Document match_*/inlist changes (before coding starts)
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
0a49a7a4 5/* Copyright (c) University of Cambridge 1995 - 2009 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH
14/* Recursively called function */
15
16static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
17
059ec3d9
PH
18#ifdef STAND_ALONE
19#ifndef SUPPORT_CRYPTEQ
20#define SUPPORT_CRYPTEQ
21#endif
22#endif
23
96c065cb
PH
24#ifdef LOOKUP_LDAP
25#include "lookups/ldap.h"
26#endif
27
059ec3d9
PH
28#ifdef SUPPORT_CRYPTEQ
29#ifdef CRYPT_H
30#include <crypt.h>
31#endif
32#ifndef HAVE_CRYPT16
33extern char* crypt16(char*, char*);
34#endif
35#endif
36
96c065cb
PH
37/* The handling of crypt16() is a mess. I will record below the analysis of the
38mess that was sent to me. We decided, however, to make changing this very low
39priority, because in practice people are moving away from the crypt()
40algorithms nowadays, so it doesn't seem worth it.
41
42<quote>
43There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44the first 8 characters of the password using a 20-round version of crypt
45(standard crypt does 25 rounds). It then crypts the next 8 characters,
46or an empty block if the password is less than 9 characters, using a
4720-round version of crypt and the same salt as was used for the first
48block. Charaters after the first 16 are ignored. It always generates
49a 16-byte hash, which is expressed together with the salt as a string
50of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56and OSF/1. This is the same as the standard crypt if given a password
57of 8 characters or less. If given more, it first does the same as crypt
58using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59using as salt the first two base 64 digits from the first hash block.
60If the password is more than 16 characters then it crypts the 17th to 24th
61characters using as salt the first two base 64 digits from the second hash
62block. And so on: I've seen references to it cutting off the password at
6340 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70Exim has something it calls "crypt16". It will either use a native
71crypt16 or its own implementation. A native crypt16 will presumably
72be the one that I called "crypt16" above. The internal "crypt16"
73function, however, is a two-block-maximum implementation of what I called
74"bigcrypt". The documentation matches the internal code.
75
76I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77that crypt16 and bigcrypt were different things.
78
79Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80to whatever it is using under that name. This unfortunately sets a
81precedent for using "{crypt16}" to identify two incompatible algorithms
82whose output can't be distinguished. With "{crypt16}" thus rendered
83ambiguous, I suggest you deprecate it and invent two new identifiers
84for the two algorithms.
85
86Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87of the password separately means they can be cracked separately, so
88the double-length hash only doubles the cracking effort instead of
89squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90bcrypt ({CRYPT}$2a$).
91</quote>
92*/
059ec3d9
PH
93
94
059ec3d9
PH
95
96
97/*************************************************
98* Local statics and tables *
99*************************************************/
100
101/* Table of item names, and corresponding switch numbers. The names must be in
102alphabetical order. */
103
104static uschar *item_table[] = {
1a46a8c5 105 US"dlfunc",
059ec3d9 106 US"extract",
29f89cad 107 US"filter",
059ec3d9
PH
108 US"hash",
109 US"hmac",
110 US"if",
111 US"length",
112 US"lookup",
29f89cad 113 US"map",
059ec3d9 114 US"nhash",
1a46a8c5 115 US"perl",
fffda43a
TK
116 US"prvs",
117 US"prvscheck",
059ec3d9
PH
118 US"readfile",
119 US"readsocket",
29f89cad 120 US"reduce",
059ec3d9
PH
121 US"run",
122 US"sg",
123 US"substr",
124 US"tr" };
125
126enum {
1a46a8c5 127 EITEM_DLFUNC,
059ec3d9 128 EITEM_EXTRACT,
29f89cad 129 EITEM_FILTER,
059ec3d9
PH
130 EITEM_HASH,
131 EITEM_HMAC,
132 EITEM_IF,
133 EITEM_LENGTH,
134 EITEM_LOOKUP,
29f89cad 135 EITEM_MAP,
059ec3d9 136 EITEM_NHASH,
1a46a8c5 137 EITEM_PERL,
fffda43a
TK
138 EITEM_PRVS,
139 EITEM_PRVSCHECK,
059ec3d9
PH
140 EITEM_READFILE,
141 EITEM_READSOCK,
29f89cad 142 EITEM_REDUCE,
059ec3d9
PH
143 EITEM_RUN,
144 EITEM_SG,
145 EITEM_SUBSTR,
146 EITEM_TR };
147
148/* Tables of operator names, and corresponding switch numbers. The names must be
149in alphabetical order. There are two tables, because underscore is used in some
150cases to introduce arguments, whereas for other it is part of the name. This is
151an historical mis-design. */
152
153static uschar *op_table_underscore[] = {
154 US"from_utf8",
155 US"local_part",
156 US"quote_local_part",
83e029d5 157 US"reverse_ip",
f90d018c 158 US"time_eval",
059ec3d9
PH
159 US"time_interval"};
160
161enum {
162 EOP_FROM_UTF8,
163 EOP_LOCAL_PART,
164 EOP_QUOTE_LOCAL_PART,
83e029d5 165 EOP_REVERSE_IP,
f90d018c 166 EOP_TIME_EVAL,
059ec3d9
PH
167 EOP_TIME_INTERVAL };
168
169static uschar *op_table_main[] = {
170 US"address",
29f89cad 171 US"addresses",
059ec3d9
PH
172 US"base62",
173 US"base62d",
174 US"domain",
175 US"escape",
176 US"eval",
177 US"eval10",
178 US"expand",
179 US"h",
180 US"hash",
181 US"hex2b64",
182 US"l",
183 US"lc",
184 US"length",
185 US"mask",
186 US"md5",
187 US"nh",
188 US"nhash",
189 US"quote",
9e3331ea 190 US"randint",
059ec3d9 191 US"rfc2047",
9c57cbc0 192 US"rfc2047d",
059ec3d9
PH
193 US"rxquote",
194 US"s",
195 US"sha1",
196 US"stat",
197 US"str2b64",
198 US"strlen",
199 US"substr",
200 US"uc" };
201
202enum {
203 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
29f89cad 204 EOP_ADDRESSES,
059ec3d9
PH
205 EOP_BASE62,
206 EOP_BASE62D,
207 EOP_DOMAIN,
208 EOP_ESCAPE,
209 EOP_EVAL,
210 EOP_EVAL10,
211 EOP_EXPAND,
212 EOP_H,
213 EOP_HASH,
214 EOP_HEX2B64,
215 EOP_L,
216 EOP_LC,
217 EOP_LENGTH,
218 EOP_MASK,
219 EOP_MD5,
220 EOP_NH,
221 EOP_NHASH,
222 EOP_QUOTE,
9e3331ea 223 EOP_RANDINT,
059ec3d9 224 EOP_RFC2047,
9c57cbc0 225 EOP_RFC2047D,
059ec3d9
PH
226 EOP_RXQUOTE,
227 EOP_S,
228 EOP_SHA1,
229 EOP_STAT,
230 EOP_STR2B64,
231 EOP_STRLEN,
232 EOP_SUBSTR,
233 EOP_UC };
234
235
236/* Table of condition names, and corresponding switch numbers. The names must
237be in alphabetical order. */
238
239static uschar *cond_table[] = {
240 US"<",
241 US"<=",
242 US"=",
243 US"==", /* Backward compatibility */
244 US">",
245 US">=",
246 US"and",
f3766eb5 247 US"bool",
6a8de854 248 US"bool_lax",
059ec3d9
PH
249 US"crypteq",
250 US"def",
251 US"eq",
252 US"eqi",
253 US"exists",
254 US"first_delivery",
0ce9abe6
PH
255 US"forall",
256 US"forany",
059ec3d9
PH
257 US"ge",
258 US"gei",
259 US"gt",
260 US"gti",
261 US"isip",
262 US"isip4",
263 US"isip6",
264 US"ldapauth",
265 US"le",
266 US"lei",
267 US"lt",
268 US"lti",
269 US"match",
270 US"match_address",
271 US"match_domain",
32d668a5 272 US"match_ip",
059ec3d9
PH
273 US"match_local_part",
274 US"or",
275 US"pam",
276 US"pwcheck",
277 US"queue_running",
278 US"radius",
279 US"saslauthd"
280};
281
282enum {
283 ECOND_NUM_L,
284 ECOND_NUM_LE,
285 ECOND_NUM_E,
286 ECOND_NUM_EE,
287 ECOND_NUM_G,
288 ECOND_NUM_GE,
289 ECOND_AND,
f3766eb5 290 ECOND_BOOL,
6a8de854 291 ECOND_BOOL_LAX,
059ec3d9
PH
292 ECOND_CRYPTEQ,
293 ECOND_DEF,
294 ECOND_STR_EQ,
295 ECOND_STR_EQI,
296 ECOND_EXISTS,
297 ECOND_FIRST_DELIVERY,
0ce9abe6
PH
298 ECOND_FORALL,
299 ECOND_FORANY,
059ec3d9
PH
300 ECOND_STR_GE,
301 ECOND_STR_GEI,
302 ECOND_STR_GT,
303 ECOND_STR_GTI,
304 ECOND_ISIP,
305 ECOND_ISIP4,
306 ECOND_ISIP6,
307 ECOND_LDAPAUTH,
308 ECOND_STR_LE,
309 ECOND_STR_LEI,
310 ECOND_STR_LT,
311 ECOND_STR_LTI,
312 ECOND_MATCH,
313 ECOND_MATCH_ADDRESS,
314 ECOND_MATCH_DOMAIN,
32d668a5 315 ECOND_MATCH_IP,
059ec3d9
PH
316 ECOND_MATCH_LOCAL_PART,
317 ECOND_OR,
318 ECOND_PAM,
319 ECOND_PWCHECK,
320 ECOND_QUEUE_RUNNING,
321 ECOND_RADIUS,
322 ECOND_SASLAUTHD
323};
324
325
326/* Type for main variable table */
327
328typedef struct {
1ba28e2b
PP
329 const char *name;
330 int type;
331 void *value;
059ec3d9
PH
332} var_entry;
333
334/* Type for entries pointing to address/length pairs. Not currently
335in use. */
336
337typedef struct {
338 uschar **address;
339 int *length;
340} alblock;
341
342/* Types of table entry */
343
344enum {
345 vtype_int, /* value is address of int */
346 vtype_filter_int, /* ditto, but recognized only when filtering */
347 vtype_ino, /* value is address of ino_t (not always an int) */
348 vtype_uid, /* value is address of uid_t (not always an int) */
349 vtype_gid, /* value is address of gid_t (not always an int) */
350 vtype_stringptr, /* value is address of pointer to string */
351 vtype_msgbody, /* as stringptr, but read when first required */
352 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH
353 vtype_msgheaders, /* the message's headers, processed */
354 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH
355 vtype_localpart, /* extract local part from string */
356 vtype_domain, /* extract domain from string */
357 vtype_recipients, /* extract recipients from recipients list */
0e20aff9
MH
358 /* (available only in system filters, ACLs, and */
359 /* local_scan()) */
059ec3d9
PH
360 vtype_todbsdin, /* value not used; generate BSD inbox tod */
361 vtype_tode, /* value not used; generate tod in epoch format */
362 vtype_todf, /* value not used; generate full tod */
363 vtype_todl, /* value not used; generate log tod */
364 vtype_todlf, /* value not used; generate log file datestamp tod */
365 vtype_todzone, /* value not used; generate time zone only */
366 vtype_todzulu, /* value not used; generate zulu tod */
367 vtype_reply, /* value not used; get reply from headers */
368 vtype_pid, /* value not used; result is pid */
369 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH
370 vtype_load_avg, /* value not used; result is int from os_getloadavg */
371 vtype_pspace, /* partition space; value is T/F for spool/log */
8e669ac1 372 vtype_pinodes /* partition inodes; value is T/F for spool/log */
80a47a2c
TK
373 #ifndef DISABLE_DKIM
374 ,vtype_dkim /* Lookup of value in DKIM signature */
375 #endif
059ec3d9
PH
376 };
377
378/* This table must be kept in alphabetical order. */
379
380static var_entry var_table[] = {
38a0a95f
PH
381 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
382 they will be confused with user-creatable ACL variables. */
059ec3d9
PH
383 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
384 { "address_data", vtype_stringptr, &deliver_address_data },
385 { "address_file", vtype_stringptr, &address_file },
386 { "address_pipe", vtype_stringptr, &address_pipe },
387 { "authenticated_id", vtype_stringptr, &authenticated_id },
388 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
389 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP
390#ifdef WITH_CONTENT_SCAN
391 { "av_failed", vtype_int, &av_failed },
392#endif
8523533c
TK
393#ifdef EXPERIMENTAL_BRIGHTMAIL
394 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
395 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
396 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
397 { "bmi_deliver", vtype_int, &bmi_deliver },
398#endif
059ec3d9
PH
399 { "body_linecount", vtype_int, &body_linecount },
400 { "body_zerocount", vtype_int, &body_zerocount },
401 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
402 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
403 { "caller_gid", vtype_gid, &real_gid },
404 { "caller_uid", vtype_uid, &real_uid },
405 { "compile_date", vtype_stringptr, &version_date },
406 { "compile_number", vtype_stringptr, &version_cnumber },
e5a9dba6 407 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK
408#ifdef EXPERIMENTAL_DCC
409 { "dcc_header", vtype_stringptr, &dcc_header },
410 { "dcc_result", vtype_stringptr, &dcc_result },
411#endif
8523533c
TK
412#ifdef WITH_OLD_DEMIME
413 { "demime_errorlevel", vtype_int, &demime_errorlevel },
414 { "demime_reason", vtype_stringptr, &demime_reason },
415#endif
80a47a2c
TK
416#ifndef DISABLE_DKIM
417 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
418 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
419 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
420 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
421 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
422 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 423 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 424 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK
425 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
426 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
427 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
428 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
429 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
430 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
431 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
432 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 433 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 434 { "dkim_signers", vtype_stringptr, &dkim_signers },
80a47a2c
TK
435 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
436 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
e08d09e5 437#endif
059ec3d9 438 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 439 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH
440 { "dnslist_text", vtype_stringptr, &dnslist_text },
441 { "dnslist_value", vtype_stringptr, &dnslist_value },
442 { "domain", vtype_stringptr, &deliver_domain },
443 { "domain_data", vtype_stringptr, &deliver_domain_data },
444 { "exim_gid", vtype_gid, &exim_gid },
445 { "exim_path", vtype_stringptr, &exim_path },
446 { "exim_uid", vtype_uid, &exim_uid },
8523533c
TK
447#ifdef WITH_OLD_DEMIME
448 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 449#endif
059ec3d9
PH
450 { "home", vtype_stringptr, &deliver_home },
451 { "host", vtype_stringptr, &deliver_host },
452 { "host_address", vtype_stringptr, &deliver_host_address },
453 { "host_data", vtype_stringptr, &host_data },
b08b24c8 454 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9
PH
455 { "host_lookup_failed", vtype_int, &host_lookup_failed },
456 { "inode", vtype_ino, &deliver_inode },
457 { "interface_address", vtype_stringptr, &interface_address },
458 { "interface_port", vtype_int, &interface_port },
0ce9abe6 459 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH
460 #ifdef LOOKUP_LDAP
461 { "ldap_dn", vtype_stringptr, &eldap_dn },
462 #endif
463 { "load_average", vtype_load_avg, NULL },
464 { "local_part", vtype_stringptr, &deliver_localpart },
465 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
466 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
467 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
468 { "local_scan_data", vtype_stringptr, &local_scan_data },
469 { "local_user_gid", vtype_gid, &local_user_gid },
470 { "local_user_uid", vtype_uid, &local_user_uid },
471 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 472 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 473 { "log_space", vtype_pspace, (void *)FALSE },
059ec3d9 474 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK
475#ifdef WITH_CONTENT_SCAN
476 { "malware_name", vtype_stringptr, &malware_name },
477#endif
d677b2f2 478 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH
479 { "message_age", vtype_int, &message_age },
480 { "message_body", vtype_msgbody, &message_body },
481 { "message_body_end", vtype_msgbody_end, &message_body_end },
482 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 483 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 484 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 485 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 486 { "message_id", vtype_stringptr, &message_id },
2e0c1448 487 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 488 { "message_size", vtype_int, &message_size },
8523533c
TK
489#ifdef WITH_CONTENT_SCAN
490 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
491 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
492 { "mime_boundary", vtype_stringptr, &mime_boundary },
493 { "mime_charset", vtype_stringptr, &mime_charset },
494 { "mime_content_description", vtype_stringptr, &mime_content_description },
495 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
496 { "mime_content_id", vtype_stringptr, &mime_content_id },
497 { "mime_content_size", vtype_int, &mime_content_size },
498 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
499 { "mime_content_type", vtype_stringptr, &mime_content_type },
500 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
501 { "mime_filename", vtype_stringptr, &mime_filename },
502 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
503 { "mime_is_multipart", vtype_int, &mime_is_multipart },
504 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
505 { "mime_part_count", vtype_int, &mime_part_count },
506#endif
059ec3d9
PH
507 { "n0", vtype_filter_int, &filter_n[0] },
508 { "n1", vtype_filter_int, &filter_n[1] },
509 { "n2", vtype_filter_int, &filter_n[2] },
510 { "n3", vtype_filter_int, &filter_n[3] },
511 { "n4", vtype_filter_int, &filter_n[4] },
512 { "n5", vtype_filter_int, &filter_n[5] },
513 { "n6", vtype_filter_int, &filter_n[6] },
514 { "n7", vtype_filter_int, &filter_n[7] },
515 { "n8", vtype_filter_int, &filter_n[8] },
516 { "n9", vtype_filter_int, &filter_n[9] },
517 { "original_domain", vtype_stringptr, &deliver_domain_orig },
518 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
519 { "originator_gid", vtype_gid, &originator_gid },
520 { "originator_uid", vtype_uid, &originator_uid },
521 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
522 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
523 { "pid", vtype_pid, NULL },
524 { "primary_hostname", vtype_stringptr, &primary_hostname },
fffda43a
TK
525 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
526 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
527 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH
528 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
529 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
530 { "rcpt_count", vtype_int, &rcpt_count },
531 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
532 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
533 { "received_count", vtype_int, &received_count },
534 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH
535 { "received_ip_address", vtype_stringptr, &interface_address },
536 { "received_port", vtype_int, &interface_port },
059ec3d9 537 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 538 { "received_time", vtype_int, &received_time },
059ec3d9 539 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 540 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
059ec3d9
PH
541 { "recipients", vtype_recipients, NULL },
542 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK
543#ifdef WITH_CONTENT_SCAN
544 { "regex_match_string", vtype_stringptr, &regex_match_string },
545#endif
059ec3d9
PH
546 { "reply_address", vtype_reply, NULL },
547 { "return_path", vtype_stringptr, &return_path },
548 { "return_size_limit", vtype_int, &bounce_return_size_limit },
549 { "runrc", vtype_int, &runrc },
550 { "self_hostname", vtype_stringptr, &self_hostname },
551 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 552 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH
553 { "sender_address_domain", vtype_domain, &sender_address },
554 { "sender_address_local_part", vtype_localpart, &sender_address },
555 { "sender_data", vtype_stringptr, &sender_data },
556 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
557 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
558 { "sender_host_address", vtype_stringptr, &sender_host_address },
559 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
560 { "sender_host_name", vtype_host_lookup, NULL },
561 { "sender_host_port", vtype_int, &sender_host_port },
562 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF
563 { "sender_rate", vtype_stringptr, &sender_rate },
564 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
565 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 566 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 567 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH
568 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
569 { "sending_port", vtype_int, &sending_port },
8e669ac1 570 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH
571 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
572 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
b01dd148 573 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 574 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH
575 { "sn0", vtype_filter_int, &filter_sn[0] },
576 { "sn1", vtype_filter_int, &filter_sn[1] },
577 { "sn2", vtype_filter_int, &filter_sn[2] },
578 { "sn3", vtype_filter_int, &filter_sn[3] },
579 { "sn4", vtype_filter_int, &filter_sn[4] },
580 { "sn5", vtype_filter_int, &filter_sn[5] },
581 { "sn6", vtype_filter_int, &filter_sn[6] },
582 { "sn7", vtype_filter_int, &filter_sn[7] },
583 { "sn8", vtype_filter_int, &filter_sn[8] },
584 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c
TK
585#ifdef WITH_CONTENT_SCAN
586 { "spam_bar", vtype_stringptr, &spam_bar },
587 { "spam_report", vtype_stringptr, &spam_report },
588 { "spam_score", vtype_stringptr, &spam_score },
589 { "spam_score_int", vtype_stringptr, &spam_score_int },
590#endif
591#ifdef EXPERIMENTAL_SPF
65a7d8c3 592 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK
593 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
594 { "spf_received", vtype_stringptr, &spf_received },
595 { "spf_result", vtype_stringptr, &spf_result },
596 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
597#endif
059ec3d9 598 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 599 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 600 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK
601#ifdef EXPERIMENTAL_SRS
602 { "srs_db_address", vtype_stringptr, &srs_db_address },
603 { "srs_db_key", vtype_stringptr, &srs_db_key },
604 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
605 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
606 { "srs_recipient", vtype_stringptr, &srs_recipient },
607 { "srs_status", vtype_stringptr, &srs_status },
608#endif
059ec3d9
PH
609 { "thisaddress", vtype_stringptr, &filter_thisaddress },
610 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
611 { "tls_cipher", vtype_stringptr, &tls_cipher },
612 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
613 { "tod_bsdinbox", vtype_todbsdin, NULL },
614 { "tod_epoch", vtype_tode, NULL },
615 { "tod_full", vtype_todf, NULL },
616 { "tod_log", vtype_todl, NULL },
617 { "tod_logfile", vtype_todlf, NULL },
618 { "tod_zone", vtype_todzone, NULL },
619 { "tod_zulu", vtype_todzulu, NULL },
620 { "value", vtype_stringptr, &lookup_value },
621 { "version_number", vtype_stringptr, &version_string },
622 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
623 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
624 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
625 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
626 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
627 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
628};
629
630static int var_table_size = sizeof(var_table)/sizeof(var_entry);
631static uschar var_buffer[256];
632static BOOL malformed_header;
633
634/* For textual hashes */
635
1ba28e2b
PP
636static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
637 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
638 "0123456789";
059ec3d9
PH
639
640enum { HMAC_MD5, HMAC_SHA1 };
641
642/* For numeric hashes */
643
644static unsigned int prime[] = {
645 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
646 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
647 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
648
649/* For printing modes in symbolic form */
650
651static uschar *mtable_normal[] =
652 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
653
654static uschar *mtable_setid[] =
655 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
656
657static uschar *mtable_sticky[] =
658 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
659
660
661
662/*************************************************
663* Tables for UTF-8 support *
664*************************************************/
665
666/* Table of the number of extra characters, indexed by the first character
667masked with 0x3f. The highest number for a valid UTF-8 character is in fact
6680x3d. */
669
670static uschar utf8_table1[] = {
671 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
672 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
673 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
674 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
675
676/* These are the masks for the data bits in the first byte of a character,
677indexed by the number of additional bytes. */
678
679static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
680
681/* Get the next UTF-8 character, advancing the pointer. */
682
683#define GETUTF8INC(c, ptr) \
684 c = *ptr++; \
685 if ((c & 0xc0) == 0xc0) \
686 { \
687 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
688 int s = 6*a; \
689 c = (c & utf8_table2[a]) << s; \
690 while (a-- > 0) \
691 { \
692 s -= 6; \
693 c |= (*ptr++ & 0x3f) << s; \
694 } \
695 }
696
697
698/*************************************************
699* Binary chop search on a table *
700*************************************************/
701
702/* This is used for matching expansion items and operators.
703
704Arguments:
705 name the name that is being sought
706 table the table to search
707 table_size the number of items in the table
708
709Returns: the offset in the table, or -1
710*/
711
712static int
713chop_match(uschar *name, uschar **table, int table_size)
714{
715uschar **bot = table;
716uschar **top = table + table_size;
717
718while (top > bot)
719 {
720 uschar **mid = bot + (top - bot)/2;
721 int c = Ustrcmp(name, *mid);
722 if (c == 0) return mid - table;
723 if (c > 0) bot = mid + 1; else top = mid;
724 }
725
726return -1;
727}
728
729
730
731/*************************************************
732* Check a condition string *
733*************************************************/
734
735/* This function is called to expand a string, and test the result for a "true"
736or "false" value. Failure of the expansion yields FALSE; logged unless it was a
737forced fail or lookup defer. All store used by the function can be released on
738exit.
739
6a8de854
PP
740The actual false-value tests should be replicated for ECOND_BOOL_LAX.
741
059ec3d9
PH
742Arguments:
743 condition the condition string
744 m1 text to be incorporated in panic error
745 m2 ditto
746
747Returns: TRUE if condition is met, FALSE if not
748*/
749
750BOOL
751expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
752{
753int rc;
754void *reset_point = store_get(0);
755uschar *ss = expand_string(condition);
756if (ss == NULL)
757 {
758 if (!expand_string_forcedfail && !search_find_defer)
759 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
760 "for %s %s: %s", condition, m1, m2, expand_string_message);
761 return FALSE;
762 }
763rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
764 strcmpic(ss, US"false") != 0;
765store_reset(reset_point);
766return rc;
767}
768
769
770
771/*************************************************
9e3331ea
TK
772* Pseudo-random number generation *
773*************************************************/
774
775/* Pseudo-random number generation. The result is not "expected" to be
776cryptographically strong but not so weak that someone will shoot themselves
777in the foot using it as a nonce in some email header scheme or whatever
778weirdness they'll twist this into. The result should ideally handle fork().
779
780However, if we're stuck unable to provide this, then we'll fall back to
781appallingly bad randomness.
782
783If SUPPORT_TLS is defined and OpenSSL is used, then this will not be used.
784The GNUTLS randomness functions found do not seem amenable to extracting
785random numbers outside of a TLS context. Any volunteers?
786
787Arguments:
788 max range maximum
789Returns a random number in range [0, max-1]
790*/
791
792#if !defined(SUPPORT_TLS) || defined(USE_GNUTLS)
793int
794pseudo_random_number(int max)
795{
796 static pid_t pid = 0;
797 pid_t p2;
798#if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
799 struct timeval tv;
800#endif
801
802 p2 = getpid();
803 if (p2 != pid)
804 {
805 if (pid != 0)
806 {
807
808#ifdef HAVE_ARC4RANDOM
809 /* cryptographically strong randomness, common on *BSD platforms, not
810 so much elsewhere. Alas. */
811 arc4random_stir();
812#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
813#ifdef HAVE_SRANDOMDEV
814 /* uses random(4) for seeding */
815 srandomdev();
816#else
817 gettimeofday(&tv, NULL);
818 srandom(tv.tv_sec | tv.tv_usec | getpid());
819#endif
820#else
821 /* Poor randomness and no seeding here */
822#endif
823
824 }
825 pid = p2;
826 }
827
828#ifdef HAVE_ARC4RANDOM
829 return arc4random() % max;
830#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
831 return random() % max;
832#else
833 /* This one returns a 16-bit number, definitely not crypto-strong */
834 return random_number(max);
835#endif
836}
837
838#endif
839
840/*************************************************
059ec3d9
PH
841* Pick out a name from a string *
842*************************************************/
843
844/* If the name is too long, it is silently truncated.
845
846Arguments:
847 name points to a buffer into which to put the name
848 max is the length of the buffer
849 s points to the first alphabetic character of the name
850 extras chars other than alphanumerics to permit
851
852Returns: pointer to the first character after the name
853
854Note: The test for *s != 0 in the while loop is necessary because
855Ustrchr() yields non-NULL if the character is zero (which is not something
856I expected). */
857
858static uschar *
859read_name(uschar *name, int max, uschar *s, uschar *extras)
860{
861int ptr = 0;
862while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
863 {
864 if (ptr < max-1) name[ptr++] = *s;
865 s++;
866 }
867name[ptr] = 0;
868return s;
869}
870
871
872
873/*************************************************
874* Pick out the rest of a header name *
875*************************************************/
876
877/* A variable name starting $header_ (or just $h_ for those who like
878abbreviations) might not be the complete header name because headers can
879contain any printing characters in their names, except ':'. This function is
880called to read the rest of the name, chop h[eader]_ off the front, and put ':'
881on the end, if the name was terminated by white space.
882
883Arguments:
884 name points to a buffer in which the name read so far exists
885 max is the length of the buffer
886 s points to the first character after the name so far, i.e. the
887 first non-alphameric character after $header_xxxxx
888
889Returns: a pointer to the first character after the header name
890*/
891
892static uschar *
893read_header_name(uschar *name, int max, uschar *s)
894{
895int prelen = Ustrchr(name, '_') - name + 1;
896int ptr = Ustrlen(name) - prelen;
897if (ptr > 0) memmove(name, name+prelen, ptr);
898while (mac_isgraph(*s) && *s != ':')
899 {
900 if (ptr < max-1) name[ptr++] = *s;
901 s++;
902 }
903if (*s == ':') s++;
904name[ptr++] = ':';
905name[ptr] = 0;
906return s;
907}
908
909
910
911/*************************************************
912* Pick out a number from a string *
913*************************************************/
914
915/* Arguments:
916 n points to an integer into which to put the number
917 s points to the first digit of the number
918
919Returns: a pointer to the character after the last digit
920*/
921
922static uschar *
923read_number(int *n, uschar *s)
924{
925*n = 0;
926while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
927return s;
928}
929
930
931
932/*************************************************
933* Extract keyed subfield from a string *
934*************************************************/
935
936/* The yield is in dynamic store; NULL means that the key was not found.
937
938Arguments:
939 key points to the name of the key
940 s points to the string from which to extract the subfield
941
942Returns: NULL if the subfield was not found, or
943 a pointer to the subfield's data
944*/
945
946static uschar *
947expand_getkeyed(uschar *key, uschar *s)
948{
949int length = Ustrlen(key);
950while (isspace(*s)) s++;
951
952/* Loop to search for the key */
953
954while (*s != 0)
955 {
956 int dkeylength;
957 uschar *data;
958 uschar *dkey = s;
959
960 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
961 dkeylength = s - dkey;
962 while (isspace(*s)) s++;
963 if (*s == '=') while (isspace((*(++s))));
964
965 data = string_dequote(&s);
966 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
967 return data;
968
969 while (isspace(*s)) s++;
970 }
971
972return NULL;
973}
974
975
976
977
978/*************************************************
979* Extract numbered subfield from string *
980*************************************************/
981
982/* Extracts a numbered field from a string that is divided by tokens - for
983example a line from /etc/passwd is divided by colon characters. First field is
984numbered one. Negative arguments count from the right. Zero returns the whole
985string. Returns NULL if there are insufficient tokens in the string
986
987***WARNING***
988Modifies final argument - this is a dynamically generated string, so that's OK.
989
990Arguments:
991 field number of field to be extracted,
992 first field = 1, whole string = 0, last field = -1
993 separators characters that are used to break string into tokens
994 s points to the string from which to extract the subfield
995
996Returns: NULL if the field was not found,
997 a pointer to the field's data inside s (modified to add 0)
998*/
999
1000static uschar *
1001expand_gettokened (int field, uschar *separators, uschar *s)
1002{
1003int sep = 1;
1004int count;
1005uschar *ss = s;
1006uschar *fieldtext = NULL;
1007
1008if (field == 0) return s;
1009
1010/* Break the line up into fields in place; for field > 0 we stop when we have
1011done the number of fields we want. For field < 0 we continue till the end of
1012the string, counting the number of fields. */
1013
1014count = (field > 0)? field : INT_MAX;
1015
1016while (count-- > 0)
1017 {
1018 size_t len;
1019
1020 /* Previous field was the last one in the string. For a positive field
1021 number, this means there are not enough fields. For a negative field number,
1022 check that there are enough, and scan back to find the one that is wanted. */
1023
1024 if (sep == 0)
1025 {
1026 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1027 if ((-field) == (INT_MAX - count - 1)) return s;
1028 while (field++ < 0)
1029 {
1030 ss--;
1031 while (ss[-1] != 0) ss--;
1032 }
1033 fieldtext = ss;
1034 break;
1035 }
1036
1037 /* Previous field was not last in the string; save its start and put a
1038 zero at its end. */
1039
1040 fieldtext = ss;
1041 len = Ustrcspn(ss, separators);
1042 sep = ss[len];
1043 ss[len] = 0;
1044 ss += len + 1;
1045 }
1046
1047return fieldtext;
1048}
1049
1050
1051
1052/*************************************************
1053* Extract a substring from a string *
1054*************************************************/
1055
1056/* Perform the ${substr or ${length expansion operations.
1057
1058Arguments:
1059 subject the input string
1060 value1 the offset from the start of the input string to the start of
1061 the output string; if negative, count from the right.
1062 value2 the length of the output string, or negative (-1) for unset
1063 if value1 is positive, unset means "all after"
1064 if value1 is negative, unset means "all before"
1065 len set to the length of the returned string
1066
1067Returns: pointer to the output string, or NULL if there is an error
1068*/
1069
1070static uschar *
1071extract_substr(uschar *subject, int value1, int value2, int *len)
1072{
1073int sublen = Ustrlen(subject);
1074
1075if (value1 < 0) /* count from right */
1076 {
1077 value1 += sublen;
1078
1079 /* If the position is before the start, skip to the start, and adjust the
1080 length. If the length ends up negative, the substring is null because nothing
1081 can precede. This falls out naturally when the length is unset, meaning "all
1082 to the left". */
1083
1084 if (value1 < 0)
1085 {
1086 value2 += value1;
1087 if (value2 < 0) value2 = 0;
1088 value1 = 0;
1089 }
1090
1091 /* Otherwise an unset length => characters before value1 */
1092
1093 else if (value2 < 0)
1094 {
1095 value2 = value1;
1096 value1 = 0;
1097 }
1098 }
1099
1100/* For a non-negative offset, if the starting position is past the end of the
1101string, the result will be the null string. Otherwise, an unset length means
1102"rest"; just set it to the maximum - it will be cut down below if necessary. */
1103
1104else
1105 {
1106 if (value1 > sublen)
1107 {
1108 value1 = sublen;
1109 value2 = 0;
1110 }
1111 else if (value2 < 0) value2 = sublen;
1112 }
1113
1114/* Cut the length down to the maximum possible for the offset value, and get
1115the required characters. */
1116
1117if (value1 + value2 > sublen) value2 = sublen - value1;
1118*len = value2;
1119return subject + value1;
1120}
1121
1122
1123
1124
1125/*************************************************
1126* Old-style hash of a string *
1127*************************************************/
1128
1129/* Perform the ${hash expansion operation.
1130
1131Arguments:
1132 subject the input string (an expanded substring)
1133 value1 the length of the output string; if greater or equal to the
1134 length of the input string, the input string is returned
1135 value2 the number of hash characters to use, or 26 if negative
1136 len set to the length of the returned string
1137
1138Returns: pointer to the output string, or NULL if there is an error
1139*/
1140
1141static uschar *
1142compute_hash(uschar *subject, int value1, int value2, int *len)
1143{
1144int sublen = Ustrlen(subject);
1145
1146if (value2 < 0) value2 = 26;
1147else if (value2 > Ustrlen(hashcodes))
1148 {
1149 expand_string_message =
1150 string_sprintf("hash count \"%d\" too big", value2);
1151 return NULL;
1152 }
1153
1154/* Calculate the hash text. We know it is shorter than the original string, so
1155can safely place it in subject[] (we know that subject is always itself an
1156expanded substring). */
1157
1158if (value1 < sublen)
1159 {
1160 int c;
1161 int i = 0;
1162 int j = value1;
1163 while ((c = (subject[j])) != 0)
1164 {
1165 int shift = (c + j++) & 7;
1166 subject[i] ^= (c << shift) | (c >> (8-shift));
1167 if (++i >= value1) i = 0;
1168 }
1169 for (i = 0; i < value1; i++)
1170 subject[i] = hashcodes[(subject[i]) % value2];
1171 }
1172else value1 = sublen;
1173
1174*len = value1;
1175return subject;
1176}
1177
1178
1179
1180
1181/*************************************************
1182* Numeric hash of a string *
1183*************************************************/
1184
1185/* Perform the ${nhash expansion operation. The first characters of the
1186string are treated as most important, and get the highest prime numbers.
1187
1188Arguments:
1189 subject the input string
1190 value1 the maximum value of the first part of the result
1191 value2 the maximum value of the second part of the result,
1192 or negative to produce only a one-part result
1193 len set to the length of the returned string
1194
1195Returns: pointer to the output string, or NULL if there is an error.
1196*/
1197
1198static uschar *
1199compute_nhash (uschar *subject, int value1, int value2, int *len)
1200{
1201uschar *s = subject;
1202int i = 0;
1203unsigned long int total = 0; /* no overflow */
1204
1205while (*s != 0)
1206 {
1207 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1208 total += prime[i--] * (unsigned int)(*s++);
1209 }
1210
1211/* If value2 is unset, just compute one number */
1212
1213if (value2 < 0)
1214 {
1215 s = string_sprintf("%d", total % value1);
1216 }
1217
1218/* Otherwise do a div/mod hash */
1219
1220else
1221 {
1222 total = total % (value1 * value2);
1223 s = string_sprintf("%d/%d", total/value2, total % value2);
1224 }
1225
1226*len = Ustrlen(s);
1227return s;
1228}
1229
1230
1231
1232
1233
1234/*************************************************
1235* Find the value of a header or headers *
1236*************************************************/
1237
1238/* Multiple instances of the same header get concatenated, and this function
1239can also return a concatenation of all the header lines. When concatenating
1240specific headers that contain lists of addresses, a comma is inserted between
1241them. Otherwise we use a straight concatenation. Because some messages can have
1242pathologically large number of lines, there is a limit on the length that is
1243returned. Also, to avoid massive store use which would result from using
1244string_cat() as it copies and extends strings, we do a preliminary pass to find
1245out exactly how much store will be needed. On "normal" messages this will be
1246pretty trivial.
1247
1248Arguments:
1249 name the name of the header, without the leading $header_ or $h_,
1250 or NULL if a concatenation of all headers is required
1251 exists_only TRUE if called from a def: test; don't need to build a string;
1252 just return a string that is not "" and not "0" if the header
1253 exists
1254 newsize return the size of memory block that was obtained; may be NULL
1255 if exists_only is TRUE
1256 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH
1257 other than concatenating, will be done on the header. Also used
1258 for $message_headers_raw.
059ec3d9
PH
1259 charset name of charset to translate MIME words to; used only if
1260 want_raw is false; if NULL, no translation is done (this is
1261 used for $bh_ and $bheader_)
1262
1263Returns: NULL if the header does not exist, else a pointer to a new
1264 store block
1265*/
1266
1267static uschar *
1268find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1269 uschar *charset)
1270{
1271BOOL found = name == NULL;
1272int comma = 0;
1273int len = found? 0 : Ustrlen(name);
1274int i;
1275uschar *yield = NULL;
1276uschar *ptr = NULL;
1277
1278/* Loop for two passes - saves code repetition */
1279
1280for (i = 0; i < 2; i++)
1281 {
1282 int size = 0;
1283 header_line *h;
1284
1285 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1286 {
1287 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1288 {
1289 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1290 {
1291 int ilen;
1292 uschar *t;
1293
1294 if (exists_only) return US"1"; /* don't need actual string */
1295 found = TRUE;
1296 t = h->text + len; /* text to insert */
1297 if (!want_raw) /* unless wanted raw, */
1298 while (isspace(*t)) t++; /* remove leading white space */
1299 ilen = h->slen - (t - h->text); /* length to insert */
1300
fd700877
PH
1301 /* Unless wanted raw, remove trailing whitespace, including the
1302 newline. */
1303
1304 if (!want_raw)
1305 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1306
059ec3d9
PH
1307 /* Set comma = 1 if handling a single header and it's one of those
1308 that contains an address list, except when asked for raw headers. Only
1309 need to do this once. */
1310
1311 if (!want_raw && name != NULL && comma == 0 &&
1312 Ustrchr("BCFRST", h->type) != NULL)
1313 comma = 1;
1314
1315 /* First pass - compute total store needed; second pass - compute
1316 total store used, including this header. */
1317
fd700877 1318 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH
1319
1320 /* Second pass - concatentate the data, up to a maximum. Note that
1321 the loop stops when size hits the limit. */
1322
1323 if (i != 0)
1324 {
1325 if (size > header_insert_maxlen)
1326 {
fd700877 1327 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH
1328 comma = 0;
1329 }
1330 Ustrncpy(ptr, t, ilen);
1331 ptr += ilen;
fd700877
PH
1332
1333 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH
1334 back the newline we removed above, provided there was some text in
1335 the header. */
fd700877 1336
3168332a 1337 if (!want_raw && ilen > 0)
059ec3d9 1338 {
3168332a 1339 if (comma != 0) *ptr++ = ',';
059ec3d9
PH
1340 *ptr++ = '\n';
1341 }
1342 }
1343 }
1344 }
1345 }
1346
fd700877
PH
1347 /* At end of first pass, return NULL if no header found. Then truncate size
1348 if necessary, and get the buffer to hold the data, returning the buffer size.
1349 */
059ec3d9
PH
1350
1351 if (i == 0)
1352 {
1353 if (!found) return NULL;
1354 if (size > header_insert_maxlen) size = header_insert_maxlen;
1355 *newsize = size + 1;
1356 ptr = yield = store_get(*newsize);
1357 }
1358 }
1359
059ec3d9
PH
1360/* That's all we do for raw header expansion. */
1361
1362if (want_raw)
1363 {
1364 *ptr = 0;
1365 }
1366
fd700877
PH
1367/* Otherwise, remove a final newline and a redundant added comma. Then we do
1368RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH
1369function can return an error with decoded data if the charset translation
1370fails. If decoding fails, it returns NULL. */
1371
1372else
1373 {
1374 uschar *decoded, *error;
3168332a 1375 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1376 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1377 *ptr = 0;
a0d6ba8a
PH
1378 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1379 newsize, &error);
059ec3d9
PH
1380 if (error != NULL)
1381 {
1382 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1383 " input was: %s\n", error, yield);
1384 }
1385 if (decoded != NULL) yield = decoded;
1386 }
1387
1388return yield;
1389}
1390
1391
1392
1393
1394/*************************************************
1395* Find value of a variable *
1396*************************************************/
1397
1398/* The table of variables is kept in alphabetic order, so we can search it
1399using a binary chop. The "choplen" variable is nothing to do with the binary
1400chop.
1401
1402Arguments:
1403 name the name of the variable being sought
1404 exists_only TRUE if this is a def: test; passed on to find_header()
1405 skipping TRUE => skip any processing evaluation; this is not the same as
1406 exists_only because def: may test for values that are first
1407 evaluated here
1408 newsize pointer to an int which is initially zero; if the answer is in
1409 a new memory buffer, *newsize is set to its size
1410
1411Returns: NULL if the variable does not exist, or
1412 a pointer to the variable's contents, or
1413 something non-NULL if exists_only is TRUE
1414*/
1415
1416static uschar *
1417find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1418{
1419int first = 0;
1420int last = var_table_size;
1421
38a0a95f
PH
1422/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1423Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1424release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH
1425characters are acl_c or acl_m and the sixth is either a digit or an underscore
1426(this gave backwards compatibility at the changeover). There may be built-in
1427variables whose names start acl_ but they should never start in this way. This
1428slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1429
38a0a95f
PH
1430If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1431set, in which case give an error. */
47ca6d6c 1432
641cb756
PH
1433if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1434 !isalpha(name[5]))
38a0a95f
PH
1435 {
1436 tree_node *node =
1437 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1438 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH
1439 }
1440
38a0a95f 1441/* Handle $auth<n> variables. */
f78eb7c6
PH
1442
1443if (Ustrncmp(name, "auth", 4) == 0)
1444 {
1445 uschar *endptr;
1446 int n = Ustrtoul(name + 4, &endptr, 10);
1447 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1448 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1449 }
1450
47ca6d6c
PH
1451/* For all other variables, search the table */
1452
059ec3d9
PH
1453while (last > first)
1454 {
1455 uschar *s, *domain;
1456 uschar **ss;
1457 int middle = (first + last)/2;
1458 int c = Ustrcmp(name, var_table[middle].name);
1459
1460 if (c > 0) { first = middle + 1; continue; }
1461 if (c < 0) { last = middle; continue; }
1462
1463 /* Found an existing variable. If in skipping state, the value isn't needed,
47ca6d6c 1464 and we want to avoid processing (such as looking up the host name). */
059ec3d9
PH
1465
1466 if (skipping) return US"";
1467
1468 switch (var_table[middle].type)
1469 {
9a26b6b2
PH
1470 case vtype_filter_int:
1471 if (!filter_running) return NULL;
1472 /* Fall through */
1473 /* VVVVVVVVVVVV */
059ec3d9
PH
1474 case vtype_int:
1475 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1476 return var_buffer;
1477
1478 case vtype_ino:
1479 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1480 return var_buffer;
1481
1482 case vtype_gid:
1483 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1484 return var_buffer;
1485
1486 case vtype_uid:
1487 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1488 return var_buffer;
1489
1490 case vtype_stringptr: /* Pointer to string */
1491 s = *((uschar **)(var_table[middle].value));
1492 return (s == NULL)? US"" : s;
1493
1494 case vtype_pid:
1495 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1496 return var_buffer;
1497
1498 case vtype_load_avg:
8669f003 1499 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
059ec3d9
PH
1500 return var_buffer;
1501
1502 case vtype_host_lookup: /* Lookup if not done so */
1503 if (sender_host_name == NULL && sender_host_address != NULL &&
1504 !host_lookup_failed && host_name_lookup() == OK)
1505 host_build_sender_fullhost();
1506 return (sender_host_name == NULL)? US"" : sender_host_name;
1507
1508 case vtype_localpart: /* Get local part from address */
1509 s = *((uschar **)(var_table[middle].value));
1510 if (s == NULL) return US"";
1511 domain = Ustrrchr(s, '@');
1512 if (domain == NULL) return s;
1513 if (domain - s > sizeof(var_buffer) - 1)
1514 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1515 "string expansion", sizeof(var_buffer));
1516 Ustrncpy(var_buffer, s, domain - s);
1517 var_buffer[domain - s] = 0;
1518 return var_buffer;
1519
1520 case vtype_domain: /* Get domain from address */
1521 s = *((uschar **)(var_table[middle].value));
1522 if (s == NULL) return US"";
1523 domain = Ustrrchr(s, '@');
1524 return (domain == NULL)? US"" : domain + 1;
1525
1526 case vtype_msgheaders:
1527 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1528
ff75a1f7
PH
1529 case vtype_msgheaders_raw:
1530 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1531
059ec3d9
PH
1532 case vtype_msgbody: /* Pointer to msgbody string */
1533 case vtype_msgbody_end: /* Ditto, the end of the msg */
1534 ss = (uschar **)(var_table[middle].value);
1535 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1536 {
1537 uschar *body;
0d7eb84a 1538 off_t start_offset = SPOOL_DATA_START_OFFSET;
059ec3d9
PH
1539 int len = message_body_visible;
1540 if (len > message_size) len = message_size;
1541 *ss = body = store_malloc(len+1);
1542 body[0] = 0;
1543 if (var_table[middle].type == vtype_msgbody_end)
1544 {
1545 struct stat statbuf;
1546 if (fstat(deliver_datafile, &statbuf) == 0)
1547 {
1548 start_offset = statbuf.st_size - len;
1549 if (start_offset < SPOOL_DATA_START_OFFSET)
1550 start_offset = SPOOL_DATA_START_OFFSET;
1551 }
1552 }
1553 lseek(deliver_datafile, start_offset, SEEK_SET);
1554 len = read(deliver_datafile, body, len);
1555 if (len > 0)
1556 {
1557 body[len] = 0;
ddea74fa 1558 if (message_body_newlines) /* Separate loops for efficiency */
059ec3d9 1559 {
ddea74fa
PH
1560 while (len > 0)
1561 { if (body[--len] == 0) body[len] = ' '; }
1562 }
1563 else
1564 {
1565 while (len > 0)
1566 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
059ec3d9
PH
1567 }
1568 }
1569 }
1570 return (*ss == NULL)? US"" : *ss;
1571
1572 case vtype_todbsdin: /* BSD inbox time of day */
1573 return tod_stamp(tod_bsdin);
1574
1575 case vtype_tode: /* Unix epoch time of day */
1576 return tod_stamp(tod_epoch);
1577
1578 case vtype_todf: /* Full time of day */
1579 return tod_stamp(tod_full);
1580
1581 case vtype_todl: /* Log format time of day */
1582 return tod_stamp(tod_log_bare); /* (without timezone) */
1583
1584 case vtype_todzone: /* Time zone offset only */
1585 return tod_stamp(tod_zone);
1586
1587 case vtype_todzulu: /* Zulu time */
1588 return tod_stamp(tod_zulu);
1589
1590 case vtype_todlf: /* Log file datestamp tod */
f1e5fef5 1591 return tod_stamp(tod_log_datestamp_daily);
059ec3d9
PH
1592
1593 case vtype_reply: /* Get reply address */
c8ea1597 1594 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
059ec3d9 1595 headers_charset);
6979240a 1596 if (s != NULL) while (isspace(*s)) s++;
059ec3d9 1597 if (s == NULL || *s == 0)
41a13e0a
PH
1598 {
1599 *newsize = 0; /* For the *s==0 case */
c8ea1597
PH
1600 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1601 }
1602 if (s != NULL)
1603 {
1604 uschar *t;
1605 while (isspace(*s)) s++;
1606 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
6979240a
PH
1607 while (t > s && isspace(t[-1])) t--;
1608 *t = 0;
41a13e0a 1609 }
059ec3d9
PH
1610 return (s == NULL)? US"" : s;
1611
1612 /* A recipients list is available only during system message filtering,
1613 during ACL processing after DATA, and while expanding pipe commands
1614 generated from a system filter, but not elsewhere. */
1615
1616 case vtype_recipients:
1617 if (!enable_dollar_recipients) return NULL; else
1618 {
1619 int size = 128;
1620 int ptr = 0;
1621 int i;
1622 s = store_get(size);
1623 for (i = 0; i < recipients_count; i++)
1624 {
1625 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1626 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1627 Ustrlen(recipients_list[i].address));
1628 }
1629 s[ptr] = 0; /* string_cat() leaves room */
1630 }
1631 return s;
8e669ac1 1632
5cb8cbc6
PH
1633 case vtype_pspace:
1634 {
1635 int inodes;
8e669ac1
PH
1636 sprintf(CS var_buffer, "%d",
1637 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
5cb8cbc6
PH
1638 }
1639 return var_buffer;
8e669ac1 1640
5cb8cbc6
PH
1641 case vtype_pinodes:
1642 {
1643 int inodes;
8e669ac1 1644 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
5cb8cbc6
PH
1645 sprintf(CS var_buffer, "%d", inodes);
1646 }
1647 return var_buffer;
80a47a2c 1648
c8307c12 1649 #ifndef DISABLE_DKIM
80a47a2c 1650 case vtype_dkim:
da5dfc3a 1651 return dkim_exim_expand_query((int)(long)var_table[middle].value);
80a47a2c
TK
1652 #endif
1653
059ec3d9
PH
1654 }
1655 }
1656
1657return NULL; /* Unknown variable name */
1658}
1659
1660
1661
1662
1663/*************************************************
1664* Read and expand substrings *
1665*************************************************/
1666
1667/* This function is called to read and expand argument substrings for various
1668expansion items. Some have a minimum requirement that is less than the maximum;
1669in these cases, the first non-present one is set to NULL.
1670
1671Arguments:
1672 sub points to vector of pointers to set
1673 n maximum number of substrings
1674 m minimum required
1675 sptr points to current string pointer
1676 skipping the skipping flag
1677 check_end if TRUE, check for final '}'
1678 name name of item, for error message
1679
1680Returns: 0 OK; string pointer updated
1681 1 curly bracketing error (too few arguments)
1682 2 too many arguments (only if check_end is set); message set
1683 3 other error (expansion failure)
1684*/
1685
1686static int
1687read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1688 BOOL check_end, uschar *name)
1689{
1690int i;
1691uschar *s = *sptr;
1692
1693while (isspace(*s)) s++;
1694for (i = 0; i < n; i++)
1695 {
1696 if (*s != '{')
1697 {
1698 if (i < m) return 1;
1699 sub[i] = NULL;
1700 break;
1701 }
1702 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1703 if (sub[i] == NULL) return 3;
1704 if (*s++ != '}') return 1;
1705 while (isspace(*s)) s++;
1706 }
1707if (check_end && *s++ != '}')
1708 {
1709 if (s[-1] == '{')
1710 {
1711 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1712 "(max is %d)", name, n);
1713 return 2;
1714 }
1715 return 1;
1716 }
1717
1718*sptr = s;
1719return 0;
1720}
1721
1722
1723
1724
1725/*************************************************
641cb756
PH
1726* Elaborate message for bad variable *
1727*************************************************/
1728
1729/* For the "unknown variable" message, take a look at the variable's name, and
1730give additional information about possible ACL variables. The extra information
1731is added on to expand_string_message.
1732
1733Argument: the name of the variable
1734Returns: nothing
1735*/
1736
1737static void
1738check_variable_error_message(uschar *name)
1739{
1740if (Ustrncmp(name, "acl_", 4) == 0)
1741 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1742 (name[4] == 'c' || name[4] == 'm')?
1743 (isalpha(name[5])?
1744 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1745 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1746 ) :
1747 US"user-defined ACL variables must start acl_c or acl_m");
1748}
1749
1750
1751
1752/*************************************************
059ec3d9
PH
1753* Read and evaluate a condition *
1754*************************************************/
1755
1756/*
1757Arguments:
1758 s points to the start of the condition text
1759 yield points to a BOOL to hold the result of the condition test;
1760 if NULL, we are just reading through a condition that is
1761 part of an "or" combination to check syntax, or in a state
1762 where the answer isn't required
1763
1764Returns: a pointer to the first character after the condition, or
1765 NULL after an error
1766*/
1767
1768static uschar *
1769eval_condition(uschar *s, BOOL *yield)
1770{
1771BOOL testfor = TRUE;
1772BOOL tempcond, combined_cond;
1773BOOL *subcondptr;
1774int i, rc, cond_type, roffset;
1775int num[2];
1776struct stat statbuf;
1777uschar name[256];
1778uschar *sub[4];
1779
1780const pcre *re;
1781const uschar *rerror;
1782
1783for (;;)
1784 {
1785 while (isspace(*s)) s++;
1786 if (*s == '!') { testfor = !testfor; s++; } else break;
1787 }
1788
1789/* Numeric comparisons are symbolic */
1790
1791if (*s == '=' || *s == '>' || *s == '<')
1792 {
1793 int p = 0;
1794 name[p++] = *s++;
1795 if (*s == '=')
1796 {
1797 name[p++] = '=';
1798 s++;
1799 }
1800 name[p] = 0;
1801 }
1802
1803/* All other conditions are named */
1804
1805else s = read_name(name, 256, s, US"_");
1806
1807/* If we haven't read a name, it means some non-alpha character is first. */
1808
1809if (name[0] == 0)
1810 {
1811 expand_string_message = string_sprintf("condition name expected, "
1812 "but found \"%.16s\"", s);
1813 return NULL;
1814 }
1815
1816/* Find which condition we are dealing with, and switch on it */
1817
1818cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1819switch(cond_type)
1820 {
9b4768fa
PH
1821 /* def: tests for a non-empty variable, or for the existence of a header. If
1822 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH
1823
1824 case ECOND_DEF:
1825 if (*s != ':')
1826 {
1827 expand_string_message = US"\":\" expected after \"def\"";
1828 return NULL;
1829 }
1830
1831 s = read_name(name, 256, s+1, US"_");
1832
0d85fa3f
PH
1833 /* Test for a header's existence. If the name contains a closing brace
1834 character, this may be a user error where the terminating colon has been
1835 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH
1836
1837 if (Ustrncmp(name, "h_", 2) == 0 ||
1838 Ustrncmp(name, "rh_", 3) == 0 ||
1839 Ustrncmp(name, "bh_", 3) == 0 ||
1840 Ustrncmp(name, "header_", 7) == 0 ||
1841 Ustrncmp(name, "rheader_", 8) == 0 ||
1842 Ustrncmp(name, "bheader_", 8) == 0)
1843 {
1844 s = read_header_name(name, 256, s);
0d85fa3f 1845 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH
1846 if (yield != NULL) *yield =
1847 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1848 }
1849
9b4768fa
PH
1850 /* Test for a variable's having a non-empty value. A non-existent variable
1851 causes an expansion failure. */
059ec3d9
PH
1852
1853 else
1854 {
1855 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1856 if (value == NULL)
1857 {
1858 expand_string_message = (name[0] == 0)?
1859 string_sprintf("variable name omitted after \"def:\"") :
1860 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 1861 check_variable_error_message(name);
059ec3d9
PH
1862 return NULL;
1863 }
9b4768fa 1864 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH
1865 }
1866
1867 return s;
1868
1869
1870 /* first_delivery tests for first delivery attempt */
1871
1872 case ECOND_FIRST_DELIVERY:
1873 if (yield != NULL) *yield = deliver_firsttime == testfor;
1874 return s;
1875
1876
1877 /* queue_running tests for any process started by a queue runner */
1878
1879 case ECOND_QUEUE_RUNNING:
1880 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1881 return s;
1882
1883
1884 /* exists: tests for file existence
1885 isip: tests for any IP address
1886 isip4: tests for an IPv4 address
1887 isip6: tests for an IPv6 address
1888 pam: does PAM authentication
1889 radius: does RADIUS authentication
1890 ldapauth: does LDAP authentication
1891 pwcheck: does Cyrus SASL pwcheck authentication
1892 */
1893
1894 case ECOND_EXISTS:
1895 case ECOND_ISIP:
1896 case ECOND_ISIP4:
1897 case ECOND_ISIP6:
1898 case ECOND_PAM:
1899 case ECOND_RADIUS:
1900 case ECOND_LDAPAUTH:
1901 case ECOND_PWCHECK:
1902
1903 while (isspace(*s)) s++;
1904 if (*s != '{') goto COND_FAILED_CURLY_START;
1905
1906 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1907 if (sub[0] == NULL) return NULL;
1908 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1909
1910 if (yield == NULL) return s; /* No need to run the test if skipping */
1911
1912 switch(cond_type)
1913 {
1914 case ECOND_EXISTS:
1915 if ((expand_forbid & RDO_EXISTS) != 0)
1916 {
1917 expand_string_message = US"File existence tests are not permitted";
1918 return NULL;
1919 }
1920 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1921 break;
1922
1923 case ECOND_ISIP:
1924 case ECOND_ISIP4:
1925 case ECOND_ISIP6:
1926 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 1927 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH
1928 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1929 break;
1930
1931 /* Various authentication tests - all optionally compiled */
1932
1933 case ECOND_PAM:
1934 #ifdef SUPPORT_PAM
1935 rc = auth_call_pam(sub[0], &expand_string_message);
1936 goto END_AUTH;
1937 #else
1938 goto COND_FAILED_NOT_COMPILED;
1939 #endif /* SUPPORT_PAM */
1940
1941 case ECOND_RADIUS:
1942 #ifdef RADIUS_CONFIG_FILE
1943 rc = auth_call_radius(sub[0], &expand_string_message);
1944 goto END_AUTH;
1945 #else
1946 goto COND_FAILED_NOT_COMPILED;
1947 #endif /* RADIUS_CONFIG_FILE */
1948
1949 case ECOND_LDAPAUTH:
1950 #ifdef LOOKUP_LDAP
1951 {
1952 /* Just to keep the interface the same */
1953 BOOL do_cache;
1954 int old_pool = store_pool;
1955 store_pool = POOL_SEARCH;
1956 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1957 &expand_string_message, &do_cache);
1958 store_pool = old_pool;
1959 }
1960 goto END_AUTH;
1961 #else
1962 goto COND_FAILED_NOT_COMPILED;
1963 #endif /* LOOKUP_LDAP */
1964
1965 case ECOND_PWCHECK:
1966 #ifdef CYRUS_PWCHECK_SOCKET
1967 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1968 goto END_AUTH;
1969 #else
1970 goto COND_FAILED_NOT_COMPILED;
1971 #endif /* CYRUS_PWCHECK_SOCKET */
1972
1973 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1974 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1975 END_AUTH:
1976 if (rc == ERROR || rc == DEFER) return NULL;
1977 *yield = (rc == OK) == testfor;
1978 #endif
1979 }
1980 return s;
1981
1982
1983 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1984
1985 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1986
1987 However, the last two are optional. That is why the whole set is enclosed
1988 in their own set or braces. */
1989
1990 case ECOND_SASLAUTHD:
1991 #ifndef CYRUS_SASLAUTHD_SOCKET
1992 goto COND_FAILED_NOT_COMPILED;
1993 #else
1994 while (isspace(*s)) s++;
1995 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1996 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1997 {
1998 case 1: expand_string_message = US"too few arguments or bracketing "
1999 "error for saslauthd";
2000 case 2:
2001 case 3: return NULL;
2002 }
2003 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2004 if (yield != NULL)
2005 {
2006 int rc;
2007 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2008 &expand_string_message);
2009 if (rc == ERROR || rc == DEFER) return NULL;
2010 *yield = (rc == OK) == testfor;
2011 }
2012 return s;
2013 #endif /* CYRUS_SASLAUTHD_SOCKET */
2014
2015
2016 /* symbolic operators for numeric and string comparison, and a number of
2017 other operators, all requiring two arguments.
2018
2019 match: does a regular expression match and sets up the numerical
2020 variables if it succeeds
2021 match_address: matches in an address list
2022 match_domain: matches in a domain list
32d668a5 2023 match_ip: matches a host list that is restricted to IP addresses
059ec3d9
PH
2024 match_local_part: matches in a local part list
2025 crypteq: encrypts plaintext and compares against an encrypted text,
2026 using crypt(), crypt16(), MD5 or SHA-1
2027 */
2028
2029 case ECOND_MATCH:
2030 case ECOND_MATCH_ADDRESS:
2031 case ECOND_MATCH_DOMAIN:
32d668a5 2032 case ECOND_MATCH_IP:
059ec3d9
PH
2033 case ECOND_MATCH_LOCAL_PART:
2034 case ECOND_CRYPTEQ:
2035
2036 case ECOND_NUM_L: /* Numerical comparisons */
2037 case ECOND_NUM_LE:
2038 case ECOND_NUM_E:
2039 case ECOND_NUM_EE:
2040 case ECOND_NUM_G:
2041 case ECOND_NUM_GE:
2042
2043 case ECOND_STR_LT: /* String comparisons */
2044 case ECOND_STR_LTI:
2045 case ECOND_STR_LE:
2046 case ECOND_STR_LEI:
2047 case ECOND_STR_EQ:
2048 case ECOND_STR_EQI:
2049 case ECOND_STR_GT:
2050 case ECOND_STR_GTI:
2051 case ECOND_STR_GE:
2052 case ECOND_STR_GEI:
2053
2054 for (i = 0; i < 2; i++)
2055 {
2056 while (isspace(*s)) s++;
2057 if (*s != '{')
2058 {
2059 if (i == 0) goto COND_FAILED_CURLY_START;
2060 expand_string_message = string_sprintf("missing 2nd string in {} "
2061 "after \"%s\"", name);
2062 return NULL;
2063 }
2064 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
2065 if (sub[i] == NULL) return NULL;
2066 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2067
2068 /* Convert to numerical if required; we know that the names of all the
2069 conditions that compare numbers do not start with a letter. This just saves
2070 checking for them individually. */
2071
d6066548 2072 if (!isalpha(name[0]) && yield != NULL)
059ec3d9 2073 {
5dd1517f
PH
2074 if (sub[i][0] == 0)
2075 {
2076 num[i] = 0;
2077 DEBUG(D_expand)
2078 debug_printf("empty string cast to zero for numerical comparison\n");
2079 }
2080 else
2081 {
2082 num[i] = expand_string_integer(sub[i], FALSE);
2083 if (expand_string_message != NULL) return NULL;
2084 }
059ec3d9
PH
2085 }
2086 }
2087
2088 /* Result not required */
2089
2090 if (yield == NULL) return s;
2091
2092 /* Do an appropriate comparison */
2093
2094 switch(cond_type)
2095 {
2096 case ECOND_NUM_E:
2097 case ECOND_NUM_EE:
2098 *yield = (num[0] == num[1]) == testfor;
2099 break;
2100
2101 case ECOND_NUM_G:
2102 *yield = (num[0] > num[1]) == testfor;
2103 break;
2104
2105 case ECOND_NUM_GE:
2106 *yield = (num[0] >= num[1]) == testfor;
2107 break;
2108
2109 case ECOND_NUM_L:
2110 *yield = (num[0] < num[1]) == testfor;
2111 break;
2112
2113 case ECOND_NUM_LE:
2114 *yield = (num[0] <= num[1]) == testfor;
2115 break;
2116
2117 case ECOND_STR_LT:
2118 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
2119 break;
2120
2121 case ECOND_STR_LTI:
2122 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
2123 break;
2124
2125 case ECOND_STR_LE:
2126 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
2127 break;
2128
2129 case ECOND_STR_LEI:
2130 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
2131 break;
2132
2133 case ECOND_STR_EQ:
2134 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
2135 break;
2136
2137 case ECOND_STR_EQI:
2138 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
2139 break;
2140
2141 case ECOND_STR_GT:
2142 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
2143 break;
2144
2145 case ECOND_STR_GTI:
2146 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
2147 break;
2148
2149 case ECOND_STR_GE:
2150 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2151 break;
2152
2153 case ECOND_STR_GEI:
2154 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2155 break;
2156
2157 case ECOND_MATCH: /* Regular expression match */
2158 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2159 NULL);
2160 if (re == NULL)
2161 {
2162 expand_string_message = string_sprintf("regular expression error in "
2163 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2164 return NULL;
2165 }
2166 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2167 break;
2168
2169 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2170 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2171 goto MATCHED_SOMETHING;
2172
2173 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2174 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2175 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2176 goto MATCHED_SOMETHING;
2177
32d668a5 2178 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2179 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH
2180 {
2181 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2182 sub[0]);
2183 return NULL;
2184 }
2185 else
2186 {
2187 unsigned int *nullcache = NULL;
2188 check_host_block cb;
2189
2190 cb.host_name = US"";
2191 cb.host_address = sub[0];
2192
2193 /* If the host address starts off ::ffff: it is an IPv6 address in
2194 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2195 addresses. */
2196
2197 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2198 cb.host_address + 7 : cb.host_address;
2199
2200 rc = match_check_list(
2201 &sub[1], /* the list */
2202 0, /* separator character */
2203 &hostlist_anchor, /* anchor pointer */
2204 &nullcache, /* cache pointer */
2205 check_host, /* function for testing */
2206 &cb, /* argument for function */
2207 MCL_HOST, /* type of check */
2208 sub[0], /* text for debugging */
2209 NULL); /* where to pass back data */
2210 }
2211 goto MATCHED_SOMETHING;
2212
059ec3d9
PH
2213 case ECOND_MATCH_LOCAL_PART:
2214 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2215 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2216 /* Fall through */
9a26b6b2 2217 /* VVVVVVVVVVVV */
059ec3d9
PH
2218 MATCHED_SOMETHING:
2219 switch(rc)
2220 {
2221 case OK:
2222 *yield = testfor;
2223 break;
2224
2225 case FAIL:
2226 *yield = !testfor;
2227 break;
2228
2229 case DEFER:
2230 expand_string_message = string_sprintf("unable to complete match "
2231 "against \"%s\": %s", sub[1], search_error_message);
2232 return NULL;
2233 }
2234
2235 break;
2236
2237 /* Various "encrypted" comparisons. If the second string starts with
2238 "{" then an encryption type is given. Default to crypt() or crypt16()
2239 (build-time choice). */
2240
2241 case ECOND_CRYPTEQ:
2242 #ifndef SUPPORT_CRYPTEQ
2243 goto COND_FAILED_NOT_COMPILED;
2244 #else
2245 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2246 {
2247 int sublen = Ustrlen(sub[1]+5);
2248 md5 base;
2249 uschar digest[16];
2250
2251 md5_start(&base);
2252 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2253
2254 /* If the length that we are comparing against is 24, the MD5 digest
2255 is expressed as a base64 string. This is the way LDAP does it. However,
2256 some other software uses a straightforward hex representation. We assume
2257 this if the length is 32. Other lengths fail. */
2258
2259 if (sublen == 24)
2260 {
2261 uschar *coded = auth_b64encode((uschar *)digest, 16);
2262 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2263 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2264 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2265 }
2266 else if (sublen == 32)
2267 {
2268 int i;
2269 uschar coded[36];
2270 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2271 coded[32] = 0;
2272 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2273 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2274 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2275 }
2276 else
2277 {
2278 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2279 "fail\n crypted=%s\n", sub[1]+5);
2280 *yield = !testfor;
2281 }
2282 }
2283
2284 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2285 {
2286 int sublen = Ustrlen(sub[1]+6);
2287 sha1 base;
2288 uschar digest[20];
2289
2290 sha1_start(&base);
2291 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2292
2293 /* If the length that we are comparing against is 28, assume the SHA1
2294 digest is expressed as a base64 string. If the length is 40, assume a
2295 straightforward hex representation. Other lengths fail. */
2296
2297 if (sublen == 28)
2298 {
2299 uschar *coded = auth_b64encode((uschar *)digest, 20);
2300 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2301 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2302 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2303 }
2304 else if (sublen == 40)
2305 {
2306 int i;
2307 uschar coded[44];
2308 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2309 coded[40] = 0;
2310 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2311 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2312 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2313 }
2314 else
2315 {
2316 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2317 "fail\n crypted=%s\n", sub[1]+6);
2318 *yield = !testfor;
2319 }
2320 }
2321
2322 else /* {crypt} or {crypt16} and non-{ at start */
2323 {
2324 int which = 0;
2325 uschar *coded;
2326
2327 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2328 {
2329 sub[1] += 7;
2330 which = 1;
2331 }
2332 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2333 {
2334 sub[1] += 9;
2335 which = 2;
2336 }
2337 else if (sub[1][0] == '{')
2338 {
2339 expand_string_message = string_sprintf("unknown encryption mechanism "
2340 "in \"%s\"", sub[1]);
2341 return NULL;
2342 }
2343
2344 switch(which)
2345 {
2346 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2347 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2348 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2349 }
2350
2351 #define STR(s) # s
2352 #define XSTR(s) STR(s)
2353 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2354 " subject=%s\n crypted=%s\n",
2355 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2356 coded, sub[1]);
2357 #undef STR
2358 #undef XSTR
2359
2360 /* If the encrypted string contains fewer than two characters (for the
2361 salt), force failure. Otherwise we get false positives: with an empty
2362 string the yield of crypt() is an empty string! */
2363
2364 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2365 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2366 }
2367 break;
2368 #endif /* SUPPORT_CRYPTEQ */
2369 } /* Switch for comparison conditions */
2370
2371 return s; /* End of comparison conditions */
2372
2373
2374 /* and/or: computes logical and/or of several conditions */
2375
2376 case ECOND_AND:
2377 case ECOND_OR:
2378 subcondptr = (yield == NULL)? NULL : &tempcond;
2379 combined_cond = (cond_type == ECOND_AND);
2380
2381 while (isspace(*s)) s++;
2382 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2383
2384 for (;;)
2385 {
2386 while (isspace(*s)) s++;
2387 if (*s == '}') break;
2388 if (*s != '{')
2389 {
2390 expand_string_message = string_sprintf("each subcondition "
2391 "inside an \"%s{...}\" condition must be in its own {}", name);
2392 return NULL;
2393 }
2394
2395 s = eval_condition(s+1, subcondptr);
2396 if (s == NULL)
2397 {
2398 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2399 expand_string_message, name);
2400 return NULL;
2401 }
2402 while (isspace(*s)) s++;
2403
2404 if (*s++ != '}')
2405 {
2406 expand_string_message = string_sprintf("missing } at end of condition "
2407 "inside \"%s\" group", name);
2408 return NULL;
2409 }
2410
2411 if (yield != NULL)
2412 {
2413 if (cond_type == ECOND_AND)
2414 {
2415 combined_cond &= tempcond;
2416 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2417 } /* evaluate any more */
2418 else
2419 {
2420 combined_cond |= tempcond;
2421 if (combined_cond) subcondptr = NULL; /* once true, don't */
2422 } /* evaluate any more */
2423 }
2424 }
2425
2426 if (yield != NULL) *yield = (combined_cond == testfor);
2427 return ++s;
2428
2429
0ce9abe6
PH
2430 /* forall/forany: iterates a condition with different values */
2431
2432 case ECOND_FORALL:
2433 case ECOND_FORANY:
2434 {
2435 int sep = 0;
282b357d 2436 uschar *save_iterate_item = iterate_item;
0ce9abe6
PH
2437
2438 while (isspace(*s)) s++;
2439 if (*s++ != '{') goto COND_FAILED_CURLY_START;
0ce9abe6
PH
2440 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL));
2441 if (sub[0] == NULL) return NULL;
2442 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2443
2444 while (isspace(*s)) s++;
2445 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2446
2447 sub[1] = s;
2448
2449 /* Call eval_condition once, with result discarded (as if scanning a
2450 "false" part). This allows us to find the end of the condition, because if
2451 the list it empty, we won't actually evaluate the condition for real. */
2452
2453 s = eval_condition(sub[1], NULL);
2454 if (s == NULL)
2455 {
2456 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2457 expand_string_message, name);
2458 return NULL;
2459 }
2460 while (isspace(*s)) s++;
2461
2462 if (*s++ != '}')
2463 {
2464 expand_string_message = string_sprintf("missing } at end of condition "
2465 "inside \"%s\"", name);
2466 return NULL;
2467 }
2468
2469 if (yield != NULL) *yield = !testfor;
2470 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2471 {
2472 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2473 if (eval_condition(sub[1], &tempcond) == NULL)
2474 {
2475 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2476 expand_string_message, name);
e58c13cc 2477 iterate_item = save_iterate_item;
0ce9abe6
PH
2478 return NULL;
2479 }
2480 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2481 tempcond? "true":"false");
2482
2483 if (yield != NULL) *yield = (tempcond == testfor);
2484 if (tempcond == (cond_type == ECOND_FORANY)) break;
2485 }
2486
282b357d 2487 iterate_item = save_iterate_item;
0ce9abe6
PH
2488 return s;
2489 }
2490
2491
f3766eb5
NM
2492 /* The bool{} expansion condition maps a string to boolean.
2493 The values supported should match those supported by the ACL condition
2494 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2495 of true/false. Note that Router "condition" rules have a different
2496 interpretation, where general data can be used and only a few values
2497 map to FALSE.
2498 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP
2499 only matches true/yes/false/no.
2500 The bool_lax{} condition matches the Router logic, which is much more
2501 liberal. */
f3766eb5 2502 case ECOND_BOOL:
6a8de854 2503 case ECOND_BOOL_LAX:
f3766eb5
NM
2504 {
2505 uschar *sub_arg[1];
71265ae9 2506 uschar *t, *t2;
6a8de854 2507 uschar *ourname;
f3766eb5
NM
2508 size_t len;
2509 BOOL boolvalue = FALSE;
2510 while (isspace(*s)) s++;
2511 if (*s != '{') goto COND_FAILED_CURLY_START;
6a8de854
PP
2512 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
2513 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname))
f3766eb5 2514 {
6a8de854
PP
2515 case 1: expand_string_message = string_sprintf(
2516 "too few arguments or bracketing error for %s",
2517 ourname);
f3766eb5
NM
2518 /*FALLTHROUGH*/
2519 case 2:
2520 case 3: return NULL;
2521 }
2522 t = sub_arg[0];
2523 while (isspace(*t)) t++;
2524 len = Ustrlen(t);
71265ae9
PP
2525 if (len)
2526 {
2527 /* trailing whitespace: seems like a good idea to ignore it too */
2528 t2 = t + len - 1;
2529 while (isspace(*t2)) t2--;
2530 if (t2 != (t + len))
2531 {
2532 *++t2 = '\0';
2533 len = t2 - t;
2534 }
2535 }
f3766eb5 2536 DEBUG(D_expand)
6a8de854
PP
2537 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2538 /* logic for the lax case from expand_check_condition(), which also does
2539 expands, and the logic is both short and stable enough that there should
2540 be no maintenance burden from replicating it. */
f3766eb5
NM
2541 if (len == 0)
2542 boolvalue = FALSE;
2543 else if (Ustrspn(t, "0123456789") == len)
6a8de854 2544 {
f3766eb5 2545 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP
2546 /* expand_check_condition only does a literal string "0" check */
2547 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2548 boolvalue = TRUE;
2549 }
f3766eb5
NM
2550 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2551 boolvalue = TRUE;
2552 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2553 boolvalue = FALSE;
6a8de854
PP
2554 else if (cond_type == ECOND_BOOL_LAX)
2555 boolvalue = TRUE;
f3766eb5
NM
2556 else
2557 {
2558 expand_string_message = string_sprintf("unrecognised boolean "
2559 "value \"%s\"", t);
2560 return NULL;
2561 }
5ee6f336 2562 if (yield != NULL) *yield = (boolvalue == testfor);
f3766eb5
NM
2563 return s;
2564 }
2565
059ec3d9
PH
2566 /* Unknown condition */
2567
2568 default:
2569 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2570 return NULL;
2571 } /* End switch on condition type */
2572
2573/* Missing braces at start and end of data */
2574
2575COND_FAILED_CURLY_START:
2576expand_string_message = string_sprintf("missing { after \"%s\"", name);
2577return NULL;
2578
2579COND_FAILED_CURLY_END:
2580expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2581 name);
2582return NULL;
2583
2584/* A condition requires code that is not compiled */
2585
2586#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2587 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2588 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2589COND_FAILED_NOT_COMPILED:
2590expand_string_message = string_sprintf("support for \"%s\" not compiled",
2591 name);
2592return NULL;
2593#endif
2594}
2595
2596
2597
2598
2599/*************************************************
2600* Save numerical variables *
2601*************************************************/
2602
2603/* This function is called from items such as "if" that want to preserve and
2604restore the numbered variables.
2605
2606Arguments:
2607 save_expand_string points to an array of pointers to set
2608 save_expand_nlength points to an array of ints for the lengths
2609
2610Returns: the value of expand max to save
2611*/
2612
2613static int
2614save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2615{
2616int i;
2617for (i = 0; i <= expand_nmax; i++)
2618 {
2619 save_expand_nstring[i] = expand_nstring[i];
2620 save_expand_nlength[i] = expand_nlength[i];
2621 }
2622return expand_nmax;
2623}
2624
2625
2626
2627/*************************************************
2628* Restore numerical variables *
2629*************************************************/
2630
2631/* This function restored saved values of numerical strings.
2632
2633Arguments:
2634 save_expand_nmax the number of strings to restore
2635 save_expand_string points to an array of pointers
2636 save_expand_nlength points to an array of ints
2637
2638Returns: nothing
2639*/
2640
2641static void
2642restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2643 int *save_expand_nlength)
2644{
2645int i;
2646expand_nmax = save_expand_nmax;
2647for (i = 0; i <= expand_nmax; i++)
2648 {
2649 expand_nstring[i] = save_expand_nstring[i];
2650 expand_nlength[i] = save_expand_nlength[i];
2651 }
2652}
2653
2654
2655
2656
2657
2658/*************************************************
2659* Handle yes/no substrings *
2660*************************************************/
2661
2662/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2663alternative substrings that depend on whether or not the condition was true,
2664or the lookup or extraction succeeded. The substrings always have to be
2665expanded, to check their syntax, but "skipping" is set when the result is not
2666needed - this avoids unnecessary nested lookups.
2667
2668Arguments:
2669 skipping TRUE if we were skipping when this item was reached
2670 yes TRUE if the first string is to be used, else use the second
2671 save_lookup a value to put back into lookup_value before the 2nd expansion
2672 sptr points to the input string pointer
2673 yieldptr points to the output string pointer
2674 sizeptr points to the output string size
2675 ptrptr points to the output string pointer
2676 type "lookup" or "if" or "extract" or "run", for error message
2677
2678Returns: 0 OK; lookup_value has been reset to save_lookup
2679 1 expansion failed
2680 2 expansion failed because of bracketing error
2681*/
2682
2683static int
2684process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2685 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2686{
2687int rc = 0;
2688uschar *s = *sptr; /* Local value */
2689uschar *sub1, *sub2;
2690
2691/* If there are no following strings, we substitute the contents of $value for
063b1e99 2692lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 2693"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 2694items. */
059ec3d9
PH
2695
2696while (isspace(*s)) s++;
2697if (*s == '}')
2698 {
063b1e99
PH
2699 if (type[0] == 'i')
2700 {
8e669ac1 2701 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH
2702 }
2703 else
8e669ac1 2704 {
063b1e99
PH
2705 if (yes && lookup_value != NULL)
2706 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2707 Ustrlen(lookup_value));
2708 lookup_value = save_lookup;
2709 }
059ec3d9
PH
2710 s++;
2711 goto RETURN;
2712 }
2713
9b4768fa
PH
2714/* The first following string must be braced. */
2715
2716if (*s++ != '{') goto FAILED_CURLY;
2717
059ec3d9
PH
2718/* Expand the first substring. Forced failures are noticed only if we actually
2719want this string. Set skipping in the call in the fail case (this will always
2720be the case if we were already skipping). */
2721
9b4768fa 2722sub1 = expand_string_internal(s, TRUE, &s, !yes);
059ec3d9
PH
2723if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2724expand_string_forcedfail = FALSE;
2725if (*s++ != '}') goto FAILED_CURLY;
2726
2727/* If we want the first string, add it to the output */
2728
2729if (yes)
2730 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2731
2732/* If this is called from a lookup or an extract, we want to restore $value to
2733what it was at the start of the item, so that it has this value during the
d20976dc
PH
2734second string expansion. For the call from "if" or "run" to this function,
2735save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH
2736
2737lookup_value = save_lookup;
2738
2739/* There now follows either another substring, or "fail", or nothing. This
2740time, forced failures are noticed only if we want the second string. We must
2741set skipping in the nested call if we don't want this string, or if we were
2742already skipping. */
2743
2744while (isspace(*s)) s++;
2745if (*s == '{')
2746 {
2747 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2748 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2749 expand_string_forcedfail = FALSE;
2750 if (*s++ != '}') goto FAILED_CURLY;
2751
2752 /* If we want the second string, add it to the output */
2753
2754 if (!yes)
2755 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2756 }
2757
2758/* If there is no second string, but the word "fail" is present when the use of
2759the second string is wanted, set a flag indicating it was a forced failure
2760rather than a syntactic error. Swallow the terminating } in case this is nested
2761inside another lookup or if or extract. */
2762
2763else if (*s != '}')
2764 {
2765 uschar name[256];
2766 s = read_name(name, sizeof(name), s, US"_");
2767 if (Ustrcmp(name, "fail") == 0)
2768 {
2769 if (!yes && !skipping)
2770 {
2771 while (isspace(*s)) s++;
2772 if (*s++ != '}') goto FAILED_CURLY;
2773 expand_string_message =
2774 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2775 expand_string_forcedfail = TRUE;
2776 goto FAILED;
2777 }
2778 }
2779 else
2780 {
2781 expand_string_message =
2782 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2783 goto FAILED;
2784 }
2785 }
2786
2787/* All we have to do now is to check on the final closing brace. */
2788
2789while (isspace(*s)) s++;
2790if (*s++ == '}') goto RETURN;
2791
2792/* Get here if there is a bracketing failure */
2793
2794FAILED_CURLY:
2795rc++;
2796
2797/* Get here for other failures */
2798
2799FAILED:
2800rc++;
2801
2802/* Update the input pointer value before returning */
2803
2804RETURN:
2805*sptr = s;
2806return rc;
2807}
2808
2809
2810
2811
059ec3d9
PH
2812/*************************************************
2813* Handle MD5 or SHA-1 computation for HMAC *
2814*************************************************/
2815
2816/* These are some wrapping functions that enable the HMAC code to be a bit
2817cleaner. A good compiler will spot the tail recursion.
2818
2819Arguments:
2820 type HMAC_MD5 or HMAC_SHA1
2821 remaining are as for the cryptographic hash functions
2822
2823Returns: nothing
2824*/
2825
2826static void
2827chash_start(int type, void *base)
2828{
2829if (type == HMAC_MD5)
2830 md5_start((md5 *)base);
2831else
2832 sha1_start((sha1 *)base);
2833}
2834
2835static void
2836chash_mid(int type, void *base, uschar *string)
2837{
2838if (type == HMAC_MD5)
2839 md5_mid((md5 *)base, string);
2840else
2841 sha1_mid((sha1 *)base, string);
2842}
2843
2844static void
2845chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2846{
2847if (type == HMAC_MD5)
2848 md5_end((md5 *)base, string, length, digest);
2849else
2850 sha1_end((sha1 *)base, string, length, digest);
2851}
2852
2853
2854
2855
2856
1549ea3b
PH
2857/********************************************************
2858* prvs: Get last three digits of days since Jan 1, 1970 *
2859********************************************************/
2860
2861/* This is needed to implement the "prvs" BATV reverse
2862 path signing scheme
2863
2864Argument: integer "days" offset to add or substract to
2865 or from the current number of days.
2866
2867Returns: pointer to string containing the last three
2868 digits of the number of days since Jan 1, 1970,
2869 modified by the offset argument, NULL if there
2870 was an error in the conversion.
2871
2872*/
2873
2874static uschar *
2875prvs_daystamp(int day_offset)
2876{
a86229cf
PH
2877uschar *days = store_get(32); /* Need at least 24 for cases */
2878(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 2879 (time(NULL) + day_offset*86400)/86400);
e169f567 2880return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH
2881}
2882
2883
2884
2885/********************************************************
2886* prvs: perform HMAC-SHA1 computation of prvs bits *
2887********************************************************/
2888
2889/* This is needed to implement the "prvs" BATV reverse
2890 path signing scheme
2891
2892Arguments:
2893 address RFC2821 Address to use
2894 key The key to use (must be less than 64 characters
2895 in size)
2896 key_num Single-digit key number to use. Defaults to
2897 '0' when NULL.
2898
2899Returns: pointer to string containing the first three
2900 bytes of the final hash in hex format, NULL if
2901 there was an error in the process.
2902*/
2903
2904static uschar *
2905prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2906{
2907uschar *hash_source, *p;
2908int size = 0,offset = 0,i;
2909sha1 sha1_base;
2910void *use_base = &sha1_base;
2911uschar innerhash[20];
2912uschar finalhash[20];
2913uschar innerkey[64];
2914uschar outerkey[64];
2915uschar *finalhash_hex = store_get(40);
2916
2917if (key_num == NULL)
2918 key_num = US"0";
2919
2920if (Ustrlen(key) > 64)
2921 return NULL;
2922
2923hash_source = string_cat(NULL,&size,&offset,key_num,1);
2924string_cat(hash_source,&size,&offset,daystamp,3);
2925string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2926hash_source[offset] = '\0';
2927
2928DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2929
2930memset(innerkey, 0x36, 64);
2931memset(outerkey, 0x5c, 64);
2932
2933for (i = 0; i < Ustrlen(key); i++)
2934 {
2935 innerkey[i] ^= key[i];
2936 outerkey[i] ^= key[i];
2937 }
2938
2939chash_start(HMAC_SHA1, use_base);
2940chash_mid(HMAC_SHA1, use_base, innerkey);
2941chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2942
2943chash_start(HMAC_SHA1, use_base);
2944chash_mid(HMAC_SHA1, use_base, outerkey);
2945chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2946
2947p = finalhash_hex;
2948for (i = 0; i < 3; i++)
2949 {
2950 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2951 *p++ = hex_digits[finalhash[i] & 0x0f];
2952 }
2953*p = '\0';
2954
2955return finalhash_hex;
2956}
2957
2958
2959
2960
059ec3d9
PH
2961/*************************************************
2962* Join a file onto the output string *
2963*************************************************/
2964
2965/* This is used for readfile and after a run expansion. It joins the contents
2966of a file onto the output string, globally replacing newlines with a given
2967string (optionally). The file is closed at the end.
2968
2969Arguments:
2970 f the FILE
2971 yield pointer to the expandable string
2972 sizep pointer to the current size
2973 ptrp pointer to the current position
2974 eol newline replacement string, or NULL
2975
2976Returns: new value of string pointer
2977*/
2978
2979static uschar *
2980cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2981{
2982int eollen;
2983uschar buffer[1024];
2984
2985eollen = (eol == NULL)? 0 : Ustrlen(eol);
2986
2987while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2988 {
2989 int len = Ustrlen(buffer);
2990 if (eol != NULL && buffer[len-1] == '\n') len--;
2991 yield = string_cat(yield, sizep, ptrp, buffer, len);
2992 if (buffer[len] != 0)
2993 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2994 }
2995
2996if (yield != NULL) yield[*ptrp] = 0;
2997
2998return yield;
2999}
3000
3001
3002
3003
3004/*************************************************
3005* Evaluate numeric expression *
3006*************************************************/
3007
af561417
PH
3008/* This is a set of mutually recursive functions that evaluate an arithmetic
3009expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3010these functions that is called from elsewhere is eval_expr, whose interface is:
059ec3d9
PH
3011
3012Arguments:
af561417
PH
3013 sptr pointer to the pointer to the string - gets updated
3014 decimal TRUE if numbers are to be assumed decimal
3015 error pointer to where to put an error message - must be NULL on input
3016 endket TRUE if ')' must terminate - FALSE for external call
059ec3d9 3017
af561417
PH
3018Returns: on success: the value of the expression, with *error still NULL
3019 on failure: an undefined value, with *error = a message
059ec3d9
PH
3020*/
3021
af561417
PH
3022static int eval_op_or(uschar **, BOOL, uschar **);
3023
059ec3d9
PH
3024
3025static int
3026eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3027{
3028uschar *s = *sptr;
af561417 3029int x = eval_op_or(&s, decimal, error);
059ec3d9
PH
3030if (*error == NULL)
3031 {
af561417 3032 if (endket)
059ec3d9 3033 {
af561417
PH
3034 if (*s != ')')
3035 *error = US"expecting closing parenthesis";
3036 else
3037 while (isspace(*(++s)));
059ec3d9 3038 }
af561417 3039 else if (*s != 0) *error = US"expecting operator";
059ec3d9 3040 }
059ec3d9
PH
3041*sptr = s;
3042return x;
3043}
3044
af561417 3045
059ec3d9 3046static int
af561417 3047eval_number(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH
3048{
3049register int c;
3050int n;
3051uschar *s = *sptr;
3052while (isspace(*s)) s++;
3053c = *s;
af561417 3054if (isdigit(c))
059ec3d9
PH
3055 {
3056 int count;
3057 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
3058 s += count;
3059 if (tolower(*s) == 'k') { n *= 1024; s++; }
3060 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
3061 while (isspace (*s)) s++;
3062 }
3063else if (c == '(')
3064 {
3065 s++;
3066 n = eval_expr(&s, decimal, error, 1);
3067 }
3068else
3069 {
3070 *error = US"expecting number or opening parenthesis";
3071 n = 0;
3072 }
3073*sptr = s;
3074return n;
3075}
3076
af561417
PH
3077
3078static int eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3079{
3080uschar *s = *sptr;
3081int x;
3082while (isspace(*s)) s++;
3083if (*s == '+' || *s == '-' || *s == '~')
3084 {
3085 int op = *s++;
3086 x = eval_op_unary(&s, decimal, error);
3087 if (op == '-') x = -x;
3088 else if (op == '~') x = ~x;
3089 }
3090else
3091 {
3092 x = eval_number(&s, decimal, error);
3093 }
3094*sptr = s;
3095return x;
3096}
3097
3098
3099static int eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH
3100{
3101uschar *s = *sptr;
af561417 3102int x = eval_op_unary(&s, decimal, error);
059ec3d9
PH
3103if (*error == NULL)
3104 {
5591031b 3105 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH
3106 {
3107 int op = *s++;
af561417 3108 int y = eval_op_unary(&s, decimal, error);
059ec3d9 3109 if (*error != NULL) break;
053a9aa3
PP
3110 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3111 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3112 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3113 * -N*M is INT_MIN will yielf INT_MIN.
3114 * Since we don't support floating point, this is somewhat simpler.
3115 * Ideally, we'd return an error, but since we overflow for all other
3116 * arithmetic, consistency suggests otherwise, but what's the correct value
3117 * to use? There is none.
3118 * The C standard guarantees overflow for unsigned arithmetic but signed
3119 * overflow invokes undefined behaviour; in practice, this is overflow
3120 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3121 * that long/longlong larger than int are available, or we could just work
3122 * with larger types. We should consider whether to guarantee 32bit eval
3123 * and 64-bit working variables, with errors returned. For now ...
3124 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3125 * can just let the other invalid results occur otherwise, as they have
3126 * until now. For this one case, we can coerce.
3127 */
3128 if (y == -1 && x == INT_MIN && op != '*')
3129 {
3130 DEBUG(D_expand)
3131 debug_printf("Integer exception dodging: %d%c-1 coerced to %d\n",
3132 INT_MIN, op, INT_MAX);
3133 x = INT_MAX;
3134 continue;
3135 }
a5b52695
PP
3136 if (op == '*')
3137 x *= y;
3138 else
3139 {
3140 if (y == 0)
54e7ce4a 3141 {
a5b52695
PP
3142 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3143 x = 0;
3144 break;
54e7ce4a 3145 }
a5b52695
PP
3146 if (op == '/')
3147 x /= y;
3148 else
3149 x %= y;
3150 }
059ec3d9
PH
3151 }
3152 }
3153*sptr = s;
3154return x;
3155}
3156
3157
af561417
PH
3158static int eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3159{
3160uschar *s = *sptr;
3161int x = eval_op_mult(&s, decimal, error);
3162if (*error == NULL)
3163 {
3164 while (*s == '+' || *s == '-')
3165 {
3166 int op = *s++;
3167 int y = eval_op_mult(&s, decimal, error);
3168 if (*error != NULL) break;
3169 if (op == '+') x += y; else x -= y;
3170 }
3171 }
3172*sptr = s;
3173return x;
3174}
3175
3176
3177static int eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3178{
3179uschar *s = *sptr;
3180int x = eval_op_sum(&s, decimal, error);
3181if (*error == NULL)
3182 {
3183 while ((*s == '<' || *s == '>') && s[1] == s[0])
3184 {
3185 int y;
3186 int op = *s++;
3187 s++;
3188 y = eval_op_sum(&s, decimal, error);
3189 if (*error != NULL) break;
3190 if (op == '<') x <<= y; else x >>= y;
3191 }
3192 }
3193*sptr = s;
3194return x;
3195}
3196
3197
3198static int eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3199{
3200uschar *s = *sptr;
3201int x = eval_op_shift(&s, decimal, error);
3202if (*error == NULL)
3203 {
3204 while (*s == '&')
3205 {
3206 int y;
3207 s++;
3208 y = eval_op_shift(&s, decimal, error);
3209 if (*error != NULL) break;
3210 x &= y;
3211 }
3212 }
3213*sptr = s;
3214return x;
3215}
3216
3217
3218static int eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3219{
3220uschar *s = *sptr;
3221int x = eval_op_and(&s, decimal, error);
3222if (*error == NULL)
3223 {
3224 while (*s == '^')
3225 {
3226 int y;
3227 s++;
3228 y = eval_op_and(&s, decimal, error);
3229 if (*error != NULL) break;
3230 x ^= y;
3231 }
3232 }
3233*sptr = s;
3234return x;
3235}
3236
3237
3238static int eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3239{
3240uschar *s = *sptr;
3241int x = eval_op_xor(&s, decimal, error);
3242if (*error == NULL)
3243 {
3244 while (*s == '|')
3245 {
3246 int y;
3247 s++;
3248 y = eval_op_xor(&s, decimal, error);
3249 if (*error != NULL) break;
3250 x |= y;
3251 }
3252 }
3253*sptr = s;
3254return x;
3255}
3256
059ec3d9
PH
3257
3258
3259/*************************************************
3260* Expand string *
3261*************************************************/
3262
3263/* Returns either an unchanged string, or the expanded string in stacking pool
3264store. Interpreted sequences are:
3265
3266 \... normal escaping rules
3267 $name substitutes the variable
3268 ${name} ditto
3269 ${op:string} operates on the expanded string value
3270 ${item{arg1}{arg2}...} expands the args and then does the business
3271 some literal args are not enclosed in {}
3272
3273There are now far too many operators and item types to make it worth listing
3274them here in detail any more.
3275
3276We use an internal routine recursively to handle embedded substrings. The
3277external function follows. The yield is NULL if the expansion failed, and there
3278are two cases: if something collapsed syntactically, or if "fail" was given
3279as the action on a lookup failure. These can be distinguised by looking at the
3280variable expand_string_forcedfail, which is TRUE in the latter case.
3281
3282The skipping flag is set true when expanding a substring that isn't actually
3283going to be used (after "if" or "lookup") and it prevents lookups from
3284happening lower down.
3285
3286Store usage: At start, a store block of the length of the input plus 64
3287is obtained. This is expanded as necessary by string_cat(), which might have to
3288get a new block, or might be able to expand the original. At the end of the
3289function we can release any store above that portion of the yield block that
3290was actually used. In many cases this will be optimal.
3291
3292However: if the first item in the expansion is a variable name or header name,
3293we reset the store before processing it; if the result is in fresh store, we
3294use that without copying. This is helpful for expanding strings like
3295$message_headers which can get very long.
3296
d6b4d938
TF
3297There's a problem if a ${dlfunc item has side-effects that cause allocation,
3298since resetting the store at the end of the expansion will free store that was
3299allocated by the plugin code as well as the slop after the expanded string. So
3300we skip any resets if ${dlfunc has been used. This is an unfortunate
3301consequence of string expansion becoming too powerful.
3302
059ec3d9
PH
3303Arguments:
3304 string the string to be expanded
3305 ket_ends true if expansion is to stop at }
3306 left if not NULL, a pointer to the first character after the
3307 expansion is placed here (typically used with ket_ends)
3308 skipping TRUE for recursive calls when the value isn't actually going
3309 to be used (to allow for optimisation)
3310
3311Returns: NULL if expansion fails:
3312 expand_string_forcedfail is set TRUE if failure was forced
3313 expand_string_message contains a textual error message
3314 a pointer to the expanded string on success
3315*/
3316
3317static uschar *
3318expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
3319 BOOL skipping)
3320{
3321int ptr = 0;
3322int size = Ustrlen(string)+ 64;
3323int item_type;
3324uschar *yield = store_get(size);
3325uschar *s = string;
3326uschar *save_expand_nstring[EXPAND_MAXN+1];
3327int save_expand_nlength[EXPAND_MAXN+1];
d6b4d938 3328BOOL resetok = TRUE;
059ec3d9
PH
3329
3330expand_string_forcedfail = FALSE;
3331expand_string_message = US"";
3332
3333while (*s != 0)
3334 {
3335 uschar *value;
3336 uschar name[256];
3337
3338 /* \ escapes the next character, which must exist, or else
3339 the expansion fails. There's a special escape, \N, which causes
3340 copying of the subject verbatim up to the next \N. Otherwise,
3341 the escapes are the standard set. */
3342
3343 if (*s == '\\')
3344 {
3345 if (s[1] == 0)
3346 {
3347 expand_string_message = US"\\ at end of string";
3348 goto EXPAND_FAILED;
3349 }
3350
3351 if (s[1] == 'N')
3352 {
3353 uschar *t = s + 2;
3354 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3355 yield = string_cat(yield, &size, &ptr, t, s - t);
3356 if (*s != 0) s += 2;
3357 }
3358
3359 else
3360 {
3361 uschar ch[1];
3362 ch[0] = string_interpret_escape(&s);
3363 s++;
3364 yield = string_cat(yield, &size, &ptr, ch, 1);
3365 }
3366
3367 continue;
3368 }
3369
3370 /* Anything other than $ is just copied verbatim, unless we are
3371 looking for a terminating } character. */
3372
3373 if (ket_ends && *s == '}') break;
3374
3375 if (*s != '$')
3376 {
3377 yield = string_cat(yield, &size, &ptr, s++, 1);
3378 continue;
3379 }
3380
3381 /* No { after the $ - must be a plain name or a number for string
3382 match variable. There has to be a fudge for variables that are the
3383 names of header fields preceded by "$header_" because header field
3384 names can contain any printing characters except space and colon.
3385 For those that don't like typing this much, "$h_" is a synonym for
3386 "$header_". A non-existent header yields a NULL value; nothing is
3387 inserted. */
3388
3389 if (isalpha((*(++s))))
3390 {
3391 int len;
3392 int newsize = 0;
3393
3394 s = read_name(name, sizeof(name), s, US"_");
3395
3396 /* If this is the first thing to be expanded, release the pre-allocated
3397 buffer. */
3398
3399 if (ptr == 0 && yield != NULL)
3400 {
d6b4d938 3401 if (resetok) store_reset(yield);
059ec3d9
PH
3402 yield = NULL;
3403 size = 0;
3404 }
3405
3406 /* Header */
3407
3408 if (Ustrncmp(name, "h_", 2) == 0 ||
3409 Ustrncmp(name, "rh_", 3) == 0 ||
3410 Ustrncmp(name, "bh_", 3) == 0 ||
3411 Ustrncmp(name, "header_", 7) == 0 ||
3412 Ustrncmp(name, "rheader_", 8) == 0 ||
3413 Ustrncmp(name, "bheader_", 8) == 0)
3414 {
3415 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3416 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3417 s = read_header_name(name, sizeof(name), s);
3418 value = find_header(name, FALSE, &newsize, want_raw, charset);
3419
3420 /* If we didn't find the header, and the header contains a closing brace
0d85fa3f 3421 character, this may be a user error where the terminating colon
059ec3d9
PH
3422 has been omitted. Set a flag to adjust the error message in this case.
3423 But there is no error here - nothing gets inserted. */
3424
3425 if (value == NULL)
3426 {
3427 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3428 continue;
3429 }
3430 }
3431
3432 /* Variable */
3433
3434 else
3435 {
3436 value = find_variable(name, FALSE, skipping, &newsize);
3437 if (value == NULL)
3438 {
3439 expand_string_message =
3440 string_sprintf("unknown variable name \"%s\"", name);
641cb756 3441 check_variable_error_message(name);
059ec3d9
PH
3442 goto EXPAND_FAILED;
3443 }
3444 }
3445
3446 /* If the data is known to be in a new buffer, newsize will be set to the
3447 size of that buffer. If this is the first thing in an expansion string,
3448 yield will be NULL; just point it at the new store instead of copying. Many
3449 expansion strings contain just one reference, so this is a useful
3450 optimization, especially for humungous headers. */
3451
3452 len = Ustrlen(value);
3453 if (yield == NULL && newsize != 0)
3454 {
3455 yield = value;
3456 size = newsize;
3457 ptr = len;
3458 }
3459 else yield = string_cat(yield, &size, &ptr, value, len);
3460
3461 continue;
3462 }
3463
3464 if (isdigit(*s))
3465 {
3466 int n;
3467 s = read_number(&n, s);
3468 if (n >= 0 && n <= expand_nmax)
3469 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3470 expand_nlength[n]);
3471 continue;
3472 }
3473
3474 /* Otherwise, if there's no '{' after $ it's an error. */
3475
3476 if (*s != '{')
3477 {
3478 expand_string_message = US"$ not followed by letter, digit, or {";
3479 goto EXPAND_FAILED;
3480 }
3481
3482 /* After { there can be various things, but they all start with
3483 an initial word, except for a number for a string match variable. */
3484
3485 if (isdigit((*(++s))))
3486 {
3487 int n;
3488 s = read_number(&n, s);
3489 if (*s++ != '}')
3490 {
3491 expand_string_message = US"} expected after number";
3492 goto EXPAND_FAILED;
3493 }
3494 if (n >= 0 && n <= expand_nmax)
3495 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3496 expand_nlength[n]);
3497 continue;
3498 }
3499
3500 if (!isalpha(*s))
3501 {
3502 expand_string_message = US"letter or digit expected after ${";
3503 goto EXPAND_FAILED;
3504 }
3505
3506 /* Allow "-" in names to cater for substrings with negative
3507 arguments. Since we are checking for known names after { this is
3508 OK. */
3509
3510 s = read_name(name, sizeof(name), s, US"_-");
3511 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3512
3513 switch(item_type)
3514 {
3515 /* Handle conditionals - preserve the values of the numerical expansion
3516 variables in case they get changed by a regular expression match in the
3517 condition. If not, they retain their external settings. At the end
3518 of this "if" section, they get restored to their previous values. */
3519
3520 case EITEM_IF:
3521 {
3522 BOOL cond = FALSE;
3523 uschar *next_s;
3524 int save_expand_nmax =
3525 save_expand_strings(save_expand_nstring, save_expand_nlength);
3526
3527 while (isspace(*s)) s++;
3528 next_s = eval_condition(s, skipping? NULL : &cond);
3529 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3530
3531 DEBUG(D_expand)
3532 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3533 cond? "true" : "false");
3534
3535 s = next_s;
3536
3537 /* The handling of "yes" and "no" result strings is now in a separate
3538 function that is also used by ${lookup} and ${extract} and ${run}. */
3539
3540 switch(process_yesno(
3541 skipping, /* were previously skipping */
3542 cond, /* success/failure indicator */
3543 lookup_value, /* value to reset for string2 */
3544 &s, /* input pointer */
3545 &yield, /* output pointer */
3546 &size, /* output size */
3547 &ptr, /* output current point */
3548 US"if")) /* condition type */
3549 {
3550 case 1: goto EXPAND_FAILED; /* when all is well, the */
3551 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3552 }
3553
3554 /* Restore external setting of expansion variables for continuation
3555 at this level. */
3556
3557 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3558 save_expand_nlength);
3559 continue;
3560 }
3561
3562 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3563 expanding an internal string that isn't actually going to be used. All we
3564 need to do is check the syntax, so don't do a lookup at all. Preserve the
3565 values of the numerical expansion variables in case they get changed by a
3566 partial lookup. If not, they retain their external settings. At the end
3567 of this "lookup" section, they get restored to their previous values. */
3568
3569 case EITEM_LOOKUP:
3570 {
3571 int stype, partial, affixlen, starflags;
3572 int expand_setup = 0;
3573 int nameptr = 0;
3574 uschar *key, *filename, *affix;
3575 uschar *save_lookup_value = lookup_value;
3576 int save_expand_nmax =
3577 save_expand_strings(save_expand_nstring, save_expand_nlength);
3578
3579 if ((expand_forbid & RDO_LOOKUP) != 0)
3580 {
3581 expand_string_message = US"lookup expansions are not permitted";
3582 goto EXPAND_FAILED;
3583 }
3584
3585 /* Get the key we are to look up for single-key+file style lookups.
3586 Otherwise set the key NULL pro-tem. */
3587
3588 while (isspace(*s)) s++;
3589 if (*s == '{')
3590 {
3591 key = expand_string_internal(s+1, TRUE, &s, skipping);
3592 if (key == NULL) goto EXPAND_FAILED;
3593 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3594 while (isspace(*s)) s++;
3595 }
3596 else key = NULL;
3597
3598 /* Find out the type of database */
3599
3600 if (!isalpha(*s))
3601 {
3602 expand_string_message = US"missing lookup type";
3603 goto EXPAND_FAILED;
3604 }
3605
3606 /* The type is a string that may contain special characters of various
3607 kinds. Allow everything except space or { to appear; the actual content
3608 is checked by search_findtype_partial. */
3609
3610 while (*s != 0 && *s != '{' && !isspace(*s))
3611 {
3612 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3613 s++;
3614 }
3615 name[nameptr] = 0;
3616 while (isspace(*s)) s++;
3617
3618 /* Now check for the individual search type and any partial or default
3619 options. Only those types that are actually in the binary are valid. */
3620
3621 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3622 &starflags);
3623 if (stype < 0)
3624 {
3625 expand_string_message = search_error_message;
3626 goto EXPAND_FAILED;
3627 }
3628
3629 /* Check that a key was provided for those lookup types that need it,
3630 and was not supplied for those that use the query style. */
3631
13b685f9 3632 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
059ec3d9
PH
3633 {
3634 if (key == NULL)
3635 {
3636 expand_string_message = string_sprintf("missing {key} for single-"
3637 "key \"%s\" lookup", name);
3638 goto EXPAND_FAILED;
3639 }
3640 }
3641 else
3642 {
3643 if (key != NULL)
3644 {
3645 expand_string_message = string_sprintf("a single key was given for "
3646 "lookup type \"%s\", which is not a single-key lookup type", name);
3647 goto EXPAND_FAILED;
3648 }
3649 }
3650
3651 /* Get the next string in brackets and expand it. It is the file name for
13b685f9
PH
3652 single-key+file lookups, and the whole query otherwise. In the case of
3653 queries that also require a file name (e.g. sqlite), the file name comes
3654 first. */
059ec3d9
PH
3655
3656 if (*s != '{') goto EXPAND_FAILED_CURLY;
3657 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3658 if (filename == NULL) goto EXPAND_FAILED;
3659 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3660 while (isspace(*s)) s++;
3661
3662 /* If this isn't a single-key+file lookup, re-arrange the variables
13b685f9
PH
3663 to be appropriate for the search_ functions. For query-style lookups,
3664 there is just a "key", and no file name. For the special query-style +
3665 file types, the query (i.e. "key") starts with a file name. */
059ec3d9
PH
3666
3667 if (key == NULL)
3668 {
13b685f9 3669 while (isspace(*filename)) filename++;
059ec3d9 3670 key = filename;
13b685f9
PH
3671
3672 if (mac_islookup(stype, lookup_querystyle))
3673 {
3674 filename = NULL;
3675 }
3676 else
3677 {
3678 if (*filename != '/')
3679 {
3680 expand_string_message = string_sprintf(
3681 "absolute file name expected for \"%s\" lookup", name);
3682 goto EXPAND_FAILED;
3683 }
3684 while (*key != 0 && !isspace(*key)) key++;
3685 if (*key != 0) *key++ = 0;
3686 }
059ec3d9
PH
3687 }
3688
3689 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3690 the entry was not found. Note that there is no search_close() function.
3691 Files are left open in case of re-use. At suitable places in higher logic,
3692 search_tidyup() is called to tidy all open files. This can save opening
3693 the same file several times. However, files may also get closed when
3694 others are opened, if too many are open at once. The rule is that a
3695 handle should not be used after a second search_open().
3696
3697 Request that a partial search sets up $1 and maybe $2 by passing
3698 expand_setup containing zero. If its value changes, reset expand_nmax,
3699 since new variables will have been set. Note that at the end of this
3700 "lookup" section, the old numeric variables are restored. */
3701
3702 if (skipping)
3703 lookup_value = NULL;
3704 else
3705 {
3706 void *handle = search_open(filename, stype, 0, NULL, NULL);
3707 if (handle == NULL)
3708 {
3709 expand_string_message = search_error_message;
3710 goto EXPAND_FAILED;
3711 }
3712 lookup_value = search_find(handle, filename, key, partial, affix,
3713 affixlen, starflags, &expand_setup);
3714 if (search_find_defer)
3715 {
3716 expand_string_message =
b72aab72
PP
3717 string_sprintf("lookup of \"%s\" gave DEFER: %s",
3718 string_printing2(key, FALSE), search_error_message);
059ec3d9
PH
3719 goto EXPAND_FAILED;
3720 }
3721 if (expand_setup > 0) expand_nmax = expand_setup;
3722 }
3723
3724 /* The handling of "yes" and "no" result strings is now in a separate
3725 function that is also used by ${if} and ${extract}. */
3726
3727 switch(process_yesno(
3728 skipping, /* were previously skipping */
3729 lookup_value != NULL, /* success/failure indicator */
3730 save_lookup_value, /* value to reset for string2 */
3731 &s, /* input pointer */
3732 &yield, /* output pointer */
3733 &size, /* output size */
3734 &ptr, /* output current point */
3735 US"lookup")) /* condition type */
3736 {
3737 case 1: goto EXPAND_FAILED; /* when all is well, the */
3738 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3739 }
3740
3741 /* Restore external setting of expansion variables for carrying on
3742 at this level, and continue. */
3743
3744 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3745 save_expand_nlength);
3746 continue;
3747 }
3748
3749 /* If Perl support is configured, handle calling embedded perl subroutines,
3750 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3751 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3752 arguments (defined below). */
3753
059ec3d9
PH
3754 #define EXIM_PERL_MAX_ARGS 8
3755
3756 case EITEM_PERL:
1a46a8c5
PH
3757 #ifndef EXIM_PERL
3758 expand_string_message = US"\"${perl\" encountered, but this facility "
3759 "is not included in this binary";
3760 goto EXPAND_FAILED;
3761
3762 #else /* EXIM_PERL */
059ec3d9
PH
3763 {
3764 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3765 uschar *new_yield;
3766
3767 if ((expand_forbid & RDO_PERL) != 0)
3768 {
3769 expand_string_message = US"Perl calls are not permitted";
3770 goto EXPAND_FAILED;
3771 }
3772
3773 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3774 US"perl"))
3775 {
3776 case 1: goto EXPAND_FAILED_CURLY;
3777 case 2:
3778 case 3: goto EXPAND_FAILED;
3779 }
3780
3781 /* If skipping, we don't actually do anything */
3782
3783 if (skipping) continue;
3784
3785 /* Start the interpreter if necessary */
3786
3787 if (!opt_perl_started)
3788 {
3789 uschar *initerror;
3790 if (opt_perl_startup == NULL)
3791 {
3792 expand_string_message = US"A setting of perl_startup is needed when "
3793 "using the Perl interpreter";
3794 goto EXPAND_FAILED;
3795 }
3796 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3797 initerror = init_perl(opt_perl_startup);
3798 if (initerror != NULL)
3799 {
3800 expand_string_message =
3801 string_sprintf("error in perl_startup code: %s\n", initerror);
3802 goto EXPAND_FAILED;
3803 }
3804 opt_perl_started = TRUE;
3805 }
3806
3807 /* Call the function */
3808
3809 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3810 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3811 sub_arg[0], sub_arg + 1);
3812
3813 /* NULL yield indicates failure; if the message pointer has been set to
3814 NULL, the yield was undef, indicating a forced failure. Otherwise the
3815 message will indicate some kind of Perl error. */
3816
3817 if (new_yield == NULL)
3818 {
3819 if (expand_string_message == NULL)
3820 {
3821 expand_string_message =
3822 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3823 "failure", sub_arg[0]);
3824 expand_string_forcedfail = TRUE;
3825 }
3826 goto EXPAND_FAILED;
3827 }
3828
3829 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3830 set during a callback from Perl. */
3831
3832 expand_string_forcedfail = FALSE;
3833 yield = new_yield;
3834 continue;
3835 }
3836 #endif /* EXIM_PERL */
3837
fffda43a
TK
3838 /* Transform email address to "prvs" scheme to use
3839 as BATV-signed return path */
3840
3841 case EITEM_PRVS:
3842 {
3843 uschar *sub_arg[3];
3844 uschar *p,*domain;
3845
3846 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3847 {
3848 case 1: goto EXPAND_FAILED_CURLY;
3849 case 2:
3850 case 3: goto EXPAND_FAILED;
3851 }
3852
3853 /* If skipping, we don't actually do anything */
3854 if (skipping) continue;
3855
3856 /* sub_arg[0] is the address */
3857 domain = Ustrrchr(sub_arg[0],'@');
3858 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3859 {
cb9328de
PH
3860 expand_string_message = US"prvs first argument must be a qualified email address";
3861 goto EXPAND_FAILED;
3862 }
3863
3864 /* Calculate the hash. The second argument must be a single-digit
3865 key number, or unset. */
3866
3867 if (sub_arg[2] != NULL &&
3868 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
3869 {
3870 expand_string_message = US"prvs second argument must be a single digit";
fffda43a
TK
3871 goto EXPAND_FAILED;
3872 }
3873
fffda43a
TK
3874 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3875 if (p == NULL)
3876 {
cb9328de 3877 expand_string_message = US"prvs hmac-sha1 conversion failed";
fffda43a
TK
3878 goto EXPAND_FAILED;
3879 }
3880
3881 /* Now separate the domain from the local part */
3882 *domain++ = '\0';
3883
3884 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
fffda43a
TK
3885 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3886 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3887 string_cat(yield,&size,&ptr,p,6);
a48ced90
TK
3888 string_cat(yield,&size,&ptr,US"=",1);
3889 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
fffda43a
TK
3890 string_cat(yield,&size,&ptr,US"@",1);
3891 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3892
3893 continue;
3894 }
3895
3896 /* Check a prvs-encoded address for validity */
3897
3898 case EITEM_PRVSCHECK:
3899 {
3900 uschar *sub_arg[3];
3901 int mysize = 0, myptr = 0;
3902 const pcre *re;
3903 uschar *p;
72fdd6ae
PH
3904
3905 /* TF: Ugliness: We want to expand parameter 1 first, then set
fffda43a
TK
3906 up expansion variables that are used in the expansion of
3907 parameter 2. So we clone the string for the first
72fdd6ae
PH
3908 expansion, where we only expand parameter 1.
3909
3910 PH: Actually, that isn't necessary. The read_subs() function is
3911 designed to work this way for the ${if and ${lookup expansions. I've
3912 tidied the code.
3913 */
fffda43a
TK
3914
3915 /* Reset expansion variables */
3916 prvscheck_result = NULL;
3917 prvscheck_address = NULL;
3918 prvscheck_keynum = NULL;
3919
72fdd6ae 3920 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
fffda43a
TK
3921 {
3922 case 1: goto EXPAND_FAILED_CURLY;
3923 case 2:
3924 case 3: goto EXPAND_FAILED;
3925 }
3926
a48ced90 3927 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
fffda43a
TK
3928 TRUE,FALSE);
3929
72fdd6ae
PH
3930 if (regex_match_and_setup(re,sub_arg[0],0,-1))
3931 {
a48ced90
TK
3932 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
3933 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
3934 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
3935 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
fffda43a
TK
3936 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3937
3938 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3939 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3940 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3941 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3942 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3943
3944 /* Set up expansion variables */
3945 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
2740a2ca 3946 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
fffda43a
TK
3947 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3948 prvscheck_address[myptr] = '\0';
3949 prvscheck_keynum = string_copy(key_num);
3950
72fdd6ae
PH
3951 /* Now expand the second argument */
3952 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
fffda43a
TK
3953 {
3954 case 1: goto EXPAND_FAILED_CURLY;
3955 case 2:
3956 case 3: goto EXPAND_FAILED;
3957 }
3958
fffda43a 3959 /* Now we have the key and can check the address. */
72fdd6ae
PH