Start
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH
1/* $Cambridge: exim/src/src/expand.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
7/* Copyright (c) University of Cambridge 1995 - 2004 */
8/* See the file NOTICE for conditions of use and distribution. */
9
10
11/* Functions for handling string expansion. */
12
13
14#include "exim.h"
15
16#ifdef STAND_ALONE
17#ifndef SUPPORT_CRYPTEQ
18#define SUPPORT_CRYPTEQ
19#endif
20#endif
21
22#ifdef SUPPORT_CRYPTEQ
23#ifdef CRYPT_H
24#include <crypt.h>
25#endif
26#ifndef HAVE_CRYPT16
27extern char* crypt16(char*, char*);
28#endif
29#endif
30
31#ifdef LOOKUP_LDAP
32#include "lookups/ldap.h"
33#endif
34
35
36
37/* Recursively called function */
38
39static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43/*************************************************
44* Local statics and tables *
45*************************************************/
46
47/* Table of item names, and corresponding switch numbers. The names must be in
48alphabetical order. */
49
50static uschar *item_table[] = {
51 US"extract",
52 US"hash",
53 US"hmac",
54 US"if",
55 US"length",
56 US"lookup",
57 US"nhash",
58 #ifdef EXIM_PERL
59 US"perl",
60 #endif
61 US"readfile",
62 US"readsocket",
63 US"run",
64 US"sg",
65 US"substr",
66 US"tr" };
67
68enum {
69 EITEM_EXTRACT,
70 EITEM_HASH,
71 EITEM_HMAC,
72 EITEM_IF,
73 EITEM_LENGTH,
74 EITEM_LOOKUP,
75 EITEM_NHASH,
76 #ifdef EXIM_PERL
77 EITEM_PERL,
78 #endif
79 EITEM_READFILE,
80 EITEM_READSOCK,
81 EITEM_RUN,
82 EITEM_SG,
83 EITEM_SUBSTR,
84 EITEM_TR };
85
86/* Tables of operator names, and corresponding switch numbers. The names must be
87in alphabetical order. There are two tables, because underscore is used in some
88cases to introduce arguments, whereas for other it is part of the name. This is
89an historical mis-design. */
90
91static uschar *op_table_underscore[] = {
92 US"from_utf8",
93 US"local_part",
94 US"quote_local_part",
95 US"time_interval"};
96
97enum {
98 EOP_FROM_UTF8,
99 EOP_LOCAL_PART,
100 EOP_QUOTE_LOCAL_PART,
101 EOP_TIME_INTERVAL };
102
103static uschar *op_table_main[] = {
104 US"address",
105 US"base62",
106 US"base62d",
107 US"domain",
108 US"escape",
109 US"eval",
110 US"eval10",
111 US"expand",
112 US"h",
113 US"hash",
114 US"hex2b64",
115 US"l",
116 US"lc",
117 US"length",
118 US"mask",
119 US"md5",
120 US"nh",
121 US"nhash",
122 US"quote",
123 US"rfc2047",
124 US"rxquote",
125 US"s",
126 US"sha1",
127 US"stat",
128 US"str2b64",
129 US"strlen",
130 US"substr",
131 US"uc" };
132
133enum {
134 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
135 EOP_BASE62,
136 EOP_BASE62D,
137 EOP_DOMAIN,
138 EOP_ESCAPE,
139 EOP_EVAL,
140 EOP_EVAL10,
141 EOP_EXPAND,
142 EOP_H,
143 EOP_HASH,
144 EOP_HEX2B64,
145 EOP_L,
146 EOP_LC,
147 EOP_LENGTH,
148 EOP_MASK,
149 EOP_MD5,
150 EOP_NH,
151 EOP_NHASH,
152 EOP_QUOTE,
153 EOP_RFC2047,
154 EOP_RXQUOTE,
155 EOP_S,
156 EOP_SHA1,
157 EOP_STAT,
158 EOP_STR2B64,
159 EOP_STRLEN,
160 EOP_SUBSTR,
161 EOP_UC };
162
163
164/* Table of condition names, and corresponding switch numbers. The names must
165be in alphabetical order. */
166
167static uschar *cond_table[] = {
168 US"<",
169 US"<=",
170 US"=",
171 US"==", /* Backward compatibility */
172 US">",
173 US">=",
174 US"and",
175 US"crypteq",
176 US"def",
177 US"eq",
178 US"eqi",
179 US"exists",
180 US"first_delivery",
181 US"ge",
182 US"gei",
183 US"gt",
184 US"gti",
185 US"isip",
186 US"isip4",
187 US"isip6",
188 US"ldapauth",
189 US"le",
190 US"lei",
191 US"lt",
192 US"lti",
193 US"match",
194 US"match_address",
195 US"match_domain",
196 US"match_local_part",
197 US"or",
198 US"pam",
199 US"pwcheck",
200 US"queue_running",
201 US"radius",
202 US"saslauthd"
203};
204
205enum {
206 ECOND_NUM_L,
207 ECOND_NUM_LE,
208 ECOND_NUM_E,
209 ECOND_NUM_EE,
210 ECOND_NUM_G,
211 ECOND_NUM_GE,
212 ECOND_AND,
213 ECOND_CRYPTEQ,
214 ECOND_DEF,
215 ECOND_STR_EQ,
216 ECOND_STR_EQI,
217 ECOND_EXISTS,
218 ECOND_FIRST_DELIVERY,
219 ECOND_STR_GE,
220 ECOND_STR_GEI,
221 ECOND_STR_GT,
222 ECOND_STR_GTI,
223 ECOND_ISIP,
224 ECOND_ISIP4,
225 ECOND_ISIP6,
226 ECOND_LDAPAUTH,
227 ECOND_STR_LE,
228 ECOND_STR_LEI,
229 ECOND_STR_LT,
230 ECOND_STR_LTI,
231 ECOND_MATCH,
232 ECOND_MATCH_ADDRESS,
233 ECOND_MATCH_DOMAIN,
234 ECOND_MATCH_LOCAL_PART,
235 ECOND_OR,
236 ECOND_PAM,
237 ECOND_PWCHECK,
238 ECOND_QUEUE_RUNNING,
239 ECOND_RADIUS,
240 ECOND_SASLAUTHD
241};
242
243
244/* Type for main variable table */
245
246typedef struct {
247 char *name;
248 int type;
249 void *value;
250} var_entry;
251
252/* Type for entries pointing to address/length pairs. Not currently
253in use. */
254
255typedef struct {
256 uschar **address;
257 int *length;
258} alblock;
259
260/* Types of table entry */
261
262enum {
263 vtype_int, /* value is address of int */
264 vtype_filter_int, /* ditto, but recognized only when filtering */
265 vtype_ino, /* value is address of ino_t (not always an int) */
266 vtype_uid, /* value is address of uid_t (not always an int) */
267 vtype_gid, /* value is address of gid_t (not always an int) */
268 vtype_stringptr, /* value is address of pointer to string */
269 vtype_msgbody, /* as stringptr, but read when first required */
270 vtype_msgbody_end, /* ditto, the end of the message */
271 vtype_msgheaders, /* the message's headers */
272 vtype_localpart, /* extract local part from string */
273 vtype_domain, /* extract domain from string */
274 vtype_recipients, /* extract recipients from recipients list */
275 /* (enabled only during system filtering */
276 vtype_todbsdin, /* value not used; generate BSD inbox tod */
277 vtype_tode, /* value not used; generate tod in epoch format */
278 vtype_todf, /* value not used; generate full tod */
279 vtype_todl, /* value not used; generate log tod */
280 vtype_todlf, /* value not used; generate log file datestamp tod */
281 vtype_todzone, /* value not used; generate time zone only */
282 vtype_todzulu, /* value not used; generate zulu tod */
283 vtype_reply, /* value not used; get reply from headers */
284 vtype_pid, /* value not used; result is pid */
285 vtype_host_lookup, /* value not used; get host name */
286 vtype_load_avg /* value not used; result is int from os_getloadavg */
287 };
288
289/* This table must be kept in alphabetical order. */
290
291static var_entry var_table[] = {
292 { "acl_c0", vtype_stringptr, &acl_var[0] },
293 { "acl_c1", vtype_stringptr, &acl_var[1] },
294 { "acl_c2", vtype_stringptr, &acl_var[2] },
295 { "acl_c3", vtype_stringptr, &acl_var[3] },
296 { "acl_c4", vtype_stringptr, &acl_var[4] },
297 { "acl_c5", vtype_stringptr, &acl_var[5] },
298 { "acl_c6", vtype_stringptr, &acl_var[6] },
299 { "acl_c7", vtype_stringptr, &acl_var[7] },
300 { "acl_c8", vtype_stringptr, &acl_var[8] },
301 { "acl_c9", vtype_stringptr, &acl_var[9] },
302 { "acl_m0", vtype_stringptr, &acl_var[10] },
303 { "acl_m1", vtype_stringptr, &acl_var[11] },
304 { "acl_m2", vtype_stringptr, &acl_var[12] },
305 { "acl_m3", vtype_stringptr, &acl_var[13] },
306 { "acl_m4", vtype_stringptr, &acl_var[14] },
307 { "acl_m5", vtype_stringptr, &acl_var[15] },
308 { "acl_m6", vtype_stringptr, &acl_var[16] },
309 { "acl_m7", vtype_stringptr, &acl_var[17] },
310 { "acl_m8", vtype_stringptr, &acl_var[18] },
311 { "acl_m9", vtype_stringptr, &acl_var[19] },
312 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
313 { "address_data", vtype_stringptr, &deliver_address_data },
314 { "address_file", vtype_stringptr, &address_file },
315 { "address_pipe", vtype_stringptr, &address_pipe },
316 { "authenticated_id", vtype_stringptr, &authenticated_id },
317 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
318 { "authentication_failed",vtype_int, &authentication_failed },
319 { "body_linecount", vtype_int, &body_linecount },
320 { "body_zerocount", vtype_int, &body_zerocount },
321 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
322 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
323 { "caller_gid", vtype_gid, &real_gid },
324 { "caller_uid", vtype_uid, &real_uid },
325 { "compile_date", vtype_stringptr, &version_date },
326 { "compile_number", vtype_stringptr, &version_cnumber },
327 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
328 { "dnslist_text", vtype_stringptr, &dnslist_text },
329 { "dnslist_value", vtype_stringptr, &dnslist_value },
330 { "domain", vtype_stringptr, &deliver_domain },
331 { "domain_data", vtype_stringptr, &deliver_domain_data },
332 { "exim_gid", vtype_gid, &exim_gid },
333 { "exim_path", vtype_stringptr, &exim_path },
334 { "exim_uid", vtype_uid, &exim_uid },
335 { "home", vtype_stringptr, &deliver_home },
336 { "host", vtype_stringptr, &deliver_host },
337 { "host_address", vtype_stringptr, &deliver_host_address },
338 { "host_data", vtype_stringptr, &host_data },
339 { "host_lookup_failed", vtype_int, &host_lookup_failed },
340 { "inode", vtype_ino, &deliver_inode },
341 { "interface_address", vtype_stringptr, &interface_address },
342 { "interface_port", vtype_int, &interface_port },
343 #ifdef LOOKUP_LDAP
344 { "ldap_dn", vtype_stringptr, &eldap_dn },
345 #endif
346 { "load_average", vtype_load_avg, NULL },
347 { "local_part", vtype_stringptr, &deliver_localpart },
348 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
349 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
350 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
351 { "local_scan_data", vtype_stringptr, &local_scan_data },
352 { "local_user_gid", vtype_gid, &local_user_gid },
353 { "local_user_uid", vtype_uid, &local_user_uid },
354 { "localhost_number", vtype_int, &host_number },
355 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
356 { "message_age", vtype_int, &message_age },
357 { "message_body", vtype_msgbody, &message_body },
358 { "message_body_end", vtype_msgbody_end, &message_body_end },
359 { "message_body_size", vtype_int, &message_body_size },
360 { "message_headers", vtype_msgheaders, NULL },
361 { "message_id", vtype_stringptr, &message_id },
362 { "message_size", vtype_int, &message_size },
363 { "n0", vtype_filter_int, &filter_n[0] },
364 { "n1", vtype_filter_int, &filter_n[1] },
365 { "n2", vtype_filter_int, &filter_n[2] },
366 { "n3", vtype_filter_int, &filter_n[3] },
367 { "n4", vtype_filter_int, &filter_n[4] },
368 { "n5", vtype_filter_int, &filter_n[5] },
369 { "n6", vtype_filter_int, &filter_n[6] },
370 { "n7", vtype_filter_int, &filter_n[7] },
371 { "n8", vtype_filter_int, &filter_n[8] },
372 { "n9", vtype_filter_int, &filter_n[9] },
373 { "original_domain", vtype_stringptr, &deliver_domain_orig },
374 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
375 { "originator_gid", vtype_gid, &originator_gid },
376 { "originator_uid", vtype_uid, &originator_uid },
377 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
378 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
379 { "pid", vtype_pid, NULL },
380 { "primary_hostname", vtype_stringptr, &primary_hostname },
381 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
382 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
383 { "rcpt_count", vtype_int, &rcpt_count },
384 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
385 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
386 { "received_count", vtype_int, &received_count },
387 { "received_for", vtype_stringptr, &received_for },
388 { "received_protocol", vtype_stringptr, &received_protocol },
389 { "recipient_data", vtype_stringptr, &recipient_data },
390 { "recipients", vtype_recipients, NULL },
391 { "recipients_count", vtype_int, &recipients_count },
392 { "reply_address", vtype_reply, NULL },
393 { "return_path", vtype_stringptr, &return_path },
394 { "return_size_limit", vtype_int, &bounce_return_size_limit },
395 { "runrc", vtype_int, &runrc },
396 { "self_hostname", vtype_stringptr, &self_hostname },
397 { "sender_address", vtype_stringptr, &sender_address },
398 { "sender_address_domain", vtype_domain, &sender_address },
399 { "sender_address_local_part", vtype_localpart, &sender_address },
400 { "sender_data", vtype_stringptr, &sender_data },
401 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
402 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
403 { "sender_host_address", vtype_stringptr, &sender_host_address },
404 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
405 { "sender_host_name", vtype_host_lookup, NULL },
406 { "sender_host_port", vtype_int, &sender_host_port },
407 { "sender_ident", vtype_stringptr, &sender_ident },
408 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
409 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
410 { "sn0", vtype_filter_int, &filter_sn[0] },
411 { "sn1", vtype_filter_int, &filter_sn[1] },
412 { "sn2", vtype_filter_int, &filter_sn[2] },
413 { "sn3", vtype_filter_int, &filter_sn[3] },
414 { "sn4", vtype_filter_int, &filter_sn[4] },
415 { "sn5", vtype_filter_int, &filter_sn[5] },
416 { "sn6", vtype_filter_int, &filter_sn[6] },
417 { "sn7", vtype_filter_int, &filter_sn[7] },
418 { "sn8", vtype_filter_int, &filter_sn[8] },
419 { "sn9", vtype_filter_int, &filter_sn[9] },
420 { "spool_directory", vtype_stringptr, &spool_directory },
421 { "thisaddress", vtype_stringptr, &filter_thisaddress },
422 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
423 { "tls_cipher", vtype_stringptr, &tls_cipher },
424 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
425 { "tod_bsdinbox", vtype_todbsdin, NULL },
426 { "tod_epoch", vtype_tode, NULL },
427 { "tod_full", vtype_todf, NULL },
428 { "tod_log", vtype_todl, NULL },
429 { "tod_logfile", vtype_todlf, NULL },
430 { "tod_zone", vtype_todzone, NULL },
431 { "tod_zulu", vtype_todzulu, NULL },
432 { "value", vtype_stringptr, &lookup_value },
433 { "version_number", vtype_stringptr, &version_string },
434 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
435 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
436 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
437 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
438 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
439 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
440};
441
442static int var_table_size = sizeof(var_table)/sizeof(var_entry);
443static uschar var_buffer[256];
444static BOOL malformed_header;
445
446/* For textual hashes */
447
448static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
449 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
450 "0123456789";
451
452enum { HMAC_MD5, HMAC_SHA1 };
453
454/* For numeric hashes */
455
456static unsigned int prime[] = {
457 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
458 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
459 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
460
461/* For printing modes in symbolic form */
462
463static uschar *mtable_normal[] =
464 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
465
466static uschar *mtable_setid[] =
467 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
468
469static uschar *mtable_sticky[] =
470 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
471
472
473
474/*************************************************
475* Tables for UTF-8 support *
476*************************************************/
477
478/* Table of the number of extra characters, indexed by the first character
479masked with 0x3f. The highest number for a valid UTF-8 character is in fact
4800x3d. */
481
482static uschar utf8_table1[] = {
483 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
484 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
485 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
486 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
487
488/* These are the masks for the data bits in the first byte of a character,
489indexed by the number of additional bytes. */
490
491static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
492
493/* Get the next UTF-8 character, advancing the pointer. */
494
495#define GETUTF8INC(c, ptr) \
496 c = *ptr++; \
497 if ((c & 0xc0) == 0xc0) \
498 { \
499 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
500 int s = 6*a; \
501 c = (c & utf8_table2[a]) << s; \
502 while (a-- > 0) \
503 { \
504 s -= 6; \
505 c |= (*ptr++ & 0x3f) << s; \
506 } \
507 }
508
509
510/*************************************************
511* Binary chop search on a table *
512*************************************************/
513
514/* This is used for matching expansion items and operators.
515
516Arguments:
517 name the name that is being sought
518 table the table to search
519 table_size the number of items in the table
520
521Returns: the offset in the table, or -1
522*/
523
524static int
525chop_match(uschar *name, uschar **table, int table_size)
526{
527uschar **bot = table;
528uschar **top = table + table_size;
529
530while (top > bot)
531 {
532 uschar **mid = bot + (top - bot)/2;
533 int c = Ustrcmp(name, *mid);
534 if (c == 0) return mid - table;
535 if (c > 0) bot = mid + 1; else top = mid;
536 }
537
538return -1;
539}
540
541
542
543/*************************************************
544* Check a condition string *
545*************************************************/
546
547/* This function is called to expand a string, and test the result for a "true"
548or "false" value. Failure of the expansion yields FALSE; logged unless it was a
549forced fail or lookup defer. All store used by the function can be released on
550exit.
551
552Arguments:
553 condition the condition string
554 m1 text to be incorporated in panic error
555 m2 ditto
556
557Returns: TRUE if condition is met, FALSE if not
558*/
559
560BOOL
561expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
562{
563int rc;
564void *reset_point = store_get(0);
565uschar *ss = expand_string(condition);
566if (ss == NULL)
567 {
568 if (!expand_string_forcedfail && !search_find_defer)
569 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
570 "for %s %s: %s", condition, m1, m2, expand_string_message);
571 return FALSE;
572 }
573rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
574 strcmpic(ss, US"false") != 0;
575store_reset(reset_point);
576return rc;
577}
578
579
580
581/*************************************************
582* Pick out a name from a string *
583*************************************************/
584
585/* If the name is too long, it is silently truncated.
586
587Arguments:
588 name points to a buffer into which to put the name
589 max is the length of the buffer
590 s points to the first alphabetic character of the name
591 extras chars other than alphanumerics to permit
592
593Returns: pointer to the first character after the name
594
595Note: The test for *s != 0 in the while loop is necessary because
596Ustrchr() yields non-NULL if the character is zero (which is not something
597I expected). */
598
599static uschar *
600read_name(uschar *name, int max, uschar *s, uschar *extras)
601{
602int ptr = 0;
603while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
604 {
605 if (ptr < max-1) name[ptr++] = *s;
606 s++;
607 }
608name[ptr] = 0;
609return s;
610}
611
612
613
614/*************************************************
615* Pick out the rest of a header name *
616*************************************************/
617
618/* A variable name starting $header_ (or just $h_ for those who like
619abbreviations) might not be the complete header name because headers can
620contain any printing characters in their names, except ':'. This function is
621called to read the rest of the name, chop h[eader]_ off the front, and put ':'
622on the end, if the name was terminated by white space.
623
624Arguments:
625 name points to a buffer in which the name read so far exists
626 max is the length of the buffer
627 s points to the first character after the name so far, i.e. the
628 first non-alphameric character after $header_xxxxx
629
630Returns: a pointer to the first character after the header name
631*/
632
633static uschar *
634read_header_name(uschar *name, int max, uschar *s)
635{
636int prelen = Ustrchr(name, '_') - name + 1;
637int ptr = Ustrlen(name) - prelen;
638if (ptr > 0) memmove(name, name+prelen, ptr);
639while (mac_isgraph(*s) && *s != ':')
640 {
641 if (ptr < max-1) name[ptr++] = *s;
642 s++;
643 }
644if (*s == ':') s++;
645name[ptr++] = ':';
646name[ptr] = 0;
647return s;
648}
649
650
651
652/*************************************************
653* Pick out a number from a string *
654*************************************************/
655
656/* Arguments:
657 n points to an integer into which to put the number
658 s points to the first digit of the number
659
660Returns: a pointer to the character after the last digit
661*/
662
663static uschar *
664read_number(int *n, uschar *s)
665{
666*n = 0;
667while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
668return s;
669}
670
671
672
673/*************************************************
674* Extract keyed subfield from a string *
675*************************************************/
676
677/* The yield is in dynamic store; NULL means that the key was not found.
678
679Arguments:
680 key points to the name of the key
681 s points to the string from which to extract the subfield
682
683Returns: NULL if the subfield was not found, or
684 a pointer to the subfield's data
685*/
686
687static uschar *
688expand_getkeyed(uschar *key, uschar *s)
689{
690int length = Ustrlen(key);
691while (isspace(*s)) s++;
692
693/* Loop to search for the key */
694
695while (*s != 0)
696 {
697 int dkeylength;
698 uschar *data;
699 uschar *dkey = s;
700
701 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
702 dkeylength = s - dkey;
703 while (isspace(*s)) s++;
704 if (*s == '=') while (isspace((*(++s))));
705
706 data = string_dequote(&s);
707 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
708 return data;
709
710 while (isspace(*s)) s++;
711 }
712
713return NULL;
714}
715
716
717
718
719/*************************************************
720* Extract numbered subfield from string *
721*************************************************/
722
723/* Extracts a numbered field from a string that is divided by tokens - for
724example a line from /etc/passwd is divided by colon characters. First field is
725numbered one. Negative arguments count from the right. Zero returns the whole
726string. Returns NULL if there are insufficient tokens in the string
727
728***WARNING***
729Modifies final argument - this is a dynamically generated string, so that's OK.
730
731Arguments:
732 field number of field to be extracted,
733 first field = 1, whole string = 0, last field = -1
734 separators characters that are used to break string into tokens
735 s points to the string from which to extract the subfield
736
737Returns: NULL if the field was not found,
738 a pointer to the field's data inside s (modified to add 0)
739*/
740
741static uschar *
742expand_gettokened (int field, uschar *separators, uschar *s)
743{
744int sep = 1;
745int count;
746uschar *ss = s;
747uschar *fieldtext = NULL;
748
749if (field == 0) return s;
750
751/* Break the line up into fields in place; for field > 0 we stop when we have
752done the number of fields we want. For field < 0 we continue till the end of
753the string, counting the number of fields. */
754
755count = (field > 0)? field : INT_MAX;
756
757while (count-- > 0)
758 {
759 size_t len;
760
761 /* Previous field was the last one in the string. For a positive field
762 number, this means there are not enough fields. For a negative field number,
763 check that there are enough, and scan back to find the one that is wanted. */
764
765 if (sep == 0)
766 {
767 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
768 if ((-field) == (INT_MAX - count - 1)) return s;
769 while (field++ < 0)
770 {
771 ss--;
772 while (ss[-1] != 0) ss--;
773 }
774 fieldtext = ss;
775 break;
776 }
777
778 /* Previous field was not last in the string; save its start and put a
779 zero at its end. */
780
781 fieldtext = ss;
782 len = Ustrcspn(ss, separators);
783 sep = ss[len];
784 ss[len] = 0;
785 ss += len + 1;
786 }
787
788return fieldtext;
789}
790
791
792
793/*************************************************
794* Extract a substring from a string *
795*************************************************/
796
797/* Perform the ${substr or ${length expansion operations.
798
799Arguments:
800 subject the input string
801 value1 the offset from the start of the input string to the start of
802 the output string; if negative, count from the right.
803 value2 the length of the output string, or negative (-1) for unset
804 if value1 is positive, unset means "all after"
805 if value1 is negative, unset means "all before"
806 len set to the length of the returned string
807
808Returns: pointer to the output string, or NULL if there is an error
809*/
810
811static uschar *
812extract_substr(uschar *subject, int value1, int value2, int *len)
813{
814int sublen = Ustrlen(subject);
815
816if (value1 < 0) /* count from right */
817 {
818 value1 += sublen;
819
820 /* If the position is before the start, skip to the start, and adjust the
821 length. If the length ends up negative, the substring is null because nothing
822 can precede. This falls out naturally when the length is unset, meaning "all
823 to the left". */
824
825 if (value1 < 0)
826 {
827 value2 += value1;
828 if (value2 < 0) value2 = 0;
829 value1 = 0;
830 }
831
832 /* Otherwise an unset length => characters before value1 */
833
834 else if (value2 < 0)
835 {
836 value2 = value1;
837 value1 = 0;
838 }
839 }
840
841/* For a non-negative offset, if the starting position is past the end of the
842string, the result will be the null string. Otherwise, an unset length means
843"rest"; just set it to the maximum - it will be cut down below if necessary. */
844
845else
846 {
847 if (value1 > sublen)
848 {
849 value1 = sublen;
850 value2 = 0;
851 }
852 else if (value2 < 0) value2 = sublen;
853 }
854
855/* Cut the length down to the maximum possible for the offset value, and get
856the required characters. */
857
858if (value1 + value2 > sublen) value2 = sublen - value1;
859*len = value2;
860return subject + value1;
861}
862
863
864
865
866/*************************************************
867* Old-style hash of a string *
868*************************************************/
869
870/* Perform the ${hash expansion operation.
871
872Arguments:
873 subject the input string (an expanded substring)
874 value1 the length of the output string; if greater or equal to the
875 length of the input string, the input string is returned
876 value2 the number of hash characters to use, or 26 if negative
877 len set to the length of the returned string
878
879Returns: pointer to the output string, or NULL if there is an error
880*/
881
882static uschar *
883compute_hash(uschar *subject, int value1, int value2, int *len)
884{
885int sublen = Ustrlen(subject);
886
887if (value2 < 0) value2 = 26;
888else if (value2 > Ustrlen(hashcodes))
889 {
890 expand_string_message =
891 string_sprintf("hash count \"%d\" too big", value2);
892 return NULL;
893 }
894
895/* Calculate the hash text. We know it is shorter than the original string, so
896can safely place it in subject[] (we know that subject is always itself an
897expanded substring). */
898
899if (value1 < sublen)
900 {
901 int c;
902 int i = 0;
903 int j = value1;
904 while ((c = (subject[j])) != 0)
905 {
906 int shift = (c + j++) & 7;
907 subject[i] ^= (c << shift) | (c >> (8-shift));
908 if (++i >= value1) i = 0;
909 }
910 for (i = 0; i < value1; i++)
911 subject[i] = hashcodes[(subject[i]) % value2];
912 }
913else value1 = sublen;
914
915*len = value1;
916return subject;
917}
918
919
920
921
922/*************************************************
923* Numeric hash of a string *
924*************************************************/
925
926/* Perform the ${nhash expansion operation. The first characters of the
927string are treated as most important, and get the highest prime numbers.
928
929Arguments:
930 subject the input string
931 value1 the maximum value of the first part of the result
932 value2 the maximum value of the second part of the result,
933 or negative to produce only a one-part result
934 len set to the length of the returned string
935
936Returns: pointer to the output string, or NULL if there is an error.
937*/
938
939static uschar *
940compute_nhash (uschar *subject, int value1, int value2, int *len)
941{
942uschar *s = subject;
943int i = 0;
944unsigned long int total = 0; /* no overflow */
945
946while (*s != 0)
947 {
948 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
949 total += prime[i--] * (unsigned int)(*s++);
950 }
951
952/* If value2 is unset, just compute one number */
953
954if (value2 < 0)
955 {
956 s = string_sprintf("%d", total % value1);
957 }
958
959/* Otherwise do a div/mod hash */
960
961else
962 {
963 total = total % (value1 * value2);
964 s = string_sprintf("%d/%d", total/value2, total % value2);
965 }
966
967*len = Ustrlen(s);
968return s;
969}
970
971
972
973
974
975/*************************************************
976* Find the value of a header or headers *
977*************************************************/
978
979/* Multiple instances of the same header get concatenated, and this function
980can also return a concatenation of all the header lines. When concatenating
981specific headers that contain lists of addresses, a comma is inserted between
982them. Otherwise we use a straight concatenation. Because some messages can have
983pathologically large number of lines, there is a limit on the length that is
984returned. Also, to avoid massive store use which would result from using
985string_cat() as it copies and extends strings, we do a preliminary pass to find
986out exactly how much store will be needed. On "normal" messages this will be
987pretty trivial.
988
989Arguments:
990 name the name of the header, without the leading $header_ or $h_,
991 or NULL if a concatenation of all headers is required
992 exists_only TRUE if called from a def: test; don't need to build a string;
993 just return a string that is not "" and not "0" if the header
994 exists
995 newsize return the size of memory block that was obtained; may be NULL
996 if exists_only is TRUE
997 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
998 other than concatenating, will be done on the header
999 charset name of charset to translate MIME words to; used only if
1000 want_raw is false; if NULL, no translation is done (this is
1001 used for $bh_ and $bheader_)
1002
1003Returns: NULL if the header does not exist, else a pointer to a new
1004 store block
1005*/
1006
1007static uschar *
1008find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1009 uschar *charset)
1010{
1011BOOL found = name == NULL;
1012int comma = 0;
1013int len = found? 0 : Ustrlen(name);
1014int i;
1015uschar *yield = NULL;
1016uschar *ptr = NULL;
1017
1018/* Loop for two passes - saves code repetition */
1019
1020for (i = 0; i < 2; i++)
1021 {
1022 int size = 0;
1023 header_line *h;
1024
1025 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1026 {
1027 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1028 {
1029 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1030 {
1031 int ilen;
1032 uschar *t;
1033
1034 if (exists_only) return US"1"; /* don't need actual string */
1035 found = TRUE;
1036 t = h->text + len; /* text to insert */
1037 if (!want_raw) /* unless wanted raw, */
1038 while (isspace(*t)) t++; /* remove leading white space */
1039 ilen = h->slen - (t - h->text); /* length to insert */
1040
1041 /* Set comma = 1 if handling a single header and it's one of those
1042 that contains an address list, except when asked for raw headers. Only
1043 need to do this once. */
1044
1045 if (!want_raw && name != NULL && comma == 0 &&
1046 Ustrchr("BCFRST", h->type) != NULL)
1047 comma = 1;
1048
1049 /* First pass - compute total store needed; second pass - compute
1050 total store used, including this header. */
1051
1052 size += ilen + comma;
1053
1054 /* Second pass - concatentate the data, up to a maximum. Note that
1055 the loop stops when size hits the limit. */
1056
1057 if (i != 0)
1058 {
1059 if (size > header_insert_maxlen)
1060 {
1061 ilen -= size - header_insert_maxlen;
1062 comma = 0;
1063 }
1064 Ustrncpy(ptr, t, ilen);
1065 ptr += ilen;
1066 if (comma != 0 && ilen > 0)
1067 {
1068 ptr[-1] = ',';
1069 *ptr++ = '\n';
1070 }
1071 }
1072 }
1073 }
1074 }
1075
1076 /* At end of first pass, truncate size if necessary, and get the buffer
1077 to hold the data, returning the buffer size. */
1078
1079 if (i == 0)
1080 {
1081 if (!found) return NULL;
1082 if (size > header_insert_maxlen) size = header_insert_maxlen;
1083 *newsize = size + 1;
1084 ptr = yield = store_get(*newsize);
1085 }
1086 }
1087
1088/* Remove a redundant added comma if present */
1089
1090if (comma != 0 && ptr > yield) ptr -= 2;
1091
1092/* That's all we do for raw header expansion. */
1093
1094if (want_raw)
1095 {
1096 *ptr = 0;
1097 }
1098
1099/* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
11002047 decoding, translating the charset if requested. The rfc2047_decode2()
1101function can return an error with decoded data if the charset translation
1102fails. If decoding fails, it returns NULL. */
1103
1104else
1105 {
1106 uschar *decoded, *error;
1107 while (ptr > yield && isspace(ptr[-1])) ptr--;
1108 *ptr = 0;
1109 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1110 if (error != NULL)
1111 {
1112 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1113 " input was: %s\n", error, yield);
1114 }
1115 if (decoded != NULL) yield = decoded;
1116 }
1117
1118return yield;
1119}
1120
1121
1122
1123
1124/*************************************************
1125* Find value of a variable *
1126*************************************************/
1127
1128/* The table of variables is kept in alphabetic order, so we can search it
1129using a binary chop. The "choplen" variable is nothing to do with the binary
1130chop.
1131
1132Arguments:
1133 name the name of the variable being sought
1134 exists_only TRUE if this is a def: test; passed on to find_header()
1135 skipping TRUE => skip any processing evaluation; this is not the same as
1136 exists_only because def: may test for values that are first
1137 evaluated here
1138 newsize pointer to an int which is initially zero; if the answer is in
1139 a new memory buffer, *newsize is set to its size
1140
1141Returns: NULL if the variable does not exist, or
1142 a pointer to the variable's contents, or
1143 something non-NULL if exists_only is TRUE
1144*/
1145
1146static uschar *
1147find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1148{
1149int first = 0;
1150int last = var_table_size;
1151
1152while (last > first)
1153 {
1154 uschar *s, *domain;
1155 uschar **ss;
1156 int middle = (first + last)/2;
1157 int c = Ustrcmp(name, var_table[middle].name);
1158
1159 if (c > 0) { first = middle + 1; continue; }
1160 if (c < 0) { last = middle; continue; }
1161
1162 /* Found an existing variable. If in skipping state, the value isn't needed,
1163 and we want to avoid processing (such as looking up up the host name). */
1164
1165 if (skipping) return US"";
1166
1167 switch (var_table[middle].type)
1168 {
1169 case vtype_filter_int:
1170 if (!filter_running) return NULL;
1171 /* Fall through */
1172
1173 case vtype_int:
1174 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1175 return var_buffer;
1176
1177 case vtype_ino:
1178 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1179 return var_buffer;
1180
1181 case vtype_gid:
1182 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1183 return var_buffer;
1184
1185 case vtype_uid:
1186 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1187 return var_buffer;
1188
1189 case vtype_stringptr: /* Pointer to string */
1190 s = *((uschar **)(var_table[middle].value));
1191 return (s == NULL)? US"" : s;
1192
1193 case vtype_pid:
1194 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1195 return var_buffer;
1196
1197 case vtype_load_avg:
1198 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1199 return var_buffer;
1200
1201 case vtype_host_lookup: /* Lookup if not done so */
1202 if (sender_host_name == NULL && sender_host_address != NULL &&
1203 !host_lookup_failed && host_name_lookup() == OK)
1204 host_build_sender_fullhost();
1205 return (sender_host_name == NULL)? US"" : sender_host_name;
1206
1207 case vtype_localpart: /* Get local part from address */
1208 s = *((uschar **)(var_table[middle].value));
1209 if (s == NULL) return US"";
1210 domain = Ustrrchr(s, '@');
1211 if (domain == NULL) return s;
1212 if (domain - s > sizeof(var_buffer) - 1)
1213 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1214 "string expansion", sizeof(var_buffer));
1215 Ustrncpy(var_buffer, s, domain - s);
1216 var_buffer[domain - s] = 0;
1217 return var_buffer;
1218
1219 case vtype_domain: /* Get domain from address */
1220 s = *((uschar **)(var_table[middle].value));
1221 if (s == NULL) return US"";
1222 domain = Ustrrchr(s, '@');
1223 return (domain == NULL)? US"" : domain + 1;
1224
1225 case vtype_msgheaders:
1226 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1227
1228 case vtype_msgbody: /* Pointer to msgbody string */
1229 case vtype_msgbody_end: /* Ditto, the end of the msg */
1230 ss = (uschar **)(var_table[middle].value);
1231 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1232 {
1233 uschar *body;
1234 int start_offset = SPOOL_DATA_START_OFFSET;
1235 int len = message_body_visible;
1236 if (len > message_size) len = message_size;
1237 *ss = body = store_malloc(len+1);
1238 body[0] = 0;
1239 if (var_table[middle].type == vtype_msgbody_end)
1240 {
1241 struct stat statbuf;
1242 if (fstat(deliver_datafile, &statbuf) == 0)
1243 {
1244 start_offset = statbuf.st_size - len;
1245 if (start_offset < SPOOL_DATA_START_OFFSET)
1246 start_offset = SPOOL_DATA_START_OFFSET;
1247 }
1248 }
1249 lseek(deliver_datafile, start_offset, SEEK_SET);
1250 len = read(deliver_datafile, body, len);
1251 if (len > 0)
1252 {
1253 body[len] = 0;
1254 while (len > 0)
1255 {
1256 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1257 }
1258 }
1259 }
1260 return (*ss == NULL)? US"" : *ss;
1261
1262 case vtype_todbsdin: /* BSD inbox time of day */
1263 return tod_stamp(tod_bsdin);
1264
1265 case vtype_tode: /* Unix epoch time of day */
1266 return tod_stamp(tod_epoch);
1267
1268 case vtype_todf: /* Full time of day */
1269 return tod_stamp(tod_full);
1270
1271 case vtype_todl: /* Log format time of day */
1272 return tod_stamp(tod_log_bare); /* (without timezone) */
1273
1274 case vtype_todzone: /* Time zone offset only */
1275 return tod_stamp(tod_zone);
1276
1277 case vtype_todzulu: /* Zulu time */
1278 return tod_stamp(tod_zulu);
1279
1280 case vtype_todlf: /* Log file datestamp tod */
1281 return tod_stamp(tod_log_datestamp);
1282
1283 case vtype_reply: /* Get reply address */
1284 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1285 headers_charset);
1286 if (s == NULL || *s == 0)
1287 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1288 return (s == NULL)? US"" : s;
1289
1290 /* A recipients list is available only during system message filtering,
1291 during ACL processing after DATA, and while expanding pipe commands
1292 generated from a system filter, but not elsewhere. */
1293
1294 case vtype_recipients:
1295 if (!enable_dollar_recipients) return NULL; else
1296 {
1297 int size = 128;
1298 int ptr = 0;
1299 int i;
1300 s = store_get(size);
1301 for (i = 0; i < recipients_count; i++)
1302 {
1303 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1304 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1305 Ustrlen(recipients_list[i].address));
1306 }
1307 s[ptr] = 0; /* string_cat() leaves room */
1308 }
1309 return s;
1310 }
1311 }
1312
1313return NULL; /* Unknown variable name */
1314}
1315
1316
1317
1318
1319/*************************************************
1320* Read and expand substrings *
1321*************************************************/
1322
1323/* This function is called to read and expand argument substrings for various
1324expansion items. Some have a minimum requirement that is less than the maximum;
1325in these cases, the first non-present one is set to NULL.
1326
1327Arguments:
1328 sub points to vector of pointers to set
1329 n maximum number of substrings
1330 m minimum required
1331 sptr points to current string pointer
1332 skipping the skipping flag
1333 check_end if TRUE, check for final '}'
1334 name name of item, for error message
1335
1336Returns: 0 OK; string pointer updated
1337 1 curly bracketing error (too few arguments)
1338 2 too many arguments (only if check_end is set); message set
1339 3 other error (expansion failure)
1340*/
1341
1342static int
1343read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1344 BOOL check_end, uschar *name)
1345{
1346int i;
1347uschar *s = *sptr;
1348
1349while (isspace(*s)) s++;
1350for (i = 0; i < n; i++)
1351 {
1352 if (*s != '{')
1353 {
1354 if (i < m) return 1;
1355 sub[i] = NULL;
1356 break;
1357 }
1358 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1359 if (sub[i] == NULL) return 3;
1360 if (*s++ != '}') return 1;
1361 while (isspace(*s)) s++;
1362 }
1363if (check_end && *s++ != '}')
1364 {
1365 if (s[-1] == '{')
1366 {
1367 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1368 "(max is %d)", name, n);
1369 return 2;
1370 }
1371 return 1;
1372 }
1373
1374*sptr = s;
1375return 0;
1376}
1377
1378
1379
1380
1381/*************************************************
1382* Read and evaluate a condition *
1383*************************************************/
1384
1385/*
1386Arguments:
1387 s points to the start of the condition text
1388 yield points to a BOOL to hold the result of the condition test;
1389 if NULL, we are just reading through a condition that is
1390 part of an "or" combination to check syntax, or in a state
1391 where the answer isn't required
1392
1393Returns: a pointer to the first character after the condition, or
1394 NULL after an error
1395*/
1396
1397static uschar *
1398eval_condition(uschar *s, BOOL *yield)
1399{
1400BOOL testfor = TRUE;
1401BOOL tempcond, combined_cond;
1402BOOL *subcondptr;
1403int i, rc, cond_type, roffset;
1404int num[2];
1405struct stat statbuf;
1406uschar name[256];
1407uschar *sub[4];
1408
1409const pcre *re;
1410const uschar *rerror;
1411
1412for (;;)
1413 {
1414 while (isspace(*s)) s++;
1415 if (*s == '!') { testfor = !testfor; s++; } else break;
1416 }
1417
1418/* Numeric comparisons are symbolic */
1419
1420if (*s == '=' || *s == '>' || *s == '<')
1421 {
1422 int p = 0;
1423 name[p++] = *s++;
1424 if (*s == '=')
1425 {
1426 name[p++] = '=';
1427 s++;
1428 }
1429 name[p] = 0;
1430 }
1431
1432/* All other conditions are named */
1433
1434else s = read_name(name, 256, s, US"_");
1435
1436/* If we haven't read a name, it means some non-alpha character is first. */
1437
1438if (name[0] == 0)
1439 {
1440 expand_string_message = string_sprintf("condition name expected, "
1441 "but found \"%.16s\"", s);
1442 return NULL;
1443 }
1444
1445/* Find which condition we are dealing with, and switch on it */
1446
1447cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1448switch(cond_type)
1449 {
1450 /* def: tests for a non-zero or non-NULL variable, or for an existing
1451 header */
1452
1453 case ECOND_DEF:
1454 if (*s != ':')
1455 {
1456 expand_string_message = US"\":\" expected after \"def\"";
1457 return NULL;
1458 }
1459
1460 s = read_name(name, 256, s+1, US"_");
1461
1462 /* Test for a header's existence */
1463
1464 if (Ustrncmp(name, "h_", 2) == 0 ||
1465 Ustrncmp(name, "rh_", 3) == 0 ||
1466 Ustrncmp(name, "bh_", 3) == 0 ||
1467 Ustrncmp(name, "header_", 7) == 0 ||
1468 Ustrncmp(name, "rheader_", 8) == 0 ||
1469 Ustrncmp(name, "bheader_", 8) == 0)
1470 {
1471 s = read_header_name(name, 256, s);
1472 if (yield != NULL) *yield =
1473 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1474 }
1475
1476 /* Test for a variable's having a non-empty value. If yield == NULL we
1477 are in a skipping state, and don't care about the answer. */
1478
1479 else
1480 {
1481 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1482 if (value == NULL)
1483 {
1484 expand_string_message = (name[0] == 0)?
1485 string_sprintf("variable name omitted after \"def:\"") :
1486 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1487 return NULL;
1488 }
1489 if (yield != NULL)
1490 *yield = (value[0] != 0 && Ustrcmp(value, "0") != 0) == testfor;
1491 }
1492
1493 return s;
1494
1495
1496 /* first_delivery tests for first delivery attempt */
1497
1498 case ECOND_FIRST_DELIVERY:
1499 if (yield != NULL) *yield = deliver_firsttime == testfor;
1500 return s;
1501
1502
1503 /* queue_running tests for any process started by a queue runner */
1504
1505 case ECOND_QUEUE_RUNNING:
1506 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1507 return s;
1508
1509
1510 /* exists: tests for file existence
1511 isip: tests for any IP address
1512 isip4: tests for an IPv4 address
1513 isip6: tests for an IPv6 address
1514 pam: does PAM authentication
1515 radius: does RADIUS authentication
1516 ldapauth: does LDAP authentication
1517 pwcheck: does Cyrus SASL pwcheck authentication
1518 */
1519
1520 case ECOND_EXISTS:
1521 case ECOND_ISIP:
1522 case ECOND_ISIP4:
1523 case ECOND_ISIP6:
1524 case ECOND_PAM:
1525 case ECOND_RADIUS:
1526 case ECOND_LDAPAUTH:
1527 case ECOND_PWCHECK:
1528
1529 while (isspace(*s)) s++;
1530 if (*s != '{') goto COND_FAILED_CURLY_START;
1531
1532 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1533 if (sub[0] == NULL) return NULL;
1534 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1535
1536 if (yield == NULL) return s; /* No need to run the test if skipping */
1537
1538 switch(cond_type)
1539 {
1540 case ECOND_EXISTS:
1541 if ((expand_forbid & RDO_EXISTS) != 0)
1542 {
1543 expand_string_message = US"File existence tests are not permitted";
1544 return NULL;
1545 }
1546 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1547 break;
1548
1549 case ECOND_ISIP:
1550 case ECOND_ISIP4:
1551 case ECOND_ISIP6:
1552 rc = string_is_ip_address(sub[0], NULL);
1553 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1554 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1555 break;
1556
1557 /* Various authentication tests - all optionally compiled */
1558
1559 case ECOND_PAM:
1560 #ifdef SUPPORT_PAM
1561 rc = auth_call_pam(sub[0], &expand_string_message);
1562 goto END_AUTH;
1563 #else
1564 goto COND_FAILED_NOT_COMPILED;
1565 #endif /* SUPPORT_PAM */
1566
1567 case ECOND_RADIUS:
1568 #ifdef RADIUS_CONFIG_FILE
1569 rc = auth_call_radius(sub[0], &expand_string_message);
1570 goto END_AUTH;
1571 #else
1572 goto COND_FAILED_NOT_COMPILED;
1573 #endif /* RADIUS_CONFIG_FILE */
1574
1575 case ECOND_LDAPAUTH:
1576 #ifdef LOOKUP_LDAP
1577 {
1578 /* Just to keep the interface the same */
1579 BOOL do_cache;
1580 int old_pool = store_pool;
1581 store_pool = POOL_SEARCH;
1582 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1583 &expand_string_message, &do_cache);
1584 store_pool = old_pool;
1585 }
1586 goto END_AUTH;
1587 #else
1588 goto COND_FAILED_NOT_COMPILED;
1589 #endif /* LOOKUP_LDAP */
1590
1591 case ECOND_PWCHECK:
1592 #ifdef CYRUS_PWCHECK_SOCKET
1593 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1594 goto END_AUTH;
1595 #else
1596 goto COND_FAILED_NOT_COMPILED;
1597 #endif /* CYRUS_PWCHECK_SOCKET */
1598
1599 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1600 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1601 END_AUTH:
1602 if (rc == ERROR || rc == DEFER) return NULL;
1603 *yield = (rc == OK) == testfor;
1604 #endif
1605 }
1606 return s;
1607
1608
1609 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1610
1611 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1612
1613 However, the last two are optional. That is why the whole set is enclosed
1614 in their own set or braces. */
1615
1616 case ECOND_SASLAUTHD:
1617 #ifndef CYRUS_SASLAUTHD_SOCKET
1618 goto COND_FAILED_NOT_COMPILED;
1619 #else
1620 while (isspace(*s)) s++;
1621 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1622 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1623 {
1624 case 1: expand_string_message = US"too few arguments or bracketing "
1625 "error for saslauthd";
1626 case 2:
1627 case 3: return NULL;
1628 }
1629 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1630 if (yield != NULL)
1631 {
1632 int rc;
1633 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1634 &expand_string_message);
1635 if (rc == ERROR || rc == DEFER) return NULL;
1636 *yield = (rc == OK) == testfor;
1637 }
1638 return s;
1639 #endif /* CYRUS_SASLAUTHD_SOCKET */
1640
1641
1642 /* symbolic operators for numeric and string comparison, and a number of
1643 other operators, all requiring two arguments.
1644
1645 match: does a regular expression match and sets up the numerical
1646 variables if it succeeds
1647 match_address: matches in an address list
1648 match_domain: matches in a domain list
1649 match_local_part: matches in a local part list
1650 crypteq: encrypts plaintext and compares against an encrypted text,
1651 using crypt(), crypt16(), MD5 or SHA-1
1652 */
1653
1654 case ECOND_MATCH:
1655 case ECOND_MATCH_ADDRESS:
1656 case ECOND_MATCH_DOMAIN:
1657 case ECOND_MATCH_LOCAL_PART:
1658 case ECOND_CRYPTEQ:
1659
1660 case ECOND_NUM_L: /* Numerical comparisons */
1661 case ECOND_NUM_LE:
1662 case ECOND_NUM_E:
1663 case ECOND_NUM_EE:
1664 case ECOND_NUM_G:
1665 case ECOND_NUM_GE:
1666
1667 case ECOND_STR_LT: /* String comparisons */
1668 case ECOND_STR_LTI:
1669 case ECOND_STR_LE:
1670 case ECOND_STR_LEI:
1671 case ECOND_STR_EQ:
1672 case ECOND_STR_EQI:
1673 case ECOND_STR_GT:
1674 case ECOND_STR_GTI:
1675 case ECOND_STR_GE:
1676 case ECOND_STR_GEI:
1677
1678 for (i = 0; i < 2; i++)
1679 {
1680 while (isspace(*s)) s++;
1681 if (*s != '{')
1682 {
1683 if (i == 0) goto COND_FAILED_CURLY_START;
1684 expand_string_message = string_sprintf("missing 2nd string in {} "
1685 "after \"%s\"", name);
1686 return NULL;
1687 }
1688 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1689 if (sub[i] == NULL) return NULL;
1690 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1691
1692 /* Convert to numerical if required; we know that the names of all the
1693 conditions that compare numbers do not start with a letter. This just saves
1694 checking for them individually. */
1695
1696 if (!isalpha(name[0]))
1697 {
1698 uschar *endptr;
1699 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1700 if (tolower(*endptr) == 'k')
1701 {
1702 num[i] *= 1024;
1703 endptr++;
1704 }
1705 else if (tolower(*endptr) == 'm')
1706 {
1707 num[i] *= 1024*1024;
1708 endptr++;
1709 }
1710 while (isspace(*endptr)) endptr++;
1711 if (*endptr != 0)
1712 {
1713 expand_string_message = string_sprintf("\"%s\" is not a number",
1714 sub[i]);
1715 return NULL;
1716 }
1717 }
1718 }
1719
1720 /* Result not required */
1721
1722 if (yield == NULL) return s;
1723
1724 /* Do an appropriate comparison */
1725
1726 switch(cond_type)
1727 {
1728 case ECOND_NUM_E:
1729 case ECOND_NUM_EE:
1730 *yield = (num[0] == num[1]) == testfor;
1731 break;
1732
1733 case ECOND_NUM_G:
1734 *yield = (num[0] > num[1]) == testfor;
1735 break;
1736
1737 case ECOND_NUM_GE:
1738 *yield = (num[0] >= num[1]) == testfor;
1739 break;
1740
1741 case ECOND_NUM_L:
1742 *yield = (num[0] < num[1]) == testfor;
1743 break;
1744
1745 case ECOND_NUM_LE:
1746 *yield = (num[0] <= num[1]) == testfor;
1747 break;
1748
1749 case ECOND_STR_LT:
1750 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1751 break;
1752
1753 case ECOND_STR_LTI:
1754 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1755 break;
1756
1757 case ECOND_STR_LE:
1758 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1759 break;
1760
1761 case ECOND_STR_LEI:
1762 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1763 break;
1764
1765 case ECOND_STR_EQ:
1766 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1767 break;
1768
1769 case ECOND_STR_EQI:
1770 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1771 break;
1772
1773 case ECOND_STR_GT:
1774 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1775 break;
1776
1777 case ECOND_STR_GTI:
1778 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1779 break;
1780
1781 case ECOND_STR_GE:
1782 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1783 break;
1784
1785 case ECOND_STR_GEI:
1786 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1787 break;
1788
1789 case ECOND_MATCH: /* Regular expression match */
1790 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1791 NULL);
1792 if (re == NULL)
1793 {
1794 expand_string_message = string_sprintf("regular expression error in "
1795 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1796 return NULL;
1797 }
1798 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1799 break;
1800
1801 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1802 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1803 goto MATCHED_SOMETHING;
1804
1805 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1806 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1807 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1808 goto MATCHED_SOMETHING;
1809
1810 case ECOND_MATCH_LOCAL_PART:
1811 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1812 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1813 /* Fall through */
1814
1815 MATCHED_SOMETHING:
1816 switch(rc)
1817 {
1818 case OK:
1819 *yield = testfor;
1820 break;
1821
1822 case FAIL:
1823 *yield = !testfor;
1824 break;
1825
1826 case DEFER:
1827 expand_string_message = string_sprintf("unable to complete match "
1828 "against \"%s\": %s", sub[1], search_error_message);
1829 return NULL;
1830 }
1831
1832 break;
1833
1834 /* Various "encrypted" comparisons. If the second string starts with
1835 "{" then an encryption type is given. Default to crypt() or crypt16()
1836 (build-time choice). */
1837
1838 case ECOND_CRYPTEQ:
1839 #ifndef SUPPORT_CRYPTEQ
1840 goto COND_FAILED_NOT_COMPILED;
1841 #else
1842 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1843 {
1844 int sublen = Ustrlen(sub[1]+5);
1845 md5 base;
1846 uschar digest[16];
1847
1848 md5_start(&base);
1849 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1850
1851 /* If the length that we are comparing against is 24, the MD5 digest
1852 is expressed as a base64 string. This is the way LDAP does it. However,
1853 some other software uses a straightforward hex representation. We assume
1854 this if the length is 32. Other lengths fail. */
1855
1856 if (sublen == 24)
1857 {
1858 uschar *coded = auth_b64encode((uschar *)digest, 16);
1859 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
1860 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1861 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
1862 }
1863 else if (sublen == 32)
1864 {
1865 int i;
1866 uschar coded[36];
1867 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1868 coded[32] = 0;
1869 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
1870 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1871 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
1872 }
1873 else
1874 {
1875 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
1876 "fail\n crypted=%s\n", sub[1]+5);
1877 *yield = !testfor;
1878 }
1879 }
1880
1881 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
1882 {
1883 int sublen = Ustrlen(sub[1]+6);
1884 sha1 base;
1885 uschar digest[20];
1886
1887 sha1_start(&base);
1888 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1889
1890 /* If the length that we are comparing against is 28, assume the SHA1
1891 digest is expressed as a base64 string. If the length is 40, assume a
1892 straightforward hex representation. Other lengths fail. */
1893
1894 if (sublen == 28)
1895 {
1896 uschar *coded = auth_b64encode((uschar *)digest, 20);
1897 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
1898 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1899 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
1900 }
1901 else if (sublen == 40)
1902 {
1903 int i;
1904 uschar coded[44];
1905 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1906 coded[40] = 0;
1907 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
1908 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1909 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
1910 }
1911 else
1912 {
1913 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
1914 "fail\n crypted=%s\n", sub[1]+6);
1915 *yield = !testfor;
1916 }
1917 }
1918
1919 else /* {crypt} or {crypt16} and non-{ at start */
1920 {
1921 int which = 0;
1922 uschar *coded;
1923
1924 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
1925 {
1926 sub[1] += 7;
1927 which = 1;
1928 }
1929 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
1930 {
1931 sub[1] += 9;
1932 which = 2;
1933 }
1934 else if (sub[1][0] == '{')
1935 {
1936 expand_string_message = string_sprintf("unknown encryption mechanism "
1937 "in \"%s\"", sub[1]);
1938 return NULL;
1939 }
1940
1941 switch(which)
1942 {
1943 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
1944 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
1945 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
1946 }
1947
1948 #define STR(s) # s
1949 #define XSTR(s) STR(s)
1950 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
1951 " subject=%s\n crypted=%s\n",
1952 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
1953 coded, sub[1]);
1954 #undef STR
1955 #undef XSTR
1956
1957 /* If the encrypted string contains fewer than two characters (for the
1958 salt), force failure. Otherwise we get false positives: with an empty
1959 string the yield of crypt() is an empty string! */
1960
1961 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
1962 (Ustrcmp(coded, sub[1]) == 0) == testfor;
1963 }
1964 break;
1965 #endif /* SUPPORT_CRYPTEQ */
1966 } /* Switch for comparison conditions */
1967
1968 return s; /* End of comparison conditions */
1969
1970
1971 /* and/or: computes logical and/or of several conditions */
1972
1973 case ECOND_AND:
1974 case ECOND_OR:
1975 subcondptr = (yield == NULL)? NULL : &tempcond;
1976 combined_cond = (cond_type == ECOND_AND);
1977
1978 while (isspace(*s)) s++;
1979 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1980
1981 for (;;)
1982 {
1983 while (isspace(*s)) s++;
1984 if (*s == '}') break;
1985 if (*s != '{')
1986 {
1987 expand_string_message = string_sprintf("each subcondition "
1988 "inside an \"%s{...}\" condition must be in its own {}", name);
1989 return NULL;
1990 }
1991
1992 s = eval_condition(s+1, subcondptr);
1993 if (s == NULL)
1994 {
1995 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
1996 expand_string_message, name);
1997 return NULL;
1998 }
1999 while (isspace(*s)) s++;
2000
2001 if (*s++ != '}')
2002 {
2003 expand_string_message = string_sprintf("missing } at end of condition "
2004 "inside \"%s\" group", name);
2005 return NULL;
2006 }
2007
2008 if (yield != NULL)
2009 {
2010 if (cond_type == ECOND_AND)
2011 {
2012 combined_cond &= tempcond;
2013 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2014 } /* evaluate any more */
2015 else
2016 {
2017 combined_cond |= tempcond;
2018 if (combined_cond) subcondptr = NULL; /* once true, don't */
2019 } /* evaluate any more */
2020 }
2021 }
2022
2023 if (yield != NULL) *yield = (combined_cond == testfor);
2024 return ++s;
2025
2026
2027 /* Unknown condition */
2028
2029 default:
2030 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2031 return NULL;
2032 } /* End switch on condition type */
2033
2034/* Missing braces at start and end of data */
2035
2036COND_FAILED_CURLY_START:
2037expand_string_message = string_sprintf("missing { after \"%s\"", name);
2038return NULL;
2039
2040COND_FAILED_CURLY_END:
2041expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2042 name);
2043return NULL;
2044
2045/* A condition requires code that is not compiled */
2046
2047#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2048 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2049 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2050COND_FAILED_NOT_COMPILED:
2051expand_string_message = string_sprintf("support for \"%s\" not compiled",
2052 name);
2053return NULL;
2054#endif
2055}
2056
2057
2058
2059
2060/*************************************************
2061* Save numerical variables *
2062*************************************************/
2063
2064/* This function is called from items such as "if" that want to preserve and
2065restore the numbered variables.
2066
2067Arguments:
2068 save_expand_string points to an array of pointers to set
2069 save_expand_nlength points to an array of ints for the lengths
2070
2071Returns: the value of expand max to save
2072*/
2073
2074static int
2075save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2076{
2077int i;
2078for (i = 0; i <= expand_nmax; i++)
2079 {
2080 save_expand_nstring[i] = expand_nstring[i];
2081 save_expand_nlength[i] = expand_nlength[i];
2082 }
2083return expand_nmax;
2084}
2085
2086
2087
2088/*************************************************
2089* Restore numerical variables *
2090*************************************************/
2091
2092/* This function restored saved values of numerical strings.
2093
2094Arguments:
2095 save_expand_nmax the number of strings to restore
2096 save_expand_string points to an array of pointers
2097 save_expand_nlength points to an array of ints
2098
2099Returns: nothing
2100*/
2101
2102static void
2103restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2104 int *save_expand_nlength)
2105{
2106int i;
2107expand_nmax = save_expand_nmax;
2108for (i = 0; i <= expand_nmax; i++)
2109 {
2110 expand_nstring[i] = save_expand_nstring[i];
2111 expand_nlength[i] = save_expand_nlength[i];
2112 }
2113}
2114
2115
2116
2117
2118
2119/*************************************************
2120* Handle yes/no substrings *
2121*************************************************/
2122
2123/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2124alternative substrings that depend on whether or not the condition was true,
2125or the lookup or extraction succeeded. The substrings always have to be
2126expanded, to check their syntax, but "skipping" is set when the result is not
2127needed - this avoids unnecessary nested lookups.
2128
2129Arguments:
2130 skipping TRUE if we were skipping when this item was reached
2131 yes TRUE if the first string is to be used, else use the second
2132 save_lookup a value to put back into lookup_value before the 2nd expansion
2133 sptr points to the input string pointer
2134 yieldptr points to the output string pointer
2135 sizeptr points to the output string size
2136 ptrptr points to the output string pointer
2137 type "lookup" or "if" or "extract" or "run", for error message
2138
2139Returns: 0 OK; lookup_value has been reset to save_lookup
2140 1 expansion failed
2141 2 expansion failed because of bracketing error
2142*/
2143
2144static int
2145process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2146 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2147{
2148int rc = 0;
2149uschar *s = *sptr; /* Local value */
2150uschar *sub1, *sub2;
2151
2152/* If there are no following strings, we substitute the contents of $value for
2153lookups and for extractions in the success case. In the fail case, nothing is
2154substituted. In the case of "if", lack of following strings is an error. */
2155
2156while (isspace(*s)) s++;
2157if (*s == '}')
2158 {
2159 if (type[0] == 'i') goto FAILED_CURLY;
2160 if (yes && lookup_value != NULL)
2161 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2162 Ustrlen(lookup_value));
2163 lookup_value = save_lookup;
2164 s++;
2165 goto RETURN;
2166 }
2167
2168/* Expand the first substring. Forced failures are noticed only if we actually
2169want this string. Set skipping in the call in the fail case (this will always
2170be the case if we were already skipping). */
2171
2172sub1 = expand_string_internal(s+1, TRUE, &s, !yes);
2173if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2174expand_string_forcedfail = FALSE;
2175if (*s++ != '}') goto FAILED_CURLY;
2176
2177/* If we want the first string, add it to the output */
2178
2179if (yes)
2180 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2181
2182/* If this is called from a lookup or an extract, we want to restore $value to
2183what it was at the start of the item, so that it has this value during the
2184second string expansion. For the call from "if" to this function, save_lookup
2185is set to lookup_value, so that this statement does nothing. */
2186
2187lookup_value = save_lookup;
2188
2189/* There now follows either another substring, or "fail", or nothing. This
2190time, forced failures are noticed only if we want the second string. We must
2191set skipping in the nested call if we don't want this string, or if we were
2192already skipping. */
2193
2194while (isspace(*s)) s++;
2195if (*s == '{')
2196 {
2197 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2198 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2199 expand_string_forcedfail = FALSE;
2200 if (*s++ != '}') goto FAILED_CURLY;
2201
2202 /* If we want the second string, add it to the output */
2203
2204 if (!yes)
2205 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2206 }
2207
2208/* If there is no second string, but the word "fail" is present when the use of
2209the second string is wanted, set a flag indicating it was a forced failure
2210rather than a syntactic error. Swallow the terminating } in case this is nested
2211inside another lookup or if or extract. */
2212
2213else if (*s != '}')
2214 {
2215 uschar name[256];
2216 s = read_name(name, sizeof(name), s, US"_");
2217 if (Ustrcmp(name, "fail") == 0)
2218 {
2219 if (!yes && !skipping)
2220 {
2221 while (isspace(*s)) s++;
2222 if (*s++ != '}') goto FAILED_CURLY;
2223 expand_string_message =
2224 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2225 expand_string_forcedfail = TRUE;
2226 goto FAILED;
2227 }
2228 }
2229 else
2230 {
2231 expand_string_message =
2232 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2233 goto FAILED;
2234 }
2235 }
2236
2237/* All we have to do now is to check on the final closing brace. */
2238
2239while (isspace(*s)) s++;
2240if (*s++ == '}') goto RETURN;
2241
2242/* Get here if there is a bracketing failure */
2243
2244FAILED_CURLY:
2245rc++;
2246
2247/* Get here for other failures */
2248
2249FAILED:
2250rc++;
2251
2252/* Update the input pointer value before returning */
2253
2254RETURN:
2255*sptr = s;
2256return rc;
2257}
2258
2259
2260
2261
2262
2263
2264/*************************************************
2265* Handle MD5 or SHA-1 computation for HMAC *
2266*************************************************/
2267
2268/* These are some wrapping functions that enable the HMAC code to be a bit
2269cleaner. A good compiler will spot the tail recursion.
2270
2271Arguments:
2272 type HMAC_MD5 or HMAC_SHA1
2273 remaining are as for the cryptographic hash functions
2274
2275Returns: nothing
2276*/
2277
2278static void
2279chash_start(int type, void *base)
2280{
2281if (type == HMAC_MD5)
2282 md5_start((md5 *)base);
2283else
2284 sha1_start((sha1 *)base);
2285}
2286
2287static void
2288chash_mid(int type, void *base, uschar *string)
2289{
2290if (type == HMAC_MD5)
2291 md5_mid((md5 *)base, string);
2292else
2293 sha1_mid((sha1 *)base, string);
2294}
2295
2296static void
2297chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2298{
2299if (type == HMAC_MD5)
2300 md5_end((md5 *)base, string, length, digest);
2301else
2302 sha1_end((sha1 *)base, string, length, digest);
2303}
2304
2305
2306
2307
2308
2309/*************************************************
2310* Join a file onto the output string *
2311*************************************************/
2312
2313/* This is used for readfile and after a run expansion. It joins the contents
2314of a file onto the output string, globally replacing newlines with a given
2315string (optionally). The file is closed at the end.
2316
2317Arguments:
2318 f the FILE
2319 yield pointer to the expandable string
2320 sizep pointer to the current size
2321 ptrp pointer to the current position
2322 eol newline replacement string, or NULL
2323
2324Returns: new value of string pointer
2325*/
2326
2327static uschar *
2328cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2329{
2330int eollen;
2331uschar buffer[1024];
2332
2333eollen = (eol == NULL)? 0 : Ustrlen(eol);
2334
2335while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2336 {
2337 int len = Ustrlen(buffer);
2338 if (eol != NULL && buffer[len-1] == '\n') len--;
2339 yield = string_cat(yield, sizep, ptrp, buffer, len);
2340 if (buffer[len] != 0)
2341 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2342 }
2343
2344if (yield != NULL) yield[*ptrp] = 0;
2345
2346return yield;
2347}
2348
2349
2350
2351
2352/*************************************************
2353* Evaluate numeric expression *
2354*************************************************/
2355
2356/* This is a set of mutually recursive functions that evaluate a simple
2357arithmetic expression involving only + - * / and parentheses. The only one that
2358is called from elsewhere is eval_expr, whose interface is:
2359
2360Arguments:
2361 sptr pointer to the pointer to the string - gets updated
2362 decimal TRUE if numbers are to be assumed decimal
2363 error pointer to where to put an error message - must be NULL on input
2364 endket TRUE if ')' must terminate - FALSE for external call
2365
2366
2367Returns: on success: the value of the expression, with *error still NULL
2368 on failure: an undefined value, with *error = a message
2369*/
2370
2371static int eval_sumterm(uschar **, BOOL, uschar **);
2372
2373static int
2374eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2375{
2376uschar *s = *sptr;
2377int x = eval_sumterm(&s, decimal, error);
2378if (*error == NULL)
2379 {
2380 while (*s == '+' || *s == '-')
2381 {
2382 int op = *s++;
2383 int y = eval_sumterm(&s, decimal, error);
2384 if (*error != NULL) break;
2385 if (op == '+') x += y; else x -= y;
2386 }
2387 if (*error == NULL)
2388 {
2389 if (endket)
2390 {
2391 if (*s != ')')
2392 *error = US"expecting closing parenthesis";
2393 else
2394 while (isspace(*(++s)));
2395 }
2396 else if (*s != 0) *error = US"expecting + or -";
2397 }
2398 }
2399
2400*sptr = s;
2401return x;
2402}
2403
2404static int
2405eval_term(uschar **sptr, BOOL decimal, uschar **error)
2406{
2407register int c;
2408int n;
2409uschar *s = *sptr;
2410while (isspace(*s)) s++;
2411c = *s;
2412if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2413 {
2414 int count;
2415 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2416 s += count;
2417 if (tolower(*s) == 'k') { n *= 1024; s++; }
2418 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2419 while (isspace (*s)) s++;
2420 }
2421else if (c == '(')
2422 {
2423 s++;
2424 n = eval_expr(&s, decimal, error, 1);
2425 }
2426else
2427 {
2428 *error = US"expecting number or opening parenthesis";
2429 n = 0;
2430 }
2431*sptr = s;
2432return n;
2433}
2434
2435static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2436{
2437uschar *s = *sptr;
2438int x = eval_term(&s, decimal, error);
2439if (*error == NULL)
2440 {
2441 while (*s == '*' || *s == '/')
2442 {
2443 int op = *s++;
2444 int y = eval_term(&s, decimal, error);
2445 if (*error != NULL) break;
2446 if (op == '*') x *= y; else x /= y;
2447 }
2448 }
2449*sptr = s;
2450return x;
2451}
2452
2453
2454
2455
2456/*************************************************
2457* Expand string *
2458*************************************************/
2459
2460/* Returns either an unchanged string, or the expanded string in stacking pool
2461store. Interpreted sequences are:
2462
2463 \... normal escaping rules
2464 $name substitutes the variable
2465 ${name} ditto
2466 ${op:string} operates on the expanded string value
2467 ${item{arg1}{arg2}...} expands the args and then does the business
2468 some literal args are not enclosed in {}
2469
2470There are now far too many operators and item types to make it worth listing
2471them here in detail any more.
2472
2473We use an internal routine recursively to handle embedded substrings. The
2474external function follows. The yield is NULL if the expansion failed, and there
2475are two cases: if something collapsed syntactically, or if "fail" was given
2476as the action on a lookup failure. These can be distinguised by looking at the
2477variable expand_string_forcedfail, which is TRUE in the latter case.
2478
2479The skipping flag is set true when expanding a substring that isn't actually
2480going to be used (after "if" or "lookup") and it prevents lookups from
2481happening lower down.
2482
2483Store usage: At start, a store block of the length of the input plus 64
2484is obtained. This is expanded as necessary by string_cat(), which might have to
2485get a new block, or might be able to expand the original. At the end of the
2486function we can release any store above that portion of the yield block that
2487was actually used. In many cases this will be optimal.
2488
2489However: if the first item in the expansion is a variable name or header name,
2490we reset the store before processing it; if the result is in fresh store, we
2491use that without copying. This is helpful for expanding strings like
2492$message_headers which can get very long.
2493
2494Arguments:
2495 string the string to be expanded
2496 ket_ends true if expansion is to stop at }
2497 left if not NULL, a pointer to the first character after the
2498 expansion is placed here (typically used with ket_ends)
2499 skipping TRUE for recursive calls when the value isn't actually going
2500 to be used (to allow for optimisation)
2501
2502Returns: NULL if expansion fails:
2503 expand_string_forcedfail is set TRUE if failure was forced
2504 expand_string_message contains a textual error message
2505 a pointer to the expanded string on success
2506*/
2507
2508static uschar *
2509expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2510 BOOL skipping)
2511{
2512int ptr = 0;
2513int size = Ustrlen(string)+ 64;
2514int item_type;
2515uschar *yield = store_get(size);
2516uschar *s = string;
2517uschar *save_expand_nstring[EXPAND_MAXN+1];
2518int save_expand_nlength[EXPAND_MAXN+1];
2519
2520expand_string_forcedfail = FALSE;
2521expand_string_message = US"";
2522
2523while (*s != 0)
2524 {
2525 uschar *value;
2526 uschar name[256];
2527
2528 /* \ escapes the next character, which must exist, or else
2529 the expansion fails. There's a special escape, \N, which causes
2530 copying of the subject verbatim up to the next \N. Otherwise,
2531 the escapes are the standard set. */
2532
2533 if (*s == '\\')
2534 {
2535 if (s[1] == 0)
2536 {
2537 expand_string_message = US"\\ at end of string";
2538 goto EXPAND_FAILED;
2539 }
2540
2541 if (s[1] == 'N')
2542 {
2543 uschar *t = s + 2;
2544 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2545 yield = string_cat(yield, &size, &ptr, t, s - t);
2546 if (*s != 0) s += 2;
2547 }
2548
2549 else
2550 {
2551 uschar ch[1];
2552 ch[0] = string_interpret_escape(&s);
2553 s++;
2554 yield = string_cat(yield, &size, &ptr, ch, 1);
2555 }
2556
2557 continue;
2558 }
2559
2560 /* Anything other than $ is just copied verbatim, unless we are
2561 looking for a terminating } character. */
2562
2563 if (ket_ends && *s == '}') break;
2564
2565 if (*s != '$')
2566 {
2567 yield = string_cat(yield, &size, &ptr, s++, 1);
2568 continue;
2569 }
2570
2571 /* No { after the $ - must be a plain name or a number for string
2572 match variable. There has to be a fudge for variables that are the
2573 names of header fields preceded by "$header_" because header field
2574 names can contain any printing characters except space and colon.
2575 For those that don't like typing this much, "$h_" is a synonym for
2576 "$header_". A non-existent header yields a NULL value; nothing is
2577 inserted. */
2578
2579 if (isalpha((*(++s))))
2580 {
2581 int len;
2582 int newsize = 0;
2583
2584 s = read_name(name, sizeof(name), s, US"_");
2585
2586 /* If this is the first thing to be expanded, release the pre-allocated
2587 buffer. */
2588
2589 if (ptr == 0 && yield != NULL)
2590 {
2591 store_reset(yield);
2592 yield = NULL;
2593 size = 0;
2594 }
2595
2596 /* Header */
2597
2598 if (Ustrncmp(name, "h_", 2) == 0 ||
2599 Ustrncmp(name, "rh_", 3) == 0 ||
2600 Ustrncmp(name, "bh_", 3) == 0 ||
2601 Ustrncmp(name, "header_", 7) == 0 ||
2602 Ustrncmp(name, "rheader_", 8) == 0 ||
2603 Ustrncmp(name, "bheader_", 8) == 0)
2604 {
2605 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2606 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2607 s = read_header_name(name, sizeof(name), s);
2608 value = find_header(name, FALSE, &newsize, want_raw, charset);
2609
2610 /* If we didn't find the header, and the header contains a closing brace
2611 characters, this may be a user error where the terminating colon
2612 has been omitted. Set a flag to adjust the error message in this case.
2613 But there is no error here - nothing gets inserted. */
2614
2615 if (value == NULL)
2616 {
2617 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2618 continue;
2619 }
2620 }
2621
2622 /* Variable */
2623
2624 else
2625 {
2626 value = find_variable(name, FALSE, skipping, &newsize);
2627 if (value == NULL)
2628 {
2629 expand_string_message =
2630 string_sprintf("unknown variable name \"%s\"", name);
2631 goto EXPAND_FAILED;
2632 }
2633 }
2634
2635 /* If the data is known to be in a new buffer, newsize will be set to the
2636 size of that buffer. If this is the first thing in an expansion string,
2637 yield will be NULL; just point it at the new store instead of copying. Many
2638 expansion strings contain just one reference, so this is a useful
2639 optimization, especially for humungous headers. */
2640
2641 len = Ustrlen(value);
2642 if (yield == NULL && newsize != 0)
2643 {
2644 yield = value;
2645 size = newsize;
2646 ptr = len;
2647 }
2648 else yield = string_cat(yield, &size, &ptr, value, len);
2649
2650 continue;
2651 }
2652
2653 if (isdigit(*s))
2654 {
2655 int n;
2656 s = read_number(&n, s);
2657 if (n >= 0 && n <= expand_nmax)
2658 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2659 expand_nlength[n]);
2660 continue;
2661 }
2662
2663 /* Otherwise, if there's no '{' after $ it's an error. */
2664
2665 if (*s != '{')
2666 {
2667 expand_string_message = US"$ not followed by letter, digit, or {";
2668 goto EXPAND_FAILED;
2669 }
2670
2671 /* After { there can be various things, but they all start with
2672 an initial word, except for a number for a string match variable. */
2673
2674 if (isdigit((*(++s))))
2675 {
2676 int n;
2677 s = read_number(&n, s);
2678 if (*s++ != '}')
2679 {
2680 expand_string_message = US"} expected after number";
2681 goto EXPAND_FAILED;
2682 }
2683 if (n >= 0 && n <= expand_nmax)
2684 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2685 expand_nlength[n]);
2686 continue;
2687 }
2688
2689 if (!isalpha(*s))
2690 {
2691 expand_string_message = US"letter or digit expected after ${";
2692 goto EXPAND_FAILED;
2693 }
2694
2695 /* Allow "-" in names to cater for substrings with negative
2696 arguments. Since we are checking for known names after { this is
2697 OK. */
2698
2699 s = read_name(name, sizeof(name), s, US"_-");
2700 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2701
2702 switch(item_type)
2703 {
2704 /* Handle conditionals - preserve the values of the numerical expansion
2705 variables in case they get changed by a regular expression match in the
2706 condition. If not, they retain their external settings. At the end
2707 of this "if" section, they get restored to their previous values. */
2708
2709 case EITEM_IF:
2710 {
2711 BOOL cond = FALSE;
2712 uschar *next_s;
2713 int save_expand_nmax =
2714 save_expand_strings(save_expand_nstring, save_expand_nlength);
2715
2716 while (isspace(*s)) s++;
2717 next_s = eval_condition(s, skipping? NULL : &cond);
2718 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2719
2720 DEBUG(D_expand)
2721 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2722 cond? "true" : "false");
2723
2724 s = next_s;
2725
2726 /* The handling of "yes" and "no" result strings is now in a separate
2727 function that is also used by ${lookup} and ${extract} and ${run}. */
2728
2729 switch(process_yesno(
2730 skipping, /* were previously skipping */
2731 cond, /* success/failure indicator */
2732 lookup_value, /* value to reset for string2 */
2733 &s, /* input pointer */
2734 &yield, /* output pointer */
2735 &size, /* output size */
2736 &ptr, /* output current point */
2737 US"if")) /* condition type */
2738 {
2739 case 1: goto EXPAND_FAILED; /* when all is well, the */
2740 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2741 }
2742
2743 /* Restore external setting of expansion variables for continuation
2744 at this level. */
2745
2746 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2747 save_expand_nlength);
2748 continue;
2749 }
2750
2751 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
2752 expanding an internal string that isn't actually going to be used. All we
2753 need to do is check the syntax, so don't do a lookup at all. Preserve the
2754 values of the numerical expansion variables in case they get changed by a
2755 partial lookup. If not, they retain their external settings. At the end
2756 of this "lookup" section, they get restored to their previous values. */
2757
2758 case EITEM_LOOKUP:
2759 {
2760 int stype, partial, affixlen, starflags;
2761 int expand_setup = 0;
2762 int nameptr = 0;
2763 uschar *key, *filename, *affix;
2764 uschar *save_lookup_value = lookup_value;
2765 int save_expand_nmax =
2766 save_expand_strings(save_expand_nstring, save_expand_nlength);
2767
2768 if ((expand_forbid & RDO_LOOKUP) != 0)
2769 {
2770 expand_string_message = US"lookup expansions are not permitted";
2771 goto EXPAND_FAILED;
2772 }
2773
2774 /* Get the key we are to look up for single-key+file style lookups.
2775 Otherwise set the key NULL pro-tem. */
2776
2777 while (isspace(*s)) s++;
2778 if (*s == '{')
2779 {
2780 key = expand_string_internal(s+1, TRUE, &s, skipping);
2781 if (key == NULL) goto EXPAND_FAILED;
2782 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2783 while (isspace(*s)) s++;
2784 }
2785 else key = NULL;
2786
2787 /* Find out the type of database */
2788
2789 if (!isalpha(*s))
2790 {
2791 expand_string_message = US"missing lookup type";
2792 goto EXPAND_FAILED;
2793 }
2794
2795 /* The type is a string that may contain special characters of various
2796 kinds. Allow everything except space or { to appear; the actual content
2797 is checked by search_findtype_partial. */
2798
2799 while (*s != 0 && *s != '{' && !isspace(*s))
2800 {
2801 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
2802 s++;
2803 }
2804 name[nameptr] = 0;
2805 while (isspace(*s)) s++;
2806
2807 /* Now check for the individual search type and any partial or default
2808 options. Only those types that are actually in the binary are valid. */
2809
2810 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
2811 &starflags);
2812 if (stype < 0)
2813 {
2814 expand_string_message = search_error_message;
2815 goto EXPAND_FAILED;
2816 }
2817
2818 /* Check that a key was provided for those lookup types that need it,
2819 and was not supplied for those that use the query style. */
2820
2821 if (!mac_islookup(stype, lookup_querystyle))
2822 {
2823 if (key == NULL)
2824 {
2825 expand_string_message = string_sprintf("missing {key} for single-"
2826 "key \"%s\" lookup", name);
2827 goto EXPAND_FAILED;
2828 }
2829 }
2830 else
2831 {
2832 if (key != NULL)
2833 {
2834 expand_string_message = string_sprintf("a single key was given for "
2835 "lookup type \"%s\", which is not a single-key lookup type", name);
2836 goto EXPAND_FAILED;
2837 }
2838 }
2839
2840 /* Get the next string in brackets and expand it. It is the file name for
2841 single-key+file lookups, and the whole query otherwise. */
2842
2843 if (*s != '{') goto EXPAND_FAILED_CURLY;
2844 filename = expand_string_internal(s+1, TRUE, &s, skipping);
2845 if (filename == NULL) goto EXPAND_FAILED;
2846 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2847 while (isspace(*s)) s++;
2848
2849 /* If this isn't a single-key+file lookup, re-arrange the variables
2850 to be appropriate for the search_ functions. */
2851
2852 if (key == NULL)
2853 {
2854 key = filename;
2855 filename = NULL;
2856 }
2857
2858 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
2859 the entry was not found. Note that there is no search_close() function.
2860 Files are left open in case of re-use. At suitable places in higher logic,
2861 search_tidyup() is called to tidy all open files. This can save opening
2862 the same file several times. However, files may also get closed when
2863 others are opened, if too many are open at once. The rule is that a
2864 handle should not be used after a second search_open().
2865
2866 Request that a partial search sets up $1 and maybe $2 by passing
2867 expand_setup containing zero. If its value changes, reset expand_nmax,
2868 since new variables will have been set. Note that at the end of this
2869 "lookup" section, the old numeric variables are restored. */
2870
2871 if (skipping)
2872 lookup_value = NULL;
2873 else
2874 {
2875 void *handle = search_open(filename, stype, 0, NULL, NULL);
2876 if (handle == NULL)
2877 {
2878 expand_string_message = search_error_message;
2879 goto EXPAND_FAILED;
2880 }
2881 lookup_value = search_find(handle, filename, key, partial, affix,
2882 affixlen, starflags, &expand_setup);
2883 if (search_find_defer)
2884 {
2885 expand_string_message =
2886 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
2887 search_error_message);
2888 goto EXPAND_FAILED;
2889 }
2890 if (expand_setup > 0) expand_nmax = expand_setup;
2891 }
2892
2893 /* The handling of "yes" and "no" result strings is now in a separate
2894 function that is also used by ${if} and ${extract}. */
2895
2896 switch(process_yesno(
2897 skipping, /* were previously skipping */
2898 lookup_value != NULL, /* success/failure indicator */
2899 save_lookup_value, /* value to reset for string2 */
2900 &s, /* input pointer */
2901 &yield, /* output pointer */
2902 &size, /* output size */
2903 &ptr, /* output current point */
2904 US"lookup")) /* condition type */
2905 {
2906 case 1: goto EXPAND_FAILED; /* when all is well, the */
2907 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2908 }
2909
2910 /* Restore external setting of expansion variables for carrying on
2911 at this level, and continue. */
2912
2913 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2914 save_expand_nlength);
2915 continue;
2916 }
2917
2918 /* If Perl support is configured, handle calling embedded perl subroutines,
2919 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
2920 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
2921 arguments (defined below). */
2922
2923 #ifdef EXIM_PERL
2924 #define EXIM_PERL_MAX_ARGS 8
2925
2926 case EITEM_PERL:
2927 {
2928 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
2929 uschar *new_yield;
2930
2931 if ((expand_forbid & RDO_PERL) != 0)
2932 {
2933 expand_string_message = US"Perl calls are not permitted";
2934 goto EXPAND_FAILED;
2935 }
2936
2937 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
2938 US"perl"))
2939 {
2940 case 1: goto EXPAND_FAILED_CURLY;
2941 case 2:
2942 case 3: goto EXPAND_FAILED;
2943 }
2944
2945 /* If skipping, we don't actually do anything */
2946
2947 if (skipping) continue;
2948
2949 /* Start the interpreter if necessary */
2950
2951 if (!opt_perl_started)
2952 {
2953 uschar *initerror;
2954 if (opt_perl_startup == NULL)
2955 {
2956 expand_string_message = US"A setting of perl_startup is needed when "
2957 "using the Perl interpreter";
2958 goto EXPAND_FAILED;
2959 }
2960 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
2961 initerror = init_perl(opt_perl_startup);
2962 if (initerror != NULL)
2963 {
2964 expand_string_message =
2965 string_sprintf("error in perl_startup code: %s\n", initerror);
2966 goto EXPAND_FAILED;
2967 }
2968 opt_perl_started = TRUE;
2969 }
2970
2971 /* Call the function */
2972
2973 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
2974 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
2975 sub_arg[0], sub_arg + 1);
2976
2977 /* NULL yield indicates failure; if the message pointer has been set to
2978 NULL, the yield was undef, indicating a forced failure. Otherwise the
2979 message will indicate some kind of Perl error. */
2980
2981 if (new_yield == NULL)
2982 {
2983 if (expand_string_message == NULL)
2984 {
2985 expand_string_message =
2986 string_sprintf("Perl subroutine \"%s\" returned undef to force "
2987 "failure", sub_arg[0]);
2988 expand_string_forcedfail = TRUE;
2989 }
2990 goto EXPAND_FAILED;
2991 }
2992
2993 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
2994 set during a callback from Perl. */
2995
2996 expand_string_forcedfail = FALSE;
2997 yield = new_yield;
2998 continue;
2999 }
3000 #endif /* EXIM_PERL */
3001
3002 /* Handle "readfile" to insert an entire file */
3003
3004 case EITEM_READFILE:
3005 {
3006 FILE *f;
3007 uschar *sub_arg[2];
3008
3009 if ((expand_forbid & RDO_READFILE) != 0)
3010 {
3011 expand_string_message = US"file insertions are not permitted";
3012 goto EXPAND_FAILED;
3013 }
3014
3015 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3016 {
3017 case 1: goto EXPAND_FAILED_CURLY;
3018 case 2:
3019 case 3: goto EXPAND_FAILED;
3020 }
3021
3022 /* If skipping, we don't actually do anything */
3023
3024 if (skipping) continue;
3025
3026 /* Open the file and read it */
3027
3028 f = Ufopen(sub_arg[0], "rb");
3029 if (f == NULL)
3030 {
3031 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3032 goto EXPAND_FAILED;
3033 }
3034
3035 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3036 fclose(f);
3037 continue;
3038 }
3039
3040 /* Handle "readsocket" to insert data from a Unix domain socket */
3041
3042 case EITEM_READSOCK:
3043 {
3044 int fd;
3045 int timeout = 5;
3046 int save_ptr = ptr;
3047 FILE *f;
3048 struct sockaddr_un sockun; /* don't call this "sun" ! */
3049 uschar *arg;
3050 uschar *sub_arg[4];
3051
3052 if ((expand_forbid & RDO_READSOCK) != 0)
3053 {
3054 expand_string_message = US"socket insertions are not permitted";
3055 goto EXPAND_FAILED;
3056 }
3057
3058 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3059 because there may be a string for expansion on failure. */
3060
3061 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3062 {
3063 case 1: goto EXPAND_FAILED_CURLY;
3064 case 2: /* Won't occur: no end check */
3065 case 3: goto EXPAND_FAILED;
3066 }
3067
3068 /* Sort out timeout, if given */
3069
3070 if (sub_arg[2] != NULL)
3071 {
3072 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3073 if (timeout < 0)
3074 {
3075 expand_string_message = string_sprintf("bad time value %s",
3076 sub_arg[2]);
3077 goto EXPAND_FAILED;
3078 }
3079 }
3080 else sub_arg[3] = NULL; /* No eol if no timeout */
3081
3082 /* If skipping, we don't actually do anything */
3083
3084 if (!skipping)
3085 {
3086 /* Make a connection to the socket */
3087
3088 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3089 {
3090 expand_string_message = string_sprintf("failed to create socket: %s",
3091 strerror(errno));
3092 goto SOCK_FAIL;
3093 }
3094
3095 sockun.sun_family = AF_UNIX;
3096 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3097 sub_arg[0]);
3098 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3099 {
3100 expand_string_message = string_sprintf("failed to connect to socket "
3101 "%s: %s", sub_arg[0], strerror(errno));
3102 goto SOCK_FAIL;
3103 }
3104 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3105
3106 /* Write the request string, if not empty */
3107
3108 if (sub_arg[1][0] != 0)
3109 {
3110 int len = Ustrlen(sub_arg[1]);
3111 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3112 sub_arg[1]);
3113 if (write(fd, sub_arg[1], len) != len)
3114 {
3115 expand_string_message = string_sprintf("request write to socket "
3116 "failed: %s", strerror(errno));
3117 goto SOCK_FAIL;
3118 }
3119 }
3120
3121 /* Now we need to read from the socket, under a timeout. The function
3122 that reads a file can be used. */
3123
3124 f = fdopen(fd, "rb");
3125 sigalrm_seen = FALSE;
3126 alarm(timeout);
3127 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3128 alarm(0);
3129 fclose(f);
3130
3131 /* After a timeout, we restore the pointer in the result, that is,
3132 make sure we add nothing from the socket. */
3133
3134 if (sigalrm_seen)
3135 {
3136 ptr = save_ptr;
3137 expand_string_message = US"socket read timed out";
3138 goto SOCK_FAIL;
3139 }
3140 }
3141
3142 /* The whole thing has worked (or we were skipping). If there is a
3143 failure string following, we need to skip it. */
3144
3145 if (*s == '{')
3146 {
3147 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3148 goto EXPAND_FAILED;
3149 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3150 while (isspace(*s)) s++;
3151 }
3152 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3153 continue;
3154
3155 /* Come here on failure to create socket, connect socket, write to the
3156 socket, or timeout on reading. If another substring follows, expand and
3157 use it. Otherwise, those conditions give expand errors. */
3158
3159 SOCK_FAIL:
3160 if (*s != '{') goto EXPAND_FAILED;
3161 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3162 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3163 if (arg == NULL) goto EXPAND_FAILED;
3164 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3165 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3166 while (isspace(*s)) s++;
3167 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3168 continue;
3169 }
3170
3171 /* Handle "run" to execute a program. */
3172
3173 case EITEM_RUN:
3174 {
3175 FILE *f;
3176 uschar *old_lookup_value = NULL;
3177 uschar *arg;
3178 uschar **argv;
3179 pid_t pid;
3180 int fd_in, fd_out;
3181 int lsize = 0;
3182 int lptr = 0;
3183
3184 if ((expand_forbid & RDO_RUN) != 0)
3185 {
3186 expand_string_message = US"running a command is not permitted";
3187 goto EXPAND_FAILED;
3188 }
3189
3190 while (isspace(*s)) s++;
3191 if (*s != '{') goto EXPAND_FAILED_CURLY;
3192 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3193 if (arg == NULL) goto EXPAND_FAILED;
3194 while (isspace(*s)) s++;
3195 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3196
3197 if (skipping) /* Just pretend it worked when we're skipping */
3198 {
3199 runrc = 0;
3200 }
3201 else
3202 {
3203 if (!transport_set_up_command(&argv, /* anchor for arg list */
3204 arg, /* raw command */
3205 FALSE, /* don't expand the arguments */
3206 0, /* not relevant when... */
3207 NULL, /* no transporting address */
3208 US"${run} expansion", /* for error messages */
3209 &expand_string_message)) /* where to put error message */
3210 {
3211 goto EXPAND_FAILED;
3212 }
3213
3214 /* Create the child process, making it a group leader. */
3215
3216 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3217
3218 if (pid < 0)
3219 {
3220 expand_string_message =
3221 string_sprintf("couldn't create child process: %s", strerror(errno));
3222 goto EXPAND_FAILED;
3223 }
3224
3225 /* Nothing is written to the standard input. */
3226
3227 close(fd_in);
3228
3229 /* Wait for the process to finish, applying the timeout, and inspect its
3230 return code for serious disasters. Simple non-zero returns are passed on.
3231 */
3232
3233 if ((runrc = child_close(pid, 60)) < 0)
3234 {
3235 if (runrc == -256)
3236 {
3237 expand_string_message = string_sprintf("command timed out");
3238 killpg(pid, SIGKILL); /* Kill the whole process group */
3239 }
3240
3241 else if (runrc == -257)
3242 expand_string_message = string_sprintf("wait() failed: %s",
3243 strerror(errno));
3244
3245 else
3246 expand_string_message = string_sprintf("command killed by signal %d",
3247 -runrc);
3248
3249 goto EXPAND_FAILED;
3250 }
3251
3252 /* Read the pipe to get the command's output into $value (which is kept
3253 in lookup_value). */
3254
3255 f = fdopen(fd_out, "rb");
3256 old_lookup_value = lookup_value;
3257 lookup_value = NULL;
3258 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
3259 fclose(f);
3260 }
3261
3262 /* Process the yes/no strings */
3263
3264 switch(process_yesno(
3265 skipping, /* were previously skipping */
3266 runrc == 0, /* success/failure indicator */
3267 old_lookup_value, /* value to reset for string2 */
3268 &s, /* input pointer */
3269 &yield, /* output pointer */
3270 &size, /* output size */
3271 &ptr, /* output current point */
3272 US"run")) /* condition type */
3273 {
3274 case 1: goto EXPAND_FAILED; /* when all is well, the */
3275 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3276 }
3277
3278 continue;
3279 }
3280
3281 /* Handle character translation for "tr" */
3282
3283 case EITEM_TR:
3284 {
3285 int oldptr = ptr;
3286 int o2m;
3287 uschar *sub[3];
3288
3289 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
3290 {
3291 case 1: goto EXPAND_FAILED_CURLY;
3292 case 2:
3293 case 3: goto EXPAND_FAILED;
3294 }
3295
3296 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
3297 o2m = Ustrlen(sub[2]) - 1;
3298
3299 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
3300 {
3301 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
3302 if (m != NULL)
3303 {
3304 int o = m - sub[1];
3305 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
3306 }
3307 }
3308
3309 continue;
3310 }
3311
3312 /* Handle "hash", "length", "nhash", and "substr" when they are given with
3313 expanded arguments. */
3314
3315 case EITEM_HASH:
3316 case EITEM_LENGTH:
3317 case EITEM_NHASH:
3318 case EITEM_SUBSTR:
3319 {
3320 int i;
3321 int len;
3322 uschar *ret;
3323 int val[2] = { 0, -1 };
3324 uschar *sub[3];
3325
3326 /* "length" takes only 2 arguments whereas the others take 2 or 3.
3327 Ensure that sub[2] is set in the ${length case. */
3328
3329 sub[2] = NULL;
3330 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
3331 TRUE, name))
3332 {
3333 case 1: goto EXPAND_FAILED_CURLY;
3334 case 2:
3335 case 3: goto EXPAND_FAILED;
3336 }
3337
3338 /* Juggle the arguments if there are only two of them: always move the
3339 string to the last position and make ${length{n}{str}} equivalent to
3340 ${substr{0}{n}{str}}. See the defaults for val[] above. */
3341
3342 if (sub[2] == NULL)
3343 {
3344 sub[2] = sub[1];
3345 sub[1] = NULL;
3346 if (item_type == EITEM_LENGTH)
3347 {
3348 sub[1] = sub[0];
3349 sub[0] = NULL;
3350 }
3351 }
3352
3353 for (i = 0; i < 2; i++)
3354 {
3355 if (sub[i] == NULL) continue;
3356 val[i] = (int)Ustrtol(sub[i], &ret, 10);
3357 if (*ret != 0 || (i != 0 && val[i] < 0))
3358 {
3359 expand_string_message = string_sprintf("\"%s\" is not a%s number "
3360 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
3361 goto EXPAND_FAILED;
3362 }
3363 }
3364
3365 ret =
3366 (item_type == EITEM_HASH)?
3367 compute_hash(sub[2], val[0], val[1], &len) :
3368 (item_type == EITEM_NHASH)?
3369 compute_nhash(sub[2], val[0], val[1], &len) :
3370 extract_substr(sub[2], val[0], val[1], &len);
3371
3372 if (ret == NULL) goto EXPAND_FAILED;
3373 yield = string_cat(yield, &size, &ptr, ret, len);
3374 continue;
3375 }
3376
3377 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
3378 This code originally contributed by Steve Haslam. It currently supports
3379 the use of MD5 and SHA-1 hashes.
3380
3381 We need some workspace that is large enough to handle all the supported
3382 hash types. Use macros to set the sizes rather than be too elaborate. */
3383
3384 #define MAX_HASHLEN 20
3385 #define MAX_HASHBLOCKLEN 64
3386
3387 case EITEM_HMAC:
3388 {
3389 uschar *sub[3];
3390 md5 md5_base;
3391 sha1 sha1_base;
3392 void *use_base;
3393 int type, i;
3394 int hashlen; /* Number of octets for the hash algorithm's output */
3395 int hashblocklen; /* Number of octets the hash algorithm processes */
3396 uschar *keyptr, *p;
3397 unsigned int keylen;
3398
3399 uschar keyhash[MAX_HASHLEN];
3400 uschar innerhash[MAX_HASHLEN];
3401 uschar finalhash[MAX_HASHLEN];
3402 uschar finalhash_hex[2*MAX_HASHLEN];
3403 uschar innerkey[MAX_HASHBLOCKLEN];
3404 uschar outerkey[MAX_HASHBLOCKLEN];
3405
3406 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
3407 {
3408 case 1: goto EXPAND_FAILED_CURLY;
3409 case 2:
3410 case 3: goto EXPAND_FAILED;
3411 }
3412
3413 if (Ustrcmp(sub[0], "md5") == 0)
3414 {
3415 type = HMAC_MD5;
3416 use_base = &md5_base;
3417 hashlen = 16;
3418 hashblocklen = 64;
3419 }
3420 else if (Ustrcmp(sub[0], "sha1") == 0)
3421 {
3422 type = HMAC_SHA1;
3423 use_base = &sha1_base;
3424 hashlen = 20;
3425 hashblocklen = 64;
3426 }
3427 else
3428 {
3429 expand_string_message =
3430 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
3431 goto EXPAND_FAILED;
3432 }
3433
3434 keyptr = sub[1];
3435 keylen = Ustrlen(keyptr);
3436
3437 /* If the key is longer than the hash block length, then hash the key
3438 first */
3439
3440 if (keylen > hashblocklen)
3441 {
3442 chash_start(type, use_base);
3443 chash_end(type, use_base, keyptr, keylen, keyhash);
3444 keyptr = keyhash;
3445 keylen = hashlen;
3446 }
3447
3448 /* Now make the inner and outer key values */
3449
3450 memset(innerkey, 0x36, hashblocklen);
3451 memset(outerkey, 0x5c, hashblocklen);
3452
3453 for (i = 0; i < keylen; i++)
3454 {
3455 innerkey[i] ^= keyptr[i];
3456 outerkey[i] ^= keyptr[i];
3457 }
3458
3459 /* Now do the hashes */
3460
3461 chash_start(type, use_base);
3462 chash_mid(type, use_base, innerkey);
3463 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
3464
3465 chash_start(type, use_base);
3466 chash_mid(type, use_base, outerkey);
3467 chash_end(type, use_base, innerhash, hashlen, finalhash);
3468
3469 /* Encode the final hash as a hex string */
3470
3471 p = finalhash_hex;
3472 for (i = 0; i < hashlen; i++)
3473 {
3474 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3475 *p++ = hex_digits[finalhash[i] & 0x0f];
3476 }
3477
3478 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
3479 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
3480
3481 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
3482 }
3483
3484 continue;
3485
3486 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
3487 We have to save the numerical variables and restore them afterwards. */
3488
3489 case EITEM_SG:
3490 {
3491 const pcre *re;
3492 int moffset, moffsetextra, slen;
3493 int roffset;
3494 int emptyopt;
3495 const uschar *rerror;
3496 uschar *subject;
3497 uschar *sub[3];
3498 int save_expand_nmax =
3499 save_expand_strings(save_expand_nstring, save_expand_nlength);
3500
3501 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
3502 {
3503 case 1: goto EXPAND_FAILED_CURLY;
3504 case 2:
3505 case 3: goto EXPAND_FAILED;
3506 }
3507
3508 /* Compile the regular expression */
3509
3510 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
3511 NULL);
3512
3513 if (re == NULL)
3514 {
3515 expand_string_message = string_sprintf("regular expression error in "
3516 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
3517 goto EXPAND_FAILED;
3518 }
3519
3520 /* Now run a loop to do the substitutions as often as necessary. It ends
3521 when there are no more matches. Take care over matches of the null string;
3522 do the same thing as Perl does. */
3523
3524 subject = sub[0];
3525 slen = Ustrlen(sub[0]);
3526 moffset = moffsetextra = 0;
3527 emptyopt = 0;
3528
3529 for (;;)
3530 {
3531 int ovector[3*(EXPAND_MAXN+1)];
3532 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
3533 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
3534 int nn;
3535 uschar *insert;
3536
3537 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
3538 is not necessarily the end. We want to repeat the match from one
3539 character further along, but leaving the basic offset the same (for
3540 copying below). We can't be at the end of the string - that was checked
3541 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
3542 finished; copy the remaining string and end the loop. */
3543
3544 if (n < 0)
3545 {
3546 if (emptyopt != 0)
3547 {
3548 moffsetextra = 1;
3549 emptyopt = 0;
3550 continue;
3551 }
3552 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
3553 break;
3554 }
3555
3556 /* Match - set up for expanding the replacement. */
3557
3558 if (n == 0) n = EXPAND_MAXN + 1;
3559 expand_nmax = 0;
3560 for (nn = 0; nn < n*2; nn += 2)
3561 {
3562 expand_nstring[expand_nmax] = subject + ovector[nn];
3563 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
3564 }
3565 expand_nmax--;
3566
3567 /* Copy the characters before the match, plus the expanded insertion. */
3568
3569 yield = string_cat(yield, &size, &ptr, subject + moffset,
3570 ovector[0] - moffset);
3571 insert = expand_string(sub[2]);
3572 if (insert == NULL) goto EXPAND_FAILED;
3573 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
3574
3575 moffset = ovector[1];
3576 moffsetextra = 0;
3577 emptyopt = 0;
3578
3579 /* If we have matched an empty string, first check to see if we are at
3580 the end of the subject. If so, the loop is over. Otherwise, mimic
3581 what Perl's /g options does. This turns out to be rather cunning. First
3582 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
3583 string at the same point. If this fails (picked up above) we advance to
3584 the next character. */
3585
3586 if (ovector[0] == ovector[1])
3587 {
3588 if (ovector[0] == slen) break;
3589 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
3590 }
3591 }
3592
3593 /* All done - restore numerical variables. */
3594
3595 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3596 save_expand_nlength);
3597 continue;
3598 }
3599
3600 /* Handle keyed and numbered substring extraction. If the first argument
3601 consists entirely of digits, then a numerical extraction is assumed. */
3602
3603 case EITEM_EXTRACT:
3604 {
3605 int i;
3606 int j = 2;
3607 int field_number = 1;
3608 BOOL field_number_set = FALSE;
3609 uschar *save_lookup_value = lookup_value;
3610 uschar *sub[3];
3611 int save_expand_nmax =
3612 save_expand_strings(save_expand_nstring, save_expand_nlength);
3613
3614 /* Read the arguments */
3615
3616 for (i = 0; i < j; i++)
3617 {
3618 while (isspace(*s)) s++;
3619 if (*s == '{')
3620 {
3621 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
3622 if (sub[i] == NULL) goto EXPAND_FAILED;
3623 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3624
3625 /* After removal of leading and trailing white space, the first
3626 argument must not be empty; if it consists entirely of digits
3627 (optionally preceded by a minus sign), this is a numerical
3628 extraction, and we expect 3 arguments. */
3629
3630 if (i == 0)
3631 {
3632 int len;
3633 int x = 0;
3634 uschar *p = sub[0];
3635
3636 while (isspace(*p)) p++;
3637 sub[0] = p;
3638
3639 len = Ustrlen(p);
3640 while (len > 0 && isspace(p[len-1])) len--;
3641 p[len] = 0;
3642
3643 if (*p == 0)
3644 {
3645 expand_string_message = US"first argument of \"expand\" must not "
3646 "be empty";
3647 goto EXPAND_FAILED;
3648 }
3649
3650 if (*p == '-')
3651 {
3652 field_number = -1;
3653 p++;
3654 }
3655 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
3656 if (*p == 0)
3657 {
3658 field_number *= x;
3659 j = 3; /* Need 3 args */
3660 field_number_set = TRUE;
3661 }
3662 }
3663 }
3664 else goto EXPAND_FAILED_CURLY;
3665 }
3666
3667 /* Extract either the numbered or the keyed substring into $value. If
3668 skipping, just pretend the extraction failed. */
3669
3670 lookup_value = skipping? NULL : field_number_set?
3671 expand_gettokened(field_number, sub[1], sub[2]) :
3672 expand_getkeyed(sub[0], sub[1]);
3673
3674 /* If no string follows, $value gets substituted; otherwise there can
3675 be yes/no strings, as for lookup or if. */
3676
3677 switch(process_yesno(
3678 skipping, /* were previously skipping */
3679 lookup_value != NULL, /* success/failure indicator */
3680 save_lookup_value, /* value to reset for string2 */
3681 &s, /* input pointer */
3682 &yield, /* output pointer */
3683 &size, /* output size */
3684 &ptr, /* output current point */
3685 US"extract")) /* condition type */
3686 {
3687 case 1: goto EXPAND_FAILED; /* when all is well, the */
3688 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3689 }
3690
3691 /* All done - restore numerical variables. */
3692
3693 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3694 save_expand_nlength);
3695
3696 continue;
3697 }
3698 }
3699
3700 /* Control reaches here if the name is not recognized as one of the more
3701 complicated expansion items. Check for the "operator" syntax (name terminated
3702 by a colon). Some of the operators have arguments, separated by _ from the
3703 name. */
3704
3705 if (*s == ':')
3706 {
3707 int c;
3708 uschar *arg = NULL;
3709 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
3710 if (sub == NULL) goto EXPAND_FAILED;
3711 s++;
3712
3713 /* Owing to an historical mis-design, an underscore may be part of the
3714 operator name, or it may introduce arguments. We therefore first scan the
3715 table of names that contain underscores. If there is no match, we cut off
3716 the arguments and then scan the main table. */
3717
3718 c = chop_match(name, op_table_underscore,
3719 sizeof(op_table_underscore)/sizeof(uschar *));
3720
3721 if (c < 0)
3722 {
3723 arg = Ustrchr(name, '_');
3724 if (arg != NULL) *arg = 0;
3725 c = chop_match(name, op_table_main,
3726 sizeof(op_table_main)/sizeof(uschar *));
3727 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
3728 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
3729 }
3730
3731 /* If we are skipping, we don't need to perform the operation at all.
3732 This matters for operations like "mask", because the data may not be
3733 in the correct format when skipping. For example, the expression may test
3734 for the existence of $sender_host_address before trying to mask it. For
3735 other operations, doing them may not fail, but it is a waste of time. */
3736
3737 if (skipping && c >= 0) continue;
3738
3739 /* Otherwise, switch on the operator type */
3740
3741 switch(c)
3742 {
3743 case EOP_BASE62:
3744 {
3745 uschar *t;
3746 unsigned long int n = Ustrtoul(sub, &t, 10);
3747 if (*t != 0)
3748 {
3749 expand_string_message = string_sprintf("argument for base62 "
3750 "operator is \"%s\", which is not a decimal number", sub);
3751 goto EXPAND_FAILED;
3752 }
3753 t = string_base62(n);
3754 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
3755 continue;
3756 }
3757
3758 case EOP_BASE62D:
3759 {
3760 uschar buf[16];
3761 uschar *tt = sub;
3762 unsigned long int n = 0;
3763 while (*tt != 0)
3764 {
3765 uschar *t = Ustrchr(base62_chars, *tt++);
3766 if (t == NULL)
3767 {
3768 expand_string_message = string_sprintf("argument for base62d "
3769 "operator is \"%s\", which is not a base 62 number", sub);
3770 goto EXPAND_FAILED;
3771 }
3772 n = n * 62 + (t - base62_chars);
3773 }
3774 (void)sprintf(CS buf, "%ld", n);
3775 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
3776 continue;
3777 }
3778
3779 case EOP_EXPAND:
3780 {
3781 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
3782 if (expanded == NULL)
3783 {
3784 expand_string_message =
3785 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
3786 expand_string_message);
3787 goto EXPAND_FAILED;
3788 }
3789 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
3790 continue;
3791 }
3792
3793 case EOP_LC:
3794 {
3795 int count = 0;
3796 uschar *t = sub - 1;
3797 while (*(++t) != 0) { *t = tolower(*t); count++; }
3798 yield = string_cat(yield, &size, &ptr, sub, count);
3799 continue;
3800 }
3801
3802 case EOP_UC:
3803 {
3804 int count = 0;
3805 uschar *t = sub - 1;
3806 while (*(++t) != 0) { *t = toupper(*t); count++; }
3807 yield = string_cat(yield, &size, &ptr, sub, count);
3808 continue;
3809 }
3810
3811 case EOP_MD5:
3812 {
3813 md5 base;
3814 uschar digest[16];
3815 int j;
3816 char st[33];
3817 md5_start(&base);
3818 md5_end(&base, sub, Ustrlen(sub), digest);
3819 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
3820 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
3821 continue;
3822 }
3823
3824 case EOP_SHA1:
3825 {
3826 sha1 base;
3827 uschar digest[20];
3828 int j;
3829 char st[41];
3830 sha1_start(&base);
3831 sha1_end(&base, sub, Ustrlen(sub), digest);
3832 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
3833 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
3834 continue;
3835 }
3836
3837 /* Convert hex encoding to base64 encoding */
3838
3839 case EOP_HEX2B64:
3840 {
3841 int c = 0;
3842 int b = -1;
3843 uschar *in = sub;
3844 uschar *out = sub;
3845 uschar *enc;
3846
3847 for (enc = sub; *enc != 0; enc++)
3848 {
3849 if (!isxdigit(*enc))
3850 {
3851 expand_string_message = string_sprintf("\"%s\" is not a hex "
3852 "string", sub);
3853 goto EXPAND_FAILED;
3854 }
3855 c++;
3856 }
3857
3858 if ((c & 1) != 0)
3859 {
3860 expand_string_message = string_sprintf("\"%s\" contains an odd "
3861 "number of characters", sub);
3862 goto EXPAND_FAILED;
3863 }
3864
3865 while ((c = *in++) != 0)
3866 {
3867 if (isdigit(c)) c -= '0';
3868 else c = toupper(c) - 'A' + 10;
3869 if (b == -1)
3870 {
3871 b = c << 4;
3872 }
3873 else
3874 {
3875 *out++ = b | c;
3876 b = -1;
3877 }
3878 }
3879
3880 enc = auth_b64encode(sub, out - sub);
3881 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
3882 continue;
3883 }
3884
3885 /* mask applies a mask to an IP address; for example the result of
3886 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
3887
3888 case EOP_MASK:
3889 {
3890 int count;
3891 uschar *endptr;
3892 int binary[4];
3893 int mask, maskoffset;
3894 int type = string_is_ip_address(sub, &maskoffset);
3895 uschar buffer[64];
3896
3897 if (type == 0)
3898 {
3899 expand_string_message = string_sprintf("\"%s\" is not an IP address",
3900 sub);
3901 goto EXPAND_FAILED;
3902 }
3903
3904 if (maskoffset == 0)
3905 {
3906 expand_string_message = string_sprintf("missing mask value in \"%s\"",
3907 sub);
3908 goto EXPAND_FAILED;
3909 }
3910
3911 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
3912
3913 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
3914 {
3915 expand_string_message = string_sprintf("mask value too big in \"%s\"",
3916 sub);
3917 goto EXPAND_FAILED;
3918 }
3919
3920 /* Convert the address to binary integer(s) and apply the mask */
3921
3922 sub[maskoffset] = 0;
3923 count = host_aton(sub, binary);
3924 host_mask(count, binary, mask);
3925
3926 /* Convert to masked textual format and add to output. */
3927
3928 yield = string_cat(yield, &size, &ptr, buffer,
3929 host_nmtoa(count, binary, mask, buffer));
3930 continue;
3931 }
3932
3933 case EOP_ADDRESS:
3934 case EOP_LOCAL_PART:
3935 case EOP_DOMAIN:
3936 {
3937 uschar *error;
3938 int start, end, domain;
3939 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
3940 FALSE);
3941 if (t != NULL)
3942 {
3943 if (c != EOP_DOMAIN)
3944 {
3945 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
3946 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
3947 }
3948 else if (domain != 0)
3949 {
3950 domain += start;
3951 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
3952 }
3953 }
3954 continue;
3955 }
3956
3957 /* quote puts a string in quotes if it is empty or contains anything
3958 other than alphamerics, underscore, dot, or hyphen.
3959
3960 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
3961 be quoted in order to be a valid local part.
3962
3963 In both cases, newlines and carriage returns are converted into \n and \r
3964 respectively */
3965
3966 case EOP_QUOTE:
3967 case EOP_QUOTE_LOCAL_PART:
3968 if (arg == NULL)
3969 {
3970 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
3971 uschar *t = sub - 1;
3972
3973 if (c == EOP_QUOTE)
3974 {
3975 while (!needs_quote && *(++t) != 0)
3976 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
3977 }
3978 else /* EOP_QUOTE_LOCAL_PART */
3979 {
3980 while (!needs_quote && *(++t) != 0)
3981 needs_quote = !isalnum(*t) &&
3982 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
3983 (*t != '.' || t == sub || t[1] == 0);
3984 }
3985
3986 if (needs_quote)
3987 {
3988 yield = string_cat(yield, &size, &ptr, US"\"", 1);
3989 t = sub - 1;
3990 while (*(++t) != 0)
3991 {
3992 if (*t == '\n')
3993 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
3994 else if (*t == '\r')
3995 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
3996 else
3997 {
3998 if (*t == '\\' || *t == '"')
3999 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4000 yield = string_cat(yield, &size, &ptr, t, 1);
4001 }
4002 }
4003 yield = string_cat(yield, &size, &ptr, US"\"", 1);
4004 }
4005 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4006 continue;
4007 }
4008
4009 /* quote_lookuptype does lookup-specific quoting */
4010
4011 else
4012 {
4013 int n;
4014 uschar *opt = Ustrchr(arg, '_');
4015
4016 if (opt != NULL) *opt++ = 0;
4017
4018 n = search_findtype(arg, Ustrlen(arg));
4019 if (n < 0)
4020 {
4021 expand_string_message = search_error_message;
4022 goto EXPAND_FAILED;
4023 }
4024
4025 if (lookup_list[n].quote != NULL)
4026 sub = (lookup_list[n].quote)(sub, opt);
4027 else if (opt != NULL) sub = NULL;
4028
4029 if (sub == NULL)
4030 {
4031 expand_string_message = string_sprintf(
4032 "\"%s\" unrecognized after \"${quote_%s\"",
4033 opt, arg);
4034 goto EXPAND_FAILED;
4035 }
4036
4037 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4038 continue;
4039 }
4040
4041 /* rx quote sticks in \ before any non-alphameric character so that
4042 the insertion works in a regular expression. */
4043
4044 case EOP_RXQUOTE:
4045 {
4046 uschar *t = sub - 1;
4047 while (*(++t) != 0)
4048 {
4049 if (!isalnum(*t))
4050 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4051 yield = string_cat(yield, &size, &ptr, t, 1);
4052 }
4053 continue;
4054 }
4055
4056 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
4057 prescribed by the RFC, if there are characters that need to be encoded */
4058
4059 case EOP_RFC2047:
4060 {
4061 uschar buffer[1024];
4062 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
4063 buffer, sizeof(buffer));
4064 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
4065 continue;
4066 }
4067
4068 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
4069 underscores */
4070
4071 case EOP_FROM_UTF8:
4072 {
4073 while (*sub != 0)
4074 {
4075 int c;
4076 uschar buff[4];
4077 GETUTF8INC(c, sub);
4078 if (c > 255) c = '_';
4079 buff[0] = c;
4080 yield = string_cat(yield, &size, &ptr, buff, 1);
4081 }
4082 continue;
4083 }
4084
4085 /* escape turns all non-printing characters into escape sequences. */
4086
4087 case EOP_ESCAPE:
4088 {
4089 uschar *t = string_printing(sub);
4090 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4091 continue;
4092 }
4093
4094 /* Handle numeric expression evaluation */
4095
4096 case EOP_EVAL:
4097 case EOP_EVAL10:
4098 {
4099 uschar *save_sub = sub;
4100 uschar *error = NULL;
4101 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
4102 if (error != NULL)
4103 {
4104 expand_string_message = string_sprintf("error in expression "
4105 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
4106 save_sub);
4107 goto EXPAND_FAILED;
4108 }
4109 sprintf(CS var_buffer, "%d", n);
4110 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
4111 continue;
4112 }
4113
4114 /* Handle time period formating */
4115
4116 case EOP_TIME_INTERVAL:
4117 {
4118 int n;
4119 uschar *t = read_number(&n, sub);
4120 if (*t != 0) /* Not A Number*/
4121 {
4122 expand_string_message = string_sprintf("string \"%s\" is not a "
4123 "positive number in \"%s\" operator", sub, name);
4124 goto EXPAND_FAILED;
4125 }
4126 t = readconf_printtime(n);
4127 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4128 continue;
4129 }
4130
4131 /* Convert string to base64 encoding */
4132
4133 case EOP_STR2B64:
4134 {
4135 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
4136 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
4137 continue;
4138 }
4139
4140 /* strlen returns the length of the string */
4141
4142 case EOP_STRLEN:
4143 {
4144 uschar buff[24];
4145 (void)sprintf(CS buff, "%d", Ustrlen(sub));
4146 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
4147 continue;
4148 }
4149
4150 /* length_n or l_n takes just the first n characters or the whole string,
4151 whichever is the shorter;
4152
4153 substr_m_n, and s_m_n take n characters from offset m; negative m take
4154 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
4155 takes the rest, either to the right or to the left.
4156
4157 hash_n or h_n makes a hash of length n from the string, yielding n
4158 characters from the set a-z; hash_n_m makes a hash of length n, but
4159 uses m characters from the set a-zA-Z0-9.
4160
4161 nhash_n returns a single number between 0 and n-1 (in text form), while
4162 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
4163 between 0 and n-1 and the second between 0 and m-1. */
4164
4165 case EOP_LENGTH:
4166 case EOP_L:
4167 case EOP_SUBSTR:
4168 case EOP_S:
4169 case EOP_HASH:
4170 case EOP_H:
4171 case EOP_NHASH:
4172 case EOP_NH:
4173 {
4174 int sign = 1;
4175 int value1 = 0;
4176 int value2 = -1;
4177 int *pn;
4178 int len;
4179 uschar *ret;
4180
4181 if (arg == NULL)
4182 {
4183 expand_string_message = string_sprintf("missing values after %s",
4184 name);
4185 goto EXPAND_FAILED;
4186 }
4187
4188 /* "length" has only one argument, effectively being synonymous with
4189 substr_0_n. */
4190
4191 if (c == EOP_LENGTH || c == EOP_L)
4192 {
4193 pn = &value2;
4194 value2 = 0;
4195 }
4196
4197 /* The others have one or two arguments; for "substr" the first may be
4198 negative. The second being negative means "not supplied". */
4199
4200 else
4201 {
4202 pn = &value1;
4203 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
4204 }
4205
4206 /* Read up to two numbers, separated by underscores */
4207
4208 ret = arg;
4209 while (*arg != 0)
4210 {
4211 if (arg != ret && *arg == '_' && pn == &value1)
4212 {
4213 pn = &value2;
4214 value2 = 0;
4215 if (arg[1] != 0) arg++;
4216 }
4217 else if (!isdigit(*arg))
4218 {
4219 expand_string_message =
4220 string_sprintf("non-digit after underscore in \"%s\"", name);
4221 goto EXPAND_FAILED;
4222 }
4223 else *pn = (*pn)*10 + *arg++ - '0';
4224 }
4225 value1 *= sign;
4226
4227 /* Perform the required operation */
4228
4229 ret =
4230 (c == EOP_HASH || c == EOP_H)?
4231 compute_hash(sub, value1, value2, &len) :
4232 (c == EOP_NHASH || c == EOP_NH)?
4233 compute_nhash(sub, value1, value2, &len) :
4234 extract_substr(sub, value1, value2, &len);
4235
4236 if (ret == NULL) goto EXPAND_FAILED;
4237 yield = string_cat(yield, &size, &ptr, ret, len);
4238 continue;
4239 }