projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove dead PCRE file accidentally left around.
[exim.git] / src / src / expand.c
CommitLineData
0d85fa3f 1/* $Cambridge: exim/src/src/expand.c,v 1.68 2006/10/31 14:26:34 ph10 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
d7d7b7b9 7/* Copyright (c) University of Cambridge 1995 - 2006 */
059ec3d9
PH		 8/* See the file NOTICE for conditions of use and distribution. */
9
10
11/* Functions for handling string expansion. */
12
13
14#include "exim.h"
15
16#ifdef STAND_ALONE
17#ifndef SUPPORT_CRYPTEQ
18#define SUPPORT_CRYPTEQ
19#endif
20#endif
21
22#ifdef SUPPORT_CRYPTEQ
23#ifdef CRYPT_H
24#include <crypt.h>
25#endif
26#ifndef HAVE_CRYPT16
27extern char* crypt16(char*, char*);
28#endif
29#endif
30
31#ifdef LOOKUP_LDAP
32#include "lookups/ldap.h"
33#endif
34
35
36
37/* Recursively called function */
38
39static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43/*************************************************
44* Local statics and tables *
45*************************************************/
46
47/* Table of item names, and corresponding switch numbers. The names must be in
48alphabetical order. */
49
50static uschar *item_table[] = {
1a46a8c5 51 US"dlfunc",
059ec3d9
PH		 52 US"extract",
53 US"hash",
54 US"hmac",
55 US"if",
56 US"length",
57 US"lookup",
58 US"nhash",
1a46a8c5 59 US"perl",
fffda43a
TK		 60 US"prvs",
61 US"prvscheck",
059ec3d9
PH		 62 US"readfile",
63 US"readsocket",
64 US"run",
65 US"sg",
66 US"substr",
67 US"tr" };
68
69enum {
1a46a8c5 70 EITEM_DLFUNC,
059ec3d9
PH		 71 EITEM_EXTRACT,
72 EITEM_HASH,
73 EITEM_HMAC,
74 EITEM_IF,
75 EITEM_LENGTH,
76 EITEM_LOOKUP,
77 EITEM_NHASH,
1a46a8c5 78 EITEM_PERL,
fffda43a
TK		 79 EITEM_PRVS,
80 EITEM_PRVSCHECK,
059ec3d9
PH		 81 EITEM_READFILE,
82 EITEM_READSOCK,
83 EITEM_RUN,
84 EITEM_SG,
85 EITEM_SUBSTR,
86 EITEM_TR };
87
88/* Tables of operator names, and corresponding switch numbers. The names must be
89in alphabetical order. There are two tables, because underscore is used in some
90cases to introduce arguments, whereas for other it is part of the name. This is
91an historical mis-design. */
92
93static uschar *op_table_underscore[] = {
94 US"from_utf8",
95 US"local_part",
96 US"quote_local_part",
f90d018c 97 US"time_eval",
059ec3d9
PH		 98 US"time_interval"};
99
100enum {
101 EOP_FROM_UTF8,
102 EOP_LOCAL_PART,
103 EOP_QUOTE_LOCAL_PART,
f90d018c 104 EOP_TIME_EVAL,
059ec3d9
PH		 105 EOP_TIME_INTERVAL };
106
107static uschar *op_table_main[] = {
108 US"address",
109 US"base62",
110 US"base62d",
111 US"domain",
112 US"escape",
113 US"eval",
114 US"eval10",
115 US"expand",
116 US"h",
117 US"hash",
118 US"hex2b64",
119 US"l",
120 US"lc",
121 US"length",
122 US"mask",
123 US"md5",
124 US"nh",
125 US"nhash",
126 US"quote",
127 US"rfc2047",
128 US"rxquote",
129 US"s",
130 US"sha1",
131 US"stat",
132 US"str2b64",
133 US"strlen",
134 US"substr",
135 US"uc" };
136
137enum {
138 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
139 EOP_BASE62,
140 EOP_BASE62D,
141 EOP_DOMAIN,
142 EOP_ESCAPE,
143 EOP_EVAL,
144 EOP_EVAL10,
145 EOP_EXPAND,
146 EOP_H,
147 EOP_HASH,
148 EOP_HEX2B64,
149 EOP_L,
150 EOP_LC,
151 EOP_LENGTH,
152 EOP_MASK,
153 EOP_MD5,
154 EOP_NH,
155 EOP_NHASH,
156 EOP_QUOTE,
157 EOP_RFC2047,
158 EOP_RXQUOTE,
159 EOP_S,
160 EOP_SHA1,
161 EOP_STAT,
162 EOP_STR2B64,
163 EOP_STRLEN,
164 EOP_SUBSTR,
165 EOP_UC };
166
167
168/* Table of condition names, and corresponding switch numbers. The names must
169be in alphabetical order. */
170
171static uschar *cond_table[] = {
172 US"<",
173 US"<=",
174 US"=",
175 US"==", /* Backward compatibility */
176 US">",
177 US">=",
178 US"and",
179 US"crypteq",
180 US"def",
181 US"eq",
182 US"eqi",
183 US"exists",
184 US"first_delivery",
185 US"ge",
186 US"gei",
187 US"gt",
188 US"gti",
189 US"isip",
190 US"isip4",
191 US"isip6",
192 US"ldapauth",
193 US"le",
194 US"lei",
195 US"lt",
196 US"lti",
197 US"match",
198 US"match_address",
199 US"match_domain",
32d668a5 200 US"match_ip",
059ec3d9
PH		 201 US"match_local_part",
202 US"or",
203 US"pam",
204 US"pwcheck",
205 US"queue_running",
206 US"radius",
207 US"saslauthd"
208};
209
210enum {
211 ECOND_NUM_L,
212 ECOND_NUM_LE,
213 ECOND_NUM_E,
214 ECOND_NUM_EE,
215 ECOND_NUM_G,
216 ECOND_NUM_GE,
217 ECOND_AND,
218 ECOND_CRYPTEQ,
219 ECOND_DEF,
220 ECOND_STR_EQ,
221 ECOND_STR_EQI,
222 ECOND_EXISTS,
223 ECOND_FIRST_DELIVERY,
224 ECOND_STR_GE,
225 ECOND_STR_GEI,
226 ECOND_STR_GT,
227 ECOND_STR_GTI,
228 ECOND_ISIP,
229 ECOND_ISIP4,
230 ECOND_ISIP6,
231 ECOND_LDAPAUTH,
232 ECOND_STR_LE,
233 ECOND_STR_LEI,
234 ECOND_STR_LT,
235 ECOND_STR_LTI,
236 ECOND_MATCH,
237 ECOND_MATCH_ADDRESS,
238 ECOND_MATCH_DOMAIN,
32d668a5 239 ECOND_MATCH_IP,
059ec3d9
PH		 240 ECOND_MATCH_LOCAL_PART,
241 ECOND_OR,
242 ECOND_PAM,
243 ECOND_PWCHECK,
244 ECOND_QUEUE_RUNNING,
245 ECOND_RADIUS,
246 ECOND_SASLAUTHD
247};
248
249
250/* Type for main variable table */
251
252typedef struct {
253 char *name;
254 int type;
255 void *value;
256} var_entry;
257
258/* Type for entries pointing to address/length pairs. Not currently
259in use. */
260
261typedef struct {
262 uschar **address;
263 int *length;
264} alblock;
265
266/* Types of table entry */
267
268enum {
269 vtype_int, /* value is address of int */
270 vtype_filter_int, /* ditto, but recognized only when filtering */
271 vtype_ino, /* value is address of ino_t (not always an int) */
272 vtype_uid, /* value is address of uid_t (not always an int) */
273 vtype_gid, /* value is address of gid_t (not always an int) */
274 vtype_stringptr, /* value is address of pointer to string */
275 vtype_msgbody, /* as stringptr, but read when first required */
276 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH		 277 vtype_msgheaders, /* the message's headers, processed */
278 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH		 279 vtype_localpart, /* extract local part from string */
280 vtype_domain, /* extract domain from string */
281 vtype_recipients, /* extract recipients from recipients list */
282 /* (enabled only during system filtering */
283 vtype_todbsdin, /* value not used; generate BSD inbox tod */
284 vtype_tode, /* value not used; generate tod in epoch format */
285 vtype_todf, /* value not used; generate full tod */
286 vtype_todl, /* value not used; generate log tod */
287 vtype_todlf, /* value not used; generate log file datestamp tod */
288 vtype_todzone, /* value not used; generate time zone only */
289 vtype_todzulu, /* value not used; generate zulu tod */
290 vtype_reply, /* value not used; get reply from headers */
291 vtype_pid, /* value not used; result is pid */
292 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH		 293 vtype_load_avg, /* value not used; result is int from os_getloadavg */
294 vtype_pspace, /* partition space; value is T/F for spool/log */
8e669ac1 295 vtype_pinodes /* partition inodes; value is T/F for spool/log */
fb2274d4
TK		 296#ifdef EXPERIMENTAL_DOMAINKEYS
297 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
84330b7b 298#endif
059ec3d9
PH		 299 };
300
301/* This table must be kept in alphabetical order. */
302
303static var_entry var_table[] = {
38a0a95f
PH		 304 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
305 they will be confused with user-creatable ACL variables. */
059ec3d9
PH		 306 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
307 { "address_data", vtype_stringptr, &deliver_address_data },
308 { "address_file", vtype_stringptr, &address_file },
309 { "address_pipe", vtype_stringptr, &address_pipe },
310 { "authenticated_id", vtype_stringptr, &authenticated_id },
311 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
312 { "authentication_failed",vtype_int, &authentication_failed },
8523533c
TK		 313#ifdef EXPERIMENTAL_BRIGHTMAIL
314 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
315 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
316 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
317 { "bmi_deliver", vtype_int, &bmi_deliver },
318#endif
059ec3d9
PH		 319 { "body_linecount", vtype_int, &body_linecount },
320 { "body_zerocount", vtype_int, &body_zerocount },
321 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
322 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
323 { "caller_gid", vtype_gid, &real_gid },
324 { "caller_uid", vtype_uid, &real_uid },
325 { "compile_date", vtype_stringptr, &version_date },
326 { "compile_number", vtype_stringptr, &version_cnumber },
e5a9dba6 327 { "csa_status", vtype_stringptr, &csa_status },
8523533c
TK		 328#ifdef WITH_OLD_DEMIME
329 { "demime_errorlevel", vtype_int, &demime_errorlevel },
330 { "demime_reason", vtype_stringptr, &demime_reason },
fb2274d4
TK		 331#endif
332#ifdef EXPERIMENTAL_DOMAINKEYS
333 { "dk_domain", vtype_stringptr, &dk_signing_domain },
334 { "dk_is_signed", vtype_dk_verify, NULL },
335 { "dk_result", vtype_dk_verify, NULL },
336 { "dk_selector", vtype_stringptr, &dk_signing_selector },
337 { "dk_sender", vtype_dk_verify, NULL },
338 { "dk_sender_domain", vtype_dk_verify, NULL },
339 { "dk_sender_local_part",vtype_dk_verify, NULL },
340 { "dk_sender_source", vtype_dk_verify, NULL },
341 { "dk_signsall", vtype_dk_verify, NULL },
342 { "dk_status", vtype_dk_verify, NULL },
343 { "dk_testing", vtype_dk_verify, NULL },
8523533c 344#endif
059ec3d9
PH		 345 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
346 { "dnslist_text", vtype_stringptr, &dnslist_text },
347 { "dnslist_value", vtype_stringptr, &dnslist_value },
348 { "domain", vtype_stringptr, &deliver_domain },
349 { "domain_data", vtype_stringptr, &deliver_domain_data },
350 { "exim_gid", vtype_gid, &exim_gid },
351 { "exim_path", vtype_stringptr, &exim_path },
352 { "exim_uid", vtype_uid, &exim_uid },
8523533c
TK		 353#ifdef WITH_OLD_DEMIME
354 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 355#endif
059ec3d9
PH		 356 { "home", vtype_stringptr, &deliver_home },
357 { "host", vtype_stringptr, &deliver_host },
358 { "host_address", vtype_stringptr, &deliver_host_address },
359 { "host_data", vtype_stringptr, &host_data },
b08b24c8 360 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9
PH		 361 { "host_lookup_failed", vtype_int, &host_lookup_failed },
362 { "inode", vtype_ino, &deliver_inode },
363 { "interface_address", vtype_stringptr, &interface_address },
364 { "interface_port", vtype_int, &interface_port },
365 #ifdef LOOKUP_LDAP
366 { "ldap_dn", vtype_stringptr, &eldap_dn },
367 #endif
368 { "load_average", vtype_load_avg, NULL },
369 { "local_part", vtype_stringptr, &deliver_localpart },
370 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
371 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
372 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
373 { "local_scan_data", vtype_stringptr, &local_scan_data },
374 { "local_user_gid", vtype_gid, &local_user_gid },
375 { "local_user_uid", vtype_uid, &local_user_uid },
376 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 377 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 378 { "log_space", vtype_pspace, (void *)FALSE },
059ec3d9 379 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK		 380#ifdef WITH_CONTENT_SCAN
381 { "malware_name", vtype_stringptr, &malware_name },
382#endif
059ec3d9
PH		 383 { "message_age", vtype_int, &message_age },
384 { "message_body", vtype_msgbody, &message_body },
385 { "message_body_end", vtype_msgbody_end, &message_body_end },
386 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 387 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 388 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 389 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 390 { "message_id", vtype_stringptr, &message_id },
2e0c1448 391 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 392 { "message_size", vtype_int, &message_size },
8523533c
TK		 393#ifdef WITH_CONTENT_SCAN
394 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
395 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
396 { "mime_boundary", vtype_stringptr, &mime_boundary },
397 { "mime_charset", vtype_stringptr, &mime_charset },
398 { "mime_content_description", vtype_stringptr, &mime_content_description },
399 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
400 { "mime_content_id", vtype_stringptr, &mime_content_id },
401 { "mime_content_size", vtype_int, &mime_content_size },
402 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
403 { "mime_content_type", vtype_stringptr, &mime_content_type },
404 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
405 { "mime_filename", vtype_stringptr, &mime_filename },
406 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
407 { "mime_is_multipart", vtype_int, &mime_is_multipart },
408 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
409 { "mime_part_count", vtype_int, &mime_part_count },
410#endif
059ec3d9
PH		 411 { "n0", vtype_filter_int, &filter_n[0] },
412 { "n1", vtype_filter_int, &filter_n[1] },
413 { "n2", vtype_filter_int, &filter_n[2] },
414 { "n3", vtype_filter_int, &filter_n[3] },
415 { "n4", vtype_filter_int, &filter_n[4] },
416 { "n5", vtype_filter_int, &filter_n[5] },
417 { "n6", vtype_filter_int, &filter_n[6] },
418 { "n7", vtype_filter_int, &filter_n[7] },
419 { "n8", vtype_filter_int, &filter_n[8] },
420 { "n9", vtype_filter_int, &filter_n[9] },
421 { "original_domain", vtype_stringptr, &deliver_domain_orig },
422 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
423 { "originator_gid", vtype_gid, &originator_gid },
424 { "originator_uid", vtype_uid, &originator_uid },
425 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
426 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
427 { "pid", vtype_pid, NULL },
428 { "primary_hostname", vtype_stringptr, &primary_hostname },
fffda43a
TK		 429 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
430 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
431 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH		 432 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
433 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
434 { "rcpt_count", vtype_int, &rcpt_count },
435 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
436 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
437 { "received_count", vtype_int, &received_count },
438 { "received_for", vtype_stringptr, &received_for },
439 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 440 { "received_time", vtype_int, &received_time },
059ec3d9 441 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 442 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
059ec3d9
PH		 443 { "recipients", vtype_recipients, NULL },
444 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK		 445#ifdef WITH_CONTENT_SCAN
446 { "regex_match_string", vtype_stringptr, &regex_match_string },
447#endif
059ec3d9
PH		 448 { "reply_address", vtype_reply, NULL },
449 { "return_path", vtype_stringptr, &return_path },
450 { "return_size_limit", vtype_int, &bounce_return_size_limit },
451 { "runrc", vtype_int, &runrc },
452 { "self_hostname", vtype_stringptr, &self_hostname },
453 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 454 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH		 455 { "sender_address_domain", vtype_domain, &sender_address },
456 { "sender_address_local_part", vtype_localpart, &sender_address },
457 { "sender_data", vtype_stringptr, &sender_data },
458 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
459 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
460 { "sender_host_address", vtype_stringptr, &sender_host_address },
461 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
462 { "sender_host_name", vtype_host_lookup, NULL },
463 { "sender_host_port", vtype_int, &sender_host_port },
464 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF		 465 { "sender_rate", vtype_stringptr, &sender_rate },
466 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
467 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 468 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1
PH		 469 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
470 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH		 471 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
472 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
059ec3d9
PH		 473 { "sn0", vtype_filter_int, &filter_sn[0] },
474 { "sn1", vtype_filter_int, &filter_sn[1] },
475 { "sn2", vtype_filter_int, &filter_sn[2] },
476 { "sn3", vtype_filter_int, &filter_sn[3] },
477 { "sn4", vtype_filter_int, &filter_sn[4] },
478 { "sn5", vtype_filter_int, &filter_sn[5] },
479 { "sn6", vtype_filter_int, &filter_sn[6] },
480 { "sn7", vtype_filter_int, &filter_sn[7] },
481 { "sn8", vtype_filter_int, &filter_sn[8] },
482 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c
TK		 483#ifdef WITH_CONTENT_SCAN
484 { "spam_bar", vtype_stringptr, &spam_bar },
485 { "spam_report", vtype_stringptr, &spam_report },
486 { "spam_score", vtype_stringptr, &spam_score },
487 { "spam_score_int", vtype_stringptr, &spam_score_int },
488#endif
489#ifdef EXPERIMENTAL_SPF
490 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
491 { "spf_received", vtype_stringptr, &spf_received },
492 { "spf_result", vtype_stringptr, &spf_result },
493 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
494#endif
059ec3d9 495 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 496 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 497 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK		 498#ifdef EXPERIMENTAL_SRS
499 { "srs_db_address", vtype_stringptr, &srs_db_address },
500 { "srs_db_key", vtype_stringptr, &srs_db_key },
501 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
502 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
503 { "srs_recipient", vtype_stringptr, &srs_recipient },
504 { "srs_status", vtype_stringptr, &srs_status },
505#endif
059ec3d9
PH		 506 { "thisaddress", vtype_stringptr, &filter_thisaddress },
507 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
508 { "tls_cipher", vtype_stringptr, &tls_cipher },
509 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
510 { "tod_bsdinbox", vtype_todbsdin, NULL },
511 { "tod_epoch", vtype_tode, NULL },
512 { "tod_full", vtype_todf, NULL },
513 { "tod_log", vtype_todl, NULL },
514 { "tod_logfile", vtype_todlf, NULL },
515 { "tod_zone", vtype_todzone, NULL },
516 { "tod_zulu", vtype_todzulu, NULL },
517 { "value", vtype_stringptr, &lookup_value },
518 { "version_number", vtype_stringptr, &version_string },
519 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
520 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
521 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
522 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
523 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
524 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
525};
526
527static int var_table_size = sizeof(var_table)/sizeof(var_entry);
528static uschar var_buffer[256];
529static BOOL malformed_header;
530
531/* For textual hashes */
532
533static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
534 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
535 "0123456789";
536
537enum { HMAC_MD5, HMAC_SHA1 };
538
539/* For numeric hashes */
540
541static unsigned int prime[] = {
542 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
543 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
544 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
545
546/* For printing modes in symbolic form */
547
548static uschar *mtable_normal[] =
549 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
550
551static uschar *mtable_setid[] =
552 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
553
554static uschar *mtable_sticky[] =
555 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
556
557
558
559/*************************************************
560* Tables for UTF-8 support *
561*************************************************/
562
563/* Table of the number of extra characters, indexed by the first character
564masked with 0x3f. The highest number for a valid UTF-8 character is in fact
5650x3d. */
566
567static uschar utf8_table1[] = {
568 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
569 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
570 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
571 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
572
573/* These are the masks for the data bits in the first byte of a character,
574indexed by the number of additional bytes. */
575
576static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
577
578/* Get the next UTF-8 character, advancing the pointer. */
579
580#define GETUTF8INC(c, ptr) \
581 c = *ptr++; \
582 if ((c & 0xc0) == 0xc0) \
583 { \
584 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
585 int s = 6*a; \
586 c = (c & utf8_table2[a]) << s; \
587 while (a-- > 0) \
588 { \
589 s -= 6; \
590 c |= (*ptr++ & 0x3f) << s; \
591 } \
592 }
593
594
595/*************************************************
596* Binary chop search on a table *
597*************************************************/
598
599/* This is used for matching expansion items and operators.
600
601Arguments:
602 name the name that is being sought
603 table the table to search
604 table_size the number of items in the table
605
606Returns: the offset in the table, or -1
607*/
608
609static int
610chop_match(uschar *name, uschar **table, int table_size)
611{
612uschar **bot = table;
613uschar **top = table + table_size;
614
615while (top > bot)
616 {
617 uschar **mid = bot + (top - bot)/2;
618 int c = Ustrcmp(name, *mid);
619 if (c == 0) return mid - table;
620 if (c > 0) bot = mid + 1; else top = mid;
621 }
622
623return -1;
624}
625
626
627
628/*************************************************
629* Check a condition string *
630*************************************************/
631
632/* This function is called to expand a string, and test the result for a "true"
633or "false" value. Failure of the expansion yields FALSE; logged unless it was a
634forced fail or lookup defer. All store used by the function can be released on
635exit.
636
637Arguments:
638 condition the condition string
639 m1 text to be incorporated in panic error
640 m2 ditto
641
642Returns: TRUE if condition is met, FALSE if not
643*/
644
645BOOL
646expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
647{
648int rc;
649void *reset_point = store_get(0);
650uschar *ss = expand_string(condition);
651if (ss == NULL)
652 {
653 if (!expand_string_forcedfail && !search_find_defer)
654 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
655 "for %s %s: %s", condition, m1, m2, expand_string_message);
656 return FALSE;
657 }
658rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
659 strcmpic(ss, US"false") != 0;
660store_reset(reset_point);
661return rc;
662}
663
664
665
666/*************************************************
667* Pick out a name from a string *
668*************************************************/
669
670/* If the name is too long, it is silently truncated.
671
672Arguments:
673 name points to a buffer into which to put the name
674 max is the length of the buffer
675 s points to the first alphabetic character of the name
676 extras chars other than alphanumerics to permit
677
678Returns: pointer to the first character after the name
679
680Note: The test for *s != 0 in the while loop is necessary because
681Ustrchr() yields non-NULL if the character is zero (which is not something
682I expected). */
683
684static uschar *
685read_name(uschar *name, int max, uschar *s, uschar *extras)
686{
687int ptr = 0;
688while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
689 {
690 if (ptr < max-1) name[ptr++] = *s;
691 s++;
692 }
693name[ptr] = 0;
694return s;
695}
696
697
698
699/*************************************************
700* Pick out the rest of a header name *
701*************************************************/
702
703/* A variable name starting $header_ (or just $h_ for those who like
704abbreviations) might not be the complete header name because headers can
705contain any printing characters in their names, except ':'. This function is
706called to read the rest of the name, chop h[eader]_ off the front, and put ':'
707on the end, if the name was terminated by white space.
708
709Arguments:
710 name points to a buffer in which the name read so far exists
711 max is the length of the buffer
712 s points to the first character after the name so far, i.e. the
713 first non-alphameric character after $header_xxxxx
714
715Returns: a pointer to the first character after the header name
716*/
717
718static uschar *
719read_header_name(uschar *name, int max, uschar *s)
720{
721int prelen = Ustrchr(name, '_') - name + 1;
722int ptr = Ustrlen(name) - prelen;
723if (ptr > 0) memmove(name, name+prelen, ptr);
724while (mac_isgraph(*s) && *s != ':')
725 {
726 if (ptr < max-1) name[ptr++] = *s;
727 s++;
728 }
729if (*s == ':') s++;
730name[ptr++] = ':';
731name[ptr] = 0;
732return s;
733}
734
735
736
737/*************************************************
738* Pick out a number from a string *
739*************************************************/
740
741/* Arguments:
742 n points to an integer into which to put the number
743 s points to the first digit of the number
744
745Returns: a pointer to the character after the last digit
746*/
747
748static uschar *
749read_number(int *n, uschar *s)
750{
751*n = 0;
752while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
753return s;
754}
755
756
757
758/*************************************************
759* Extract keyed subfield from a string *
760*************************************************/
761
762/* The yield is in dynamic store; NULL means that the key was not found.
763
764Arguments:
765 key points to the name of the key
766 s points to the string from which to extract the subfield
767
768Returns: NULL if the subfield was not found, or
769 a pointer to the subfield's data
770*/
771
772static uschar *
773expand_getkeyed(uschar *key, uschar *s)
774{
775int length = Ustrlen(key);
776while (isspace(*s)) s++;
777
778/* Loop to search for the key */
779
780while (*s != 0)
781 {
782 int dkeylength;
783 uschar *data;
784 uschar *dkey = s;
785
786 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
787 dkeylength = s - dkey;
788 while (isspace(*s)) s++;
789 if (*s == '=') while (isspace((*(++s))));
790
791 data = string_dequote(&s);
792 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
793 return data;
794
795 while (isspace(*s)) s++;
796 }
797
798return NULL;
799}
800
801
802
803
804/*************************************************
805* Extract numbered subfield from string *
806*************************************************/
807
808/* Extracts a numbered field from a string that is divided by tokens - for
809example a line from /etc/passwd is divided by colon characters. First field is
810numbered one. Negative arguments count from the right. Zero returns the whole
811string. Returns NULL if there are insufficient tokens in the string
812
813***WARNING***
814Modifies final argument - this is a dynamically generated string, so that's OK.
815
816Arguments:
817 field number of field to be extracted,
818 first field = 1, whole string = 0, last field = -1
819 separators characters that are used to break string into tokens
820 s points to the string from which to extract the subfield
821
822Returns: NULL if the field was not found,
823 a pointer to the field's data inside s (modified to add 0)
824*/
825
826static uschar *
827expand_gettokened (int field, uschar *separators, uschar *s)
828{
829int sep = 1;
830int count;
831uschar *ss = s;
832uschar *fieldtext = NULL;
833
834if (field == 0) return s;
835
836/* Break the line up into fields in place; for field > 0 we stop when we have
837done the number of fields we want. For field < 0 we continue till the end of
838the string, counting the number of fields. */
839
840count = (field > 0)? field : INT_MAX;
841
842while (count-- > 0)
843 {
844 size_t len;
845
846 /* Previous field was the last one in the string. For a positive field
847 number, this means there are not enough fields. For a negative field number,
848 check that there are enough, and scan back to find the one that is wanted. */
849
850 if (sep == 0)
851 {
852 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
853 if ((-field) == (INT_MAX - count - 1)) return s;
854 while (field++ < 0)
855 {
856 ss--;
857 while (ss[-1] != 0) ss--;
858 }
859 fieldtext = ss;
860 break;
861 }
862
863 /* Previous field was not last in the string; save its start and put a
864 zero at its end. */
865
866 fieldtext = ss;
867 len = Ustrcspn(ss, separators);
868 sep = ss[len];
869 ss[len] = 0;
870 ss += len + 1;
871 }
872
873return fieldtext;
874}
875
876
877
878/*************************************************
879* Extract a substring from a string *
880*************************************************/
881
882/* Perform the ${substr or ${length expansion operations.
883
884Arguments:
885 subject the input string
886 value1 the offset from the start of the input string to the start of
887 the output string; if negative, count from the right.
888 value2 the length of the output string, or negative (-1) for unset
889 if value1 is positive, unset means "all after"
890 if value1 is negative, unset means "all before"
891 len set to the length of the returned string
892
893Returns: pointer to the output string, or NULL if there is an error
894*/
895
896static uschar *
897extract_substr(uschar *subject, int value1, int value2, int *len)
898{
899int sublen = Ustrlen(subject);
900
901if (value1 < 0) /* count from right */
902 {
903 value1 += sublen;
904
905 /* If the position is before the start, skip to the start, and adjust the
906 length. If the length ends up negative, the substring is null because nothing
907 can precede. This falls out naturally when the length is unset, meaning "all
908 to the left". */
909
910 if (value1 < 0)
911 {
912 value2 += value1;
913 if (value2 < 0) value2 = 0;
914 value1 = 0;
915 }
916
917 /* Otherwise an unset length => characters before value1 */
918
919 else if (value2 < 0)
920 {
921 value2 = value1;
922 value1 = 0;
923 }
924 }
925
926/* For a non-negative offset, if the starting position is past the end of the
927string, the result will be the null string. Otherwise, an unset length means
928"rest"; just set it to the maximum - it will be cut down below if necessary. */
929
930else
931 {
932 if (value1 > sublen)
933 {
934 value1 = sublen;
935 value2 = 0;
936 }
937 else if (value2 < 0) value2 = sublen;
938 }
939
940/* Cut the length down to the maximum possible for the offset value, and get
941the required characters. */
942
943if (value1 + value2 > sublen) value2 = sublen - value1;
944*len = value2;
945return subject + value1;
946}
947
948
949
950
951/*************************************************
952* Old-style hash of a string *
953*************************************************/
954
955/* Perform the ${hash expansion operation.
956
957Arguments:
958 subject the input string (an expanded substring)
959 value1 the length of the output string; if greater or equal to the
960 length of the input string, the input string is returned
961 value2 the number of hash characters to use, or 26 if negative
962 len set to the length of the returned string
963
964Returns: pointer to the output string, or NULL if there is an error
965*/
966
967static uschar *
968compute_hash(uschar *subject, int value1, int value2, int *len)
969{
970int sublen = Ustrlen(subject);
971
972if (value2 < 0) value2 = 26;
973else if (value2 > Ustrlen(hashcodes))
974 {
975 expand_string_message =
976 string_sprintf("hash count \"%d\" too big", value2);
977 return NULL;
978 }
979
980/* Calculate the hash text. We know it is shorter than the original string, so
981can safely place it in subject[] (we know that subject is always itself an
982expanded substring). */
983
984if (value1 < sublen)
985 {
986 int c;
987 int i = 0;
988 int j = value1;
989 while ((c = (subject[j])) != 0)
990 {
991 int shift = (c + j++) & 7;
992 subject[i] ^= (c << shift) | (c >> (8-shift));
993 if (++i >= value1) i = 0;
994 }
995 for (i = 0; i < value1; i++)
996 subject[i] = hashcodes[(subject[i]) % value2];
997 }
998else value1 = sublen;
999
1000*len = value1;
1001return subject;
1002}
1003
1004
1005
1006
1007/*************************************************
1008* Numeric hash of a string *
1009*************************************************/
1010
1011/* Perform the ${nhash expansion operation. The first characters of the
1012string are treated as most important, and get the highest prime numbers.
1013
1014Arguments:
1015 subject the input string
1016 value1 the maximum value of the first part of the result
1017 value2 the maximum value of the second part of the result,
1018 or negative to produce only a one-part result
1019 len set to the length of the returned string
1020
1021Returns: pointer to the output string, or NULL if there is an error.
1022*/
1023
1024static uschar *
1025compute_nhash (uschar *subject, int value1, int value2, int *len)
1026{
1027uschar *s = subject;
1028int i = 0;
1029unsigned long int total = 0; /* no overflow */
1030
1031while (*s != 0)
1032 {
1033 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1034 total += prime[i--] * (unsigned int)(*s++);
1035 }
1036
1037/* If value2 is unset, just compute one number */
1038
1039if (value2 < 0)
1040 {
1041 s = string_sprintf("%d", total % value1);
1042 }
1043
1044/* Otherwise do a div/mod hash */
1045
1046else
1047 {
1048 total = total % (value1 * value2);
1049 s = string_sprintf("%d/%d", total/value2, total % value2);
1050 }
1051
1052*len = Ustrlen(s);
1053return s;
1054}
1055
1056
1057
1058
1059
1060/*************************************************
1061* Find the value of a header or headers *
1062*************************************************/
1063
1064/* Multiple instances of the same header get concatenated, and this function
1065can also return a concatenation of all the header lines. When concatenating
1066specific headers that contain lists of addresses, a comma is inserted between
1067them. Otherwise we use a straight concatenation. Because some messages can have
1068pathologically large number of lines, there is a limit on the length that is
1069returned. Also, to avoid massive store use which would result from using
1070string_cat() as it copies and extends strings, we do a preliminary pass to find
1071out exactly how much store will be needed. On "normal" messages this will be
1072pretty trivial.
1073
1074Arguments:
1075 name the name of the header, without the leading $header_ or $h_,
1076 or NULL if a concatenation of all headers is required
1077 exists_only TRUE if called from a def: test; don't need to build a string;
1078 just return a string that is not "" and not "0" if the header
1079 exists
1080 newsize return the size of memory block that was obtained; may be NULL
1081 if exists_only is TRUE
1082 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH		 1083 other than concatenating, will be done on the header. Also used
1084 for $message_headers_raw.
059ec3d9
PH		 1085 charset name of charset to translate MIME words to; used only if
1086 want_raw is false; if NULL, no translation is done (this is
1087 used for $bh_ and $bheader_)
1088
1089Returns: NULL if the header does not exist, else a pointer to a new
1090 store block
1091*/
1092
1093static uschar *
1094find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1095 uschar *charset)
1096{
1097BOOL found = name == NULL;
1098int comma = 0;
1099int len = found? 0 : Ustrlen(name);
1100int i;
1101uschar *yield = NULL;
1102uschar *ptr = NULL;
1103
1104/* Loop for two passes - saves code repetition */
1105
1106for (i = 0; i < 2; i++)
1107 {
1108 int size = 0;
1109 header_line *h;
1110
1111 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1112 {
1113 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1114 {
1115 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1116 {
1117 int ilen;
1118 uschar *t;
1119
1120 if (exists_only) return US"1"; /* don't need actual string */
1121 found = TRUE;
1122 t = h->text + len; /* text to insert */
1123 if (!want_raw) /* unless wanted raw, */
1124 while (isspace(*t)) t++; /* remove leading white space */
1125 ilen = h->slen - (t - h->text); /* length to insert */
1126
fd700877
PH		 1127 /* Unless wanted raw, remove trailing whitespace, including the
1128 newline. */
1129
1130 if (!want_raw)
1131 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1132
059ec3d9
PH		 1133 /* Set comma = 1 if handling a single header and it's one of those
1134 that contains an address list, except when asked for raw headers. Only
1135 need to do this once. */
1136
1137 if (!want_raw && name != NULL && comma == 0 &&
1138 Ustrchr("BCFRST", h->type) != NULL)
1139 comma = 1;
1140
1141 /* First pass - compute total store needed; second pass - compute
1142 total store used, including this header. */
1143
fd700877 1144 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH		 1145
1146 /* Second pass - concatentate the data, up to a maximum. Note that
1147 the loop stops when size hits the limit. */
1148
1149 if (i != 0)
1150 {
1151 if (size > header_insert_maxlen)
1152 {
fd700877 1153 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH		 1154 comma = 0;
1155 }
1156 Ustrncpy(ptr, t, ilen);
1157 ptr += ilen;
fd700877
PH		 1158
1159 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH		 1160 back the newline we removed above, provided there was some text in
1161 the header. */
fd700877 1162
3168332a 1163 if (!want_raw && ilen > 0)
059ec3d9 1164 {
3168332a 1165 if (comma != 0) *ptr++ = ',';
059ec3d9
PH		 1166 *ptr++ = '\n';
1167 }
1168 }
1169 }
1170 }
1171 }
1172
fd700877
PH		 1173 /* At end of first pass, return NULL if no header found. Then truncate size
1174 if necessary, and get the buffer to hold the data, returning the buffer size.
1175 */
059ec3d9
PH		 1176
1177 if (i == 0)
1178 {
1179 if (!found) return NULL;
1180 if (size > header_insert_maxlen) size = header_insert_maxlen;
1181 *newsize = size + 1;
1182 ptr = yield = store_get(*newsize);
1183 }
1184 }
1185
059ec3d9
PH		 1186/* That's all we do for raw header expansion. */
1187
1188if (want_raw)
1189 {
1190 *ptr = 0;
1191 }
1192
fd700877
PH		 1193/* Otherwise, remove a final newline and a redundant added comma. Then we do
1194RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH		 1195function can return an error with decoded data if the charset translation
1196fails. If decoding fails, it returns NULL. */
1197
1198else
1199 {
1200 uschar *decoded, *error;
3168332a 1201 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1202 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1203 *ptr = 0;
a0d6ba8a
PH		 1204 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1205 newsize, &error);
059ec3d9
PH		 1206 if (error != NULL)
1207 {
1208 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1209 " input was: %s\n", error, yield);
1210 }
1211 if (decoded != NULL) yield = decoded;
1212 }
1213
1214return yield;
1215}
1216
1217
1218
1219
1220/*************************************************
1221* Find value of a variable *
1222*************************************************/
1223
1224/* The table of variables is kept in alphabetic order, so we can search it
1225using a binary chop. The "choplen" variable is nothing to do with the binary
1226chop.
1227
1228Arguments:
1229 name the name of the variable being sought
1230 exists_only TRUE if this is a def: test; passed on to find_header()
1231 skipping TRUE => skip any processing evaluation; this is not the same as
1232 exists_only because def: may test for values that are first
1233 evaluated here
1234 newsize pointer to an int which is initially zero; if the answer is in
1235 a new memory buffer, *newsize is set to its size
1236
1237Returns: NULL if the variable does not exist, or
1238 a pointer to the variable's contents, or
1239 something non-NULL if exists_only is TRUE
1240*/
1241
1242static uschar *
1243find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1244{
1245int first = 0;
1246int last = var_table_size;
1247
38a0a95f
PH		 1248/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1249Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1250release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH		 1251characters are acl_c or acl_m and the sixth is either a digit or an underscore
1252(this gave backwards compatibility at the changeover). There may be built-in
1253variables whose names start acl_ but they should never start in this way. This
1254slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1255
38a0a95f
PH		 1256If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1257set, in which case give an error. */
47ca6d6c 1258
641cb756
PH		 1259if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1260 !isalpha(name[5]))
38a0a95f
PH		 1261 {
1262 tree_node *node =
1263 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1264 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH		 1265 }
1266
38a0a95f 1267/* Handle $auth<n> variables. */
f78eb7c6
PH		 1268
1269if (Ustrncmp(name, "auth", 4) == 0)
1270 {
1271 uschar *endptr;
1272 int n = Ustrtoul(name + 4, &endptr, 10);
1273 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1274 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1275 }
1276
47ca6d6c
PH		 1277/* For all other variables, search the table */
1278
059ec3d9
PH		 1279while (last > first)
1280 {
1281 uschar *s, *domain;
1282 uschar **ss;
1283 int middle = (first + last)/2;
1284 int c = Ustrcmp(name, var_table[middle].name);
1285
1286 if (c > 0) { first = middle + 1; continue; }
1287 if (c < 0) { last = middle; continue; }
1288
1289 /* Found an existing variable. If in skipping state, the value isn't needed,
47ca6d6c 1290 and we want to avoid processing (such as looking up the host name). */
059ec3d9
PH		 1291
1292 if (skipping) return US"";
1293
1294 switch (var_table[middle].type)
1295 {
fb2274d4
TK		 1296#ifdef EXPERIMENTAL_DOMAINKEYS
1297
1298 case vtype_dk_verify:
cacfbf29 1299 if (dk_verify_block == NULL) return US"";
fb2274d4
TK		 1300 s = NULL;
1301 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1302 s = dk_verify_block->result_string;
1303 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1304 s = dk_verify_block->address;
1305 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1306 s = dk_verify_block->domain;
1307 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1308 s = dk_verify_block->local_part;
84330b7b 1309
fb2274d4
TK		 1310 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1311 switch(dk_verify_block->address_source) {
a8d97c8a
PH		 1312 case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
1313 case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
1314 case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
fb2274d4
TK		 1315 }
1316
1317 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1318 switch(dk_verify_block->result) {
a8d97c8a
PH		 1319 case DK_EXIM_RESULT_ERR: s = US"error"; break;
1320 case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
1321 case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
1322 case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
1323 case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
1324 case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
1325 case DK_EXIM_RESULT_GOOD: s = US"good"; break;
1326 case DK_EXIM_RESULT_BAD: s = US"bad"; break;
fb2274d4 1327 }
84330b7b 1328
fb2274d4 1329 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
a8d97c8a 1330 s = (dk_verify_block->signsall)? US"1" : US"0";
84330b7b 1331
fb2274d4 1332 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
a8d97c8a 1333 s = (dk_verify_block->testing)? US"1" : US"0";
84330b7b 1334
fb2274d4 1335 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
a8d97c8a 1336 s = (dk_verify_block->is_signed)? US"1" : US"0";
84330b7b 1337
fb2274d4
TK		 1338 return (s == NULL)? US"" : s;
1339#endif
1340
9a26b6b2
PH		 1341 case vtype_filter_int:
1342 if (!filter_running) return NULL;
1343 /* Fall through */
1344 /* VVVVVVVVVVVV */
059ec3d9
PH		 1345 case vtype_int:
1346 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1347 return var_buffer;
1348
1349 case vtype_ino:
1350 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1351 return var_buffer;
1352
1353 case vtype_gid:
1354 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1355 return var_buffer;
1356
1357 case vtype_uid:
1358 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1359 return var_buffer;
1360
1361 case vtype_stringptr: /* Pointer to string */
1362 s = *((uschar **)(var_table[middle].value));
1363 return (s == NULL)? US"" : s;
1364
1365 case vtype_pid:
1366 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1367 return var_buffer;
1368
1369 case vtype_load_avg:
1370 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1371 return var_buffer;
1372
1373 case vtype_host_lookup: /* Lookup if not done so */
1374 if (sender_host_name == NULL && sender_host_address != NULL &&
1375 !host_lookup_failed && host_name_lookup() == OK)
1376 host_build_sender_fullhost();
1377 return (sender_host_name == NULL)? US"" : sender_host_name;
1378
1379 case vtype_localpart: /* Get local part from address */
1380 s = *((uschar **)(var_table[middle].value));
1381 if (s == NULL) return US"";
1382 domain = Ustrrchr(s, '@');
1383 if (domain == NULL) return s;
1384 if (domain - s > sizeof(var_buffer) - 1)
1385 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1386 "string expansion", sizeof(var_buffer));
1387 Ustrncpy(var_buffer, s, domain - s);
1388 var_buffer[domain - s] = 0;
1389 return var_buffer;
1390
1391 case vtype_domain: /* Get domain from address */
1392 s = *((uschar **)(var_table[middle].value));
1393 if (s == NULL) return US"";
1394 domain = Ustrrchr(s, '@');
1395 return (domain == NULL)? US"" : domain + 1;
1396
1397 case vtype_msgheaders:
1398 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1399
ff75a1f7
PH		 1400 case vtype_msgheaders_raw:
1401 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1402
059ec3d9
PH		 1403 case vtype_msgbody: /* Pointer to msgbody string */
1404 case vtype_msgbody_end: /* Ditto, the end of the msg */
1405 ss = (uschar **)(var_table[middle].value);
1406 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1407 {
1408 uschar *body;
0d7eb84a 1409 off_t start_offset = SPOOL_DATA_START_OFFSET;
059ec3d9
PH		 1410 int len = message_body_visible;
1411 if (len > message_size) len = message_size;
1412 *ss = body = store_malloc(len+1);
1413 body[0] = 0;
1414 if (var_table[middle].type == vtype_msgbody_end)
1415 {
1416 struct stat statbuf;
1417 if (fstat(deliver_datafile, &statbuf) == 0)
1418 {
1419 start_offset = statbuf.st_size - len;
1420 if (start_offset < SPOOL_DATA_START_OFFSET)
1421 start_offset = SPOOL_DATA_START_OFFSET;
1422 }
1423 }
1424 lseek(deliver_datafile, start_offset, SEEK_SET);
1425 len = read(deliver_datafile, body, len);
1426 if (len > 0)
1427 {
1428 body[len] = 0;
1429 while (len > 0)
1430 {
1431 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1432 }
1433 }
1434 }
1435 return (*ss == NULL)? US"" : *ss;
1436
1437 case vtype_todbsdin: /* BSD inbox time of day */
1438 return tod_stamp(tod_bsdin);
1439
1440 case vtype_tode: /* Unix epoch time of day */
1441 return tod_stamp(tod_epoch);
1442
1443 case vtype_todf: /* Full time of day */
1444 return tod_stamp(tod_full);
1445
1446 case vtype_todl: /* Log format time of day */
1447 return tod_stamp(tod_log_bare); /* (without timezone) */
1448
1449 case vtype_todzone: /* Time zone offset only */
1450 return tod_stamp(tod_zone);
1451
1452 case vtype_todzulu: /* Zulu time */
1453 return tod_stamp(tod_zulu);
1454
1455 case vtype_todlf: /* Log file datestamp tod */
1456 return tod_stamp(tod_log_datestamp);
1457
1458 case vtype_reply: /* Get reply address */
c8ea1597 1459 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
059ec3d9 1460 headers_charset);
6979240a 1461 if (s != NULL) while (isspace(*s)) s++;
059ec3d9 1462 if (s == NULL || *s == 0)
41a13e0a
PH		 1463 {
1464 *newsize = 0; /* For the *s==0 case */
c8ea1597
PH		 1465 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1466 }
1467 if (s != NULL)
1468 {
1469 uschar *t;
1470 while (isspace(*s)) s++;
1471 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
6979240a
PH		 1472 while (t > s && isspace(t[-1])) t--;
1473 *t = 0;
41a13e0a 1474 }
059ec3d9
PH		 1475 return (s == NULL)? US"" : s;
1476
1477 /* A recipients list is available only during system message filtering,
1478 during ACL processing after DATA, and while expanding pipe commands
1479 generated from a system filter, but not elsewhere. */
1480
1481 case vtype_recipients:
1482 if (!enable_dollar_recipients) return NULL; else
1483 {
1484 int size = 128;
1485 int ptr = 0;
1486 int i;
1487 s = store_get(size);
1488 for (i = 0; i < recipients_count; i++)
1489 {
1490 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1491 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1492 Ustrlen(recipients_list[i].address));
1493 }
1494 s[ptr] = 0; /* string_cat() leaves room */
1495 }
1496 return s;
8e669ac1 1497
5cb8cbc6
PH		 1498 case vtype_pspace:
1499 {
1500 int inodes;
8e669ac1
PH		 1501 sprintf(CS var_buffer, "%d",
1502 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
5cb8cbc6
PH		 1503 }
1504 return var_buffer;
8e669ac1 1505
5cb8cbc6
PH		 1506 case vtype_pinodes:
1507 {
1508 int inodes;
8e669ac1 1509 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
5cb8cbc6
PH		 1510 sprintf(CS var_buffer, "%d", inodes);
1511 }
1512 return var_buffer;
059ec3d9
PH		 1513 }
1514 }
1515
1516return NULL; /* Unknown variable name */
1517}
1518
1519
1520
1521
1522/*************************************************
1523* Read and expand substrings *
1524*************************************************/
1525
1526/* This function is called to read and expand argument substrings for various
1527expansion items. Some have a minimum requirement that is less than the maximum;
1528in these cases, the first non-present one is set to NULL.
1529
1530Arguments:
1531 sub points to vector of pointers to set
1532 n maximum number of substrings
1533 m minimum required
1534 sptr points to current string pointer
1535 skipping the skipping flag
1536 check_end if TRUE, check for final '}'
1537 name name of item, for error message
1538
1539Returns: 0 OK; string pointer updated
1540 1 curly bracketing error (too few arguments)
1541 2 too many arguments (only if check_end is set); message set
1542 3 other error (expansion failure)
1543*/
1544
1545static int
1546read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1547 BOOL check_end, uschar *name)
1548{
1549int i;
1550uschar *s = *sptr;
1551
1552while (isspace(*s)) s++;
1553for (i = 0; i < n; i++)
1554 {
1555 if (*s != '{')
1556 {
1557 if (i < m) return 1;
1558 sub[i] = NULL;
1559 break;
1560 }
1561 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1562 if (sub[i] == NULL) return 3;
1563 if (*s++ != '}') return 1;
1564 while (isspace(*s)) s++;
1565 }
1566if (check_end && *s++ != '}')
1567 {
1568 if (s[-1] == '{')
1569 {
1570 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1571 "(max is %d)", name, n);
1572 return 2;
1573 }
1574 return 1;
1575 }
1576
1577*sptr = s;
1578return 0;
1579}
1580
1581
1582
1583
641cb756
PH		 1584/*************************************************
1585* Elaborate message for bad variable *
1586*************************************************/
1587
1588/* For the "unknown variable" message, take a look at the variable's name, and
1589give additional information about possible ACL variables. The extra information
1590is added on to expand_string_message.
1591
1592Argument: the name of the variable
1593Returns: nothing
1594*/
1595
1596static void
1597check_variable_error_message(uschar *name)
1598{
1599if (Ustrncmp(name, "acl_", 4) == 0)
1600 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1601 (name[4] == 'c' || name[4] == 'm')?
1602 (isalpha(name[5])?
1603 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1604 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1605 ) :
1606 US"user-defined ACL variables must start acl_c or acl_m");
1607}
1608
1609
1610
059ec3d9
PH		 1611/*************************************************
1612* Read and evaluate a condition *
1613*************************************************/
1614
1615/*
1616Arguments:
1617 s points to the start of the condition text
1618 yield points to a BOOL to hold the result of the condition test;
1619 if NULL, we are just reading through a condition that is
1620 part of an "or" combination to check syntax, or in a state
1621 where the answer isn't required
1622
1623Returns: a pointer to the first character after the condition, or
1624 NULL after an error
1625*/
1626
1627static uschar *
1628eval_condition(uschar *s, BOOL *yield)
1629{
1630BOOL testfor = TRUE;
1631BOOL tempcond, combined_cond;
1632BOOL *subcondptr;
1633int i, rc, cond_type, roffset;
1634int num[2];
1635struct stat statbuf;
1636uschar name[256];
1637uschar *sub[4];
1638
1639const pcre *re;
1640const uschar *rerror;
1641
1642for (;;)
1643 {
1644 while (isspace(*s)) s++;
1645 if (*s == '!') { testfor = !testfor; s++; } else break;
1646 }
1647
1648/* Numeric comparisons are symbolic */
1649
1650if (*s == '=' || *s == '>' || *s == '<')
1651 {
1652 int p = 0;
1653 name[p++] = *s++;
1654 if (*s == '=')
1655 {
1656 name[p++] = '=';
1657 s++;
1658 }
1659 name[p] = 0;
1660 }
1661
1662/* All other conditions are named */
1663
1664else s = read_name(name, 256, s, US"_");
1665
1666/* If we haven't read a name, it means some non-alpha character is first. */
1667
1668if (name[0] == 0)
1669 {
1670 expand_string_message = string_sprintf("condition name expected, "
1671 "but found \"%.16s\"", s);
1672 return NULL;
1673 }
1674
1675/* Find which condition we are dealing with, and switch on it */
1676
1677cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1678switch(cond_type)
1679 {
9b4768fa
PH		 1680 /* def: tests for a non-empty variable, or for the existence of a header. If
1681 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH		 1682
1683 case ECOND_DEF:
1684 if (*s != ':')
1685 {
1686 expand_string_message = US"\":\" expected after \"def\"";
1687 return NULL;
1688 }
1689
1690 s = read_name(name, 256, s+1, US"_");
1691
0d85fa3f
PH		 1692 /* Test for a header's existence. If the name contains a closing brace
1693 character, this may be a user error where the terminating colon has been
1694 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH		 1695
1696 if (Ustrncmp(name, "h_", 2) == 0 ||
1697 Ustrncmp(name, "rh_", 3) == 0 ||
1698 Ustrncmp(name, "bh_", 3) == 0 ||
1699 Ustrncmp(name, "header_", 7) == 0 ||
1700 Ustrncmp(name, "rheader_", 8) == 0 ||
1701 Ustrncmp(name, "bheader_", 8) == 0)
1702 {
1703 s = read_header_name(name, 256, s);
0d85fa3f 1704 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH		 1705 if (yield != NULL) *yield =
1706 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1707 }
1708
9b4768fa
PH		 1709 /* Test for a variable's having a non-empty value. A non-existent variable
1710 causes an expansion failure. */
059ec3d9
PH		 1711
1712 else
1713 {
1714 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1715 if (value == NULL)
1716 {
1717 expand_string_message = (name[0] == 0)?
1718 string_sprintf("variable name omitted after \"def:\"") :
1719 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 1720 check_variable_error_message(name);
059ec3d9
PH		 1721 return NULL;
1722 }
9b4768fa 1723 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH		 1724 }
1725
1726 return s;
1727
1728
1729 /* first_delivery tests for first delivery attempt */
1730
1731 case ECOND_FIRST_DELIVERY:
1732 if (yield != NULL) *yield = deliver_firsttime == testfor;
1733 return s;
1734
1735
1736 /* queue_running tests for any process started by a queue runner */
1737
1738 case ECOND_QUEUE_RUNNING:
1739 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1740 return s;
1741
1742
1743 /* exists: tests for file existence
1744 isip: tests for any IP address
1745 isip4: tests for an IPv4 address
1746 isip6: tests for an IPv6 address
1747 pam: does PAM authentication
1748 radius: does RADIUS authentication
1749 ldapauth: does LDAP authentication
1750 pwcheck: does Cyrus SASL pwcheck authentication
1751 */
1752
1753 case ECOND_EXISTS:
1754 case ECOND_ISIP:
1755 case ECOND_ISIP4:
1756 case ECOND_ISIP6:
1757 case ECOND_PAM:
1758 case ECOND_RADIUS:
1759 case ECOND_LDAPAUTH:
1760 case ECOND_PWCHECK:
1761
1762 while (isspace(*s)) s++;
1763 if (*s != '{') goto COND_FAILED_CURLY_START;
1764
1765 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1766 if (sub[0] == NULL) return NULL;
1767 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1768
1769 if (yield == NULL) return s; /* No need to run the test if skipping */
1770
1771 switch(cond_type)
1772 {
1773 case ECOND_EXISTS:
1774 if ((expand_forbid & RDO_EXISTS) != 0)
1775 {
1776 expand_string_message = US"File existence tests are not permitted";
1777 return NULL;
1778 }
1779 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1780 break;
1781
1782 case ECOND_ISIP:
1783 case ECOND_ISIP4:
1784 case ECOND_ISIP6:
1785 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 1786 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH		 1787 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1788 break;
1789
1790 /* Various authentication tests - all optionally compiled */
1791
1792 case ECOND_PAM:
1793 #ifdef SUPPORT_PAM
1794 rc = auth_call_pam(sub[0], &expand_string_message);
1795 goto END_AUTH;
1796 #else
1797 goto COND_FAILED_NOT_COMPILED;
1798 #endif /* SUPPORT_PAM */
1799
1800 case ECOND_RADIUS:
1801 #ifdef RADIUS_CONFIG_FILE
1802 rc = auth_call_radius(sub[0], &expand_string_message);
1803 goto END_AUTH;
1804 #else
1805 goto COND_FAILED_NOT_COMPILED;
1806 #endif /* RADIUS_CONFIG_FILE */
1807
1808 case ECOND_LDAPAUTH:
1809 #ifdef LOOKUP_LDAP
1810 {
1811 /* Just to keep the interface the same */
1812 BOOL do_cache;
1813 int old_pool = store_pool;
1814 store_pool = POOL_SEARCH;
1815 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1816 &expand_string_message, &do_cache);
1817 store_pool = old_pool;
1818 }
1819 goto END_AUTH;
1820 #else
1821 goto COND_FAILED_NOT_COMPILED;
1822 #endif /* LOOKUP_LDAP */
1823
1824 case ECOND_PWCHECK:
1825 #ifdef CYRUS_PWCHECK_SOCKET
1826 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1827 goto END_AUTH;
1828 #else
1829 goto COND_FAILED_NOT_COMPILED;
1830 #endif /* CYRUS_PWCHECK_SOCKET */
1831
1832 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1833 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1834 END_AUTH:
1835 if (rc == ERROR || rc == DEFER) return NULL;
1836 *yield = (rc == OK) == testfor;
1837 #endif
1838 }
1839 return s;
1840
1841
1842 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1843
1844 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1845
1846 However, the last two are optional. That is why the whole set is enclosed
1847 in their own set or braces. */
1848
1849 case ECOND_SASLAUTHD:
1850 #ifndef CYRUS_SASLAUTHD_SOCKET
1851 goto COND_FAILED_NOT_COMPILED;
1852 #else
1853 while (isspace(*s)) s++;
1854 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1855 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1856 {
1857 case 1: expand_string_message = US"too few arguments or bracketing "
1858 "error for saslauthd";
1859 case 2:
1860 case 3: return NULL;
1861 }
1862 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1863 if (yield != NULL)
1864 {
1865 int rc;
1866 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1867 &expand_string_message);
1868 if (rc == ERROR || rc == DEFER) return NULL;
1869 *yield = (rc == OK) == testfor;
1870 }
1871 return s;
1872 #endif /* CYRUS_SASLAUTHD_SOCKET */
1873
1874
1875 /* symbolic operators for numeric and string comparison, and a number of
1876 other operators, all requiring two arguments.
1877
1878 match: does a regular expression match and sets up the numerical
1879 variables if it succeeds
1880 match_address: matches in an address list
1881 match_domain: matches in a domain list
32d668a5 1882 match_ip: matches a host list that is restricted to IP addresses
059ec3d9
PH		 1883 match_local_part: matches in a local part list
1884 crypteq: encrypts plaintext and compares against an encrypted text,
1885 using crypt(), crypt16(), MD5 or SHA-1
1886 */
1887
1888 case ECOND_MATCH:
1889 case ECOND_MATCH_ADDRESS:
1890 case ECOND_MATCH_DOMAIN:
32d668a5 1891 case ECOND_MATCH_IP:
059ec3d9
PH		 1892 case ECOND_MATCH_LOCAL_PART:
1893 case ECOND_CRYPTEQ:
1894
1895 case ECOND_NUM_L: /* Numerical comparisons */
1896 case ECOND_NUM_LE:
1897 case ECOND_NUM_E:
1898 case ECOND_NUM_EE:
1899 case ECOND_NUM_G:
1900 case ECOND_NUM_GE:
1901
1902 case ECOND_STR_LT: /* String comparisons */
1903 case ECOND_STR_LTI:
1904 case ECOND_STR_LE:
1905 case ECOND_STR_LEI:
1906 case ECOND_STR_EQ:
1907 case ECOND_STR_EQI:
1908 case ECOND_STR_GT:
1909 case ECOND_STR_GTI:
1910 case ECOND_STR_GE:
1911 case ECOND_STR_GEI:
1912
1913 for (i = 0; i < 2; i++)
1914 {
1915 while (isspace(*s)) s++;
1916 if (*s != '{')
1917 {
1918 if (i == 0) goto COND_FAILED_CURLY_START;
1919 expand_string_message = string_sprintf("missing 2nd string in {} "
1920 "after \"%s\"", name);
1921 return NULL;
1922 }
1923 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1924 if (sub[i] == NULL) return NULL;
1925 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1926
1927 /* Convert to numerical if required; we know that the names of all the
1928 conditions that compare numbers do not start with a letter. This just saves
1929 checking for them individually. */
1930
1931 if (!isalpha(name[0]))
1932 {
d45b1de8
PH		 1933 num[i] = expand_string_integer(sub[i], FALSE);
1934 if (expand_string_message != NULL) return NULL;
059ec3d9
PH		 1935 }
1936 }
1937
1938 /* Result not required */
1939
1940 if (yield == NULL) return s;
1941
1942 /* Do an appropriate comparison */
1943
1944 switch(cond_type)
1945 {
1946 case ECOND_NUM_E:
1947 case ECOND_NUM_EE:
1948 *yield = (num[0] == num[1]) == testfor;
1949 break;
1950
1951 case ECOND_NUM_G:
1952 *yield = (num[0] > num[1]) == testfor;
1953 break;
1954
1955 case ECOND_NUM_GE:
1956 *yield = (num[0] >= num[1]) == testfor;
1957 break;
1958
1959 case ECOND_NUM_L:
1960 *yield = (num[0] < num[1]) == testfor;
1961 break;
1962
1963 case ECOND_NUM_LE:
1964 *yield = (num[0] <= num[1]) == testfor;
1965 break;
1966
1967 case ECOND_STR_LT:
1968 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1969 break;
1970
1971 case ECOND_STR_LTI:
1972 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1973 break;
1974
1975 case ECOND_STR_LE:
1976 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1977 break;
1978
1979 case ECOND_STR_LEI:
1980 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1981 break;
1982
1983 case ECOND_STR_EQ:
1984 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1985 break;
1986
1987 case ECOND_STR_EQI:
1988 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1989 break;
1990
1991 case ECOND_STR_GT:
1992 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1993 break;
1994
1995 case ECOND_STR_GTI:
1996 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1997 break;
1998
1999 case ECOND_STR_GE:
2000 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2001 break;
2002
2003 case ECOND_STR_GEI:
2004 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2005 break;
2006
2007 case ECOND_MATCH: /* Regular expression match */
2008 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2009 NULL);
2010 if (re == NULL)
2011 {
2012 expand_string_message = string_sprintf("regular expression error in "
2013 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2014 return NULL;
2015 }
2016 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2017 break;
2018
2019 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2020 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2021 goto MATCHED_SOMETHING;
2022
2023 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2024 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2025 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2026 goto MATCHED_SOMETHING;
2027
32d668a5 2028 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2029 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH		 2030 {
2031 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2032 sub[0]);
2033 return NULL;
2034 }
2035 else
2036 {
2037 unsigned int *nullcache = NULL;
2038 check_host_block cb;
2039
2040 cb.host_name = US"";
2041 cb.host_address = sub[0];
2042
2043 /* If the host address starts off ::ffff: it is an IPv6 address in
2044 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2045 addresses. */
2046
2047 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2048 cb.host_address + 7 : cb.host_address;
2049
2050 rc = match_check_list(
2051 &sub[1], /* the list */
2052 0, /* separator character */
2053 &hostlist_anchor, /* anchor pointer */
2054 &nullcache, /* cache pointer */
2055 check_host, /* function for testing */
2056 &cb, /* argument for function */
2057 MCL_HOST, /* type of check */
2058 sub[0], /* text for debugging */
2059 NULL); /* where to pass back data */
2060 }
2061 goto MATCHED_SOMETHING;
2062
059ec3d9
PH		 2063 case ECOND_MATCH_LOCAL_PART:
2064 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2065 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2066 /* Fall through */
9a26b6b2 2067 /* VVVVVVVVVVVV */
059ec3d9
PH		 2068 MATCHED_SOMETHING:
2069 switch(rc)
2070 {
2071 case OK:
2072 *yield = testfor;
2073 break;
2074
2075 case FAIL:
2076 *yield = !testfor;
2077 break;
2078
2079 case DEFER:
2080 expand_string_message = string_sprintf("unable to complete match "
2081 "against \"%s\": %s", sub[1], search_error_message);
2082 return NULL;
2083 }
2084
2085 break;
2086
2087 /* Various "encrypted" comparisons. If the second string starts with
2088 "{" then an encryption type is given. Default to crypt() or crypt16()
2089 (build-time choice). */
2090
2091 case ECOND_CRYPTEQ:
2092 #ifndef SUPPORT_CRYPTEQ
2093 goto COND_FAILED_NOT_COMPILED;
2094 #else
2095 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2096 {
2097 int sublen = Ustrlen(sub[1]+5);
2098 md5 base;
2099 uschar digest[16];
2100
2101 md5_start(&base);
2102 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2103
2104 /* If the length that we are comparing against is 24, the MD5 digest
2105 is expressed as a base64 string. This is the way LDAP does it. However,
2106 some other software uses a straightforward hex representation. We assume
2107 this if the length is 32. Other lengths fail. */
2108
2109 if (sublen == 24)
2110 {
2111 uschar *coded = auth_b64encode((uschar *)digest, 16);
2112 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2113 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2114 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2115 }
2116 else if (sublen == 32)
2117 {
2118 int i;
2119 uschar coded[36];
2120 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2121 coded[32] = 0;
2122 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2123 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2124 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2125 }
2126 else
2127 {
2128 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2129 "fail\n crypted=%s\n", sub[1]+5);
2130 *yield = !testfor;
2131 }
2132 }
2133
2134 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2135 {
2136 int sublen = Ustrlen(sub[1]+6);
2137 sha1 base;
2138 uschar digest[20];
2139
2140 sha1_start(&base);
2141 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2142
2143 /* If the length that we are comparing against is 28, assume the SHA1
2144 digest is expressed as a base64 string. If the length is 40, assume a
2145 straightforward hex representation. Other lengths fail. */
2146
2147 if (sublen == 28)
2148 {
2149 uschar *coded = auth_b64encode((uschar *)digest, 20);
2150 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2151 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2152 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2153 }
2154 else if (sublen == 40)
2155 {
2156 int i;
2157 uschar coded[44];
2158 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2159 coded[40] = 0;
2160 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2161 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2162 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2163 }
2164 else
2165 {
2166 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2167 "fail\n crypted=%s\n", sub[1]+6);
2168 *yield = !testfor;
2169 }
2170 }
2171
2172 else /* {crypt} or {crypt16} and non-{ at start */
2173 {
2174 int which = 0;
2175 uschar *coded;
2176
2177 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2178 {
2179 sub[1] += 7;
2180 which = 1;
2181 }
2182 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2183 {
2184 sub[1] += 9;
2185 which = 2;
2186 }
2187 else if (sub[1][0] == '{')
2188 {
2189 expand_string_message = string_sprintf("unknown encryption mechanism "
2190 "in \"%s\"", sub[1]);
2191 return NULL;
2192 }
2193
2194 switch(which)
2195 {
2196 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2197 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2198 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2199 }
2200
2201 #define STR(s) # s
2202 #define XSTR(s) STR(s)
2203 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2204 " subject=%s\n crypted=%s\n",
2205 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2206 coded, sub[1]);
2207 #undef STR
2208 #undef XSTR
2209
2210 /* If the encrypted string contains fewer than two characters (for the
2211 salt), force failure. Otherwise we get false positives: with an empty
2212 string the yield of crypt() is an empty string! */
2213
2214 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2215 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2216 }
2217 break;
2218 #endif /* SUPPORT_CRYPTEQ */
2219 } /* Switch for comparison conditions */
2220
2221 return s; /* End of comparison conditions */
2222
2223
2224 /* and/or: computes logical and/or of several conditions */
2225
2226 case ECOND_AND:
2227 case ECOND_OR:
2228 subcondptr = (yield == NULL)? NULL : &tempcond;
2229 combined_cond = (cond_type == ECOND_AND);
2230
2231 while (isspace(*s)) s++;
2232 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2233
2234 for (;;)
2235 {
2236 while (isspace(*s)) s++;
2237 if (*s == '}') break;
2238 if (*s != '{')
2239 {
2240 expand_string_message = string_sprintf("each subcondition "
2241 "inside an \"%s{...}\" condition must be in its own {}", name);
2242 return NULL;
2243 }
2244
2245 s = eval_condition(s+1, subcondptr);
2246 if (s == NULL)
2247 {
2248 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2249 expand_string_message, name);
2250 return NULL;
2251 }
2252 while (isspace(*s)) s++;
2253
2254 if (*s++ != '}')
2255 {
2256 expand_string_message = string_sprintf("missing } at end of condition "
2257 "inside \"%s\" group", name);
2258 return NULL;
2259 }
2260
2261 if (yield != NULL)
2262 {
2263 if (cond_type == ECOND_AND)
2264 {
2265 combined_cond &= tempcond;
2266 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2267 } /* evaluate any more */
2268 else
2269 {
2270 combined_cond |= tempcond;
2271 if (combined_cond) subcondptr = NULL; /* once true, don't */
2272 } /* evaluate any more */
2273 }
2274 }
2275
2276 if (yield != NULL) *yield = (combined_cond == testfor);
2277 return ++s;
2278
2279
2280 /* Unknown condition */
2281
2282 default:
2283 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2284 return NULL;
2285 } /* End switch on condition type */
2286
2287/* Missing braces at start and end of data */
2288
2289COND_FAILED_CURLY_START:
2290expand_string_message = string_sprintf("missing { after \"%s\"", name);
2291return NULL;
2292
2293COND_FAILED_CURLY_END:
2294expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2295 name);
2296return NULL;
2297
2298/* A condition requires code that is not compiled */
2299
2300#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2301 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2302 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2303COND_FAILED_NOT_COMPILED:
2304expand_string_message = string_sprintf("support for \"%s\" not compiled",
2305 name);
2306return NULL;
2307#endif
2308}
2309
2310
2311
2312
2313/*************************************************
2314* Save numerical variables *
2315*************************************************/
2316
2317/* This function is called from items such as "if" that want to preserve and
2318restore the numbered variables.
2319
2320Arguments:
2321 save_expand_string points to an array of pointers to set
2322 save_expand_nlength points to an array of ints for the lengths
2323
2324Returns: the value of expand max to save
2325*/
2326
2327static int
2328save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2329{
2330int i;
2331for (i = 0; i <= expand_nmax; i++)
2332 {
2333 save_expand_nstring[i] = expand_nstring[i];
2334 save_expand_nlength[i] = expand_nlength[i];
2335 }
2336return expand_nmax;
2337}
2338
2339
2340
2341/*************************************************
2342* Restore numerical variables *
2343*************************************************/
2344
2345/* This function restored saved values of numerical strings.
2346
2347Arguments:
2348 save_expand_nmax the number of strings to restore
2349 save_expand_string points to an array of pointers
2350 save_expand_nlength points to an array of ints
2351
2352Returns: nothing
2353*/
2354
2355static void
2356restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2357 int *save_expand_nlength)
2358{
2359int i;
2360expand_nmax = save_expand_nmax;
2361for (i = 0; i <= expand_nmax; i++)
2362 {
2363 expand_nstring[i] = save_expand_nstring[i];
2364 expand_nlength[i] = save_expand_nlength[i];
2365 }
2366}
2367
2368
2369
2370
2371
2372/*************************************************
2373* Handle yes/no substrings *
2374*************************************************/
2375
2376/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2377alternative substrings that depend on whether or not the condition was true,
2378or the lookup or extraction succeeded. The substrings always have to be
2379expanded, to check their syntax, but "skipping" is set when the result is not
2380needed - this avoids unnecessary nested lookups.
2381
2382Arguments:
2383 skipping TRUE if we were skipping when this item was reached
2384 yes TRUE if the first string is to be used, else use the second
2385 save_lookup a value to put back into lookup_value before the 2nd expansion
2386 sptr points to the input string pointer
2387 yieldptr points to the output string pointer
2388 sizeptr points to the output string size
2389 ptrptr points to the output string pointer
2390 type "lookup" or "if" or "extract" or "run", for error message
2391
2392Returns: 0 OK; lookup_value has been reset to save_lookup
2393 1 expansion failed
2394 2 expansion failed because of bracketing error
2395*/
2396
2397static int
2398process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2399 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2400{
2401int rc = 0;
2402uschar *s = *sptr; /* Local value */
2403uschar *sub1, *sub2;
2404
2405/* If there are no following strings, we substitute the contents of $value for
063b1e99 2406lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 2407"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 2408items. */
059ec3d9
PH		 2409
2410while (isspace(*s)) s++;
2411if (*s == '}')
2412 {
063b1e99
PH		 2413 if (type[0] == 'i')
2414 {
8e669ac1 2415 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH		 2416 }
2417 else
8e669ac1 2418 {
063b1e99
PH		 2419 if (yes && lookup_value != NULL)
2420 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2421 Ustrlen(lookup_value));
2422 lookup_value = save_lookup;
2423 }
059ec3d9
PH		 2424 s++;
2425 goto RETURN;
2426 }
2427
9b4768fa
PH		 2428/* The first following string must be braced. */
2429
2430if (*s++ != '{') goto FAILED_CURLY;
2431
059ec3d9
PH		 2432/* Expand the first substring. Forced failures are noticed only if we actually
2433want this string. Set skipping in the call in the fail case (this will always
2434be the case if we were already skipping). */
2435
9b4768fa 2436sub1 = expand_string_internal(s, TRUE, &s, !yes);
059ec3d9
PH		 2437if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2438expand_string_forcedfail = FALSE;
2439if (*s++ != '}') goto FAILED_CURLY;
2440
2441/* If we want the first string, add it to the output */
2442
2443if (yes)
2444 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2445
2446/* If this is called from a lookup or an extract, we want to restore $value to
2447what it was at the start of the item, so that it has this value during the
d20976dc
PH		 2448second string expansion. For the call from "if" or "run" to this function,
2449save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH		 2450
2451lookup_value = save_lookup;
2452
2453/* There now follows either another substring, or "fail", or nothing. This
2454time, forced failures are noticed only if we want the second string. We must
2455set skipping in the nested call if we don't want this string, or if we were
2456already skipping. */
2457
2458while (isspace(*s)) s++;
2459if (*s == '{')
2460 {
2461 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2462 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2463 expand_string_forcedfail = FALSE;
2464 if (*s++ != '}') goto FAILED_CURLY;
2465
2466 /* If we want the second string, add it to the output */
2467
2468 if (!yes)
2469 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2470 }
2471
2472/* If there is no second string, but the word "fail" is present when the use of
2473the second string is wanted, set a flag indicating it was a forced failure
2474rather than a syntactic error. Swallow the terminating } in case this is nested
2475inside another lookup or if or extract. */
2476
2477else if (*s != '}')
2478 {
2479 uschar name[256];
2480 s = read_name(name, sizeof(name), s, US"_");
2481 if (Ustrcmp(name, "fail") == 0)
2482 {
2483 if (!yes && !skipping)
2484 {
2485 while (isspace(*s)) s++;
2486 if (*s++ != '}') goto FAILED_CURLY;
2487 expand_string_message =
2488 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2489 expand_string_forcedfail = TRUE;
2490 goto FAILED;
2491 }
2492 }
2493 else
2494 {
2495 expand_string_message =
2496 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2497 goto FAILED;
2498 }
2499 }
2500
2501/* All we have to do now is to check on the final closing brace. */
2502
2503while (isspace(*s)) s++;
2504if (*s++ == '}') goto RETURN;
2505
2506/* Get here if there is a bracketing failure */
2507
2508FAILED_CURLY:
2509rc++;
2510
2511/* Get here for other failures */
2512
2513FAILED:
2514rc++;
2515
2516/* Update the input pointer value before returning */
2517
2518RETURN:
2519*sptr = s;
2520return rc;
2521}
2522
2523
2524
2525
059ec3d9
PH		 2526/*************************************************
2527* Handle MD5 or SHA-1 computation for HMAC *
2528*************************************************/
2529
2530/* These are some wrapping functions that enable the HMAC code to be a bit
2531cleaner. A good compiler will spot the tail recursion.
2532
2533Arguments:
2534 type HMAC_MD5 or HMAC_SHA1
2535 remaining are as for the cryptographic hash functions
2536
2537Returns: nothing
2538*/
2539
2540static void
2541chash_start(int type, void *base)
2542{
2543if (type == HMAC_MD5)
2544 md5_start((md5 *)base);
2545else
2546 sha1_start((sha1 *)base);
2547}
2548
2549static void
2550chash_mid(int type, void *base, uschar *string)
2551{
2552if (type == HMAC_MD5)
2553 md5_mid((md5 *)base, string);
2554else
2555 sha1_mid((sha1 *)base, string);
2556}
2557
2558static void
2559chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2560{
2561if (type == HMAC_MD5)
2562 md5_end((md5 *)base, string, length, digest);
2563else
2564 sha1_end((sha1 *)base, string, length, digest);
2565}
2566
2567
2568
2569
2570
1549ea3b
PH		 2571/********************************************************
2572* prvs: Get last three digits of days since Jan 1, 1970 *
2573********************************************************/
2574
2575/* This is needed to implement the "prvs" BATV reverse
2576 path signing scheme
2577
2578Argument: integer "days" offset to add or substract to
2579 or from the current number of days.
2580
2581Returns: pointer to string containing the last three
2582 digits of the number of days since Jan 1, 1970,
2583 modified by the offset argument, NULL if there
2584 was an error in the conversion.
2585
2586*/
2587
2588static uschar *
2589prvs_daystamp(int day_offset)
2590{
a86229cf
PH		 2591uschar *days = store_get(32); /* Need at least 24 for cases */
2592(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 2593 (time(NULL) + day_offset*86400)/86400);
e169f567 2594return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH		 2595}
2596
2597
2598
2599/********************************************************
2600* prvs: perform HMAC-SHA1 computation of prvs bits *
2601********************************************************/
2602
2603/* This is needed to implement the "prvs" BATV reverse
2604 path signing scheme
2605
2606Arguments:
2607 address RFC2821 Address to use
2608 key The key to use (must be less than 64 characters
2609 in size)
2610 key_num Single-digit key number to use. Defaults to
2611 '0' when NULL.
2612
2613Returns: pointer to string containing the first three
2614 bytes of the final hash in hex format, NULL if
2615 there was an error in the process.
2616*/
2617
2618static uschar *
2619prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2620{
2621uschar *hash_source, *p;
2622int size = 0,offset = 0,i;
2623sha1 sha1_base;
2624void *use_base = &sha1_base;
2625uschar innerhash[20];
2626uschar finalhash[20];
2627uschar innerkey[64];
2628uschar outerkey[64];
2629uschar *finalhash_hex = store_get(40);
2630
2631if (key_num == NULL)
2632 key_num = US"0";
2633
2634if (Ustrlen(key) > 64)
2635 return NULL;
2636
2637hash_source = string_cat(NULL,&size,&offset,key_num,1);
2638string_cat(hash_source,&size,&offset,daystamp,3);
2639string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2640hash_source[offset] = '\0';
2641
2642DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2643
2644memset(innerkey, 0x36, 64);
2645memset(outerkey, 0x5c, 64);
2646
2647for (i = 0; i < Ustrlen(key); i++)
2648 {
2649 innerkey[i] ^= key[i];
2650 outerkey[i] ^= key[i];
2651 }
2652
2653chash_start(HMAC_SHA1, use_base);
2654chash_mid(HMAC_SHA1, use_base, innerkey);
2655chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2656
2657chash_start(HMAC_SHA1, use_base);
2658chash_mid(HMAC_SHA1, use_base, outerkey);
2659chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2660
2661p = finalhash_hex;
2662for (i = 0; i < 3; i++)
2663 {
2664 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2665 *p++ = hex_digits[finalhash[i] & 0x0f];
2666 }
2667*p = '\0';
2668
2669return finalhash_hex;
2670}
2671
2672
2673
2674
059ec3d9
PH		 2675/*************************************************
2676* Join a file onto the output string *
2677*************************************************/
2678
2679/* This is used for readfile and after a run expansion. It joins the contents
2680of a file onto the output string, globally replacing newlines with a given
2681string (optionally). The file is closed at the end.
2682
2683Arguments:
2684 f the FILE
2685 yield pointer to the expandable string
2686 sizep pointer to the current size
2687 ptrp pointer to the current position
2688 eol newline replacement string, or NULL
2689
2690Returns: new value of string pointer
2691*/
2692
2693static uschar *
2694cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2695{
2696int eollen;
2697uschar buffer[1024];
2698
2699eollen = (eol == NULL)? 0 : Ustrlen(eol);
2700
2701while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2702 {
2703 int len = Ustrlen(buffer);
2704 if (eol != NULL && buffer[len-1] == '\n') len--;
2705 yield = string_cat(yield, sizep, ptrp, buffer, len);
2706 if (buffer[len] != 0)
2707 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2708 }
2709
2710if (yield != NULL) yield[*ptrp] = 0;
2711
2712return yield;
2713}
2714
2715
2716
2717
2718/*************************************************
2719* Evaluate numeric expression *
2720*************************************************/
2721
2722/* This is a set of mutually recursive functions that evaluate a simple
2723arithmetic expression involving only + - * / and parentheses. The only one that
2724is called from elsewhere is eval_expr, whose interface is:
2725
2726Arguments:
2727 sptr pointer to the pointer to the string - gets updated
2728 decimal TRUE if numbers are to be assumed decimal
2729 error pointer to where to put an error message - must be NULL on input
2730 endket TRUE if ')' must terminate - FALSE for external call
2731
2732
2733Returns: on success: the value of the expression, with *error still NULL
2734 on failure: an undefined value, with *error = a message
2735*/
2736
2737static int eval_sumterm(uschar **, BOOL, uschar **);
2738
2739static int
2740eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2741{
2742uschar *s = *sptr;
2743int x = eval_sumterm(&s, decimal, error);
2744if (*error == NULL)
2745 {
2746 while (*s == '+' || *s == '-')
2747 {
2748 int op = *s++;
2749 int y = eval_sumterm(&s, decimal, error);
2750 if (*error != NULL) break;
2751 if (op == '+') x += y; else x -= y;
2752 }
2753 if (*error == NULL)
2754 {
2755 if (endket)
2756 {
2757 if (*s != ')')
2758 *error = US"expecting closing parenthesis";
2759 else
2760 while (isspace(*(++s)));
2761 }
2762 else if (*s != 0) *error = US"expecting + or -";
2763 }
2764 }
2765
2766*sptr = s;
2767return x;
2768}
2769
2770static int
2771eval_term(uschar **sptr, BOOL decimal, uschar **error)
2772{
2773register int c;
2774int n;
2775uschar *s = *sptr;
2776while (isspace(*s)) s++;
2777c = *s;
2778if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2779 {
2780 int count;
2781 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2782 s += count;
2783 if (tolower(*s) == 'k') { n *= 1024; s++; }
2784 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2785 while (isspace (*s)) s++;
2786 }
2787else if (c == '(')
2788 {
2789 s++;
2790 n = eval_expr(&s, decimal, error, 1);
2791 }
2792else
2793 {
2794 *error = US"expecting number or opening parenthesis";
2795 n = 0;
2796 }
2797*sptr = s;
2798return n;
2799}
2800
2801static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2802{
2803uschar *s = *sptr;
2804int x = eval_term(&s, decimal, error);
2805if (*error == NULL)
2806 {
5591031b 2807 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH		 2808 {
2809 int op = *s++;
2810 int y = eval_term(&s, decimal, error);
2811 if (*error != NULL) break;
5591031b
PH		 2812 if (op == '*') x *= y;
2813 else if (op == '/') x /= y;
2814 else x %= y;
059ec3d9
PH		 2815 }
2816 }
2817*sptr = s;
2818return x;
2819}
2820
2821
2822
2823
2824/*************************************************
2825* Expand string *
2826*************************************************/
2827
2828/* Returns either an unchanged string, or the expanded string in stacking pool
2829store. Interpreted sequences are:
2830
2831 \... normal escaping rules
2832 $name substitutes the variable
2833 ${name} ditto
2834 ${op:string} operates on the expanded string value
2835 ${item{arg1}{arg2}...} expands the args and then does the business
2836 some literal args are not enclosed in {}
2837
2838There are now far too many operators and item types to make it worth listing
2839them here in detail any more.
2840
2841We use an internal routine recursively to handle embedded substrings. The
2842external function follows. The yield is NULL if the expansion failed, and there
2843are two cases: if something collapsed syntactically, or if "fail" was given
2844as the action on a lookup failure. These can be distinguised by looking at the
2845variable expand_string_forcedfail, which is TRUE in the latter case.
2846
2847The skipping flag is set true when expanding a substring that isn't actually
2848going to be used (after "if" or "lookup") and it prevents lookups from
2849happening lower down.
2850
2851Store usage: At start, a store block of the length of the input plus 64
2852is obtained. This is expanded as necessary by string_cat(), which might have to
2853get a new block, or might be able to expand the original. At the end of the
2854function we can release any store above that portion of the yield block that
2855was actually used. In many cases this will be optimal.
2856
2857However: if the first item in the expansion is a variable name or header name,
2858we reset the store before processing it; if the result is in fresh store, we
2859use that without copying. This is helpful for expanding strings like
2860$message_headers which can get very long.
2861
2862Arguments:
2863 string the string to be expanded
2864 ket_ends true if expansion is to stop at }
2865 left if not NULL, a pointer to the first character after the
2866 expansion is placed here (typically used with ket_ends)
2867 skipping TRUE for recursive calls when the value isn't actually going
2868 to be used (to allow for optimisation)
2869
2870Returns: NULL if expansion fails:
2871 expand_string_forcedfail is set TRUE if failure was forced
2872 expand_string_message contains a textual error message
2873 a pointer to the expanded string on success
2874*/
2875
2876static uschar *
2877expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2878 BOOL skipping)
2879{
2880int ptr = 0;
2881int size = Ustrlen(string)+ 64;
2882int item_type;
2883uschar *yield = store_get(size);
2884uschar *s = string;
2885uschar *save_expand_nstring[EXPAND_MAXN+1];
2886int save_expand_nlength[EXPAND_MAXN+1];
2887
2888expand_string_forcedfail = FALSE;
2889expand_string_message = US"";
2890
2891while (*s != 0)
2892 {
2893 uschar *value;
2894 uschar name[256];
2895
2896 /* \ escapes the next character, which must exist, or else
2897 the expansion fails. There's a special escape, \N, which causes
2898 copying of the subject verbatim up to the next \N. Otherwise,
2899 the escapes are the standard set. */
2900
2901 if (*s == '\\')
2902 {
2903 if (s[1] == 0)
2904 {
2905 expand_string_message = US"\\ at end of string";
2906 goto EXPAND_FAILED;
2907 }
2908
2909 if (s[1] == 'N')
2910 {
2911 uschar *t = s + 2;
2912 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2913 yield = string_cat(yield, &size, &ptr, t, s - t);
2914 if (*s != 0) s += 2;
2915 }
2916
2917 else
2918 {
2919 uschar ch[1];
2920 ch[0] = string_interpret_escape(&s);
2921 s++;
2922 yield = string_cat(yield, &size, &ptr, ch, 1);
2923 }
2924
2925 continue;
2926 }
2927
2928 /* Anything other than $ is just copied verbatim, unless we are
2929 looking for a terminating } character. */
2930
2931 if (ket_ends && *s == '}') break;
2932
2933 if (*s != '$')
2934 {
2935 yield = string_cat(yield, &size, &ptr, s++, 1);
2936 continue;
2937 }
2938
2939 /* No { after the $ - must be a plain name or a number for string
2940 match variable. There has to be a fudge for variables that are the
2941 names of header fields preceded by "$header_" because header field
2942 names can contain any printing characters except space and colon.
2943 For those that don't like typing this much, "$h_" is a synonym for
2944 "$header_". A non-existent header yields a NULL value; nothing is
2945 inserted. */
2946
2947 if (isalpha((*(++s))))
2948 {
2949 int len;
2950 int newsize = 0;
2951
2952 s = read_name(name, sizeof(name), s, US"_");
2953
2954 /* If this is the first thing to be expanded, release the pre-allocated
2955 buffer. */
2956
2957 if (ptr == 0 && yield != NULL)
2958 {
2959 store_reset(yield);
2960 yield = NULL;
2961 size = 0;
2962 }
2963
2964 /* Header */
2965
2966 if (Ustrncmp(name, "h_", 2) == 0 ||
2967 Ustrncmp(name, "rh_", 3) == 0 ||
2968 Ustrncmp(name, "bh_", 3) == 0 ||
2969 Ustrncmp(name, "header_", 7) == 0 ||
2970 Ustrncmp(name, "rheader_", 8) == 0 ||
2971 Ustrncmp(name, "bheader_", 8) == 0)
2972 {
2973 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2974 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2975 s = read_header_name(name, sizeof(name), s);
2976 value = find_header(name, FALSE, &newsize, want_raw, charset);
2977
2978 /* If we didn't find the header, and the header contains a closing brace
0d85fa3f 2979 character, this may be a user error where the terminating colon
059ec3d9
PH		 2980 has been omitted. Set a flag to adjust the error message in this case.
2981 But there is no error here - nothing gets inserted. */
2982
2983 if (value == NULL)
2984 {
2985 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2986 continue;
2987 }
2988 }
2989
2990 /* Variable */
2991
2992 else
2993 {
2994 value = find_variable(name, FALSE, skipping, &newsize);
2995 if (value == NULL)
2996 {
2997 expand_string_message =
2998 string_sprintf("unknown variable name \"%s\"", name);
641cb756 2999 check_variable_error_message(name);
059ec3d9
PH		 3000 goto EXPAND_FAILED;
3001 }
3002 }
3003
3004 /* If the data is known to be in a new buffer, newsize will be set to the
3005 size of that buffer. If this is the first thing in an expansion string,
3006 yield will be NULL; just point it at the new store instead of copying. Many
3007 expansion strings contain just one reference, so this is a useful
3008 optimization, especially for humungous headers. */
3009
3010 len = Ustrlen(value);
3011 if (yield == NULL && newsize != 0)
3012 {
3013 yield = value;
3014 size = newsize;
3015 ptr = len;
3016 }
3017 else yield = string_cat(yield, &size, &ptr, value, len);
3018
3019 continue;
3020 }
3021
3022 if (isdigit(*s))
3023 {
3024 int n;
3025 s = read_number(&n, s);
3026 if (n >= 0 && n <= expand_nmax)
3027 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3028 expand_nlength[n]);
3029 continue;
3030 }
3031
3032 /* Otherwise, if there's no '{' after $ it's an error. */
3033
3034 if (*s != '{')
3035 {
3036 expand_string_message = US"$ not followed by letter, digit, or {";
3037 goto EXPAND_FAILED;
3038 }
3039
3040 /* After { there can be various things, but they all start with
3041 an initial word, except for a number for a string match variable. */
3042
3043 if (isdigit((*(++s))))
3044 {
3045 int n;
3046 s = read_number(&n, s);
3047 if (*s++ != '}')
3048 {
3049 expand_string_message = US"} expected after number";
3050 goto EXPAND_FAILED;
3051 }
3052 if (n >= 0 && n <= expand_nmax)
3053 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3054 expand_nlength[n]);
3055 continue;
3056 }
3057
3058 if (!isalpha(*s))
3059 {
3060 expand_string_message = US"letter or digit expected after ${";
3061 goto EXPAND_FAILED;
3062 }
3063
3064 /* Allow "-" in names to cater for substrings with negative
3065 arguments. Since we are checking for known names after { this is
3066 OK. */
3067
3068 s = read_name(name, sizeof(name), s, US"_-");
3069 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3070
3071 switch(item_type)
3072 {
3073 /* Handle conditionals - preserve the values of the numerical expansion
3074 variables in case they get changed by a regular expression match in the
3075 condition. If not, they retain their external settings. At the end
3076 of this "if" section, they get restored to their previous values. */
3077
3078 case EITEM_IF:
3079 {
3080 BOOL cond = FALSE;
3081 uschar *next_s;
3082 int save_expand_nmax =
3083 save_expand_strings(save_expand_nstring, save_expand_nlength);
3084
3085 while (isspace(*s)) s++;
3086 next_s = eval_condition(s, skipping? NULL : &cond);
3087 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3088
3089 DEBUG(D_expand)
3090 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3091 cond? "true" : "false");
3092
3093 s = next_s;
3094
3095 /* The handling of "yes" and "no" result strings is now in a separate
3096 function that is also used by ${lookup} and ${extract} and ${run}. */
3097
3098 switch(process_yesno(
3099 skipping, /* were previously skipping */
3100 cond, /* success/failure indicator */
3101 lookup_value, /* value to reset for string2 */
3102 &s, /* input pointer */
3103 &yield, /* output pointer */
3104 &size, /* output size */
3105 &ptr, /* output current point */
3106 US"if")) /* condition type */
3107 {
3108 case 1: goto EXPAND_FAILED; /* when all is well, the */
3109 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3110 }
3111
3112 /* Restore external setting of expansion variables for continuation
3113 at this level. */
3114
3115 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3116 save_expand_nlength);
3117 continue;
3118 }
3119
3120 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3121 expanding an internal string that isn't actually going to be used. All we
3122 need to do is check the syntax, so don't do a lookup at all. Preserve the
3123 values of the numerical expansion variables in case they get changed by a
3124 partial lookup. If not, they retain their external settings. At the end
3125 of this "lookup" section, they get restored to their previous values. */
3126
3127 case EITEM_LOOKUP:
3128 {
3129 int stype, partial, affixlen, starflags;
3130 int expand_setup = 0;
3131 int nameptr = 0;
3132 uschar *key, *filename, *affix;
3133 uschar *save_lookup_value = lookup_value;
3134 int save_expand_nmax =
3135 save_expand_strings(save_expand_nstring, save_expand_nlength);
3136
3137 if ((expand_forbid & RDO_LOOKUP) != 0)
3138 {
3139 expand_string_message = US"lookup expansions are not permitted";
3140 goto EXPAND_FAILED;
3141 }
3142
3143 /* Get the key we are to look up for single-key+file style lookups.
3144 Otherwise set the key NULL pro-tem. */
3145
3146 while (isspace(*s)) s++;
3147 if (*s == '{')
3148 {
3149 key = expand_string_internal(s+1, TRUE, &s, skipping);
3150 if (key == NULL) goto EXPAND_FAILED;
3151 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3152 while (isspace(*s)) s++;
3153 }
3154 else key = NULL;
3155
3156 /* Find out the type of database */
3157
3158 if (!isalpha(*s))
3159 {
3160 expand_string_message = US"missing lookup type";
3161 goto EXPAND_FAILED;
3162 }
3163
3164 /* The type is a string that may contain special characters of various
3165 kinds. Allow everything except space or { to appear; the actual content
3166 is checked by search_findtype_partial. */
3167
3168 while (*s != 0 && *s != '{' && !isspace(*s))
3169 {
3170 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3171 s++;
3172 }
3173 name[nameptr] = 0;
3174 while (isspace(*s)) s++;
3175
3176 /* Now check for the individual search type and any partial or default
3177 options. Only those types that are actually in the binary are valid. */
3178
3179 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3180 &starflags);
3181 if (stype < 0)
3182 {
3183 expand_string_message = search_error_message;
3184 goto EXPAND_FAILED;
3185 }
3186
3187 /* Check that a key was provided for those lookup types that need it,
3188 and was not supplied for those that use the query style. */
3189
13b685f9 3190 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
059ec3d9
PH		 3191 {
3192 if (key == NULL)
3193 {
3194 expand_string_message = string_sprintf("missing {key} for single-"
3195 "key \"%s\" lookup", name);
3196 goto EXPAND_FAILED;
3197 }
3198 }
3199 else
3200 {
3201 if (key != NULL)
3202 {
3203 expand_string_message = string_sprintf("a single key was given for "
3204 "lookup type \"%s\", which is not a single-key lookup type", name);
3205 goto EXPAND_FAILED;
3206 }
3207 }
3208
3209 /* Get the next string in brackets and expand it. It is the file name for
13b685f9
PH		 3210 single-key+file lookups, and the whole query otherwise. In the case of
3211 queries that also require a file name (e.g. sqlite), the file name comes
3212 first. */
059ec3d9
PH		 3213
3214 if (*s != '{') goto EXPAND_FAILED_CURLY;
3215 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3216 if (filename == NULL) goto EXPAND_FAILED;
3217 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3218 while (isspace(*s)) s++;
3219
3220 /* If this isn't a single-key+file lookup, re-arrange the variables
13b685f9
PH		 3221 to be appropriate for the search_ functions. For query-style lookups,
3222 there is just a "key", and no file name. For the special query-style +
3223 file types, the query (i.e. "key") starts with a file name. */
059ec3d9
PH		 3224
3225 if (key == NULL)
3226 {
13b685f9 3227 while (isspace(*filename)) filename++;
059ec3d9 3228 key = filename;
13b685f9
PH		 3229
3230 if (mac_islookup(stype, lookup_querystyle))
3231 {
3232 filename = NULL;
3233 }
3234 else
3235 {
3236 if (*filename != '/')
3237 {
3238 expand_string_message = string_sprintf(
3239 "absolute file name expected for \"%s\" lookup", name);
3240 goto EXPAND_FAILED;
3241 }
3242 while (*key != 0 && !isspace(*key)) key++;
3243 if (*key != 0) *key++ = 0;
3244 }
059ec3d9
PH		 3245 }
3246
3247 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3248 the entry was not found. Note that there is no search_close() function.
3249 Files are left open in case of re-use. At suitable places in higher logic,
3250 search_tidyup() is called to tidy all open files. This can save opening
3251 the same file several times. However, files may also get closed when
3252 others are opened, if too many are open at once. The rule is that a
3253 handle should not be used after a second search_open().
3254
3255 Request that a partial search sets up $1 and maybe $2 by passing
3256 expand_setup containing zero. If its value changes, reset expand_nmax,
3257 since new variables will have been set. Note that at the end of this
3258 "lookup" section, the old numeric variables are restored. */
3259
3260 if (skipping)
3261 lookup_value = NULL;
3262 else
3263 {
3264 void *handle = search_open(filename, stype, 0, NULL, NULL);
3265 if (handle == NULL)
3266 {
3267 expand_string_message = search_error_message;
3268 goto EXPAND_FAILED;
3269 }
3270 lookup_value = search_find(handle, filename, key, partial, affix,
3271 affixlen, starflags, &expand_setup);
3272 if (search_find_defer)
3273 {
3274 expand_string_message =
3275 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3276 search_error_message);
3277 goto EXPAND_FAILED;
3278 }
3279 if (expand_setup > 0) expand_nmax = expand_setup;
3280 }
3281
3282 /* The handling of "yes" and "no" result strings is now in a separate
3283 function that is also used by ${if} and ${extract}. */
3284
3285 switch(process_yesno(
3286 skipping, /* were previously skipping */
3287 lookup_value != NULL, /* success/failure indicator */
3288 save_lookup_value, /* value to reset for string2 */
3289 &s, /* input pointer */
3290 &yield, /* output pointer */
3291 &size, /* output size */
3292 &ptr, /* output current point */
3293 US"lookup")) /* condition type */
3294 {
3295 case 1: goto EXPAND_FAILED; /* when all is well, the */
3296 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3297 }
3298
3299 /* Restore external setting of expansion variables for carrying on
3300 at this level, and continue. */
3301
3302 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3303 save_expand_nlength);
3304 continue;
3305 }
3306
3307 /* If Perl support is configured, handle calling embedded perl subroutines,
3308 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3309 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3310 arguments (defined below). */
3311
059ec3d9
PH		 3312 #define EXIM_PERL_MAX_ARGS 8
3313
3314 case EITEM_PERL:
1a46a8c5
PH		 3315 #ifndef EXIM_PERL
3316 expand_string_message = US"\"${perl\" encountered, but this facility "
3317 "is not included in this binary";
3318 goto EXPAND_FAILED;
3319
3320 #else /* EXIM_PERL */
059ec3d9
PH		 3321 {
3322 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3323 uschar *new_yield;
3324
3325 if ((expand_forbid & RDO_PERL) != 0)
3326 {
3327 expand_string_message = US"Perl calls are not permitted";
3328 goto EXPAND_FAILED;
3329 }
3330
3331 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3332 US"perl"))
3333 {
3334 case 1: goto EXPAND_FAILED_CURLY;
3335 case 2:
3336 case 3: goto EXPAND_FAILED;
3337 }
3338
3339 /* If skipping, we don't actually do anything */
3340
3341 if (skipping) continue;
3342
3343 /* Start the interpreter if necessary */
3344
3345 if (!opt_perl_started)
3346 {
3347 uschar *initerror;
3348 if (opt_perl_startup == NULL)
3349 {
3350 expand_string_message = US"A setting of perl_startup is needed when "
3351 "using the Perl interpreter";
3352 goto EXPAND_FAILED;
3353 }
3354 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3355 initerror = init_perl(opt_perl_startup);
3356 if (initerror != NULL)
3357 {
3358 expand_string_message =
3359 string_sprintf("error in perl_startup code: %s\n", initerror);
3360 goto EXPAND_FAILED;
3361 }
3362 opt_perl_started = TRUE;
3363 }
3364
3365 /* Call the function */
3366
3367 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3368 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3369 sub_arg[0], sub_arg + 1);
3370
3371 /* NULL yield indicates failure; if the message pointer has been set to
3372 NULL, the yield was undef, indicating a forced failure. Otherwise the
3373 message will indicate some kind of Perl error. */
3374
3375 if (new_yield == NULL)
3376 {
3377 if (expand_string_message == NULL)
3378 {
3379 expand_string_message =
3380 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3381 "failure", sub_arg[0]);
3382 expand_string_forcedfail = TRUE;
3383 }
3384 goto EXPAND_FAILED;
3385 }
3386
3387 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3388 set during a callback from Perl. */
3389
3390 expand_string_forcedfail = FALSE;
3391 yield = new_yield;
3392 continue;
3393 }
3394 #endif /* EXIM_PERL */
3395
fffda43a
TK		 3396 /* Transform email address to "prvs" scheme to use
3397 as BATV-signed return path */
3398
3399 case EITEM_PRVS:
3400 {
3401 uschar *sub_arg[3];
3402 uschar *p,*domain;
3403
3404 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3405 {
3406 case 1: goto EXPAND_FAILED_CURLY;
3407 case 2:
3408 case 3: goto EXPAND_FAILED;
3409 }
3410
3411 /* If skipping, we don't actually do anything */
3412 if (skipping) continue;
3413
3414 /* sub_arg[0] is the address */
3415 domain = Ustrrchr(sub_arg[0],'@');
3416 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3417 {
cb9328de
PH		 3418 expand_string_message = US"prvs first argument must be a qualified email address";
3419 goto EXPAND_FAILED;
3420 }
3421
3422 /* Calculate the hash. The second argument must be a single-digit
3423 key number, or unset. */
3424
3425 if (sub_arg[2] != NULL &&
3426 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
3427 {
3428 expand_string_message = US"prvs second argument must be a single digit";
fffda43a
TK		 3429 goto EXPAND_FAILED;
3430 }
3431
fffda43a
TK		 3432 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3433 if (p == NULL)
3434 {
cb9328de 3435 expand_string_message = US"prvs hmac-sha1 conversion failed";
fffda43a
TK		 3436 goto EXPAND_FAILED;
3437 }
3438
3439 /* Now separate the domain from the local part */
3440 *domain++ = '\0';
3441
3442 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3443 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3444 string_cat(yield,&size,&ptr,US"/",1);
3445 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3446 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3447 string_cat(yield,&size,&ptr,p,6);
3448 string_cat(yield,&size,&ptr,US"@",1);
3449 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3450
3451 continue;
3452 }
3453
3454 /* Check a prvs-encoded address for validity */
3455
3456 case EITEM_PRVSCHECK:
3457 {
3458 uschar *sub_arg[3];
3459 int mysize = 0, myptr = 0;
3460 const pcre *re;
3461 uschar *p;
72fdd6ae
PH		 3462
3463 /* TF: Ugliness: We want to expand parameter 1 first, then set
fffda43a
TK		 3464 up expansion variables that are used in the expansion of
3465 parameter 2. So we clone the string for the first
72fdd6ae
PH		 3466 expansion, where we only expand parameter 1.
3467
3468 PH: Actually, that isn't necessary. The read_subs() function is
3469 designed to work this way for the ${if and ${lookup expansions. I've
3470 tidied the code.
3471 */
fffda43a
TK		 3472
3473 /* Reset expansion variables */
3474 prvscheck_result = NULL;
3475 prvscheck_address = NULL;
3476 prvscheck_keynum = NULL;
3477
72fdd6ae 3478 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
fffda43a
TK		 3479 {
3480 case 1: goto EXPAND_FAILED_CURLY;
3481 case 2:
3482 case 3: goto EXPAND_FAILED;
3483 }
3484
3485 re = regex_must_compile(US"^prvs\\=(.+)\\/([0-9])([0-9]{3})([A-F0-9]{6})\\@(.+)$",
3486 TRUE,FALSE);
3487
72fdd6ae
PH		 3488 if (regex_match_and_setup(re,sub_arg[0],0,-1))
3489 {
fffda43a
TK		 3490 uschar *local_part = string_copyn(expand_nstring[1],expand_nlength[1]);
3491 uschar *key_num = string_copyn(expand_nstring[2],expand_nlength[2]);
3492 uschar *daystamp = string_copyn(expand_nstring[3],expand_nlength[3]);
3493 uschar *hash = string_copyn(expand_nstring[4],expand_nlength[4]);
3494 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3495
3496 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3497 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3498 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3499 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3500 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3501
3502 /* Set up expansion variables */
3503 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
2740a2ca 3504 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
fffda43a
TK		 3505 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3506 prvscheck_address[myptr] = '\0';
3507 prvscheck_keynum = string_copy(key_num);
3508
72fdd6ae
PH		 3509 /* Now expand the second argument */
3510 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
fffda43a
TK		 3511 {
3512 case 1: goto EXPAND_FAILED_CURLY;
3513 case 2:
3514 case 3: goto EXPAND_FAILED;
3515 }
3516
fffda43a 3517 /* Now we have the key and can check the address. */
72fdd6ae
PH		 3518
3519 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
3520 daystamp);
3521
fffda43a
TK		 3522 if (p == NULL)
3523 {
3524 expand_string_message = US"hmac-sha1 conversion failed";
3525 goto EXPAND_FAILED;
3526 }
3527
3528 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
3529 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
72fdd6ae 3530
fffda43a
TK		 3531 if (Ustrcmp(p,hash) == 0)
3532 {
3533 /* Success, valid BATV address. Now check the expiry date. */
3534 uschar *now = prvs_daystamp(0);
3535 unsigned int inow = 0,iexpire = 1;
3536
ff790e47
PH		 3537 (void)sscanf(CS now,"%u",&inow);
3538 (void)sscanf(CS daystamp,"%u",&iexpire);
fffda43a
TK		 3539
3540 /* When "iexpire" is < 7, a "flip" has occured.
3541 Adjust "inow" accordingly. */
3542 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
3543
3544 if (iexpire > inow)
3545 {
3546 prvscheck_result = US"1";
3547 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
3548 }
3549 else
3550 {
3551 prvscheck_result = NULL;
3552 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
3553 }
3554 }
3555 else
3556 {
3557 prvscheck_result = NULL;
3558 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
3559 }
72fdd6ae
PH		 3560
3561 /* Now expand the final argument. We leave this till now so that
3562 it can include $prvscheck_result. */
3563
3564 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
3565 {
3566 case 1: goto EXPAND_FAILED_CURLY;
3567 case 2:
3568 case 3: goto EXPAND_FAILED;
3569 }
3570
3571 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
3572 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
3573 else
3574 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3575
3576 /* Reset the "internal" variables afterwards, because they are in
3577 dynamic store that will be reclaimed if the expansion succeeded. */
3578
3579 prvscheck_address = NULL;
3580 prvscheck_keynum = NULL;
3581 }
fffda43a
TK		 3582 else
3583 {
3584 /* Does not look like a prvs encoded address, return the empty string.
72fdd6ae
PH		 3585 We need to make sure all subs are expanded first, so as to skip over
3586 the entire item. */
3587
5a03bd24 3588 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
fffda43a
TK		 3589 {
3590 case 1: goto EXPAND_FAILED_CURLY;
3591 case 2:
3592 case 3: goto EXPAND_FAILED;
3593 }
3594 }
3595
3596 continue;
3597 }
3598
059ec3d9
PH		 3599 /* Handle "readfile" to insert an entire file */
3600
3601 case EITEM_READFILE:
3602 {
3603 FILE *f;
3604 uschar *sub_arg[2];
3605
3606 if ((expand_forbid & RDO_READFILE) != 0)
3607 {
3608 expand_string_message = US"file insertions are not permitted";
3609 goto EXPAND_FAILED;
3610 }
3611
3612 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3613 {
3614 case 1: goto EXPAND_FAILED_CURLY;
3615 case 2:
3616 case 3: goto EXPAND_FAILED;
3617 }
3618
3619 /* If skipping, we don't actually do anything */
3620
3621 if (skipping) continue;
3622
3623 /* Open the file and read it */
3624
3625 f = Ufopen(sub_arg[0], "rb");
3626 if (f == NULL)
3627 {
3628 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3629 goto EXPAND_FAILED;
3630 }
3631
3632 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
f1e894f3 3633 (void)fclose(f);
059ec3d9
PH		 3634 continue;
3635 }
3636
3637 /* Handle "readsocket" to insert data from a Unix domain socket */
3638
3639 case EITEM_READSOCK:
3640 {
3641 int fd;
3642 int timeout = 5;
3643 int save_ptr = ptr;
3644 FILE *f;
3645 struct sockaddr_un sockun; /* don't call this "sun" ! */
3646 uschar *arg;
3647 uschar *sub_arg[4];
3648
3649 if ((expand_forbid & RDO_READSOCK) != 0)
3650 {
3651 expand_string_message = US"socket insertions are not permitted";
3652 goto EXPAND_FAILED;
3653 }
3654
3655 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3656 because there may be a string for expansion on failure. */
3657
3658 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3659 {
3660 case 1: goto EXPAND_FAILED_CURLY;
3661 case 2: /* Won't occur: no end check */
3662 case 3: goto EXPAND_FAILED;
3663 }
3664
3665 /* Sort out timeout, if given */
3666
3667 if (sub_arg[2] != NULL)
3668 {
3669 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3670 if (timeout < 0)
3671 {
3672 expand_string_message = string_sprintf("bad time value %s",
3673 sub_arg[2]);
3674 goto EXPAND_FAILED;
3675 }
3676 }
3677 else sub_arg[3] = NULL; /* No eol if no timeout */
3678
1cce3af8
PH		 3679 /* If skipping, we don't actually do anything. Otherwise, arrange to
3680 connect to either an IP or a Unix socket. */
059ec3d9
PH		 3681
3682 if (!skipping)
3683 {
1cce3af8 3684 /* Handle an IP (internet) domain */
059ec3d9 3685
91ecef39 3686 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
059ec3d9 3687 {
1cce3af8
PH		 3688 BOOL connected = FALSE;
3689 int namelen, port;
3690 host_item shost;
3691 host_item *h;
3692 uschar *server_name = sub_arg[0] + 5;
3693 uschar *port_name = Ustrrchr(server_name, ':');
3694
3695 /* Sort out the port */
3696
3697 if (port_name == NULL)
3698 {
3699 expand_string_message =
3700 string_sprintf("missing port for readsocket %s", sub_arg[0]);
3701 goto EXPAND_FAILED;
3702 }
3703 *port_name++ = 0; /* Terminate server name */
3704
3705 if (isdigit(*port_name))
3706 {
3707 uschar *end;
3708 port = Ustrtol(port_name, &end, 0);
3709 if (end != port_name + Ustrlen(port_name))
3710 {
3711 expand_string_message =
3712 string_sprintf("invalid port number %s", port_name);
3713 goto EXPAND_FAILED;
3714 }
3715 }
3716 else
3717 {
3718 struct servent *service_info = getservbyname(CS port_name, "tcp");
3719 if (service_info == NULL)
3720 {
3721 expand_string_message = string_sprintf("unknown port \"%s\"",
3722 port_name);
3723 goto EXPAND_FAILED;
3724 }
3725 port = ntohs(service_info->s_port);
3726 }
3727
3728 /* Sort out the server. */
3729
3730 shost.next = NULL;
3731 shost.address = NULL;
3732 shost.port = port;
3733 shost.mx = -1;
3734
3735 namelen = Ustrlen(server_name);
3736
3737 /* Anything enclosed in [] must be an IP address. */
3738
3739 if (server_name[0] == '[' &&
3740 server_name[namelen - 1] == ']')
3741 {
3742 server_name[namelen - 1] = 0;
3743 server_name++;
3744 if (string_is_ip_address(server_name, NULL) == 0)
3745 {
3746 expand_string_message =
3747 string_sprintf("malformed IP address \"%s\"", server_name);
3748 goto EXPAND_FAILED;
3749 }
3750 shost.name = shost.address = server_name;
3751 }
3752
3753 /* Otherwise check for an unadorned IP address */
3754
3755 else if (string_is_ip_address(server_name, NULL) != 0)
3756 shost.name = shost.address = server_name;
3757
3758 /* Otherwise lookup IP address(es) from the name */
3759
3760 else
3761 {
3762 shost.name = server_name;
322050c2
PH		 3763 if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
3764 FALSE) != HOST_FOUND)
1cce3af8
PH		 3765 {
3766 expand_string_message =
3767 string_sprintf("no IP address found for host %s", shost.name);
3768 goto EXPAND_FAILED;
3769 }
3770 }
3771
3772 /* Try to connect to the server - test each IP till one works */
3773
3774 for (h = &shost; h != NULL; h = h->next)
3775 {
3776 int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
3777 if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
3778 {
3779 expand_string_message = string_sprintf("failed to create socket: "
3780 "%s", strerror(errno));
3781 goto SOCK_FAIL;
3782 }
3783
3784 if (ip_connect(fd, af, h->address, port, timeout) == 0)
3785 {
3786 connected = TRUE;
3787 break;
3788 }
3789 }
3790
3791 if (!connected)
3792 {
3793 expand_string_message = string_sprintf("failed to connect to "
3794 "socket %s: couldn't connect to any host", sub_arg[0],
3795 strerror(errno));
3796 goto SOCK_FAIL;
3797 }
059ec3d9
PH		 3798 }
3799
1cce3af8
PH		 3800 /* Handle a Unix domain socket */
3801
3802 else
059ec3d9 3803 {
1cce3af8
PH		 3804 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3805 {
3806 expand_string_message = string_sprintf("failed to create socket: %s",
3807 strerror(errno));
3808 goto SOCK_FAIL;
3809 }
3810
3811 sockun.sun_family = AF_UNIX;
3812 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3813 sub_arg[0]);
3814 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3815 {
3816 expand_string_message = string_sprintf("failed to connect to socket "
3817 "%s: %s", sub_arg[0], strerror(errno));
3818 goto SOCK_FAIL;
3819 }
059ec3d9 3820 }
1cce3af8 3821
059ec3d9
PH		 3822 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3823
3824 /* Write the request string, if not empty */
3825
3826 if (sub_arg[1][0] != 0)
3827 {
3828 int len = Ustrlen(sub_arg[1]);
3829 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3830 sub_arg[1]);
3831 if (write(fd, sub_arg[1], len) != len)
3832 {
3833 expand_string_message = string_sprintf("request write to socket "
3834 "failed: %s", strerror(errno));
3835 goto SOCK_FAIL;
3836 }
3837 }
3838
c1114884
PH		 3839 /* Shut down the sending side of the socket. This helps some servers to
3840 recognise that it is their turn to do some work. Just in case some
3841 system doesn't have this function, make it conditional. */
3842
3843 #ifdef SHUT_WR
3844 shutdown(fd, SHUT_WR);
3845 #endif
3846
059ec3d9
PH		 3847 /* Now we need to read from the socket, under a timeout. The function
3848 that reads a file can be used. */
3849
3850 f = fdopen(fd, "rb");
3851 sigalrm_seen = FALSE;
3852 alarm(timeout);
3853 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3854 alarm(0);
f1e894f3 3855 (void)fclose(f);
059ec3d9
PH		 3856
3857 /* After a timeout, we restore the pointer in the result, that is,
3858 make sure we add nothing from the socket. */
3859
3860 if (sigalrm_seen)
3861 {
3862 ptr = save_ptr;
1cce3af8 3863 expand_string_message = US "socket read timed out";
059ec3d9
PH		 3864 goto SOCK_FAIL;
3865 }
3866 }
3867
3868 /* The whole thing has worked (or we were skipping). If there is a
3869 failure string following, we need to skip it. */
3870
3871 if (*s == '{')
3872 {
3873 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3874 goto EXPAND_FAILED;
3875 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3876 while (isspace(*s)) s++;
3877 }
3878 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3879 continue;
3880
3881 /* Come here on failure to create socket, connect socket, write to the
3882 socket, or timeout on reading. If another substring follows, expand and
3883 use it. Otherwise, those conditions give expand errors. */
3884
3885 SOCK_FAIL:
3886 if (*s != '{') goto EXPAND_FAILED;
3887 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3888 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3889 if (arg == NULL) goto EXPAND_FAILED;
3890 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3891 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3892 while (isspace(*s)) s++;
3893 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3894 continue;
3895 }
3896
3897 /* Handle "run" to execute a program. */
3898
3899 case EITEM_RUN:
3900 {
3901 FILE *f;
059ec3d9
PH		 3902 uschar *arg;
3903 uschar **argv;
3904 pid_t pid;
3905 int fd_in, fd_out;
3906 int lsize = 0;
3907 int lptr = 0;
3908
3909 if ((expand_forbid & RDO_RUN) != 0)
3910 {
3911 expand_string_message = US"running a command is not permitted";
3912 goto EXPAND_FAILED;
3913 }
3914
3915 while (isspace(*s)) s++;
3916 if (*s != '{') goto EXPAND_FAILED_CURLY;
3917 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3918 if (arg == NULL) goto EXPAND_FAILED;
3919 while (isspace(*s)) s++;
3920 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3921
3922 if (skipping) /* Just pretend it worked when we're skipping */
3923 {
3924 runrc = 0;
3925 }
3926 else
3927 {
3928 if (!transport_set_up_command(&argv, /* anchor for arg list */
3929 arg, /* raw command */
3930 FALSE, /* don't expand the arguments */
3931 0, /* not relevant when... */
3932 NULL, /* no transporting address */
3933 US"${run} expansion", /* for error messages */
3934 &expand_string_message)) /* where to put error message */
3935 {
3936 goto EXPAND_FAILED;
3937 }
3938
3939 /* Create the child process, making it a group leader. */
3940
3941 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3942
3943 if (pid < 0)
3944 {
3945 expand_string_message =
3946 string_sprintf("couldn't create child process: %s", strerror(errno));
3947 goto EXPAND_FAILED;
3948 }
3949
3950 /* Nothing is written to the standard input. */
3951
f1e894f3 3952 (void)close(fd_in);
059ec3d9
PH		 3953
3954 /* Wait for the process to finish, applying the timeout, and inspect its
3955 return code for serious disasters. Simple non-zero returns are passed on.
3956 */
3957
3958 if ((runrc = child_close(pid, 60)) < 0)
3959 {
3960 if (runrc == -256)
3961 {
3962 expand_string_message = string_sprintf("command timed out");
3963 killpg(pid, SIGKILL); /* Kill the whole process group */
3964 }
3965
3966 else if (runrc == -257)
3967 expand_string_message = string_sprintf("wait() failed: %s",
3968 strerror(errno));
3969
3970 else
3971 expand_string_message = string_sprintf("command killed by signal %d",
3972 -runrc);
3973
3974 goto EXPAND_FAILED;
3975 }
3976
3977 /* Read the pipe to get the command's output into $value (which is kept
3978 in lookup_value). */
3979
3980 f = fdopen(fd_out, "rb");
059ec3d9
PH		 3981 lookup_value = NULL;
3982 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
f1e894f3 3983 (void)fclose(f);
059ec3d9
PH		 3984 }
3985
d20976dc 3986 /* Process the yes/no strings; $value may be useful in both cases */
059ec3d9
PH		 3987
3988 switch(process_yesno(
3989 skipping, /* were previously skipping */
3990 runrc == 0, /* success/failure indicator */
d20976dc 3991 lookup_value, /* value to reset for string2 */
059ec3d9
PH		 3992 &s, /* input pointer */
3993 &yield, /* output pointer */
3994 &size, /* output size */
3995 &ptr, /* output current point */
3996 US"run")) /* condition type */
3997 {
3998 case 1: goto EXPAND_FAILED; /* when all is well, the */
3999 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4000 }
4001
4002 continue;
4003 }
4004
4005 /* Handle character translation for "tr" */
4006
4007 case EITEM_TR:
4008 {
4009 int oldptr = ptr;
4010 int o2m;
4011 uschar *sub[3];
4012
4013 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
4014 {
4015 case 1: goto EXPAND_FAILED_CURLY;
4016 case 2:
4017 case 3: goto EXPAND_FAILED;
4018 }
4019