Unix socket creds sockopt for BSD-ish platforms
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH
14/* Recursively called function */
15
55414b25
JH
16static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
96c065cb 18
059ec3d9 19#ifdef STAND_ALONE
9d466bf7
JH
20# ifndef SUPPORT_CRYPTEQ
21# define SUPPORT_CRYPTEQ
22# endif
059ec3d9
PH
23#endif
24
96c065cb 25#ifdef LOOKUP_LDAP
9d466bf7 26# include "lookups/ldap.h"
96c065cb
PH
27#endif
28
059ec3d9 29#ifdef SUPPORT_CRYPTEQ
9d466bf7
JH
30# ifdef CRYPT_H
31# include <crypt.h>
32# endif
33# ifndef HAVE_CRYPT16
059ec3d9 34extern char* crypt16(char*, char*);
9d466bf7 35# endif
059ec3d9
PH
36#endif
37
96c065cb
PH
38/* The handling of crypt16() is a mess. I will record below the analysis of the
39mess that was sent to me. We decided, however, to make changing this very low
40priority, because in practice people are moving away from the crypt()
41algorithms nowadays, so it doesn't seem worth it.
42
43<quote>
44There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45the first 8 characters of the password using a 20-round version of crypt
46(standard crypt does 25 rounds). It then crypts the next 8 characters,
47or an empty block if the password is less than 9 characters, using a
4820-round version of crypt and the same salt as was used for the first
4c04137d 49block. Characters after the first 16 are ignored. It always generates
96c065cb
PH
50a 16-byte hash, which is expressed together with the salt as a string
51of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57and OSF/1. This is the same as the standard crypt if given a password
58of 8 characters or less. If given more, it first does the same as crypt
59using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60using as salt the first two base 64 digits from the first hash block.
61If the password is more than 16 characters then it crypts the 17th to 24th
62characters using as salt the first two base 64 digits from the second hash
63block. And so on: I've seen references to it cutting off the password at
6440 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71Exim has something it calls "crypt16". It will either use a native
72crypt16 or its own implementation. A native crypt16 will presumably
73be the one that I called "crypt16" above. The internal "crypt16"
74function, however, is a two-block-maximum implementation of what I called
75"bigcrypt". The documentation matches the internal code.
76
77I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78that crypt16 and bigcrypt were different things.
79
80Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81to whatever it is using under that name. This unfortunately sets a
82precedent for using "{crypt16}" to identify two incompatible algorithms
83whose output can't be distinguished. With "{crypt16}" thus rendered
84ambiguous, I suggest you deprecate it and invent two new identifiers
85for the two algorithms.
86
87Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88of the password separately means they can be cracked separately, so
89the double-length hash only doubles the cracking effort instead of
90squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91bcrypt ({CRYPT}$2a$).
92</quote>
93*/
059ec3d9
PH
94
95
059ec3d9 96
059ec3d9
PH
97/*************************************************
98* Local statics and tables *
99*************************************************/
100
101/* Table of item names, and corresponding switch numbers. The names must be in
102alphabetical order. */
103
104static uschar *item_table[] = {
723c72e6 105 US"acl",
dfbcb5ac 106 US"authresults",
9d1c15ef 107 US"certextract",
1a46a8c5 108 US"dlfunc",
089fc87a 109 US"env",
059ec3d9 110 US"extract",
29f89cad 111 US"filter",
059ec3d9
PH
112 US"hash",
113 US"hmac",
114 US"if",
8c5d388a 115#ifdef SUPPORT_I18N
ed0512a1
JH
116 US"imapfolder",
117#endif
059ec3d9 118 US"length",
aa26e137 119 US"listextract",
059ec3d9 120 US"lookup",
29f89cad 121 US"map",
059ec3d9 122 US"nhash",
1a46a8c5 123 US"perl",
fffda43a
TK
124 US"prvs",
125 US"prvscheck",
059ec3d9
PH
126 US"readfile",
127 US"readsocket",
29f89cad 128 US"reduce",
059ec3d9
PH
129 US"run",
130 US"sg",
ac4ef9bd 131 US"sort",
7ef88aa0
JH
132#ifdef EXPERIMENTAL_SRS_NATIVE
133 US"srs_encode",
134#endif
059ec3d9
PH
135 US"substr",
136 US"tr" };
137
138enum {
723c72e6 139 EITEM_ACL,
dfbcb5ac 140 EITEM_AUTHRESULTS,
9d1c15ef 141 EITEM_CERTEXTRACT,
1a46a8c5 142 EITEM_DLFUNC,
089fc87a 143 EITEM_ENV,
059ec3d9 144 EITEM_EXTRACT,
29f89cad 145 EITEM_FILTER,
059ec3d9
PH
146 EITEM_HASH,
147 EITEM_HMAC,
148 EITEM_IF,
8c5d388a 149#ifdef SUPPORT_I18N
ed0512a1
JH
150 EITEM_IMAPFOLDER,
151#endif
059ec3d9 152 EITEM_LENGTH,
aa26e137 153 EITEM_LISTEXTRACT,
059ec3d9 154 EITEM_LOOKUP,
29f89cad 155 EITEM_MAP,
059ec3d9 156 EITEM_NHASH,
1a46a8c5 157 EITEM_PERL,
fffda43a
TK
158 EITEM_PRVS,
159 EITEM_PRVSCHECK,
059ec3d9
PH
160 EITEM_READFILE,
161 EITEM_READSOCK,
29f89cad 162 EITEM_REDUCE,
059ec3d9
PH
163 EITEM_RUN,
164 EITEM_SG,
ac4ef9bd 165 EITEM_SORT,
7ef88aa0
JH
166#ifdef EXPERIMENTAL_SRS_NATIVE
167 EITEM_SRS_ENCODE,
168#endif
059ec3d9
PH
169 EITEM_SUBSTR,
170 EITEM_TR };
171
172/* Tables of operator names, and corresponding switch numbers. The names must be
173in alphabetical order. There are two tables, because underscore is used in some
174cases to introduce arguments, whereas for other it is part of the name. This is
175an historical mis-design. */
176
177static uschar *op_table_underscore[] = {
178 US"from_utf8",
179 US"local_part",
180 US"quote_local_part",
83e029d5 181 US"reverse_ip",
f90d018c 182 US"time_eval",
4e08fd50 183 US"time_interval"
8c5d388a 184#ifdef SUPPORT_I18N
4e08fd50
JH
185 ,US"utf8_domain_from_alabel",
186 US"utf8_domain_to_alabel",
187 US"utf8_localpart_from_alabel",
188 US"utf8_localpart_to_alabel"
189#endif
190 };
059ec3d9
PH
191
192enum {
193 EOP_FROM_UTF8,
194 EOP_LOCAL_PART,
195 EOP_QUOTE_LOCAL_PART,
83e029d5 196 EOP_REVERSE_IP,
f90d018c 197 EOP_TIME_EVAL,
4e08fd50 198 EOP_TIME_INTERVAL
8c5d388a 199#ifdef SUPPORT_I18N
4e08fd50
JH
200 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
201 EOP_UTF8_DOMAIN_TO_ALABEL,
202 EOP_UTF8_LOCALPART_FROM_ALABEL,
203 EOP_UTF8_LOCALPART_TO_ALABEL
204#endif
205 };
059ec3d9
PH
206
207static uschar *op_table_main[] = {
208 US"address",
29f89cad 209 US"addresses",
03ca21f8
JH
210 US"base32",
211 US"base32d",
059ec3d9
PH
212 US"base62",
213 US"base62d",
9aa35e9c
JH
214 US"base64",
215 US"base64d",
0d2e392e 216 US"bless",
059ec3d9
PH
217 US"domain",
218 US"escape",
3367f8c2 219 US"escape8bit",
059ec3d9
PH
220 US"eval",
221 US"eval10",
222 US"expand",
223 US"h",
224 US"hash",
225 US"hex2b64",
c393f931 226 US"hexquote",
fc4a7f70
JH
227 US"ipv6denorm",
228 US"ipv6norm",
059ec3d9
PH
229 US"l",
230 US"lc",
231 US"length",
a64a3dfa
JH
232 US"listcount",
233 US"listnamed",
059ec3d9
PH
234 US"mask",
235 US"md5",
236 US"nh",
237 US"nhash",
238 US"quote",
9e3331ea 239 US"randint",
059ec3d9 240 US"rfc2047",
9c57cbc0 241 US"rfc2047d",
059ec3d9
PH
242 US"rxquote",
243 US"s",
244 US"sha1",
12e9bb25 245 US"sha2",
9ef9101c 246 US"sha256",
6e773413 247 US"sha3",
059ec3d9
PH
248 US"stat",
249 US"str2b64",
250 US"strlen",
251 US"substr",
b9c2e32f
AR
252 US"uc",
253 US"utf8clean" };
059ec3d9
PH
254
255enum {
0539a19d 256 EOP_ADDRESS = nelem(op_table_underscore),
29f89cad 257 EOP_ADDRESSES,
03ca21f8
JH
258 EOP_BASE32,
259 EOP_BASE32D,
059ec3d9
PH
260 EOP_BASE62,
261 EOP_BASE62D,
9aa35e9c
JH
262 EOP_BASE64,
263 EOP_BASE64D,
0d2e392e 264 EOP_BLESS,
059ec3d9
PH
265 EOP_DOMAIN,
266 EOP_ESCAPE,
3367f8c2 267 EOP_ESCAPE8BIT,
059ec3d9
PH
268 EOP_EVAL,
269 EOP_EVAL10,
270 EOP_EXPAND,
271 EOP_H,
272 EOP_HASH,
273 EOP_HEX2B64,
c393f931 274 EOP_HEXQUOTE,
fc4a7f70
JH
275 EOP_IPV6DENORM,
276 EOP_IPV6NORM,
059ec3d9
PH
277 EOP_L,
278 EOP_LC,
279 EOP_LENGTH,
a64a3dfa
JH
280 EOP_LISTCOUNT,
281 EOP_LISTNAMED,
059ec3d9
PH
282 EOP_MASK,
283 EOP_MD5,
284 EOP_NH,
285 EOP_NHASH,
286 EOP_QUOTE,
9e3331ea 287 EOP_RANDINT,
059ec3d9 288 EOP_RFC2047,
9c57cbc0 289 EOP_RFC2047D,
059ec3d9
PH
290 EOP_RXQUOTE,
291 EOP_S,
292 EOP_SHA1,
12e9bb25 293 EOP_SHA2,
9ef9101c 294 EOP_SHA256,
6e773413 295 EOP_SHA3,
059ec3d9
PH
296 EOP_STAT,
297 EOP_STR2B64,
298 EOP_STRLEN,
299 EOP_SUBSTR,
b9c2e32f
AR
300 EOP_UC,
301 EOP_UTF8CLEAN };
059ec3d9
PH
302
303
304/* Table of condition names, and corresponding switch numbers. The names must
305be in alphabetical order. */
306
307static uschar *cond_table[] = {
308 US"<",
309 US"<=",
310 US"=",
311 US"==", /* Backward compatibility */
312 US">",
313 US">=",
333eea9c 314 US"acl",
059ec3d9 315 US"and",
f3766eb5 316 US"bool",
6a8de854 317 US"bool_lax",
059ec3d9
PH
318 US"crypteq",
319 US"def",
320 US"eq",
321 US"eqi",
322 US"exists",
323 US"first_delivery",
0ce9abe6 324 US"forall",
7f69e814
JH
325 US"forall_json",
326 US"forall_jsons",
0ce9abe6 327 US"forany",
7f69e814
JH
328 US"forany_json",
329 US"forany_jsons",
059ec3d9
PH
330 US"ge",
331 US"gei",
332 US"gt",
333 US"gti",
7ef88aa0
JH
334#ifdef EXPERIMENTAL_SRS_NATIVE
335 US"inbound_srs",
336#endif
76dca828
PP
337 US"inlist",
338 US"inlisti",
059ec3d9
PH
339 US"isip",
340 US"isip4",
341 US"isip6",
342 US"ldapauth",
343 US"le",
344 US"lei",
345 US"lt",
346 US"lti",
347 US"match",
348 US"match_address",
349 US"match_domain",
32d668a5 350 US"match_ip",
059ec3d9
PH
351 US"match_local_part",
352 US"or",
353 US"pam",
354 US"pwcheck",
355 US"queue_running",
356 US"radius",
357 US"saslauthd"
358};
359
360enum {
361 ECOND_NUM_L,
362 ECOND_NUM_LE,
363 ECOND_NUM_E,
364 ECOND_NUM_EE,
365 ECOND_NUM_G,
366 ECOND_NUM_GE,
333eea9c 367 ECOND_ACL,
059ec3d9 368 ECOND_AND,
f3766eb5 369 ECOND_BOOL,
6a8de854 370 ECOND_BOOL_LAX,
059ec3d9
PH
371 ECOND_CRYPTEQ,
372 ECOND_DEF,
373 ECOND_STR_EQ,
374 ECOND_STR_EQI,
375 ECOND_EXISTS,
376 ECOND_FIRST_DELIVERY,
0ce9abe6 377 ECOND_FORALL,
7f69e814
JH
378 ECOND_FORALL_JSON,
379 ECOND_FORALL_JSONS,
0ce9abe6 380 ECOND_FORANY,
7f69e814
JH
381 ECOND_FORANY_JSON,
382 ECOND_FORANY_JSONS,
059ec3d9
PH
383 ECOND_STR_GE,
384 ECOND_STR_GEI,
385 ECOND_STR_GT,
386 ECOND_STR_GTI,
7ef88aa0
JH
387#ifdef EXPERIMENTAL_SRS_NATIVE
388 ECOND_INBOUND_SRS,
389#endif
76dca828
PP
390 ECOND_INLIST,
391 ECOND_INLISTI,
059ec3d9
PH
392 ECOND_ISIP,
393 ECOND_ISIP4,
394 ECOND_ISIP6,
395 ECOND_LDAPAUTH,
396 ECOND_STR_LE,
397 ECOND_STR_LEI,
398 ECOND_STR_LT,
399 ECOND_STR_LTI,
400 ECOND_MATCH,
401 ECOND_MATCH_ADDRESS,
402 ECOND_MATCH_DOMAIN,
32d668a5 403 ECOND_MATCH_IP,
059ec3d9
PH
404 ECOND_MATCH_LOCAL_PART,
405 ECOND_OR,
406 ECOND_PAM,
407 ECOND_PWCHECK,
408 ECOND_QUEUE_RUNNING,
409 ECOND_RADIUS,
410 ECOND_SASLAUTHD
411};
412
413
059ec3d9
PH
414/* Types of table entry */
415
7e75538e 416enum vtypes {
059ec3d9
PH
417 vtype_int, /* value is address of int */
418 vtype_filter_int, /* ditto, but recognized only when filtering */
419 vtype_ino, /* value is address of ino_t (not always an int) */
420 vtype_uid, /* value is address of uid_t (not always an int) */
421 vtype_gid, /* value is address of gid_t (not always an int) */
11d7e4fa 422 vtype_bool, /* value is address of bool */
059ec3d9
PH
423 vtype_stringptr, /* value is address of pointer to string */
424 vtype_msgbody, /* as stringptr, but read when first required */
425 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH
426 vtype_msgheaders, /* the message's headers, processed */
427 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH
428 vtype_localpart, /* extract local part from string */
429 vtype_domain, /* extract domain from string */
362145b5 430 vtype_string_func, /* value is string returned by given function */
059ec3d9
PH
431 vtype_todbsdin, /* value not used; generate BSD inbox tod */
432 vtype_tode, /* value not used; generate tod in epoch format */
f5787926 433 vtype_todel, /* value not used; generate tod in epoch/usec format */
059ec3d9
PH
434 vtype_todf, /* value not used; generate full tod */
435 vtype_todl, /* value not used; generate log tod */
436 vtype_todlf, /* value not used; generate log file datestamp tod */
437 vtype_todzone, /* value not used; generate time zone only */
438 vtype_todzulu, /* value not used; generate zulu tod */
439 vtype_reply, /* value not used; get reply from headers */
440 vtype_pid, /* value not used; result is pid */
441 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH
442 vtype_load_avg, /* value not used; result is int from os_getloadavg */
443 vtype_pspace, /* partition space; value is T/F for spool/log */
9d1c15ef
JH
444 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
445 vtype_cert /* SSL certificate */
80a47a2c
TK
446 #ifndef DISABLE_DKIM
447 ,vtype_dkim /* Lookup of value in DKIM signature */
448 #endif
7e75538e
JH
449};
450
451/* Type for main variable table */
452
453typedef struct {
454 const char *name;
455 enum vtypes type;
456 void *value;
457} var_entry;
458
459/* Type for entries pointing to address/length pairs. Not currently
460in use. */
461
462typedef struct {
463 uschar **address;
464 int *length;
465} alblock;
059ec3d9 466
362145b5 467static uschar * fn_recipients(void);
6d95688d 468typedef uschar * stringptr_fn_t(void);
04403ab0 469static uschar * fn_queue_size(void);
362145b5 470
059ec3d9
PH
471/* This table must be kept in alphabetical order. */
472
473static var_entry var_table[] = {
38a0a95f
PH
474 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
475 they will be confused with user-creatable ACL variables. */
525239c1
JH
476 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
477 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
478 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
479 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
480 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
481 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
482 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
483 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
484 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
485 { "acl_narg", vtype_int, &acl_narg },
059ec3d9
PH
486 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
487 { "address_data", vtype_stringptr, &deliver_address_data },
488 { "address_file", vtype_stringptr, &address_file },
489 { "address_pipe", vtype_stringptr, &address_pipe },
93c931f8 490#ifdef EXPERIMENTAL_ARC
6d95688d 491 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
ea7b1f16 492 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
93c931f8
JH
493 { "arc_state", vtype_stringptr, &arc_state },
494 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
495#endif
2d07a215 496 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
059ec3d9
PH
497 { "authenticated_id", vtype_stringptr, &authenticated_id },
498 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
499 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP
500#ifdef WITH_CONTENT_SCAN
501 { "av_failed", vtype_int, &av_failed },
502#endif
8523533c
TK
503#ifdef EXPERIMENTAL_BRIGHTMAIL
504 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
505 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
506 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
507 { "bmi_deliver", vtype_int, &bmi_deliver },
508#endif
059ec3d9
PH
509 { "body_linecount", vtype_int, &body_linecount },
510 { "body_zerocount", vtype_int, &body_zerocount },
511 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
512 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
513 { "caller_gid", vtype_gid, &real_gid },
514 { "caller_uid", vtype_uid, &real_uid },
055e2cb4 515 { "callout_address", vtype_stringptr, &callout_address },
059ec3d9
PH
516 { "compile_date", vtype_stringptr, &version_date },
517 { "compile_number", vtype_stringptr, &version_cnumber },
98b8312f
HSHR
518 { "config_dir", vtype_stringptr, &config_main_directory },
519 { "config_file", vtype_stringptr, &config_main_filename },
e5a9dba6 520 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK
521#ifdef EXPERIMENTAL_DCC
522 { "dcc_header", vtype_stringptr, &dcc_header },
523 { "dcc_result", vtype_stringptr, &dcc_result },
524#endif
80a47a2c
TK
525#ifndef DISABLE_DKIM
526 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
527 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
528 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
529 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
530 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
531 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 532 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 533 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK
534 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
535 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
536 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
537 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
abe1010c 538 { "dkim_key_length", vtype_int, &dkim_key_length },
80a47a2c
TK
539 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
540 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
541 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
542 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 543 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 544 { "dkim_signers", vtype_stringptr, &dkim_signers },
a79d8834
JH
545 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
546 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
e08d09e5 547#endif
1a2e76e1 548#ifdef SUPPORT_DMARC
8c8b8274 549 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
4840604e
TL
550 { "dmarc_status", vtype_stringptr, &dmarc_status },
551 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
552 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
553#endif
059ec3d9 554 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 555 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH
556 { "dnslist_text", vtype_stringptr, &dnslist_text },
557 { "dnslist_value", vtype_stringptr, &dnslist_value },
558 { "domain", vtype_stringptr, &deliver_domain },
559 { "domain_data", vtype_stringptr, &deliver_domain_data },
0cbf2b82 560#ifndef DISABLE_EVENT
774ef2d7
JH
561 { "event_data", vtype_stringptr, &event_data },
562
563 /*XXX want to use generic vars for as many of these as possible*/
564 { "event_defer_errno", vtype_int, &event_defer_errno },
565
566 { "event_name", vtype_stringptr, &event_name },
567#endif
059ec3d9
PH
568 { "exim_gid", vtype_gid, &exim_gid },
569 { "exim_path", vtype_stringptr, &exim_path },
570 { "exim_uid", vtype_uid, &exim_uid },
71224040 571 { "exim_version", vtype_stringptr, &version_string },
6d95688d 572 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
059ec3d9
PH
573 { "home", vtype_stringptr, &deliver_home },
574 { "host", vtype_stringptr, &deliver_host },
575 { "host_address", vtype_stringptr, &deliver_host_address },
576 { "host_data", vtype_stringptr, &host_data },
b08b24c8 577 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9 578 { "host_lookup_failed", vtype_int, &host_lookup_failed },
a7538db1 579 { "host_port", vtype_int, &deliver_host_port },
3615fa9a 580 { "initial_cwd", vtype_stringptr, &initial_cwd },
059ec3d9
PH
581 { "inode", vtype_ino, &deliver_inode },
582 { "interface_address", vtype_stringptr, &interface_address },
583 { "interface_port", vtype_int, &interface_port },
0ce9abe6 584 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH
585 #ifdef LOOKUP_LDAP
586 { "ldap_dn", vtype_stringptr, &eldap_dn },
587 #endif
588 { "load_average", vtype_load_avg, NULL },
589 { "local_part", vtype_stringptr, &deliver_localpart },
590 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
591 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
592 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
163144aa 593 { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
9723f966 594#ifdef HAVE_LOCAL_SCAN
059ec3d9 595 { "local_scan_data", vtype_stringptr, &local_scan_data },
9723f966 596#endif
059ec3d9
PH
597 { "local_user_gid", vtype_gid, &local_user_gid },
598 { "local_user_uid", vtype_uid, &local_user_uid },
599 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 600 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 601 { "log_space", vtype_pspace, (void *)FALSE },
4e0983dc 602 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
059ec3d9 603 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK
604#ifdef WITH_CONTENT_SCAN
605 { "malware_name", vtype_stringptr, &malware_name },
606#endif
d677b2f2 607 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH
608 { "message_age", vtype_int, &message_age },
609 { "message_body", vtype_msgbody, &message_body },
610 { "message_body_end", vtype_msgbody_end, &message_body_end },
611 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 612 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 613 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 614 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 615 { "message_id", vtype_stringptr, &message_id },
2e0c1448 616 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 617 { "message_size", vtype_int, &message_size },
8c5d388a 618#ifdef SUPPORT_I18N
eb02f5df
JH
619 { "message_smtputf8", vtype_bool, &message_smtputf8 },
620#endif
8523533c
TK
621#ifdef WITH_CONTENT_SCAN
622 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
623 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
624 { "mime_boundary", vtype_stringptr, &mime_boundary },
625 { "mime_charset", vtype_stringptr, &mime_charset },
626 { "mime_content_description", vtype_stringptr, &mime_content_description },
627 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
628 { "mime_content_id", vtype_stringptr, &mime_content_id },
629 { "mime_content_size", vtype_int, &mime_content_size },
630 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
631 { "mime_content_type", vtype_stringptr, &mime_content_type },
632 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
633 { "mime_filename", vtype_stringptr, &mime_filename },
634 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
635 { "mime_is_multipart", vtype_int, &mime_is_multipart },
636 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
637 { "mime_part_count", vtype_int, &mime_part_count },
638#endif
059ec3d9
PH
639 { "n0", vtype_filter_int, &filter_n[0] },
640 { "n1", vtype_filter_int, &filter_n[1] },
641 { "n2", vtype_filter_int, &filter_n[2] },
642 { "n3", vtype_filter_int, &filter_n[3] },
643 { "n4", vtype_filter_int, &filter_n[4] },
644 { "n5", vtype_filter_int, &filter_n[5] },
645 { "n6", vtype_filter_int, &filter_n[6] },
646 { "n7", vtype_filter_int, &filter_n[7] },
647 { "n8", vtype_filter_int, &filter_n[8] },
648 { "n9", vtype_filter_int, &filter_n[9] },
649 { "original_domain", vtype_stringptr, &deliver_domain_orig },
650 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
651 { "originator_gid", vtype_gid, &originator_gid },
652 { "originator_uid", vtype_uid, &originator_uid },
653 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
654 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
655 { "pid", vtype_pid, NULL },
858e91c2
JH
656#ifndef DISABLE_PRDR
657 { "prdr_requested", vtype_bool, &prdr_requested },
658#endif
059ec3d9 659 { "primary_hostname", vtype_stringptr, &primary_hostname },
e6d2a989
JH
660#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
661 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
662 { "proxy_external_port", vtype_int, &proxy_external_port },
663 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
664 { "proxy_local_port", vtype_int, &proxy_local_port },
a3c86431
TL
665 { "proxy_session", vtype_bool, &proxy_session },
666#endif
fffda43a
TK
667 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
668 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
669 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH
670 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
671 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
0cd5fd23 672 { "queue_name", vtype_stringptr, &queue_name },
04403ab0 673 { "queue_size", vtype_string_func, &fn_queue_size },
059ec3d9
PH
674 { "rcpt_count", vtype_int, &rcpt_count },
675 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
676 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
677 { "received_count", vtype_int, &received_count },
678 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH
679 { "received_ip_address", vtype_stringptr, &interface_address },
680 { "received_port", vtype_int, &interface_port },
059ec3d9 681 { "received_protocol", vtype_stringptr, &received_protocol },
32dfdf8b 682 { "received_time", vtype_int, &received_time.tv_sec },
059ec3d9 683 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 684 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
6d95688d 685 { "recipients", vtype_string_func, (void *) &fn_recipients },
059ec3d9 686 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK
687#ifdef WITH_CONTENT_SCAN
688 { "regex_match_string", vtype_stringptr, &regex_match_string },
689#endif
059ec3d9
PH
690 { "reply_address", vtype_reply, NULL },
691 { "return_path", vtype_stringptr, &return_path },
692 { "return_size_limit", vtype_int, &bounce_return_size_limit },
181d9bf8 693 { "router_name", vtype_stringptr, &router_name },
059ec3d9
PH
694 { "runrc", vtype_int, &runrc },
695 { "self_hostname", vtype_stringptr, &self_hostname },
696 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 697 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH
698 { "sender_address_domain", vtype_domain, &sender_address },
699 { "sender_address_local_part", vtype_localpart, &sender_address },
700 { "sender_data", vtype_stringptr, &sender_data },
701 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
1705dd20 702 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
059ec3d9
PH
703 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
704 { "sender_host_address", vtype_stringptr, &sender_host_address },
705 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
11d7e4fa 706 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
059ec3d9
PH
707 { "sender_host_name", vtype_host_lookup, NULL },
708 { "sender_host_port", vtype_int, &sender_host_port },
709 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF
710 { "sender_rate", vtype_stringptr, &sender_rate },
711 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
712 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 713 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 714 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH
715 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
716 { "sending_port", vtype_int, &sending_port },
8e669ac1 717 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH
718 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
719 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
6d95688d 720 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
b01dd148 721 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 722 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH
723 { "sn0", vtype_filter_int, &filter_sn[0] },
724 { "sn1", vtype_filter_int, &filter_sn[1] },
725 { "sn2", vtype_filter_int, &filter_sn[2] },
726 { "sn3", vtype_filter_int, &filter_sn[3] },
727 { "sn4", vtype_filter_int, &filter_sn[4] },
728 { "sn5", vtype_filter_int, &filter_sn[5] },
729 { "sn6", vtype_filter_int, &filter_sn[6] },
730 { "sn7", vtype_filter_int, &filter_sn[7] },
731 { "sn8", vtype_filter_int, &filter_sn[8] },
732 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c 733#ifdef WITH_CONTENT_SCAN
c5f280e2 734 { "spam_action", vtype_stringptr, &spam_action },
8523533c
TK
735 { "spam_bar", vtype_stringptr, &spam_bar },
736 { "spam_report", vtype_stringptr, &spam_report },
737 { "spam_score", vtype_stringptr, &spam_score },
738 { "spam_score_int", vtype_stringptr, &spam_score_int },
739#endif
7952eef9 740#ifdef SUPPORT_SPF
65a7d8c3 741 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK
742 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
743 { "spf_received", vtype_stringptr, &spf_received },
744 { "spf_result", vtype_stringptr, &spf_result },
87e9d061 745 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
8523533c
TK
746 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
747#endif
059ec3d9 748 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 749 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 750 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK
751#ifdef EXPERIMENTAL_SRS
752 { "srs_db_address", vtype_stringptr, &srs_db_address },
753 { "srs_db_key", vtype_stringptr, &srs_db_key },
754 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
755 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
7ef88aa0
JH
756#endif
757#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
8523533c 758 { "srs_recipient", vtype_stringptr, &srs_recipient },
7ef88aa0
JH
759#endif
760#ifdef EXPERIMENTAL_SRS
8523533c
TK
761 { "srs_status", vtype_stringptr, &srs_status },
762#endif
059ec3d9 763 { "thisaddress", vtype_stringptr, &filter_thisaddress },
817d9f57 764
d9b2312b 765 /* The non-(in,out) variables are now deprecated */
817d9f57
JH
766 { "tls_bits", vtype_int, &tls_in.bits },
767 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
768 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
d9b2312b
JH
769
770 { "tls_in_bits", vtype_int, &tls_in.bits },
771 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
772 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
f1be21cf 773 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
44662487 774 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
9d1c15ef
JH
775 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
776 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
d9b2312b 777 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
b10c87b3
JH
778#ifdef EXPERIMENTAL_TLS_RESUME
779 { "tls_in_resumption", vtype_int, &tls_in.resumption },
780#endif
01603eec 781#ifndef DISABLE_TLS
d9b2312b
JH
782 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
783#endif
5b195d6b 784 { "tls_in_ver", vtype_stringptr, &tls_in.ver },
817d9f57 785 { "tls_out_bits", vtype_int, &tls_out.bits },
cb9d95ae 786 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
817d9f57 787 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
f1be21cf 788 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
c0635b6d 789#ifdef SUPPORT_DANE
594706ea
JH
790 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
791#endif
44662487 792 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
9d1c15ef
JH
793 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
794 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
817d9f57 795 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
b10c87b3
JH
796#ifdef EXPERIMENTAL_TLS_RESUME
797 { "tls_out_resumption", vtype_int, &tls_out.resumption },
798#endif
01603eec 799#ifndef DISABLE_TLS
817d9f57 800 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
7be682ca 801#endif
c0635b6d 802#ifdef SUPPORT_DANE
594706ea
JH
803 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
804#endif
5b195d6b 805 { "tls_out_ver", vtype_stringptr, &tls_out.ver },
d9b2312b 806
613dd4ae 807 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
01603eec 808#ifndef DISABLE_TLS
613dd4ae
JH
809 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
810#endif
817d9f57 811
059ec3d9
PH
812 { "tod_bsdinbox", vtype_todbsdin, NULL },
813 { "tod_epoch", vtype_tode, NULL },
f5787926 814 { "tod_epoch_l", vtype_todel, NULL },
059ec3d9
PH
815 { "tod_full", vtype_todf, NULL },
816 { "tod_log", vtype_todl, NULL },
817 { "tod_logfile", vtype_todlf, NULL },
818 { "tod_zone", vtype_todzone, NULL },
819 { "tod_zulu", vtype_todzulu, NULL },
181d9bf8 820 { "transport_name", vtype_stringptr, &transport_name },
059ec3d9 821 { "value", vtype_stringptr, &lookup_value },
aec45841 822 { "verify_mode", vtype_stringptr, &verify_mode },
059ec3d9
PH
823 { "version_number", vtype_stringptr, &version_string },
824 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
825 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
826 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
827 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
828 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
829 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
830};
831
0539a19d 832static int var_table_size = nelem(var_table);
059ec3d9
PH
833static uschar var_buffer[256];
834static BOOL malformed_header;
835
836/* For textual hashes */
837
1ba28e2b
PP
838static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
839 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
840 "0123456789";
059ec3d9
PH
841
842enum { HMAC_MD5, HMAC_SHA1 };
843
844/* For numeric hashes */
845
846static unsigned int prime[] = {
847 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
848 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
849 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
850
851/* For printing modes in symbolic form */
852
853static uschar *mtable_normal[] =
854 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
855
856static uschar *mtable_setid[] =
857 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
858
859static uschar *mtable_sticky[] =
860 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
861
bce15b62
JH
862/* flags for find_header() */
863#define FH_EXISTS_ONLY BIT(0)
864#define FH_WANT_RAW BIT(1)
865#define FH_WANT_LIST BIT(2)
059ec3d9
PH
866
867
868/*************************************************
869* Tables for UTF-8 support *
870*************************************************/
871
872/* Table of the number of extra characters, indexed by the first character
873masked with 0x3f. The highest number for a valid UTF-8 character is in fact
8740x3d. */
875
876static uschar utf8_table1[] = {
877 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
878 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
879 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
880 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
881
882/* These are the masks for the data bits in the first byte of a character,
883indexed by the number of additional bytes. */
884
885static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
886
887/* Get the next UTF-8 character, advancing the pointer. */
888
889#define GETUTF8INC(c, ptr) \
890 c = *ptr++; \
891 if ((c & 0xc0) == 0xc0) \
892 { \
893 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
894 int s = 6*a; \
895 c = (c & utf8_table2[a]) << s; \
896 while (a-- > 0) \
897 { \
898 s -= 6; \
899 c |= (*ptr++ & 0x3f) << s; \
900 } \
901 }
902
903
03ca21f8
JH
904
905static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
906
059ec3d9
PH
907/*************************************************
908* Binary chop search on a table *
909*************************************************/
910
911/* This is used for matching expansion items and operators.
912
913Arguments:
914 name the name that is being sought
915 table the table to search
916 table_size the number of items in the table
917
918Returns: the offset in the table, or -1
919*/
920
921static int
922chop_match(uschar *name, uschar **table, int table_size)
923{
924uschar **bot = table;
925uschar **top = table + table_size;
926
927while (top > bot)
928 {
929 uschar **mid = bot + (top - bot)/2;
930 int c = Ustrcmp(name, *mid);
931 if (c == 0) return mid - table;
932 if (c > 0) bot = mid + 1; else top = mid;
933 }
934
935return -1;
936}
937
938
939
940/*************************************************
941* Check a condition string *
942*************************************************/
943
944/* This function is called to expand a string, and test the result for a "true"
945or "false" value. Failure of the expansion yields FALSE; logged unless it was a
be7a5781
JH
946forced fail or lookup defer.
947
948We used to release all store used, but this is not not safe due
949to ${dlfunc } and ${acl }. In any case expand_string_internal()
950is reasonably careful to release what it can.
059ec3d9 951
6a8de854
PP
952The actual false-value tests should be replicated for ECOND_BOOL_LAX.
953
059ec3d9
PH
954Arguments:
955 condition the condition string
956 m1 text to be incorporated in panic error
957 m2 ditto
958
959Returns: TRUE if condition is met, FALSE if not
960*/
961
962BOOL
963expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
964{
5694b905
JH
965uschar * ss = expand_string(condition);
966if (!ss)
059ec3d9 967 {
8768d548 968 if (!f.expand_string_forcedfail && !f.search_find_defer)
059ec3d9
PH
969 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
970 "for %s %s: %s", condition, m1, m2, expand_string_message);
971 return FALSE;
972 }
5694b905 973return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
059ec3d9 974 strcmpic(ss, US"false") != 0;
059ec3d9
PH
975}
976
977
978
17c76198 979
059ec3d9 980/*************************************************
9e3331ea
TK
981* Pseudo-random number generation *
982*************************************************/
983
984/* Pseudo-random number generation. The result is not "expected" to be
985cryptographically strong but not so weak that someone will shoot themselves
986in the foot using it as a nonce in some email header scheme or whatever
987weirdness they'll twist this into. The result should ideally handle fork().
988
989However, if we're stuck unable to provide this, then we'll fall back to
990appallingly bad randomness.
991
01603eec 992If DISABLE_TLS is not defined then this will not be used except as an emergency
17c76198 993fallback.
9e3331ea
TK
994
995Arguments:
996 max range maximum
997Returns a random number in range [0, max-1]
998*/
999
01603eec 1000#ifndef DISABLE_TLS
17c76198
PP
1001# define vaguely_random_number vaguely_random_number_fallback
1002#endif
9e3331ea 1003int
17c76198 1004vaguely_random_number(int max)
9e3331ea 1005{
01603eec 1006#ifndef DISABLE_TLS
17c76198
PP
1007# undef vaguely_random_number
1008#endif
dca6d121
JH
1009static pid_t pid = 0;
1010pid_t p2;
9e3331ea 1011
dca6d121
JH
1012if ((p2 = getpid()) != pid)
1013 {
1014 if (pid != 0)
9e3331ea 1015 {
9e3331ea
TK
1016
1017#ifdef HAVE_ARC4RANDOM
dca6d121
JH
1018 /* cryptographically strong randomness, common on *BSD platforms, not
1019 so much elsewhere. Alas. */
1020# ifndef NOT_HAVE_ARC4RANDOM_STIR
1021 arc4random_stir();
1022# endif
9e3331ea 1023#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
dca6d121
JH
1024# ifdef HAVE_SRANDOMDEV
1025 /* uses random(4) for seeding */
1026 srandomdev();
1027# else
1028 {
1029 struct timeval tv;
1030 gettimeofday(&tv, NULL);
1031 srandom(tv.tv_sec | tv.tv_usec | getpid());
1032 }
1033# endif
9e3331ea 1034#else
dca6d121 1035 /* Poor randomness and no seeding here */
9e3331ea
TK
1036#endif
1037
9e3331ea 1038 }
dca6d121
JH
1039 pid = p2;
1040 }
9e3331ea
TK
1041
1042#ifdef HAVE_ARC4RANDOM
dca6d121 1043return arc4random() % max;
9e3331ea 1044#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
dca6d121 1045return random() % max;
9e3331ea 1046#else
dca6d121
JH
1047/* This one returns a 16-bit number, definitely not crypto-strong */
1048return random_number(max);
9e3331ea
TK
1049#endif
1050}
1051
17c76198
PP
1052
1053
9e3331ea
TK
1054
1055/*************************************************
059ec3d9
PH
1056* Pick out a name from a string *
1057*************************************************/
1058
1059/* If the name is too long, it is silently truncated.
1060
1061Arguments:
1062 name points to a buffer into which to put the name
1063 max is the length of the buffer
1064 s points to the first alphabetic character of the name
1065 extras chars other than alphanumerics to permit
1066
1067Returns: pointer to the first character after the name
1068
1069Note: The test for *s != 0 in the while loop is necessary because
1070Ustrchr() yields non-NULL if the character is zero (which is not something
1071I expected). */
1072
55414b25
JH
1073static const uschar *
1074read_name(uschar *name, int max, const uschar *s, uschar *extras)
059ec3d9
PH
1075{
1076int ptr = 0;
5694b905 1077while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
059ec3d9
PH
1078 {
1079 if (ptr < max-1) name[ptr++] = *s;
1080 s++;
1081 }
1082name[ptr] = 0;
1083return s;
1084}
1085
1086
1087
1088/*************************************************
1089* Pick out the rest of a header name *
1090*************************************************/
1091
1092/* A variable name starting $header_ (or just $h_ for those who like
1093abbreviations) might not be the complete header name because headers can
1094contain any printing characters in their names, except ':'. This function is
1095called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1096on the end, if the name was terminated by white space.
1097
1098Arguments:
1099 name points to a buffer in which the name read so far exists
1100 max is the length of the buffer
1101 s points to the first character after the name so far, i.e. the
1102 first non-alphameric character after $header_xxxxx
1103
1104Returns: a pointer to the first character after the header name
1105*/
1106
55414b25
JH
1107static const uschar *
1108read_header_name(uschar *name, int max, const uschar *s)
059ec3d9
PH
1109{
1110int prelen = Ustrchr(name, '_') - name + 1;
1111int ptr = Ustrlen(name) - prelen;
1112if (ptr > 0) memmove(name, name+prelen, ptr);
1113while (mac_isgraph(*s) && *s != ':')
1114 {
1115 if (ptr < max-1) name[ptr++] = *s;
1116 s++;
1117 }
1118if (*s == ':') s++;
1119name[ptr++] = ':';
1120name[ptr] = 0;
1121return s;
1122}
1123
1124
1125
1126/*************************************************
1127* Pick out a number from a string *
1128*************************************************/
1129
1130/* Arguments:
1131 n points to an integer into which to put the number
1132 s points to the first digit of the number
1133
1134Returns: a pointer to the character after the last digit
1135*/
13559da6
JH
1136/*XXX consider expanding to int_eximarith_t. But the test for
1137"overbig numbers" in 0002 still needs to overflow it. */
059ec3d9
PH
1138
1139static uschar *
1140read_number(int *n, uschar *s)
1141{
1142*n = 0;
1143while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1144return s;
1145}
1146
55414b25
JH
1147static const uschar *
1148read_cnumber(int *n, const uschar *s)
1149{
1150*n = 0;
1151while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1152return s;
1153}
1154
059ec3d9
PH
1155
1156
1157/*************************************************
1158* Extract keyed subfield from a string *
1159*************************************************/
1160
1161/* The yield is in dynamic store; NULL means that the key was not found.
1162
1163Arguments:
1164 key points to the name of the key
1165 s points to the string from which to extract the subfield
1166
1167Returns: NULL if the subfield was not found, or
1168 a pointer to the subfield's data
1169*/
1170
1171static uschar *
8fdf20fd 1172expand_getkeyed(uschar * key, const uschar * s)
059ec3d9
PH
1173{
1174int length = Ustrlen(key);
1175while (isspace(*s)) s++;
1176
1177/* Loop to search for the key */
1178
8fdf20fd 1179while (*s)
059ec3d9
PH
1180 {
1181 int dkeylength;
8fdf20fd
JH
1182 uschar * data;
1183 const uschar * dkey = s;
059ec3d9 1184
8fdf20fd 1185 while (*s && *s != '=' && !isspace(*s)) s++;
059ec3d9
PH
1186 dkeylength = s - dkey;
1187 while (isspace(*s)) s++;
1188 if (*s == '=') while (isspace((*(++s))));
1189
1190 data = string_dequote(&s);
1191 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1192 return data;
1193
1194 while (isspace(*s)) s++;
1195 }
1196
1197return NULL;
1198}
1199
1200
1201
9d1c15ef
JH
1202static var_entry *
1203find_var_ent(uschar * name)
1204{
1205int first = 0;
1206int last = var_table_size;
1207
1208while (last > first)
1209 {
1210 int middle = (first + last)/2;
1211 int c = Ustrcmp(name, var_table[middle].name);
1212
1213 if (c > 0) { first = middle + 1; continue; }
1214 if (c < 0) { last = middle; continue; }
1215 return &var_table[middle];
1216 }
1217return NULL;
1218}
059ec3d9
PH
1219
1220/*************************************************
1221* Extract numbered subfield from string *
1222*************************************************/
1223
1224/* Extracts a numbered field from a string that is divided by tokens - for
1225example a line from /etc/passwd is divided by colon characters. First field is
1226numbered one. Negative arguments count from the right. Zero returns the whole
1227string. Returns NULL if there are insufficient tokens in the string
1228
1229***WARNING***
1230Modifies final argument - this is a dynamically generated string, so that's OK.
1231
1232Arguments:
1233 field number of field to be extracted,
1234 first field = 1, whole string = 0, last field = -1
1235 separators characters that are used to break string into tokens
1236 s points to the string from which to extract the subfield
1237
1238Returns: NULL if the field was not found,
1239 a pointer to the field's data inside s (modified to add 0)
1240*/
1241
1242static uschar *
1243expand_gettokened (int field, uschar *separators, uschar *s)
1244{
1245int sep = 1;
1246int count;
1247uschar *ss = s;
1248uschar *fieldtext = NULL;
1249
1250if (field == 0) return s;
1251
1252/* Break the line up into fields in place; for field > 0 we stop when we have
1253done the number of fields we want. For field < 0 we continue till the end of
1254the string, counting the number of fields. */
1255
1256count = (field > 0)? field : INT_MAX;
1257
1258while (count-- > 0)
1259 {
1260 size_t len;
1261
1262 /* Previous field was the last one in the string. For a positive field
1263 number, this means there are not enough fields. For a negative field number,
1264 check that there are enough, and scan back to find the one that is wanted. */
1265
1266 if (sep == 0)
1267 {
1268 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1269 if ((-field) == (INT_MAX - count - 1)) return s;
1270 while (field++ < 0)
1271 {
1272 ss--;
1273 while (ss[-1] != 0) ss--;
1274 }
1275 fieldtext = ss;
1276 break;
1277 }
1278
1279 /* Previous field was not last in the string; save its start and put a
1280 zero at its end. */
1281
1282 fieldtext = ss;
1283 len = Ustrcspn(ss, separators);
1284 sep = ss[len];
1285 ss[len] = 0;
1286 ss += len + 1;
1287 }
1288
1289return fieldtext;
1290}
1291
1292
aa26e137 1293static uschar *
55414b25 1294expand_getlistele(int field, const uschar * list)
aa26e137 1295{
8fdf20fd
JH
1296const uschar * tlist = list;
1297int sep = 0;
aa26e137
JH
1298uschar dummy;
1299
8fdf20fd 1300if (field < 0)
0f0c8159 1301 {
8fdf20fd
JH
1302 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1303 sep = 0;
0f0c8159 1304 }
8fdf20fd
JH
1305if (field == 0) return NULL;
1306while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
aa26e137
JH
1307return string_nextinlist(&list, &sep, NULL, 0);
1308}
059ec3d9 1309
9d1c15ef
JH
1310
1311/* Certificate fields, by name. Worry about by-OID later */
9e4dddbd 1312/* Names are chosen to not have common prefixes */
9d1c15ef 1313
01603eec 1314#ifndef DISABLE_TLS
9d1c15ef
JH
1315typedef struct
1316{
1317uschar * name;
9e4dddbd
JH
1318int namelen;
1319uschar * (*getfn)(void * cert, uschar * mod);
9d1c15ef
JH
1320} certfield;
1321static certfield certfields[] =
1322{ /* linear search; no special order */
9e4dddbd
JH
1323 { US"version", 7, &tls_cert_version },
1324 { US"serial_number", 13, &tls_cert_serial_number },
1325 { US"subject", 7, &tls_cert_subject },
1326 { US"notbefore", 9, &tls_cert_not_before },
1327 { US"notafter", 8, &tls_cert_not_after },
1328 { US"issuer", 6, &tls_cert_issuer },
1329 { US"signature", 9, &tls_cert_signature },
1330 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1331 { US"subj_altname", 12, &tls_cert_subject_altname },
1332 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1333 { US"crl_uri", 7, &tls_cert_crl_uri },
9d1c15ef
JH
1334};
1335
1336static uschar *
1337expand_getcertele(uschar * field, uschar * certvar)
1338{
1339var_entry * vp;
9d1c15ef
JH
1340
1341if (!(vp = find_var_ent(certvar)))
1342 {
94431adb 1343 expand_string_message =
9d1c15ef
JH
1344 string_sprintf("no variable named \"%s\"", certvar);
1345 return NULL; /* Unknown variable name */
1346 }
1347/* NB this stops us passing certs around in variable. Might
1348want to do that in future */
1349if (vp->type != vtype_cert)
1350 {
94431adb 1351 expand_string_message =
9d1c15ef
JH
1352 string_sprintf("\"%s\" is not a certificate", certvar);
1353 return NULL; /* Unknown variable name */
1354 }
1355if (!*(void **)vp->value)
1356 return NULL;
1357
1358if (*field >= '0' && *field <= '9')
1359 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1360
d7978c0f
JH
1361for (certfield * cp = certfields;
1362 cp < certfields + nelem(certfields);
1363 cp++)
9e4dddbd
JH
1364 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1365 {
1366 uschar * modifier = *(field += cp->namelen) == ','
1367 ? ++field : NULL;
1368 return (*cp->getfn)( *(void **)vp->value, modifier );
1369 }
9d1c15ef 1370
94431adb 1371expand_string_message =
9d1c15ef
JH
1372 string_sprintf("bad field selector \"%s\" for certextract", field);
1373return NULL;
1374}
01603eec 1375#endif /*DISABLE_TLS*/
9d1c15ef 1376
059ec3d9
PH
1377/*************************************************
1378* Extract a substring from a string *
1379*************************************************/
1380
1381/* Perform the ${substr or ${length expansion operations.
1382
1383Arguments:
1384 subject the input string
1385 value1 the offset from the start of the input string to the start of
1386 the output string; if negative, count from the right.
1387 value2 the length of the output string, or negative (-1) for unset
1388 if value1 is positive, unset means "all after"
1389 if value1 is negative, unset means "all before"
1390 len set to the length of the returned string
1391
1392Returns: pointer to the output string, or NULL if there is an error
1393*/
1394
1395static uschar *
1396extract_substr(uschar *subject, int value1, int value2, int *len)
1397{
1398int sublen = Ustrlen(subject);
1399
1400if (value1 < 0) /* count from right */
1401 {
1402 value1 += sublen;
1403
1404 /* If the position is before the start, skip to the start, and adjust the
1405 length. If the length ends up negative, the substring is null because nothing
1406 can precede. This falls out naturally when the length is unset, meaning "all
1407 to the left". */
1408
1409 if (value1 < 0)
1410 {
1411 value2 += value1;
1412 if (value2 < 0) value2 = 0;
1413 value1 = 0;
1414 }
1415
1416 /* Otherwise an unset length => characters before value1 */
1417
1418 else if (value2 < 0)
1419 {
1420 value2 = value1;
1421 value1 = 0;
1422 }
1423 }
1424
1425/* For a non-negative offset, if the starting position is past the end of the
1426string, the result will be the null string. Otherwise, an unset length means
1427"rest"; just set it to the maximum - it will be cut down below if necessary. */
1428
1429else
1430 {
1431 if (value1 > sublen)
1432 {
1433 value1 = sublen;
1434 value2 = 0;
1435 }
1436 else if (value2 < 0) value2 = sublen;
1437 }
1438
1439/* Cut the length down to the maximum possible for the offset value, and get
1440the required characters. */
1441
1442if (value1 + value2 > sublen) value2 = sublen - value1;
1443*len = value2;
1444return subject + value1;
1445}
1446
1447
1448
1449
1450/*************************************************
1451* Old-style hash of a string *
1452*************************************************/
1453
1454/* Perform the ${hash expansion operation.
1455
1456Arguments:
1457 subject the input string (an expanded substring)
1458 value1 the length of the output string; if greater or equal to the
1459 length of the input string, the input string is returned
1460 value2 the number of hash characters to use, or 26 if negative
1461 len set to the length of the returned string
1462
1463Returns: pointer to the output string, or NULL if there is an error
1464*/
1465
1466static uschar *
1467compute_hash(uschar *subject, int value1, int value2, int *len)
1468{
1469int sublen = Ustrlen(subject);
1470
1471if (value2 < 0) value2 = 26;
1472else if (value2 > Ustrlen(hashcodes))
1473 {
1474 expand_string_message =
1475 string_sprintf("hash count \"%d\" too big", value2);
1476 return NULL;
1477 }
1478
1479/* Calculate the hash text. We know it is shorter than the original string, so
1480can safely place it in subject[] (we know that subject is always itself an
1481expanded substring). */
1482
1483if (value1 < sublen)
1484 {
1485 int c;
1486 int i = 0;
1487 int j = value1;
1488 while ((c = (subject[j])) != 0)
1489 {
1490 int shift = (c + j++) & 7;
1491 subject[i] ^= (c << shift) | (c >> (8-shift));
1492 if (++i >= value1) i = 0;
1493 }
1494 for (i = 0; i < value1; i++)
1495 subject[i] = hashcodes[(subject[i]) % value2];
1496 }
1497else value1 = sublen;
1498
1499*len = value1;
1500return subject;
1501}
1502
1503
1504
1505
1506/*************************************************
1507* Numeric hash of a string *
1508*************************************************/
1509
1510/* Perform the ${nhash expansion operation. The first characters of the
1511string are treated as most important, and get the highest prime numbers.
1512
1513Arguments:
1514 subject the input string
1515 value1 the maximum value of the first part of the result
1516 value2 the maximum value of the second part of the result,
1517 or negative to produce only a one-part result
1518 len set to the length of the returned string
1519
1520Returns: pointer to the output string, or NULL if there is an error.
1521*/
1522
1523static uschar *
1524compute_nhash (uschar *subject, int value1, int value2, int *len)
1525{
1526uschar *s = subject;
1527int i = 0;
1528unsigned long int total = 0; /* no overflow */
1529
1530while (*s != 0)
1531 {
0539a19d 1532 if (i == 0) i = nelem(prime) - 1;
059ec3d9
PH
1533 total += prime[i--] * (unsigned int)(*s++);
1534 }
1535
1536/* If value2 is unset, just compute one number */
1537
1538if (value2 < 0)
bb07bcd3 1539 s = string_sprintf("%lu", total % value1);
059ec3d9
PH
1540
1541/* Otherwise do a div/mod hash */
1542
1543else
1544 {
1545 total = total % (value1 * value2);
bb07bcd3 1546 s = string_sprintf("%lu/%lu", total/value2, total % value2);
059ec3d9
PH
1547 }
1548
1549*len = Ustrlen(s);
1550return s;
1551}
1552
1553
1554
1555
1556
1557/*************************************************
1558* Find the value of a header or headers *
1559*************************************************/
1560
1561/* Multiple instances of the same header get concatenated, and this function
1562can also return a concatenation of all the header lines. When concatenating
1563specific headers that contain lists of addresses, a comma is inserted between
1564them. Otherwise we use a straight concatenation. Because some messages can have
1565pathologically large number of lines, there is a limit on the length that is
5d26aacd 1566returned.
059ec3d9
PH
1567
1568Arguments:
1569 name the name of the header, without the leading $header_ or $h_,
1570 or NULL if a concatenation of all headers is required
059ec3d9
PH
1571 newsize return the size of memory block that was obtained; may be NULL
1572 if exists_only is TRUE
bce15b62
JH
1573 flags FH_EXISTS_ONLY
1574 set if called from a def: test; don't need to build a string;
1575 just return a string that is not "" and not "0" if the header
1576 exists
1577 FH_WANT_RAW
5d26aacd 1578 set if called for $rh_ or $rheader_ items; no processing,
bce15b62
JH
1579 other than concatenating, will be done on the header. Also used
1580 for $message_headers_raw.
1581 FH_WANT_LIST
1582 Double colon chars in the content, and replace newline with
1583 colon between each element when concatenating; returning a
1584 colon-sep list (elements might contain newlines)
059ec3d9
PH
1585 charset name of charset to translate MIME words to; used only if
1586 want_raw is false; if NULL, no translation is done (this is
1587 used for $bh_ and $bheader_)
1588
1589Returns: NULL if the header does not exist, else a pointer to a new
1590 store block
1591*/
1592
1593static uschar *
bce15b62 1594find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
059ec3d9 1595{
bce15b62
JH
1596BOOL found = !name;
1597int len = name ? Ustrlen(name) : 0;
1598BOOL comma = FALSE;
bce15b62 1599gstring * g = NULL;
059ec3d9 1600
d7978c0f 1601for (header_line * h = header_list; h; h = h->next)
bce15b62
JH
1602 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1603 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1604 {
1605 uschar * s, * t;
1606 size_t inc;
fd700877 1607
bce15b62
JH
1608 if (flags & FH_EXISTS_ONLY)
1609 return US"1"; /* don't need actual string */
fd700877 1610
bce15b62
JH
1611 found = TRUE;
1612 s = h->text + len; /* text to insert */
1613 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1614 while (isspace(*s)) s++; /* remove leading white space */
1615 t = h->text + h->slen; /* end-point */
059ec3d9 1616
bce15b62
JH
1617 /* Unless wanted raw, remove trailing whitespace, including the
1618 newline. */
059ec3d9 1619
bce15b62
JH
1620 if (flags & FH_WANT_LIST)
1621 while (t > s && t[-1] == '\n') t--;
1622 else if (!(flags & FH_WANT_RAW))
1623 {
1624 while (t > s && isspace(t[-1])) t--;
059ec3d9 1625
bce15b62
JH
1626 /* Set comma if handling a single header and it's one of those
1627 that contains an address list, except when asked for raw headers. Only
1628 need to do this once. */
059ec3d9 1629
bce15b62
JH
1630 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1631 }
059ec3d9 1632
bce15b62
JH
1633 /* Trim the header roughly if we're approaching limits */
1634 inc = t - s;
ba5120a4
JH
1635 if (gstring_length(g) + inc > header_insert_maxlen)
1636 inc = header_insert_maxlen - gstring_length(g);
bce15b62
JH
1637
1638 /* For raw just copy the data; for a list, add the data as a colon-sep
1639 list-element; for comma-list add as an unchecked comma,newline sep
1640 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1641 stripped trailing WS above including the newline). We ignore the potential
1642 expansion due to colon-doubling, just leaving the loop if the limit is met
1643 or exceeded. */
1644
1645 if (flags & FH_WANT_LIST)
1646 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1647 else if (flags & FH_WANT_RAW)
bce15b62 1648 g = string_catn(g, s, (unsigned)inc);
bce15b62 1649 else if (inc > 0)
ba5120a4
JH
1650 g = string_append2_listele_n(g, comma ? US",\n" : US"\n",
1651 s, (unsigned)inc);
059ec3d9 1652
ba5120a4 1653 if (gstring_length(g) >= header_insert_maxlen) break;
bce15b62 1654 }
059ec3d9 1655
bce15b62
JH
1656if (!found) return NULL; /* No header found */
1657if (!g) return US"";
059ec3d9 1658
059ec3d9
PH
1659/* That's all we do for raw header expansion. */
1660
bce15b62
JH
1661*newsize = g->size;
1662if (flags & FH_WANT_RAW)
ba5120a4 1663 return string_from_gstring(g);
059ec3d9 1664
bce15b62
JH
1665/* Otherwise do RFC 2047 decoding, translating the charset if requested.
1666The rfc2047_decode2() function can return an error with decoded data if the
1667charset translation fails. If decoding fails, it returns NULL. */
059ec3d9
PH
1668
1669else
1670 {
ba5120a4
JH
1671 uschar * error, * decoded = rfc2047_decode2(string_from_gstring(g),
1672 check_rfc2047_length, charset, '?', NULL, newsize, &error);
bce15b62 1673 if (error)
059ec3d9 1674 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
bce15b62 1675 " input was: %s\n", error, g->s);
ba5120a4 1676 return decoded ? decoded : string_from_gstring(g);
059ec3d9 1677 }
059ec3d9
PH
1678}
1679
1680
1681
1682
c8599aad 1683/* Append a "local" element to an Authentication-Results: header
40394cc1
JH
1684if this was a non-smtp message.
1685*/
1686
1687static gstring *
1688authres_local(gstring * g, const uschar * sysname)
1689{
8768d548 1690if (!f.authentication_local)
40394cc1
JH
1691 return g;
1692g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1693if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1694return g;
1695}
1696
1697
c8599aad 1698/* Append an "iprev" element to an Authentication-Results: header
dfbcb5ac
JH
1699if we have attempted to get the calling host's name.
1700*/
1701
1702static gstring *
1703authres_iprev(gstring * g)
1704{
1705if (sender_host_name)
61e3f250
JH
1706 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1707else if (host_lookup_deferred)
1708 g = string_catn(g, US";\n\tiprev=temperror", 19);
1709else if (host_lookup_failed)
1710 g = string_catn(g, US";\n\tiprev=fail", 13);
0a682b6c 1711else
61e3f250
JH
1712 return g;
1713
1714if (sender_host_address)
99efa4cf 1715 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
dfbcb5ac
JH
1716return g;
1717}
1718
1719
1720
059ec3d9 1721/*************************************************
362145b5
JH
1722* Return list of recipients *
1723*************************************************/
1724/* A recipients list is available only during system message filtering,
1725during ACL processing after DATA, and while expanding pipe commands
1726generated from a system filter, but not elsewhere. */
1727
1728static uschar *
1729fn_recipients(void)
1730{
bce15b62 1731uschar * s;
acec9514 1732gstring * g = NULL;
acec9514 1733
8768d548 1734if (!f.enable_dollar_recipients) return NULL;
acec9514 1735
d7978c0f 1736for (int i = 0; i < recipients_count; i++)
362145b5 1737 {
bce15b62
JH
1738 s = recipients_list[i].address;
1739 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
362145b5 1740 }
bce15b62 1741return g ? g->s : NULL;
362145b5
JH
1742}
1743
1744
1745/*************************************************
04403ab0
JH
1746* Return size of queue *
1747*************************************************/
1748/* Ask the daemon for the queue size */
1749
1750static uschar *
1751fn_queue_size(void)
1752{
1753struct sockaddr_un sun = {.sun_family = AF_UNIX};
1754uschar buf[16];
1755int fd;
1756ssize_t len;
1757const uschar * where;
1758
1759if ((fd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
1760 {
1761 DEBUG(D_expand) debug_printf(" socket: %s\n", strerror(errno));
1762 return NULL;
1763 }
1764
1765#define ABSTRACT_CLIENT
1766#ifdef ABSTRACT_CLIENT
1767sun.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1768len = offsetof(struct sockaddr_un, sun_path) + 1
1769 + snprintf(sun.sun_path+1, sizeof(sun.sun_path)-1, "exim_%d", getpid());
1770#else
1771len = offsetof(struct sockaddr_un, sun_path)
1772 + snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/p_%d",
1773 spool_directory, getpid());
1774#endif
1775
5399df80
JH
1776if (bind(fd, (const struct sockaddr *)&sun, len) < 0)
1777 { where = US"bind"; goto bad; }
04403ab0
JH
1778
1779#ifdef notdef
1780debug_printf("local%s '%s'\n", *sun.sun_path ? "" : " abstract",
1781 sun.sun_path+ (*sun.sun_path ? 0 : 1));
1782#endif
1783
1784sun.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1785len = offsetof(struct sockaddr_un, sun_path) + 1
1786 + snprintf(sun.sun_path+1, sizeof(sun.sun_path)-1, "%s", NOTIFIER_SOCKET_NAME);
1787
5399df80
JH
1788if (connect(fd, (const struct sockaddr *)&sun, len) < 0)
1789 { where = US"connect"; goto bad; }
04403ab0
JH
1790
1791buf[0] = NOTIFY_QUEUE_SIZE_REQ;
1792if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; }
1793
1794if ((len = recv(fd, buf, sizeof(buf), 0)) < 0) { where = US"recv"; goto bad; }
1795
1796close(fd);
1797return string_copyn(buf, len);
1798
1799bad:
1800 close(fd);
1801 DEBUG(D_expand) debug_printf(" %s: %s\n", where, strerror(errno));
1802 return NULL;
1803}
1804
1805
1806/*************************************************
059ec3d9
PH
1807* Find value of a variable *
1808*************************************************/
1809
1810/* The table of variables is kept in alphabetic order, so we can search it
1811using a binary chop. The "choplen" variable is nothing to do with the binary
1812chop.
1813
1814Arguments:
1815 name the name of the variable being sought
1816 exists_only TRUE if this is a def: test; passed on to find_header()
1817 skipping TRUE => skip any processing evaluation; this is not the same as
1818 exists_only because def: may test for values that are first
1819 evaluated here
1820 newsize pointer to an int which is initially zero; if the answer is in
1821 a new memory buffer, *newsize is set to its size
1822
1823Returns: NULL if the variable does not exist, or
1824 a pointer to the variable's contents, or
1825 something non-NULL if exists_only is TRUE
1826*/
1827
1828static uschar *
1829find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1830{
9d1c15ef
JH
1831var_entry * vp;
1832uschar *s, *domain;
1833uschar **ss;
1834void * val;
059ec3d9 1835
38a0a95f
PH
1836/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1837Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1838release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH
1839characters are acl_c or acl_m and the sixth is either a digit or an underscore
1840(this gave backwards compatibility at the changeover). There may be built-in
1841variables whose names start acl_ but they should never start in this way. This
1842slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1843
38a0a95f
PH
1844If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1845set, in which case give an error. */
47ca6d6c 1846
641cb756
PH
1847if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1848 !isalpha(name[5]))
38a0a95f 1849 {
fa7b17bd
JH
1850 tree_node * node =
1851 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1852 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1853 }
1854else if (Ustrncmp(name, "r_", 2) == 0)
1855 {
1856 tree_node * node = tree_search(router_var, name + 2);
63df3f26 1857 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
47ca6d6c
PH
1858 }
1859
38a0a95f 1860/* Handle $auth<n> variables. */
f78eb7c6
PH
1861
1862if (Ustrncmp(name, "auth", 4) == 0)
1863 {
1864 uschar *endptr;
1865 int n = Ustrtoul(name + 4, &endptr, 10);
1866 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
f38917cc
JH
1867 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1868 }
1869else if (Ustrncmp(name, "regex", 5) == 0)
1870 {
1871 uschar *endptr;
1872 int n = Ustrtoul(name + 5, &endptr, 10);
1873 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1874 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
f78eb7c6
PH
1875 }
1876
47ca6d6c
PH
1877/* For all other variables, search the table */
1878
9d1c15ef
JH
1879if (!(vp = find_var_ent(name)))
1880 return NULL; /* Unknown variable name */
059ec3d9 1881
9d1c15ef
JH
1882/* Found an existing variable. If in skipping state, the value isn't needed,
1883and we want to avoid processing (such as looking up the host name). */
059ec3d9 1884
9d1c15ef
JH
1885if (skipping)
1886 return US"";
059ec3d9 1887
9d1c15ef
JH
1888val = vp->value;
1889switch (vp->type)
1890 {
1891 case vtype_filter_int:
8768d548 1892 if (!f.filter_running) return NULL;
63df3f26
JH
1893 /* Fall through */
1894 /* VVVVVVVVVVVV */
9d1c15ef 1895 case vtype_int:
63df3f26
JH
1896 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1897 return var_buffer;
9d1c15ef
JH
1898
1899 case vtype_ino:
63df3f26
JH
1900 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1901 return var_buffer;
9d1c15ef
JH
1902
1903 case vtype_gid:
63df3f26
JH
1904 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1905 return var_buffer;
9d1c15ef
JH
1906
1907 case vtype_uid:
63df3f26
JH
1908 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1909 return var_buffer;
9d1c15ef
JH
1910
1911 case vtype_bool:
63df3f26
JH
1912 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1913 return var_buffer;
9d1c15ef
JH
1914
1915 case vtype_stringptr: /* Pointer to string */
63df3f26 1916 return (s = *((uschar **)(val))) ? s : US"";
9d1c15ef
JH
1917
1918 case vtype_pid:
63df3f26
JH
1919 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1920 return var_buffer;
9d1c15ef
JH
1921
1922 case vtype_load_avg:
63df3f26
JH
1923 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1924 return var_buffer;
9d1c15ef
JH
1925
1926 case vtype_host_lookup: /* Lookup if not done so */
2d0dc929
JH
1927 if ( !sender_host_name && sender_host_address
1928 && !host_lookup_failed && host_name_lookup() == OK)
63df3f26 1929 host_build_sender_fullhost();
2d0dc929 1930 return sender_host_name ? sender_host_name : US"";
9d1c15ef
JH
1931
1932 case vtype_localpart: /* Get local part from address */
f3ebb786
JH
1933 if (!(s = *((uschar **)(val)))) return US"";
1934 if (!(domain = Ustrrchr(s, '@'))) return s;
63df3f26
JH
1935 if (domain - s > sizeof(var_buffer) - 1)
1936 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1937 " in string expansion", sizeof(var_buffer));
f3ebb786 1938 return string_copyn(s, domain - s);
9d1c15ef
JH
1939
1940 case vtype_domain: /* Get domain from address */
f3ebb786 1941 if (!(s = *((uschar **)(val)))) return US"";
63df3f26 1942 domain = Ustrrchr(s, '@');
f3ebb786 1943 return domain ? domain + 1 : US"";
9d1c15ef
JH
1944
1945 case vtype_msgheaders:
bce15b62 1946 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
9d1c15ef
JH
1947
1948 case vtype_msgheaders_raw:
bce15b62
JH
1949 return find_header(NULL, newsize,
1950 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
9d1c15ef
JH
1951
1952 case vtype_msgbody: /* Pointer to msgbody string */
1953 case vtype_msgbody_end: /* Ditto, the end of the msg */
63df3f26 1954 ss = (uschar **)(val);
d315eda1 1955 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
059ec3d9 1956 {
63df3f26
JH
1957 uschar *body;
1958 off_t start_offset = SPOOL_DATA_START_OFFSET;
1959 int len = message_body_visible;
1960 if (len > message_size) len = message_size;
1961 *ss = body = store_malloc(len+1);
1962 body[0] = 0;
1963 if (vp->type == vtype_msgbody_end)
9d1c15ef 1964 {
63df3f26
JH
1965 struct stat statbuf;
1966 if (fstat(deliver_datafile, &statbuf) == 0)
1967 {
1968 start_offset = statbuf.st_size - len;
1969 if (start_offset < SPOOL_DATA_START_OFFSET)
1970 start_offset = SPOOL_DATA_START_OFFSET;
1971 }
9d1c15ef 1972 }
d4ff61d1
JH
1973 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1974 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1975 strerror(errno));
63df3f26
JH
1976 len = read(deliver_datafile, body, len);
1977 if (len > 0)
9d1c15ef 1978 {
63df3f26
JH
1979 body[len] = 0;
1980 if (message_body_newlines) /* Separate loops for efficiency */
1981 while (len > 0)
1982 { if (body[--len] == 0) body[len] = ' '; }
1983 else
1984 while (len > 0)
1985 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
9d1c15ef 1986 }
059ec3d9 1987 }
d315eda1 1988 return *ss ? *ss : US"";
059ec3d9 1989
9d1c15ef 1990 case vtype_todbsdin: /* BSD inbox time of day */
63df3f26 1991 return tod_stamp(tod_bsdin);
059ec3d9 1992
9d1c15ef 1993 case vtype_tode: /* Unix epoch time of day */
63df3f26 1994 return tod_stamp(tod_epoch);
059ec3d9 1995
9d1c15ef 1996 case vtype_todel: /* Unix epoch/usec time of day */
63df3f26 1997 return tod_stamp(tod_epoch_l);
f5787926 1998
9d1c15ef 1999 case vtype_todf: /* Full time of day */
63df3f26 2000 return tod_stamp(tod_full);
059ec3d9 2001
9d1c15ef 2002 case vtype_todl: /* Log format time of day */
63df3f26 2003 return tod_stamp(tod_log_bare); /* (without timezone) */
059ec3d9 2004
9d1c15ef 2005 case vtype_todzone: /* Time zone offset only */
63df3f26 2006 return tod_stamp(tod_zone);
059ec3d9 2007
9d1c15ef 2008 case vtype_todzulu: /* Zulu time */
63df3f26 2009 return tod_stamp(tod_zulu);
059ec3d9 2010
9d1c15ef 2011 case vtype_todlf: /* Log file datestamp tod */
63df3f26 2012 return tod_stamp(tod_log_datestamp_daily);
059ec3d9 2013
9d1c15ef 2014 case vtype_reply: /* Get reply address */
bce15b62
JH
2015 s = find_header(US"reply-to:", newsize,
2016 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2017 headers_charset);
9cffa436
JH
2018 if (s) while (isspace(*s)) s++;
2019 if (!s || !*s)
63df3f26
JH
2020 {
2021 *newsize = 0; /* For the *s==0 case */
bce15b62
JH
2022 s = find_header(US"from:", newsize,
2023 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2024 headers_charset);
63df3f26 2025 }
9cffa436 2026 if (s)
63df3f26
JH
2027 {
2028 uschar *t;
2029 while (isspace(*s)) s++;
2030 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
2031 while (t > s && isspace(t[-1])) t--;
2032 *t = 0;
2033 }
9cffa436 2034 return s ? s : US"";
059ec3d9 2035
9d1c15ef
JH
2036 case vtype_string_func:
2037 {
6d95688d 2038 stringptr_fn_t * fn = (stringptr_fn_t *) val;
9d1c15ef
JH
2039 return fn();
2040 }
8e669ac1 2041
9d1c15ef
JH
2042 case vtype_pspace:
2043 {
2044 int inodes;
8c513105 2045 sprintf(CS var_buffer, PR_EXIM_ARITH,
9d1c15ef
JH
2046 receive_statvfs(val == (void *)TRUE, &inodes));
2047 }
2048 return var_buffer;
8e669ac1 2049
9d1c15ef
JH
2050 case vtype_pinodes:
2051 {
2052 int inodes;
2053 (void) receive_statvfs(val == (void *)TRUE, &inodes);
2054 sprintf(CS var_buffer, "%d", inodes);
2055 }
2056 return var_buffer;
80a47a2c 2057
9d1c15ef 2058 case vtype_cert:
63df3f26 2059 return *(void **)val ? US"<cert>" : US"";
80a47a2c 2060
63df3f26 2061#ifndef DISABLE_DKIM
9d1c15ef 2062 case vtype_dkim:
63df3f26
JH
2063 return dkim_exim_expand_query((int)(long)val);
2064#endif
059ec3d9 2065
9d1c15ef 2066 }
6c08476d
LM
2067
2068return NULL; /* Unknown variable. Silences static checkers. */
059ec3d9
PH
2069}
2070
2071
2072
2073
d9b2312b
JH
2074void
2075modify_variable(uschar *name, void * value)
2076{
9d1c15ef
JH
2077var_entry * vp;
2078if ((vp = find_var_ent(name))) vp->value = value;
d9b2312b
JH
2079return; /* Unknown variable name, fail silently */
2080}
2081
2082
2083
2084
2085
cf0812d5 2086
059ec3d9
PH
2087/*************************************************
2088* Read and expand substrings *
2089*************************************************/
2090
2091/* This function is called to read and expand argument substrings for various
2092expansion items. Some have a minimum requirement that is less than the maximum;
2093in these cases, the first non-present one is set to NULL.
2094
2095Arguments:
2096 sub points to vector of pointers to set
2097 n maximum number of substrings
2098 m minimum required
2099 sptr points to current string pointer
2100 skipping the skipping flag
2101 check_end if TRUE, check for final '}'
2102 name name of item, for error message
b0e85a8f
JH
2103 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2104 the store.
059ec3d9
PH
2105
2106Returns: 0 OK; string pointer updated
2107 1 curly bracketing error (too few arguments)
2108 2 too many arguments (only if check_end is set); message set
2109 3 other error (expansion failure)
2110*/
2111
2112static int
55414b25 2113read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
b0e85a8f 2114 BOOL check_end, uschar *name, BOOL *resetok)
059ec3d9 2115{
55414b25 2116const uschar *s = *sptr;
059ec3d9
PH
2117
2118while (isspace(*s)) s++;
d7978c0f 2119for (int i = 0; i < n; i++)
059ec3d9
PH
2120 {
2121 if (*s != '{')
2122 {
e47376be
JH
2123 if (i < m)
2124 {
2125 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2126 "(min is %d)", name, m);
2127 return 1;
2128 }
059ec3d9
PH
2129 sub[i] = NULL;
2130 break;
2131 }
e47376be
JH
2132 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2133 return 3;
059ec3d9
PH
2134 if (*s++ != '}') return 1;
2135 while (isspace(*s)) s++;
2136 }
2137if (check_end && *s++ != '}')
2138 {
2139 if (s[-1] == '{')
2140 {
e47376be 2141 expand_string_message = string_sprintf("Too many arguments for '%s' "
059ec3d9
PH
2142 "(max is %d)", name, n);
2143 return 2;
2144 }
e47376be 2145 expand_string_message = string_sprintf("missing '}' after '%s'", name);
059ec3d9
PH
2146 return 1;
2147 }
2148
2149*sptr = s;
2150return 0;
2151}
2152
2153
2154
2155
2156/*************************************************
641cb756
PH
2157* Elaborate message for bad variable *
2158*************************************************/
2159
2160/* For the "unknown variable" message, take a look at the variable's name, and
2161give additional information about possible ACL variables. The extra information
2162is added on to expand_string_message.
2163
2164Argument: the name of the variable
2165Returns: nothing
2166*/
2167
2168static void
2169check_variable_error_message(uschar *name)
2170{
2171if (Ustrncmp(name, "acl_", 4) == 0)
2172 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2173 (name[4] == 'c' || name[4] == 'm')?
2174 (isalpha(name[5])?
2175 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2176 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2177 ) :
2178 US"user-defined ACL variables must start acl_c or acl_m");
2179}
2180
2181
2182
f60d98e8
JH
2183/*
2184Load args from sub array to globals, and call acl_check().
ef21c07d 2185Sub array will be corrupted on return.
f60d98e8
JH
2186
2187Returns: OK access is granted by an ACCEPT verb
6e3b198d 2188 DISCARD access is (apparently) granted by a DISCARD verb
f60d98e8
JH
2189 FAIL access is denied
2190 FAIL_DROP access is denied; drop the connection
2191 DEFER can't tell at the moment
2192 ERROR disaster
2193*/
2194static int
2195eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2196{
2197int i;
ef21c07d
JH
2198int sav_narg = acl_narg;
2199int ret;
93a6fce2 2200uschar * dummy_logmsg;
faa05a93 2201extern int acl_where;
f60d98e8 2202
0539a19d 2203if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
ef21c07d
JH
2204for (i = 0; i < nsub && sub[i+1]; i++)
2205 {
93a6fce2 2206 uschar * tmp = acl_arg[i];
ef21c07d
JH
2207 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2208 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2209 }
2210acl_narg = i;
bef3ea7f 2211while (i < nsub)
ef21c07d
JH
2212 {
2213 sub[i+1] = acl_arg[i];
2214 acl_arg[i++] = NULL;
2215 }
f60d98e8
JH
2216
2217DEBUG(D_expand)
e1d04f48 2218 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
f60d98e8 2219 sub[0],
60f8e1e8
JH
2220 acl_narg>0 ? acl_arg[0] : US"<none>",
2221 acl_narg>1 ? " +more" : "");
f60d98e8 2222
93a6fce2 2223ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
ef21c07d
JH
2224
2225for (i = 0; i < nsub; i++)
2226 acl_arg[i] = sub[i+1]; /* restore old args */
2227acl_narg = sav_narg;
2228
2229return ret;
f60d98e8
JH
2230}
2231
2232
2233
2234
7f69e814
JH
2235/* Return pointer to dewrapped string, with enclosing specified chars removed.
2236The given string is modified on return. Leading whitespace is skipped while
2237looking for the opening wrap character, then the rest is scanned for the trailing
2238(non-escaped) wrap character. A backslash in the string will act as an escape.
2239
2240A nul is written over the trailing wrap, and a pointer to the char after the
2241leading wrap is returned.
2242
2243Arguments:
2244 s String for de-wrapping
2245 wrap Two-char string, the first being the opener, second the closer wrapping
2246 character
2247Return:
2248 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2249*/
2250
2251static uschar *
2252dewrap(uschar * s, const uschar * wrap)
2253{
2254uschar * p = s;
2255unsigned depth = 0;
2256BOOL quotesmode = wrap[0] == wrap[1];
2257
2258while (isspace(*p)) p++;
2259
2260if (*p == *wrap)
2261 {
2262 s = ++p;
2263 wrap++;
2264 while (*p)
2265 {
2266 if (*p == '\\') p++;
2267 else if (!quotesmode && *p == wrap[-1]) depth++;
2268 else if (*p == *wrap)
2269 if (depth == 0)
2270 {
2271 *p = '\0';
2272 return s;
2273 }
2274 else
2275 depth--;
2276 p++;
2277 }
2278 }
2279expand_string_message = string_sprintf("missing '%c'", *wrap);
2280return NULL;
2281}
2282
2283
2284/* Pull off the leading array or object element, returning
2285a copy in an allocated string. Update the list pointer.
2286
2287The element may itself be an abject or array.
2288Return NULL when the list is empty.
2289*/
2290
2291static uschar *
2292json_nextinlist(const uschar ** list)
2293{
2294unsigned array_depth = 0, object_depth = 0;
2295const uschar * s = *list, * item;
2296
2297while (isspace(*s)) s++;
2298
2299for (item = s;
2300 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2301 s++)
2302 switch (*s)
2303 {
2304 case '[': array_depth++; break;
2305 case ']': array_depth--; break;
2306 case '{': object_depth++; break;
2307 case '}': object_depth--; break;
2308 }
2309*list = *s ? s+1 : s;
2310if (item == s) return NULL;
2311item = string_copyn(item, s - item);
2312DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2313return US item;
2314}
2315
2316
2317
21aa0597
JH
2318/************************************************/
2319/* Return offset in ops table, or -1 if not found.
2320Repoint to just after the operator in the string.
2321
2322Argument:
2323 ss string representation of operator
2324 opname split-out operator name
2325*/
2326
2327static int
2328identify_operator(const uschar ** ss, uschar ** opname)
2329{
2330const uschar * s = *ss;
2331uschar name[256];
2332
2333/* Numeric comparisons are symbolic */
2334
2335if (*s == '=' || *s == '>' || *s == '<')
2336 {
2337 int p = 0;
2338 name[p++] = *s++;
2339 if (*s == '=')
2340 {
2341 name[p++] = '=';
2342 s++;
2343 }
2344 name[p] = 0;
2345 }
2346
2347/* All other conditions are named */
2348
2349else
2350 s = read_name(name, sizeof(name), s, US"_");
2351*ss = s;
2352
2353/* If we haven't read a name, it means some non-alpha character is first. */
2354
2355if (!name[0])
2356 {
2357 expand_string_message = string_sprintf("condition name expected, "
2358 "but found \"%.16s\"", s);
2359 return -1;
2360 }
2361if (opname)
2362 *opname = string_copy(name);
2363
2364return chop_match(name, cond_table, nelem(cond_table));
2365}
2366
2367
641cb756 2368/*************************************************
7ef88aa0
JH
2369* Handle MD5 or SHA-1 computation for HMAC *
2370*************************************************/
2371
2372/* These are some wrapping functions that enable the HMAC code to be a bit
2373cleaner. A good compiler will spot the tail recursion.
2374
2375Arguments:
2376 type HMAC_MD5 or HMAC_SHA1
2377 remaining are as for the cryptographic hash functions
2378
2379Returns: nothing
2380*/
2381
2382static void
2383chash_start(int type, void * base)
2384{
2385if (type == HMAC_MD5)
2386 md5_start((md5 *)base);
2387else
2388 sha1_start((hctx *)base);
2389}
2390
2391static void
2392chash_mid(int type, void * base, const uschar * string)
2393{
2394if (type == HMAC_MD5)
2395 md5_mid((md5 *)base, string);
2396else
2397 sha1_mid((hctx *)base, string);
2398}
2399
2400static void
2401chash_end(int type, void * base, const uschar * string, int length,
2402 uschar * digest)
2403{
2404if (type == HMAC_MD5)
2405 md5_end((md5 *)base, string, length, digest);
2406else
2407 sha1_end((hctx *)base, string, length, digest);
2408}
2409
2410
2411
2412
2413/* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as
2414the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer.
2415
2416Arguments:
2417 key encoding key, nul-terminated
2418 src data to be hashed, nul-terminated
2419 buf output buffer
2420 len size of output buffer
2421*/
2422
2423static void
2424hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len)
2425{
2426md5 md5_base;
2427const uschar * keyptr;
2428uschar * p;
2429unsigned int keylen;
2430
2431#define MD5_HASHLEN 16
2432#define MD5_HASHBLOCKLEN 64
2433
2434uschar keyhash[MD5_HASHLEN];
2435uschar innerhash[MD5_HASHLEN];
2436uschar finalhash[MD5_HASHLEN];
2437uschar innerkey[MD5_HASHBLOCKLEN];
2438uschar outerkey[MD5_HASHBLOCKLEN];
2439
2440keyptr = key;
2441keylen = Ustrlen(keyptr);
2442
2443/* If the key is longer than the hash block length, then hash the key
2444first */
2445
2446if (keylen > MD5_HASHBLOCKLEN)
2447 {
2448 chash_start(HMAC_MD5, &md5_base);
2449 chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash);
2450 keyptr = keyhash;
2451 keylen = MD5_HASHLEN;
2452 }
2453
2454/* Now make the inner and outer key values */
2455
2456memset(innerkey, 0x36, MD5_HASHBLOCKLEN);
2457memset(outerkey, 0x5c, MD5_HASHBLOCKLEN);
2458
2459for (int i = 0; i < keylen; i++)
2460 {
2461 innerkey[i] ^= keyptr[i];
2462 outerkey[i] ^= keyptr[i];
2463 }
2464
2465/* Now do the hashes */
2466
2467chash_start(HMAC_MD5, &md5_base);
2468chash_mid(HMAC_MD5, &md5_base, innerkey);
2469chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash);
2470
2471chash_start(HMAC_MD5, &md5_base);
2472chash_mid(HMAC_MD5, &md5_base, outerkey);
2473chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash);
2474
2475/* Encode the final hash as a hex string, limited by output buffer size */
2476
2477p = buf;
2478for (int i = 0, j = len; i < MD5_HASHLEN; i++)
2479 {
2480 if (j-- <= 0) break;
2481 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2482 if (j-- <= 0) break;
2483 *p++ = hex_digits[finalhash[i] & 0x0f];
2484 }
2485return;
2486}
2487
2488
2489/*************************************************
059ec3d9
PH
2490* Read and evaluate a condition *
2491*************************************************/
2492
2493/*
2494Arguments:
2495 s points to the start of the condition text
b0e85a8f
JH
2496 resetok points to a BOOL which is written false if it is unsafe to
2497 free memory. Certain condition types (acl) may have side-effect
2498 allocation which must be preserved.
059ec3d9
PH
2499 yield points to a BOOL to hold the result of the condition test;
2500 if NULL, we are just reading through a condition that is
2501 part of an "or" combination to check syntax, or in a state
2502 where the answer isn't required
2503
2504Returns: a pointer to the first character after the condition, or
2505 NULL after an error
2506*/
2507
55414b25
JH
2508static const uschar *
2509eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
059ec3d9
PH
2510{
2511BOOL testfor = TRUE;
2512BOOL tempcond, combined_cond;
2513BOOL *subcondptr;
5cfd2e57 2514BOOL sub2_honour_dollar = TRUE;
7f69e814 2515BOOL is_forany, is_json, is_jsons;
56dbf856 2516int rc, cond_type, roffset;
97d17305 2517int_eximarith_t num[2];
059ec3d9 2518struct stat statbuf;
21aa0597 2519uschar * opname;
059ec3d9 2520uschar name[256];
55414b25 2521const uschar *sub[10];
059ec3d9
PH
2522
2523const pcre *re;
2524const uschar *rerror;
2525
2526for (;;)
2527 {
2528 while (isspace(*s)) s++;
2529 if (*s == '!') { testfor = !testfor; s++; } else break;
2530 }
2531
21aa0597 2532switch(cond_type = identify_operator(&s, &opname))
059ec3d9 2533 {
9b4768fa
PH
2534 /* def: tests for a non-empty variable, or for the existence of a header. If
2535 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH
2536
2537 case ECOND_DEF:
059ec3d9 2538 {
bce15b62 2539 uschar * t;
059ec3d9 2540
bce15b62
JH
2541 if (*s != ':')
2542 {
2543 expand_string_message = US"\":\" expected after \"def\"";
2544 return NULL;
2545 }
059ec3d9 2546
f3ebb786 2547 s = read_name(name, sizeof(name), s+1, US"_");
059ec3d9 2548
bce15b62
JH
2549 /* Test for a header's existence. If the name contains a closing brace
2550 character, this may be a user error where the terminating colon has been
2551 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9 2552
bce15b62
JH
2553 if ( ( *(t = name) == 'h'
2554 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2555 )
2556 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2557 )
2558 {
f3ebb786 2559 s = read_header_name(name, sizeof(name), s);
bce15b62
JH
2560 /* {-for-text-editors */
2561 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2562 if (yield) *yield =
2563 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2564 }
059ec3d9 2565
bce15b62
JH
2566 /* Test for a variable's having a non-empty value. A non-existent variable
2567 causes an expansion failure. */
2568
2569 else
059ec3d9 2570 {
bce15b62
JH
2571 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2572 {
f3ebb786
JH
2573 expand_string_message = name[0]
2574 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2575 : US"variable name omitted after \"def:\"";
bce15b62
JH
2576 check_variable_error_message(name);
2577 return NULL;
2578 }
2579 if (yield) *yield = (t[0] != 0) == testfor;
059ec3d9 2580 }
059ec3d9 2581
bce15b62
JH
2582 return s;
2583 }
059ec3d9
PH
2584
2585
2586 /* first_delivery tests for first delivery attempt */
2587
2588 case ECOND_FIRST_DELIVERY:
5694b905 2589 if (yield) *yield = f.deliver_firsttime == testfor;
059ec3d9
PH
2590 return s;
2591
2592
2593 /* queue_running tests for any process started by a queue runner */
2594
2595 case ECOND_QUEUE_RUNNING:
5694b905 2596 if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor;
059ec3d9
PH
2597 return s;
2598
2599
2600 /* exists: tests for file existence
2601 isip: tests for any IP address
2602 isip4: tests for an IPv4 address
2603 isip6: tests for an IPv6 address
2604 pam: does PAM authentication
2605 radius: does RADIUS authentication
2606 ldapauth: does LDAP authentication
2607 pwcheck: does Cyrus SASL pwcheck authentication
2608 */
2609
2610 case ECOND_EXISTS:
2611 case ECOND_ISIP:
2612 case ECOND_ISIP4:
2613 case ECOND_ISIP6:
2614 case ECOND_PAM:
2615 case ECOND_RADIUS:
2616 case ECOND_LDAPAUTH:
2617 case ECOND_PWCHECK:
2618
2619 while (isspace(*s)) s++;
b5b871ac 2620 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9 2621
b0e85a8f 2622 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
5694b905 2623 if (!sub[0]) return NULL;
b5b871ac 2624 /* {-for-text-editors */
059ec3d9
PH
2625 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2626
5694b905 2627 if (!yield) return s; /* No need to run the test if skipping */
059ec3d9
PH
2628
2629 switch(cond_type)
2630 {
2631 case ECOND_EXISTS:
2632 if ((expand_forbid & RDO_EXISTS) != 0)
2633 {
2634 expand_string_message = US"File existence tests are not permitted";
2635 return NULL;
2636 }
2637 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2638 break;
2639
2640 case ECOND_ISIP:
2641 case ECOND_ISIP4:
2642 case ECOND_ISIP6:
2643 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 2644 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH
2645 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2646 break;
2647
2648 /* Various authentication tests - all optionally compiled */
2649
2650 case ECOND_PAM:
2651 #ifdef SUPPORT_PAM
2652 rc = auth_call_pam(sub[0], &expand_string_message);
2653 goto END_AUTH;
2654 #else
2655 goto COND_FAILED_NOT_COMPILED;
2656 #endif /* SUPPORT_PAM */
2657
2658 case ECOND_RADIUS:
2659 #ifdef RADIUS_CONFIG_FILE
2660 rc = auth_call_radius(sub[0], &expand_string_message);
2661 goto END_AUTH;
2662 #else
2663 goto COND_FAILED_NOT_COMPILED;
2664 #endif /* RADIUS_CONFIG_FILE */
2665
2666 case ECOND_LDAPAUTH:
2667 #ifdef LOOKUP_LDAP
2668 {
2669 /* Just to keep the interface the same */
2670 BOOL do_cache;
2671 int old_pool = store_pool;
2672 store_pool = POOL_SEARCH;
2673 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2674 &expand_string_message, &do_cache);
2675 store_pool = old_pool;
2676 }
2677 goto END_AUTH;
2678 #else
2679 goto COND_FAILED_NOT_COMPILED;
2680 #endif /* LOOKUP_LDAP */
2681
2682 case ECOND_PWCHECK:
2683 #ifdef CYRUS_PWCHECK_SOCKET
2684 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2685 goto END_AUTH;
2686 #else
2687 goto COND_FAILED_NOT_COMPILED;
2688 #endif /* CYRUS_PWCHECK_SOCKET */
2689
2690 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2691 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2692 END_AUTH:
2693 if (rc == ERROR || rc == DEFER) return NULL;
2694 *yield = (rc == OK) == testfor;
2695 #endif
2696 }
2697 return s;
2698
2699
333eea9c
JH
2700 /* call ACL (in a conditional context). Accept true, deny false.
2701 Defer is a forced-fail. Anything set by message= goes to $value.
f60d98e8
JH
2702 Up to ten parameters are used; we use the braces round the name+args
2703 like the saslauthd condition does, to permit a variable number of args.
2704 See also the expansion-item version EITEM_ACL and the traditional
2705 acl modifier ACLC_ACL.
fd5dad68
JH
2706 Since the ACL may allocate new global variables, tell our caller to not
2707 reclaim memory.
f60d98e8 2708 */
333eea9c
JH
2709
2710 case ECOND_ACL:
bef3ea7f 2711 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
333eea9c 2712 {
55414b25 2713 uschar *sub[10];
333eea9c 2714 uschar *user_msg;
333eea9c 2715 BOOL cond = FALSE;
333eea9c
JH
2716
2717 while (isspace(*s)) s++;
6d9cfc47 2718 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
333eea9c 2719
0539a19d 2720 switch(read_subs(sub, nelem(sub), 1,
b0e85a8f 2721 &s, yield == NULL, TRUE, US"acl", resetok))
333eea9c 2722 {
f60d98e8
JH
2723 case 1: expand_string_message = US"too few arguments or bracketing "
2724 "error for acl";
2725 case 2:
2726 case 3: return NULL;
333eea9c 2727 }
f60d98e8 2728
5694b905 2729 if (yield)
9e70917d 2730 {
17ccbda6 2731 int rc;
9e70917d 2732 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
17ccbda6 2733 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
f60d98e8
JH
2734 {
2735 case OK:
2736 cond = TRUE;
2737 case FAIL:
bef3ea7f 2738 lookup_value = NULL;
f60d98e8 2739 if (user_msg)
acec9514 2740 lookup_value = string_copy(user_msg);
b5b871ac 2741 *yield = cond == testfor;
f60d98e8
JH
2742 break;
2743
2744 case DEFER:
8768d548 2745 f.expand_string_forcedfail = TRUE;
6e3b198d 2746 /*FALLTHROUGH*/
f60d98e8 2747 default:
17ccbda6
JH
2748 expand_string_message = string_sprintf("%s from acl \"%s\"",
2749 rc_names[rc], sub[0]);
f60d98e8
JH
2750 return NULL;
2751 }
9e70917d 2752 }
f60d98e8 2753 return s;
333eea9c 2754 }
333eea9c
JH
2755
2756
059ec3d9
PH
2757 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2758
b0e85a8f 2759 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
059ec3d9
PH
2760
2761 However, the last two are optional. That is why the whole set is enclosed
333eea9c 2762 in their own set of braces. */
059ec3d9
PH
2763
2764 case ECOND_SASLAUTHD:
0539a19d
JH
2765#ifndef CYRUS_SASLAUTHD_SOCKET
2766 goto COND_FAILED_NOT_COMPILED;
2767#else
059ec3d9 2768 {
0539a19d
JH
2769 uschar *sub[4];
2770 while (isspace(*s)) s++;
2771 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2772 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2773 resetok))
2774 {
2775 case 1: expand_string_message = US"too few arguments or bracketing "
2776 "error for saslauthd";
2777 case 2:
2778 case 3: return NULL;
2779 }
5694b905
JH
2780 if (!sub[2]) sub[3] = NULL; /* realm if no service */
2781 if (yield)
0539a19d
JH
2782 {
2783 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2784 &expand_string_message);
2785 if (rc == ERROR || rc == DEFER) return NULL;
2786 *yield = (rc == OK) == testfor;
2787 }
2788 return s;
059ec3d9 2789 }
0539a19d 2790#endif /* CYRUS_SASLAUTHD_SOCKET */
059ec3d9
PH
2791
2792
2793 /* symbolic operators for numeric and string comparison, and a number of
2794 other operators, all requiring two arguments.
2795
76dca828
PP
2796 crypteq: encrypts plaintext and compares against an encrypted text,
2797 using crypt(), crypt16(), MD5 or SHA-1
2798 inlist/inlisti: checks if first argument is in the list of the second
059ec3d9
PH
2799 match: does a regular expression match and sets up the numerical
2800 variables if it succeeds
2801 match_address: matches in an address list
2802 match_domain: matches in a domain list
32d668a5 2803 match_ip: matches a host list that is restricted to IP addresses
059ec3d9 2804 match_local_part: matches in a local part list
059ec3d9
PH
2805 */
2806
059ec3d9
PH
2807 case ECOND_MATCH_ADDRESS:
2808 case ECOND_MATCH_DOMAIN:
32d668a5 2809 case ECOND_MATCH_IP:
059ec3d9 2810 case ECOND_MATCH_LOCAL_PART:
da6dbe26
PP
2811#ifndef EXPAND_LISTMATCH_RHS
2812 sub2_honour_dollar = FALSE;
2813#endif
2814 /* FALLTHROUGH */
2815
2816 case ECOND_CRYPTEQ:
2817 case ECOND_INLIST:
2818 case ECOND_INLISTI:
2819 case ECOND_MATCH:
059ec3d9
PH
2820
2821 case ECOND_NUM_L: /* Numerical comparisons */
2822 case ECOND_NUM_LE:
2823 case ECOND_NUM_E:
2824 case ECOND_NUM_EE:
2825 case ECOND_NUM_G:
2826 case ECOND_NUM_GE:
2827
2828 case ECOND_STR_LT: /* String comparisons */
2829 case ECOND_STR_LTI:
2830 case ECOND_STR_LE:
2831 case ECOND_STR_LEI:
2832 case ECOND_STR_EQ:
2833 case ECOND_STR_EQI:
2834 case ECOND_STR_GT:
2835 case ECOND_STR_GTI:
2836 case ECOND_STR_GE:
2837 case ECOND_STR_GEI:
2838
d7978c0f 2839 for (int i = 0; i < 2; i++)
059ec3d9 2840 {
da6dbe26
PP
2841 /* Sometimes, we don't expand substrings; too many insecure configurations
2842 created using match_address{}{} and friends, where the second param
2843 includes information from untrustworthy sources. */
2844 BOOL honour_dollar = TRUE;
2845 if ((i > 0) && !sub2_honour_dollar)
2846 honour_dollar = FALSE;
2847
059ec3d9
PH
2848 while (isspace(*s)) s++;
2849 if (*s != '{')
2850 {
2851 if (i == 0) goto COND_FAILED_CURLY_START;
2852 expand_string_message = string_sprintf("missing 2nd string in {} "
21aa0597 2853 "after \"%s\"", opname);
059ec3d9
PH
2854 return NULL;
2855 }
d584cdca
JH
2856 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2857 honour_dollar, resetok)))
2858 return NULL;
2859 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2860 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2861 " for security reasons\n");
059ec3d9
PH
2862 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2863
2864 /* Convert to numerical if required; we know that the names of all the
2865 conditions that compare numbers do not start with a letter. This just saves
2866 checking for them individually. */
2867
5694b905 2868 if (!isalpha(opname[0]) && yield)
5dd1517f
PH
2869 if (sub[i][0] == 0)
2870 {
2871 num[i] = 0;
2872 DEBUG(D_expand)
e1d04f48 2873 debug_printf_indent("empty string cast to zero for numerical comparison\n");
5dd1517f
PH
2874 }
2875 else
2876 {
7685ce68 2877 num[i] = expanded_string_integer(sub[i], FALSE);
5694b905 2878 if (expand_string_message) return NULL;
5dd1517f 2879 }
059ec3d9
PH
2880 }
2881
2882 /* Result not required */
2883
5694b905 2884 if (!yield) return s;
059ec3d9
PH
2885
2886 /* Do an appropriate comparison */
2887
2888 switch(cond_type)
2889 {
2890 case ECOND_NUM_E:
2891 case ECOND_NUM_EE:
b5b871ac 2892 tempcond = (num[0] == num[1]);
059ec3d9
PH
2893 break;
2894
2895 case ECOND_NUM_G:
b5b871ac 2896 tempcond = (num[0] > num[1]);
059ec3d9
PH
2897 break;
2898
2899 case ECOND_NUM_GE:
b5b871ac 2900 tempcond = (num[0] >= num[1]);
059ec3d9
PH
2901 break;
2902
2903 case ECOND_NUM_L:
b5b871ac 2904 tempcond = (num[0] < num[1]);
059ec3d9
PH
2905 break;
2906
2907 case ECOND_NUM_LE:
b5b871ac 2908 tempcond = (num[0] <= num[1]);
059ec3d9
PH
2909 break;
2910
2911 case ECOND_STR_LT:
b5b871ac 2912 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
059ec3d9
PH
2913 break;
2914
2915 case ECOND_STR_LTI:
b5b871ac 2916 tempcond = (strcmpic(sub[0], sub[1]) < 0);
059ec3d9
PH
2917 break;
2918
2919 case ECOND_STR_LE:
b5b871ac 2920 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
059ec3d9
PH
2921 break;
2922
2923 case ECOND_STR_LEI:
b5b871ac 2924 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
059ec3d9
PH
2925 break;
2926
2927 case ECOND_STR_EQ:
b5b871ac 2928 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
059ec3d9
PH
2929 break;
2930
2931 case ECOND_STR_EQI:
b5b871ac 2932 tempcond = (strcmpic(sub[0], sub[1]) == 0);
059ec3d9
PH
2933 break;
2934
2935 case ECOND_STR_GT:
b5b871ac 2936 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
059ec3d9
PH
2937 break;
2938
2939 case ECOND_STR_GTI:
b5b871ac 2940 tempcond = (strcmpic(sub[0], sub[1]) > 0);
059ec3d9
PH
2941 break;
2942
2943 case ECOND_STR_GE:
b5b871ac 2944 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
059ec3d9
PH
2945 break;
2946
2947 case ECOND_STR_GEI:
b5b871ac 2948 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
059ec3d9
PH
2949 break;
2950
2951 case ECOND_MATCH: /* Regular expression match */
3d2e82c5 2952 if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
5694b905 2953 &roffset, NULL)))
059ec3d9
PH
2954 {
2955 expand_string_message = string_sprintf("regular expression error in "
2956 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2957 return NULL;
2958 }
b5b871ac 2959 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
059ec3d9
PH
2960 break;
2961
2962 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2963 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2964 goto MATCHED_SOMETHING;
2965
2966 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2967 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2968 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2969 goto MATCHED_SOMETHING;
2970
32d668a5 2971 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2972 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH
2973 {
2974 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2975 sub[0]);
2976 return NULL;
2977 }
2978 else
2979 {
2980 unsigned int *nullcache = NULL;
2981 check_host_block cb;
2982
2983 cb.host_name = US"";
2984 cb.host_address = sub[0];
2985
2986 /* If the host address starts off ::ffff: it is an IPv6 address in
2987 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2988 addresses. */
2989
2990 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2991 cb.host_address + 7 : cb.host_address;
2992
2993 rc = match_check_list(
2994 &sub[1], /* the list */
2995 0, /* separator character */
2996 &hostlist_anchor, /* anchor pointer */
2997 &nullcache, /* cache pointer */
2998 check_host, /* function for testing */
2999 &cb, /* argument for function */
3000 MCL_HOST, /* type of check */
3001 sub[0], /* text for debugging */
3002 NULL); /* where to pass back data */
3003 }
3004 goto MATCHED_SOMETHING;
3005
059ec3d9
PH
3006 case ECOND_MATCH_LOCAL_PART:
3007 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
3008 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
3009 /* Fall through */
9a26b6b2 3010 /* VVVVVVVVVVVV */
059ec3d9
PH
3011 MATCHED_SOMETHING:
3012 switch(rc)
3013 {
3014 case OK:
b5b871ac 3015 tempcond = TRUE;
059ec3d9
PH
3016 break;
3017
3018 case FAIL:
b5b871ac 3019 tempcond = FALSE;
059ec3d9
PH
3020 break;
3021
3022 case DEFER:
3023 expand_string_message = string_sprintf("unable to complete match "
3024 "against \"%s\": %s", sub[1], search_error_message);
3025 return NULL;
3026 }
3027
3028 break;
3029
3030 /* Various "encrypted" comparisons. If the second string starts with
3031 "{" then an encryption type is given. Default to crypt() or crypt16()
3032 (build-time choice). */
b5b871ac 3033 /* }-for-text-editors */
059ec3d9
PH
3034
3035 case ECOND_CRYPTEQ:
3036 #ifndef SUPPORT_CRYPTEQ
3037 goto COND_FAILED_NOT_COMPILED;
3038 #else
3039 if (strncmpic(sub[1], US"{md5}", 5) == 0)
3040 {
3041 int sublen = Ustrlen(sub[1]+5);
3042 md5 base;
3043 uschar digest[16];
3044
3045 md5_start(&base);
cfab9d68 3046 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
059ec3d9
PH
3047
3048 /* If the length that we are comparing against is 24, the MD5 digest
3049 is expressed as a base64 string. This is the way LDAP does it. However,
3050 some other software uses a straightforward hex representation. We assume
3051 this if the length is 32. Other lengths fail. */
3052
3053 if (sublen == 24)
3054 {
1f20760b 3055 uschar *coded = b64encode(CUS digest, 16);
059ec3d9
PH
3056 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
3057 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 3058 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
059ec3d9
PH
3059 }
3060 else if (sublen == 32)
3061 {
059ec3d9 3062 uschar coded[36];
d7978c0f 3063 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
059ec3d9
PH
3064 coded[32] = 0;
3065 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
3066 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 3067 tempcond = (strcmpic(coded, sub[1]+5) == 0);
059ec3d9
PH
3068 }
3069 else
3070 {
3071 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
3072 "fail\n crypted=%s\n", sub[1]+5);
b5b871ac 3073 tempcond = FALSE;
059ec3d9
PH
3074 }
3075 }
3076
3077 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
3078 {
3079 int sublen = Ustrlen(sub[1]+6);
5fb822fc 3080 hctx h;
059ec3d9
PH
3081 uschar digest[20];
3082
5fb822fc 3083 sha1_start(&h);
cfab9d68 3084 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
059ec3d9
PH
3085
3086 /* If the length that we are comparing against is 28, assume the SHA1
3087 digest is expressed as a base64 string. If the length is 40, assume a
3088 straightforward hex representation. Other lengths fail. */
3089
3090 if (sublen == 28)
3091 {
1f20760b 3092 uschar *coded = b64encode(CUS digest, 20);
059ec3d9
PH
3093 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
3094 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 3095 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
059ec3d9
PH
3096 }
3097 else if (sublen == 40)
3098 {
059ec3d9 3099 uschar coded[44];
d7978c0f 3100 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
059ec3d9
PH
3101 coded[40] = 0;
3102 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
3103 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 3104 tempcond = (strcmpic(coded, sub[1]+6) == 0);
059ec3d9
PH
3105 }
3106 else
3107 {
3108 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
3109 "fail\n crypted=%s\n", sub[1]+6);
b5b871ac 3110 tempcond = FALSE;
059ec3d9
PH
3111 }
3112 }
3113
3114 else /* {crypt} or {crypt16} and non-{ at start */
76dca828 3115 /* }-for-text-editors */
059ec3d9
PH
3116 {
3117 int which = 0;
3118 uschar *coded;
3119
3120 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
3121 {
3122 sub[1] += 7;
3123 which = 1;
3124 }
3125 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
3126 {
3127 sub[1] += 9;
3128 which = 2;
3129 }
b5b871ac 3130 else if (sub[1][0] == '{') /* }-for-text-editors */
059ec3d9
PH
3131 {
3132 expand_string_message = string_sprintf("unknown encryption mechanism "
3133 "in \"%s\"", sub[1]);
3134 return NULL;
3135 }
3136
3137 switch(which)
3138 {
3139 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
3140 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
3141 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
3142 }
3143
3144 #define STR(s) # s
3145 #define XSTR(s) STR(s)
3146 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
3147 " subject=%s\n crypted=%s\n",
9dc2b215 3148 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
059ec3d9
PH
3149 coded, sub[1]);
3150 #undef STR
3151 #undef XSTR
3152
3153 /* If the encrypted string contains fewer than two characters (for the
3154 salt), force failure. Otherwise we get false positives: with an empty
3155 string the yield of crypt() is an empty string! */
3156
9dc2b215
JH
3157 if (coded)
3158 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
3159 else if (errno == EINVAL)
3160 tempcond = FALSE;
3161 else
3162 {
3163 expand_string_message = string_sprintf("crypt error: %s\n",
3164 US strerror(errno));
3165 return NULL;
3166 }
059ec3d9
PH
3167 }
3168 break;
3169 #endif /* SUPPORT_CRYPTEQ */
76dca828
PP
3170
3171 case ECOND_INLIST:
3172 case ECOND_INLISTI:
3173 {
55414b25 3174 const uschar * list = sub[1];
76dca828 3175 int sep = 0;
76dca828
PP
3176 uschar *save_iterate_item = iterate_item;
3177 int (*compare)(const uschar *, const uschar *);
3178
21aa0597 3179 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
82dbd376 3180
b5b871ac 3181 tempcond = FALSE;
55414b25
JH
3182 compare = cond_type == ECOND_INLISTI
3183 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
76dca828 3184
55414b25 3185 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
05e796ad
JH
3186 {
3187 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
76dca828
PP
3188 if (compare(sub[0], iterate_item) == 0)
3189 {
b5b871ac 3190 tempcond = TRUE;
76dca828
PP
3191 break;
3192 }
05e796ad 3193 }
76dca828 3194 iterate_item = save_iterate_item;
76dca828
PP
3195 }
3196
059ec3d9
PH
3197 } /* Switch for comparison conditions */
3198
b5b871ac 3199 *yield = tempcond == testfor;
059ec3d9
PH
3200 return s; /* End of comparison conditions */
3201
3202
3203 /* and/or: computes logical and/or of several conditions */
3204
3205 case ECOND_AND:
3206 case ECOND_OR:
5694b905 3207 subcondptr = (yield == NULL) ? NULL : &tempcond;
059ec3d9
PH
3208 combined_cond = (cond_type == ECOND_AND);
3209
3210 while (isspace(*s)) s++;
b5b871ac 3211 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9
PH
3212
3213 for (;;)
3214 {
3215 while (isspace(*s)) s++;
b5b871ac 3216 /* {-for-text-editors */
059ec3d9 3217 if (*s == '}') break;
b5b871ac 3218 if (*s != '{') /* }-for-text-editors */
059ec3d9
PH
3219 {
3220 expand_string_message = string_sprintf("each subcondition "
21aa0597 3221 "inside an \"%s{...}\" condition must be in its own {}", opname);
059ec3d9
PH
3222 return NULL;
3223 }
3224
b0e85a8f 3225 if (!(s = eval_condition(s+1, resetok, subcondptr)))
059ec3d9
PH
3226 {
3227 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
21aa0597 3228 expand_string_message, opname);
059ec3d9
PH
3229 return NULL;
3230 }
3231 while (isspace(*s)) s++;
3232
b5b871ac 3233 /* {-for-text-editors */
059ec3d9
PH
3234 if (*s++ != '}')
3235 {
b5b871ac 3236 /* {-for-text-editors */
059ec3d9 3237 expand_string_message = string_sprintf("missing } at end of condition "
21aa0597 3238 "inside \"%s\" group", opname);
059ec3d9
PH
3239 return NULL;
3240 }
3241
5694b905 3242 if (yield)
059ec3d9
PH
3243 if (cond_type == ECOND_AND)
3244 {
3245 combined_cond &= tempcond;
3246 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3247 } /* evaluate any more */
3248 else
3249 {
3250 combined_cond |= tempcond;
3251 if (combined_cond) subcondptr = NULL; /* once true, don't */
3252 } /* evaluate any more */
059ec3d9
PH
3253 }
3254
5694b905 3255 if (yield) *yield = (combined_cond == testfor);
059ec3d9
PH
3256 return ++s;
3257
3258
0ce9abe6
PH
3259 /* forall/forany: iterates a condition with different values */
3260
7f69e814
JH
3261 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3262 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3263 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3264 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3265 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3266 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3267
3268 FORMANY:
0ce9abe6 3269 {
55414b25 3270 const uschar * list;
0ce9abe6 3271 int sep = 0;
282b357d 3272 uschar *save_iterate_item = iterate_item;
0ce9abe6 3273
21aa0597 3274 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
82dbd376 3275
0ce9abe6 3276 while (isspace(*s)) s++;
b5b871ac 3277 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
5694b905
JH
3278 if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok)))
3279 return NULL;
b5b871ac 3280 /* {-for-text-editors */
0ce9abe6
PH
3281 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3282
3283 while (isspace(*s)) s++;
b5b871ac 3284 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
0ce9abe6
PH
3285
3286 sub[1] = s;
3287
3288 /* Call eval_condition once, with result discarded (as if scanning a
3289 "false" part). This allows us to find the end of the condition, because if
3290 the list it empty, we won't actually evaluate the condition for real. */
3291
b0e85a8f 3292 if (!(s = eval_condition(sub[1], resetok, NULL)))
0ce9abe6
PH
3293 {
3294 expand_string_message = string_sprintf("%s inside \"%s\" condition",
21aa0597 3295 expand_string_message, opname);
0ce9abe6
PH
3296 return NULL;
3297 }
3298 while (isspace(*s)) s++;
3299
b5b871ac 3300 /* {-for-text-editors */
0ce9abe6
PH
3301 if (*s++ != '}')
3302 {
b5b871ac 3303 /* {-for-text-editors */
0ce9abe6 3304 expand_string_message = string_sprintf("missing } at end of condition "
21aa0597 3305 "inside \"%s\"", opname);
0ce9abe6
PH
3306 return NULL;
3307 }
3308
7f69e814 3309 if (yield) *yield = !testfor;
55414b25 3310 list = sub[0];
7f69e814
JH
3311 if (is_json) list = dewrap(string_copy(list), US"[]");
3312 while ((iterate_item = is_json
3313 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
0ce9abe6 3314 {
7f69e814
JH
3315 if (is_jsons)
3316 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3317 {
3318 expand_string_message =
3319 string_sprintf("%s wrapping string result for extract jsons",
3320 expand_string_message);
3321 iterate_item = save_iterate_item;
3322 return NULL;
3323 }
3324
f3ebb786 3325 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", opname, iterate_item);
b0e85a8f 3326 if (!eval_condition(sub[1], resetok, &tempcond))
0ce9abe6
PH
3327 {
3328 expand_string_message = string_sprintf("%s inside \"%s\" condition",
21aa0597 3329 expand_string_message, opname);
e58c13cc 3330 iterate_item = save_iterate_item;
0ce9abe6
PH
3331 return NULL;
3332 }
21aa0597 3333 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
0ce9abe6
PH
3334 tempcond? "true":"false");
3335
7f69e814
JH
3336 if (yield) *yield = (tempcond == testfor);
3337 if (tempcond == is_forany) break;
0ce9abe6
PH
3338 }
3339
282b357d 3340 iterate_item = save_iterate_item;
0ce9abe6
PH
3341 return s;
3342 }
3343
3344
f3766eb5
NM
3345 /* The bool{} expansion condition maps a string to boolean.
3346 The values supported should match those supported by the ACL condition
3347 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3348 of true/false. Note that Router "condition" rules have a different
3349 interpretation, where general data can be used and only a few values
3350 map to FALSE.
3351 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP
3352 only matches true/yes/false/no.
3353 The bool_lax{} condition matches the Router logic, which is much more
3354 liberal. */
f3766eb5 3355 case ECOND_BOOL:
6a8de854 3356 case ECOND_BOOL_LAX:
f3766eb5
NM
3357 {
3358 uschar *sub_arg[1];
71265ae9 3359 uschar *t, *t2;
6a8de854 3360 uschar *ourname;
f3766eb5
NM
3361 size_t len;
3362 BOOL boolvalue = FALSE;
3363 while (isspace(*s)) s++;
b5b871ac 3364 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
6a8de854 3365 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
b0e85a8f 3366 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
f3766eb5 3367 {
6a8de854
PP
3368 case 1: expand_string_message = string_sprintf(
3369 "too few arguments or bracketing error for %s",
3370 ourname);
f3766eb5
NM
3371 /*FALLTHROUGH*/
3372 case 2:
3373 case 3: return NULL;
3374 }
3375 t = sub_arg[0];
3376 while (isspace(*t)) t++;
3377 len = Ustrlen(t);
71265ae9
PP
3378 if (len)
3379 {
3380 /* trailing whitespace: seems like a good idea to ignore it too */
3381 t2 = t + len - 1;
3382 while (isspace(*t2)) t2--;
3383 if (t2 != (t + len))
3384 {
3385 *++t2 = '\0';
3386 len = t2 - t;
3387 }
3388 }
f3766eb5 3389 DEBUG(D_expand)
e1d04f48 3390 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
6a8de854
PP
3391 /* logic for the lax case from expand_check_condition(), which also does
3392 expands, and the logic is both short and stable enough that there should
3393 be no maintenance burden from replicating it. */
f3766eb5
NM
3394 if (len == 0)
3395 boolvalue = FALSE;
51c7471d
JH
3396 else if (*t == '-'
3397 ? Ustrspn(t+1, "0123456789") == len-1
3398 : Ustrspn(t, "0123456789") == len)
6a8de854 3399 {
f3766eb5 3400 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP
3401 /* expand_check_condition only does a literal string "0" check */
3402 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3403 boolvalue = TRUE;
3404 }
f3766eb5
NM
3405 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3406 boolvalue = TRUE;
3407 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3408 boolvalue = FALSE;
6a8de854
PP
3409 else if (cond_type == ECOND_BOOL_LAX)
3410 boolvalue = TRUE;
f3766eb5
NM
3411 else
3412 {
3413 expand_string_message = string_sprintf("unrecognised boolean "
3414 "value \"%s\"", t);
3415 return NULL;
3416 }
e1d04f48 3417 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
c7c833c6 3418 boolvalue? "true":"false");
5694b905 3419 if (yield) *yield = (boolvalue == testfor);
f3766eb5
NM
3420 return s;
3421 }
3422
7ef88aa0
JH
3423#ifdef EXPERIMENTAL_SRS_NATIVE
3424 case ECOND_INBOUND_SRS:
3425 /* ${if inbound_srs {local_part}{secret} {yes}{no}} */
3426 {
3427 uschar * sub[2];
3428 const pcre * re;
3429 int ovec[3*(4+1)];
3430 int n;
3431 uschar cksum[4];
3432 BOOL boolvalue = FALSE;
3433
3434 switch(read_subs(sub, 2, 2, CUSS &s, yield == NULL, FALSE, US"inbound_srs", resetok))
3435 {
3436 case 1: expand_string_message = US"too few arguments or bracketing "
3437 "error for inbound_srs";
3438 case 2:
3439 case 3: return NULL;
3440 }
3441
3442 /* Match the given local_part against the SRS-encoded pattern */
3443
3444 re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$",
3445 TRUE, FALSE);
3446 if (pcre_exec(re, NULL, CS sub[0], Ustrlen(sub[0]), 0, PCRE_EOPT,
3447 ovec, nelem(ovec)) < 0)
3448 {
3449 DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n");
3450 goto srs_result;
3451 }
3452
3453 /* Side-effect: record the decoded recipient */
3454
3455 srs_recipient = string_sprintf("%.*S@%.*S", /* lowercased */
3456 ovec[9]-ovec[8], sub[0] + ovec[8], /* substring 4 */
3457 ovec[7]-ovec[6], sub[0] + ovec[6]); /* substring 3 */
3458
3459 /* If a zero-length secret was given, we're done. Otherwise carry on
3460 and validate the given SRS local_part againt our secret. */
3461
3462 if (!*sub[1])
3463 {
3464 boolvalue = TRUE;
3465 goto srs_result;
3466 }
3467
3468 /* check the timestamp */
3469 {
3470 struct timeval now;
3471 uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */
3472 long d;
3473
3474 gettimeofday(&now, NULL);
3475 now.tv_sec /= 86400; /* days since epoch */
3476
3477 /* Decode substring 2 from base32 to a number */
3478
3479 for (d = 0, n = ovec[5]-ovec[4]; n; n--)
3480 {
3481 uschar * t = Ustrchr(base32_chars, *ss++);
3482 d = d * 32 + (t - base32_chars);
3483 }
3484
3485 if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */
3486 {
3487 DEBUG(D_expand) debug_printf("SRS too old\n");
3488 goto srs_result;
3489 }
3490 }
3491
3492 /* check length of substring 1, the offered checksum */
3493
3494 if (ovec[3]-ovec[2] != 4)
3495 {
3496 DEBUG(D_expand) debug_printf("SRS checksum wrong size\n");
3497 goto srs_result;
3498 }
3499
3500 /* Hash the address with our secret, and compare that computed checksum
3501 with the one extracted from the arg */
3502
3503 hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum));
3504 if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0)
3505 {
3506 DEBUG(D_expand) debug_printf("SRS checksum mismatch\n");
3507 goto srs_result;
3508 }
3509 boolvalue = TRUE;
3510
3511srs_result:
3512 if (yield) *yield = (boolvalue == testfor);
3513 return s;
3514 }
3515#endif /*EXPERIMENTAL_SRS_NATIVE*/
3516
059ec3d9
PH
3517 /* Unknown condition */
3518