Zero returns the whole
1160string. Returns NULL if there are insufficient tokens in the string
1161
1162***WARNING***
1163Modifies final argument - this is a dynamically generated string, so that's OK.
1164
1165Arguments:
1166 field number of field to be extracted,
1167 first field = 1, whole string = 0, last field = -1
1168 separators characters that are used to break string into tokens
1169 s points to the string from which to extract the subfield
1170
1171Returns: NULL if the field was not found,
1172 a pointer to the field's data inside s (modified to add 0)
1173*/
1174
1175static uschar *
1176expand_gettokened (int field, uschar *separators, uschar *s)
1177{
1178int sep = 1;
1179int count;
1180uschar *ss = s;
1181uschar *fieldtext = NULL;
1182
1183if (field == 0) return s;
1184
1185/* Break the line up into fields in place; for field > 0 we stop when we have
1186done the number of fields we want. For field < 0 we continue till the end of
1187the string, counting the number of fields. */
1188
1189count = (field > 0)? field : INT_MAX;
1190
1191while (count-- > 0)
1192 {
1193 size_t len;
1194
1195 /* Previous field was the last one in the string. For a positive field
1196 number, this means there are not enough fields. For a negative field number,
1197 check that there are enough, and scan back to find the one that is wanted. */
1198
1199 if (sep == 0)
1200 {
1201 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1202 if ((-field) == (INT_MAX - count - 1)) return s;
1203 while (field++ < 0)
1204 {
1205 ss--;
1206 while (ss[-1] != 0) ss--;
1207 }
1208 fieldtext = ss;
1209 break;
1210 }
1211
1212 /* Previous field was not last in the string; save its start and put a
1213 zero at its end. */
1214
1215 fieldtext = ss;
1216 len = Ustrcspn(ss, separators);
1217 sep = ss[len];
1218 ss[len] = 0;
1219 ss += len + 1;
1220 }
1221
1222return fieldtext;
1223}
1224
1225
aa26e137 1226static uschar *
55414b25 1227expand_getlistele(int field, const uschar * list)
aa26e137 1228{
55414b25 1229const uschar * tlist= list;
aa26e137
JH		 1230int sep= 0;
1231uschar dummy;
1232
1233if(field<0)
0f0c8159 1234 {
aa26e137
JH		 1235 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1236 sep= 0;
0f0c8159 1237 }
aa26e137
JH		 1238if(field==0) return NULL;
1239while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1240return string_nextinlist(&list, &sep, NULL, 0);
1241}
059ec3d9 1242
9d1c15ef
JH		 1243
1244/* Certificate fields, by name. Worry about by-OID later */
9e4dddbd 1245/* Names are chosen to not have common prefixes */
9d1c15ef
JH		 1246
1247#ifdef SUPPORT_TLS
1248typedef struct
1249{
1250uschar * name;
9e4dddbd
JH		 1251int namelen;
1252uschar * (*getfn)(void * cert, uschar * mod);
9d1c15ef
JH		 1253} certfield;
1254static certfield certfields[] =
1255{ /* linear search; no special order */
9e4dddbd
JH		 1256 { US"version", 7, &tls_cert_version },
1257 { US"serial_number", 13, &tls_cert_serial_number },
1258 { US"subject", 7, &tls_cert_subject },
1259 { US"notbefore", 9, &tls_cert_not_before },
1260 { US"notafter", 8, &tls_cert_not_after },
1261 { US"issuer", 6, &tls_cert_issuer },
1262 { US"signature", 9, &tls_cert_signature },
1263 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1264 { US"subj_altname", 12, &tls_cert_subject_altname },
1265 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1266 { US"crl_uri", 7, &tls_cert_crl_uri },
9d1c15ef
JH		 1267};
1268
1269static uschar *
1270expand_getcertele(uschar * field, uschar * certvar)
1271{
1272var_entry * vp;
1273certfield * cp;
1274
1275if (!(vp = find_var_ent(certvar)))
1276 {
94431adb 1277 expand_string_message =
9d1c15ef
JH		 1278 string_sprintf("no variable named \"%s\"", certvar);
1279 return NULL; /* Unknown variable name */
1280 }
1281/* NB this stops us passing certs around in variable. Might
1282want to do that in future */
1283if (vp->type != vtype_cert)
1284 {
94431adb 1285 expand_string_message =
9d1c15ef
JH		 1286 string_sprintf("\"%s\" is not a certificate", certvar);
1287 return NULL; /* Unknown variable name */
1288 }
1289if (!*(void **)vp->value)
1290 return NULL;
1291
1292if (*field >= '0' && *field <= '9')
1293 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1294
1295for(cp = certfields;
0539a19d 1296 cp < certfields + nelem(certfields);
9d1c15ef 1297 cp++)
9e4dddbd
JH		 1298 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1299 {
1300 uschar * modifier = *(field += cp->namelen) == ','
1301 ? ++field : NULL;
1302 return (*cp->getfn)( *(void **)vp->value, modifier );
1303 }
9d1c15ef 1304
94431adb 1305expand_string_message =
9d1c15ef
JH		 1306 string_sprintf("bad field selector \"%s\" for certextract", field);
1307return NULL;
1308}
1309#endif /*SUPPORT_TLS*/
1310
059ec3d9
PH		 1311/*************************************************
1312* Extract a substring from a string *
1313*************************************************/
1314
1315/* Perform the ${substr or ${length expansion operations.
1316
1317Arguments:
1318 subject the input string
1319 value1 the offset from the start of the input string to the start of
1320 the output string; if negative, count from the right.
1321 value2 the length of the output string, or negative (-1) for unset
1322 if value1 is positive, unset means "all after"
1323 if value1 is negative, unset means "all before"
1324 len set to the length of the returned string
1325
1326Returns: pointer to the output string, or NULL if there is an error
1327*/
1328
1329static uschar *
1330extract_substr(uschar *subject, int value1, int value2, int *len)
1331{
1332int sublen = Ustrlen(subject);
1333
1334if (value1 < 0) /* count from right */
1335 {
1336 value1 += sublen;
1337
1338 /* If the position is before the start, skip to the start, and adjust the
1339 length. If the length ends up negative, the substring is null because nothing
1340 can precede. This falls out naturally when the length is unset, meaning "all
1341 to the left". */
1342
1343 if (value1 < 0)
1344 {
1345 value2 += value1;
1346 if (value2 < 0) value2 = 0;
1347 value1 = 0;
1348 }
1349
1350 /* Otherwise an unset length => characters before value1 */
1351
1352 else if (value2 < 0)
1353 {
1354 value2 = value1;
1355 value1 = 0;
1356 }
1357 }
1358
1359/* For a non-negative offset, if the starting position is past the end of the
1360string, the result will be the null string. Otherwise, an unset length means
1361"rest"; just set it to the maximum - it will be cut down below if necessary. */
1362
1363else
1364 {
1365 if (value1 > sublen)
1366 {
1367 value1 = sublen;
1368 value2 = 0;
1369 }
1370 else if (value2 < 0) value2 = sublen;
1371 }
1372
1373/* Cut the length down to the maximum possible for the offset value, and get
1374the required characters. */
1375
1376if (value1 + value2 > sublen) value2 = sublen - value1;
1377*len = value2;
1378return subject + value1;
1379}
1380
1381
1382
1383
1384/*************************************************
1385* Old-style hash of a string *
1386*************************************************/
1387
1388/* Perform the ${hash expansion operation.
1389
1390Arguments:
1391 subject the input string (an expanded substring)
1392 value1 the length of the output string; if greater or equal to the
1393 length of the input string, the input string is returned
1394 value2 the number of hash characters to use, or 26 if negative
1395 len set to the length of the returned string
1396
1397Returns: pointer to the output string, or NULL if there is an error
1398*/
1399
1400static uschar *
1401compute_hash(uschar *subject, int value1, int value2, int *len)
1402{
1403int sublen = Ustrlen(subject);
1404
1405if (value2 < 0) value2 = 26;
1406else if (value2 > Ustrlen(hashcodes))
1407 {
1408 expand_string_message =
1409 string_sprintf("hash count \"%d\" too big", value2);
1410 return NULL;
1411 }
1412
1413/* Calculate the hash text. We know it is shorter than the original string, so
1414can safely place it in subject[] (we know that subject is always itself an
1415expanded substring). */
1416
1417if (value1 < sublen)
1418 {
1419 int c;
1420 int i = 0;
1421 int j = value1;
1422 while ((c = (subject[j])) != 0)
1423 {
1424 int shift = (c + j++) & 7;
1425 subject[i] ^= (c << shift) | (c >> (8-shift));
1426 if (++i >= value1) i = 0;
1427 }
1428 for (i = 0; i < value1; i++)
1429 subject[i] = hashcodes[(subject[i]) % value2];
1430 }
1431else value1 = sublen;
1432
1433*len = value1;
1434return subject;
1435}
1436
1437
1438
1439
1440/*************************************************
1441* Numeric hash of a string *
1442*************************************************/
1443
1444/* Perform the ${nhash expansion operation. The first characters of the
1445string are treated as most important, and get the highest prime numbers.
1446
1447Arguments:
1448 subject the input string
1449 value1 the maximum value of the first part of the result
1450 value2 the maximum value of the second part of the result,
1451 or negative to produce only a one-part result
1452 len set to the length of the returned string
1453
1454Returns: pointer to the output string, or NULL if there is an error.
1455*/
1456
1457static uschar *
1458compute_nhash (uschar *subject, int value1, int value2, int *len)
1459{
1460uschar *s = subject;
1461int i = 0;
1462unsigned long int total = 0; /* no overflow */
1463
1464while (*s != 0)
1465 {
0539a19d 1466 if (i == 0) i = nelem(prime) - 1;
059ec3d9
PH		 1467 total += prime[i--] * (unsigned int)(*s++);
1468 }
1469
1470/* If value2 is unset, just compute one number */
1471
1472if (value2 < 0)
1473 {
1474 s = string_sprintf("%d", total % value1);
1475 }
1476
1477/* Otherwise do a div/mod hash */
1478
1479else
1480 {
1481 total = total % (value1 * value2);
1482 s = string_sprintf("%d/%d", total/value2, total % value2);
1483 }
1484
1485*len = Ustrlen(s);
1486return s;
1487}
1488
1489
1490
1491
1492
1493/*************************************************
1494* Find the value of a header or headers *
1495*************************************************/
1496
1497/* Multiple instances of the same header get concatenated, and this function
1498can also return a concatenation of all the header lines. When concatenating
1499specific headers that contain lists of addresses, a comma is inserted between
1500them. Otherwise we use a straight concatenation. Because some messages can have
1501pathologically large number of lines, there is a limit on the length that is
1502returned. Also, to avoid massive store use which would result from using
1503string_cat() as it copies and extends strings, we do a preliminary pass to find
1504out exactly how much store will be needed. On "normal" messages this will be
1505pretty trivial.
1506
1507Arguments:
1508 name the name of the header, without the leading $header_ or $h_,
1509 or NULL if a concatenation of all headers is required
1510 exists_only TRUE if called from a def: test; don't need to build a string;
1511 just return a string that is not "" and not "0" if the header
1512 exists
1513 newsize return the size of memory block that was obtained; may be NULL
1514 if exists_only is TRUE
1515 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH		 1516 other than concatenating, will be done on the header. Also used
1517 for $message_headers_raw.
059ec3d9
PH		 1518 charset name of charset to translate MIME words to; used only if
1519 want_raw is false; if NULL, no translation is done (this is
1520 used for $bh_ and $bheader_)
1521
1522Returns: NULL if the header does not exist, else a pointer to a new
1523 store block
1524*/
1525
1526static uschar *
1527find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1528 uschar *charset)
1529{
1530BOOL found = name == NULL;
1531int comma = 0;
1532int len = found? 0 : Ustrlen(name);
1533int i;
1534uschar *yield = NULL;
1535uschar *ptr = NULL;
1536
1537/* Loop for two passes - saves code repetition */
1538
1539for (i = 0; i < 2; i++)
1540 {
1541 int size = 0;
1542 header_line *h;
1543
1544 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1545 {
1546 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1547 {
1548 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1549 {
1550 int ilen;
1551 uschar *t;
1552
1553 if (exists_only) return US"1"; /* don't need actual string */
1554 found = TRUE;
1555 t = h->text + len; /* text to insert */
1556 if (!want_raw) /* unless wanted raw, */
1557 while (isspace(*t)) t++; /* remove leading white space */
1558 ilen = h->slen - (t - h->text); /* length to insert */
1559
fd700877
PH		 1560 /* Unless wanted raw, remove trailing whitespace, including the
1561 newline. */
1562
1563 if (!want_raw)
1564 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1565
059ec3d9
PH		 1566 /* Set comma = 1 if handling a single header and it's one of those
1567 that contains an address list, except when asked for raw headers. Only
1568 need to do this once. */
1569
1570 if (!want_raw && name != NULL && comma == 0 &&
1571 Ustrchr("BCFRST", h->type) != NULL)
1572 comma = 1;
1573
1574 /* First pass - compute total store needed; second pass - compute
1575 total store used, including this header. */
1576
fd700877 1577 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH		 1578
1579 /* Second pass - concatentate the data, up to a maximum. Note that
1580 the loop stops when size hits the limit. */
1581
1582 if (i != 0)
1583 {
1584 if (size > header_insert_maxlen)
1585 {
fd700877 1586 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH		 1587 comma = 0;
1588 }
1589 Ustrncpy(ptr, t, ilen);
1590 ptr += ilen;
fd700877
PH		 1591
1592 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH		 1593 back the newline we removed above, provided there was some text in
1594 the header. */
fd700877 1595
3168332a 1596 if (!want_raw && ilen > 0)
059ec3d9 1597 {
3168332a 1598 if (comma != 0) *ptr++ = ',';
059ec3d9
PH		 1599 *ptr++ = '\n';
1600 }
1601 }
1602 }
1603 }
1604 }
1605
fd700877
PH		 1606 /* At end of first pass, return NULL if no header found. Then truncate size
1607 if necessary, and get the buffer to hold the data, returning the buffer size.
1608 */
059ec3d9
PH		 1609
1610 if (i == 0)
1611 {
1612 if (!found) return NULL;
1613 if (size > header_insert_maxlen) size = header_insert_maxlen;
1614 *newsize = size + 1;
1615 ptr = yield = store_get(*newsize);
1616 }
1617 }
1618
059ec3d9
PH		 1619/* That's all we do for raw header expansion. */
1620
1621if (want_raw)
1622 {
1623 *ptr = 0;
1624 }
1625
fd700877
PH		 1626/* Otherwise, remove a final newline and a redundant added comma. Then we do
1627RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH		 1628function can return an error with decoded data if the charset translation
1629fails. If decoding fails, it returns NULL. */
1630
1631else
1632 {
1633 uschar *decoded, *error;
3168332a 1634 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1635 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1636 *ptr = 0;
a0d6ba8a
PH		 1637 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1638 newsize, &error);
059ec3d9
PH		 1639 if (error != NULL)
1640 {
1641 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1642 " input was: %s\n", error, yield);
1643 }
1644 if (decoded != NULL) yield = decoded;
1645 }
1646
1647return yield;
1648}
1649
1650
1651
1652
362145b5
JH		 1653/*************************************************
1654* Return list of recipients *
1655*************************************************/
1656/* A recipients list is available only during system message filtering,
1657during ACL processing after DATA, and while expanding pipe commands
1658generated from a system filter, but not elsewhere. */
1659
1660static uschar *
1661fn_recipients(void)
1662{
1663if (!enable_dollar_recipients) return NULL; else
1664 {
1665 int size = 128;
1666 int ptr = 0;
1667 int i;
1668 uschar * s = store_get(size);
1669 for (i = 0; i < recipients_count; i++)
1670 {
1671 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1672 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1673 Ustrlen(recipients_list[i].address));
1674 }
1675 s[ptr] = 0; /* string_cat() leaves room */
1676 return s;
1677 }
1678}
1679
1680
059ec3d9
PH		 1681/*************************************************
1682* Find value of a variable *
1683*************************************************/
1684
1685/* The table of variables is kept in alphabetic order, so we can search it
1686using a binary chop. The "choplen" variable is nothing to do with the binary
1687chop.
1688
1689Arguments:
1690 name the name of the variable being sought
1691 exists_only TRUE if this is a def: test; passed on to find_header()
1692 skipping TRUE => skip any processing evaluation; this is not the same as
1693 exists_only because def: may test for values that are first
1694 evaluated here
1695 newsize pointer to an int which is initially zero; if the answer is in
1696 a new memory buffer, *newsize is set to its size
1697
1698Returns: NULL if the variable does not exist, or
1699 a pointer to the variable's contents, or
1700 something non-NULL if exists_only is TRUE
1701*/
1702
1703static uschar *
1704find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1705{
9d1c15ef
JH		 1706var_entry * vp;
1707uschar *s, *domain;
1708uschar **ss;
1709void * val;
059ec3d9 1710
38a0a95f
PH		 1711/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1712Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1713release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH		 1714characters are acl_c or acl_m and the sixth is either a digit or an underscore
1715(this gave backwards compatibility at the changeover). There may be built-in
1716variables whose names start acl_ but they should never start in this way. This
1717slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1718
38a0a95f
PH		 1719If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1720set, in which case give an error. */
47ca6d6c 1721
641cb756
PH		 1722if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1723 !isalpha(name[5]))
38a0a95f
PH		 1724 {
1725 tree_node *node =
1726 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1727 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH		 1728 }
1729
38a0a95f 1730/* Handle $auth<n> variables. */
f78eb7c6
PH		 1731
1732if (Ustrncmp(name, "auth", 4) == 0)
1733 {
1734 uschar *endptr;
1735 int n = Ustrtoul(name + 4, &endptr, 10);
1736 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
f38917cc
JH		 1737 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1738 }
1739else if (Ustrncmp(name, "regex", 5) == 0)
1740 {
1741 uschar *endptr;
1742 int n = Ustrtoul(name + 5, &endptr, 10);
1743 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1744 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
f78eb7c6
PH		 1745 }
1746
47ca6d6c
PH		 1747/* For all other variables, search the table */
1748
9d1c15ef
JH		 1749if (!(vp = find_var_ent(name)))
1750 return NULL; /* Unknown variable name */
059ec3d9 1751
9d1c15ef
JH		 1752/* Found an existing variable. If in skipping state, the value isn't needed,
1753and we want to avoid processing (such as looking up the host name). */
059ec3d9 1754
9d1c15ef
JH		 1755if (skipping)
1756 return US"";
059ec3d9 1757
9d1c15ef
JH		 1758val = vp->value;
1759switch (vp->type)
1760 {
1761 case vtype_filter_int:
1762 if (!filter_running) return NULL;
1763 /* Fall through */
1764 /* VVVVVVVVVVVV */
1765 case vtype_int:
1766 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1767 return var_buffer;
1768
1769 case vtype_ino:
1770 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1771 return var_buffer;
1772
1773 case vtype_gid:
1774 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1775 return var_buffer;
1776
1777 case vtype_uid:
1778 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1779 return var_buffer;
1780
1781 case vtype_bool:
1782 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1783 return var_buffer;
1784
1785 case vtype_stringptr: /* Pointer to string */
1786 s = *((uschar **)(val));
1787 return (s == NULL)? US"" : s;
1788
1789 case vtype_pid:
1790 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1791 return var_buffer;
1792
1793 case vtype_load_avg:
1794 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1795 return var_buffer;
1796
1797 case vtype_host_lookup: /* Lookup if not done so */
1798 if (sender_host_name == NULL && sender_host_address != NULL &&
1799 !host_lookup_failed && host_name_lookup() == OK)
1800 host_build_sender_fullhost();
1801 return (sender_host_name == NULL)? US"" : sender_host_name;
1802
1803 case vtype_localpart: /* Get local part from address */
1804 s = *((uschar **)(val));
1805 if (s == NULL) return US"";
1806 domain = Ustrrchr(s, '@');
1807 if (domain == NULL) return s;
1808 if (domain - s > sizeof(var_buffer) - 1)
1809 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1810 " in string expansion", sizeof(var_buffer));
1811 Ustrncpy(var_buffer, s, domain - s);
1812 var_buffer[domain - s] = 0;
1813 return var_buffer;
1814
1815 case vtype_domain: /* Get domain from address */
1816 s = *((uschar **)(val));
1817 if (s == NULL) return US"";
1818 domain = Ustrrchr(s, '@');
1819 return (domain == NULL)? US"" : domain + 1;
1820
1821 case vtype_msgheaders:
1822 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1823
1824 case vtype_msgheaders_raw:
1825 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1826
1827 case vtype_msgbody: /* Pointer to msgbody string */
1828 case vtype_msgbody_end: /* Ditto, the end of the msg */
1829 ss = (uschar **)(val);
1830 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
059ec3d9 1831 {
9d1c15ef
JH		 1832 uschar *body;
1833 off_t start_offset = SPOOL_DATA_START_OFFSET;
1834 int len = message_body_visible;
1835 if (len > message_size) len = message_size;
1836 *ss = body = store_malloc(len+1);
1837 body[0] = 0;
1838 if (vp->type == vtype_msgbody_end)
059ec3d9 1839 {
9d1c15ef
JH		 1840 struct stat statbuf;
1841 if (fstat(deliver_datafile, &statbuf) == 0)
1842 {
1843 start_offset = statbuf.st_size - len;
1844 if (start_offset < SPOOL_DATA_START_OFFSET)
1845 start_offset = SPOOL_DATA_START_OFFSET;
1846 }
1847 }
1848 lseek(deliver_datafile, start_offset, SEEK_SET);
1849 len = read(deliver_datafile, body, len);
1850 if (len > 0)
1851 {
1852 body[len] = 0;
1853 if (message_body_newlines) /* Separate loops for efficiency */
1854 {
1855 while (len > 0)
1856 { if (body[--len] == 0) body[len] = ' '; }
1857 }
1858 else
1859 {
1860 while (len > 0)
1861 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1862 }
059ec3d9 1863 }
9d1c15ef
JH		 1864 }
1865 return (*ss == NULL)? US"" : *ss;
059ec3d9 1866
9d1c15ef
JH		 1867 case vtype_todbsdin: /* BSD inbox time of day */
1868 return tod_stamp(tod_bsdin);
059ec3d9 1869
9d1c15ef
JH		 1870 case vtype_tode: /* Unix epoch time of day */
1871 return tod_stamp(tod_epoch);
059ec3d9 1872
9d1c15ef
JH		 1873 case vtype_todel: /* Unix epoch/usec time of day */
1874 return tod_stamp(tod_epoch_l);
f5787926 1875
9d1c15ef
JH		 1876 case vtype_todf: /* Full time of day */
1877 return tod_stamp(tod_full);
059ec3d9 1878
9d1c15ef
JH		 1879 case vtype_todl: /* Log format time of day */
1880 return tod_stamp(tod_log_bare); /* (without timezone) */
059ec3d9 1881
9d1c15ef
JH		 1882 case vtype_todzone: /* Time zone offset only */
1883 return tod_stamp(tod_zone);
059ec3d9 1884
9d1c15ef
JH		 1885 case vtype_todzulu: /* Zulu time */
1886 return tod_stamp(tod_zulu);
059ec3d9 1887
9d1c15ef
JH		 1888 case vtype_todlf: /* Log file datestamp tod */
1889 return tod_stamp(tod_log_datestamp_daily);
059ec3d9 1890
9d1c15ef
JH		 1891 case vtype_reply: /* Get reply address */
1892 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1893 headers_charset);
1894 if (s != NULL) while (isspace(*s)) s++;
1895 if (s == NULL || *s == 0)
1896 {
1897 *newsize = 0; /* For the *s==0 case */
1898 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1899 }
1900 if (s != NULL)
1901 {
1902 uschar *t;
1903 while (isspace(*s)) s++;
1904 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1905 while (t > s && isspace(t[-1])) t--;
1906 *t = 0;
1907 }
1908 return (s == NULL)? US"" : s;
059ec3d9 1909
9d1c15ef
JH		 1910 case vtype_string_func:
1911 {
1912 uschar * (*fn)() = val;
1913 return fn();
1914 }
8e669ac1 1915
9d1c15ef
JH		 1916 case vtype_pspace:
1917 {
1918 int inodes;
1919 sprintf(CS var_buffer, "%d",
1920 receive_statvfs(val == (void *)TRUE, &inodes));
1921 }
1922 return var_buffer;
8e669ac1 1923
9d1c15ef
JH		 1924 case vtype_pinodes:
1925 {
1926 int inodes;
1927 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1928 sprintf(CS var_buffer, "%d", inodes);
1929 }
1930 return var_buffer;
80a47a2c 1931
9d1c15ef
JH		 1932 case vtype_cert:
1933 return *(void **)val ? US"<cert>" : US"";
80a47a2c 1934
9d1c15ef
JH		 1935 #ifndef DISABLE_DKIM
1936 case vtype_dkim:
1937 return dkim_exim_expand_query((int)(long)val);
1938 #endif
059ec3d9 1939
9d1c15ef 1940 }
6c08476d
LM		 1941
1942return NULL; /* Unknown variable. Silences static checkers. */
059ec3d9
PH		 1943}
1944
1945
1946
1947
d9b2312b
JH		 1948void
1949modify_variable(uschar *name, void * value)
1950{
9d1c15ef
JH		 1951var_entry * vp;
1952if ((vp = find_var_ent(name))) vp->value = value;
d9b2312b
JH		 1953return; /* Unknown variable name, fail silently */
1954}
1955
1956
1957
1958
1959
059ec3d9
PH		 1960/*************************************************
1961* Read and expand substrings *
1962*************************************************/
1963
1964/* This function is called to read and expand argument substrings for various
1965expansion items. Some have a minimum requirement that is less than the maximum;
1966in these cases, the first non-present one is set to NULL.
1967
1968Arguments:
1969 sub points to vector of pointers to set
1970 n maximum number of substrings
1971 m minimum required
1972 sptr points to current string pointer
1973 skipping the skipping flag
1974 check_end if TRUE, check for final '}'
1975 name name of item, for error message
b0e85a8f
JH		 1976 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
1977 the store.
059ec3d9
PH		 1978
1979Returns: 0 OK; string pointer updated
1980 1 curly bracketing error (too few arguments)
1981 2 too many arguments (only if check_end is set); message set
1982 3 other error (expansion failure)
1983*/
1984
1985static int
55414b25 1986read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
b0e85a8f 1987 BOOL check_end, uschar *name, BOOL *resetok)
059ec3d9
PH		 1988{
1989int i;
55414b25 1990const uschar *s = *sptr;
059ec3d9
PH		 1991
1992while (isspace(*s)) s++;
1993for (i = 0; i < n; i++)
1994 {
1995 if (*s != '{')
1996 {
1997 if (i < m) return 1;
1998 sub[i] = NULL;
1999 break;
2000 }
b0e85a8f 2001 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
059ec3d9
PH		 2002 if (sub[i] == NULL) return 3;
2003 if (*s++ != '}') return 1;
2004 while (isspace(*s)) s++;
2005 }
2006if (check_end && *s++ != '}')
2007 {
2008 if (s[-1] == '{')
2009 {
2010 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
2011 "(max is %d)", name, n);
2012 return 2;
2013 }
2014 return 1;
2015 }
2016
2017*sptr = s;
2018return 0;
2019}
2020
2021
2022
2023
641cb756
PH		 2024/*************************************************
2025* Elaborate message for bad variable *
2026*************************************************/
2027
2028/* For the "unknown variable" message, take a look at the variable's name, and
2029give additional information about possible ACL variables. The extra information
2030is added on to expand_string_message.
2031
2032Argument: the name of the variable
2033Returns: nothing
2034*/
2035
2036static void
2037check_variable_error_message(uschar *name)
2038{
2039if (Ustrncmp(name, "acl_", 4) == 0)
2040 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2041 (name[4] == 'c' || name[4] == 'm')?
2042 (isalpha(name[5])?
2043 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2044 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2045 ) :
2046 US"user-defined ACL variables must start acl_c or acl_m");
2047}
2048
2049
2050
f60d98e8
JH		 2051/*
2052Load args from sub array to globals, and call acl_check().
ef21c07d 2053Sub array will be corrupted on return.
f60d98e8
JH		 2054
2055Returns: OK access is granted by an ACCEPT verb
2056 DISCARD access is granted by a DISCARD verb
2057 FAIL access is denied
2058 FAIL_DROP access is denied; drop the connection
2059 DEFER can't tell at the moment
2060 ERROR disaster
2061*/
2062static int
2063eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2064{
2065int i;
ef21c07d
JH		 2066int sav_narg = acl_narg;
2067int ret;
93a6fce2 2068uschar * dummy_logmsg;
faa05a93 2069extern int acl_where;
f60d98e8 2070
0539a19d 2071if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
ef21c07d
JH		 2072for (i = 0; i < nsub && sub[i+1]; i++)
2073 {
93a6fce2 2074 uschar * tmp = acl_arg[i];
ef21c07d
JH		 2075 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2076 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2077 }
2078acl_narg = i;
bef3ea7f 2079while (i < nsub)
ef21c07d
JH		 2080 {
2081 sub[i+1] = acl_arg[i];
2082 acl_arg[i++] = NULL;
2083 }
f60d98e8
JH		 2084
2085DEBUG(D_expand)
2086 debug_printf("expanding: acl: %s arg: %s%s\n",
2087 sub[0],
60f8e1e8
JH		 2088 acl_narg>0 ? acl_arg[0] : US"<none>",
2089 acl_narg>1 ? " +more" : "");
f60d98e8 2090
93a6fce2 2091ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
ef21c07d
JH		 2092
2093for (i = 0; i < nsub; i++)
2094 acl_arg[i] = sub[i+1]; /* restore old args */
2095acl_narg = sav_narg;
2096
2097return ret;
f60d98e8
JH		 2098}
2099
2100
2101
2102
059ec3d9
PH		 2103/*************************************************
2104* Read and evaluate a condition *
2105*************************************************/
2106
2107/*
2108Arguments:
2109 s points to the start of the condition text
b0e85a8f
JH		 2110 resetok points to a BOOL which is written false if it is unsafe to
2111 free memory. Certain condition types (acl) may have side-effect
2112 allocation which must be preserved.
059ec3d9
PH		 2113 yield points to a BOOL to hold the result of the condition test;
2114 if NULL, we are just reading through a condition that is
2115 part of an "or" combination to check syntax, or in a state
2116 where the answer isn't required
2117
2118Returns: a pointer to the first character after the condition, or
2119 NULL after an error
2120*/
2121
55414b25
JH		 2122static const uschar *
2123eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
059ec3d9
PH		 2124{
2125BOOL testfor = TRUE;
2126BOOL tempcond, combined_cond;
2127BOOL *subcondptr;
5cfd2e57 2128BOOL sub2_honour_dollar = TRUE;
059ec3d9 2129int i, rc, cond_type, roffset;
97d17305 2130int_eximarith_t num[2];
059ec3d9
PH		 2131struct stat statbuf;
2132uschar name[256];
55414b25 2133const uschar *sub[10];
059ec3d9
PH		 2134
2135const pcre *re;
2136const uschar *rerror;
2137
2138for (;;)
2139 {
2140 while (isspace(*s)) s++;
2141 if (*s == '!') { testfor = !testfor; s++; } else break;
2142 }
2143
2144/* Numeric comparisons are symbolic */
2145
2146if (*s == '=' || *s == '>' || *s == '<')
2147 {
2148 int p = 0;
2149 name[p++] = *s++;
2150 if (*s == '=')
2151 {
2152 name[p++] = '=';
2153 s++;
2154 }
2155 name[p] = 0;
2156 }
2157
2158/* All other conditions are named */
2159
2160else s = read_name(name, 256, s, US"_");
2161
2162/* If we haven't read a name, it means some non-alpha character is first. */
2163
2164if (name[0] == 0)
2165 {
2166 expand_string_message = string_sprintf("condition name expected, "
2167 "but found \"%.16s\"", s);
2168 return NULL;
2169 }
2170
2171/* Find which condition we are dealing with, and switch on it */
2172
0539a19d 2173cond_type = chop_match(name, cond_table, nelem(cond_table));
059ec3d9
PH		 2174switch(cond_type)
2175 {
9b4768fa
PH		 2176 /* def: tests for a non-empty variable, or for the existence of a header. If
2177 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH		 2178
2179 case ECOND_DEF:
2180 if (*s != ':')
2181 {
2182 expand_string_message = US"\":\" expected after \"def\"";
2183 return NULL;
2184 }
2185
2186 s = read_name(name, 256, s+1, US"_");
2187
0d85fa3f
PH		 2188 /* Test for a header's existence. If the name contains a closing brace
2189 character, this may be a user error where the terminating colon has been
2190 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH		 2191
2192 if (Ustrncmp(name, "h_", 2) == 0 ||
2193 Ustrncmp(name, "rh_", 3) == 0 ||
2194 Ustrncmp(name, "bh_", 3) == 0 ||
2195 Ustrncmp(name, "header_", 7) == 0 ||
2196 Ustrncmp(name, "rheader_", 8) == 0 ||
2197 Ustrncmp(name, "bheader_", 8) == 0)
2198 {
2199 s = read_header_name(name, 256, s);
b5b871ac 2200 /* {-for-text-editors */
0d85fa3f 2201 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH		 2202 if (yield != NULL) *yield =
2203 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2204 }
2205
9b4768fa
PH		 2206 /* Test for a variable's having a non-empty value. A non-existent variable
2207 causes an expansion failure. */
059ec3d9
PH		 2208
2209 else
2210 {
2211 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2212 if (value == NULL)
2213 {
2214 expand_string_message = (name[0] == 0)?
2215 string_sprintf("variable name omitted after \"def:\"") :
2216 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 2217 check_variable_error_message(name);
059ec3d9
PH		 2218 return NULL;
2219 }
9b4768fa 2220 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH		 2221 }
2222
2223 return s;
2224
2225
2226 /* first_delivery tests for first delivery attempt */
2227
2228 case ECOND_FIRST_DELIVERY:
2229 if (yield != NULL) *yield = deliver_firsttime == testfor;
2230 return s;
2231
2232
2233 /* queue_running tests for any process started by a queue runner */
2234
2235 case ECOND_QUEUE_RUNNING:
2236 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2237 return s;
2238
2239
2240 /* exists: tests for file existence
2241 isip: tests for any IP address
2242 isip4: tests for an IPv4 address
2243 isip6: tests for an IPv6 address
2244 pam: does PAM authentication
2245 radius: does RADIUS authentication
2246 ldapauth: does LDAP authentication
2247 pwcheck: does Cyrus SASL pwcheck authentication
2248 */
2249
2250 case ECOND_EXISTS:
2251 case ECOND_ISIP:
2252 case ECOND_ISIP4:
2253 case ECOND_ISIP6:
2254 case ECOND_PAM:
2255 case ECOND_RADIUS:
2256 case ECOND_LDAPAUTH:
2257 case ECOND_PWCHECK:
2258
2259 while (isspace(*s)) s++;
b5b871ac 2260 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9 2261
b0e85a8f 2262 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
059ec3d9 2263 if (sub[0] == NULL) return NULL;
b5b871ac 2264 /* {-for-text-editors */
059ec3d9
PH		 2265 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2266
2267 if (yield == NULL) return s; /* No need to run the test if skipping */
2268
2269 switch(cond_type)
2270 {
2271 case ECOND_EXISTS:
2272 if ((expand_forbid & RDO_EXISTS) != 0)
2273 {
2274 expand_string_message = US"File existence tests are not permitted";
2275 return NULL;
2276 }
2277 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2278 break;
2279
2280 case ECOND_ISIP:
2281 case ECOND_ISIP4:
2282 case ECOND_ISIP6:
2283 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 2284 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH		 2285 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2286 break;
2287
2288 /* Various authentication tests - all optionally compiled */
2289
2290 case ECOND_PAM:
2291 #ifdef SUPPORT_PAM
2292 rc = auth_call_pam(sub[0], &expand_string_message);
2293 goto END_AUTH;
2294 #else
2295 goto COND_FAILED_NOT_COMPILED;
2296 #endif /* SUPPORT_PAM */
2297
2298 case ECOND_RADIUS:
2299 #ifdef RADIUS_CONFIG_FILE
2300 rc = auth_call_radius(sub[0], &expand_string_message);
2301 goto END_AUTH;
2302 #else
2303 goto COND_FAILED_NOT_COMPILED;
2304 #endif /* RADIUS_CONFIG_FILE */
2305
2306 case ECOND_LDAPAUTH:
2307 #ifdef LOOKUP_LDAP
2308 {
2309 /* Just to keep the interface the same */
2310 BOOL do_cache;
2311 int old_pool = store_pool;
2312 store_pool = POOL_SEARCH;
2313 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2314 &expand_string_message, &do_cache);
2315 store_pool = old_pool;
2316 }
2317 goto END_AUTH;
2318 #else
2319 goto COND_FAILED_NOT_COMPILED;
2320 #endif /* LOOKUP_LDAP */
2321
2322 case ECOND_PWCHECK:
2323 #ifdef CYRUS_PWCHECK_SOCKET
2324 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2325 goto END_AUTH;
2326 #else
2327 goto COND_FAILED_NOT_COMPILED;
2328 #endif /* CYRUS_PWCHECK_SOCKET */
2329
2330 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2331 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2332 END_AUTH:
2333 if (rc == ERROR || rc == DEFER) return NULL;
2334 *yield = (rc == OK) == testfor;
2335 #endif
2336 }
2337 return s;
2338
2339
333eea9c
JH		 2340 /* call ACL (in a conditional context). Accept true, deny false.
2341 Defer is a forced-fail. Anything set by message= goes to $value.
f60d98e8
JH		 2342 Up to ten parameters are used; we use the braces round the name+args
2343 like the saslauthd condition does, to permit a variable number of args.
2344 See also the expansion-item version EITEM_ACL and the traditional
2345 acl modifier ACLC_ACL.
fd5dad68
JH		 2346 Since the ACL may allocate new global variables, tell our caller to not
2347 reclaim memory.
f60d98e8 2348 */
333eea9c
JH		 2349
2350 case ECOND_ACL:
bef3ea7f 2351 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
333eea9c 2352 {
55414b25 2353 uschar *sub[10];
333eea9c 2354 uschar *user_msg;
333eea9c 2355 BOOL cond = FALSE;
bef3ea7f
JH		 2356 int size = 0;
2357 int ptr = 0;
333eea9c
JH		 2358
2359 while (isspace(*s)) s++;
6d9cfc47 2360 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
333eea9c 2361
0539a19d 2362 switch(read_subs(sub, nelem(sub), 1,
b0e85a8f 2363 &s, yield == NULL, TRUE, US"acl", resetok))
333eea9c 2364 {
f60d98e8
JH		 2365 case 1: expand_string_message = US"too few arguments or bracketing "
2366 "error for acl";
2367 case 2:
2368 case 3: return NULL;
333eea9c 2369 }
f60d98e8 2370
b0e85a8f 2371 *resetok = FALSE;
0539a19d 2372 if (yield != NULL) switch(eval_acl(sub, nelem(sub), &user_msg))
f60d98e8
JH		 2373 {
2374 case OK:
2375 cond = TRUE;
2376 case FAIL:
bef3ea7f 2377 lookup_value = NULL;
f60d98e8 2378 if (user_msg)
bef3ea7f 2379 {
f60d98e8 2380 lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
bef3ea7f
JH		 2381 lookup_value[ptr] = '\0';
2382 }
b5b871ac 2383 *yield = cond == testfor;
f60d98e8
JH		 2384 break;
2385
2386 case DEFER:
2387 expand_string_forcedfail = TRUE;
2388 default:
2389 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2390 return NULL;
2391 }
2392 return s;
333eea9c 2393 }
333eea9c
JH		 2394
2395
059ec3d9
PH		 2396 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2397
b0e85a8f 2398 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
059ec3d9
PH		 2399
2400 However, the last two are optional. That is why the whole set is enclosed
333eea9c 2401 in their own set of braces. */
059ec3d9
PH		 2402
2403 case ECOND_SASLAUTHD:
0539a19d
JH		 2404#ifndef CYRUS_SASLAUTHD_SOCKET
2405 goto COND_FAILED_NOT_COMPILED;
2406#else
059ec3d9 2407 {
0539a19d
JH		 2408 uschar *sub[4];
2409 while (isspace(*s)) s++;
2410 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2411 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2412 resetok))
2413 {
2414 case 1: expand_string_message = US"too few arguments or bracketing "
2415 "error for saslauthd";
2416 case 2:
2417 case 3: return NULL;
2418 }
2419 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2420 if (yield != NULL)
2421 {
2422 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2423 &expand_string_message);
2424 if (rc == ERROR || rc == DEFER) return NULL;
2425 *yield = (rc == OK) == testfor;
2426 }
2427 return s;
059ec3d9 2428 }
0539a19d 2429#endif /* CYRUS_SASLAUTHD_SOCKET */
059ec3d9
PH		 2430
2431
2432 /* symbolic operators for numeric and string comparison, and a number of
2433 other operators, all requiring two arguments.
2434
76dca828
PP		 2435 crypteq: encrypts plaintext and compares against an encrypted text,
2436 using crypt(), crypt16(), MD5 or SHA-1
2437 inlist/inlisti: checks if first argument is in the list of the second
059ec3d9
PH		 2438 match: does a regular expression match and sets up the numerical
2439 variables if it succeeds
2440 match_address: matches in an address list
2441 match_domain: matches in a domain list
32d668a5 2442 match_ip: matches a host list that is restricted to IP addresses
059ec3d9 2443 match_local_part: matches in a local part list
059ec3d9
PH		 2444 */
2445
059ec3d9
PH		 2446 case ECOND_MATCH_ADDRESS:
2447 case ECOND_MATCH_DOMAIN:
32d668a5 2448 case ECOND_MATCH_IP:
059ec3d9 2449 case ECOND_MATCH_LOCAL_PART:
da6dbe26
PP		 2450#ifndef EXPAND_LISTMATCH_RHS
2451 sub2_honour_dollar = FALSE;
2452#endif
2453 /* FALLTHROUGH */
2454
2455 case ECOND_CRYPTEQ:
2456 case ECOND_INLIST:
2457 case ECOND_INLISTI:
2458 case ECOND_MATCH:
059ec3d9
PH		 2459
2460 case ECOND_NUM_L: /* Numerical comparisons */
2461 case ECOND_NUM_LE:
2462 case ECOND_NUM_E:
2463 case ECOND_NUM_EE:
2464 case ECOND_NUM_G:
2465 case ECOND_NUM_GE:
2466
2467 case ECOND_STR_LT: /* String comparisons */
2468 case ECOND_STR_LTI:
2469 case ECOND_STR_LE:
2470 case ECOND_STR_LEI:
2471 case ECOND_STR_EQ:
2472 case ECOND_STR_EQI:
2473 case ECOND_STR_GT:
2474 case ECOND_STR_GTI:
2475 case ECOND_STR_GE:
2476 case ECOND_STR_GEI:
2477
2478 for (i = 0; i < 2; i++)
2479 {
da6dbe26
PP		 2480 /* Sometimes, we don't expand substrings; too many insecure configurations
2481 created using match_address{}{} and friends, where the second param
2482 includes information from untrustworthy sources. */
2483 BOOL honour_dollar = TRUE;
2484 if ((i > 0) && !sub2_honour_dollar)
2485 honour_dollar = FALSE;
2486
059ec3d9
PH		 2487 while (isspace(*s)) s++;
2488 if (*s != '{')
2489 {
2490 if (i == 0) goto COND_FAILED_CURLY_START;
2491 expand_string_message = string_sprintf("missing 2nd string in {} "
2492 "after \"%s\"", name);
2493 return NULL;
2494 }
da6dbe26 2495 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
b0e85a8f 2496 honour_dollar, resetok);
059ec3d9
PH		 2497 if (sub[i] == NULL) return NULL;
2498 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2499
2500 /* Convert to numerical if required; we know that the names of all the
2501 conditions that compare numbers do not start with a letter. This just saves
2502 checking for them individually. */
2503
d6066548 2504 if (!isalpha(name[0]) && yield != NULL)
059ec3d9 2505 {
5dd1517f
PH		 2506 if (sub[i][0] == 0)
2507 {
2508 num[i] = 0;
2509 DEBUG(D_expand)
2510 debug_printf("empty string cast to zero for numerical comparison\n");
2511 }
2512 else
2513 {
7685ce68 2514 num[i] = expanded_string_integer(sub[i], FALSE);
5dd1517f
PH		 2515 if (expand_string_message != NULL) return NULL;
2516 }
059ec3d9
PH		 2517 }
2518 }
2519
2520 /* Result not required */
2521
2522 if (yield == NULL) return s;
2523
2524 /* Do an appropriate comparison */
2525
2526 switch(cond_type)
2527 {
2528 case ECOND_NUM_E:
2529 case ECOND_NUM_EE:
b5b871ac 2530 tempcond = (num[0] == num[1]);
059ec3d9
PH		 2531 break;
2532
2533 case ECOND_NUM_G:
b5b871ac 2534 tempcond = (num[0] > num[1]);
059ec3d9
PH		 2535 break;
2536
2537 case ECOND_NUM_GE:
b5b871ac 2538 tempcond = (num[0] >= num[1]);
059ec3d9
PH		 2539 break;
2540
2541 case ECOND_NUM_L:
b5b871ac 2542 tempcond = (num[0] < num[1]);
059ec3d9
PH		 2543 break;
2544
2545 case ECOND_NUM_LE:
b5b871ac 2546 tempcond = (num[0] <= num[1]);
059ec3d9
PH		 2547 break;
2548
2549 case ECOND_STR_LT:
b5b871ac 2550 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
059ec3d9
PH		 2551 break;
2552
2553 case ECOND_STR_LTI:
b5b871ac 2554 tempcond = (strcmpic(sub[0], sub[1]) < 0);
059ec3d9
PH		 2555 break;
2556
2557 case ECOND_STR_LE:
b5b871ac 2558 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
059ec3d9
PH		 2559 break;
2560
2561 case ECOND_STR_LEI:
b5b871ac 2562 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
059ec3d9
PH		 2563 break;
2564
2565 case ECOND_STR_EQ:
b5b871ac 2566 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
059ec3d9
PH		 2567 break;
2568
2569 case ECOND_STR_EQI:
b5b871ac 2570 tempcond = (strcmpic(sub[0], sub[1]) == 0);
059ec3d9
PH		 2571 break;
2572
2573 case ECOND_STR_GT:
b5b871ac 2574 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
059ec3d9
PH		 2575 break;
2576
2577 case ECOND_STR_GTI:
b5b871ac 2578 tempcond = (strcmpic(sub[0], sub[1]) > 0);
059ec3d9
PH		 2579 break;
2580
2581 case ECOND_STR_GE:
b5b871ac 2582 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
059ec3d9
PH		 2583 break;
2584
2585 case ECOND_STR_GEI:
b5b871ac 2586 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
059ec3d9
PH		 2587 break;
2588
2589 case ECOND_MATCH: /* Regular expression match */
2590 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2591 NULL);
2592 if (re == NULL)
2593 {
2594 expand_string_message = string_sprintf("regular expression error in "
2595 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2596 return NULL;
2597 }
b5b871ac 2598 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
059ec3d9
PH		 2599 break;
2600
2601 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2602 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2603 goto MATCHED_SOMETHING;
2604
2605 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2606 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2607 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2608 goto MATCHED_SOMETHING;
2609
32d668a5 2610 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2611 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH		 2612 {
2613 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2614 sub[0]);
2615 return NULL;
2616 }
2617 else
2618 {
2619 unsigned int *nullcache = NULL;
2620 check_host_block cb;
2621
2622 cb.host_name = US"";
2623 cb.host_address = sub[0];
2624
2625 /* If the host address starts off ::ffff: it is an IPv6 address in
2626 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2627 addresses. */
2628
2629 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2630 cb.host_address + 7 : cb.host_address;
2631
2632 rc = match_check_list(
2633 &sub[1], /* the list */
2634 0, /* separator character */
2635 &hostlist_anchor, /* anchor pointer */
2636 &nullcache, /* cache pointer */
2637 check_host, /* function for testing */
2638 &cb, /* argument for function */
2639 MCL_HOST, /* type of check */
2640 sub[0], /* text for debugging */
2641 NULL); /* where to pass back data */
2642 }
2643 goto MATCHED_SOMETHING;
2644
059ec3d9
PH		 2645 case ECOND_MATCH_LOCAL_PART:
2646 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2647 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2648 /* Fall through */
9a26b6b2 2649 /* VVVVVVVVVVVV */
059ec3d9
PH		 2650 MATCHED_SOMETHING:
2651 switch(rc)
2652 {
2653 case OK:
b5b871ac 2654 tempcond = TRUE;
059ec3d9
PH		 2655 break;
2656
2657 case FAIL:
b5b871ac 2658 tempcond = FALSE;
059ec3d9
PH		 2659 break;
2660
2661 case DEFER:
2662 expand_string_message = string_sprintf("unable to complete match "
2663 "against \"%s\": %s", sub[1], search_error_message);
2664 return NULL;
2665 }
2666
2667 break;
2668
2669 /* Various "encrypted" comparisons. If the second string starts with
2670 "{" then an encryption type is given. Default to crypt() or crypt16()
2671 (build-time choice). */
b5b871ac 2672 /* }-for-text-editors */
059ec3d9
PH		 2673
2674 case ECOND_CRYPTEQ:
2675 #ifndef SUPPORT_CRYPTEQ
2676 goto COND_FAILED_NOT_COMPILED;
2677 #else
2678 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2679 {
2680 int sublen = Ustrlen(sub[1]+5);
2681 md5 base;
2682 uschar digest[16];
2683
2684 md5_start(&base);
2685 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2686
2687 /* If the length that we are comparing against is 24, the MD5 digest
2688 is expressed as a base64 string. This is the way LDAP does it. However,
2689 some other software uses a straightforward hex representation. We assume
2690 this if the length is 32. Other lengths fail. */
2691
2692 if (sublen == 24)
2693 {
2694 uschar *coded = auth_b64encode((uschar *)digest, 16);
2695 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2696 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2697 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
059ec3d9
PH		 2698 }
2699 else if (sublen == 32)
2700 {
2701 int i;
2702 uschar coded[36];
2703 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2704 coded[32] = 0;
2705 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2706 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2707 tempcond = (strcmpic(coded, sub[1]+5) == 0);
059ec3d9
PH		 2708 }
2709 else
2710 {
2711 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2712 "fail\n crypted=%s\n", sub[1]+5);
b5b871ac 2713 tempcond = FALSE;
059ec3d9
PH		 2714 }
2715 }
2716
2717 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2718 {
2719 int sublen = Ustrlen(sub[1]+6);
2720 sha1 base;
2721 uschar digest[20];
2722
2723 sha1_start(&base);
2724 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2725
2726 /* If the length that we are comparing against is 28, assume the SHA1
2727 digest is expressed as a base64 string. If the length is 40, assume a
2728 straightforward hex representation. Other lengths fail. */
2729
2730 if (sublen == 28)
2731 {
2732 uschar *coded = auth_b64encode((uschar *)digest, 20);
2733 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2734 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2735 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
059ec3d9
PH		 2736 }
2737 else if (sublen == 40)
2738 {
2739 int i;
2740 uschar coded[44];
2741 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2742 coded[40] = 0;
2743 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2744 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2745 tempcond = (strcmpic(coded, sub[1]+6) == 0);
059ec3d9
PH		 2746 }
2747 else
2748 {
2749 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2750 "fail\n crypted=%s\n", sub[1]+6);
b5b871ac 2751 tempcond = FALSE;
059ec3d9
PH		 2752 }
2753 }
2754
2755 else /* {crypt} or {crypt16} and non-{ at start */
76dca828 2756 /* }-for-text-editors */
059ec3d9
PH		 2757 {
2758 int which = 0;
2759 uschar *coded;
2760
2761 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2762 {
2763 sub[1] += 7;
2764 which = 1;
2765 }
2766 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2767 {
2768 sub[1] += 9;
2769 which = 2;
2770 }
b5b871ac 2771 else if (sub[1][0] == '{') /* }-for-text-editors */
059ec3d9
PH		 2772 {
2773 expand_string_message = string_sprintf("unknown encryption mechanism "
2774 "in \"%s\"", sub[1]);
2775 return NULL;
2776 }
2777
2778 switch(which)
2779 {
2780 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2781 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2782 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2783 }
2784
2785 #define STR(s) # s
2786 #define XSTR(s) STR(s)
2787 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2788 " subject=%s\n crypted=%s\n",
2789 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2790 coded, sub[1]);
2791 #undef STR
2792 #undef XSTR
2793
2794 /* If the encrypted string contains fewer than two characters (for the
2795 salt), force failure. Otherwise we get false positives: with an empty
2796 string the yield of crypt() is an empty string! */
2797
b5b871ac
JH		 2798 tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
2799 (Ustrcmp(coded, sub[1]) == 0);
059ec3d9
PH		 2800 }
2801 break;
2802 #endif /* SUPPORT_CRYPTEQ */
76dca828
PP		 2803
2804 case ECOND_INLIST:
2805 case ECOND_INLISTI:
2806 {
55414b25 2807 const uschar * list = sub[1];
76dca828 2808 int sep = 0;
76dca828
PP		 2809 uschar *save_iterate_item = iterate_item;
2810 int (*compare)(const uschar *, const uschar *);
2811
82dbd376
JH		 2812 DEBUG(D_expand) debug_printf("condition: %s\n", name);
2813
b5b871ac 2814 tempcond = FALSE;
55414b25
JH		 2815 compare = cond_type == ECOND_INLISTI
2816 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
76dca828 2817
55414b25 2818 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
76dca828
PP		 2819 if (compare(sub[0], iterate_item) == 0)
2820 {
b5b871ac 2821 tempcond = TRUE;
76dca828
PP		 2822 break;
2823 }
2824 iterate_item = save_iterate_item;
76dca828
PP		 2825 }
2826
059ec3d9
PH		 2827 } /* Switch for comparison conditions */
2828
b5b871ac 2829 *yield = tempcond == testfor;
059ec3d9
PH		 2830 return s; /* End of comparison conditions */
2831
2832
2833 /* and/or: computes logical and/or of several conditions */
2834
2835 case ECOND_AND:
2836 case ECOND_OR:
2837 subcondptr = (yield == NULL)? NULL : &tempcond;
2838 combined_cond = (cond_type == ECOND_AND);
2839
2840 while (isspace(*s)) s++;
b5b871ac 2841 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9
PH		 2842
2843 for (;;)
2844 {
2845 while (isspace(*s)) s++;
b5b871ac 2846 /* {-for-text-editors */
059ec3d9 2847 if (*s == '}') break;
b5b871ac 2848 if (*s != '{') /* }-for-text-editors */
059ec3d9
PH		 2849 {
2850 expand_string_message = string_sprintf("each subcondition "
2851 "inside an \"%s{...}\" condition must be in its own {}", name);
2852 return NULL;
2853 }
2854
b0e85a8f 2855 if (!(s = eval_condition(s+1, resetok, subcondptr)))
059ec3d9
PH		 2856 {
2857 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2858 expand_string_message, name);
2859 return NULL;
2860 }
2861 while (isspace(*s)) s++;
2862
b5b871ac 2863 /* {-for-text-editors */
059ec3d9
PH		 2864 if (*s++ != '}')
2865 {
b5b871ac 2866 /* {-for-text-editors */
059ec3d9
PH		 2867 expand_string_message = string_sprintf("missing } at end of condition "
2868 "inside \"%s\" group", name);
2869 return NULL;
2870 }
2871
2872 if (yield != NULL)
2873 {
2874 if (cond_type == ECOND_AND)
2875 {
2876 combined_cond &= tempcond;
2877 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2878 } /* evaluate any more */
2879 else
2880 {
2881 combined_cond |= tempcond;
2882 if (combined_cond) subcondptr = NULL; /* once true, don't */
2883 } /* evaluate any more */
2884 }
2885 }
2886
2887 if (yield != NULL) *yield = (combined_cond == testfor);
2888 return ++s;
2889
2890
0ce9abe6
PH		 2891 /* forall/forany: iterates a condition with different values */
2892
2893 case ECOND_FORALL:
2894 case ECOND_FORANY:
2895 {
55414b25 2896 const uschar * list;
0ce9abe6 2897 int sep = 0;
282b357d 2898 uschar *save_iterate_item = iterate_item;
0ce9abe6 2899
82dbd376
JH		 2900 DEBUG(D_expand) debug_printf("condition: %s\n", name);
2901
0ce9abe6 2902 while (isspace(*s)) s++;
b5b871ac 2903 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2904 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
0ce9abe6 2905 if (sub[0] == NULL) return NULL;
b5b871ac 2906 /* {-for-text-editors */
0ce9abe6
PH		 2907 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2908
2909 while (isspace(*s)) s++;
b5b871ac 2910 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
0ce9abe6
PH		 2911
2912 sub[1] = s;
2913
2914 /* Call eval_condition once, with result discarded (as if scanning a
2915 "false" part). This allows us to find the end of the condition, because if
2916 the list it empty, we won't actually evaluate the condition for real. */
2917
b0e85a8f 2918 if (!(s = eval_condition(sub[1], resetok, NULL)))
0ce9abe6
PH		 2919 {
2920 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2921 expand_string_message, name);
2922 return NULL;
2923 }
2924 while (isspace(*s)) s++;
2925
b5b871ac 2926 /* {-for-text-editors */
0ce9abe6
PH		 2927 if (*s++ != '}')
2928 {
b5b871ac 2929 /* {-for-text-editors */
0ce9abe6
PH		 2930 expand_string_message = string_sprintf("missing } at end of condition "
2931 "inside \"%s\"", name);
2932 return NULL;
2933 }
2934
2935 if (yield != NULL) *yield = !testfor;
55414b25
JH		 2936 list = sub[0];
2937 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
0ce9abe6
PH		 2938 {
2939 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
b0e85a8f 2940 if (!eval_condition(sub[1], resetok, &tempcond))
0ce9abe6
PH		 2941 {
2942 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2943 expand_string_message, name);
e58c13cc 2944 iterate_item = save_iterate_item;
0ce9abe6
PH		 2945 return NULL;
2946 }
2947 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2948 tempcond? "true":"false");
2949
2950 if (yield != NULL) *yield = (tempcond == testfor);
2951 if (tempcond == (cond_type == ECOND_FORANY)) break;
2952 }
2953
282b357d 2954 iterate_item = save_iterate_item;
0ce9abe6
PH		 2955 return s;
2956 }
2957
2958
f3766eb5
NM		 2959 /* The bool{} expansion condition maps a string to boolean.
2960 The values supported should match those supported by the ACL condition
2961 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2962 of true/false. Note that Router "condition" rules have a different
2963 interpretation, where general data can be used and only a few values
2964 map to FALSE.
2965 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP		 2966 only matches true/yes/false/no.
2967 The bool_lax{} condition matches the Router logic, which is much more
2968 liberal. */
f3766eb5 2969 case ECOND_BOOL:
6a8de854 2970 case ECOND_BOOL_LAX:
f3766eb5
NM		 2971 {
2972 uschar *sub_arg[1];
71265ae9 2973 uschar *t, *t2;
6a8de854 2974 uschar *ourname;
f3766eb5
NM		 2975 size_t len;
2976 BOOL boolvalue = FALSE;
2977 while (isspace(*s)) s++;
b5b871ac 2978 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
6a8de854 2979 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
b0e85a8f 2980 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
f3766eb5 2981 {
6a8de854
PP		 2982 case 1: expand_string_message = string_sprintf(
2983 "too few arguments or bracketing error for %s",
2984 ourname);
f3766eb5
NM		 2985 /*FALLTHROUGH*/
2986 case 2:
2987 case 3: return NULL;
2988 }
2989 t = sub_arg[0];
2990 while (isspace(*t)) t++;
2991 len = Ustrlen(t);
71265ae9
PP		 2992 if (len)
2993 {
2994 /* trailing whitespace: seems like a good idea to ignore it too */
2995 t2 = t + len - 1;
2996 while (isspace(*t2)) t2--;
2997 if (t2 != (t + len))
2998 {
2999 *++t2 = '\0';
3000 len = t2 - t;
3001 }
3002 }
f3766eb5 3003 DEBUG(D_expand)
6a8de854
PP		 3004 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
3005 /* logic for the lax case from expand_check_condition(), which also does
3006 expands, and the logic is both short and stable enough that there should
3007 be no maintenance burden from replicating it. */
f3766eb5
NM		 3008 if (len == 0)
3009 boolvalue = FALSE;
51c7471d
JH		 3010 else if (*t == '-'
3011 ? Ustrspn(t+1, "0123456789") == len-1
3012 : Ustrspn(t, "0123456789") == len)
6a8de854 3013 {
f3766eb5 3014 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP		 3015 /* expand_check_condition only does a literal string "0" check */
3016 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3017 boolvalue = TRUE;
3018 }
f3766eb5
NM		 3019 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3020 boolvalue = TRUE;
3021 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3022 boolvalue = FALSE;
6a8de854
PP		 3023 else if (cond_type == ECOND_BOOL_LAX)
3024 boolvalue = TRUE;
f3766eb5
NM		 3025 else
3026 {
3027 expand_string_message = string_sprintf("unrecognised boolean "
3028 "value \"%s\"", t);
3029 return NULL;
3030 }
5ee6f336 3031 if (yield != NULL) *yield = (boolvalue == testfor);
f3766eb5
NM		 3032 return s;
3033 }
3034
059ec3d9
PH		 3035 /* Unknown condition */
3036
3037 default:
3038 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
3039 return NULL;
3040 } /* End switch on condition type */
3041
3042/* Missing braces at start and end of data */
3043
3044COND_FAILED_CURLY_START:
3045expand_string_message = string_sprintf("missing { after \"%s\"", name);
3046return NULL;
3047
3048COND_FAILED_CURLY_END:
3049expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3050 name);
3051return NULL;
3052
3053/* A condition requires code that is not compiled */
3054
3055#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3056 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3057 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3058COND_FAILED_NOT_COMPILED:
3059expand_string_message = string_sprintf("support for \"%s\" not compiled",
3060 name);
3061return NULL;
3062#endif
3063}
3064
3065
3066
3067
3068/*************************************************
3069* Save numerical variables *
3070*************************************************/
3071
3072/* This function is called from items such as "if" that want to preserve and
3073restore the numbered variables.
3074
3075Arguments:
3076 save_expand_string points to an array of pointers to set
3077 save_expand_nlength points to an array of ints for the lengths
3078
3079Returns: the value of expand max to save
3080*/
3081
3082static int
3083save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3084{
3085int i;
3086for (i = 0; i <= expand_nmax; i++)
3087 {
3088 save_expand_nstring[i] = expand_nstring[i];
3089 save_expand_nlength[i] = expand_nlength[i];
3090 }
3091return expand_nmax;
3092}
3093
3094
3095
3096/*************************************************
3097* Restore numerical variables *
3098*************************************************/
3099
3100/* This function restored saved values of numerical strings.
3101
3102Arguments:
3103 save_expand_nmax the number of strings to restore
3104 save_expand_string points to an array of pointers
3105 save_expand_nlength points to an array of ints
3106
3107Returns: nothing
3108*/
3109
3110static void
3111restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3112 int *save_expand_nlength)
3113{
3114int i;
3115expand_nmax = save_expand_nmax;
3116for (i = 0; i <= expand_nmax; i++)
3117 {
3118 expand_nstring[i] = save_expand_nstring[i];
3119 expand_nlength[i] = save_expand_nlength[i];
3120 }
3121}
3122
3123
3124
3125
3126
3127/*************************************************
3128* Handle yes/no substrings *
3129*************************************************/
3130
3131/* This function is used by ${if}, ${lookup} and ${extract} to handle the
3132alternative substrings that depend on whether or not the condition was true,
3133or the lookup or extraction succeeded. The substrings always have to be
3134expanded, to check their syntax, but "skipping" is set when the result is not
3135needed - this avoids unnecessary nested lookups.
3136
3137Arguments:
3138 skipping TRUE if we were skipping when this item was reached
3139 yes TRUE if the first string is to be used, else use the second
3140 save_lookup a value to put back into lookup_value before the 2nd expansion
3141 sptr points to the input string pointer
3142 yieldptr points to the output string pointer
3143 sizeptr points to the output string size
3144 ptrptr points to the output string pointer
3145 type "lookup" or "if" or "extract" or "run", for error message
b0e85a8f
JH		 3146 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3147 the store.
059ec3d9
PH		 3148
3149Returns: 0 OK; lookup_value has been reset to save_lookup
3150 1 expansion failed
3151 2 expansion failed because of bracketing error
3152*/
3153
3154static int
55414b25 3155process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
b0e85a8f 3156 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type, BOOL *resetok)
059ec3d9
PH		 3157{
3158int rc = 0;
55414b25 3159const uschar *s = *sptr; /* Local value */
059ec3d9
PH		 3160uschar *sub1, *sub2;
3161
3162/* If there are no following strings, we substitute the contents of $value for
063b1e99 3163lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 3164"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 3165items. */
059ec3d9
PH		 3166
3167while (isspace(*s)) s++;
3168if (*s == '}')
3169 {
063b1e99
PH		 3170 if (type[0] == 'i')
3171 {
8e669ac1 3172 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH		 3173 }
3174 else
8e669ac1 3175 {
063b1e99
PH		 3176 if (yes && lookup_value != NULL)
3177 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
3178 Ustrlen(lookup_value));
3179 lookup_value = save_lookup;
3180 }
059ec3d9
PH		 3181 s++;
3182 goto RETURN;
3183 }
3184
9b4768fa
PH		 3185/* The first following string must be braced. */
3186
3187if (*s++ != '{') goto FAILED_CURLY;
3188
059ec3d9
PH		 3189/* Expand the first substring. Forced failures are noticed only if we actually
3190want this string. Set skipping in the call in the fail case (this will always
3191be the case if we were already skipping). */
3192
b0e85a8f 3193sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
059ec3d9
PH		 3194if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3195expand_string_forcedfail = FALSE;
3196if (*s++ != '}') goto FAILED_CURLY;
3197
3198/* If we want the first string, add it to the output */
3199
3200if (yes)
3201 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
3202
3203/* If this is called from a lookup or an extract, we want to restore $value to
3204what it was at the start of the item, so that it has this value during the
d20976dc
PH		 3205second string expansion. For the call from "if" or "run" to this function,
3206save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH		 3207
3208lookup_value = save_lookup;
3209
3210/* There now follows either another substring, or "fail", or nothing. This
3211time, forced failures are noticed only if we want the second string. We must
3212set skipping in the nested call if we don't want this string, or if we were
3213already skipping. */
3214
3215while (isspace(*s)) s++;
3216if (*s == '{')
3217 {
b0e85a8f 3218 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
059ec3d9
PH		 3219 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3220 expand_string_forcedfail = FALSE;
3221 if (*s++ != '}') goto FAILED_CURLY;
3222
3223 /* If we want the second string, add it to the output */
3224
3225 if (!yes)
3226 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
3227 }
3228
3229/* If there is no second string, but the word "fail" is present when the use of
3230the second string is wanted, set a flag indicating it was a forced failure
3231rather than a syntactic error. Swallow the terminating } in case this is nested
3232inside another lookup or if or extract. */
3233
3234else if (*s != '}')
3235 {
3236 uschar name[256];
55414b25
JH		 3237 /* deconst cast ok here as source is s anyway */
3238 s = US read_name(name, sizeof(name), s, US"_");
059ec3d9
PH		 3239 if (Ustrcmp(name, "fail") == 0)
3240 {
3241 if (!yes && !skipping)
3242 {
3243 while (isspace(*s)) s++;
3244 if (*s++ != '}') goto FAILED_CURLY;
3245 expand_string_message =
3246 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3247 expand_string_forcedfail = TRUE;
3248 goto FAILED;
3249 }
3250 }
3251 else
3252 {
3253 expand_string_message =
3254 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3255 goto FAILED;
3256 }
3257 }
3258
3259/* All we have to do now is to check on the final closing brace. */
3260
3261while (isspace(*s)) s++;
3262if (*s++ == '}') goto RETURN;
3263
3264/* Get here if there is a bracketing failure */
3265
3266FAILED_CURLY:
3267rc++;
3268
3269/* Get here for other failures */
3270
3271FAILED:
3272rc++;
3273
3274/* Update the input pointer value before returning */
3275
3276RETURN:
3277*sptr = s;
3278return rc;
3279}
3280
3281
3282
3283
059ec3d9
PH		 3284/*************************************************
3285* Handle MD5 or SHA-1 computation for HMAC *
3286*************************************************/
3287
3288/* These are some wrapping functions that enable the HMAC code to be a bit
3289cleaner. A good compiler will spot the tail recursion.
3290
3291Arguments:
3292 type HMAC_MD5 or HMAC_SHA1
3293 remaining are as for the cryptographic hash functions
3294
3295Returns: nothing
3296*/
3297
3298static void
3299chash_start(int type, void *base)
3300{
3301if (type == HMAC_MD5)
3302 md5_start((md5 *)base);
3303else
3304 sha1_start((sha1 *)base);
3305}
3306
3307static void
3308chash_mid(int type, void *base, uschar *string)
3309{
3310if (type == HMAC_MD5)
3311 md5_mid((md5 *)base, string);
3312else
3313 sha1_mid((sha1 *)base, string);
3314}
3315
3316static void
3317chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3318{
3319if (type == HMAC_MD5)
3320 md5_end((md5 *)base, string, length, digest);
3321else
3322 sha1_end((sha1 *)base, string, length, digest);
3323}
3324
3325
3326
3327
3328
1549ea3b
PH		 3329/********************************************************
3330* prvs: Get last three digits of days since Jan 1, 1970 *
3331********************************************************/
3332
3333/* This is needed to implement the "prvs" BATV reverse
3334 path signing scheme
3335
3336Argument: integer "days" offset to add or substract to
3337 or from the current number of days.
3338
3339Returns: pointer to string containing the last three
3340 digits of the number of days since Jan 1, 1970,
3341 modified by the offset argument, NULL if there
3342 was an error in the conversion.
3343
3344*/
3345
3346static uschar *
3347prvs_daystamp(int day_offset)
3348{
a86229cf
PH		 3349uschar *days = store_get(32); /* Need at least 24 for cases */
3350(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 3351 (time(NULL) + day_offset*86400)/86400);
e169f567 3352return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH		 3353}
3354
3355
3356
3357/********************************************************
3358* prvs: perform HMAC-SHA1 computation of prvs bits *
3359********************************************************/
3360
3361/* This is needed to implement the "prvs" BATV reverse
3362 path signing scheme
3363
3364Arguments:
3365 address RFC2821 Address to use
3366 key The key to use (must be less than 64 characters
3367 in size)
3368 key_num Single-digit key number to use. Defaults to
3369 '0' when NULL.
3370
3371Returns: pointer to string containing the first three
3372 bytes of the final hash in hex format, NULL if
3373 there was an error in the process.
3374*/
3375
3376static uschar *
3377prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3378{
3379uschar *hash_source, *p;
3380int size = 0,offset = 0,i;
3381sha1 sha1_base;
3382void *use_base = &sha1_base;
3383uschar innerhash[20];
3384uschar finalhash[20];
3385uschar innerkey[64];
3386uschar outerkey[64];
3387uschar *finalhash_hex = store_get(40);
3388
3389if (key_num == NULL)
3390 key_num = US"0";
3391
3392if (Ustrlen(key) > 64)
3393 return NULL;
3394
3395hash_source = string_cat(NULL,&size,&offset,key_num,1);
3396string_cat(hash_source,&size,&offset,daystamp,3);
3397string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3398hash_source[offset] = '\0';
3399
3400DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3401
3402memset(innerkey, 0x36, 64);
3403memset(outerkey, 0x5c, 64);
3404
3405for (i = 0; i < Ustrlen(key); i++)
3406 {
3407 innerkey[i] ^= key[i];
3408 outerkey[i] ^= key[i];
3409 }
3410
3411chash_start(HMAC_SHA1, use_base);
3412chash_mid(HMAC_SHA1, use_base, innerkey);
3413chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3414
3415chash_start(HMAC_SHA1, use_base);
3416chash_mid(HMAC_SHA1, use_base, outerkey);
3417chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3418
3419p = finalhash_hex;
3420for (i = 0; i < 3; i++)
3421 {
3422 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3423 *p++ = hex_digits[finalhash[i] & 0x0f];
3424 }
3425*p = '\0';
3426
3427return finalhash_hex;
3428}
3429
3430
3431
3432
059ec3d9
PH		 3433/*************************************************
3434* Join a file onto the output string *
3435*************************************************/
3436
3437/* This is used for readfile and after a run expansion. It joins the contents
3438of a file onto the output string, globally replacing newlines with a given
3439string (optionally). The file is closed at the end.
3440
3441Arguments:
3442 f the FILE
3443 yield pointer to the expandable string
3444 sizep pointer to the current size
3445 ptrp pointer to the current position
3446 eol newline replacement string, or NULL
3447
3448Returns: new value of string pointer
3449*/
3450
3451static uschar *
3452cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
3453{
3454int eollen;
3455uschar buffer[1024];
3456
3457eollen = (eol == NULL)? 0 : Ustrlen(eol);
3458
3459while (Ufgets(buffer, sizeof(buffer), f) != NULL)
3460 {
3461 int len = Ustrlen(buffer);
3462 if (eol != NULL && buffer[len-1] == '\n') len--;
3463 yield = string_cat(yield, sizep, ptrp, buffer, len);
3464 if (buffer[len] != 0)
3465 yield = string_cat(yield, sizep, ptrp, eol, eollen);
3466 }
3467
3468if (yield != NULL) yield[*ptrp] = 0;
3469
3470return yield;
3471}
3472
3473
3474
3475
3476/*************************************************
3477* Evaluate numeric expression *
3478*************************************************/
3479
af561417
PH		 3480/* This is a set of mutually recursive functions that evaluate an arithmetic
3481expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3482these functions that is called from elsewhere is eval_expr, whose interface is:
059ec3d9
PH		 3483
3484Arguments:
af561417
PH		 3485 sptr pointer to the pointer to the string - gets updated
3486 decimal TRUE if numbers are to be assumed decimal
3487 error pointer to where to put an error message - must be NULL on input
3488 endket TRUE if ')' must terminate - FALSE for external call
059ec3d9 3489
af561417
PH		 3490Returns: on success: the value of the expression, with *error still NULL
3491 on failure: an undefined value, with *error = a message
059ec3d9
PH		 3492*/
3493
97d17305 3494static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
af561417 3495
059ec3d9 3496
97d17305 3497static int_eximarith_t
059ec3d9
PH		 3498eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3499{
3500uschar *s = *sptr;
97d17305 3501int_eximarith_t x = eval_op_or(&s, decimal, error);
059ec3d9
PH		 3502if (*error == NULL)
3503 {
af561417 3504 if (endket)
059ec3d9 3505 {
af561417
PH		 3506 if (*s != ')')
3507 *error = US"expecting closing parenthesis";
3508 else
3509 while (isspace(*(++s)));
059ec3d9 3510 }
af561417 3511 else if (*s != 0) *error = US"expecting operator";
059ec3d9 3512 }
059ec3d9
PH		 3513*sptr = s;
3514return x;
3515}
3516
af561417 3517
97d17305 3518static int_eximarith_t
af561417 3519eval_number(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 3520{
3521register int c;
97d17305 3522int_eximarith_t n;
059ec3d9
PH		 3523uschar *s = *sptr;
3524while (isspace(*s)) s++;
3525c = *s;
af561417 3526if (isdigit(c))
059ec3d9
PH		 3527 {
3528 int count;
97d17305 3529 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
059ec3d9 3530 s += count;
97d17305
JH		 3531 switch (tolower(*s))
3532 {
3533 default: break;
3534 case 'k': n *= 1024; s++; break;
3535 case 'm': n *= 1024*1024; s++; break;
3536 case 'g': n *= 1024*1024*1024; s++; break;
3537 }
059ec3d9
PH		 3538 while (isspace (*s)) s++;
3539 }
3540else if (c == '(')
3541 {
3542 s++;
3543 n = eval_expr(&s, decimal, error, 1);
3544 }
3545else
3546 {
3547 *error = US"expecting number or opening parenthesis";
3548 n = 0;
3549 }
3550*sptr = s;
3551return n;
3552}
3553
af561417 3554
97d17305 3555static int_eximarith_t
aa7c82b2 3556eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3557{
3558uschar *s = *sptr;
97d17305 3559int_eximarith_t x;
af561417
PH		 3560while (isspace(*s)) s++;
3561if (*s == '+' || *s == '-' || *s == '~')
3562 {
3563 int op = *s++;
3564 x = eval_op_unary(&s, decimal, error);
3565 if (op == '-') x = -x;
3566 else if (op == '~') x = ~x;
3567 }
3568else
3569 {
3570 x = eval_number(&s, decimal, error);
3571 }
3572*sptr = s;
3573return x;
3574}
3575
3576
97d17305 3577static int_eximarith_t
aa7c82b2 3578eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 3579{
3580uschar *s = *sptr;
97d17305 3581int_eximarith_t x = eval_op_unary(&s, decimal, error);
059ec3d9
PH		 3582if (*error == NULL)
3583 {
5591031b 3584 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH		 3585 {
3586 int op = *s++;
97d17305 3587 int_eximarith_t y = eval_op_unary(&s, decimal, error);
059ec3d9 3588 if (*error != NULL) break;
053a9aa3
PP		 3589 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3590 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3591 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3592 * -N*M is INT_MIN will yielf INT_MIN.
3593 * Since we don't support floating point, this is somewhat simpler.
3594 * Ideally, we'd return an error, but since we overflow for all other
3595 * arithmetic, consistency suggests otherwise, but what's the correct value
3596 * to use? There is none.
3597 * The C standard guarantees overflow for unsigned arithmetic but signed
3598 * overflow invokes undefined behaviour; in practice, this is overflow
3599 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3600 * that long/longlong larger than int are available, or we could just work
3601 * with larger types. We should consider whether to guarantee 32bit eval
3602 * and 64-bit working variables, with errors returned. For now ...
3603 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3604 * can just let the other invalid results occur otherwise, as they have
3605 * until now. For this one case, we can coerce.
3606 */
4328fd3c 3607 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
053a9aa3
PP		 3608 {
3609 DEBUG(D_expand)
97d17305 3610 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
4328fd3c
JH		 3611 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3612 x = EXIM_ARITH_MAX;
053a9aa3
PP		 3613 continue;
3614 }
a5b52695
PP		 3615 if (op == '*')
3616 x *= y;
3617 else
3618 {
3619 if (y == 0)
54e7ce4a 3620 {
a5b52695
PP		 3621 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3622 x = 0;
3623 break;
54e7ce4a 3624 }
a5b52695
PP		 3625 if (op == '/')
3626 x /= y;
3627 else
3628 x %= y;
3629 }
059ec3d9
PH		 3630 }
3631 }
3632*sptr = s;
3633return x;
3634}
3635
3636
97d17305 3637static int_eximarith_t
aa7c82b2 3638eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3639{
3640uschar *s = *sptr;
97d17305 3641int_eximarith_t x = eval_op_mult(&s, decimal, error);
af561417
PH		 3642if (*error == NULL)
3643 {
3644 while (*s == '+' || *s == '-')
3645 {
3646 int op = *s++;
97d17305 3647 int_eximarith_t y = eval_op_mult(&s, decimal, error);
af561417
PH		 3648 if (*error != NULL) break;
3649 if (op == '+') x += y; else x -= y;
3650 }
3651 }
3652*sptr = s;
3653return x;
3654}
3655
3656
97d17305 3657static int_eximarith_t
aa7c82b2 3658eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3659{
3660uschar *s = *sptr;
97d17305 3661int_eximarith_t x = eval_op_sum(&s, decimal, error);
af561417
PH		 3662if (*error == NULL)
3663 {
3664 while ((*s == '<' || *s == '>') && s[1] == s[0])
3665 {
97d17305 3666 int_eximarith_t y;
af561417
PH		 3667 int op = *s++;
3668 s++;
3669 y = eval_op_sum(&s, decimal, error);
3670 if (*error != NULL) break;
3671 if (op == '<') x <<= y; else x >>= y;
3672 }
3673 }
3674*sptr = s;
3675return x;
3676}
3677
3678
97d17305 3679static int_eximarith_t
aa7c82b2 3680eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3681{
3682uschar *s = *sptr;
97d17305 3683int_eximarith_t x = eval_op_shift(&s, decimal, error);
af561417
PH		 3684if (*error == NULL)
3685 {
3686 while (*s == '&')
3687 {
97d17305 3688 int_eximarith_t y;
af561417
PH		 3689 s++;
3690 y = eval_op_shift(&s, decimal, error);
3691 if (*error != NULL) break;
3692 x &= y;
3693 }
3694 }
3695*sptr = s;
3696return x;
3697}
3698
3699
97d17305 3700static int_eximarith_t
aa7c82b2 3701eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3702{
3703uschar *s = *sptr;
97d17305 3704int_eximarith_t x = eval_op_and(&s, decimal, error);
af561417
PH		 3705if (*error == NULL)
3706 {
3707 while (*s == '^')
3708 {
97d17305 3709 int_eximarith_t y;
af561417
PH		 3710 s++;
3711 y = eval_op_and(&s, decimal, error);
3712 if (*error != NULL) break;
3713 x ^= y;
3714 }
3715 }
3716*sptr = s;
3717return x;
3718}
3719
3720
97d17305 3721static int_eximarith_t
aa7c82b2 3722eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3723{
3724uschar *s = *sptr;
97d17305 3725int_eximarith_t x = eval_op_xor(&s, decimal, error);
af561417
PH		 3726if (*error == NULL)
3727 {
3728 while (*s == '|')
3729 {
97d17305 3730 int_eximarith_t y;
af561417
PH		 3731 s++;
3732 y = eval_op_xor(&s, decimal, error);
3733 if (*error != NULL) break;
3734 x |= y;
3735 }
3736 }
3737*sptr = s;
3738return x;
3739}
3740
059ec3d9
PH		 3741
3742
3743/*************************************************
3744* Expand string *
3745*************************************************/
3746
3747/* Returns either an unchanged string, or the expanded string in stacking pool
3748store. Interpreted sequences are:
3749
3750 \... normal escaping rules
3751 $name substitutes the variable
3752 ${name} ditto
3753 ${op:string} operates on the expanded string value
3754 ${item{arg1}{arg2}...} expands the args and then does the business
3755 some literal args are not enclosed in {}
3756
3757There are now far too many operators and item types to make it worth listing
3758them here in detail any more.
3759
3760We use an internal routine recursively to handle embedded substrings. The
3761external function follows. The yield is NULL if the expansion failed, and there
3762are two cases: if something collapsed syntactically, or if "fail" was given
3763as the action on a lookup failure. These can be distinguised by looking at the
3764variable expand_string_forcedfail, which is TRUE in the latter case.
3765
3766The skipping flag is set true when expanding a substring that isn't actually
3767going to be used (after "if" or "lookup") and it prevents lookups from
3768happening lower down.
3769
3770Store usage: At start, a store block of the length of the input plus 64
3771is obtained. This is expanded as necessary by string_cat(), which might have to
3772get a new block, or might be able to expand the original. At the end of the
3773function we can release any store above that portion of the yield block that
3774was actually used. In many cases this will be optimal.
3775
3776However: if the first item in the expansion is a variable name or header name,
3777we reset the store before processing it; if the result is in fresh store, we
3778use that without copying. This is helpful for expanding strings like
3779$message_headers which can get very long.
3780
d6b4d938
TF		 3781There's a problem if a ${dlfunc item has side-effects that cause allocation,
3782since resetting the store at the end of the expansion will free store that was
3783allocated by the plugin code as well as the slop after the expanded string. So
b0e85a8f
JH		 3784we skip any resets if ${dlfunc } has been used. The same applies for ${acl }
3785and, given the acl condition, ${if }. This is an unfortunate consequence of
3786string expansion becoming too powerful.
d6b4d938 3787
059ec3d9
PH		 3788Arguments:
3789 string the string to be expanded
3790 ket_ends true if expansion is to stop at }
3791 left if not NULL, a pointer to the first character after the
3792 expansion is placed here (typically used with ket_ends)
3793 skipping TRUE for recursive calls when the value isn't actually going
3794 to be used (to allow for optimisation)
da6dbe26
PP		 3795 honour_dollar TRUE if $ is to be expanded,
3796 FALSE if it's just another character
b0e85a8f
JH		 3797 resetok_p if not NULL, pointer to flag - write FALSE if unsafe to reset
3798 the store.
059ec3d9
PH		 3799
3800Returns: NULL if expansion fails:
3801 expand_string_forcedfail is set TRUE if failure was forced
3802 expand_string_message contains a textual error message
3803 a pointer to the expanded string on success
3804*/
3805
3806static uschar *
55414b25 3807expand_string_internal(const uschar *string, BOOL ket_ends, const uschar **left,
b0e85a8f 3808 BOOL skipping, BOOL honour_dollar, BOOL *resetok_p)
059ec3d9
PH		 3809{
3810int ptr = 0;
3811int size = Ustrlen(string)+ 64;
3812int item_type;
3813uschar *yield = store_get(size);
55414b25 3814const uschar *s = string;
059ec3d9
PH		 3815uschar *save_expand_nstring[EXPAND_MAXN+1];
3816int save_expand_nlength[EXPAND_MAXN+1];
d6b4d938 3817BOOL resetok = TRUE;
059ec3d9
PH		 3818
3819expand_string_forcedfail = FALSE;
3820expand_string_message = US"";
3821
3822while (*s != 0)
3823 {
3824 uschar *value;
3825 uschar name[256];
3826
3827 /* \ escapes the next character, which must exist, or else
3828 the expansion fails. There's a special escape, \N, which causes
3829 copying of the subject verbatim up to the next \N. Otherwise,
3830 the escapes are the standard set. */
3831
3832 if (*s == '\\')
3833 {
3834 if (s[1] == 0)
3835 {
3836 expand_string_message = US"\\ at end of string";
3837 goto EXPAND_FAILED;
3838 }
3839
3840 if (s[1] == 'N')
3841 {
55414b25 3842 const uschar * t = s + 2;
059ec3d9
PH		 3843 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3844 yield = string_cat(yield, &size, &ptr, t, s - t);
3845 if (*s != 0) s += 2;
3846 }
3847
3848 else
3849 {
3850 uschar ch[1];
3851 ch[0] = string_interpret_escape(&s);
3852 s++;
3853 yield = string_cat(yield, &size, &ptr, ch, 1);
3854 }
3855
3856 continue;
3857 }
3858
2e23003a 3859 /*{*/
059ec3d9
PH		 3860 /* Anything other than $ is just copied verbatim, unless we are
3861 looking for a terminating } character. */
3862
2e23003a 3863 /*{*/
059ec3d9
PH		 3864 if (ket_ends && *s == '}') break;
3865
da6dbe26 3866 if (*s != '$' || !honour_dollar)
059ec3d9
PH		 3867 {
3868 yield = string_cat(yield, &size, &ptr, s++, 1);
3869 continue;
3870 }
3871
3872 /* No { after the $ - must be a plain name or a number for string
3873 match variable. There has to be a fudge for variables that are the
3874 names of header fields preceded by "$header_" because header field
3875 names can contain any printing characters except space and colon.
3876 For those that don't like typing this much, "$h_" is a synonym for
3877 "$header_". A non-existent header yields a NULL value; nothing is
2e23003a 3878 inserted. */ /*}*/
059ec3d9
PH		 3879
3880 if (isalpha((*(++s))))
3881 {
3882 int len;
3883 int newsize = 0;
3884
3885 s = read_name(name, sizeof(name), s, US"_");
3886
3887 /* If this is the first thing to be expanded, release the pre-allocated
3888 buffer. */
3889
3890 if (ptr == 0 && yield != NULL)
3891 {
d6b4d938 3892 if (resetok) store_reset(yield);
059ec3d9
PH		 3893 yield = NULL;
3894 size = 0;
3895 }
3896
3897 /* Header */
3898
3899 if (Ustrncmp(name, "h_", 2) == 0 ||
3900 Ustrncmp(name, "rh_", 3) == 0 ||
3901 Ustrncmp(name, "bh_", 3) == 0 ||
3902 Ustrncmp(name, "header_", 7) == 0 ||
3903 Ustrncmp(name, "rheader_", 8) == 0 ||
3904 Ustrncmp(name, "bheader_", 8) == 0)
3905 {
3906 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3907 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3908 s = read_header_name(name, sizeof(name), s);
3909 value = find_header(name, FALSE, &newsize, want_raw, charset);
3910
3911 /* If we didn't find the header, and the header contains a closing brace
0d85fa3f 3912 character, this may be a user error where the terminating colon
059ec3d9
PH		 3913 has been omitted. Set a flag to adjust the error message in this case.
3914 But there is no error here - nothing gets inserted. */
3915
3916 if (value == NULL)
3917 {
3918 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3919 continue;
3920 }
3921 }
3922
3923 /* Variable */
3924
3925 else
3926 {
3927 value = find_variable(name, FALSE, skipping, &newsize);
3928 if (value == NULL)
3929 {
3930 expand_string_message =
3931 string_sprintf("unknown variable name \"%s\"", name);
641cb756 3932 check_variable_error_message(name);
059ec3d9
PH		 3933 goto EXPAND_FAILED;
3934 }
3935 }
3936
3937 /* If the data is known to be in a new buffer, newsize will be set to the
3938 size of that buffer. If this is the first thing in an expansion string,
3939 yield will be NULL; just point it at the new store instead of copying. Many
3940 expansion strings contain just one reference, so this is a useful
3941 optimization, especially for humungous headers. */
3942
3943 len = Ustrlen(value);
3944 if (yield == NULL && newsize != 0)
3945 {
3946 yield = value;
3947 size = newsize;
3948 ptr = len;
3949 }
3950 else yield = string_cat(yield, &size, &ptr, value, len);
3951
3952 continue;
3953 }
3954
3955 if (isdigit(*s))
3956 {
3957 int n;
55414b25 3958 s = read_cnumber(&n, s);
059ec3d9
PH		 3959 if (n >= 0 && n <= expand_nmax)
3960 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3961 expand_nlength[n]);
3962 continue;
3963 }
3964
2e23003a 3965 /* Otherwise, if there's no '{' after $ it's an error. */ /*}*/
059ec3d9 3966
2e23003a 3967 if (*s != '{') /*}*/
059ec3d9 3968 {
2e23003a 3969 expand_string_message = US"$ not followed by letter, digit, or {"; /*}*/
059ec3d9
PH		 3970 goto EXPAND_FAILED;
3971 }
3972
3973 /* After { there can be various things, but they all start with
3974 an initial word, except for a number for a string match variable. */
3975
3976 if (isdigit((*(++s))))
3977 {
3978 int n;
55414b25 3979 s = read_cnumber(&n, s); /*{*/
059ec3d9 3980 if (*s++ != '}')
2e23003a 3981 { /*{*/
059ec3d9
PH		 3982 expand_string_message = US"} expected after number";
3983 goto EXPAND_FAILED;
3984 }
3985 if (n >= 0 && n <= expand_nmax)
3986 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3987 expand_nlength[n]);
3988 continue;
3989 }
3990
3991 if (!isalpha(*s))
3992 {
2e23003a 3993 expand_string_message = US"letter or digit expected after ${"; /*}*/
059ec3d9
PH		 3994 goto EXPAND_FAILED;
3995 }
3996
3997 /* Allow "-" in names to cater for substrings with negative
3998 arguments. Since we are checking for known names after { this is
3999 OK. */
4000
4001 s = read_name(name, sizeof(name), s, US"_-");
0539a19d 4002 item_type = chop_match(name, item_table, nelem(item_table));
059ec3d9
PH		 4003
4004 switch(item_type)
4005 {
525239c1 4006 /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
333eea9c 4007 If the ACL returns accept or reject we return content set by "message ="
723c72e6
JH		 4008 There is currently no limit on recursion; this would have us call
4009 acl_check_internal() directly and get a current level from somewhere.
f60d98e8
JH		 4010 See also the acl expansion condition ECOND_ACL and the traditional
4011 acl modifier ACLC_ACL.
be7a5781 4012 Assume that the function has side-effects on the store that must be preserved.
723c72e6
JH		 4013 */
4014
4015 case EITEM_ACL:
333eea9c 4016 /* ${acl {name} {arg1}{arg2}...} */
723c72e6 4017 {
333eea9c 4018 uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */
723c72e6 4019 uschar *user_msg;
333eea9c 4020
089fc87a
JH		 4021 switch(read_subs(sub, nelem(sub), 1, &s, skipping, TRUE, US"acl",
4022 &resetok))
723c72e6
JH		 4023 {
4024 case 1: goto EXPAND_FAILED_CURLY;
4025 case 2:
4026 case 3: goto EXPAND_FAILED;
4027 }
4028 if (skipping) continue;
4029
be7a5781 4030 resetok = FALSE;
0539a19d 4031 switch(eval_acl(sub, nelem(sub), &user_msg))
723c72e6
JH		 4032 {
4033 case OK:
333eea9c 4034 case FAIL:
187bc588
JH		 4035 DEBUG(D_expand)
4036 debug_printf("acl expansion yield: %s\n", user_msg);
723c72e6
JH		 4037 if (user_msg)
4038 yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
4039 continue;
333eea9c 4040
723c72e6 4041 case DEFER:
333eea9c 4042 expand_string_forcedfail = TRUE;
723c72e6 4043 default:
333eea9c 4044 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
723c72e6
JH		 4045 goto EXPAND_FAILED;
4046 }
4047 }
4048
059ec3d9
PH		 4049 /* Handle conditionals - preserve the values of the numerical expansion
4050 variables in case they get changed by a regular expression match in the
4051 condition. If not, they retain their external settings. At the end
4052 of this "if" section, they get restored to their previous values. */
4053
4054 case EITEM_IF:
4055 {
4056 BOOL cond = FALSE;
55414b25 4057 const uschar *next_s;
059ec3d9
PH		 4058 int save_expand_nmax =
4059 save_expand_strings(save_expand_nstring, save_expand_nlength);
4060
4061 while (isspace(*s)) s++;
b0e85a8f 4062 next_s = eval_condition(s, &resetok, skipping? NULL : &cond);
059ec3d9
PH		 4063 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
4064
4065 DEBUG(D_expand)
4066 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
4067 cond? "true" : "false");
4068
4069 s = next_s;
4070
4071 /* The handling of "yes" and "no" result strings is now in a separate
4072 function that is also used by ${lookup} and ${extract} and ${run}. */
4073
4074 switch(process_yesno(
4075 skipping, /* were previously skipping */
4076 cond, /* success/failure indicator */
4077 lookup_value, /* value to reset for string2 */
4078 &s, /* input pointer */
4079 &yield, /* output pointer */
4080 &size, /* output size */
4081 &ptr, /* output current point */
b0e85a8f
JH		 4082 US"if", /* condition type */
4083 &resetok))
059ec3d9
PH		 4084 {
4085 case 1: goto EXPAND_FAILED; /* when all is well, the */
4086 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4087 }
4088
4089 /* Restore external setting of expansion variables for continuation
4090 at this level. */
4091
b0e85a8f
JH		 4092 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4093 save_expand_nlength);
059ec3d9
PH		 4094 continue;
4095 }
4096
ed0512a1
JH		 4097#ifdef EXPERIMENTAL_INTERNATIONAL
4098 case EITEM_IMAPFOLDER:
4099 { /* ${imapfolder {name}{sep]{specials}} */
4100 uschar *sub_arg[3];
4101 uschar *encoded;
4102
0539a19d
JH		 4103 switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
4104 &resetok))
ed0512a1
JH		 4105 {
4106 case 1: goto EXPAND_FAILED_CURLY;
4107 case 2:
4108 case 3: goto EXPAND_FAILED;
4109 }
4110
4111 if (sub_arg[1] == NULL) /* One argument */
4112 {
0539a19d 4113 sub_arg[1] = US"/"; /* default separator */
ed0512a1
JH		 4114 sub_arg[2] = NULL;
4115 }
0539a19d 4116 else if (Ustrlen(sub_arg[1]) != 1)
ed0512a1 4117 {
94431adb 4118 expand_string_message =
ed0512a1 4119 string_sprintf(
94431adb 4120 "IMAP folder separator must be one character, found \"%s\"",
ed0512a1
JH		 4121 sub_arg[1]);
4122 goto EXPAND_FAILED;
4123 }
4124
4125 if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset,
4126 sub_arg[1][0], sub_arg[2], &expand_string_message)))
4127 goto EXPAND_FAILED;
4128 if (!skipping)
4129 yield = string_cat(yield, &size, &ptr, encoded, Ustrlen(encoded));
4130 continue;
4131 }
4132#endif
4133
059ec3d9
PH		 4134 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
4135 expanding an internal string that isn't actually going to be used. All we
4136 need to do is check the syntax, so don't do a lookup at all. Preserve the
4137 values of the numerical expansion variables in case they get changed by a
4138 partial lookup. If not, they retain their external settings. At the end
4139 of this "lookup" section, they get restored to their previous values. */
4140
4141 case EITEM_LOOKUP:
4142 {
4143 int stype, partial, affixlen, starflags;
4144 int expand_setup = 0;
4145 int nameptr = 0;
55414b25
JH		 4146 uschar *key, *filename;
4147 const uschar *affix;
059ec3d9
PH		 4148 uschar *save_lookup_value = lookup_value;
4149 int save_expand_nmax =
4150 save_expand_strings(save_expand_nstring, save_expand_nlength);
4151
4152 if ((expand_forbid & RDO_LOOKUP) != 0)
4153 {
4154 expand_string_message = US"lookup expansions are not permitted";
4155 goto EXPAND_FAILED;
4156 }
4157
4158 /* Get the key we are to look up for single-key+file style lookups.
4159 Otherwise set the key NULL pro-tem. */
4160
4161 while (isspace(*s)) s++;
2e23003a 4162 if (*s == '{') /*}*/
059ec3d9 4163 {
b0e85a8f 4164 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
2e23003a 4165 if (key == NULL) goto EXPAND_FAILED; /*{*/
059ec3d9
PH		 4166 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4167 while (isspace(*s)) s++;
4168 }
4169 else key = NULL;
4170
4171 /* Find out the type of database */
4172
4173 if (!isalpha(*s))
4174 {
4175 expand_string_message = US"missing lookup type";
4176 goto EXPAND_FAILED;
4177 }
4178
4179 /* The type is a string that may contain special characters of various
4180 kinds. Allow everything except space or { to appear; the actual content
2e23003a 4181 is checked by search_findtype_partial. */ /*}*/
059ec3d9 4182
2e23003a 4183 while (*s != 0 && *s != '{' && !isspace(*s)) /*}*/
059ec3d9
PH		 4184 {
4185 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
4186 s++;
4187 }
4188 name[nameptr] = 0;
4189 while (isspace(*s)) s++;
4190
4191 /* Now check for the individual search type and any partial or default
4192 options. Only those types that are actually in the binary are valid. */
4193
4194 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
4195 &starflags);
4196 if (stype < 0)
4197 {
4198 expand_string_message = search_error_message;
4199 goto EXPAND_FAILED;
4200 }
4201
4202 /* Check that a key was provided for those lookup types that need it,
4203 and was not supplied for those that use the query style. */
4204
13b685f9 4205 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
059ec3d9
PH		 4206 {
4207 if (key == NULL)
4208 {
4209 expand_string_message = string_sprintf("missing {key} for single-"
4210 "key \"%s\" lookup", name);
4211 goto EXPAND_FAILED;
4212 }
4213 }
4214 else
4215 {
4216 if (key != NULL)
4217 {
4218 expand_string_message = string_sprintf("a single key was given for "
4219 "lookup type \"%s\", which is not a single-key lookup type", name);
4220 goto EXPAND_FAILED;
4221 }
4222 }
4223
4224 /* Get the next string in brackets and expand it. It is the file name for
13b685f9
PH		 4225 single-key+file lookups, and the whole query otherwise. In the case of
4226 queries that also require a file name (e.g. sqlite), the file name comes
4227 first. */
059ec3d9
PH		 4228
4229 if (*s != '{') goto EXPAND_FAILED_CURLY;
b0e85a8f 4230 filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
059ec3d9
PH		 4231 if (filename == NULL) goto EXPAND_FAILED;
4232 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4233 while (isspace(*s)) s++;
4234
4235 /* If this isn't a single-key+file lookup, re-arrange the variables
13b685f9
PH		 4236 to be appropriate for the search_ functions. For query-style lookups,
4237 there is just a "key", and no file name. For the special query-style +
4238 file types, the query (i.e. "key") starts with a file name. */
059ec3d9
PH		 4239
4240 if (key == NULL)
4241 {
13b685f9 4242 while (isspace(*filename)) filename++;
059ec3d9 4243 key = filename;
13b685f9
PH		 4244
4245 if (mac_islookup(stype, lookup_querystyle))
4246 {
4247 filename = NULL;
4248 }
4249 else
4250 {
4251 if (*filename != '/')
4252 {
4253 expand_string_message = string_sprintf(
4254 "absolute file name expected for \"%s\" lookup", name);
4255 goto EXPAND_FAILED;
4256 }
4257 while (*key != 0 && !isspace(*key)) key++;
4258 if (*key != 0) *key++ = 0;
4259 }
059ec3d9
PH		 4260 }
4261
4262 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
4263 the entry was not found. Note that there is no search_close() function.
4264 Files are left open in case of re-use. At suitable places in higher logic,
4265 search_tidyup() is called to tidy all open files. This can save opening
4266 the same file several times. However, files may also get closed when
4267 others are opened, if too many are open at once. The rule is that a
4268 handle should not be used after a second search_open().
4269
4270 Request that a partial search sets up $1 and maybe $2 by passing
4271 expand_setup containing zero. If its value changes, reset expand_nmax,
4272 since new variables will have been set. Note that at the end of this
4273 "lookup" section, the old numeric variables are restored. */
4274
4275 if (skipping)
4276 lookup_value = NULL;
4277 else
4278 {
4279 void *handle = search_open(filename, stype, 0, NULL, NULL);
4280 if (handle == NULL)
4281 {
4282 expand_string_message = search_error_message;
4283 goto EXPAND_FAILED;
4284 }
4285 lookup_value = search_find(handle, filename, key, partial, affix,
4286 affixlen, starflags, &expand_setup);
4287 if (search_find_defer)
4288 {
4289 expand_string_message =
b72aab72
PP		 4290 string_sprintf("lookup of \"%s\" gave DEFER: %s",
4291 string_printing2(key, FALSE), search_error_message);
059ec3d9
PH		 4292 goto EXPAND_FAILED;
4293 }
4294 if (expand_setup > 0) expand_nmax = expand_setup;
4295 }
4296
4297 /* The handling of "yes" and "no" result strings is now in a separate
4298 function that is also used by ${if} and ${extract}. */
4299
4300 switch(process_yesno(
4301 skipping, /* were previously skipping */
4302 lookup_value != NULL, /* success/failure indicator */
4303 save_lookup_value, /* value to reset for string2 */
4304 &s, /* input pointer */
4305 &yield, /* output pointer */
4306 &size, /* output size */
4307 &ptr, /* output current point */
b0e85a8f
JH		 4308 US"lookup", /* condition type */
4309 &resetok))
059ec3d9
PH		 4310 {
4311 case 1: goto EXPAND_FAILED; /* when all is well, the */
4312 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4313 }
4314
4315 /* Restore external setting of expansion variables for carrying on
4316 at this level, and continue. */
4317
4318 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4319 save_expand_nlength);
4320 continue;
4321 }
4322
4323 /* If Perl support is configured, handle calling embedded perl subroutines,
4324 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
4325 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
4326 arguments (defined below). */
4327
059ec3d9
PH		 4328 #define EXIM_PERL_MAX_ARGS 8
4329
4330 case EITEM_PERL:
1a46a8c5 4331 #ifndef EXIM_PERL
2e23003a 4332 expand_string_message = US"\"${perl\" encountered, but this facility " /*}*/
1a46a8c5
PH		 4333 "is not included in this binary";
4334 goto EXPAND_FAILED;
4335
4336 #else /* EXIM_PERL */
059ec3d9
PH		 4337 {
4338 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
4339 uschar *new_yield;
4340
4341 if ((expand_forbid & RDO_PERL) != 0)
4342 {
4343 expand_string_message = US"Perl calls are not permitted";
4344 goto EXPAND_FAILED;
4345 }
4346
4347 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
b0e85a8f 4348 US"perl", &resetok))
059ec3d9
PH		 4349 {
4350 case 1: goto EXPAND_FAILED_CURLY;
4351 case 2:
4352 case 3: goto EXPAND_FAILED;
4353 }
4354
4355 /* If skipping, we don't actually do anything */
4356
4357 if (skipping) continue;
4358
4359 /* Start the interpreter if necessary */
4360
4361 if (!opt_perl_started)
4362 {
4363 uschar *initerror;
4364 if (opt_perl_startup == NULL)
4365 {
4366 expand_string_message = US"A setting of perl_startup is needed when "
4367 "using the Perl interpreter";
4368 goto EXPAND_FAILED;
4369 }
4370 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
4371 initerror = init_perl(opt_perl_startup);
4372 if (initerror != NULL)
4373 {
4374 expand_string_message =
4375 string_sprintf("error in perl_startup code: %s\n", initerror);
4376 goto EXPAND_FAILED;
4377 }
4378 opt_perl_started = TRUE;
4379 }
4380
4381 /* Call the function */
4382
4383 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
4384 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
4385 sub_arg[0], sub_arg + 1);
4386
4387 /* NULL yield indicates failure; if the message pointer has been set to
4388 NULL, the yield was undef, indicating a forced failure. Otherwise the
4389 message will indicate some kind of Perl error. */
4390
4391 if (new_yield == NULL)
4392 {
4393 if (expand_string_message == NULL)
4394 {
4395 expand_string_message =
4396 string_sprintf("Perl subroutine \"%s\" returned undef to force "
4397 "failure", sub_arg[0]);
4398 expand_string_forcedfail = TRUE;
4399 }
4400 goto EXPAND_FAILED;
4401 }
4402
4403 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
4404 set during a callback from Perl. */
4405
4406 expand_string_forcedfail = FALSE;
4407 yield = new_yield;
4408 continue;
4409 }
4410 #endif /* EXIM_PERL */
4411
fffda43a
TK		 4412 /* Transform email address to "prvs" scheme to use
4413 as BATV-signed return path */
4414
4415 case EITEM_PRVS:
4416 {
4417 uschar *sub_arg[3];
4418 uschar *p,*domain;
4419
b0e85a8f 4420 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs", &resetok))
fffda43a
TK		 4421 {
4422 case 1: goto EXPAND_FAILED_CURLY;
4423 case 2:
4424 case 3: goto EXPAND_FAILED;
4425 }
4426
4427 /* If skipping, we don't actually do anything */
4428 if (skipping) continue;
4429
4430 /* sub_arg[0] is the address */
4431 domain = Ustrrchr(sub_arg[0],'@');
4432 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
4433 {
cb9328de
PH		 4434 expand_string_message = US"prvs first argument must be a qualified email address";
4435 goto EXPAND_FAILED;
4436 }
4437
4438 /* Calculate the hash. The second argument must be a single-digit
4439 key number, or unset. */
4440
4441 if (sub_arg[2] != NULL &&
4442 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
4443 {
4444 expand_string_message = US"prvs second argument must be a single digit";
fffda43a
TK		 4445 goto EXPAND_FAILED;
4446 }
4447
fffda43a
TK		 4448 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
4449 if (p == NULL)
4450 {
cb9328de 4451 expand_string_message = US"prvs hmac-sha1 conversion failed";
fffda43a
TK		 4452 goto EXPAND_FAILED;
4453 }
4454
4455 /* Now separate the domain from the local part */
4456 *domain++ = '\0';
4457
4458 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
fffda43a
TK		 4459 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
4460 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
4461 string_cat(yield,&size,&ptr,p,6);
a48ced90
TK		 4462 string_cat(yield,&size,&ptr,US"=",1);
4463 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
fffda43a
TK		 4464 string_cat(yield,&size,&ptr,US"@",1);
4465 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
4466
4467 continue;
4468 }
4469
4470 /* Check a prvs-encoded address for validity */
4471
4472 case EITEM_PRVSCHECK:
4473 {
4474 uschar *sub_arg[3];
4475 int mysize = 0, myptr = 0;
4476 const pcre *re;
4477 uschar *p;
72fdd6ae
PH		 4478
4479 /* TF: Ugliness: We want to expand parameter 1 first, then set
fffda43a
TK		 4480 up expansion variables that are used in the expansion of
4481 parameter 2. So we clone the string for the first
72fdd6ae
PH		 4482 expansion, where we only expand parameter 1.
4483
4484 PH: Actually, that isn't necessary. The read_subs() function is
4485 designed to work this way for the ${if and ${lookup expansions. I've
4486 tidied the code.
4487 */
fffda43a
TK		 4488
4489 /* Reset expansion variables */
4490 prvscheck_result = NULL;
4491 prvscheck_address = NULL;
4492 prvscheck_keynum = NULL;
4493
b0e85a8f 4494 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
fffda43a
TK		 4495 {
4496 case 1: goto EXPAND_FAILED_CURLY;
4497 case 2:
4498 case 3: goto EXPAND_FAILED;
4499 }
4500
a48ced90 4501 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
fffda43a
TK		 4502 TRUE,FALSE);
4503
72fdd6ae
PH		 4504 if (regex_match_and_setup(re,sub_arg[0],0,-1))
4505 {
a48ced90
TK		 4506 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
4507 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
4508 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
4509 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
fffda43a
TK		 4510 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
4511
4512 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
4513 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
4514 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
4515 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
4516 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
4517
4518 /* Set up expansion variables */
4519 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
2740a2ca 4520 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
fffda43a
TK		 4521 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
4522 prvscheck_address[myptr] = '\0';
4523 prvscheck_keynum = string_copy(key_num);
4524
72fdd6ae 4525 /* Now expand the second argument */
b0e85a8f 4526 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
fffda43a
TK		 4527 {
4528 case 1: goto EXPAND_FAILED_CURLY;
4529 case 2:
4530 case 3: goto EXPAND_FAILED;
4531 }
4532
fffda43a 4533 /* Now we have the key and can check the address. */
72fdd6ae
PH		 4534
4535 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
4536 daystamp);
4537
fffda43a
TK		 4538 if (p == NULL)
4539 {
4540 expand_string_message = US"hmac-sha1 conversion failed";
4541 goto EXPAND_FAILED;
4542 }
4543
4544 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
4545 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
72fdd6ae 4546
fffda43a
TK		 4547 if (Ustrcmp(p,hash) == 0)
4548 {
4549 /* Success, valid BATV address. Now check the expiry date. */
4550 uschar *now = prvs_daystamp(0);
4551 unsigned int inow = 0,iexpire = 1;
4552
ff790e47
PH		 4553 (void)sscanf(CS now,"%u",&inow);
4554 (void)sscanf(CS daystamp,"%u",&iexpire);
fffda43a
TK		 4555
4556 /* When "iexpire" is < 7, a "flip" has occured.
4557 Adjust "inow" accordingly. */
4558 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
4559
686c36b7 4560 if (iexpire >= inow)
fffda43a
TK		 4561 {
4562 prvscheck_result = US"1";
4563 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
4564 }
4565 else
4566 {
4567 prvscheck_result = NULL;
4568 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
4569 }
4570 }
4571 else
4572 {
4573 prvscheck_result = NULL;
4574 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
4575 }
72fdd6ae
PH		 4576
4577 /* Now expand the final argument. We leave this till now so that
4578 it can include $prvscheck_result. */
4579
b0e85a8f 4580 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs", &resetok))
72fdd6ae
PH		 4581 {
4582 case 1: goto EXPAND_FAILED_CURLY;
4583 case 2:
4584 case 3: goto EXPAND_FAILED;
4585 }
4586
4587 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
4588 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
4589 else
4590 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4591
4592 /* Reset the "internal" variables afterwards, because they are in
4593 dynamic store that will be reclaimed if the expansion succeeded. */
4594
4595 prvscheck_address = NULL;
4596 prvscheck_keynum = NULL;
4597 }
fffda43a
TK		 4598 else
4599 {
4600 /* Does not look like a prvs encoded address, return the empty string.
72fdd6ae
PH		 4601 We need to make sure all subs are expanded first, so as to skip over
4602 the entire item. */
4603
b0e85a8f 4604 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs", &resetok))
fffda43a
TK		 4605 {
4606 case 1: goto EXPAND_FAILED_CURLY;
4607 case 2:
4608 case 3: goto EXPAND_FAILED;
4609 }
4610 }
4611
4612 continue;
4613 }
4614
059ec3d9
PH		 4615 /* Handle "readfile" to insert an entire file */
4616
4617 case EITEM_READFILE:
4618 {
4619 FILE *f;
4620 uschar *sub_arg[2];
4621
4622 if ((expand_forbid & RDO_READFILE) != 0)
4623 {
4624 expand_string_message = US"file insertions are not permitted";
4625 goto EXPAND_FAILED;
4626 }
4627
b0e85a8f 4628 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile", &resetok))
059ec3d9
PH		 4629 {
4630 case 1: goto EXPAND_FAILED_CURLY;
4631 case 2:
4632 case 3: goto EXPAND_FAILED;
4633 }
4634
4635 /* If skipping, we don't actually do anything */
4636
4637 if (skipping) continue;
4638
4639 /* Open the file and read it */
4640
4641 f = Ufopen(sub_arg[0], "rb");
4642 if (f == NULL)
4643 {
4644 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4645 goto EXPAND_FAILED;
4646 }
4647
4648 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
f1e894f3 4649 (void)fclose(f);
059ec3d9
PH		 4650 continue;
4651 }
4652
4653 /* Handle "readsocket" to insert data from a Unix domain socket */
4654
4655 case EITEM_READSOCK:
4656 {
4657 int fd;
4658 int timeout = 5;
4659 int save_ptr = ptr;
4660 FILE *f;
4661 struct sockaddr_un sockun; /* don't call this "sun" ! */
4662 uschar *arg;
4663 uschar *sub_arg[4];
4664
4665 if ((expand_forbid & RDO_READSOCK) != 0)
4666 {
4667 expand_string_message = US"socket insertions are not permitted";
4668 goto EXPAND_FAILED;
4669 }
4670
4671 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4672 because there may be a string for expansion on failure. */
4673
b0e85a8f 4674 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket", &resetok))
059ec3d9
PH		 4675 {
4676 case 1: goto EXPAND_FAILED_CURLY;
4677 case 2: /* Won't occur: no end check */
4678 case 3: goto EXPAND_FAILED;
4679 }
4680
4681 /* Sort out timeout, if given */
4682
4683 if (sub_arg[2] != NULL)
4684 {
4685 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
4686 if (timeout < 0)
4687 {
4688 expand_string_message = string_sprintf("bad time value %s",
4689 sub_arg[2]);
4690 goto EXPAND_FAILED;
4691 }
4692 }
4693 else sub_arg[3] = NULL; /* No eol if no timeout */
4694
1cce3af8
PH		 4695 /* If skipping, we don't actually do anything. Otherwise, arrange to
4696 connect to either an IP or a Unix socket. */
059ec3d9
PH		 4697
4698 if (!skipping)
4699 {
1cce3af8 4700 /* Handle an IP (internet) domain */
059ec3d9 4701
91ecef39 4702 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
059ec3d9 4703 {
b1f8e4f8 4704 int port;
1cce3af8
PH		 4705 uschar *server_name = sub_arg[0] + 5;
4706 uschar *port_name = Ustrrchr(server_name, ':');
4707
4708 /* Sort out the port */
4709
4710 if (port_name == NULL)
4711 {
4712 expand_string_message =
4713 string_sprintf("missing port for readsocket %s", sub_arg[0]);
4714 goto EXPAND_FAILED;
4715 }
4716 *port_name++ = 0; /* Terminate server name */
4717
4718 if (isdigit(*port_name))
4719 {
4720 uschar *end;
4721 port = Ustrtol(port_name, &end, 0);
4722 if (end != port_name + Ustrlen(port_name))
4723 {
4724 expand_string_message =
4725 string_sprintf("invalid port number %s", port_name);
4726 goto EXPAND_FAILED;
4727 }
4728 }
4729 else
4730 {
4731 struct servent *service_info = getservbyname(CS port_name, "tcp");
4732 if (service_info == NULL)
4733 {
4734 expand_string_message = string_sprintf("unknown port \"%s\"",
4735 port_name);
4736 goto EXPAND_FAILED;
4737 }
4738 port = ntohs(service_info->s_port);
4739 }
4740
b1f8e4f8
JH		 4741 if ((fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
4742 timeout, NULL, &expand_string_message)) < 0)
1cce3af8 4743 goto SOCK_FAIL;
059ec3d9
PH		 4744 }
4745
1cce3af8
PH		 4746 /* Handle a Unix domain socket */
4747
4748 else
059ec3d9 4749 {
a401ddaa 4750 int rc;
1cce3af8
PH		 4751 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4752 {
4753 expand_string_message = string_sprintf("failed to create socket: %s",
4754 strerror(errno));
4755 goto SOCK_FAIL;
4756 }
4757
4758 sockun.sun_family = AF_UNIX;
4759 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4760 sub_arg[0]);
a401ddaa
PH		 4761
4762 sigalrm_seen = FALSE;
4763 alarm(timeout);
4764 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4765 alarm(0);
734e1499 4766 if (sigalrm_seen)
1cce3af8 4767 {
734e1499 4768 expand_string_message = US "socket connect timed out";
1cce3af8
PH		 4769 goto SOCK_FAIL;
4770 }
734e1499 4771 if (rc < 0)
a401ddaa 4772 {
734e1499
PH		 4773 expand_string_message = string_sprintf("failed to connect to socket "
4774 "%s: %s", sub_arg[0], strerror(errno));
a401ddaa
PH		 4775 goto SOCK_FAIL;
4776 }
059ec3d9 4777 }
1cce3af8 4778
059ec3d9
PH		 4779 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4780
567e584c
JH		 4781 /* Allow sequencing of test actions */
4782 if (running_in_test_harness) millisleep(100);
4783
059ec3d9
PH		 4784 /* Write the request string, if not empty */
4785
4786 if (sub_arg[1][0] != 0)
4787 {
4788 int len = Ustrlen(sub_arg[1]);
4789 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4790 sub_arg[1]);
4791 if (write(fd, sub_arg[1], len) != len)
4792 {
4793 expand_string_message = string_sprintf("request write to socket "
4794 "failed: %s", strerror(errno));
4795 goto SOCK_FAIL;
4796 }
4797 }
4798
c1114884
PH		 4799 /* Shut down the sending side of the socket. This helps some servers to
4800 recognise that it is their turn to do some work. Just in case some
4801 system doesn't have this function, make it conditional. */
4802
4803 #ifdef SHUT_WR
4804 shutdown(fd, SHUT_WR);
4805 #endif
4806
567e584c
JH		 4807 if (running_in_test_harness) millisleep(100);
4808
059ec3d9
PH		 4809 /* Now we need to read from the socket, under a timeout. The function
4810 that reads a file can be used. */
4811
4812 f = fdopen(fd, "rb");
4813 sigalrm_seen = FALSE;
4814 alarm(timeout);
4815 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4816 alarm(0);
f1e894f3 4817 (void)fclose(f);
059ec3d9
PH		 4818
4819 /* After a timeout, we restore the pointer in the result, that is,
4820 make sure we add nothing from the socket. */
4821
4822 if (sigalrm_seen)
4823 {
4824 ptr = save_ptr;
1cce3af8 4825 expand_string_message = US "socket read timed out";
059ec3d9
PH		 4826 goto SOCK_FAIL;
4827 }
4828 }
4829
4830 /* The whole thing has worked (or we were skipping). If there is a
4831 failure string following, we need to skip it. */
4832
4833 if (*s == '{')
4834 {
b0e85a8f 4835 if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL)
059ec3d9
PH		 4836 goto EXPAND_FAILED;
4837 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4838 while (isspace(*s)) s++;
4839 }
4840 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4841 continue;
4842
4843 /* Come here on failure to create socket, connect socket, write to the
4844 socket, or timeout on reading. If another substring follows, expand and
4845 use it. Otherwise, those conditions give expand errors. */
4846
4847 SOCK_FAIL:
4848 if (*s != '{') goto EXPAND_FAILED;
4849 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
b0e85a8f 4850 arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok);
059ec3d9
PH		 4851 if (arg == NULL) goto EXPAND_FAILED;
4852 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4853 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4854 while (isspace(*s)) s++;
4855 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4856 continue;
4857 }
4858
4859 /* Handle "run" to execute a program. */
4860
4861 case EITEM_RUN:
4862 {
4863 FILE *f;
059ec3d9 4864 uschar *arg;
55414b25 4865 const uschar **argv;
059ec3d9
PH		 4866 pid_t pid;
4867 int fd_in, fd_out;
4868 int lsize = 0;
4869 int lptr = 0;
4870
4871 if ((expand_forbid & RDO_RUN) != 0)
4872 {
4873 expand_string_message = US"running a command is not permitted";
4874 goto EXPAND_FAILED;
4875 }
4876
4877 while (isspace(*s)) s++;
4878 if (*s != '{') goto EXPAND_FAILED_CURLY;
b0e85a8f 4879 arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
059ec3d9
PH		 4880 if (arg == NULL) goto EXPAND_FAILED;
4881 while (isspace(*s)) s++;
4882 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4883
4884 if (skipping) /* Just pretend it worked when we're skipping */
4885 {
4886 runrc = 0;
4887 }
4888 else
4889 {
4890 if (!transport_set_up_command(&argv, /* anchor for arg list */
4891 arg, /* raw command */
4892 FALSE, /* don't expand the arguments */
4893 0, /* not relevant when... */
4894 NULL, /* no transporting address */
4895 US"${run} expansion", /* for error messages */
4896 &expand_string_message)) /* where to put error message */
4897 {
4898 goto EXPAND_FAILED;
4899 }
4900
4901 /* Create the child process, making it a group leader. */
4902
55414b25 4903 pid = child_open(USS argv, NULL, 0077, &fd_in, &fd_out, TRUE);
059ec3d9
PH		 4904
4905 if (pid < 0)
4906 {
4907 expand_string_message =
4908 string_sprintf("couldn't create child process: %s", strerror(errno));
4909 goto EXPAND_FAILED;
4910 }
4911
4912 /* Nothing is written to the standard input. */
4913
f1e894f3 4914 (void)close(fd_in);
059ec3d9 4915
ac53fcda
PP		 4916 /* Read the pipe to get the command's output into $value (which is kept
4917 in lookup_value). Read during execution, so that if the output exceeds
4918 the OS pipe buffer limit, we don't block forever. */
4919
4920 f = fdopen(fd_out, "rb");
4921 sigalrm_seen = FALSE;
4922 alarm(60);
4923 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4924 alarm(0);
4925 (void)fclose(f);
4926
059ec3d9
PH		 4927 /* Wait for the process to finish, applying the timeout, and inspect its
4928 return code for serious disasters. Simple non-zero returns are passed on.
4929 */
4930
ac53fcda 4931 if (sigalrm_seen == TRUE || (runrc = child_close(pid, 30)) < 0)
059ec3d9 4932 {
ac53fcda 4933 if (sigalrm_seen == TRUE || runrc == -256)
059ec3d9
PH		 4934 {
4935 expand_string_message = string_sprintf("command timed out");
4936 killpg(pid, SIGKILL); /* Kill the whole process group */
4937 }
4938
4939 else if (runrc == -257)
4940 expand_string_message = string_sprintf("wait() failed: %s",
4941 strerror(errno));
4942
4943 else
4944 expand_string_message = string_sprintf("command killed by signal %d",
4945 -runrc);
4946
4947 goto EXPAND_FAILED;
4948 }
059ec3d9
PH		 4949 }
4950
d20976dc 4951 /* Process the yes/no strings; $value may be useful in both cases */
059ec3d9
PH		 4952
4953 switch(process_yesno(
4954 skipping, /* were previously skipping */
4955 runrc == 0, /* success/failure indicator */
d20976dc 4956 lookup_value, /* value to reset for string2 */
059ec3d9
PH		 4957 &s, /* input pointer */
4958 &yield, /* output pointer */
4959 &size, /* output size */
4960 &ptr, /* output current point */
b0e85a8f
JH		 4961 US"run", /* condition type */
4962 &resetok))
059ec3d9
PH		 4963 {
4964 case 1: goto EXPAND_FAILED; /* when all is well, the */
4965 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4966 }
4967
4968 continue;
4969 }
4970
4971 /* Handle character translation for "tr" */
4972
4973 case EITEM_TR:
4974 {
4975 int oldptr = ptr;
4976 int o2m;
4977 uschar *sub[3];
4978
b0e85a8f 4979 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr", &resetok))
059ec3d9
PH		 4980 {
4981 case 1: goto EXPAND_FAILED_CURLY;
4982 case 2:
4983 case 3: goto EXPAND_FAILED;
4984 }
4985
4986 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4987 o2m = Ustrlen(sub[2]) - 1;
4988
4989 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4990 {
4991 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4992 if (m != NULL)
4993 {
4994 int o = m - sub[1];
4995 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4996 }
4997 }
4998
4999 continue;
5000 }
5001
5002 /* Handle "hash", "length", "nhash", and "substr" when they are given with
5003 expanded arguments. */
5004
5005 case EITEM_HASH:
5006 case EITEM_LENGTH:
5007 case EITEM_NHASH:
5008 case EITEM_SUBSTR:
5009 {
5010 int i;
5011 int len;
5012 uschar *ret;
5013 int val[2] = { 0, -1 };
5014 uschar *sub[3];
5015
5016 /* "length" takes only 2 arguments whereas the others take 2 or 3.
2e23003a 5017 Ensure that sub[2] is set in the ${length } case. */
059ec3d9
PH		 5018
5019 sub[2] = NULL;
5020 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
b0e85a8f 5021 TRUE, name, &resetok))
059ec3d9
PH		 5022 {
5023 case 1: goto EXPAND_FAILED_CURLY;
5024 case 2:
5025 case 3: goto EXPAND_FAILED;
5026 }
5027
5028 /* Juggle the arguments if there are only two of them: always move the
5029 string to the last position and make ${length{n}{str}} equivalent to
5030 ${substr{0}{n}{str}}. See the defaults for val[] above. */
5031
5032 if (sub[2] == NULL)
5033 {
5034 sub[2] = sub[1];
5035 sub[1] = NULL;
5036 if (item_type == EITEM_LENGTH)
5037 {
5038 sub[1] = sub[0];
5039 sub[0] = NULL;
5040 }
5041 }
5042
5043 for (i = 0; i < 2; i++)
5044 {
5045 if (sub[i] == NULL) continue;
5046 val[i] = (int)Ustrtol(sub[i], &ret, 10);
5047 if (*ret != 0 || (i != 0 && val[i] < 0))
5048 {
5049 expand_string_message = string_sprintf("\"%s\" is not a%s number "
5050 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
5051 goto EXPAND_FAILED;
5052 }
5053 }
5054
5055 ret =
5056 (item_type == EITEM_HASH)?
5057 compute_hash(sub[2], val[0], val[1], &len) :
5058 (item_type == EITEM_NHASH)?
5059 compute_nhash(sub[2], val[0], val[1], &len) :
5060 extract_substr(sub[2], val[0], val[1], &len);
5061
5062 if (ret == NULL) goto EXPAND_FAILED;
5063 yield = string_cat(yield, &size, &ptr, ret, len);
5064 continue;
5065 }
5066
5067 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
5068 This code originally contributed by Steve Haslam. It currently supports
5069 the use of MD5 and SHA-1 hashes.
5070
5071 We need some workspace that is large enough to handle all the supported
5072 hash types. Use macros to set the sizes rather than be too elaborate. */
5073
5074 #define MAX_HASHLEN 20
5075 #define MAX_HASHBLOCKLEN 64
5076
5077 case EITEM_HMAC:
5078 {
5079 uschar *sub[3];
5080 md5 md5_base;
5081 sha1 sha1_base;
5082 void *use_base;
5083 int type, i;
5084 int hashlen; /* Number of octets for the hash algorithm's output */
5085 int hashblocklen; /* Number of octets the hash algorithm processes */
5086 uschar *keyptr, *p;
5087 unsigned int keylen;
5088
5089 uschar keyhash[MAX_HASHLEN];
5090 uschar innerhash[MAX_HASHLEN];
5091 uschar finalhash[MAX_HASHLEN];
5092 uschar finalhash_hex[2*MAX_HASHLEN];
5093 uschar innerkey[MAX_HASHBLOCKLEN];
5094 uschar outerkey[MAX_HASHBLOCKLEN];
5095
b0e85a8f 5096 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name, &resetok))
059ec3d9
PH		 5097 {
5098 case 1: goto EXPAND_FAILED_CURLY;
5099 case 2:
5100 case 3: goto EXPAND_FAILED;
5101 }
5102
5103 if (Ustrcmp(sub[0], "md5") == 0)
5104 {
5105 type = HMAC_MD5;
5106 use_base = &md5_base;
5107 hashlen = 16;
5108 hashblocklen = 64;
5109 }
5110 else if (Ustrcmp(sub[0], "sha1") == 0)
5111 {
5112 type = HMAC_SHA1;
5113 use_base = &sha1_base;
5114 hashlen = 20;
5115 hashblocklen = 64;
5116 }
5117 else
5118 {
5119 expand_string_message =
5120 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
5121 goto EXPAND_FAILED;
5122 }
5123
5124 keyptr = sub[1];
5125 keylen = Ustrlen(keyptr);
5126
5127 /* If the key is longer than the hash block length, then hash the key
5128 first */
5129
5130 if (keylen > hashblocklen)
5131 {
5132 chash_start(type, use_base);
5133 chash_end(type, use_base, keyptr, keylen, keyhash);
5134 keyptr = keyhash;
5135 keylen = hashlen;
5136 }
5137
5138 /* Now make the inner and outer key values */
5139
5140 memset(innerkey, 0x36, hashblocklen);
5141 memset(outerkey, 0x5c, hashblocklen);
5142
5143 for (i = 0; i < keylen; i++)
5144 {
5145 innerkey[i] ^= keyptr[i];
5146 outerkey[i] ^= keyptr[i];
5147 }
5148
5149 /* Now do the hashes */
5150
5151 chash_start(type, use_base);
5152 chash_mid(type, use_base, innerkey);
5153 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
5154
5155 chash_start(type, use_base);
5156 chash_mid(type, use_base, outerkey);
5157 chash_end(type, use_base, innerhash, hashlen, finalhash);
5158
5159 /* Encode the final hash as a hex string */
5160
5161 p = finalhash_hex;
5162 for (i = 0; i < hashlen; i++)
5163 {
5164 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
5165 *p++ = hex_digits[finalhash[i] & 0x0f];
5166 }
5167
5168 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
5169 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
5170
5171 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
5172 }
5173
5174 continue;
5175
5176 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
5177 We have to save the numerical variables and restore them afterwards. */
5178
5179 case EITEM_SG:
5180 {
5181 const pcre *re;
5182 int moffset, moffsetextra, slen;
5183 int roffset;
5184 int emptyopt;
5185 const uschar *rerror;
5186 uschar *subject;
5187 uschar *sub[3];
5188 int save_expand_nmax =
5189 save_expand_strings(save_expand_nstring, save_expand_nlength);
5190
b0e85a8f 5191 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg", &resetok))
059ec3d9
PH		 5192 {
5193 case 1: goto EXPAND_FAILED_CURLY;
5194 case 2:
5195 case 3: goto EXPAND_FAILED;
5196 }
5197
5198 /* Compile the regular expression */
5199
5200 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
5201 NULL);
5202
5203 if (re == NULL)
5204 {
5205 expand_string_message = string_sprintf("regular expression error in "
5206 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
5207 goto EXPAND_FAILED;
5208 }
5209
5210 /* Now run a loop to do the substitutions as often as necessary. It ends
5211 when there are no more matches. Take care over matches of the null string;
5212 do the same thing as Perl does. */
5213
5214 subject = sub[0];
5215 slen = Ustrlen(sub[0]);
5216 moffset = moffsetextra = 0;
5217 emptyopt = 0;
5218
5219 for (;;)
5220 {
5221 int ovector[3*(EXPAND_MAXN+1)];
5222 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
0539a19d 5223 PCRE_EOPT | emptyopt, ovector, nelem(ovector));
059ec3d9
PH		 5224 int nn;
5225 uschar *insert;
5226
5227 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
5228 is not necessarily the end. We want to repeat the match from one
5229 character further along, but leaving the basic offset the same (for
5230 copying below). We can't be at the end of the string - that was checked
5231 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
5232 finished; copy the remaining string and end the loop. */
5233
5234 if (n < 0)
5235 {
5236 if (emptyopt != 0)
5237 {
5238 moffsetextra = 1;
5239 emptyopt = 0;
5240 continue;
5241 }
5242 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
5243 break;
5244 }
5245
5246 /* Match - set up for expanding the replacement. */
5247
5248 if (n == 0) n = EXPAND_MAXN + 1;
5249 expand_nmax = 0;
5250 for (nn = 0; nn < n*2; nn += 2)
5251 {
5252 expand_nstring[expand_nmax] = subject + ovector[nn];
5253 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5254 }
5255 expand_nmax--;
5256
5257 /* Copy the characters before the match, plus the expanded insertion. */
5258
5259 yield = string_cat(yield, &size, &ptr, subject + moffset,
5260 ovector[0] - moffset);
5261 insert = expand_string(sub[2]);
5262 if (insert == NULL) goto EXPAND_FAILED;
5263 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
5264
5265 moffset = ovector[1];
5266 moffsetextra = 0;
5267 emptyopt = 0;
5268
5269 /* If we have matched an empty string, first check to see if we are at
5270 the end of the subject. If so, the loop is over. Otherwise, mimic
5271 what Perl's /g options does. This turns out to be rather cunning. First
5272 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
5273 string at the same point. If this fails (picked up above) we advance to
5274 the next character. */
5275
5276 if (ovector[0] == ovector[1])
5277 {
5278 if (ovector[0] == slen) break;
5279 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
5280 }
5281 }
5282
5283 /* All done - restore numerical variables. */
5284
5285 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5286 save_expand_nlength);
5287 continue;
5288 }
5289
5290 /* Handle keyed and numbered substring extraction. If the first argument
5291 consists entirely of digits, then a numerical extraction is assumed. */
5292
5293 case EITEM_EXTRACT:
5294 {
5295 int i;
5296 int j = 2;
5297 int field_number = 1;
5298 BOOL field_number_set = FALSE;
5299 uschar *save_lookup_value = lookup_value;
5300 uschar *sub[3];
5301 int save_expand_nmax =
5302 save_expand_strings(save_expand_nstring, save_expand_nlength);
5303
5304 /* Read the arguments */
5305
5306 for (i = 0; i < j; i++)
5307 {
5308 while (isspace(*s)) s++;
aa26e137 5309 if (*s == '{') /*}*/
059ec3d9 5310 {
b0e85a8f
JH		 5311 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5312 if (sub[i] == NULL) goto EXPAND_FAILED; /*{*/
059ec3d9
PH		 5313 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5314
5315 /* After removal of leading and trailing white space, the first
5316 argument must not be empty; if it consists entirely of digits
5317 (optionally preceded by a minus sign), this is a numerical
5318 extraction, and we expect 3 arguments. */
5319
5320 if (i == 0)
5321 {
5322 int len;
5323 int x = 0;
5324 uschar *p = sub[0];
5325
5326 while (isspace(*p)) p++;
5327 sub[0] = p;
5328
5329 len = Ustrlen(p);
5330 while (len > 0 && isspace(p[len-1])) len--;
5331 p[len] = 0;
5332
82dbd376
JH		 5333 if (!skipping)
5334 {
5335 if (*p == 0)
5336 {
5337 expand_string_message = US"first argument of \"extract\" must "
5338 "not be empty";
5339 goto EXPAND_FAILED;
5340 }
5341
5342 if (*p == '-')
5343 {
5344 field_number = -1;
5345 p++;
5346 }
5347 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
5348 if (*p == 0)
5349 {
5350 field_number *= x;
5351 j = 3; /* Need 3 args */
5352 field_number_set = TRUE;
5353 }
5354 }
059ec3d9
PH		 5355 }
5356 }
5357 else goto EXPAND_FAILED_CURLY;
5358 }
5359
5360 /* Extract either the numbered or the keyed substring into $value. If
5361 skipping, just pretend the extraction failed. */
5362
5363 lookup_value = skipping? NULL : field_number_set?
5364 expand_gettokened(field_number, sub[1], sub[2]) :
5365 expand_getkeyed(sub[0], sub[1]);
5366
5367 /* If no string follows, $value gets substituted; otherwise there can
5368 be yes/no strings, as for lookup or if. */
5369
aa26e137
JH		 5370 switch(process_yesno(
5371 skipping, /* were previously skipping */
5372 lookup_value != NULL, /* success/failure indicator */
5373 save_lookup_value, /* value to reset for string2 */
5374 &s, /* input pointer */
5375 &yield, /* output pointer */
5376 &size, /* output size */
5377 &ptr, /* output current point */
5378 US"extract", /* condition type */
5379 &resetok))
5380 {
5381 case 1: goto EXPAND_FAILED; /* when all is well, the */
5382 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5383 }
5384
5385 /* All done - restore numerical variables. */
5386
5387 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5388 save_expand_nlength);
5389
5390 continue;
5391 }
5392
5393 /* return the Nth item from a list */
5394
5395 case EITEM_LISTEXTRACT:
5396 {
5397 int i;
5398 int field_number = 1;
5399 uschar *save_lookup_value = lookup_value;
5400 uschar *sub[2];
5401 int save_expand_nmax =
5402 save_expand_strings(save_expand_nstring, save_expand_nlength);
5403
5404 /* Read the field & list arguments */
5405
5406 for (i = 0; i < 2; i++)
5407 {
5408 while (isspace(*s)) s++;
5409 if (*s != '{') /*}*/
5410 goto EXPAND_FAILED_CURLY;
5411
5412 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5413 if (!sub[i]) goto EXPAND_FAILED; /*{*/
5414 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5415
5416 /* After removal of leading and trailing white space, the first
5417 argument must be numeric and nonempty. */
5418
5419 if (i == 0)
5420 {
5421 int len;
5422 int x = 0;
5423 uschar *p = sub[0];
5424
5425 while (isspace(*p)) p++;
5426 sub[0] = p;
5427
5428 len = Ustrlen(p);
5429 while (len > 0 && isspace(p[len-1])) len--;
5430 p[len] = 0;
5431
5432 if (!*p && !skipping)
5433 {
5434 expand_string_message = US"first argument of \"listextract\" must "
5435 "not be empty";
5436 goto EXPAND_FAILED;
5437 }
5438
5439 if (*p == '-')
5440 {
5441 field_number = -1;
5442 p++;
5443 }
5444 while (*p && isdigit(*p)) x = x * 10 + *p++ - '0';
5445 if (*p)
5446 {
5447 expand_string_message = US"first argument of \"listextract\" must "
5448 "be numeric";
5449 goto EXPAND_FAILED;
5450 }
5451 field_number *= x;
5452 }
5453 }
5454
5455 /* Extract the numbered element into $value. If
5456 skipping, just pretend the extraction failed. */
5457
5458 lookup_value = skipping? NULL : expand_getlistele(field_number, sub[1]);
5459
5460 /* If no string follows, $value gets substituted; otherwise there can
5461 be yes/no strings, as for lookup or if. */
5462
059ec3d9
PH		 5463 switch(process_yesno(
5464 skipping, /* were previously skipping */
5465 lookup_value != NULL, /* success/failure indicator */
5466 save_lookup_value, /* value to reset for string2 */
5467 &s, /* input pointer */
5468 &yield, /* output pointer */
5469 &size, /* output size */
5470 &ptr, /* output current point */
b0e85a8f
JH		 5471 US"extract", /* condition type */
5472 &resetok))
059ec3d9
PH		 5473 {
5474 case 1: goto EXPAND_FAILED; /* when all is well, the */
5475 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5476 }
5477
5478 /* All done - restore numerical variables. */
5479
5480 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5481 save_expand_nlength);
5482
5483 continue;
5484 }
1a46a8c5 5485
9d1c15ef
JH		 5486#ifdef SUPPORT_TLS
5487 case EITEM_CERTEXTRACT:
5488 {
9d1c15ef
JH		 5489 uschar *save_lookup_value = lookup_value;
5490 uschar *sub[2];
5491 int save_expand_nmax =
5492 save_expand_strings(save_expand_nstring, save_expand_nlength);
5493
5494 /* Read the field argument */
5495 while (isspace(*s)) s++;
5496 if (*s != '{') /*}*/
5497 goto EXPAND_FAILED_CURLY;
5498 sub[0] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5499 if (!sub[0]) goto EXPAND_FAILED; /*{*/
5500 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5501 /* strip spaces fore & aft */
5502 {
5503 int len;
9d1c15ef
JH		 5504 uschar *p = sub[0];
5505
5506 while (isspace(*p)) p++;
5507 sub[0] = p;
5508
5509 len = Ustrlen(p);
5510 while (len > 0 && isspace(p[len-1])) len--;
5511 p[len] = 0;
5512 }
5513
5514 /* inspect the cert argument */
5515 while (isspace(*s)) s++;
5516 if (*s != '{') /*}*/
5517 goto EXPAND_FAILED_CURLY;
5518 if (*++s != '$')
5519 {
5520 expand_string_message = US"second argument of \"certextract\" must "
5521 "be a certificate variable";
5522 goto EXPAND_FAILED;
5523 }
5524 sub[1] = expand_string_internal(s+1, TRUE, &s, skipping, FALSE, &resetok);
5525 if (!sub[1]) goto EXPAND_FAILED; /*{*/
5526 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5527
5528 if (skipping)
5529 lookup_value = NULL;
5530 else
5531 {
5532 lookup_value = expand_getcertele(sub[0], sub[1]);
5533 if (*expand_string_message) goto EXPAND_FAILED;
5534 }
5535 switch(process_yesno(
5536 skipping, /* were previously skipping */
5537 lookup_value != NULL, /* success/failure indicator */
5538 save_lookup_value, /* value to reset for string2 */
5539 &s, /* input pointer */
5540 &yield, /* output pointer */
5541 &size, /* output size */
5542 &ptr, /* output current point */
5543 US"extract", /* condition type */
5544 &resetok))
5545 {
5546 case 1: goto EXPAND_FAILED; /* when all is well, the */
5547 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5548 }
5549
5550 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5551 save_expand_nlength);
5552 continue;
5553 }
5554#endif /*SUPPORT_TLS*/
5555
29f89cad
PH		 5556 /* Handle list operations */
5557
5558 case EITEM_FILTER:
5559 case EITEM_MAP:
5560 case EITEM_REDUCE:
5561 {
5562 int sep = 0;
5563 int save_ptr = ptr;
5564 uschar outsep[2] = { '\0', '\0' };
55414b25 5565 const uschar *list, *expr, *temp;
29f89cad
PH		 5566 uschar *save_iterate_item = iterate_item;
5567 uschar *save_lookup_value = lookup_value;
5568
5569 while (isspace(*s)) s++;
5570 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5571
b0e85a8f 5572 list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
29f89cad
PH		 5573 if (list == NULL) goto EXPAND_FAILED;
5574 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5575
5576 if (item_type == EITEM_REDUCE)
5577 {
55414b25 5578 uschar * t;
29f89cad
PH		 5579 while (isspace(*s)) s++;
5580 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
55414b25 5581 t = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
e1af7642 5582 if (!t) goto EXPAND_FAILED;
55414b25 5583 lookup_value = t;
29f89cad
PH		 5584 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5585 }
5586
5587 while (isspace(*s)) s++;
5588 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5589
5590 expr = s;
5591
5592 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
5593 if scanning a "false" part). This allows us to find the end of the
5594 condition, because if the list is empty, we won't actually evaluate the
5595 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
5596 the normal internal expansion function. */
5597
5598 if (item_type == EITEM_FILTER)
5599 {
b0e85a8f 5600 temp = eval_condition(expr, &resetok, NULL);
29f89cad
PH		 5601 if (temp != NULL) s = temp;
5602 }
5603 else
b0e85a8f 5604 temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
29f89cad
PH		 5605
5606 if (temp == NULL)
5607 {
5608 expand_string_message = string_sprintf("%s inside \"%s\" item",
5609 expand_string_message, name);
5610 goto EXPAND_FAILED;
5611 }
5612
5613 while (isspace(*s)) s++;
5614 if (*s++ != '}')
2e23003a 5615 { /*{*/
29f89cad
PH		 5616 expand_string_message = string_sprintf("missing } at end of condition "
5617 "or expression inside \"%s\"", name);
5618 goto EXPAND_FAILED;
5619 }
5620
2e23003a 5621 while (isspace(*s)) s++; /*{*/
29f89cad 5622 if (*s++ != '}')
2e23003a 5623 { /*{*/
29f89cad
PH		 5624 expand_string_message = string_sprintf("missing } at end of \"%s\"",
5625 name);
5626 goto EXPAND_FAILED;
5627 }
5628
5629 /* If we are skipping, we can now just move on to the next item. When
5630 processing for real, we perform the iteration. */
5631
5632 if (skipping) continue;
5633 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
5634 {
5635 *outsep = (uschar)sep; /* Separator as a string */
5636
5637 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
5638
5639 if (item_type == EITEM_FILTER)
5640 {
5641 BOOL condresult;
b0e85a8f 5642 if (eval_condition(expr, &resetok, &condresult) == NULL)
29f89cad 5643 {
e58c13cc
PH		 5644 iterate_item = save_iterate_item;
5645 lookup_value = save_lookup_value;
29f89cad
PH		 5646 expand_string_message = string_sprintf("%s inside \"%s\" condition",
5647 expand_string_message, name);
5648 goto EXPAND_FAILED;
5649 }
5650 DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
5651 condresult? "true":"false");
5652 if (condresult)
5653 temp = iterate_item; /* TRUE => include this item */
5654 else
5655 continue; /* FALSE => skip this item */
5656 }
5657
5658 /* EITEM_MAP and EITEM_REDUCE */
5659
5660 else
5661 {
55414b25
JH		 5662 uschar * t = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok);
5663 temp = t;
29f89cad
PH		 5664 if (temp == NULL)
5665 {
e58c13cc 5666 iterate_item = save_iterate_item;
29f89cad
PH		 5667 expand_string_message = string_sprintf("%s inside \"%s\" item",
5668 expand_string_message, name);
5669 goto EXPAND_FAILED;
5670 }
5671 if (item_type == EITEM_REDUCE)
5672 {
55414b25 5673 lookup_value = t; /* Update the value of $value */
29f89cad
PH		 5674 continue; /* and continue the iteration */
5675 }
5676 }
5677
5678 /* We reach here for FILTER if the condition is true, always for MAP,
5679 and never for REDUCE. The value in "temp" is to be added to the output
5680 list that is being created, ensuring that any occurrences of the
5681 separator character are doubled. Unless we are dealing with the first
5682 item of the output list, add in a space if the new item begins with the
5683 separator character, or is an empty string. */
5684
5685 if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
5686 yield = string_cat(yield, &size, &ptr, US" ", 1);
5687
5688 /* Add the string in "temp" to the output list that we are building,
5689 This is done in chunks by searching for the separator character. */
5690
5691 for (;;)
5692 {
5693 size_t seglen = Ustrcspn(temp, outsep);
5694 yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
5695
5696 /* If we got to the end of the string we output one character
5697 too many; backup and end the loop. Otherwise arrange to double the
5698 separator. */
5699
5700 if (temp[seglen] == '\0') { ptr--; break; }
5701 yield = string_cat(yield, &size, &ptr, outsep, 1);
5702 temp += seglen + 1;
5703 }
5704
5705 /* Output a separator after the string: we will remove the redundant
5706 final one at the end. */
5707
5708 yield = string_cat(yield, &size, &ptr, outsep, 1);
5709 } /* End of iteration over the list loop */
5710
5711 /* REDUCE has generated no output above: output the final value of
5712 $value. */
5713
5714 if (item_type == EITEM_REDUCE)
5715 {
5716 yield = string_cat(yield, &size, &ptr, lookup_value,
5717 Ustrlen(lookup_value));
5718 lookup_value = save_lookup_value; /* Restore $value */
5719 }
5720
5721 /* FILTER and MAP generate lists: if they have generated anything, remove
5722 the redundant final separator. Even though an empty item at the end of a
5723 list does not count, this is tidier. */
5724
5725 else if (ptr != save_ptr) ptr--;
5726
5727 /* Restore preserved $item */
5728
5729 iterate_item = save_iterate_item;
5730 continue;
5731 }
5732
ac4ef9bd
JH		 5733 case EITEM_SORT:
5734 {
5735 int sep = 0;
55414b25 5736 const uschar *srclist, *cmp, *xtract;
ac4ef9bd 5737 uschar *srcitem;
55414b25 5738 const uschar *dstlist = NULL, *dstkeylist = NULL;
ac4ef9bd
JH		 5739 uschar * tmp;
5740 uschar *save_iterate_item = iterate_item;
5741
5742 while (isspace(*s)) s++;
5743 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5744
5745 srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
5746 if (!srclist) goto EXPAND_FAILED;
5747 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5748
5749 while (isspace(*s)) s++;
5750 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5751
5752 cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok);
5753 if (!cmp) goto EXPAND_FAILED;
5754 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5755
5756 while (isspace(*s)) s++;
5757 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5758
5759 xtract = s;
5760 tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
5761 if (!tmp) goto EXPAND_FAILED;
5762 xtract = string_copyn(xtract, s - xtract);
5763
5764 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5765 /*{*/
5766 if (*s++ != '}')
5767 { /*{*/
5768 expand_string_message = US"missing } at end of \"sort\"";
5769 goto EXPAND_FAILED;
5770 }
5771
5772 if (skipping) continue;
5773
5774 while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0)))
5775 {
5776 uschar * dstitem;
5777 uschar * newlist = NULL;
5778 uschar * newkeylist = NULL;
5779 uschar * srcfield;
5780
5781 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, srcitem);
5782
5783 /* extract field for comparisons */
5784 iterate_item = srcitem;
5785 if ( !(srcfield = expand_string_internal(xtract, FALSE, NULL, FALSE,
5786 TRUE, &resetok))
5787 || !*srcfield)
5788 {
5789 expand_string_message = string_sprintf(
5790 "field-extract in sort: \"%s\"", xtract);
5791 goto EXPAND_FAILED;
5792 }
5793
5794 /* Insertion sort */
5795
5796 /* copy output list until new-item < list-item */
5797 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
5798 {
5799 uschar * dstfield;
5800 uschar * expr;
5801 BOOL before;
5802
5803 /* field for comparison */
5804 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
5805 goto sort_mismatch;
5806
5807 /* build and run condition string */
5808 expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield);
5809
5810 DEBUG(D_expand) debug_printf("%s: cond = \"%s\"\n", name, expr);
5811 if (!eval_condition(expr, &resetok, &before))
5812 {
5813 expand_string_message = string_sprintf("comparison in sort: %s",
5814 expr);
5815 goto EXPAND_FAILED;
5816 }
5817
5818 if (before)
5819 {
5820 /* New-item sorts before this dst-item. Append new-item,
5821 then dst-item, then remainder of dst list. */
5822
5823 newlist = string_append_listele(newlist, sep, srcitem);
5824 newkeylist = string_append_listele(newkeylist, sep, srcfield);
5825 srcitem = NULL;
5826
5827 newlist = string_append_listele(newlist, sep, dstitem);
5828 newkeylist = string_append_listele(newkeylist, sep, dstfield);
5829
5830 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
5831 {
5832 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
5833 goto sort_mismatch;
5834 newlist = string_append_listele(newlist, sep, dstitem);
5835 newkeylist = string_append_listele(newkeylist, sep, dstfield);
5836 }
5837
5838 break;
5839 }
5840
5841 newlist = string_append_listele(newlist, sep, dstitem);
5842 newkeylist = string_append_listele(newkeylist, sep, dstfield);
5843 }
5844
5845 /* If we ran out of dstlist without consuming srcitem, append it */
5846 if (srcitem)
5847 {
5848 newlist = string_append_listele(newlist, sep, srcitem);
5849 newkeylist = string_append_listele(newkeylist, sep, srcfield);
5850 }
5851
5852 dstlist = newlist;
5853 dstkeylist = newkeylist;
5854
5855 DEBUG(D_expand) debug_printf("%s: dstlist = \"%s\"\n", name, dstlist);
5856 DEBUG(D_expand) debug_printf("%s: dstkeylist = \"%s\"\n", name, dstkeylist);
5857 }
5858
5859 if (dstlist)
5860 yield = string_cat(yield, &size, &ptr, dstlist, Ustrlen(dstlist));
5861
5862 /* Restore preserved $item */
5863 iterate_item = save_iterate_item;
5864 continue;
5865
5866 sort_mismatch:
5867 expand_string_message = US"Internal error in sort (list mismatch)";
5868 goto EXPAND_FAILED;
5869 }
5870
29f89cad 5871
2e23003a 5872 /* If ${dlfunc } support is configured, handle calling dynamically-loaded
1a46a8c5
PH		 5873 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
5874 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
5875 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
5876
5877 #define EXPAND_DLFUNC_MAX_ARGS 8
5878
5879 case EITEM_DLFUNC:
089fc87a
JH		 5880#ifndef EXPAND_DLFUNC
5881 expand_string_message = US"\"${dlfunc\" encountered, but this facility " /*}*/
5882 "is not included in this binary";
5883 goto EXPAND_FAILED;
1a46a8c5 5884
089fc87a 5885#else /* EXPAND_DLFUNC */
1a46a8c5
PH		 5886 {
5887 tree_node *t;
5888 exim_dlfunc_t *func;
5889 uschar *result;
5890 int status, argc;
5891 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
5892
5893 if ((expand_forbid & RDO_DLFUNC) != 0)
5894 {
5895 expand_string_message =
5896 US"dynamically-loaded functions are not permitted";
5897 goto EXPAND_FAILED;
5898 }
5899
5900 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
b0e85a8f 5901 TRUE, US"dlfunc", &resetok))
1a46a8c5
PH		 5902 {
5903 case 1: goto EXPAND_FAILED_CURLY;
5904 case 2:
5905 case 3: goto EXPAND_FAILED;
5906 }
5907
5908 /* If skipping, we don't actually do anything */
5909
5910 if (skipping) continue;
5911
5912 /* Look up the dynamically loaded object handle in the tree. If it isn't
5913 found, dlopen() the file and put the handle in the tree for next time. */
5914
5915 t = tree_search(dlobj_anchor, argv[0]);
5916 if (t == NULL)
5917 {
5918 void *handle = dlopen(CS argv[0], RTLD_LAZY);
5919 if (handle == NULL)
5920 {
5921 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
5922 argv[0], dlerror());
5923 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5924 goto EXPAND_FAILED;
5925 }
5926 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
5927 Ustrcpy(t->name, argv[0]);
5928 t->data.ptr = handle;
5929 (void)tree_insertnode(&dlobj_anchor, t);
5930 }
5931
5932 /* Having obtained the dynamically loaded object handle, look up the
5933 function pointer. */
5934
5935 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
5936 if (func == NULL)
5937 {
5938 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
5939 "%s", argv[1], argv[0], dlerror());
7dbf77c9 5940 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
1a46a8c5
PH		 5941 goto EXPAND_FAILED;
5942 }
5943
5944 /* Call the function and work out what to do with the result. If it
5945 returns OK, we have a replacement string; if it returns DEFER then
5946 expansion has failed in a non-forced manner; if it returns FAIL then
5947 failure was forced; if it returns ERROR or any other value there's a
d6b4d938
TF		 5948 problem, so panic slightly. In any case, assume that the function has
5949 side-effects on the store that must be preserved. */
1a46a8c5 5950
d6b4d938 5951 resetok = FALSE;
1a46a8c5
PH		 5952 result = NULL;
5953 for (argc = 0; argv[argc] != NULL; argc++);
5954 status = func(&result, argc - 2, &argv[2]);
5955 if(status == OK)
5956 {
5957 if (result == NULL) result = US"";
5958 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
5959 continue;
5960 }
5961 else
5962 {
5963 expand_string_message = result == NULL ? US"(no message)" : result;
5964 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
5965 else if(status != FAIL)
5966 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
5967 argv[0], argv[1], status, expand_string_message);
5968 goto EXPAND_FAILED;
5969 }
5970 }
089fc87a
JH		 5971#endif /* EXPAND_DLFUNC */
5972
5973 case EITEM_ENV: /* ${env {name} {val_if_found} {val_if_unfound}} */
5974 {
5975 uschar * key;
5976 uschar *save_lookup_value = lookup_value;
5977
5978 while (isspace(*s)) s++;
5979 if (*s != '{') /*}*/
5980 goto EXPAND_FAILED;
5981
5982 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5983 if (!key) goto EXPAND_FAILED; /*{*/
5984 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5985
5986 lookup_value = US getenv(CS key);
5987
5988 switch(process_yesno(
5989 skipping, /* were previously skipping */
5990 lookup_value != NULL, /* success/failure indicator */
5991 save_lookup_value, /* value to reset for string2 */
5992 &s, /* input pointer */
5993 &yield, /* output pointer */
5994 &size, /* output size */
5995 &ptr, /* output current point */
5996 US"env", /* condition type */
5997 &resetok))
5998 {
5999 case 1: goto EXPAND_FAILED; /* when all is well, the */
6000 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
6001 }
6002 continue;
6003 }
2e23003a 6004 } /* EITEM_* switch */
059ec3d9
PH		 6005
6006 /* Control reaches here if the name is not recognized as one of the more
6007 complicated expansion items. Check for the "operator" syntax (name terminated
6008 by a colon). Some of the operators have arguments, separated by _ from the
6009 name. */
6010
6011 if (*s == ':')
6012 {
6013 int c;
6014 uschar *arg = NULL;
6a8a60e0 6015 uschar *sub;
e3dd1d67 6016 var_entry *vp = NULL;
059ec3d9
PH		 6017
6018 /* Owing to an historical mis-design, an underscore may be part of the
6019 operator name, or it may introduce arguments. We therefore first scan the
6020 table of names that contain underscores. If there is no match, we cut off
6021 the arguments and then scan the main table. */
6022
6a8a60e0 6023 if ((c = chop_match(name, op_table_underscore,
0539a19d 6024 nelem(op_table_underscore))) < 0)
059ec3d9
PH		 6025 {
6026 arg = Ustrchr(name, '_');
6027 if (arg != NULL) *arg = 0;
0539a19d
JH		 6028 c = chop_match(name, op_table_main, nelem(op_table_main));
6029 if (c >= 0) c += nelem(op_table_underscore);
059ec3d9
PH		 6030 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
6031 }
6032
6a8a60e0
JH		 6033 /* Deal specially with operators that might take a certificate variable
6034 as we do not want to do the usual expansion. For most, expand the string.*/
6035 switch(c)
6036 {
80c974f8 6037#ifdef SUPPORT_TLS
6a8a60e0 6038 case EOP_MD5:
9ef9101c
JH		 6039 case EOP_SHA1:
6040 case EOP_SHA256:
6a8a60e0
JH		 6041 if (s[1] == '$')
6042 {
55414b25 6043 const uschar * s1 = s;
6a8a60e0
JH		 6044 sub = expand_string_internal(s+2, TRUE, &s1, skipping,
6045 FALSE, &resetok);
6046 if (!sub) goto EXPAND_FAILED; /*{*/
6047 if (*s1 != '}') goto EXPAND_FAILED_CURLY;
6048 if ((vp = find_var_ent(sub)) && vp->type == vtype_cert)
6049 {
6050 s = s1+1;
6051 break;
6052 }
fabe4dd9 6053 vp = NULL;
6a8a60e0 6054 }
6a8a60e0 6055 /*FALLTHROUGH*/
80c974f8 6056#endif
6a8a60e0
JH		 6057 default:
6058 sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
6059 if (!sub) goto EXPAND_FAILED;
6060 s++;
6061 break;
6062 }
6063
059ec3d9
PH		 6064 /* If we are skipping, we don't need to perform the operation at all.
6065 This matters for operations like "mask", because the data may not be
6066 in the correct format when skipping. For example, the expression may test
6067 for the existence of $sender_host_address before trying to mask it. For
6068 other operations, doing them may not fail, but it is a waste of time. */
6069
6070 if (skipping && c >= 0) continue;
6071
6072 /* Otherwise, switch on the operator type */
6073
6074 switch(c)
6075 {
6076 case EOP_BASE62:
6077 {
6078 uschar *t;
6079 unsigned long int n = Ustrtoul(sub, &t, 10);
6080 if (*t != 0)
6081 {
6082 expand_string_message = string_sprintf("argument for base62 "
6083 "operator is \"%s\", which is not a decimal number", sub);
6084 goto EXPAND_FAILED;
6085 }
6086 t = string_base62(n);
6087 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6088 continue;
6089 }
6090
9a799bc0
PH		 6091 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
6092
059ec3d9
PH		 6093 case EOP_BASE62D:
6094 {
6095 uschar buf[16];
6096 uschar *tt = sub;
6097 unsigned long int n = 0;
6098 while (*tt != 0)
6099 {
6100 uschar *t = Ustrchr(base62_chars, *tt++);
6101 if (t == NULL)
6102 {
6103 expand_string_message = string_sprintf("argument for base62d "
9a799bc0
PH		 6104 "operator is \"%s\", which is not a base %d number", sub,
6105 BASE_62);
059ec3d9
PH		 6106 goto EXPAND_FAILED;
6107 }
9a799bc0 6108 n = n * BASE_62 + (t - base62_chars);
059ec3d9
PH		 6109 }
6110 (void)sprintf(CS buf, "%ld", n);
6111 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
6112 continue;
6113 }
6114
6115 case EOP_EXPAND:
6116 {
b0e85a8f 6117 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
059ec3d9
PH		 6118 if (expanded == NULL)
6119 {
6120 expand_string_message =
6121 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
6122 expand_string_message);
6123 goto EXPAND_FAILED;
6124 }
6125 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
6126 continue;
6127 }
6128
6129 case EOP_LC:
6130 {
6131 int count = 0;
6132 uschar *t = sub - 1;
6133 while (*(++t) != 0) { *t = tolower(*t); count++; }
6134 yield = string_cat(yield, &size, &ptr, sub, count);
6135 continue;
6136 }
6137
6138 case EOP_UC:
6139 {
6140 int count = 0;
6141 uschar *t = sub - 1;
6142 while (*(++t) != 0) { *t = toupper(*t); count++; }
6143 yield = string_cat(yield, &size, &ptr, sub, count);
6144 continue;
6145 }
6146
6147 case EOP_MD5:
80c974f8 6148#ifdef SUPPORT_TLS
6a8a60e0
JH		 6149 if (vp && *(void **)vp->value)
6150 {
6151 uschar * cp = tls_cert_fprt_md5(*(void **)vp->value);
e3dd1d67 6152 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
6a8a60e0
JH		 6153 }
6154 else
80c974f8 6155#endif
6a8a60e0
JH		 6156 {
6157 md5 base;
6158 uschar digest[16];
6159 int j;
6160 char st[33];
6161 md5_start(&base);
6162 md5_end(&base, sub, Ustrlen(sub), digest);
6163 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
6164 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
6165 }
059ec3d9 6166 continue;
059ec3d9
PH		 6167
6168 case EOP_SHA1:
80c974f8 6169#ifdef SUPPORT_TLS
6a8a60e0
JH		 6170 if (vp && *(void **)vp->value)
6171 {
6172 uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value);
e3dd1d67 6173 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
6a8a60e0
JH		 6174 }
6175 else
80c974f8 6176#endif
6a8a60e0
JH		 6177 {
6178 sha1 base;
6179 uschar digest[20];
6180 int j;
6181 char st[41];
6182 sha1_start(&base);
6183 sha1_end(&base, sub, Ustrlen(sub), digest);
6184 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
6185 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
6186 }
059ec3d9 6187 continue;
059ec3d9 6188
9ef9101c
JH		 6189 case EOP_SHA256:
6190#ifdef SUPPORT_TLS
6191 if (vp && *(void **)vp->value)
6192 {
6193 uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
ca492d88 6194 yield = string_cat(yield, &size, &ptr, cp, (int)Ustrlen(cp));
9ef9101c
JH		 6195 }
6196 else
6197#endif
6198 expand_string_message = US"sha256 only supported for certificates";
6199 continue;
6200
059ec3d9
PH		 6201 /* Convert hex encoding to base64 encoding */
6202
6203 case EOP_HEX2B64:
6204 {
6205 int c = 0;
6206 int b = -1;
6207 uschar *in = sub;
6208 uschar *out = sub;
6209 uschar *enc;
6210
6211 for (enc = sub; *enc != 0; enc++)
6212 {
6213 if (!isxdigit(*enc))
6214 {
6215 expand_string_message = string_sprintf("\"%s\" is not a hex "
6216 "string", sub);
6217 goto EXPAND_FAILED;
6218 }
6219 c++;
6220 }
6221
6222 if ((c & 1) != 0)
6223 {
6224 expand_string_message = string_sprintf("\"%s\" contains an odd "
6225 "number of characters", sub);
6226 goto EXPAND_FAILED;
6227 }
6228
6229 while ((c = *in++) != 0)
6230 {
6231 if (isdigit(c)) c -= '0';
6232 else c = toupper(c) - 'A' + 10;
6233 if (b == -1)
6234 {
6235 b = c << 4;
6236 }
6237 else
6238 {
6239 *out++ = b | c;
6240 b = -1;
6241 }
6242 }
6243
6244 enc = auth_b64encode(sub, out - sub);
6245 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
6246 continue;
6247 }
6248
c393f931
TF		 6249 /* Convert octets outside 0x21..0x7E to \xXX form */
6250
6251 case EOP_HEXQUOTE:
6252 {
6253 uschar *t = sub - 1;
6254 while (*(++t) != 0)
6255 {
6256 if (*t < 0x21 || 0x7E < *t)
6257 yield = string_cat(yield, &size, &ptr,
6258 string_sprintf("\\x%02x", *t), 4);
6259 else
6260 yield = string_cat(yield, &size, &ptr, t, 1);
6261 }
6262 continue;
6263 }
6264
a64a3dfa
JH		 6265 /* count the number of list elements */
6266
6267 case EOP_LISTCOUNT:
6268 {
6269 int cnt = 0;
6270 int sep = 0;
6271 uschar * cp;
6272 uschar buffer[256];
6273
55414b25 6274 while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
a64a3dfa
JH		 6275 cp = string_sprintf("%d", cnt);
6276 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
6277 continue;
6278 }
6279
042eb971 6280 /* expand a named list given the name */
a64a3dfa 6281 /* handles nested named lists; requotes as colon-sep list */
042eb971 6282
a64a3dfa 6283 case EOP_LISTNAMED:
042eb971
JH		 6284 {
6285 tree_node *t = NULL;
55414b25 6286 const uschar * list;
042eb971
JH		 6287 int sep = 0;
6288 uschar * item;
6d9cfc47 6289 uschar * suffix = US"";
042eb971
JH		 6290 BOOL needsep = FALSE;
6291 uschar buffer[256];
6292
6293 if (*sub == '+') sub++;
6294 if (arg == NULL) /* no-argument version */
6295 {
6296 if (!(t = tree_search(addresslist_anchor, sub)) &&
6297 !(t = tree_search(domainlist_anchor, sub)) &&
6298 !(t = tree_search(hostlist_anchor, sub)))
6299 t = tree_search(localpartlist_anchor, sub);
6300 }
6301 else switch(*arg) /* specific list-type version */
6302 {
6d9cfc47
JH		 6303 case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break;
6304 case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break;
6305 case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break;
6306 case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
042eb971
JH		 6307 default:
6308 expand_string_message = string_sprintf("bad suffix on \"list\" operator");
6309 goto EXPAND_FAILED;
6310 }
6311
6312 if(!t)
6313 {
6314 expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
6315 sub, !arg?""
6316 : *arg=='a'?"address "
6317 : *arg=='d'?"domain "
6318 : *arg=='h'?"host "
6319 : *arg=='l'?"localpart "
6320 : 0);
6321 goto EXPAND_FAILED;
6322 }
6323
042eb971
JH		 6324 list = ((namedlist_block *)(t->data.ptr))->string;
6325
6326 while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
6327 {
6328 uschar * buf = US" : ";
6329 if (needsep)
6330 yield = string_cat(yield, &size, &ptr, buf, 3);
6331 else
6332 needsep = TRUE;
6333
6334 if (*item == '+') /* list item is itself a named list */
6335 {
a64a3dfa 6336 uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
b0e85a8f 6337 item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE, &resetok);
042eb971
JH		 6338 }
6339 else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
6340 {
6341 char * cp;
6342 char tok[3];
6343 tok[0] = sep; tok[1] = ':'; tok[2] = 0;
6344 while ((cp= strpbrk((const char *)item, tok)))
6345 {
6346 yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
6347 if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
6348 {
6349 yield = string_cat(yield, &size, &ptr, US"::", 2);
6d9cfc47 6350 item = (uschar *)cp;
042eb971
JH		 6351 }
6352 else /* sep in item; should already be doubled; emit once */
6353 {
6354 yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
6355 if (*cp == sep) cp++;
6d9cfc47 6356 item = (uschar *)cp;
042eb971
JH		 6357 }
6358 }
6359 }
6360 yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
6361 }
6362 continue;
6363 }
6364
059ec3d9
PH		 6365 /* mask applies a mask to an IP address; for example the result of
6366 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
6367
6368 case EOP_MASK:
6369 {
6370 int count;
6371 uschar *endptr;
6372 int binary[4];
6373 int mask, maskoffset;
6374 int type = string_is_ip_address(sub, &maskoffset);
6375 uschar buffer[64];
6376
6377 if (type == 0)
6378 {
6379 expand_string_message = string_sprintf("\"%s\" is not an IP address",
6380 sub);
6381 goto EXPAND_FAILED;
6382 }
6383
6384 if (maskoffset == 0)
6385 {
6386 expand_string_message = string_sprintf("missing mask value in \"%s\"",
6387 sub);
6388 goto EXPAND_FAILED;
6389 }
6390
6391 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
6392
6393 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
6394 {
6395 expand_string_message = string_sprintf("mask value too big in \"%s\"",
6396 sub);
6397 goto EXPAND_FAILED;
6398 }
6399
6400 /* Convert the address to binary integer(s) and apply the mask */
6401
6402 sub[maskoffset] = 0;
6403 count = host_aton(sub, binary);
6404 host_mask(count, binary, mask);
6405
6406 /* Convert to masked textual format and add to output. */
6407
6408 yield = string_cat(yield, &size, &ptr, buffer,
6f0c9a4f 6409 host_nmtoa(count, binary, mask, buffer, '.'));
059ec3d9
PH		 6410 continue;
6411 }
6412
fc4a7f70
JH		 6413 case EOP_IPV6NORM:
6414 case EOP_IPV6DENORM:
6415 {
6416 int type = string_is_ip_address(sub, NULL);
6417 int binary[4];
6418 uschar buffer[44];
6419
6420 switch (type)
6421 {
6422 case 6:
6423 (void) host_aton(sub, binary);
6424 break;
6425
6426 case 4: /* convert to IPv4-mapped IPv6 */
6427 binary[0] = binary[1] = 0;
6428 binary[2] = 0x0000ffff;
6429 (void) host_aton(sub, binary+3);
6430 break;
6431
6432 case 0:
6433 expand_string_message =
6434 string_sprintf("\"%s\" is not an IP address", sub);
6435 goto EXPAND_FAILED;
6436 }
6437
6438 yield = string_cat(yield, &size, &ptr, buffer,
6439 c == EOP_IPV6NORM
6440 ? ipv6_nmtoa(binary, buffer)
6441 : host_nmtoa(4, binary, -1, buffer, ':')
6442 );
6443 continue;
6444 }
6445
059ec3d9
PH		 6446 case EOP_ADDRESS:
6447 case EOP_LOCAL_PART:
6448 case EOP_DOMAIN:
6449 {
6450 uschar *error;
6451 int start, end, domain;
6452 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
6453 FALSE);
6454 if (t != NULL)
6455 {
6456 if (c != EOP_DOMAIN)
6457 {
6458 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
6459 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
6460 }
6461 else if (domain != 0)
6462 {
6463 domain += start;
6464 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
6465 }
6466 }
6467 continue;
6468 }
6469
29f89cad
PH		 6470 case EOP_ADDRESSES:
6471 {
6472 uschar outsep[2] = { ':', '\0' };
6473 uschar *address, *error;
6474 int save_ptr = ptr;
6475 int start, end, domain; /* Not really used */
6476
6477 while (isspace(*sub)) sub++;
6478 if (*sub == '>') { *outsep = *++sub; ++sub; }
6479 parse_allow_group = TRUE;
6480
6481 for (;;)
6482 {
6483 uschar *p = parse_find_address_end(sub, FALSE);
6484 uschar saveend = *p;
6485 *p = '\0';
6486 address = parse_extract_address(sub, &error, &start, &end, &domain,
6487 FALSE);
6488 *p = saveend;
6489
6490 /* Add the address to the output list that we are building. This is
6491 done in chunks by searching for the separator character. At the
6492 start, unless we are dealing with the first address of the output
6493 list, add in a space if the new address begins with the separator
6494 character, or is an empty string. */
6495
6496 if (address != NULL)
6497 {
6498 if (ptr != save_ptr && address[0] == *outsep)
6499 yield = string_cat(yield, &size, &ptr, US" ", 1);
6500
6501 for (;;)
6502 {
6503 size_t seglen = Ustrcspn(address, outsep);
6504 yield = string_cat(yield, &size, &ptr, address, seglen + 1);
6505
6506 /* If we got to the end of the string we output one character
6507 too many. */
6508
6509 if (address[seglen] == '\0') { ptr--; break; }
6510 yield = string_cat(yield, &size, &ptr, outsep, 1);
6511 address += seglen + 1;
6512 }
6513
6514 /* Output a separator after the string: we will remove the
6515 redundant final one at the end. */
6516
6517 yield = string_cat(yield, &size, &ptr, outsep, 1);
6518 }
6519
6520 if (saveend == '\0') break;
6521 sub = p + 1;
6522 }
6523
6524 /* If we have generated anything, remove the redundant final
6525 separator. */
6526
6527 if (ptr != save_ptr) ptr--;
6528 parse_allow_group = FALSE;
6529 continue;
6530 }
6531
6532
059ec3d9
PH		 6533 /* quote puts a string in quotes if it is empty or contains anything
6534 other than alphamerics, underscore, dot, or hyphen.
6535
6536 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
6537 be quoted in order to be a valid local part.
6538
6539 In both cases, newlines and carriage returns are converted into \n and \r
6540 respectively */
6541
6542 case EOP_QUOTE:
6543 case EOP_QUOTE_LOCAL_PART:
6544 if (arg == NULL)
6545 {
6546 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
6547 uschar *t = sub - 1;
6548
6549 if (c == EOP_QUOTE)
6550 {
6551 while (!needs_quote && *(++t) != 0)
6552 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
6553 }
6554 else /* EOP_QUOTE_LOCAL_PART */
6555 {
6556 while (!needs_quote && *(++t) != 0)
6557 needs_quote = !isalnum(*t) &&
6558 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
6559 (*t != '.' || t == sub || t[1] == 0);
6560 }
6561
6562 if (needs_quote)
6563 {
6564 yield = string_cat(yield, &size, &ptr, US"\"", 1);
6565 t = sub - 1;
6566 while (*(++t) != 0)
6567 {
6568 if (*t == '\n')
6569 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
6570 else if (*t == '\r')
6571 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
6572 else
6573 {
6574 if (*t == '\\' || *t == '"')
6575 yield = string_cat(yield, &size, &ptr, US"\\", 1);
6576 yield = string_cat(yield, &size, &ptr, t, 1);
6577 }
6578 }
6579 yield = string_cat(yield, &size, &ptr, US"\"", 1);
6580 }
6581 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
6582 continue;
6583 }
6584
6585 /* quote_lookuptype does lookup-specific quoting */
6586
6587 else
6588 {
6589 int n;
6590 uschar *opt = Ustrchr(arg, '_');
6591
6592 if (opt != NULL) *opt++ = 0;
6593
6594 n = search_findtype(arg, Ustrlen(arg));
6595 if (n < 0)
6596 {
6597 expand_string_message = search_error_message;
6598 goto EXPAND_FAILED;
6599 }
6600
e6d225ae
DW		 6601 if (lookup_list[n]->quote != NULL)
6602 sub = (lookup_list[n]->quote)(sub, opt);
059ec3d9
PH		 6603 else if (opt != NULL) sub = NULL;
6604
6605 if (sub == NULL)
6606 {
6607 expand_string_message = string_sprintf(
6608 "\"%s\" unrecognized after \"${quote_%s\"",
6609 opt, arg);
6610 goto EXPAND_FAILED;
6611 }
6612
6613 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
6614 continue;
6615 }
6616
6617 /* rx quote sticks in \ before any non-alphameric character so that
6618 the insertion works in a regular expression. */
6619
6620 case EOP_RXQUOTE:
6621 {
6622 uschar *t = sub - 1;
6623 while (*(++t) != 0)
6624 {
6625 if (!isalnum(*t))
6626 yield = string_cat(yield, &size, &ptr, US"\\", 1);
6627 yield = string_cat(yield, &size, &ptr, t, 1);
6628 }
6629 continue;
6630 }
6631
6632 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
6633 prescribed by the RFC, if there are characters that need to be encoded */
6634
6635 case EOP_RFC2047:
6636 {
14702f5b 6637 uschar buffer[2048];
55414b25 6638 const uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
46218253 6639 buffer, sizeof(buffer), FALSE);
059ec3d9
PH		 6640 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
6641 continue;
6642 }
6643
9c57cbc0
PH		 6644 /* RFC 2047 decode */
6645
6646 case EOP_RFC2047D:
6647 {
6648 int len;
6649 uschar *error;
6650 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
6651 headers_charset, '?', &len, &error);
6652 if (error != NULL)
6653 {
6654 expand_string_message = error;
6655 goto EXPAND_FAILED;
6656 }
6657 yield = string_cat(yield, &size, &ptr, decoded, len);
6658 continue;
6659 }
6660
059ec3d9
PH		 6661 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
6662 underscores */
6663
6664 case EOP_FROM_UTF8:
6665 {
6666 while (*sub != 0)
6667 {
6668 int c;
6669 uschar buff[4];
6670 GETUTF8INC(c, sub);
6671 if (c > 255) c = '_';
6672 buff[0] = c;
6673 yield = string_cat(yield, &size, &ptr, buff, 1);
6674 }
6675 continue;
6676 }
6677
b9c2e32f 6678 /* replace illegal UTF-8 sequences by replacement character */
94431adb 6679
b9c2e32f
AR		 6680 #define UTF8_REPLACEMENT_CHAR US"?"
6681
6682 case EOP_UTF8CLEAN:
6683 {
85098ee7 6684 int seq_len = 0, index = 0;
e3dd1d67 6685 int bytes_left = 0;
e8e86723 6686 long codepoint = -1;
b9c2e32f 6687 uschar seq_buff[4]; /* accumulate utf-8 here */
94431adb 6688
b9c2e32f
AR		 6689 while (*sub != 0)
6690 {
e8e86723
JH		 6691 int complete = 0;
6692 uschar c = *sub++;
b9c2e32f 6693
e3dd1d67 6694 if (bytes_left)
b9c2e32f
AR		 6695 {
6696 if ((c & 0xc0) != 0x80)
b9c2e32f
AR		 6697 /* wrong continuation byte; invalidate all bytes */
6698 complete = 1; /* error */
b9c2e32f
AR		 6699 else
6700 {
6701 codepoint = (codepoint << 6) | (c & 0x3f);
6702 seq_buff[index++] = c;
6703 if (--bytes_left == 0) /* codepoint complete */
b9c2e32f 6704 if(codepoint > 0x10FFFF) /* is it too large? */
e8e86723 6705 complete = -1; /* error (RFC3629 limit) */
b9c2e32f
AR		 6706 else
6707 { /* finished; output utf-8 sequence */
6708 yield = string_cat(yield, &size, &ptr, seq_buff, seq_len);
6709 index = 0;
6710 }
b9c2e32f
AR		 6711 }
6712 }
6713 else /* no bytes left: new sequence */
6714 {
6715 if((c & 0x80) == 0) /* 1-byte sequence, US-ASCII, keep it */
6716 {
6717 yield = string_cat(yield, &size, &ptr, &c, 1);
6718 continue;
6719 }
6720 if((c & 0xe0) == 0xc0) /* 2-byte sequence */
6721 {
10cc8a1e
AR		 6722 if(c == 0xc0 || c == 0xc1) /* 0xc0 and 0xc1 are illegal */
6723 complete = -1;
6724 else
6725 {
6726 bytes_left = 1;
6727 codepoint = c & 0x1f;
6728 }
b9c2e32f
AR		 6729 }
6730 else if((c & 0xf0) == 0xe0) /* 3-byte sequence */
6731 {
6732 bytes_left = 2;
6733 codepoint = c & 0x0f;
6734 }
6735 else if((c & 0xf8) == 0xf0) /* 4-byte sequence */
6736 {
6737 bytes_left = 3;
6738 codepoint = c & 0x07;
6739 }
6740 else /* invalid or too long (RFC3629 allows only 4 bytes) */
6741 complete = -1;
6742
6743 seq_buff[index++] = c;
6744 seq_len = bytes_left + 1;
6745 } /* if(bytes_left) */
6746
6747 if (complete != 0)
6748 {
6749 bytes_left = index = 0;
6750 yield = string_cat(yield, &size, &ptr, UTF8_REPLACEMENT_CHAR, 1);
6751 }
6752 if ((complete == 1) && ((c & 0x80) == 0))
4e08fd50 6753 /* ASCII character follows incomplete sequence */
b9c2e32f 6754 yield = string_cat(yield, &size, &ptr, &c, 1);
b9c2e32f
AR		 6755 }
6756 continue;
6757 }
6758
4e08fd50
JH		 6759#ifdef EXPERIMENTAL_INTERNATIONAL
6760 case EOP_UTF8_DOMAIN_TO_ALABEL:
6761 {
6762 uschar * error = NULL;
6763 uschar * s = string_domain_utf8_to_alabel(sub, &error);
6764 if (error)
6765 {
6766 expand_string_message = string_sprintf(
6767 "error converting utf8 (%s) to alabel: %s",
6768 string_printing(sub), error);
6769 goto EXPAND_FAILED;
6770 }
6771 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6772 continue;
6773 }
6774
6775 case EOP_UTF8_DOMAIN_FROM_ALABEL:
6776 {
6777 uschar * error = NULL;
6778 uschar * s = string_domain_alabel_to_utf8(sub, &error);
6779 if (error)
6780 {
6781 expand_string_message = string_sprintf(
6782 "error converting alabel (%s) to utf8: %s",
6783 string_printing(sub), error);
6784 goto EXPAND_FAILED;
6785 }
6786 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6787 continue;
6788 }
6789
6790 case EOP_UTF8_LOCALPART_TO_ALABEL:
6791 {
6792 uschar * error = NULL;
6793 uschar * s = string_localpart_utf8_to_alabel(sub, &error);
6794 if (error)
6795 {
6796 expand_string_message = string_sprintf(
6797 "error converting utf8 (%s) to alabel: %s",
6798 string_printing(sub), error);
6799 goto EXPAND_FAILED;
6800 }
6801 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6802 DEBUG(D_expand) debug_printf("yield: '%s'\n", yield);
6803 continue;
6804 }
6805
6806 case EOP_UTF8_LOCALPART_FROM_ALABEL:
6807 {
6808 uschar * error = NULL;
6809 uschar * s = string_localpart_alabel_to_utf8(sub, &error);
6810 if (error)
6811 {
6812 expand_string_message = string_sprintf(
6813 "error converting alabel (%s) to utf8: %s",
6814 string_printing(sub), error);
6815 goto EXPAND_FAILED;
6816 }
6817 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6818 continue;
6819 }
6820#endif /* EXPERIMENTAL_INTERNATIONAL */
6821
059ec3d9
PH		 6822 /* escape turns all non-printing characters into escape sequences. */
6823
6824 case EOP_ESCAPE:
6825 {
55414b25 6826 const uschar *t = string_printing(sub);
059ec3d9
PH		 6827 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6828 continue;
6829 }
6830
6831 /* Handle numeric expression evaluation */
6832
6833 case EOP_EVAL:
6834 case EOP_EVAL10:
6835 {
6836 uschar *save_sub = sub;
6837 uschar *error = NULL;
97d17305 6838 int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
059ec3d9
PH		 6839 if (error != NULL)
6840 {
6841 expand_string_message = string_sprintf("error in expression "
6842 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
6843 save_sub);
6844 goto EXPAND_FAILED;
6845 }
97d17305 6846 sprintf(CS var_buffer, PR_EXIM_ARITH, n);
059ec3d9
PH		 6847 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
6848 continue;
6849 }
6850
6851 /* Handle time period formating */
6852
f90d018c
PH		 6853 case EOP_TIME_EVAL:
6854 {
6855 int n = readconf_readtime(sub, 0, FALSE);
6856 if (n < 0)
6857 {
6858 expand_string_message = string_sprintf("string \"%s\" is not an "
6859 "Exim time interval in \"%s\" operator", sub, name);
6860 goto EXPAND_FAILED;
6861 }
6862 sprintf(CS var_buffer, "%d", n);
6863 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
6864 continue;
6865 }
6866
059ec3d9
PH		 6867 case EOP_TIME_INTERVAL:
6868 {
6869 int n;
6870 uschar *t = read_number(&n, sub);
6871 if (*t != 0) /* Not A Number*/
6872 {
6873 expand_string_message = string_sprintf("string \"%s\" is not a "
6874 "positive number in \"%s\" operator", sub, name);
6875 goto EXPAND_FAILED;
6876 }
6877 t = readconf_printtime(n);
6878 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6879 continue;
6880 }
6881
6882 /* Convert string to base64 encoding */
6883
6884 case EOP_STR2B64:
6885 {
6886 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
6887 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
6888 continue;
6889 }
6890
6891 /* strlen returns the length of the string */
6892
6893 case EOP_STRLEN:
6894 {
6895 uschar buff[24];
6896 (void)sprintf(CS buff, "%d", Ustrlen(sub));
6897 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
6898 continue;
6899 }
6900
6901 /* length_n or l_n takes just the first n characters or the whole string,
6902 whichever is the shorter;
6903
6904 substr_m_n, and s_m_n take n characters from offset m; negative m take
6905 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
6906 takes the rest, either to the right or to the left.
6907
6908 hash_n or h_n makes a hash of length n from the string, yielding n
6909 characters from the set a-z; hash_n_m makes a hash of length n, but
6910 uses m characters from the set a-zA-Z0-9.
6911
6912 nhash_n returns a single number between 0 and n-1 (in text form), while
6913 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
6914 between 0 and n-1 and the second between 0 and m-1. */
6915
6916 case EOP_LENGTH:
6917 case EOP_L:
6918 case EOP_SUBSTR:
6919 case EOP_S:
6920 case EOP_HASH:
6921 case EOP_H:
6922 case EOP_NHASH:
6923 case EOP_NH:
6924 {
6925 int sign = 1;
6926 int value1 = 0;
6927 int value2 = -1;
6928 int *pn;
6929 int len;
6930 uschar *ret;
6931
6932 if (arg == NULL)
6933 {
6934 expand_string_message = string_sprintf("missing values after %s",
6935 name);
6936 goto EXPAND_FAILED;
6937 }
6938
6939 /* "length" has only one argument, effectively being synonymous with
6940 substr_0_n. */
6941
6942 if (c == EOP_LENGTH || c == EOP_L)
6943 {
6944 pn = &value2;
6945 value2 = 0;
6946 }
6947
6948 /* The others have one or two arguments; for "substr" the first may be
6949 negative. The second being negative means "not supplied". */
6950
6951 else
6952 {
6953 pn = &value1;
6954 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
6955 }
6956
6957 /* Read up to two numbers, separated by underscores */
6958
6959 ret = arg;
6960 while (*arg != 0)
6961 {
6962 if (arg != ret && *arg == '_' && pn == &value1)
6963 {
6964 pn = &value2;
6965 value2 = 0;
6966 if (arg[1] != 0) arg++;
6967 }
6968 else if (!isdigit(*arg))
6969 {
6970 expand_string_message =
6971 string_sprintf("non-digit after underscore in \"%s\"", name);
6972 goto EXPAND_FAILED;
6973 }
6974 else *pn = (*pn)*10 + *arg++ - '0';
6975 }
6976 value1 *= sign;
6977
6978 /* Perform the required operation */
6979
6980 ret =
6981 (c == EOP_HASH || c == EOP_H)?
6982 compute_hash(sub, value1, value2, &len) :
6983 (c == EOP_NHASH || c == EOP_NH)?
6984 compute_nhash(sub, value1, value2, &len) :
6985 extract_substr(sub, value1, value2, &len);
6986
6987 if (ret == NULL) goto EXPAND_FAILED;
6988 yield = string_cat(yield, &size, &ptr, ret, len);
6989 continue;
6990 }
6991
6992 /* Stat a path */
6993
6994 case EOP_STAT:
6995 {
6996 uschar *s;
6997 uschar smode[12];
6998 uschar **modetable[3];
6999 int i;
7000 mode_t mode;
7001 struct stat st;
7002
254e032f
PH		 7003 if ((expand_forbid & RDO_EXISTS) != 0)
7004 {
7005 expand_string_message = US"Use of the stat() expansion is not permitted";
7006 goto EXPAND_FAILED;
7007 }
7008
059ec3d9
PH		 7009 if (stat(CS sub, &st) < 0)
7010 {
7011 expand_string_message = string_sprintf("stat(%s) failed: %s",
7012 sub, strerror(errno));
7013 goto EXPAND_FAILED;
7014 }
7015 mode = st.st_mode;
7016 switch (mode & S_IFMT)
7017 {
7018 case S_IFIFO: smode[0] = 'p'; break;
7019 case S_IFCHR: smode[0] = 'c'; break;
7020 case S_IFDIR: smode[0] = 'd'; break;
7021 case S_IFBLK: smode[0] = 'b'; break;
7022 case S_IFREG: smode[0] = '-'; break;
7023 default: smode[0] = '?'; break;
7024 }
7025
7026 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
7027 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
7028 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
7029
7030 for (i = 0; i < 3; i++)
7031 {
7032 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
7033 mode >>= 3;
7034 }
7035
7036 smode[10] = 0;
7037 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
b1c749bb 7038 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
059ec3d9
PH		 7039 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
7040 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
b1c749bb 7041 (long)st.st_gid, st.st_size, (long)st.st_atime,
059ec3d9
PH		 7042 (long)st.st_mtime, (long)st.st_ctime);
7043 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
7044 continue;
7045 }
7046
17c76198 7047 /* vaguely random number less than N */
9e3331ea
TK		 7048
7049 case EOP_RANDINT:
7050 {
97d17305 7051 int_eximarith_t max;
9e3331ea
TK		 7052 uschar *s;
7053
7685ce68 7054 max = expanded_string_integer(sub, TRUE);
9e3331ea
TK		 7055 if (expand_string_message != NULL)
7056 goto EXPAND_FAILED;
17c76198 7057 s = string_sprintf("%d", vaguely_random_number((int)max));
9e3331ea
TK		 7058 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
7059 continue;
7060 }
7061
83e029d5
PP		 7062 /* Reverse IP, including IPv6 to dotted-nibble */
7063
7064 case EOP_REVERSE_IP:
7065 {
7066 int family, maskptr;
7067 uschar reversed[128];
7068
7069 family = string_is_ip_address(sub, &maskptr);
7070 if (family == 0)
7071 {
7072 expand_string_message = string_sprintf(
7073 "reverse_ip() not given an IP address [%s]", sub);
7074 goto EXPAND_FAILED;
7075 }
7076 invert_address(reversed, sub);
7077 yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed));
7078 continue;
7079 }
7080
059ec3d9
PH		 7081 /* Unknown operator */
7082
7083 default:
7084 expand_string_message =
7085 string_sprintf("unknown expansion operator \"%s\"", name);
7086 goto EXPAND_FAILED;
7087 }
7088 }
7089
7090 /* Handle a plain name. If this is the first thing in the expansion, release
7091 the pre-allocated buffer. If the result data is known to be in a new buffer,
7092 newsize will be set to the size of that buffer, and we can just point at that
7093 store instead of copying. Many expansion strings contain just one reference,
7094 so this is a useful optimization, especially for humungous headers
7095 ($message_headers). */
2e23003a 7096 /*{*/
059ec3d9
PH		 7097 if (*s++ == '}')
7098 {
7099 int len;
7100 int newsize = 0;
7101 if (ptr == 0)
7102 {
d6b4d938 7103 if (resetok) store_reset(yield);
059ec3d9
PH		 7104 yield = NULL;
7105 size = 0;
7106 }
7107 value = find_variable(name, FALSE, skipping, &newsize);
7108 if (value == NULL)
7109 {
7110 expand_string_message =
7111 string_sprintf("unknown variable in \"${%s}\"", name);
641cb756 7112 check_variable_error_message(name);
059ec3d9
PH		 7113 goto EXPAND_FAILED;
7114 }
7115 len = Ustrlen(value);
7116 if (yield == NULL && newsize != 0)
7117 {
7118 yield = value;
7119 size = newsize;
7120 ptr = len;
7121 }
7122 else yield = string_cat(yield, &size, &ptr, value, len);
7123 continue;
7124 }
7125
7126 /* Else there's something wrong */
7127
7128 expand_string_message =
7129 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
7130 "in a variable reference)", name);
7131 goto EXPAND_FAILED;
7132 }
7133
7134/* If we hit the end of the string when ket_ends is set, there is a missing
7135terminating brace. */
7136
7137if (ket_ends && *s == 0)
7138 {
7139 expand_string_message = malformed_header?
7140 US"missing } at end of string - could be header name not terminated by colon"
7141 :
7142 US"missing } at end of string";
7143 goto EXPAND_FAILED;
7144 }
7145
7146/* Expansion succeeded; yield may still be NULL here if nothing was actually
7147added to the string. If so, set up an empty string. Add a terminating zero. If
7148left != NULL, return a pointer to the terminator. */
7149
7150if (yield == NULL) yield = store_get(1);
7151yield[ptr] = 0;
7152if (left != NULL) *left = s;
7153
7154/* Any stacking store that was used above the final string is no longer needed.
7155In many cases the final string will be the first one that was got and so there
7156will be optimal store usage. */
7157
d6b4d938 7158if (resetok) store_reset(yield + ptr + 1);
b0e85a8f
JH		 7159else if (resetok_p) *resetok_p = FALSE;
7160
059ec3d9
PH		 7161DEBUG(D_expand)
7162 {
7163 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
7164 yield);
7165 if (skipping) debug_printf("skipping: result is not used\n");
7166 }
7167return yield;
7168
7169/* This is the failure exit: easiest to program with a goto. We still need
7170to update the pointer to the terminator, for cases of nested calls with "fail".
7171*/
7172
7173EXPAND_FAILED_CURLY:
7174expand_string_message = malformed_header?
7175 US"missing or misplaced { or } - could be header name not terminated by colon"
7176 :
7177 US"missing or misplaced { or }";
7178
7179/* At one point, Exim reset the store to yield (if yield was not NULL), but
7180that is a bad idea, because expand_string_message is in dynamic store. */
7181
7182EXPAND_FAILED:
7183if (left != NULL) *left = s;
7184DEBUG(D_expand)
7185 {
7186 debug_printf("failed to expand: %s\n", string);
7187 debug_printf(" error message: %s\n", expand_string_message);
7188 if (expand_string_forcedfail) debug_printf("failure was forced\n");
7189 }
b0e85a8f 7190if (resetok_p) *resetok_p = resetok;
059ec3d9
PH		 7191return NULL;
7192}
7193
7194
7195/* This is the external function call. Do a quick check for any expansion
7196metacharacters, and if there are none, just return the input string.
7197
7198Argument: the string to be expanded
7199Returns: the expanded string, or NULL if expansion failed; if failure was
7200 due to a lookup deferring, search_find_defer will be TRUE
7201*/
7202
7203uschar *
7204expand_string(uschar *string)
7205{
7206search_find_defer = FALSE;
7207malformed_header = FALSE;
7208return (Ustrpbrk(string, "$\\") == NULL)? string :
b0e85a8f 7209 expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
059ec3d9
PH		 7210}
7211
7212
7213
55414b25
JH		 7214const uschar *
7215expand_cstring(const uschar *string)
7216{
7217search_find_defer = FALSE;
7218malformed_header = FALSE;
7219return (Ustrpbrk(string, "$\\") == NULL)? string :
7220 expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
7221}
7222
7223
7224
059ec3d9
PH		 7225/*************************************************
7226* Expand and copy *
7227*************************************************/
7228
7229/* Now and again we want to expand a string and be sure that the result is in a
7230new bit of store. This function does that.
55414b25 7231Since we know it has been copied, the de-const cast is safe.
059ec3d9
PH		 7232
7233Argument: the string to be expanded
7234Returns: the expanded string, always in a new bit of store, or NULL
7235*/
7236
7237uschar *
55414b25 7238expand_string_copy(const uschar *string)
059ec3d9 7239{
55414b25 7240const uschar *yield = expand_cstring(string);
059ec3d9 7241if (yield == string) yield = string_copy(string);
55414b25 7242return US yield;
059ec3d9
PH		 7243}
7244
7245
7246
7247/*************************************************
7248* Expand and interpret as an integer *
7249*************************************************/
7250
7251/* Expand a string, and convert the result into an integer.
7252
d45b1de8
PH		 7253Arguments:
7254 string the string to be expanded
7255 isplus TRUE if a non-negative number is expected
059ec3d9
PH		 7256
7257Returns: the integer value, or
7258 -1 for an expansion error ) in both cases, message in
7259 -2 for an integer interpretation error ) expand_string_message
d45b1de8 7260 expand_string_message is set NULL for an OK integer
059ec3d9
PH		 7261*/
7262
97d17305 7263int_eximarith_t
d45b1de8 7264expand_string_integer(uschar *string, BOOL isplus)
059ec3d9 7265{
7685ce68
TF		 7266return expanded_string_integer(expand_string(string), isplus);
7267}
7268
7269
7270/*************************************************
7271 * Interpret string as an integer *
7272 *************************************************/
7273
7274/* Convert a string (that has already been expanded) into an integer.
7275
7276This function is used inside the expansion code.
7277
7278Arguments:
7279 s the string to be expanded
7280 isplus TRUE if a non-negative number is expected
7281
7282Returns: the integer value, or
7283 -1 if string is NULL (which implies an expansion error)
7284 -2 for an integer interpretation error
7285 expand_string_message is set NULL for an OK integer
7286*/
7287
7288static int_eximarith_t
55414b25 7289expanded_string_integer(const uschar *s, BOOL isplus)
7685ce68 7290{
97d17305 7291int_eximarith_t value;
059ec3d9
PH		 7292uschar *msg = US"invalid integer \"%s\"";
7293uschar *endptr;
7294
d45b1de8
PH		 7295/* If expansion failed, expand_string_message will be set. */
7296
059ec3d9
PH		 7297if (s == NULL) return -1;
7298
7299/* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
7300to ERANGE. When there isn't an overflow, errno is not changed, at least on some
7301systems, so we set it zero ourselves. */
7302
7303errno = 0;
d45b1de8 7304expand_string_message = NULL; /* Indicates no error */
b52bc06e
NM		 7305
7306/* Before Exim 4.64, strings consisting entirely of whitespace compared
7307equal to 0. Unfortunately, people actually relied upon that, so preserve
7308the behaviour explicitly. Stripping leading whitespace is a harmless
7309noop change since strtol skips it anyway (provided that there is a number
7310to find at all). */
7311if (isspace(*s))
7312 {
7313 while (isspace(*s)) ++s;
7314 if (*s == '\0')
7315 {
7316 DEBUG(D_expand)
7317 debug_printf("treating blank string as number 0\n");
7318 return 0;
7319 }
7320 }
7321
aa7c82b2 7322value = strtoll(CS s, CSS &endptr, 10);
059ec3d9
PH		 7323
7324if (endptr == s)
7325 {
7326 msg = US"integer expected but \"%s\" found";
7327 }
d45b1de8
PH		 7328else if (value < 0 && isplus)
7329 {
7330 msg = US"non-negative integer expected but \"%s\" found";
7331 }
059ec3d9
PH		 7332else
7333 {
4eb9d6ef 7334 switch (tolower(*endptr))
059ec3d9 7335 {
4eb9d6ef
JH		 7336 default:
7337 break;
7338 case 'k':
4328fd3c 7339 if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE;
aa7c82b2 7340 else value *= 1024;
4eb9d6ef
JH		 7341 endptr++;
7342 break;
7343 case 'm':
4328fd3c 7344 if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE;
4eb9d6ef
JH		 7345 else value *= 1024*1024;
7346 endptr++;
7347 break;
7348 case 'g':
4328fd3c 7349 if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE;
4eb9d6ef
JH		 7350 else value *= 1024*1024*1024;
7351 endptr++;
7352 break;
059ec3d9
PH		 7353 }
7354 if (errno == ERANGE)
7355 msg = US"absolute value of integer \"%s\" is too large (overflow)";
7356 else
7357 {
7358 while (isspace(*endptr)) endptr++;
725735cd 7359 if (*endptr == 0) return value;
059ec3d9
PH		 7360 }
7361 }
7362
7363expand_string_message = string_sprintf(CS msg, s);
7364return -2;
7365}
7366
059ec3d9 7367
9c695f6d
JH		 7368/* These values are usually fixed boolean values, but they are permitted to be
7369expanded strings.
7370
7371Arguments:
7372 addr address being routed
7373 mtype the module type
7374 mname the module name
7375 dbg_opt debug selectors
7376 oname the option name
7377 bvalue the router's boolean value
7378 svalue the router's string value
7379 rvalue where to put the returned value
7380
7381Returns: OK value placed in rvalue
7382 DEFER expansion failed
7383*/
7384
7385int
7386exp_bool(address_item *addr,
7387 uschar *mtype, uschar *mname, unsigned dbg_opt,
7388 uschar *oname, BOOL bvalue,
7389 uschar *svalue, BOOL *rvalue)
7390{
7391uschar *expanded;
7392if (svalue == NULL) { *rvalue = bvalue; return OK; }
7393
7394expanded = expand_string(svalue);
7395if (expanded == NULL)
7396 {
7397 if (expand_string_forcedfail)
7398 {
7399 DEBUG(dbg_opt) debug_printf("expansion of \"%s\" forced failure\n", oname);
7400 *rvalue = bvalue;
7401 return OK;
7402 }
7403 addr->message = string_sprintf("failed to expand \"%s\" in %s %s: %s",
7404 oname, mname, mtype, expand_string_message);
7405 DEBUG(dbg_opt) debug_printf("%s\n", addr->message);
7406 return DEFER;
7407 }
7408
7409DEBUG(dbg_opt) debug_printf("expansion of \"%s\" yields \"%s\"\n", oname,
7410 expanded);
7411
7412if (strcmpic(expanded, US"true") == 0 || strcmpic(expanded, US"yes") == 0)
7413 *rvalue = TRUE;
7414else if (strcmpic(expanded, US"false") == 0 || strcmpic(expanded, US"no") == 0)
7415 *rvalue = FALSE;
7416else
7417 {
7418 addr->message = string_sprintf("\"%s\" is not a valid value for the "
7419 "\"%s\" option in the %s %s", expanded, oname, mname, mtype);
7420 return DEFER;
7421 }
7422
7423return OK;
7424}
7425
7426
7427
7428
059ec3d9
PH		 7429/*************************************************
7430**************************************************
7431* Stand-alone test program *
7432**************************************************
7433*************************************************/
7434
7435#ifdef STAND_ALONE
7436
7437
7438BOOL
7439regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
7440{
7441int ovector[3*(EXPAND_MAXN+1)];
7442int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
0539a19d 7443 ovector, nelem(ovector));
059ec3d9
PH		 7444BOOL yield = n >= 0;
7445if (n == 0) n = EXPAND_MAXN + 1;
7446if (yield)
7447 {
7448 int nn;
7449 expand_nmax = (setup < 0)? 0 : setup + 1;
7450 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
7451 {
7452 expand_nstring[expand_nmax] = subject + ovector[nn];
7453 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
7454 }
7455 expand_nmax--;
7456 }
7457return yield;
7458}
7459
7460
7461int main(int argc, uschar **argv)
7462{
7463int i;
7464uschar buffer[1024];
7465
7466debug_selector = D_v;
7467debug_file = stderr;
7468debug_fd = fileno(debug_file);
7469big_buffer = malloc(big_buffer_size);
7470
7471for (i = 1; i < argc; i++)
7472 {
7473 if (argv[i][0] == '+')
7474 {
7475 debug_trace_memory = 2;
7476 argv[i]++;
7477 }
7478 if (isdigit(argv[i][0]))
7479 debug_selector = Ustrtol(argv[i], NULL, 0);
7480 else
7481 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
7482 Ustrlen(argv[i]))
7483 {
7484 #ifdef LOOKUP_LDAP
7485 eldap_default_servers = argv[i];
7486 #endif
7487 #ifdef LOOKUP_MYSQL
7488 mysql_servers = argv[i];
7489 #endif
7490 #ifdef LOOKUP_PGSQL
7491 pgsql_servers = argv[i];
7492 #endif
9bdd29ad
TL		 7493 #ifdef EXPERIMENTAL_REDIS
7494 redis_servers = argv[i];
7495 #endif
059ec3d9
PH		 7496 }
7497 #ifdef EXIM_PERL
7498 else opt_perl_startup = argv[i];
7499 #endif
7500 }
7501
7502printf("Testing string expansion: debug_level = %d\n\n", debug_level);
7503
7504expand_nstring[1] = US"string 1....";
7505expand_nlength[1] = 8;
7506expand_nmax = 1;
7507
7508#ifdef EXIM_PERL
7509if (opt_perl_startup != NULL)
7510 {
7511 uschar *errstr;
7512 printf("Starting Perl interpreter\n");
7513 errstr = init_perl(opt_perl_startup);
7514 if (errstr != NULL)
7515 {
7516 printf("** error in perl_startup code: %s\n", errstr);
7517 return EXIT_FAILURE;
7518 }
7519 }
7520#endif /* EXIM_PERL */
7521
7522while (fgets(buffer, sizeof(buffer), stdin) != NULL)
7523 {
7524 void *reset_point = store_get(0);
7525 uschar *yield = expand_string(buffer);
7526 if (yield != NULL)
7527 {
7528 printf("%s\n", yield);
7529 store_reset(reset_point);
7530 }
7531 else
7532 {
7533 if (search_find_defer) printf("search_find deferred\n");
7534 printf("Failed: %s\n", expand_string_message);
7535 if (expand_string_forcedfail) printf("Forced failure\n");
7536 printf("\n");
7537 }
7538 }
7539
7540search_tidyup();
7541
7542return 0;
7543}
7544
7545#endif
7546
9e4dddbd 7547/* vi: aw ai sw=2
b9c2e32f 7548*/
059ec3d9 7549/* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.