projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Testsuite: perl executable location may differ
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
3386088d 5/* Copyright (c) University of Cambridge 1995 - 2015 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH		 14/* Recursively called function */
15
55414b25
JH		 16static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
96c065cb 18
059ec3d9
PH		 19#ifdef STAND_ALONE
20#ifndef SUPPORT_CRYPTEQ
21#define SUPPORT_CRYPTEQ
22#endif
23#endif
24
96c065cb
PH		 25#ifdef LOOKUP_LDAP
26#include "lookups/ldap.h"
27#endif
28
059ec3d9
PH		 29#ifdef SUPPORT_CRYPTEQ
30#ifdef CRYPT_H
31#include <crypt.h>
32#endif
33#ifndef HAVE_CRYPT16
34extern char* crypt16(char*, char*);
35#endif
36#endif
37
96c065cb
PH		 38/* The handling of crypt16() is a mess. I will record below the analysis of the
39mess that was sent to me. We decided, however, to make changing this very low
40priority, because in practice people are moving away from the crypt()
41algorithms nowadays, so it doesn't seem worth it.
42
43<quote>
44There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45the first 8 characters of the password using a 20-round version of crypt
46(standard crypt does 25 rounds). It then crypts the next 8 characters,
47or an empty block if the password is less than 9 characters, using a
4820-round version of crypt and the same salt as was used for the first
49block. Charaters after the first 16 are ignored. It always generates
50a 16-byte hash, which is expressed together with the salt as a string
51of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57and OSF/1. This is the same as the standard crypt if given a password
58of 8 characters or less. If given more, it first does the same as crypt
59using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60using as salt the first two base 64 digits from the first hash block.
61If the password is more than 16 characters then it crypts the 17th to 24th
62characters using as salt the first two base 64 digits from the second hash
63block. And so on: I've seen references to it cutting off the password at
6440 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71Exim has something it calls "crypt16". It will either use a native
72crypt16 or its own implementation. A native crypt16 will presumably
73be the one that I called "crypt16" above. The internal "crypt16"
74function, however, is a two-block-maximum implementation of what I called
75"bigcrypt". The documentation matches the internal code.
76
77I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78that crypt16 and bigcrypt were different things.
79
80Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81to whatever it is using under that name. This unfortunately sets a
82precedent for using "{crypt16}" to identify two incompatible algorithms
83whose output can't be distinguished. With "{crypt16}" thus rendered
84ambiguous, I suggest you deprecate it and invent two new identifiers
85for the two algorithms.
86
87Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88of the password separately means they can be cracked separately, so
89the double-length hash only doubles the cracking effort instead of
90squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91bcrypt ({CRYPT}$2a$).
92</quote>
93*/
059ec3d9
PH		 94
95
059ec3d9 96
059ec3d9
PH		 97/*************************************************
98* Local statics and tables *
99*************************************************/
100
101/* Table of item names, and corresponding switch numbers. The names must be in
102alphabetical order. */
103
104static uschar *item_table[] = {
723c72e6 105 US"acl",
9d1c15ef 106 US"certextract",
1a46a8c5 107 US"dlfunc",
089fc87a 108 US"env",
059ec3d9 109 US"extract",
29f89cad 110 US"filter",
059ec3d9
PH		 111 US"hash",
112 US"hmac",
113 US"if",
ed0512a1
JH		 114#ifdef EXPERIMENTAL_INTERNATIONAL
115 US"imapfolder",
116#endif
059ec3d9 117 US"length",
aa26e137 118 US"listextract",
059ec3d9 119 US"lookup",
29f89cad 120 US"map",
059ec3d9 121 US"nhash",
1a46a8c5 122 US"perl",
fffda43a
TK		 123 US"prvs",
124 US"prvscheck",
059ec3d9
PH		 125 US"readfile",
126 US"readsocket",
29f89cad 127 US"reduce",
059ec3d9
PH		 128 US"run",
129 US"sg",
ac4ef9bd 130 US"sort",
059ec3d9
PH		 131 US"substr",
132 US"tr" };
133
134enum {
723c72e6 135 EITEM_ACL,
9d1c15ef 136 EITEM_CERTEXTRACT,
1a46a8c5 137 EITEM_DLFUNC,
089fc87a 138 EITEM_ENV,
059ec3d9 139 EITEM_EXTRACT,
29f89cad 140 EITEM_FILTER,
059ec3d9
PH		 141 EITEM_HASH,
142 EITEM_HMAC,
143 EITEM_IF,
ed0512a1
JH		 144#ifdef EXPERIMENTAL_INTERNATIONAL
145 EITEM_IMAPFOLDER,
146#endif
059ec3d9 147 EITEM_LENGTH,
aa26e137 148 EITEM_LISTEXTRACT,
059ec3d9 149 EITEM_LOOKUP,
29f89cad 150 EITEM_MAP,
059ec3d9 151 EITEM_NHASH,
1a46a8c5 152 EITEM_PERL,
fffda43a
TK		 153 EITEM_PRVS,
154 EITEM_PRVSCHECK,
059ec3d9
PH		 155 EITEM_READFILE,
156 EITEM_READSOCK,
29f89cad 157 EITEM_REDUCE,
059ec3d9
PH		 158 EITEM_RUN,
159 EITEM_SG,
ac4ef9bd 160 EITEM_SORT,
059ec3d9
PH		 161 EITEM_SUBSTR,
162 EITEM_TR };
163
164/* Tables of operator names, and corresponding switch numbers. The names must be
165in alphabetical order. There are two tables, because underscore is used in some
166cases to introduce arguments, whereas for other it is part of the name. This is
167an historical mis-design. */
168
169static uschar *op_table_underscore[] = {
170 US"from_utf8",
171 US"local_part",
172 US"quote_local_part",
83e029d5 173 US"reverse_ip",
f90d018c 174 US"time_eval",
4e08fd50
JH		 175 US"time_interval"
176#ifdef EXPERIMENTAL_INTERNATIONAL
177 ,US"utf8_domain_from_alabel",
178 US"utf8_domain_to_alabel",
179 US"utf8_localpart_from_alabel",
180 US"utf8_localpart_to_alabel"
181#endif
182 };
059ec3d9
PH		 183
184enum {
185 EOP_FROM_UTF8,
186 EOP_LOCAL_PART,
187 EOP_QUOTE_LOCAL_PART,
83e029d5 188 EOP_REVERSE_IP,
f90d018c 189 EOP_TIME_EVAL,
4e08fd50
JH		 190 EOP_TIME_INTERVAL
191#ifdef EXPERIMENTAL_INTERNATIONAL
192 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
193 EOP_UTF8_DOMAIN_TO_ALABEL,
194 EOP_UTF8_LOCALPART_FROM_ALABEL,
195 EOP_UTF8_LOCALPART_TO_ALABEL
196#endif
197 };
059ec3d9
PH		 198
199static uschar *op_table_main[] = {
200 US"address",
29f89cad 201 US"addresses",
059ec3d9
PH		 202 US"base62",
203 US"base62d",
204 US"domain",
205 US"escape",
206 US"eval",
207 US"eval10",
208 US"expand",
209 US"h",
210 US"hash",
211 US"hex2b64",
c393f931 212 US"hexquote",
059ec3d9
PH		 213 US"l",
214 US"lc",
215 US"length",
a64a3dfa
JH		 216 US"listcount",
217 US"listnamed",
059ec3d9
PH		 218 US"mask",
219 US"md5",
220 US"nh",
221 US"nhash",
222 US"quote",
9e3331ea 223 US"randint",
059ec3d9 224 US"rfc2047",
9c57cbc0 225 US"rfc2047d",
059ec3d9
PH		 226 US"rxquote",
227 US"s",
228 US"sha1",
9ef9101c 229 US"sha256",
059ec3d9
PH		 230 US"stat",
231 US"str2b64",
232 US"strlen",
233 US"substr",
b9c2e32f
AR		 234 US"uc",
235 US"utf8clean" };
059ec3d9
PH		 236
237enum {
0539a19d 238 EOP_ADDRESS = nelem(op_table_underscore),
29f89cad 239 EOP_ADDRESSES,
059ec3d9
PH		 240 EOP_BASE62,
241 EOP_BASE62D,
242 EOP_DOMAIN,
243 EOP_ESCAPE,
244 EOP_EVAL,
245 EOP_EVAL10,
246 EOP_EXPAND,
247 EOP_H,
248 EOP_HASH,
249 EOP_HEX2B64,
c393f931 250 EOP_HEXQUOTE,
059ec3d9
PH		 251 EOP_L,
252 EOP_LC,
253 EOP_LENGTH,
a64a3dfa
JH		 254 EOP_LISTCOUNT,
255 EOP_LISTNAMED,
059ec3d9
PH		 256 EOP_MASK,
257 EOP_MD5,
258 EOP_NH,
259 EOP_NHASH,
260 EOP_QUOTE,
9e3331ea 261 EOP_RANDINT,
059ec3d9 262 EOP_RFC2047,
9c57cbc0 263 EOP_RFC2047D,
059ec3d9
PH		 264 EOP_RXQUOTE,
265 EOP_S,
266 EOP_SHA1,
9ef9101c 267 EOP_SHA256,
059ec3d9
PH		 268 EOP_STAT,
269 EOP_STR2B64,
270 EOP_STRLEN,
271 EOP_SUBSTR,
b9c2e32f
AR		 272 EOP_UC,
273 EOP_UTF8CLEAN };
059ec3d9
PH		 274
275
276/* Table of condition names, and corresponding switch numbers. The names must
277be in alphabetical order. */
278
279static uschar *cond_table[] = {
280 US"<",
281 US"<=",
282 US"=",
283 US"==", /* Backward compatibility */
284 US">",
285 US">=",
333eea9c 286 US"acl",
059ec3d9 287 US"and",
f3766eb5 288 US"bool",
6a8de854 289 US"bool_lax",
059ec3d9
PH		 290 US"crypteq",
291 US"def",
292 US"eq",
293 US"eqi",
294 US"exists",
295 US"first_delivery",
0ce9abe6
PH		 296 US"forall",
297 US"forany",
059ec3d9
PH		 298 US"ge",
299 US"gei",
300 US"gt",
301 US"gti",
76dca828
PP		 302 US"inlist",
303 US"inlisti",
059ec3d9
PH		 304 US"isip",
305 US"isip4",
306 US"isip6",
307 US"ldapauth",
308 US"le",
309 US"lei",
310 US"lt",
311 US"lti",
312 US"match",
313 US"match_address",
314 US"match_domain",
32d668a5 315 US"match_ip",
059ec3d9
PH		 316 US"match_local_part",
317 US"or",
318 US"pam",
319 US"pwcheck",
320 US"queue_running",
321 US"radius",
322 US"saslauthd"
323};
324
325enum {
326 ECOND_NUM_L,
327 ECOND_NUM_LE,
328 ECOND_NUM_E,
329 ECOND_NUM_EE,
330 ECOND_NUM_G,
331 ECOND_NUM_GE,
333eea9c 332 ECOND_ACL,
059ec3d9 333 ECOND_AND,
f3766eb5 334 ECOND_BOOL,
6a8de854 335 ECOND_BOOL_LAX,
059ec3d9
PH		 336 ECOND_CRYPTEQ,
337 ECOND_DEF,
338 ECOND_STR_EQ,
339 ECOND_STR_EQI,
340 ECOND_EXISTS,
341 ECOND_FIRST_DELIVERY,
0ce9abe6
PH		 342 ECOND_FORALL,
343 ECOND_FORANY,
059ec3d9
PH		 344 ECOND_STR_GE,
345 ECOND_STR_GEI,
346 ECOND_STR_GT,
347 ECOND_STR_GTI,
76dca828
PP		 348 ECOND_INLIST,
349 ECOND_INLISTI,
059ec3d9
PH		 350 ECOND_ISIP,
351 ECOND_ISIP4,
352 ECOND_ISIP6,
353 ECOND_LDAPAUTH,
354 ECOND_STR_LE,
355 ECOND_STR_LEI,
356 ECOND_STR_LT,
357 ECOND_STR_LTI,
358 ECOND_MATCH,
359 ECOND_MATCH_ADDRESS,
360 ECOND_MATCH_DOMAIN,
32d668a5 361 ECOND_MATCH_IP,
059ec3d9
PH		 362 ECOND_MATCH_LOCAL_PART,
363 ECOND_OR,
364 ECOND_PAM,
365 ECOND_PWCHECK,
366 ECOND_QUEUE_RUNNING,
367 ECOND_RADIUS,
368 ECOND_SASLAUTHD
369};
370
371
059ec3d9
PH		 372/* Types of table entry */
373
7e75538e 374enum vtypes {
059ec3d9
PH		 375 vtype_int, /* value is address of int */
376 vtype_filter_int, /* ditto, but recognized only when filtering */
377 vtype_ino, /* value is address of ino_t (not always an int) */
378 vtype_uid, /* value is address of uid_t (not always an int) */
379 vtype_gid, /* value is address of gid_t (not always an int) */
11d7e4fa 380 vtype_bool, /* value is address of bool */
059ec3d9
PH		 381 vtype_stringptr, /* value is address of pointer to string */
382 vtype_msgbody, /* as stringptr, but read when first required */
383 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH		 384 vtype_msgheaders, /* the message's headers, processed */
385 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH		 386 vtype_localpart, /* extract local part from string */
387 vtype_domain, /* extract domain from string */
362145b5 388 vtype_string_func, /* value is string returned by given function */
059ec3d9
PH		 389 vtype_todbsdin, /* value not used; generate BSD inbox tod */
390 vtype_tode, /* value not used; generate tod in epoch format */
f5787926 391 vtype_todel, /* value not used; generate tod in epoch/usec format */
059ec3d9
PH		 392 vtype_todf, /* value not used; generate full tod */
393 vtype_todl, /* value not used; generate log tod */
394 vtype_todlf, /* value not used; generate log file datestamp tod */
395 vtype_todzone, /* value not used; generate time zone only */
396 vtype_todzulu, /* value not used; generate zulu tod */
397 vtype_reply, /* value not used; get reply from headers */
398 vtype_pid, /* value not used; result is pid */
399 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH		 400 vtype_load_avg, /* value not used; result is int from os_getloadavg */
401 vtype_pspace, /* partition space; value is T/F for spool/log */
9d1c15ef
JH		 402 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
403 vtype_cert /* SSL certificate */
80a47a2c
TK		 404 #ifndef DISABLE_DKIM
405 ,vtype_dkim /* Lookup of value in DKIM signature */
406 #endif
7e75538e
JH		 407};
408
409/* Type for main variable table */
410
411typedef struct {
412 const char *name;
413 enum vtypes type;
414 void *value;
415} var_entry;
416
417/* Type for entries pointing to address/length pairs. Not currently
418in use. */
419
420typedef struct {
421 uschar **address;
422 int *length;
423} alblock;
059ec3d9 424
362145b5
JH		 425static uschar * fn_recipients(void);
426
059ec3d9
PH		 427/* This table must be kept in alphabetical order. */
428
429static var_entry var_table[] = {
38a0a95f
PH		 430 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
431 they will be confused with user-creatable ACL variables. */
525239c1
JH		 432 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
433 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
434 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
435 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
436 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
437 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
438 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
439 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
440 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
441 { "acl_narg", vtype_int, &acl_narg },
059ec3d9
PH		 442 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
443 { "address_data", vtype_stringptr, &deliver_address_data },
444 { "address_file", vtype_stringptr, &address_file },
445 { "address_pipe", vtype_stringptr, &address_pipe },
2d07a215 446 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
059ec3d9
PH		 447 { "authenticated_id", vtype_stringptr, &authenticated_id },
448 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
449 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP		 450#ifdef WITH_CONTENT_SCAN
451 { "av_failed", vtype_int, &av_failed },
452#endif
8523533c
TK		 453#ifdef EXPERIMENTAL_BRIGHTMAIL
454 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
455 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
456 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
457 { "bmi_deliver", vtype_int, &bmi_deliver },
458#endif
059ec3d9
PH		 459 { "body_linecount", vtype_int, &body_linecount },
460 { "body_zerocount", vtype_int, &body_zerocount },
461 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
462 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
463 { "caller_gid", vtype_gid, &real_gid },
464 { "caller_uid", vtype_uid, &real_uid },
055e2cb4 465 { "callout_address", vtype_stringptr, &callout_address },
059ec3d9
PH		 466 { "compile_date", vtype_stringptr, &version_date },
467 { "compile_number", vtype_stringptr, &version_cnumber },
98b8312f
HSHR		 468 { "config_dir", vtype_stringptr, &config_main_directory },
469 { "config_file", vtype_stringptr, &config_main_filename },
e5a9dba6 470 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK		 471#ifdef EXPERIMENTAL_DCC
472 { "dcc_header", vtype_stringptr, &dcc_header },
473 { "dcc_result", vtype_stringptr, &dcc_result },
474#endif
8523533c
TK		 475#ifdef WITH_OLD_DEMIME
476 { "demime_errorlevel", vtype_int, &demime_errorlevel },
477 { "demime_reason", vtype_stringptr, &demime_reason },
fb2274d4 478#endif
80a47a2c
TK		 479#ifndef DISABLE_DKIM
480 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
481 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
482 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
483 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
484 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
485 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 486 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 487 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK		 488 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
489 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
490 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
491 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
492 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
493 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
494 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
495 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 496 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 497 { "dkim_signers", vtype_stringptr, &dkim_signers },
80a47a2c
TK		 498 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
499 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
4840604e
TL		 500#endif
501#ifdef EXPERIMENTAL_DMARC
502 { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
8c8b8274 503 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
4840604e
TL		 504 { "dmarc_status", vtype_stringptr, &dmarc_status },
505 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
506 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
8523533c 507#endif
059ec3d9 508 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 509 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH		 510 { "dnslist_text", vtype_stringptr, &dnslist_text },
511 { "dnslist_value", vtype_stringptr, &dnslist_value },
512 { "domain", vtype_stringptr, &deliver_domain },
513 { "domain_data", vtype_stringptr, &deliver_domain_data },
774ef2d7
JH		 514#ifdef EXPERIMENTAL_EVENT
515 { "event_data", vtype_stringptr, &event_data },
516
517 /*XXX want to use generic vars for as many of these as possible*/
518 { "event_defer_errno", vtype_int, &event_defer_errno },
519
520 { "event_name", vtype_stringptr, &event_name },
521#endif
059ec3d9
PH		 522 { "exim_gid", vtype_gid, &exim_gid },
523 { "exim_path", vtype_stringptr, &exim_path },
524 { "exim_uid", vtype_uid, &exim_uid },
71224040 525 { "exim_version", vtype_stringptr, &version_string },
8523533c
TK		 526#ifdef WITH_OLD_DEMIME
527 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 528#endif
362145b5 529 { "headers_added", vtype_string_func, &fn_hdrs_added },
059ec3d9
PH		 530 { "home", vtype_stringptr, &deliver_home },
531 { "host", vtype_stringptr, &deliver_host },
532 { "host_address", vtype_stringptr, &deliver_host_address },
533 { "host_data", vtype_stringptr, &host_data },
b08b24c8 534 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9 535 { "host_lookup_failed", vtype_int, &host_lookup_failed },
a7538db1 536 { "host_port", vtype_int, &deliver_host_port },
059ec3d9
PH		 537 { "inode", vtype_ino, &deliver_inode },
538 { "interface_address", vtype_stringptr, &interface_address },
539 { "interface_port", vtype_int, &interface_port },
0ce9abe6 540 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH		 541 #ifdef LOOKUP_LDAP
542 { "ldap_dn", vtype_stringptr, &eldap_dn },
543 #endif
544 { "load_average", vtype_load_avg, NULL },
545 { "local_part", vtype_stringptr, &deliver_localpart },
546 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
547 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
548 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
549 { "local_scan_data", vtype_stringptr, &local_scan_data },
550 { "local_user_gid", vtype_gid, &local_user_gid },
551 { "local_user_uid", vtype_uid, &local_user_uid },
552 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 553 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 554 { "log_space", vtype_pspace, (void *)FALSE },
4e0983dc 555 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
059ec3d9 556 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK		 557#ifdef WITH_CONTENT_SCAN
558 { "malware_name", vtype_stringptr, &malware_name },
559#endif
d677b2f2 560 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH		 561 { "message_age", vtype_int, &message_age },
562 { "message_body", vtype_msgbody, &message_body },
563 { "message_body_end", vtype_msgbody_end, &message_body_end },
564 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 565 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 566 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 567 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 568 { "message_id", vtype_stringptr, &message_id },
2e0c1448 569 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 570 { "message_size", vtype_int, &message_size },
eb02f5df
JH		 571#ifdef EXPERIMENTAL_INTERNATIONAL
572 { "message_smtputf8", vtype_bool, &message_smtputf8 },
573#endif
8523533c
TK		 574#ifdef WITH_CONTENT_SCAN
575 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
576 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
577 { "mime_boundary", vtype_stringptr, &mime_boundary },
578 { "mime_charset", vtype_stringptr, &mime_charset },
579 { "mime_content_description", vtype_stringptr, &mime_content_description },
580 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
581 { "mime_content_id", vtype_stringptr, &mime_content_id },
582 { "mime_content_size", vtype_int, &mime_content_size },
583 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
584 { "mime_content_type", vtype_stringptr, &mime_content_type },
585 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
586 { "mime_filename", vtype_stringptr, &mime_filename },
587 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
588 { "mime_is_multipart", vtype_int, &mime_is_multipart },
589 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
590 { "mime_part_count", vtype_int, &mime_part_count },
591#endif
059ec3d9
PH		 592 { "n0", vtype_filter_int, &filter_n[0] },
593 { "n1", vtype_filter_int, &filter_n[1] },
594 { "n2", vtype_filter_int, &filter_n[2] },
595 { "n3", vtype_filter_int, &filter_n[3] },
596 { "n4", vtype_filter_int, &filter_n[4] },
597 { "n5", vtype_filter_int, &filter_n[5] },
598 { "n6", vtype_filter_int, &filter_n[6] },
599 { "n7", vtype_filter_int, &filter_n[7] },
600 { "n8", vtype_filter_int, &filter_n[8] },
601 { "n9", vtype_filter_int, &filter_n[9] },
602 { "original_domain", vtype_stringptr, &deliver_domain_orig },
603 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
604 { "originator_gid", vtype_gid, &originator_gid },
605 { "originator_uid", vtype_uid, &originator_uid },
606 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
607 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
608 { "pid", vtype_pid, NULL },
858e91c2
JH		 609#ifndef DISABLE_PRDR
610 { "prdr_requested", vtype_bool, &prdr_requested },
611#endif
059ec3d9 612 { "primary_hostname", vtype_stringptr, &primary_hostname },
a3c86431 613#ifdef EXPERIMENTAL_PROXY
a3bddaa8
TL		 614 { "proxy_host_address", vtype_stringptr, &proxy_host_address },
615 { "proxy_host_port", vtype_int, &proxy_host_port },
a3c86431 616 { "proxy_session", vtype_bool, &proxy_session },
eb57651e
TL		 617 { "proxy_target_address",vtype_stringptr, &proxy_target_address },
618 { "proxy_target_port", vtype_int, &proxy_target_port },
a3c86431 619#endif
fffda43a
TK		 620 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
621 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
622 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH		 623 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
624 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
625 { "rcpt_count", vtype_int, &rcpt_count },
626 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
627 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
628 { "received_count", vtype_int, &received_count },
629 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH		 630 { "received_ip_address", vtype_stringptr, &interface_address },
631 { "received_port", vtype_int, &interface_port },
059ec3d9 632 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 633 { "received_time", vtype_int, &received_time },
059ec3d9 634 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 635 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
362145b5 636 { "recipients", vtype_string_func, &fn_recipients },
059ec3d9 637 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK		 638#ifdef WITH_CONTENT_SCAN
639 { "regex_match_string", vtype_stringptr, &regex_match_string },
640#endif
059ec3d9
PH		 641 { "reply_address", vtype_reply, NULL },
642 { "return_path", vtype_stringptr, &return_path },
643 { "return_size_limit", vtype_int, &bounce_return_size_limit },
181d9bf8 644 { "router_name", vtype_stringptr, &router_name },
059ec3d9
PH		 645 { "runrc", vtype_int, &runrc },
646 { "self_hostname", vtype_stringptr, &self_hostname },
647 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 648 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH		 649 { "sender_address_domain", vtype_domain, &sender_address },
650 { "sender_address_local_part", vtype_localpart, &sender_address },
651 { "sender_data", vtype_stringptr, &sender_data },
652 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
1705dd20 653 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
059ec3d9
PH		 654 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
655 { "sender_host_address", vtype_stringptr, &sender_host_address },
656 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
11d7e4fa 657 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
059ec3d9
PH		 658 { "sender_host_name", vtype_host_lookup, NULL },
659 { "sender_host_port", vtype_int, &sender_host_port },
660 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF		 661 { "sender_rate", vtype_stringptr, &sender_rate },
662 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
663 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 664 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 665 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH		 666 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
667 { "sending_port", vtype_int, &sending_port },
8e669ac1 668 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH		 669 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
670 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
b01dd148 671 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 672 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH		 673 { "sn0", vtype_filter_int, &filter_sn[0] },
674 { "sn1", vtype_filter_int, &filter_sn[1] },
675 { "sn2", vtype_filter_int, &filter_sn[2] },
676 { "sn3", vtype_filter_int, &filter_sn[3] },
677 { "sn4", vtype_filter_int, &filter_sn[4] },
678 { "sn5", vtype_filter_int, &filter_sn[5] },
679 { "sn6", vtype_filter_int, &filter_sn[6] },
680 { "sn7", vtype_filter_int, &filter_sn[7] },
681 { "sn8", vtype_filter_int, &filter_sn[8] },
682 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c 683#ifdef WITH_CONTENT_SCAN
c5f280e2 684 { "spam_action", vtype_stringptr, &spam_action },
8523533c
TK		 685 { "spam_bar", vtype_stringptr, &spam_bar },
686 { "spam_report", vtype_stringptr, &spam_report },
687 { "spam_score", vtype_stringptr, &spam_score },
688 { "spam_score_int", vtype_stringptr, &spam_score_int },
689#endif
690#ifdef EXPERIMENTAL_SPF
65a7d8c3 691 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK		 692 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
693 { "spf_received", vtype_stringptr, &spf_received },
694 { "spf_result", vtype_stringptr, &spf_result },
695 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
696#endif
059ec3d9 697 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 698 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 699 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK		 700#ifdef EXPERIMENTAL_SRS
701 { "srs_db_address", vtype_stringptr, &srs_db_address },
702 { "srs_db_key", vtype_stringptr, &srs_db_key },
703 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
704 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
705 { "srs_recipient", vtype_stringptr, &srs_recipient },
706 { "srs_status", vtype_stringptr, &srs_status },
707#endif
059ec3d9 708 { "thisaddress", vtype_stringptr, &filter_thisaddress },
817d9f57 709
d9b2312b 710 /* The non-(in,out) variables are now deprecated */
817d9f57
JH		 711 { "tls_bits", vtype_int, &tls_in.bits },
712 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
713 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
d9b2312b
JH		 714
715 { "tls_in_bits", vtype_int, &tls_in.bits },
716 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
717 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
44662487 718 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
9d1c15ef
JH		 719 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
720 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
d9b2312b 721 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
4b57b15d 722#if defined(SUPPORT_TLS)
d9b2312b
JH		 723 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
724#endif
817d9f57 725 { "tls_out_bits", vtype_int, &tls_out.bits },
cb9d95ae 726 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
817d9f57 727 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
594706ea
JH		 728#ifdef EXPERIMENTAL_DANE
729 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
730#endif
44662487 731 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
9d1c15ef
JH		 732 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
733 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
817d9f57 734 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
4b57b15d 735#if defined(SUPPORT_TLS)
817d9f57 736 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
7be682ca 737#endif
594706ea
JH		 738#ifdef EXPERIMENTAL_DANE
739 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
740#endif
d9b2312b 741
613dd4ae 742 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
4b57b15d 743#if defined(SUPPORT_TLS)
613dd4ae
JH		 744 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
745#endif
817d9f57 746
059ec3d9
PH		 747 { "tod_bsdinbox", vtype_todbsdin, NULL },
748 { "tod_epoch", vtype_tode, NULL },
f5787926 749 { "tod_epoch_l", vtype_todel, NULL },
059ec3d9
PH		 750 { "tod_full", vtype_todf, NULL },
751 { "tod_log", vtype_todl, NULL },
752 { "tod_logfile", vtype_todlf, NULL },
753 { "tod_zone", vtype_todzone, NULL },
754 { "tod_zulu", vtype_todzulu, NULL },
181d9bf8 755 { "transport_name", vtype_stringptr, &transport_name },
059ec3d9 756 { "value", vtype_stringptr, &lookup_value },
aec45841 757 { "verify_mode", vtype_stringptr, &verify_mode },
059ec3d9
PH		 758 { "version_number", vtype_stringptr, &version_string },
759 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
760 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
761 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
762 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
763 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
764 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
765};
766
0539a19d 767static int var_table_size = nelem(var_table);
059ec3d9
PH		 768static uschar var_buffer[256];
769static BOOL malformed_header;
770
771/* For textual hashes */
772
1ba28e2b
PP		 773static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
774 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
775 "0123456789";
059ec3d9
PH		 776
777enum { HMAC_MD5, HMAC_SHA1 };
778
779/* For numeric hashes */
780
781static unsigned int prime[] = {
782 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
783 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
784 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
785
786/* For printing modes in symbolic form */
787
788static uschar *mtable_normal[] =
789 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
790
791static uschar *mtable_setid[] =
792 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
793
794static uschar *mtable_sticky[] =
795 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
796
797
798
799/*************************************************
800* Tables for UTF-8 support *
801*************************************************/
802
803/* Table of the number of extra characters, indexed by the first character
804masked with 0x3f. The highest number for a valid UTF-8 character is in fact
8050x3d. */
806
807static uschar utf8_table1[] = {
808 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
809 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
810 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
811 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
812
813/* These are the masks for the data bits in the first byte of a character,
814indexed by the number of additional bytes. */
815
816static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
817
818/* Get the next UTF-8 character, advancing the pointer. */
819
820#define GETUTF8INC(c, ptr) \
821 c = *ptr++; \
822 if ((c & 0xc0) == 0xc0) \
823 { \
824 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
825 int s = 6*a; \
826 c = (c & utf8_table2[a]) << s; \
827 while (a-- > 0) \
828 { \
829 s -= 6; \
830 c |= (*ptr++ & 0x3f) << s; \
831 } \
832 }
833
834
835/*************************************************
836* Binary chop search on a table *
837*************************************************/
838
839/* This is used for matching expansion items and operators.
840
841Arguments:
842 name the name that is being sought
843 table the table to search
844 table_size the number of items in the table
845
846Returns: the offset in the table, or -1
847*/
848
849static int
850chop_match(uschar *name, uschar **table, int table_size)
851{
852uschar **bot = table;
853uschar **top = table + table_size;
854
855while (top > bot)
856 {
857 uschar **mid = bot + (top - bot)/2;
858 int c = Ustrcmp(name, *mid);
859 if (c == 0) return mid - table;
860 if (c > 0) bot = mid + 1; else top = mid;
861 }
862
863return -1;
864}
865
866
867
868/*************************************************
869* Check a condition string *
870*************************************************/
871
872/* This function is called to expand a string, and test the result for a "true"
873or "false" value. Failure of the expansion yields FALSE; logged unless it was a
be7a5781
JH		 874forced fail or lookup defer.
875
876We used to release all store used, but this is not not safe due
877to ${dlfunc } and ${acl }. In any case expand_string_internal()
878is reasonably careful to release what it can.
059ec3d9 879
6a8de854
PP		 880The actual false-value tests should be replicated for ECOND_BOOL_LAX.
881
059ec3d9
PH		 882Arguments:
883 condition the condition string
884 m1 text to be incorporated in panic error
885 m2 ditto
886
887Returns: TRUE if condition is met, FALSE if not
888*/
889
890BOOL
891expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
892{
893int rc;
059ec3d9
PH		 894uschar *ss = expand_string(condition);
895if (ss == NULL)
896 {
897 if (!expand_string_forcedfail && !search_find_defer)
898 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
899 "for %s %s: %s", condition, m1, m2, expand_string_message);
900 return FALSE;
901 }
902rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
903 strcmpic(ss, US"false") != 0;
059ec3d9
PH		 904return rc;
905}
906
907
908
17c76198 909
9e3331ea
TK		 910/*************************************************
911* Pseudo-random number generation *
912*************************************************/
913
914/* Pseudo-random number generation. The result is not "expected" to be
915cryptographically strong but not so weak that someone will shoot themselves
916in the foot using it as a nonce in some email header scheme or whatever
917weirdness they'll twist this into. The result should ideally handle fork().
918
919However, if we're stuck unable to provide this, then we'll fall back to
920appallingly bad randomness.
921
17c76198
PP		 922If SUPPORT_TLS is defined then this will not be used except as an emergency
923fallback.
9e3331ea
TK		 924
925Arguments:
926 max range maximum
927Returns a random number in range [0, max-1]
928*/
929
17c76198
PP		 930#ifdef SUPPORT_TLS
931# define vaguely_random_number vaguely_random_number_fallback
932#endif
9e3331ea 933int
17c76198 934vaguely_random_number(int max)
9e3331ea 935{
17c76198
PP		 936#ifdef SUPPORT_TLS
937# undef vaguely_random_number
938#endif
9e3331ea
TK		 939 static pid_t pid = 0;
940 pid_t p2;
941#if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
942 struct timeval tv;
943#endif
944
945 p2 = getpid();
946 if (p2 != pid)
947 {
948 if (pid != 0)
949 {
950
951#ifdef HAVE_ARC4RANDOM
952 /* cryptographically strong randomness, common on *BSD platforms, not
953 so much elsewhere. Alas. */
46ca7017 954#ifndef NOT_HAVE_ARC4RANDOM_STIR
9e3331ea 955 arc4random_stir();
46ca7017 956#endif
9e3331ea
TK		 957#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
958#ifdef HAVE_SRANDOMDEV
959 /* uses random(4) for seeding */
960 srandomdev();
961#else
962 gettimeofday(&tv, NULL);
963 srandom(tv.tv_sec | tv.tv_usec | getpid());
964#endif
965#else
966 /* Poor randomness and no seeding here */
967#endif
968
969 }
970 pid = p2;
971 }
972
973#ifdef HAVE_ARC4RANDOM
974 return arc4random() % max;
975#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
976 return random() % max;
977#else
978 /* This one returns a 16-bit number, definitely not crypto-strong */
979 return random_number(max);
980#endif
981}
982
17c76198
PP		 983
984
9e3331ea 985
059ec3d9
PH		 986/*************************************************
987* Pick out a name from a string *
988*************************************************/
989
990/* If the name is too long, it is silently truncated.
991
992Arguments:
993 name points to a buffer into which to put the name
994 max is the length of the buffer
995 s points to the first alphabetic character of the name
996 extras chars other than alphanumerics to permit
997
998Returns: pointer to the first character after the name
999
1000Note: The test for *s != 0 in the while loop is necessary because
1001Ustrchr() yields non-NULL if the character is zero (which is not something
1002I expected). */
1003
55414b25
JH		 1004static const uschar *
1005read_name(uschar *name, int max, const uschar *s, uschar *extras)
059ec3d9
PH		 1006{
1007int ptr = 0;
1008while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1009 {
1010 if (ptr < max-1) name[ptr++] = *s;
1011 s++;
1012 }
1013name[ptr] = 0;
1014return s;
1015}
1016
1017
1018
1019/*************************************************
1020* Pick out the rest of a header name *
1021*************************************************/
1022
1023/* A variable name starting $header_ (or just $h_ for those who like
1024abbreviations) might not be the complete header name because headers can
1025contain any printing characters in their names, except ':'. This function is
1026called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1027on the end, if the name was terminated by white space.
1028
1029Arguments:
1030 name points to a buffer in which the name read so far exists
1031 max is the length of the buffer
1032 s points to the first character after the name so far, i.e. the
1033 first non-alphameric character after $header_xxxxx
1034
1035Returns: a pointer to the first character after the header name
1036*/
1037
55414b25
JH		 1038static const uschar *
1039read_header_name(uschar *name, int max, const uschar *s)
059ec3d9
PH		 1040{
1041int prelen = Ustrchr(name, '_') - name + 1;
1042int ptr = Ustrlen(name) - prelen;
1043if (ptr > 0) memmove(name, name+prelen, ptr);
1044while (mac_isgraph(*s) && *s != ':')
1045 {
1046 if (ptr < max-1) name[ptr++] = *s;
1047 s++;
1048 }
1049if (*s == ':') s++;
1050name[ptr++] = ':';
1051name[ptr] = 0;
1052return s;
1053}
1054
1055
1056
1057/*************************************************
1058* Pick out a number from a string *
1059*************************************************/
1060
1061/* Arguments:
1062 n points to an integer into which to put the number
1063 s points to the first digit of the number
1064
1065Returns: a pointer to the character after the last digit
1066*/
1067
1068static uschar *
1069read_number(int *n, uschar *s)
1070{
1071*n = 0;
1072while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1073return s;
1074}
1075
55414b25
JH		 1076static const uschar *
1077read_cnumber(int *n, const uschar *s)
1078{
1079*n = 0;
1080while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1081return s;
1082}
1083
059ec3d9
PH		 1084
1085
1086/*************************************************
1087* Extract keyed subfield from a string *
1088*************************************************/
1089
1090/* The yield is in dynamic store; NULL means that the key was not found.
1091
1092Arguments:
1093 key points to the name of the key
1094 s points to the string from which to extract the subfield
1095
1096Returns: NULL if the subfield was not found, or
1097 a pointer to the subfield's data
1098*/
1099
1100static uschar *
55414b25 1101expand_getkeyed(uschar *key, const uschar *s)
059ec3d9
PH		 1102{
1103int length = Ustrlen(key);
1104while (isspace(*s)) s++;
1105
1106/* Loop to search for the key */
1107
1108while (*s != 0)
1109 {
1110 int dkeylength;
1111 uschar *data;
55414b25 1112 const uschar *dkey = s;
059ec3d9
PH		 1113
1114 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1115 dkeylength = s - dkey;
1116 while (isspace(*s)) s++;
1117 if (*s == '=') while (isspace((*(++s))));
1118
1119 data = string_dequote(&s);
1120 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1121 return data;
1122
1123 while (isspace(*s)) s++;
1124 }
1125
1126return NULL;
1127}
1128
1129
1130
9d1c15ef
JH		 1131static var_entry *
1132find_var_ent(uschar * name)
1133{
1134int first = 0;
1135int last = var_table_size;
1136
1137while (last > first)
1138 {
1139 int middle = (first + last)/2;
1140 int c = Ustrcmp(name, var_table[middle].name);
1141
1142 if (c > 0) { first = middle + 1; continue; }
1143 if (c < 0) { last = middle; continue; }
1144 return &var_table[middle];
1145 }
1146return NULL;
1147}
059ec3d9
PH		 1148
1149/*************************************************
1150* Extract numbered subfield from string *
1151*************************************************/
1152
1153/* Extracts a numbered field from a string that is divided by tokens - for
1154example a line from /etc/passwd is divided by colon characters. First field is
1155numbered one. Negative arguments count from the right. Zero returns the whole
1156string. Returns NULL if there are insufficient tokens in the string
1157
1158***WARNING***
1159Modifies final argument - this is a dynamically generated string, so that's OK.
1160
1161Arguments:
1162 field number of field to be extracted,
1163 first field = 1, whole string = 0, last field = -1
1164 separators characters that are used to break string into tokens
1165 s points to the string from which to extract the subfield
1166
1167Returns: NULL if the field was not found,
1168 a pointer to the field's data inside s (modified to add 0)
1169*/
1170
1171static uschar *
1172expand_gettokened (int field, uschar *separators, uschar *s)
1173{
1174int sep = 1;
1175int count;
1176uschar *ss = s;
1177uschar *fieldtext = NULL;
1178
1179if (field == 0) return s;
1180
1181/* Break the line up into fields in place; for field > 0 we stop when we have
1182done the number of fields we want. For field < 0 we continue till the end of
1183the string, counting the number of fields. */
1184
1185count = (field > 0)? field : INT_MAX;
1186
1187while (count-- > 0)
1188 {
1189 size_t len;
1190
1191 /* Previous field was the last one in the string. For a positive field
1192 number, this means there are not enough fields. For a negative field number,
1193 check that there are enough, and scan back to find the one that is wanted. */
1194
1195 if (sep == 0)
1196 {
1197 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1198 if ((-field) == (INT_MAX - count - 1)) return s;
1199 while (field++ < 0)
1200 {
1201 ss--;
1202 while (ss[-1] != 0) ss--;
1203 }
1204 fieldtext = ss;
1205 break;
1206 }
1207
1208 /* Previous field was not last in the string; save its start and put a
1209 zero at its end. */
1210
1211 fieldtext = ss;
1212 len = Ustrcspn(ss, separators);
1213 sep = ss[len];
1214 ss[len] = 0;
1215 ss += len + 1;
1216 }
1217
1218return fieldtext;
1219}
1220
1221
aa26e137 1222static uschar *
55414b25 1223expand_getlistele(int field, const uschar * list)
aa26e137 1224{
55414b25 1225const uschar * tlist= list;
aa26e137
JH		 1226int sep= 0;
1227uschar dummy;
1228
1229if(field<0)
0f0c8159 1230 {
aa26e137
JH		 1231 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1232 sep= 0;
0f0c8159 1233 }
aa26e137
JH		 1234if(field==0) return NULL;
1235while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1236return string_nextinlist(&list, &sep, NULL, 0);
1237}
059ec3d9 1238
9d1c15ef
JH		 1239
1240/* Certificate fields, by name. Worry about by-OID later */
9e4dddbd 1241/* Names are chosen to not have common prefixes */
9d1c15ef
JH		 1242
1243#ifdef SUPPORT_TLS
1244typedef struct
1245{
1246uschar * name;
9e4dddbd
JH		 1247int namelen;
1248uschar * (*getfn)(void * cert, uschar * mod);
9d1c15ef
JH		 1249} certfield;
1250static certfield certfields[] =
1251{ /* linear search; no special order */
9e4dddbd
JH		 1252 { US"version", 7, &tls_cert_version },
1253 { US"serial_number", 13, &tls_cert_serial_number },
1254 { US"subject", 7, &tls_cert_subject },
1255 { US"notbefore", 9, &tls_cert_not_before },
1256 { US"notafter", 8, &tls_cert_not_after },
1257 { US"issuer", 6, &tls_cert_issuer },
1258 { US"signature", 9, &tls_cert_signature },
1259 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1260 { US"subj_altname", 12, &tls_cert_subject_altname },
1261 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1262 { US"crl_uri", 7, &tls_cert_crl_uri },
9d1c15ef
JH		 1263};
1264
1265static uschar *
1266expand_getcertele(uschar * field, uschar * certvar)
1267{
1268var_entry * vp;
1269certfield * cp;
1270
1271if (!(vp = find_var_ent(certvar)))
1272 {
94431adb 1273 expand_string_message =
9d1c15ef
JH		 1274 string_sprintf("no variable named \"%s\"", certvar);
1275 return NULL; /* Unknown variable name */
1276 }
1277/* NB this stops us passing certs around in variable. Might
1278want to do that in future */
1279if (vp->type != vtype_cert)
1280 {
94431adb 1281 expand_string_message =
9d1c15ef
JH		 1282 string_sprintf("\"%s\" is not a certificate", certvar);
1283 return NULL; /* Unknown variable name */
1284 }
1285if (!*(void **)vp->value)
1286 return NULL;
1287
1288if (*field >= '0' && *field <= '9')
1289 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1290
1291for(cp = certfields;
0539a19d 1292 cp < certfields + nelem(certfields);
9d1c15ef 1293 cp++)
9e4dddbd
JH		 1294 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1295 {
1296 uschar * modifier = *(field += cp->namelen) == ','
1297 ? ++field : NULL;
1298 return (*cp->getfn)( *(void **)vp->value, modifier );
1299 }
9d1c15ef 1300
94431adb 1301expand_string_message =
9d1c15ef
JH		 1302 string_sprintf("bad field selector \"%s\" for certextract", field);
1303return NULL;
1304}
1305#endif /*SUPPORT_TLS*/
1306
059ec3d9
PH		 1307/*************************************************
1308* Extract a substring from a string *
1309*************************************************/
1310
1311/* Perform the ${substr or ${length expansion operations.
1312
1313Arguments:
1314 subject the input string
1315 value1 the offset from the start of the input string to the start of
1316 the output string; if negative, count from the right.
1317 value2 the length of the output string, or negative (-1) for unset
1318 if value1 is positive, unset means "all after"
1319 if value1 is negative, unset means "all before"
1320 len set to the length of the returned string
1321
1322Returns: pointer to the output string, or NULL if there is an error
1323*/
1324
1325static uschar *
1326extract_substr(uschar *subject, int value1, int value2, int *len)
1327{
1328int sublen = Ustrlen(subject);
1329
1330if (value1 < 0) /* count from right */
1331 {
1332 value1 += sublen;
1333
1334 /* If the position is before the start, skip to the start, and adjust the
1335 length. If the length ends up negative, the substring is null because nothing
1336 can precede. This falls out naturally when the length is unset, meaning "all
1337 to the left". */
1338
1339 if (value1 < 0)
1340 {
1341 value2 += value1;
1342 if (value2 < 0) value2 = 0;
1343 value1 = 0;
1344 }
1345
1346 /* Otherwise an unset length => characters before value1 */
1347
1348 else if (value2 < 0)
1349 {
1350 value2 = value1;
1351 value1 = 0;
1352 }
1353 }
1354
1355/* For a non-negative offset, if the starting position is past the end of the
1356string, the result will be the null string. Otherwise, an unset length means
1357"rest"; just set it to the maximum - it will be cut down below if necessary. */
1358
1359else
1360 {
1361 if (value1 > sublen)
1362 {
1363 value1 = sublen;
1364 value2 = 0;
1365 }
1366 else if (value2 < 0) value2 = sublen;
1367 }
1368
1369/* Cut the length down to the maximum possible for the offset value, and get
1370the required characters. */
1371
1372if (value1 + value2 > sublen) value2 = sublen - value1;
1373*len = value2;
1374return subject + value1;
1375}
1376
1377
1378
1379
1380/*************************************************
1381* Old-style hash of a string *
1382*************************************************/
1383
1384/* Perform the ${hash expansion operation.
1385
1386Arguments:
1387 subject the input string (an expanded substring)
1388 value1 the length of the output string; if greater or equal to the
1389 length of the input string, the input string is returned
1390 value2 the number of hash characters to use, or 26 if negative
1391 len set to the length of the returned string
1392
1393Returns: pointer to the output string, or NULL if there is an error
1394*/
1395
1396static uschar *
1397compute_hash(uschar *subject, int value1, int value2, int *len)
1398{
1399int sublen = Ustrlen(subject);
1400
1401if (value2 < 0) value2 = 26;
1402else if (value2 > Ustrlen(hashcodes))
1403 {
1404 expand_string_message =
1405 string_sprintf("hash count \"%d\" too big", value2);
1406 return NULL;
1407 }
1408
1409/* Calculate the hash text. We know it is shorter than the original string, so
1410can safely place it in subject[] (we know that subject is always itself an
1411expanded substring). */
1412
1413if (value1 < sublen)
1414 {
1415 int c;
1416 int i = 0;
1417 int j = value1;
1418 while ((c = (subject[j])) != 0)
1419 {
1420 int shift = (c + j++) & 7;
1421 subject[i] ^= (c << shift) | (c >> (8-shift));
1422 if (++i >= value1) i = 0;
1423 }
1424 for (i = 0; i < value1; i++)
1425 subject[i] = hashcodes[(subject[i]) % value2];
1426 }
1427else value1 = sublen;
1428
1429*len = value1;
1430return subject;
1431}
1432
1433
1434
1435
1436/*************************************************
1437* Numeric hash of a string *
1438*************************************************/
1439
1440/* Perform the ${nhash expansion operation. The first characters of the
1441string are treated as most important, and get the highest prime numbers.
1442
1443Arguments:
1444 subject the input string
1445 value1 the maximum value of the first part of the result
1446 value2 the maximum value of the second part of the result,
1447 or negative to produce only a one-part result
1448 len set to the length of the returned string
1449
1450Returns: pointer to the output string, or NULL if there is an error.
1451*/
1452
1453static uschar *
1454compute_nhash (uschar *subject, int value1, int value2, int *len)
1455{
1456uschar *s = subject;
1457int i = 0;
1458unsigned long int total = 0; /* no overflow */
1459
1460while (*s != 0)
1461 {
0539a19d 1462 if (i == 0) i = nelem(prime) - 1;
059ec3d9
PH		 1463 total += prime[i--] * (unsigned int)(*s++);
1464 }
1465
1466/* If value2 is unset, just compute one number */
1467
1468if (value2 < 0)
1469 {
1470 s = string_sprintf("%d", total % value1);
1471 }
1472
1473/* Otherwise do a div/mod hash */
1474
1475else
1476 {
1477 total = total % (value1 * value2);
1478 s = string_sprintf("%d/%d", total/value2, total % value2);
1479 }
1480
1481*len = Ustrlen(s);
1482return s;
1483}
1484
1485
1486
1487
1488
1489/*************************************************
1490* Find the value of a header or headers *
1491*************************************************/
1492
1493/* Multiple instances of the same header get concatenated, and this function
1494can also return a concatenation of all the header lines. When concatenating
1495specific headers that contain lists of addresses, a comma is inserted between
1496them. Otherwise we use a straight concatenation. Because some messages can have
1497pathologically large number of lines, there is a limit on the length that is
1498returned. Also, to avoid massive store use which would result from using
1499string_cat() as it copies and extends strings, we do a preliminary pass to find
1500out exactly how much store will be needed. On "normal" messages this will be
1501pretty trivial.
1502
1503Arguments:
1504 name the name of the header, without the leading $header_ or $h_,
1505 or NULL if a concatenation of all headers is required
1506 exists_only TRUE if called from a def: test; don't need to build a string;
1507 just return a string that is not "" and not "0" if the header
1508 exists
1509 newsize return the size of memory block that was obtained; may be NULL
1510 if exists_only is TRUE
1511 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH		 1512 other than concatenating, will be done on the header. Also used
1513 for $message_headers_raw.
059ec3d9
PH		 1514 charset name of charset to translate MIME words to; used only if
1515 want_raw is false; if NULL, no translation is done (this is
1516 used for $bh_ and $bheader_)
1517
1518Returns: NULL if the header does not exist, else a pointer to a new
1519 store block
1520*/
1521
1522static uschar *
1523find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1524 uschar *charset)
1525{
1526BOOL found = name == NULL;
1527int comma = 0;
1528int len = found? 0 : Ustrlen(name);
1529int i;
1530uschar *yield = NULL;
1531uschar *ptr = NULL;
1532
1533/* Loop for two passes - saves code repetition */
1534
1535for (i = 0; i < 2; i++)
1536 {
1537 int size = 0;
1538 header_line *h;
1539
1540 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1541 {
1542 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1543 {
1544 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1545 {
1546 int ilen;
1547 uschar *t;
1548
1549 if (exists_only) return US"1"; /* don't need actual string */
1550 found = TRUE;
1551 t = h->text + len; /* text to insert */
1552 if (!want_raw) /* unless wanted raw, */
1553 while (isspace(*t)) t++; /* remove leading white space */
1554 ilen = h->slen - (t - h->text); /* length to insert */
1555
fd700877
PH		 1556 /* Unless wanted raw, remove trailing whitespace, including the
1557 newline. */
1558
1559 if (!want_raw)
1560 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1561
059ec3d9
PH		 1562 /* Set comma = 1 if handling a single header and it's one of those
1563 that contains an address list, except when asked for raw headers. Only
1564 need to do this once. */
1565
1566 if (!want_raw && name != NULL && comma == 0 &&
1567 Ustrchr("BCFRST", h->type) != NULL)
1568 comma = 1;
1569
1570 /* First pass - compute total store needed; second pass - compute
1571 total store used, including this header. */
1572
fd700877 1573 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH		 1574
1575 /* Second pass - concatentate the data, up to a maximum. Note that
1576 the loop stops when size hits the limit. */
1577
1578 if (i != 0)
1579 {
1580 if (size > header_insert_maxlen)
1581 {
fd700877 1582 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH		 1583 comma = 0;
1584 }
1585 Ustrncpy(ptr, t, ilen);
1586 ptr += ilen;
fd700877
PH		 1587
1588 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH		 1589 back the newline we removed above, provided there was some text in
1590 the header. */
fd700877 1591
3168332a 1592 if (!want_raw && ilen > 0)
059ec3d9 1593 {
3168332a 1594 if (comma != 0) *ptr++ = ',';
059ec3d9
PH		 1595 *ptr++ = '\n';
1596 }
1597 }
1598 }
1599 }
1600 }
1601
fd700877
PH		 1602 /* At end of first pass, return NULL if no header found. Then truncate size
1603 if necessary, and get the buffer to hold the data, returning the buffer size.
1604 */
059ec3d9
PH		 1605
1606 if (i == 0)
1607 {
1608 if (!found) return NULL;
1609 if (size > header_insert_maxlen) size = header_insert_maxlen;
1610 *newsize = size + 1;
1611 ptr = yield = store_get(*newsize);
1612 }
1613 }
1614
059ec3d9
PH		 1615/* That's all we do for raw header expansion. */
1616
1617if (want_raw)
1618 {
1619 *ptr = 0;
1620 }
1621
fd700877
PH		 1622/* Otherwise, remove a final newline and a redundant added comma. Then we do
1623RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH		 1624function can return an error with decoded data if the charset translation
1625fails. If decoding fails, it returns NULL. */
1626
1627else
1628 {
1629 uschar *decoded, *error;
3168332a 1630 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1631 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1632 *ptr = 0;
a0d6ba8a
PH		 1633 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1634 newsize, &error);
059ec3d9
PH		 1635 if (error != NULL)
1636 {
1637 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1638 " input was: %s\n", error, yield);
1639 }
1640 if (decoded != NULL) yield = decoded;
1641 }
1642
1643return yield;
1644}
1645
1646
1647
1648
362145b5
JH		 1649/*************************************************
1650* Return list of recipients *
1651*************************************************/
1652/* A recipients list is available only during system message filtering,
1653during ACL processing after DATA, and while expanding pipe commands
1654generated from a system filter, but not elsewhere. */
1655
1656static uschar *
1657fn_recipients(void)
1658{
1659if (!enable_dollar_recipients) return NULL; else
1660 {
1661 int size = 128;
1662 int ptr = 0;
1663 int i;
1664 uschar * s = store_get(size);
1665 for (i = 0; i < recipients_count; i++)
1666 {
1667 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1668 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1669 Ustrlen(recipients_list[i].address));
1670 }
1671 s[ptr] = 0; /* string_cat() leaves room */
1672 return s;
1673 }
1674}
1675
1676
059ec3d9
PH		 1677/*************************************************
1678* Find value of a variable *
1679*************************************************/
1680
1681/* The table of variables is kept in alphabetic order, so we can search it
1682using a binary chop. The "choplen" variable is nothing to do with the binary
1683chop.
1684
1685Arguments:
1686 name the name of the variable being sought
1687 exists_only TRUE if this is a def: test; passed on to find_header()
1688 skipping TRUE => skip any processing evaluation; this is not the same as
1689 exists_only because def: may test for values that are first
1690 evaluated here
1691 newsize pointer to an int which is initially zero; if the answer is in
1692 a new memory buffer, *newsize is set to its size
1693
1694Returns: NULL if the variable does not exist, or
1695 a pointer to the variable's contents, or
1696 something non-NULL if exists_only is TRUE
1697*/
1698
1699static uschar *
1700find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1701{
9d1c15ef
JH		 1702var_entry * vp;
1703uschar *s, *domain;
1704uschar **ss;
1705void * val;
059ec3d9 1706
38a0a95f
PH		 1707/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1708Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1709release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH		 1710characters are acl_c or acl_m and the sixth is either a digit or an underscore
1711(this gave backwards compatibility at the changeover). There may be built-in
1712variables whose names start acl_ but they should never start in this way. This
1713slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1714
38a0a95f
PH		 1715If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1716set, in which case give an error. */
47ca6d6c 1717
641cb756
PH		 1718if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1719 !isalpha(name[5]))
38a0a95f
PH		 1720 {
1721 tree_node *node =
1722 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1723 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH		 1724 }
1725
38a0a95f 1726/* Handle $auth<n> variables. */
f78eb7c6
PH		 1727
1728if (Ustrncmp(name, "auth", 4) == 0)
1729 {
1730 uschar *endptr;
1731 int n = Ustrtoul(name + 4, &endptr, 10);
1732 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
f38917cc
JH		 1733 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1734 }
1735else if (Ustrncmp(name, "regex", 5) == 0)
1736 {
1737 uschar *endptr;
1738 int n = Ustrtoul(name + 5, &endptr, 10);
1739 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1740 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
f78eb7c6
PH		 1741 }
1742
47ca6d6c
PH		 1743/* For all other variables, search the table */
1744
9d1c15ef
JH		 1745if (!(vp = find_var_ent(name)))
1746 return NULL; /* Unknown variable name */
059ec3d9 1747
9d1c15ef
JH		 1748/* Found an existing variable. If in skipping state, the value isn't needed,
1749and we want to avoid processing (such as looking up the host name). */
059ec3d9 1750
9d1c15ef
JH		 1751if (skipping)
1752 return US"";
059ec3d9 1753
9d1c15ef
JH		 1754val = vp->value;
1755switch (vp->type)
1756 {
1757 case vtype_filter_int:
1758 if (!filter_running) return NULL;
1759 /* Fall through */
1760 /* VVVVVVVVVVVV */
1761 case vtype_int:
1762 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1763 return var_buffer;
1764
1765 case vtype_ino:
1766 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1767 return var_buffer;
1768
1769 case vtype_gid:
1770 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1771 return var_buffer;
1772
1773 case vtype_uid:
1774 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1775 return var_buffer;
1776
1777 case vtype_bool:
1778 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1779 return var_buffer;
1780
1781 case vtype_stringptr: /* Pointer to string */
1782 s = *((uschar **)(val));
1783 return (s == NULL)? US"" : s;
1784
1785 case vtype_pid:
1786 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1787 return var_buffer;
1788
1789 case vtype_load_avg:
1790 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1791 return var_buffer;
1792
1793 case vtype_host_lookup: /* Lookup if not done so */
1794 if (sender_host_name == NULL && sender_host_address != NULL &&
1795 !host_lookup_failed && host_name_lookup() == OK)
1796 host_build_sender_fullhost();
1797 return (sender_host_name == NULL)? US"" : sender_host_name;
1798
1799 case vtype_localpart: /* Get local part from address */
1800 s = *((uschar **)(val));
1801 if (s == NULL) return US"";
1802 domain = Ustrrchr(s, '@');
1803 if (domain == NULL) return s;
1804 if (domain - s > sizeof(var_buffer) - 1)
1805 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1806 " in string expansion", sizeof(var_buffer));
1807 Ustrncpy(var_buffer, s, domain - s);
1808 var_buffer[domain - s] = 0;
1809 return var_buffer;
1810
1811 case vtype_domain: /* Get domain from address */
1812 s = *((uschar **)(val));
1813 if (s == NULL) return US"";
1814 domain = Ustrrchr(s, '@');
1815 return (domain == NULL)? US"" : domain + 1;
1816
1817 case vtype_msgheaders:
1818 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1819
1820 case vtype_msgheaders_raw:
1821 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1822
1823 case vtype_msgbody: /* Pointer to msgbody string */
1824 case vtype_msgbody_end: /* Ditto, the end of the msg */
1825 ss = (uschar **)(val);
1826 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
059ec3d9 1827 {
9d1c15ef
JH		 1828 uschar *body;
1829 off_t start_offset = SPOOL_DATA_START_OFFSET;
1830 int len = message_body_visible;
1831 if (len > message_size) len = message_size;
1832 *ss = body = store_malloc(len+1);
1833 body[0] = 0;
1834 if (vp->type == vtype_msgbody_end)
059ec3d9 1835 {
9d1c15ef
JH		 1836 struct stat statbuf;
1837 if (fstat(deliver_datafile, &statbuf) == 0)
1838 {
1839 start_offset = statbuf.st_size - len;
1840 if (start_offset < SPOOL_DATA_START_OFFSET)
1841 start_offset = SPOOL_DATA_START_OFFSET;
1842 }
1843 }
1844 lseek(deliver_datafile, start_offset, SEEK_SET);
1845 len = read(deliver_datafile, body, len);
1846 if (len > 0)
1847 {
1848 body[len] = 0;
1849 if (message_body_newlines) /* Separate loops for efficiency */
1850 {
1851 while (len > 0)
1852 { if (body[--len] == 0) body[len] = ' '; }
1853 }
1854 else
1855 {
1856 while (len > 0)
1857 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1858 }
059ec3d9 1859 }
9d1c15ef
JH		 1860 }
1861 return (*ss == NULL)? US"" : *ss;
059ec3d9 1862
9d1c15ef
JH		 1863 case vtype_todbsdin: /* BSD inbox time of day */
1864 return tod_stamp(tod_bsdin);
059ec3d9 1865
9d1c15ef
JH		 1866 case vtype_tode: /* Unix epoch time of day */
1867 return tod_stamp(tod_epoch);
059ec3d9 1868
9d1c15ef
JH		 1869 case vtype_todel: /* Unix epoch/usec time of day */
1870 return tod_stamp(tod_epoch_l);
f5787926 1871
9d1c15ef
JH		 1872 case vtype_todf: /* Full time of day */
1873 return tod_stamp(tod_full);
059ec3d9 1874
9d1c15ef
JH		 1875 case vtype_todl: /* Log format time of day */
1876 return tod_stamp(tod_log_bare); /* (without timezone) */
059ec3d9 1877
9d1c15ef
JH		 1878 case vtype_todzone: /* Time zone offset only */
1879 return tod_stamp(tod_zone);
059ec3d9 1880
9d1c15ef
JH		 1881 case vtype_todzulu: /* Zulu time */
1882 return tod_stamp(tod_zulu);
059ec3d9 1883
9d1c15ef
JH		 1884 case vtype_todlf: /* Log file datestamp tod */
1885 return tod_stamp(tod_log_datestamp_daily);
059ec3d9 1886
9d1c15ef
JH		 1887 case vtype_reply: /* Get reply address */
1888 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1889 headers_charset);
1890 if (s != NULL) while (isspace(*s)) s++;
1891 if (s == NULL || *s == 0)
1892 {
1893 *newsize = 0; /* For the *s==0 case */
1894 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1895 }
1896 if (s != NULL)
1897 {
1898 uschar *t;
1899 while (isspace(*s)) s++;
1900 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1901 while (t > s && isspace(t[-1])) t--;
1902 *t = 0;
1903 }
1904 return (s == NULL)? US"" : s;
059ec3d9 1905
9d1c15ef
JH		 1906 case vtype_string_func:
1907 {
1908 uschar * (*fn)() = val;
1909 return fn();
1910 }
8e669ac1 1911
9d1c15ef
JH		 1912 case vtype_pspace:
1913 {
1914 int inodes;
1915 sprintf(CS var_buffer, "%d",
1916 receive_statvfs(val == (void *)TRUE, &inodes));
1917 }
1918 return var_buffer;
8e669ac1 1919
9d1c15ef
JH		 1920 case vtype_pinodes:
1921 {
1922 int inodes;
1923 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1924 sprintf(CS var_buffer, "%d", inodes);
1925 }
1926 return var_buffer;
80a47a2c 1927
9d1c15ef
JH		 1928 case vtype_cert:
1929 return *(void **)val ? US"<cert>" : US"";
80a47a2c 1930
9d1c15ef
JH		 1931 #ifndef DISABLE_DKIM
1932 case vtype_dkim:
1933 return dkim_exim_expand_query((int)(long)val);
1934 #endif
059ec3d9 1935
9d1c15ef 1936 }
6c08476d
LM		 1937
1938return NULL; /* Unknown variable. Silences static checkers. */
059ec3d9
PH		 1939}
1940
1941
1942
1943
d9b2312b
JH		 1944void
1945modify_variable(uschar *name, void * value)
1946{
9d1c15ef
JH		 1947var_entry * vp;
1948if ((vp = find_var_ent(name))) vp->value = value;
d9b2312b
JH		 1949return; /* Unknown variable name, fail silently */
1950}
1951
1952
1953
1954
1955
059ec3d9
PH		 1956/*************************************************
1957* Read and expand substrings *
1958*************************************************/
1959
1960/* This function is called to read and expand argument substrings for various
1961expansion items. Some have a minimum requirement that is less than the maximum;
1962in these cases, the first non-present one is set to NULL.
1963
1964Arguments:
1965 sub points to vector of pointers to set
1966 n maximum number of substrings
1967 m minimum required
1968 sptr points to current string pointer
1969 skipping the skipping flag
1970 check_end if TRUE, check for final '}'
1971 name name of item, for error message
b0e85a8f
JH		 1972 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
1973 the store.
059ec3d9
PH		 1974
1975Returns: 0 OK; string pointer updated
1976 1 curly bracketing error (too few arguments)
1977 2 too many arguments (only if check_end is set); message set
1978 3 other error (expansion failure)
1979*/
1980
1981static int
55414b25 1982read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
b0e85a8f 1983 BOOL check_end, uschar *name, BOOL *resetok)
059ec3d9
PH		 1984{
1985int i;
55414b25 1986const uschar *s = *sptr;
059ec3d9
PH		 1987
1988while (isspace(*s)) s++;
1989for (i = 0; i < n; i++)
1990 {
1991 if (*s != '{')
1992 {
1993 if (i < m) return 1;
1994 sub[i] = NULL;
1995 break;
1996 }
b0e85a8f 1997 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
059ec3d9
PH		 1998 if (sub[i] == NULL) return 3;
1999 if (*s++ != '}') return 1;
2000 while (isspace(*s)) s++;
2001 }
2002if (check_end && *s++ != '}')
2003 {
2004 if (s[-1] == '{')
2005 {
2006 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
2007 "(max is %d)", name, n);
2008 return 2;
2009 }
2010 return 1;
2011 }
2012
2013*sptr = s;
2014return 0;
2015}
2016
2017
2018
2019
641cb756
PH		 2020/*************************************************
2021* Elaborate message for bad variable *
2022*************************************************/
2023
2024/* For the "unknown variable" message, take a look at the variable's name, and
2025give additional information about possible ACL variables. The extra information
2026is added on to expand_string_message.
2027
2028Argument: the name of the variable
2029Returns: nothing
2030*/
2031
2032static void
2033check_variable_error_message(uschar *name)
2034{
2035if (Ustrncmp(name, "acl_", 4) == 0)
2036 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2037 (name[4] == 'c' || name[4] == 'm')?
2038 (isalpha(name[5])?
2039 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2040 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2041 ) :
2042 US"user-defined ACL variables must start acl_c or acl_m");
2043}
2044
2045
2046
f60d98e8
JH		 2047/*
2048Load args from sub array to globals, and call acl_check().
ef21c07d 2049Sub array will be corrupted on return.
f60d98e8
JH		 2050
2051Returns: OK access is granted by an ACCEPT verb
2052 DISCARD access is granted by a DISCARD verb
2053 FAIL access is denied
2054 FAIL_DROP access is denied; drop the connection
2055 DEFER can't tell at the moment
2056 ERROR disaster
2057*/
2058static int
2059eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2060{
2061int i;
ef21c07d
JH		 2062int sav_narg = acl_narg;
2063int ret;
93a6fce2 2064uschar * dummy_logmsg;
faa05a93 2065extern int acl_where;
f60d98e8 2066
0539a19d 2067if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
ef21c07d
JH		 2068for (i = 0; i < nsub && sub[i+1]; i++)
2069 {
93a6fce2 2070 uschar * tmp = acl_arg[i];
ef21c07d
JH		 2071 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2072 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2073 }
2074acl_narg = i;
bef3ea7f 2075while (i < nsub)
ef21c07d
JH		 2076 {
2077 sub[i+1] = acl_arg[i];
2078 acl_arg[i++] = NULL;
2079 }
f60d98e8
JH		 2080
2081DEBUG(D_expand)
2082 debug_printf("expanding: acl: %s arg: %s%s\n",
2083 sub[0],
60f8e1e8
JH		 2084 acl_narg>0 ? acl_arg[0] : US"<none>",
2085 acl_narg>1 ? " +more" : "");
f60d98e8 2086
93a6fce2 2087ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
ef21c07d
JH		 2088
2089for (i = 0; i < nsub; i++)
2090 acl_arg[i] = sub[i+1]; /* restore old args */
2091acl_narg = sav_narg;
2092
2093return ret;
f60d98e8
JH		 2094}
2095
2096
2097
2098
059ec3d9
PH		 2099/*************************************************
2100* Read and evaluate a condition *
2101*************************************************/
2102
2103/*
2104Arguments:
2105 s points to the start of the condition text
b0e85a8f
JH		 2106 resetok points to a BOOL which is written false if it is unsafe to
2107 free memory. Certain condition types (acl) may have side-effect
2108 allocation which must be preserved.
059ec3d9
PH		 2109 yield points to a BOOL to hold the result of the condition test;
2110 if NULL, we are just reading through a condition that is
2111 part of an "or" combination to check syntax, or in a state
2112 where the answer isn't required
2113
2114Returns: a pointer to the first character after the condition, or
2115 NULL after an error
2116*/
2117
55414b25
JH		 2118static const uschar *
2119eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
059ec3d9
PH		 2120{
2121BOOL testfor = TRUE;
2122BOOL tempcond, combined_cond;
2123BOOL *subcondptr;
5cfd2e57 2124BOOL sub2_honour_dollar = TRUE;
059ec3d9 2125int i, rc, cond_type, roffset;
97d17305 2126int_eximarith_t num[2];
059ec3d9
PH		 2127struct stat statbuf;
2128uschar name[256];
55414b25 2129const uschar *sub[10];
059ec3d9
PH		 2130
2131const pcre *re;
2132const uschar *rerror;
2133
2134for (;;)
2135 {
2136 while (isspace(*s)) s++;
2137 if (*s == '!') { testfor = !testfor; s++; } else break;
2138 }
2139
2140/* Numeric comparisons are symbolic */
2141
2142if (*s == '=' || *s == '>' || *s == '<')
2143 {
2144 int p = 0;
2145 name[p++] = *s++;
2146 if (*s == '=')
2147 {
2148 name[p++] = '=';
2149 s++;
2150 }
2151 name[p] = 0;
2152 }
2153
2154/* All other conditions are named */
2155
2156else s = read_name(name, 256, s, US"_");
2157
2158/* If we haven't read a name, it means some non-alpha character is first. */
2159
2160if (name[0] == 0)
2161 {
2162 expand_string_message = string_sprintf("condition name expected, "
2163 "but found \"%.16s\"", s);
2164 return NULL;
2165 }
2166
2167/* Find which condition we are dealing with, and switch on it */
2168
0539a19d 2169cond_type = chop_match(name, cond_table, nelem(cond_table));
059ec3d9
PH		 2170switch(cond_type)
2171 {
9b4768fa
PH		 2172 /* def: tests for a non-empty variable, or for the existence of a header. If
2173 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH		 2174
2175 case ECOND_DEF:
2176 if (*s != ':')
2177 {
2178 expand_string_message = US"\":\" expected after \"def\"";
2179 return NULL;
2180 }
2181
2182 s = read_name(name, 256, s+1, US"_");
2183
0d85fa3f
PH		 2184 /* Test for a header's existence. If the name contains a closing brace
2185 character, this may be a user error where the terminating colon has been
2186 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH		 2187
2188 if (Ustrncmp(name, "h_", 2) == 0 ||
2189 Ustrncmp(name, "rh_", 3) == 0 ||
2190 Ustrncmp(name, "bh_", 3) == 0 ||
2191 Ustrncmp(name, "header_", 7) == 0 ||
2192 Ustrncmp(name, "rheader_", 8) == 0 ||
2193 Ustrncmp(name, "bheader_", 8) == 0)
2194 {
2195 s = read_header_name(name, 256, s);
b5b871ac 2196 /* {-for-text-editors */
0d85fa3f 2197 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH		 2198 if (yield != NULL) *yield =
2199 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2200 }
2201
9b4768fa
PH		 2202 /* Test for a variable's having a non-empty value. A non-existent variable
2203 causes an expansion failure. */
059ec3d9
PH		 2204
2205 else
2206 {
2207 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2208 if (value == NULL)
2209 {
2210 expand_string_message = (name[0] == 0)?
2211 string_sprintf("variable name omitted after \"def:\"") :
2212 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 2213 check_variable_error_message(name);
059ec3d9
PH		 2214 return NULL;
2215 }
9b4768fa 2216 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH		 2217 }
2218
2219 return s;
2220
2221
2222 /* first_delivery tests for first delivery attempt */
2223
2224 case ECOND_FIRST_DELIVERY:
2225 if (yield != NULL) *yield = deliver_firsttime == testfor;
2226 return s;
2227
2228
2229 /* queue_running tests for any process started by a queue runner */
2230
2231 case ECOND_QUEUE_RUNNING:
2232 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2233 return s;
2234
2235
2236 /* exists: tests for file existence
2237 isip: tests for any IP address
2238 isip4: tests for an IPv4 address
2239 isip6: tests for an IPv6 address
2240 pam: does PAM authentication
2241 radius: does RADIUS authentication
2242 ldapauth: does LDAP authentication
2243 pwcheck: does Cyrus SASL pwcheck authentication
2244 */
2245
2246 case ECOND_EXISTS:
2247 case ECOND_ISIP:
2248 case ECOND_ISIP4:
2249 case ECOND_ISIP6:
2250 case ECOND_PAM:
2251 case ECOND_RADIUS:
2252 case ECOND_LDAPAUTH:
2253 case ECOND_PWCHECK:
2254
2255 while (isspace(*s)) s++;
b5b871ac 2256 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9 2257
b0e85a8f 2258 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
059ec3d9 2259 if (sub[0] == NULL) return NULL;
b5b871ac 2260 /* {-for-text-editors */
059ec3d9
PH		 2261 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2262
2263 if (yield == NULL) return s; /* No need to run the test if skipping */
2264
2265 switch(cond_type)
2266 {
2267 case ECOND_EXISTS:
2268 if ((expand_forbid & RDO_EXISTS) != 0)
2269 {
2270 expand_string_message = US"File existence tests are not permitted";
2271 return NULL;
2272 }
2273 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2274 break;
2275
2276 case ECOND_ISIP:
2277 case ECOND_ISIP4:
2278 case ECOND_ISIP6:
2279 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 2280 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH		 2281 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2282 break;
2283
2284 /* Various authentication tests - all optionally compiled */
2285
2286 case ECOND_PAM:
2287 #ifdef SUPPORT_PAM
2288 rc = auth_call_pam(sub[0], &expand_string_message);
2289 goto END_AUTH;
2290 #else
2291 goto COND_FAILED_NOT_COMPILED;
2292 #endif /* SUPPORT_PAM */
2293
2294 case ECOND_RADIUS:
2295 #ifdef RADIUS_CONFIG_FILE
2296 rc = auth_call_radius(sub[0], &expand_string_message);
2297 goto END_AUTH;
2298 #else
2299 goto COND_FAILED_NOT_COMPILED;
2300 #endif /* RADIUS_CONFIG_FILE */
2301
2302 case ECOND_LDAPAUTH:
2303 #ifdef LOOKUP_LDAP
2304 {
2305 /* Just to keep the interface the same */
2306 BOOL do_cache;
2307 int old_pool = store_pool;
2308 store_pool = POOL_SEARCH;
2309 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2310 &expand_string_message, &do_cache);
2311 store_pool = old_pool;
2312 }
2313 goto END_AUTH;
2314 #else
2315 goto COND_FAILED_NOT_COMPILED;
2316 #endif /* LOOKUP_LDAP */
2317
2318 case ECOND_PWCHECK:
2319 #ifdef CYRUS_PWCHECK_SOCKET
2320 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2321 goto END_AUTH;
2322 #else
2323 goto COND_FAILED_NOT_COMPILED;
2324 #endif /* CYRUS_PWCHECK_SOCKET */
2325
2326 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2327 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2328 END_AUTH:
2329 if (rc == ERROR || rc == DEFER) return NULL;
2330 *yield = (rc == OK) == testfor;
2331 #endif
2332 }
2333 return s;
2334
2335
333eea9c
JH		 2336 /* call ACL (in a conditional context). Accept true, deny false.
2337 Defer is a forced-fail. Anything set by message= goes to $value.
f60d98e8
JH		 2338 Up to ten parameters are used; we use the braces round the name+args
2339 like the saslauthd condition does, to permit a variable number of args.
2340 See also the expansion-item version EITEM_ACL and the traditional
2341 acl modifier ACLC_ACL.
fd5dad68
JH		 2342 Since the ACL may allocate new global variables, tell our caller to not
2343 reclaim memory.
f60d98e8 2344 */
333eea9c
JH		 2345
2346 case ECOND_ACL:
bef3ea7f 2347 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
333eea9c 2348 {
55414b25 2349 uschar *sub[10];
333eea9c 2350 uschar *user_msg;
333eea9c 2351 BOOL cond = FALSE;
bef3ea7f
JH		 2352 int size = 0;
2353 int ptr = 0;
333eea9c
JH		 2354
2355 while (isspace(*s)) s++;
6d9cfc47 2356 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
333eea9c 2357
0539a19d 2358 switch(read_subs(sub, nelem(sub), 1,
b0e85a8f 2359 &s, yield == NULL, TRUE, US"acl", resetok))
333eea9c 2360 {
f60d98e8
JH		 2361 case 1: expand_string_message = US"too few arguments or bracketing "
2362 "error for acl";
2363 case 2:
2364 case 3: return NULL;
333eea9c 2365 }
f60d98e8 2366
b0e85a8f 2367 *resetok = FALSE;
0539a19d 2368 if (yield != NULL) switch(eval_acl(sub, nelem(sub), &user_msg))
f60d98e8
JH		 2369 {
2370 case OK:
2371 cond = TRUE;
2372 case FAIL:
bef3ea7f 2373 lookup_value = NULL;
f60d98e8 2374 if (user_msg)
bef3ea7f 2375 {
f60d98e8 2376 lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
bef3ea7f
JH		 2377 lookup_value[ptr] = '\0';
2378 }
b5b871ac 2379 *yield = cond == testfor;
f60d98e8
JH		 2380 break;
2381
2382 case DEFER:
2383 expand_string_forcedfail = TRUE;
2384 default:
2385 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2386 return NULL;
2387 }
2388 return s;
333eea9c 2389 }
333eea9c
JH		 2390
2391
059ec3d9
PH		 2392 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2393
b0e85a8f 2394 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
059ec3d9
PH		 2395
2396 However, the last two are optional. That is why the whole set is enclosed
333eea9c 2397 in their own set of braces. */
059ec3d9
PH		 2398
2399 case ECOND_SASLAUTHD:
0539a19d
JH		 2400#ifndef CYRUS_SASLAUTHD_SOCKET
2401 goto COND_FAILED_NOT_COMPILED;
2402#else
059ec3d9 2403 {
0539a19d
JH		 2404 uschar *sub[4];
2405 while (isspace(*s)) s++;
2406 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2407 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2408 resetok))
2409 {
2410 case 1: expand_string_message = US"too few arguments or bracketing "
2411 "error for saslauthd";
2412 case 2:
2413 case 3: return NULL;
2414 }
2415 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2416 if (yield != NULL)
2417 {
2418 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2419 &expand_string_message);
2420 if (rc == ERROR || rc == DEFER) return NULL;
2421 *yield = (rc == OK) == testfor;
2422 }
2423 return s;
059ec3d9 2424 }
0539a19d 2425#endif /* CYRUS_SASLAUTHD_SOCKET */
059ec3d9
PH		 2426
2427
2428 /* symbolic operators for numeric and string comparison, and a number of
2429 other operators, all requiring two arguments.
2430
76dca828
PP		 2431 crypteq: encrypts plaintext and compares against an encrypted text,
2432 using crypt(), crypt16(), MD5 or SHA-1
2433 inlist/inlisti: checks if first argument is in the list of the second
059ec3d9
PH		 2434 match: does a regular expression match and sets up the numerical
2435 variables if it succeeds
2436 match_address: matches in an address list
2437 match_domain: matches in a domain list
32d668a5 2438 match_ip: matches a host list that is restricted to IP addresses
059ec3d9 2439 match_local_part: matches in a local part list
059ec3d9
PH		 2440 */
2441
059ec3d9
PH		 2442 case ECOND_MATCH_ADDRESS:
2443 case ECOND_MATCH_DOMAIN:
32d668a5 2444 case ECOND_MATCH_IP:
059ec3d9 2445 case ECOND_MATCH_LOCAL_PART:
da6dbe26
PP		 2446#ifndef EXPAND_LISTMATCH_RHS
2447 sub2_honour_dollar = FALSE;
2448#endif
2449 /* FALLTHROUGH */
2450
2451 case ECOND_CRYPTEQ:
2452 case ECOND_INLIST:
2453 case ECOND_INLISTI:
2454 case ECOND_MATCH:
059ec3d9
PH		 2455
2456 case ECOND_NUM_L: /* Numerical comparisons */
2457 case ECOND_NUM_LE:
2458 case ECOND_NUM_E:
2459 case ECOND_NUM_EE:
2460 case ECOND_NUM_G:
2461 case ECOND_NUM_GE:
2462
2463 case ECOND_STR_LT: /* String comparisons */
2464 case ECOND_STR_LTI:
2465 case ECOND_STR_LE:
2466 case ECOND_STR_LEI:
2467 case ECOND_STR_EQ:
2468 case ECOND_STR_EQI:
2469 case ECOND_STR_GT:
2470 case ECOND_STR_GTI:
2471 case ECOND_STR_GE:
2472 case ECOND_STR_GEI:
2473
2474 for (i = 0; i < 2; i++)
2475 {
da6dbe26
PP		 2476 /* Sometimes, we don't expand substrings; too many insecure configurations
2477 created using match_address{}{} and friends, where the second param
2478 includes information from untrustworthy sources. */
2479 BOOL honour_dollar = TRUE;
2480 if ((i > 0) && !sub2_honour_dollar)
2481 honour_dollar = FALSE;
2482
059ec3d9
PH		 2483 while (isspace(*s)) s++;
2484 if (*s != '{')
2485 {
2486 if (i == 0) goto COND_FAILED_CURLY_START;
2487 expand_string_message = string_sprintf("missing 2nd string in {} "
2488 "after \"%s\"", name);
2489 return NULL;
2490 }
da6dbe26 2491 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
b0e85a8f 2492 honour_dollar, resetok);
059ec3d9
PH		 2493 if (sub[i] == NULL) return NULL;
2494 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2495
2496 /* Convert to numerical if required; we know that the names of all the
2497 conditions that compare numbers do not start with a letter. This just saves
2498 checking for them individually. */
2499
d6066548 2500 if (!isalpha(name[0]) && yield != NULL)
059ec3d9 2501 {
5dd1517f
PH		 2502 if (sub[i][0] == 0)
2503 {
2504 num[i] = 0;
2505 DEBUG(D_expand)
2506 debug_printf("empty string cast to zero for numerical comparison\n");
2507 }
2508 else
2509 {
7685ce68 2510 num[i] = expanded_string_integer(sub[i], FALSE);
5dd1517f
PH		 2511 if (expand_string_message != NULL) return NULL;
2512 }
059ec3d9
PH		 2513 }
2514 }
2515
2516 /* Result not required */
2517
2518 if (yield == NULL) return s;
2519
2520 /* Do an appropriate comparison */
2521
2522 switch(cond_type)
2523 {
2524 case ECOND_NUM_E:
2525 case ECOND_NUM_EE:
b5b871ac 2526 tempcond = (num[0] == num[1]);
059ec3d9
PH		 2527 break;
2528
2529 case ECOND_NUM_G:
b5b871ac 2530 tempcond = (num[0] > num[1]);
059ec3d9
PH		 2531 break;
2532
2533 case ECOND_NUM_GE:
b5b871ac 2534 tempcond = (num[0] >= num[1]);
059ec3d9
PH		 2535 break;
2536
2537 case ECOND_NUM_L:
b5b871ac 2538 tempcond = (num[0] < num[1]);
059ec3d9
PH		 2539 break;
2540
2541 case ECOND_NUM_LE:
b5b871ac 2542 tempcond = (num[0] <= num[1]);
059ec3d9
PH		 2543 break;
2544
2545 case ECOND_STR_LT:
b5b871ac 2546 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
059ec3d9
PH		 2547 break;
2548
2549 case ECOND_STR_LTI:
b5b871ac 2550 tempcond = (strcmpic(sub[0], sub[1]) < 0);
059ec3d9
PH		 2551 break;
2552
2553 case ECOND_STR_LE:
b5b871ac 2554 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
059ec3d9
PH		 2555 break;
2556
2557 case ECOND_STR_LEI:
b5b871ac 2558 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
059ec3d9
PH		 2559 break;
2560
2561 case ECOND_STR_EQ:
b5b871ac 2562 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
059ec3d9
PH		 2563 break;
2564
2565 case ECOND_STR_EQI:
b5b871ac 2566 tempcond = (strcmpic(sub[0], sub[1]) == 0);
059ec3d9
PH		 2567 break;
2568
2569 case ECOND_STR_GT:
b5b871ac 2570 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
059ec3d9
PH		 2571 break;
2572
2573 case ECOND_STR_GTI:
b5b871ac 2574 tempcond = (strcmpic(sub[0], sub[1]) > 0);
059ec3d9
PH		 2575 break;
2576
2577 case ECOND_STR_GE:
b5b871ac 2578 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
059ec3d9
PH		 2579 break;
2580
2581 case ECOND_STR_GEI:
b5b871ac 2582 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
059ec3d9
PH		 2583 break;
2584
2585 case ECOND_MATCH: /* Regular expression match */
2586 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2587 NULL);
2588 if (re == NULL)
2589 {
2590 expand_string_message = string_sprintf("regular expression error in "
2591 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2592 return NULL;
2593 }
b5b871ac 2594 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
059ec3d9
PH		 2595 break;
2596
2597 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2598 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2599 goto MATCHED_SOMETHING;
2600
2601 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2602 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2603 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2604 goto MATCHED_SOMETHING;
2605
32d668a5 2606 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2607 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH		 2608 {
2609 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2610 sub[0]);
2611 return NULL;
2612 }
2613 else
2614 {
2615 unsigned int *nullcache = NULL;
2616 check_host_block cb;
2617
2618 cb.host_name = US"";
2619 cb.host_address = sub[0];
2620
2621 /* If the host address starts off ::ffff: it is an IPv6 address in
2622 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2623 addresses. */
2624
2625 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2626 cb.host_address + 7 : cb.host_address;
2627
2628 rc = match_check_list(
2629 &sub[1], /* the list */
2630 0, /* separator character */
2631 &hostlist_anchor, /* anchor pointer */
2632 &nullcache, /* cache pointer */
2633 check_host, /* function for testing */
2634 &cb, /* argument for function */
2635 MCL_HOST, /* type of check */
2636 sub[0], /* text for debugging */
2637 NULL); /* where to pass back data */
2638 }
2639 goto MATCHED_SOMETHING;
2640
059ec3d9
PH		 2641 case ECOND_MATCH_LOCAL_PART:
2642 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2643 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2644 /* Fall through */
9a26b6b2 2645 /* VVVVVVVVVVVV */
059ec3d9
PH		 2646 MATCHED_SOMETHING:
2647 switch(rc)
2648 {
2649 case OK:
b5b871ac 2650 tempcond = TRUE;
059ec3d9
PH		 2651 break;
2652
2653 case FAIL:
b5b871ac 2654 tempcond = FALSE;
059ec3d9
PH		 2655 break;
2656
2657 case DEFER:
2658 expand_string_message = string_sprintf("unable to complete match "
2659 "against \"%s\": %s", sub[1], search_error_message);
2660 return NULL;
2661 }
2662
2663 break;
2664
2665 /* Various "encrypted" comparisons. If the second string starts with
2666 "{" then an encryption type is given. Default to crypt() or crypt16()
2667 (build-time choice). */
b5b871ac 2668 /* }-for-text-editors */
059ec3d9
PH		 2669
2670 case ECOND_CRYPTEQ:
2671 #ifndef SUPPORT_CRYPTEQ
2672 goto COND_FAILED_NOT_COMPILED;
2673 #else
2674 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2675 {
2676 int sublen = Ustrlen(sub[1]+5);
2677 md5 base;
2678 uschar digest[16];
2679
2680 md5_start(&base);
2681 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2682
2683 /* If the length that we are comparing against is 24, the MD5 digest
2684 is expressed as a base64 string. This is the way LDAP does it. However,
2685 some other software uses a straightforward hex representation. We assume
2686 this if the length is 32. Other lengths fail. */
2687
2688 if (sublen == 24)
2689 {
2690 uschar *coded = auth_b64encode((uschar *)digest, 16);
2691 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2692 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2693 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
059ec3d9
PH		 2694 }
2695 else if (sublen == 32)
2696 {
2697 int i;
2698 uschar coded[36];
2699 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2700 coded[32] = 0;
2701 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2702 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2703 tempcond = (strcmpic(coded, sub[1]+5) == 0);
059ec3d9
PH		 2704 }
2705 else
2706 {
2707 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2708 "fail\n crypted=%s\n", sub[1]+5);
b5b871ac 2709 tempcond = FALSE;
059ec3d9
PH		 2710 }
2711 }
2712
2713 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2714 {
2715 int sublen = Ustrlen(sub[1]+6);
2716 sha1 base;
2717 uschar digest[20];
2718
2719 sha1_start(&base);
2720 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2721
2722 /* If the length that we are comparing against is 28, assume the SHA1
2723 digest is expressed as a base64 string. If the length is 40, assume a
2724 straightforward hex representation. Other lengths fail. */
2725
2726 if (sublen == 28)
2727 {
2728 uschar *coded = auth_b64encode((uschar *)digest, 20);
2729 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2730 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2731 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
059ec3d9
PH		 2732 }
2733 else if (sublen == 40)
2734 {
2735 int i;
2736 uschar coded[44];
2737 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2738 coded[40] = 0;
2739 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2740 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2741 tempcond = (strcmpic(coded, sub[1]+6) == 0);
059ec3d9
PH		 2742 }
2743 else
2744 {
2745 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2746 "fail\n crypted=%s\n", sub[1]+6);
b5b871ac 2747 tempcond = FALSE;
059ec3d9
PH		 2748 }
2749 }
2750
2751 else /* {crypt} or {crypt16} and non-{ at start */
76dca828 2752 /* }-for-text-editors */
059ec3d9
PH		 2753 {
2754 int which = 0;
2755 uschar *coded;
2756
2757 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2758 {
2759 sub[1] += 7;
2760 which = 1;
2761 }
2762 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2763 {
2764 sub[1] += 9;
2765 which = 2;
2766 }
b5b871ac 2767 else if (sub[1][0] == '{') /* }-for-text-editors */
059ec3d9
PH		 2768 {
2769 expand_string_message = string_sprintf("unknown encryption mechanism "
2770 "in \"%s\"", sub[1]);
2771 return NULL;
2772 }
2773
2774 switch(which)
2775 {
2776 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2777 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2778 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2779 }
2780
2781 #define STR(s) # s
2782 #define XSTR(s) STR(s)
2783 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2784 " subject=%s\n crypted=%s\n",
2785 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2786 coded, sub[1]);
2787 #undef STR
2788 #undef XSTR
2789
2790 /* If the encrypted string contains fewer than two characters (for the
2791 salt), force failure. Otherwise we get false positives: with an empty
2792 string the yield of crypt() is an empty string! */
2793
b5b871ac
JH		 2794 tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
2795 (Ustrcmp(coded, sub[1]) == 0);
059ec3d9
PH		 2796 }
2797 break;
2798 #endif /* SUPPORT_CRYPTEQ */
76dca828
PP		 2799
2800 case ECOND_INLIST:
2801 case ECOND_INLISTI:
2802 {
55414b25 2803 const uschar * list = sub[1];
76dca828 2804 int sep = 0;
76dca828
PP		 2805 uschar *save_iterate_item = iterate_item;
2806 int (*compare)(const uschar *, const uschar *);
2807
82dbd376
JH		 2808 DEBUG(D_expand) debug_printf("condition: %s\n", name);
2809
b5b871ac 2810 tempcond = FALSE;
55414b25
JH		 2811 compare = cond_type == ECOND_INLISTI
2812 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
76dca828 2813
55414b25 2814 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
76dca828
PP		 2815 if (compare(sub[0], iterate_item) == 0)
2816 {
b5b871ac 2817 tempcond = TRUE;
76dca828
PP		 2818 break;
2819 }
2820 iterate_item = save_iterate_item;
76dca828
PP		 2821 }
2822
059ec3d9
PH		 2823 } /* Switch for comparison conditions */
2824
b5b871ac 2825 *yield = tempcond == testfor;
059ec3d9
PH		 2826 return s; /* End of comparison conditions */
2827
2828
2829 /* and/or: computes logical and/or of several conditions */
2830
2831 case ECOND_AND:
2832 case ECOND_OR:
2833 subcondptr = (yield == NULL)? NULL : &tempcond;
2834 combined_cond = (cond_type == ECOND_AND);
2835
2836 while (isspace(*s)) s++;
b5b871ac 2837 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9
PH		 2838
2839 for (;;)
2840 {
2841 while (isspace(*s)) s++;
b5b871ac 2842 /* {-for-text-editors */
059ec3d9 2843 if (*s == '}') break;
b5b871ac 2844 if (*s != '{') /* }-for-text-editors */
059ec3d9
PH		 2845 {
2846 expand_string_message = string_sprintf("each subcondition "
2847 "inside an \"%s{...}\" condition must be in its own {}", name);
2848 return NULL;
2849 }
2850
b0e85a8f 2851 if (!(s = eval_condition(s+1, resetok, subcondptr)))
059ec3d9
PH		 2852 {
2853 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2854 expand_string_message, name);
2855 return NULL;
2856 }
2857 while (isspace(*s)) s++;
2858
b5b871ac 2859 /* {-for-text-editors */
059ec3d9
PH		 2860 if (*s++ != '}')
2861 {
b5b871ac 2862 /* {-for-text-editors */
059ec3d9
PH		 2863 expand_string_message = string_sprintf("missing } at end of condition "
2864 "inside \"%s\" group", name);
2865 return NULL;
2866 }
2867
2868 if (yield != NULL)
2869 {
2870 if (cond_type == ECOND_AND)
2871 {
2872 combined_cond &= tempcond;
2873 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2874 } /* evaluate any more */
2875 else
2876 {
2877 combined_cond |= tempcond;
2878 if (combined_cond) subcondptr = NULL; /* once true, don't */
2879 } /* evaluate any more */
2880 }
2881 }
2882
2883 if (yield != NULL) *yield = (combined_cond == testfor);
2884 return ++s;
2885
2886
0ce9abe6
PH		 2887 /* forall/forany: iterates a condition with different values */
2888
2889 case ECOND_FORALL:
2890 case ECOND_FORANY:
2891 {
55414b25 2892 const uschar * list;
0ce9abe6 2893 int sep = 0;
282b357d 2894 uschar *save_iterate_item = iterate_item;
0ce9abe6 2895
82dbd376
JH		 2896 DEBUG(D_expand) debug_printf("condition: %s\n", name);
2897
0ce9abe6 2898 while (isspace(*s)) s++;
b5b871ac 2899 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2900 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
0ce9abe6 2901 if (sub[0] == NULL) return NULL;
b5b871ac 2902 /* {-for-text-editors */
0ce9abe6
PH		 2903 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2904
2905 while (isspace(*s)) s++;
b5b871ac 2906 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
0ce9abe6
PH		 2907
2908 sub[1] = s;
2909
2910 /* Call eval_condition once, with result discarded (as if scanning a
2911 "false" part). This allows us to find the end of the condition, because if
2912 the list it empty, we won't actually evaluate the condition for real. */
2913
b0e85a8f 2914 if (!(s = eval_condition(sub[1], resetok, NULL)))
0ce9abe6
PH		 2915 {
2916 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2917 expand_string_message, name);
2918 return NULL;
2919 }
2920 while (isspace(*s)) s++;
2921
b5b871ac 2922 /* {-for-text-editors */
0ce9abe6
PH		 2923 if (*s++ != '}')
2924 {
b5b871ac 2925 /* {-for-text-editors */
0ce9abe6
PH		 2926 expand_string_message = string_sprintf("missing } at end of condition "
2927 "inside \"%s\"", name);
2928 return NULL;
2929 }
2930
2931 if (yield != NULL) *yield = !testfor;
55414b25
JH		 2932 list = sub[0];
2933 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
0ce9abe6
PH		 2934 {
2935 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
b0e85a8f 2936 if (!eval_condition(sub[1], resetok, &tempcond))
0ce9abe6
PH		 2937 {
2938 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2939 expand_string_message, name);
e58c13cc 2940 iterate_item = save_iterate_item;
0ce9abe6
PH		 2941 return NULL;
2942 }
2943 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2944 tempcond? "true":"false");
2945
2946 if (yield != NULL) *yield = (tempcond == testfor);
2947 if (tempcond == (cond_type == ECOND_FORANY)) break;
2948 }
2949
282b357d 2950 iterate_item = save_iterate_item;
0ce9abe6
PH		 2951 return s;
2952 }
2953
2954
f3766eb5
NM		 2955 /* The bool{} expansion condition maps a string to boolean.
2956 The values supported should match those supported by the ACL condition
2957 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2958 of true/false. Note that Router "condition" rules have a different
2959 interpretation, where general data can be used and only a few values
2960 map to FALSE.
2961 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP		 2962 only matches true/yes/false/no.
2963 The bool_lax{} condition matches the Router logic, which is much more
2964 liberal. */
f3766eb5 2965 case ECOND_BOOL:
6a8de854 2966 case ECOND_BOOL_LAX:
f3766eb5
NM		 2967 {
2968 uschar *sub_arg[1];
71265ae9 2969 uschar *t, *t2;
6a8de854 2970 uschar *ourname;
f3766eb5
NM		 2971 size_t len;
2972 BOOL boolvalue = FALSE;
2973 while (isspace(*s)) s++;
b5b871ac 2974 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
6a8de854 2975 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
b0e85a8f 2976 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
f3766eb5 2977 {
6a8de854
PP		 2978 case 1: expand_string_message = string_sprintf(
2979 "too few arguments or bracketing error for %s",
2980 ourname);
f3766eb5
NM		 2981 /*FALLTHROUGH*/
2982 case 2:
2983 case 3: return NULL;
2984 }
2985 t = sub_arg[0];
2986 while (isspace(*t)) t++;
2987 len = Ustrlen(t);
71265ae9
PP		 2988 if (len)
2989 {
2990 /* trailing whitespace: seems like a good idea to ignore it too */
2991 t2 = t + len - 1;
2992 while (isspace(*t2)) t2--;
2993 if (t2 != (t + len))
2994 {
2995 *++t2 = '\0';
2996 len = t2 - t;
2997 }
2998 }
f3766eb5 2999 DEBUG(D_expand)
6a8de854
PP		 3000 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
3001 /* logic for the lax case from expand_check_condition(), which also does
3002 expands, and the logic is both short and stable enough that there should
3003 be no maintenance burden from replicating it. */
f3766eb5
NM		 3004 if (len == 0)
3005 boolvalue = FALSE;
51c7471d
JH		 3006 else if (*t == '-'
3007 ? Ustrspn(t+1, "0123456789") == len-1
3008 : Ustrspn(t, "0123456789") == len)
6a8de854 3009 {
f3766eb5 3010 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP		 3011 /* expand_check_condition only does a literal string "0" check */
3012 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3013 boolvalue = TRUE;
3014 }
f3766eb5
NM		 3015 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3016 boolvalue = TRUE;
3017 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3018 boolvalue = FALSE;
6a8de854
PP		 3019 else if (cond_type == ECOND_BOOL_LAX)
3020 boolvalue = TRUE;
f3766eb5
NM		 3021 else
3022 {
3023 expand_string_message = string_sprintf("unrecognised boolean "
3024 "value \"%s\"", t);
3025 return NULL;
3026 }
5ee6f336 3027 if (yield != NULL) *yield = (boolvalue == testfor);
f3766eb5
NM		 3028 return s;
3029 }
3030
059ec3d9
PH		 3031 /* Unknown condition */
3032
3033 default:
3034 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
3035 return NULL;
3036 } /* End switch on condition type */
3037
3038/* Missing braces at start and end of data */
3039
3040COND_FAILED_CURLY_START:
3041expand_string_message = string_sprintf("missing { after \"%s\"", name);
3042return NULL;
3043
3044COND_FAILED_CURLY_END:
3045expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3046 name);
3047return NULL;
3048
3049/* A condition requires code that is not compiled */
3050
3051#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3052 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3053 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3054COND_FAILED_NOT_COMPILED:
3055expand_string_message = string_sprintf("support for \"%s\" not compiled",
3056 name);
3057return NULL;
3058#endif
3059}
3060
3061
3062
3063
3064/*************************************************
3065* Save numerical variables *
3066*************************************************/
3067
3068/* This function is called from items such as "if" that want to preserve and
3069restore the numbered variables.
3070
3071Arguments:
3072 save_expand_string points to an array of pointers to set
3073 save_expand_nlength points to an array of ints for the lengths
3074
3075Returns: the value of expand max to save
3076*/
3077
3078static int
3079save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3080{
3081int i;
3082for (i = 0; i <= expand_nmax; i++)
3083 {
3084 save_expand_nstring[i] = expand_nstring[i];
3085 save_expand_nlength[i] = expand_nlength[i];
3086 }
3087return expand_nmax;
3088}
3089
3090
3091
3092/*************************************************
3093* Restore numerical variables *
3094*************************************************/
3095
3096/* This function restored saved values of numerical strings.
3097
3098Arguments:
3099 save_expand_nmax the number of strings to restore
3100 save_expand_string points to an array of pointers
3101 save_expand_nlength points to an array of ints
3102
3103Returns: nothing
3104*/
3105
3106static void
3107restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3108 int *save_expand_nlength)
3109{
3110int i;
3111expand_nmax = save_expand_nmax;
3112for (i = 0; i <= expand_nmax; i++)
3113 {
3114 expand_nstring[i] = save_expand_nstring[i];
3115 expand_nlength[i] = save_expand_nlength[i];
3116 }
3117}
3118
3119
3120
3121
3122
3123/*************************************************
3124* Handle yes/no substrings *
3125*************************************************/
3126
3127/* This function is used by ${if}, ${lookup} and ${extract} to handle the
3128alternative substrings that depend on whether or not the condition was true,
3129or the lookup or extraction succeeded. The substrings always have to be
3130expanded, to check their syntax, but "skipping" is set when the result is not
3131needed - this avoids unnecessary nested lookups.
3132
3133Arguments:
3134 skipping TRUE if we were skipping when this item was reached
3135 yes TRUE if the first string is to be used, else use the second
3136 save_lookup a value to put back into lookup_value before the 2nd expansion
3137 sptr points to the input string pointer
3138 yieldptr points to the output string pointer
3139 sizeptr points to the output string size
3140 ptrptr points to the output string pointer
3141 type "lookup" or "if" or "extract" or "run", for error message
b0e85a8f
JH		 3142 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3143 the store.
059ec3d9
PH		 3144
3145Returns: 0 OK; lookup_value has been reset to save_lookup
3146 1 expansion failed
3147 2 expansion failed because of bracketing error
3148*/
3149
3150static int
55414b25 3151process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
b0e85a8f 3152 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type, BOOL *resetok)
059ec3d9
PH		 3153{
3154int rc = 0;
55414b25 3155const uschar *s = *sptr; /* Local value */
059ec3d9
PH		 3156uschar *sub1, *sub2;
3157
3158/* If there are no following strings, we substitute the contents of $value for
063b1e99 3159lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 3160"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 3161items. */
059ec3d9
PH		 3162
3163while (isspace(*s)) s++;
3164if (*s == '}')
3165 {
063b1e99
PH		 3166 if (type[0] == 'i')
3167 {
8e669ac1 3168 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH		 3169 }
3170 else
8e669ac1 3171 {
063b1e99
PH		 3172 if (yes && lookup_value != NULL)
3173 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
3174 Ustrlen(lookup_value));
3175 lookup_value = save_lookup;
3176 }
059ec3d9
PH		 3177 s++;
3178 goto RETURN;
3179 }
3180
9b4768fa
PH		 3181/* The first following string must be braced. */
3182
3183if (*s++ != '{') goto FAILED_CURLY;
3184
059ec3d9
PH		 3185/* Expand the first substring. Forced failures are noticed only if we actually
3186want this string. Set skipping in the call in the fail case (this will always
3187be the case if we were already skipping). */
3188
b0e85a8f 3189sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
059ec3d9
PH		 3190if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3191expand_string_forcedfail = FALSE;
3192if (*s++ != '}') goto FAILED_CURLY;
3193
3194/* If we want the first string, add it to the output */
3195
3196if (yes)
3197 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
3198
3199/* If this is called from a lookup or an extract, we want to restore $value to
3200what it was at the start of the item, so that it has this value during the
d20976dc
PH		 3201second string expansion. For the call from "if" or "run" to this function,
3202save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH		 3203
3204lookup_value = save_lookup;
3205
3206/* There now follows either another substring, or "fail", or nothing. This
3207time, forced failures are noticed only if we want the second string. We must
3208set skipping in the nested call if we don't want this string, or if we were
3209already skipping. */
3210
3211while (isspace(*s)) s++;
3212if (*s == '{')
3213 {
b0e85a8f 3214 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
059ec3d9
PH		 3215 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3216 expand_string_forcedfail = FALSE;
3217 if (*s++ != '}') goto FAILED_CURLY;
3218
3219 /* If we want the second string, add it to the output */
3220
3221 if (!yes)
3222 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
3223 }
3224
3225/* If there is no second string, but the word "fail" is present when the use of
3226the second string is wanted, set a flag indicating it was a forced failure
3227rather than a syntactic error. Swallow the terminating } in case this is nested
3228inside another lookup or if or extract. */
3229
3230else if (*s != '}')
3231 {
3232 uschar name[256];
55414b25
JH		 3233 /* deconst cast ok here as source is s anyway */
3234 s = US read_name(name, sizeof(name), s, US"_");
059ec3d9
PH		 3235 if (Ustrcmp(name, "fail") == 0)
3236 {
3237 if (!yes && !skipping)
3238 {
3239 while (isspace(*s)) s++;
3240 if (*s++ != '}') goto FAILED_CURLY;
3241 expand_string_message =
3242 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3243 expand_string_forcedfail = TRUE;
3244 goto FAILED;
3245 }
3246 }
3247 else
3248 {
3249 expand_string_message =
3250 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3251 goto FAILED;
3252 }
3253 }
3254
3255/* All we have to do now is to check on the final closing brace. */
3256
3257while (isspace(*s)) s++;
3258if (*s++ == '}') goto RETURN;
3259
3260/* Get here if there is a bracketing failure */
3261
3262FAILED_CURLY:
3263rc++;
3264
3265/* Get here for other failures */
3266
3267FAILED:
3268rc++;
3269
3270/* Update the input pointer value before returning */
3271
3272RETURN:
3273*sptr = s;
3274return rc;
3275}
3276
3277
3278
3279
059ec3d9
PH		 3280/*************************************************
3281* Handle MD5 or SHA-1 computation for HMAC *
3282*************************************************/
3283
3284/* These are some wrapping functions that enable the HMAC code to be a bit
3285cleaner. A good compiler will spot the tail recursion.
3286
3287Arguments:
3288 type HMAC_MD5 or HMAC_SHA1
3289 remaining are as for the cryptographic hash functions
3290
3291Returns: nothing
3292*/
3293
3294static void
3295chash_start(int type, void *base)
3296{
3297if (type == HMAC_MD5)
3298 md5_start((md5 *)base);
3299else
3300 sha1_start((sha1 *)base);
3301}
3302
3303static void
3304chash_mid(int type, void *base, uschar *string)
3305{
3306if (type == HMAC_MD5)
3307 md5_mid((md5 *)base, string);
3308else
3309 sha1_mid((sha1 *)base, string);
3310}
3311
3312static void
3313chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3314{
3315if (type == HMAC_MD5)
3316 md5_end((md5 *)base, string, length, digest);
3317else
3318 sha1_end((sha1 *)base, string, length, digest);
3319}
3320
3321
3322
3323
3324
1549ea3b
PH		 3325/********************************************************
3326* prvs: Get last three digits of days since Jan 1, 1970 *
3327********************************************************/
3328
3329/* This is needed to implement the "prvs" BATV reverse
3330 path signing scheme
3331
3332Argument: integer "days" offset to add or substract to
3333 or from the current number of days.
3334
3335Returns: pointer to string containing the last three
3336 digits of the number of days since Jan 1, 1970,
3337 modified by the offset argument, NULL if there
3338 was an error in the conversion.
3339
3340*/
3341
3342static uschar *
3343prvs_daystamp(int day_offset)
3344{
a86229cf
PH		 3345uschar *days = store_get(32); /* Need at least 24 for cases */
3346(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 3347 (time(NULL) + day_offset*86400)/86400);
e169f567 3348return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH		 3349}
3350
3351
3352
3353/********************************************************
3354* prvs: perform HMAC-SHA1 computation of prvs bits *
3355********************************************************/
3356
3357/* This is needed to implement the "prvs" BATV reverse
3358 path signing scheme
3359
3360Arguments:
3361 address RFC2821 Address to use
3362 key The key to use (must be less than 64 characters
3363 in size)
3364 key_num Single-digit key number to use. Defaults to
3365 '0' when NULL.
3366
3367Returns: pointer to string containing the first three
3368 bytes of the final hash in hex format, NULL if
3369 there was an error in the process.
3370*/
3371
3372static uschar *
3373prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3374{
3375uschar *hash_source, *p;
3376int size = 0,offset = 0,i;
3377sha1 sha1_base;
3378void *use_base = &sha1_base;
3379uschar innerhash[20];
3380uschar finalhash[20];
3381uschar innerkey[64];
3382uschar outerkey[64];
3383uschar *finalhash_hex = store_get(40);
3384
3385if (key_num == NULL)
3386 key_num = US"0";
3387
3388if (Ustrlen(key) > 64)
3389 return NULL;
3390
3391hash_source = string_cat(NULL,&size,&offset,key_num,1);
3392string_cat(hash_source,&size,&offset,daystamp,3);
3393string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3394hash_source[offset] = '\0';
3395
3396DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3397
3398memset(innerkey, 0x36, 64);
3399memset(outerkey, 0x5c, 64);
3400
3401for (i = 0; i < Ustrlen(key); i++)
3402 {
3403 innerkey[i] ^= key[i];
3404 outerkey[i] ^= key[i];
3405 }
3406
3407chash_start(HMAC_SHA1, use_base);
3408chash_mid(HMAC_SHA1, use_base, innerkey);
3409chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3410
3411chash_start(HMAC_SHA1, use_base);
3412chash_mid(HMAC_SHA1, use_base, outerkey);
3413chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3414
3415p = finalhash_hex;
3416for (i = 0; i < 3; i++)
3417 {
3418 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3419 *p++ = hex_digits[finalhash[i] & 0x0f];
3420 }
3421*p = '\0';
3422
3423return finalhash_hex;
3424}
3425
3426
3427
3428
059ec3d9
PH		 3429/*************************************************
3430* Join a file onto the output string *
3431*************************************************/
3432
3433/* This is used for readfile and after a run expansion. It joins the contents
3434of a file onto the output string, globally replacing newlines with a given
3435string (optionally). The file is closed at the end.
3436
3437Arguments:
3438 f the FILE
3439 yield pointer to the expandable string
3440 sizep pointer to the current size
3441 ptrp pointer to the current position
3442 eol newline replacement string, or NULL
3443
3444Returns: new value of string pointer
3445*/
3446
3447static uschar *
3448cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
3449{
3450int eollen;
3451uschar buffer[1024];
3452
3453eollen = (eol == NULL)? 0 : Ustrlen(eol);
3454
3455while (Ufgets(buffer, sizeof(buffer), f) != NULL)
3456 {
3457 int len = Ustrlen(buffer);
3458 if (eol != NULL && buffer[len-1] == '\n') len--;
3459 yield = string_cat(yield, sizep, ptrp, buffer, len);
3460 if (buffer[len] != 0)
3461 yield = string_cat(yield, sizep, ptrp, eol, eollen);
3462 }
3463
3464if (yield != NULL) yield[*ptrp] = 0;
3465
3466return yield;
3467}
3468
3469
3470
3471
3472/*************************************************
3473* Evaluate numeric expression *
3474*************************************************/
3475
af561417
PH		 3476/* This is a set of mutually recursive functions that evaluate an arithmetic
3477expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3478these functions that is called from elsewhere is eval_expr, whose interface is:
059ec3d9
PH		 3479
3480Arguments:
af561417
PH		 3481 sptr pointer to the pointer to the string - gets updated
3482 decimal TRUE if numbers are to be assumed decimal
3483 error pointer to where to put an error message - must be NULL on input
3484 endket TRUE if ')' must terminate - FALSE for external call
059ec3d9 3485
af561417
PH		 3486Returns: on success: the value of the expression, with *error still NULL
3487 on failure: an undefined value, with *error = a message
059ec3d9
PH		 3488*/
3489
97d17305 3490static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
af561417 3491
059ec3d9 3492
97d17305 3493static int_eximarith_t
059ec3d9
PH		 3494eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3495{
3496uschar *s = *sptr;
97d17305 3497int_eximarith_t x = eval_op_or(&s, decimal, error);
059ec3d9
PH		 3498if (*error == NULL)
3499 {
af561417 3500 if (endket)
059ec3d9 3501 {
af561417
PH		 3502 if (*s != ')')
3503 *error = US"expecting closing parenthesis";
3504 else
3505 while (isspace(*(++s)));
059ec3d9 3506 }
af561417 3507 else if (*s != 0) *error = US"expecting operator";
059ec3d9 3508 }
059ec3d9
PH		 3509*sptr = s;
3510return x;
3511}
3512
af561417 3513
97d17305 3514static int_eximarith_t
af561417 3515eval_number(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 3516{
3517register int c;
97d17305 3518int_eximarith_t n;
059ec3d9
PH		 3519uschar *s = *sptr;
3520while (isspace(*s)) s++;
3521c = *s;
af561417 3522if (isdigit(c))
059ec3d9
PH		 3523 {
3524 int count;
97d17305 3525 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
059ec3d9 3526 s += count;
97d17305
JH		 3527 switch (tolower(*s))
3528 {
3529 default: break;
3530 case 'k': n *= 1024; s++; break;
3531 case 'm': n *= 1024*1024; s++; break;
3532 case 'g': n *= 1024*1024*1024; s++; break;
3533 }
059ec3d9
PH		 3534 while (isspace (*s)) s++;
3535 }
3536else if (c == '(')
3537 {
3538 s++;
3539 n = eval_expr(&s, decimal, error, 1);
3540 }
3541else
3542 {
3543 *error = US"expecting number or opening parenthesis";
3544 n = 0;
3545 }
3546*sptr = s;
3547return n;
3548}
3549
af561417 3550
97d17305 3551static int_eximarith_t
aa7c82b2 3552eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3553{
3554uschar *s = *sptr;
97d17305 3555int_eximarith_t x;
af561417
PH		 3556while (isspace(*s)) s++;
3557if (*s == '+' || *s == '-' || *s == '~')
3558 {
3559 int op = *s++;
3560 x = eval_op_unary(&s, decimal, error);
3561 if (op == '-') x = -x;
3562 else if (op == '~') x = ~x;
3563 }
3564else
3565 {
3566 x = eval_number(&s, decimal, error);
3567 }
3568*sptr = s;
3569return x;
3570}
3571
3572
97d17305 3573static int_eximarith_t
aa7c82b2 3574eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 3575{
3576uschar *s = *sptr;
97d17305 3577int_eximarith_t x = eval_op_unary(&s, decimal, error);
059ec3d9
PH		 3578if (*error == NULL)
3579 {
5591031b 3580 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH		 3581 {
3582 int op = *s++;
97d17305 3583 int_eximarith_t y = eval_op_unary(&s, decimal, error);
059ec3d9 3584 if (*error != NULL) break;
053a9aa3
PP		 3585 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3586 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3587 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3588 * -N*M is INT_MIN will yielf INT_MIN.
3589 * Since we don't support floating point, this is somewhat simpler.
3590 * Ideally, we'd return an error, but since we overflow for all other
3591 * arithmetic, consistency suggests otherwise, but what's the correct value
3592 * to use? There is none.
3593 * The C standard guarantees overflow for unsigned arithmetic but signed
3594 * overflow invokes undefined behaviour; in practice, this is overflow
3595 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3596 * that long/longlong larger than int are available, or we could just work
3597 * with larger types. We should consider whether to guarantee 32bit eval
3598 * and 64-bit working variables, with errors returned. For now ...
3599 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3600 * can just let the other invalid results occur otherwise, as they have
3601 * until now. For this one case, we can coerce.
3602 */
4328fd3c 3603 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
053a9aa3
PP		 3604 {
3605 DEBUG(D_expand)
97d17305 3606 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
4328fd3c
JH		 3607 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3608 x = EXIM_ARITH_MAX;
053a9aa3
PP		 3609 continue;
3610 }
a5b52695
PP		 3611 if (op == '*')
3612 x *= y;
3613 else
3614 {
3615 if (y == 0)
54e7ce4a 3616 {
a5b52695
PP		 3617 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3618 x = 0;
3619 break;
54e7ce4a 3620 }
a5b52695
PP		 3621 if (op == '/')
3622 x /= y;
3623 else
3624 x %= y;
3625 }
059ec3d9
PH		 3626 }
3627 }
3628*sptr = s;
3629return x;
3630}
3631
3632
97d17305 3633static int_eximarith_t
aa7c82b2 3634eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3635{
3636uschar *s = *sptr;
97d17305 3637int_eximarith_t x = eval_op_mult(&s, decimal, error);
af561417
PH		 3638if (*error == NULL)
3639 {
3640 while (*s == '+' || *s == '-')
3641 {
3642 int op = *s++;
97d17305 3643 int_eximarith_t y = eval_op_mult(&s, decimal, error);
af561417
PH		 3644 if (*error != NULL) break;
3645 if (op == '+') x += y; else x -= y;
3646 }
3647 }
3648*sptr = s;
3649return x;
3650}
3651
3652
97d17305 3653static int_eximarith_t
aa7c82b2 3654eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3655{
3656uschar *s = *sptr;
97d17305 3657int_eximarith_t x = eval_op_sum(&s, decimal, error);
af561417
PH		 3658if (*error == NULL)
3659 {
3660 while ((*s == '<' || *s == '>') && s[1] == s[0])
3661 {
97d17305 3662 int_eximarith_t y;
af561417
PH		 3663 int op = *s++;
3664 s++;
3665 y = eval_op_sum(&s, decimal, error);
3666 if (*error != NULL) break;
3667 if (op == '<') x <<= y; else x >>= y;
3668 }
3669 }
3670*sptr = s;
3671return x;
3672}
3673
3674
97d17305 3675static int_eximarith_t
aa7c82b2 3676eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3677{
3678uschar *s = *sptr;
97d17305 3679int_eximarith_t x = eval_op_shift(&s, decimal, error);
af561417
PH		 3680if (*error == NULL)
3681 {
3682 while (*s == '&')
3683 {
97d17305 3684 int_eximarith_t y;
af561417
PH		 3685 s++;
3686 y = eval_op_shift(&s, decimal, error);
3687 if (*error != NULL) break;
3688 x &= y;
3689 }
3690 }
3691*sptr = s;
3692return x;
3693}
3694
3695
97d17305 3696static int_eximarith_t
aa7c82b2 3697eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3698{
3699uschar *s = *sptr;
97d17305 3700int_eximarith_t x = eval_op_and(&s, decimal, error);
af561417
PH		 3701if (*error == NULL)
3702 {
3703 while (*s == '^')
3704 {
97d17305 3705 int_eximarith_t y;
af561417
PH		 3706 s++;
3707 y = eval_op_and(&s, decimal, error);
3708 if (*error != NULL) break;
3709 x ^= y;
3710 }
3711 }
3712*sptr = s;
3713return x;
3714}
3715
3716
97d17305 3717static int_eximarith_t
aa7c82b2 3718eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3719{
3720uschar *s = *sptr;
97d17305 3721int_eximarith_t x = eval_op_xor(&s, decimal, error);
af561417
PH		 3722if (*error == NULL)
3723 {
3724 while (*s == '|')
3725 {
97d17305 3726 int_eximarith_t y;
af561417
PH		 3727 s++;
3728 y = eval_op_xor(&s, decimal, error);
3729 if (*error != NULL) break;
3730 x |= y;
3731 }
3732 }
3733*sptr = s;
3734return x;
3735}
3736
059ec3d9
PH		 3737
3738
3739/*************************************************
3740* Expand string *
3741*************************************************/
3742
3743/* Returns either an unchanged string, or the expanded string in stacking pool
3744store. Interpreted sequences are:
3745
3746 \... normal escaping rules
3747 $name substitutes the variable
3748 ${name} ditto
3749 ${op:string} operates on the expanded string value
3750 ${item{arg1}{arg2}...} expands the args and then does the business
3751 some literal args are not enclosed in {}
3752
3753There are now far too many operators and item types to make it worth listing
3754them here in detail any more.
3755
3756We use an internal routine recursively to handle embedded substrings. The
3757external function follows. The yield is NULL if the expansion failed, and there
3758are two cases: if something collapsed syntactically, or if "fail" was given
3759as the action on a lookup failure. These can be distinguised by looking at the
3760variable expand_string_forcedfail, which is TRUE in the latter case.
3761
3762The skipping flag is set true when expanding a substring that isn't actually
3763going to be used (after "if" or "lookup") and it prevents lookups from
3764happening lower down.
3765
3766Store usage: At start, a store block of the length of the input plus 64
3767is obtained. This is expanded as necessary by string_cat(), which might have to
3768get a new block, or might be able to expand the original. At the end of the
3769function we can release any store above that portion of the yield block that
3770was actually used. In many cases this will be optimal.
3771
3772However: if the first item in the expansion is a variable name or header name,
3773we reset the store before processing it; if the result is in fresh store, we
3774use that without copying. This is helpful for expanding strings like
3775$message_headers which can get very long.
3776
d6b4d938
TF		 3777There's a problem if a ${dlfunc item has side-effects that cause allocation,
3778since resetting the store at the end of the expansion will free store that was
3779allocated by the plugin code as well as the slop after the expanded string. So
b0e85a8f
JH		 3780we skip any resets if ${dlfunc } has been used. The same applies for ${acl }
3781and, given the acl condition, ${if }. This is an unfortunate consequence of
3782string expansion becoming too powerful.
d6b4d938 3783
059ec3d9
PH		 3784Arguments:
3785 string the string to be expanded
3786 ket_ends true if expansion is to stop at }
3787 left if not NULL, a pointer to the first character after the
3788 expansion is placed here (typically used with ket_ends)
3789 skipping TRUE for recursive calls when the value isn't actually going
3790 to be used (to allow for optimisation)
da6dbe26
PP		 3791 honour_dollar TRUE if $ is to be expanded,
3792 FALSE if it's just another character
b0e85a8f
JH		 3793 resetok_p if not NULL, pointer to flag - write FALSE if unsafe to reset
3794 the store.
059ec3d9
PH		 3795
3796Returns: NULL if expansion fails:
3797 expand_string_forcedfail is set TRUE if failure was forced
3798 expand_string_message contains a textual error message
3799 a pointer to the expanded string on success
3800*/
3801
3802static uschar *
55414b25 3803expand_string_internal(const uschar *string, BOOL ket_ends, const uschar **left,
b0e85a8f 3804 BOOL skipping, BOOL honour_dollar, BOOL *resetok_p)
059ec3d9
PH		 3805{
3806int ptr = 0;
3807int size = Ustrlen(string)+ 64;
3808int item_type;
3809uschar *yield = store_get(size);
55414b25 3810const uschar *s = string;
059ec3d9
PH		 3811uschar *save_expand_nstring[EXPAND_MAXN+1];
3812int save_expand_nlength[EXPAND_MAXN+1];
d6b4d938 3813BOOL resetok = TRUE;
059ec3d9
PH		 3814
3815expand_string_forcedfail = FALSE;
3816expand_string_message = US"";
3817
3818while (*s != 0)
3819 {
3820 uschar *value;
3821 uschar name[256];
3822
3823 /* \ escapes the next character, which must exist, or else
3824 the expansion fails. There's a special escape, \N, which causes
3825 copying of the subject verbatim up to the next \N. Otherwise,
3826 the escapes are the standard set. */
3827
3828 if (*s == '\\')
3829 {
3830 if (s[1] == 0)
3831 {
3832 expand_string_message = US"\\ at end of string";
3833 goto EXPAND_FAILED;
3834 }
3835
3836 if (s[1] == 'N')
3837 {
55414b25 3838 const uschar * t = s + 2;
059ec3d9
PH		 3839 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3840 yield = string_cat(yield, &size, &ptr, t, s - t);
3841 if (*s != 0) s += 2;
3842 }
3843
3844 else
3845 {
3846 uschar ch[1];
3847 ch[0] = string_interpret_escape(&s);
3848 s++;
3849 yield = string_cat(yield, &size, &ptr, ch, 1);
3850 }
3851
3852 continue;
3853 }
3854
2e23003a 3855 /*{*/
059ec3d9
PH		 3856 /* Anything other than $ is just copied verbatim, unless we are
3857 looking for a terminating } character. */
3858
2e23003a 3859 /*{*/
059ec3d9
PH		 3860 if (ket_ends && *s == '}') break;
3861
da6dbe26 3862 if (*s != '$' || !honour_dollar)
059ec3d9
PH		 3863 {
3864 yield = string_cat(yield, &size, &ptr, s++, 1);
3865 continue;
3866 }
3867
3868 /* No { after the $ - must be a plain name or a number for string
3869 match variable. There has to be a fudge for variables that are the
3870 names of header fields preceded by "$header_" because header field
3871 names can contain any printing characters except space and colon.
3872 For those that don't like typing this much, "$h_" is a synonym for
3873 "$header_". A non-existent header yields a NULL value; nothing is
2e23003a 3874 inserted. */ /*}*/
059ec3d9
PH		 3875
3876 if (isalpha((*(++s))))
3877 {
3878 int len;
3879 int newsize = 0;
3880
3881 s = read_name(name, sizeof(name), s, US"_");
3882
3883 /* If this is the first thing to be expanded, release the pre-allocated
3884 buffer. */
3885
3886 if (ptr == 0 && yield != NULL)
3887 {
d6b4d938 3888 if (resetok) store_reset(yield);
059ec3d9
PH		 3889 yield = NULL;
3890 size = 0;
3891 }
3892
3893 /* Header */
3894
3895 if (Ustrncmp(name, "h_", 2) == 0 ||
3896 Ustrncmp(name, "rh_", 3) == 0 ||
3897 Ustrncmp(name, "bh_", 3) == 0 ||
3898 Ustrncmp(name, "header_", 7) == 0 ||
3899 Ustrncmp(name, "rheader_", 8) == 0 ||
3900 Ustrncmp(name, "bheader_", 8) == 0)
3901 {
3902 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3903 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3904 s = read_header_name(name, sizeof(name), s);
3905 value = find_header(name, FALSE, &newsize, want_raw, charset);
3906
3907 /* If we didn't find the header, and the header contains a closing brace
0d85fa3f 3908 character, this may be a user error where the terminating colon
059ec3d9
PH		 3909 has been omitted. Set a flag to adjust the error message in this case.
3910 But there is no error here - nothing gets inserted. */
3911
3912 if (value == NULL)
3913 {
3914 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3915 continue;
3916 }
3917 }
3918
3919 /* Variable */
3920
3921 else
3922 {
3923 value = find_variable(name, FALSE, skipping, &newsize);
3924 if (value == NULL)
3925 {
3926 expand_string_message =
3927 string_sprintf("unknown variable name \"%s\"", name);
641cb756 3928 check_variable_error_message(name);
059ec3d9
PH		 3929 goto EXPAND_FAILED;
3930 }
3931 }
3932
3933 /* If the data is known to be in a new buffer, newsize will be set to the
3934 size of that buffer. If this is the first thing in an expansion string,
3935 yield will be NULL; just point it at the new store instead of copying. Many
3936 expansion strings contain just one reference, so this is a useful
3937 optimization, especially for humungous headers. */
3938
3939 len = Ustrlen(value);
3940 if (yield == NULL && newsize != 0)
3941 {
3942 yield = value;
3943 size = newsize;
3944 ptr = len;
3945 }
3946 else yield = string_cat(yield, &size, &ptr, value, len);
3947
3948 continue;
3949 }
3950
3951 if (isdigit(*s))
3952 {
3953 int n;
55414b25 3954 s = read_cnumber(&n, s);
059ec3d9
PH		 3955 if (n >= 0 && n <= expand_nmax)
3956 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3957 expand_nlength[n]);
3958 continue;
3959 }
3960
2e23003a 3961 /* Otherwise, if there's no '{' after $ it's an error. */ /*}*/
059ec3d9 3962
2e23003a 3963 if (*s != '{') /*}*/
059ec3d9 3964 {
2e23003a 3965 expand_string_message = US"$ not followed by letter, digit, or {"; /*}*/
059ec3d9
PH		 3966 goto EXPAND_FAILED;
3967 }
3968
3969 /* After { there can be various things, but they all start with
3970 an initial word, except for a number for a string match variable. */
3971
3972 if (isdigit((*(++s))))
3973 {
3974 int n;
55414b25 3975 s = read_cnumber(&n, s); /*{*/
059ec3d9 3976 if (*s++ != '}')
2e23003a 3977 { /*{*/
059ec3d9
PH		 3978 expand_string_message = US"} expected after number";
3979 goto EXPAND_FAILED;
3980 }
3981 if (n >= 0 && n <= expand_nmax)
3982 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3983 expand_nlength[n]);
3984 continue;
3985 }
3986
3987 if (!isalpha(*s))
3988 {
2e23003a 3989 expand_string_message = US"letter or digit expected after ${"; /*}*/
059ec3d9
PH		 3990 goto EXPAND_FAILED;
3991 }
3992
3993 /* Allow "-" in names to cater for substrings with negative
3994 arguments. Since we are checking for known names after { this is
3995 OK. */
3996
3997 s = read_name(name, sizeof(name), s, US"_-");
0539a19d 3998 item_type = chop_match(name, item_table, nelem(item_table));
059ec3d9
PH		 3999
4000 switch(item_type)
4001 {
525239c1 4002 /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
333eea9c 4003 If the ACL returns accept or reject we return content set by "message ="
723c72e6
JH		 4004 There is currently no limit on recursion; this would have us call
4005 acl_check_internal() directly and get a current level from somewhere.
f60d98e8
JH		 4006 See also the acl expansion condition ECOND_ACL and the traditional
4007 acl modifier ACLC_ACL.
be7a5781 4008 Assume that the function has side-effects on the store that must be preserved.
723c72e6
JH		 4009 */
4010
4011 case EITEM_ACL:
333eea9c 4012 /* ${acl {name} {arg1}{arg2}...} */
723c72e6 4013 {
333eea9c 4014 uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */
723c72e6 4015 uschar *user_msg;
333eea9c 4016
089fc87a
JH		 4017 switch(read_subs(sub, nelem(sub), 1, &s, skipping, TRUE, US"acl",
4018 &resetok))
723c72e6
JH		 4019 {
4020 case 1: goto EXPAND_FAILED_CURLY;
4021 case 2:
4022 case 3: goto EXPAND_FAILED;
4023 }
4024 if (skipping) continue;
4025
be7a5781 4026 resetok = FALSE;
0539a19d 4027 switch(eval_acl(sub, nelem(sub), &user_msg))
723c72e6
JH		 4028 {
4029 case OK:
333eea9c 4030 case FAIL:
187bc588
JH		 4031 DEBUG(D_expand)
4032 debug_printf("acl expansion yield: %s\n", user_msg);
723c72e6
JH		 4033 if (user_msg)
4034 yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
4035 continue;
333eea9c 4036
723c72e6 4037 case DEFER:
333eea9c 4038 expand_string_forcedfail = TRUE;
723c72e6 4039 default:
333eea9c 4040 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
723c72e6
JH		 4041 goto EXPAND_FAILED;
4042 }
4043 }
4044
059ec3d9
PH		 4045 /* Handle conditionals - preserve the values of the numerical expansion
4046 variables in case they get changed by a regular expression match in the
4047 condition. If not, they retain their external settings. At the end
4048 of this "if" section, they get restored to their previous values. */
4049
4050 case EITEM_IF:
4051 {
4052 BOOL cond = FALSE;
55414b25 4053 const uschar *next_s;
059ec3d9
PH		 4054 int save_expand_nmax =
4055 save_expand_strings(save_expand_nstring, save_expand_nlength);
4056
4057 while (isspace(*s)) s++;
b0e85a8f 4058 next_s = eval_condition(s, &resetok, skipping? NULL : &cond);
059ec3d9
PH		 4059 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
4060
4061 DEBUG(D_expand)
4062 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
4063 cond? "true" : "false");
4064
4065 s = next_s;
4066
4067 /* The handling of "yes" and "no" result strings is now in a separate
4068 function that is also used by ${lookup} and ${extract} and ${run}. */
4069
4070 switch(process_yesno(
4071 skipping, /* were previously skipping */
4072 cond, /* success/failure indicator */
4073 lookup_value, /* value to reset for string2 */
4074 &s, /* input pointer */
4075 &yield, /* output pointer */
4076 &size, /* output size */
4077 &ptr, /* output current point */
b0e85a8f
JH		 4078 US"if", /* condition type */
4079 &resetok))
059ec3d9
PH		 4080 {
4081 case 1: goto EXPAND_FAILED; /* when all is well, the */
4082 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4083 }
4084
4085 /* Restore external setting of expansion variables for continuation
4086 at this level. */
4087
b0e85a8f
JH		 4088 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4089 save_expand_nlength);
059ec3d9
PH		 4090 continue;
4091 }
4092
ed0512a1
JH		 4093#ifdef EXPERIMENTAL_INTERNATIONAL
4094 case EITEM_IMAPFOLDER:
4095 { /* ${imapfolder {name}{sep]{specials}} */
4096 uschar *sub_arg[3];
4097 uschar *encoded;
4098
0539a19d
JH		 4099 switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
4100 &resetok))
ed0512a1
JH		 4101 {
4102 case 1: goto EXPAND_FAILED_CURLY;
4103 case 2:
4104 case 3: goto EXPAND_FAILED;
4105 }
4106
4107 if (sub_arg[1] == NULL) /* One argument */
4108 {
0539a19d 4109 sub_arg[1] = US"/"; /* default separator */
ed0512a1
JH		 4110 sub_arg[2] = NULL;
4111 }
0539a19d 4112 else if (Ustrlen(sub_arg[1]) != 1)
ed0512a1 4113 {
94431adb 4114 expand_string_message =
ed0512a1 4115 string_sprintf(
94431adb 4116 "IMAP folder separator must be one character, found \"%s\"",
ed0512a1
JH		 4117 sub_arg[1]);
4118 goto EXPAND_FAILED;
4119 }
4120
4121 if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset,
4122 sub_arg[1][0], sub_arg[2], &expand_string_message)))
4123 goto EXPAND_FAILED;
4124 if (!skipping)
4125 yield = string_cat(yield, &size, &ptr, encoded, Ustrlen(encoded));
4126 continue;
4127 }
4128#endif
4129
059ec3d9
PH		 4130 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
4131 expanding an internal string that isn't actually going to be used. All we
4132 need to do is check the syntax, so don't do a lookup at all. Preserve the
4133 values of the numerical expansion variables in case they get changed by a
4134 partial lookup. If not, they retain their external settings. At the end
4135 of this "lookup" section, they get restored to their previous values. */
4136
4137 case EITEM_LOOKUP:
4138 {
4139 int stype, partial, affixlen, starflags;
4140 int expand_setup = 0;
4141 int nameptr = 0;
55414b25
JH		 4142 uschar *key, *filename;
4143 const uschar *affix;
059ec3d9
PH		 4144 uschar *save_lookup_value = lookup_value;
4145 int save_expand_nmax =
4146 save_expand_strings(save_expand_nstring, save_expand_nlength);
4147
4148 if ((expand_forbid & RDO_LOOKUP) != 0)
4149 {
4150 expand_string_message = US"lookup expansions are not permitted";
4151 goto EXPAND_FAILED;
4152 }
4153
4154 /* Get the key we are to look up for single-key+file style lookups.
4155 Otherwise set the key NULL pro-tem. */
4156
4157 while (isspace(*s)) s++;
2e23003a 4158 if (*s == '{') /*}*/
059ec3d9 4159 {
b0e85a8f 4160 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
2e23003a 4161 if (key == NULL) goto EXPAND_FAILED; /*{*/
059ec3d9
PH		 4162 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4163 while (isspace(*s)) s++;
4164 }
4165 else key = NULL;
4166
4167 /* Find out the type of database */
4168
4169 if (!isalpha(*s))
4170 {
4171 expand_string_message = US"missing lookup type";
4172 goto EXPAND_FAILED;
4173 }
4174
4175 /* The type is a string that may contain special characters of various
4176 kinds. Allow everything except space or { to appear; the actual content
2e23003a 4177 is checked by search_findtype_partial. */ /*}*/
059ec3d9 4178
2e23003a 4179 while (*s != 0 && *s != '{' && !isspace(*s)) /*}*/
059ec3d9
PH		 4180 {
4181 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
4182 s++;
4183 }
4184 name[nameptr] = 0;
4185 while (isspace(*s)) s++;
4186
4187 /* Now check for the individual search type and any partial or default
4188 options. Only those types that are actually in the binary are valid. */
4189
4190 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
4191 &starflags);
4192 if (stype < 0)
4193 {
4194 expand_string_message = search_error_message;
4195 goto EXPAND_FAILED;
4196 }
4197
4198 /* Check that a key was provided for those lookup types that need it,
4199 and was not supplied for those that use the query style. */
4200
13b685f9 4201 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
059ec3d9
PH		 4202 {
4203 if (key == NULL)
4204 {
4205 expand_string_message = string_sprintf("missing {key} for single-"
4206 "key \"%s\" lookup", name);
4207 goto EXPAND_FAILED;
4208 }
4209 }
4210 else
4211 {
4212 if (key != NULL)
4213 {
4214 expand_string_message = string_sprintf("a single key was given for "
4215 "lookup type \"%s\", which is not a single-key lookup type", name);
4216 goto EXPAND_FAILED;
4217 }
4218 }
4219
4220 /* Get the next string in brackets and expand it. It is the file name for
13b685f9
PH		 4221 single-key+file lookups, and the whole query otherwise. In the case of
4222 queries that also require a file name (e.g. sqlite), the file name comes
4223 first. */
059ec3d9
PH		 4224
4225 if (*s != '{') goto EXPAND_FAILED_CURLY;
b0e85a8f 4226 filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
059ec3d9
PH		 4227 if (filename == NULL) goto EXPAND_FAILED;
4228 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4229 while (isspace(*s)) s++;
4230
4231 /* If this isn't a single-key+file lookup, re-arrange the variables
13b685f9
PH		 4232 to be appropriate for the search_ functions. For query-style lookups,
4233 there is just a "key", and no file name. For the special query-style +
4234 file types, the query (i.e. "key") starts with a file name. */
059ec3d9
PH		 4235
4236 if (key == NULL)
4237 {
13b685f9 4238 while (isspace(*filename)) filename++;
059ec3d9 4239 key = filename;
13b685f9
PH		 4240
4241 if (mac_islookup(stype, lookup_querystyle))
4242 {
4243 filename = NULL;
4244 }
4245 else
4246 {
4247 if (*filename != '/')
4248 {
4249 expand_string_message = string_sprintf(
4250 "absolute file name expected for \"%s\" lookup", name);
4251 goto EXPAND_FAILED;
4252 }
4253 while (*key != 0 && !isspace(*key)) key++;
4254 if (*key != 0) *key++ = 0;
4255 }
059ec3d9
PH		 4256 }
4257
4258 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
4259 the entry was not found. Note that there is no search_close() function.
4260 Files are left open in case of re-use. At suitable places in higher logic,
4261 search_tidyup() is called to tidy all open files. This can save opening
4262 the same file several times. However, files may also get closed when
4263 others are opened, if too many are open at once. The rule is that a
4264 handle should not be used after a second search_open().
4265
4266 Request that a partial search sets up $1 and maybe $2 by passing
4267 expand_setup containing zero. If its value changes, reset expand_nmax,
4268 since new variables will have been set. Note that at the end of this
4269 "lookup" section, the old numeric variables are restored. */
4270
4271 if (skipping)
4272 lookup_value = NULL;
4273 else
4274 {
4275 void *handle = search_open(filename, stype, 0, NULL, NULL);
4276 if (handle == NULL)
4277 {
4278 expand_string_message = search_error_message;
4279 goto EXPAND_FAILED;
4280 }
4281 lookup_value = search_find(handle, filename, key, partial, affix,
4282 affixlen, starflags, &expand_setup);
4283 if (search_find_defer)
4284 {
4285 expand_string_message =
b72aab72
PP		 4286 string_sprintf("lookup of \"%s\" gave DEFER: %s",
4287 string_printing2(key, FALSE), search_error_message);
059ec3d9
PH		 4288 goto EXPAND_FAILED;
4289 }
4290 if (expand_setup > 0) expand_nmax = expand_setup;
4291 }
4292
4293 /* The handling of "yes" and "no" result strings is now in a separate
4294 function that is also used by ${if} and ${extract}. */
4295
4296 switch(process_yesno(
4297 skipping, /* were previously skipping */
4298 lookup_value != NULL, /* success/failure indicator */
4299 save_lookup_value, /* value to reset for string2 */
4300 &s, /* input pointer */
4301 &yield, /* output pointer */
4302 &size, /* output size */
4303 &ptr, /* output current point */
b0e85a8f
JH		 4304 US"lookup", /* condition type */
4305 &resetok))
059ec3d9
PH		 4306 {
4307 case 1: goto EXPAND_FAILED; /* when all is well, the */
4308 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4309 }
4310
4311 /* Restore external setting of expansion variables for carrying on
4312 at this level, and continue. */
4313
4314 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4315 save_expand_nlength);
4316 continue;
4317 }
4318
4319 /* If Perl support is configured, handle calling embedded perl subroutines,
4320 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
4321 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
4322 arguments (defined below). */
4323
059ec3d9
PH		 4324 #define EXIM_PERL_MAX_ARGS 8
4325
4326 case EITEM_PERL:
1a46a8c5 4327 #ifndef EXIM_PERL
2e23003a 4328 expand_string_message = US"\"${perl\" encountered, but this facility " /*}*/
1a46a8c5
PH		 4329 "is not included in this binary";
4330 goto EXPAND_FAILED;
4331
4332 #else /* EXIM_PERL */
059ec3d9
PH		 4333 {
4334 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
4335 uschar *new_yield;
4336
4337 if ((expand_forbid & RDO_PERL) != 0)
4338 {
4339 expand_string_message = US"Perl calls are not permitted";
4340 goto EXPAND_FAILED;
4341 }
4342
4343 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
b0e85a8f 4344 US"perl", &resetok))
059ec3d9
PH		 4345 {
4346 case 1: goto EXPAND_FAILED_CURLY;
4347 case 2:
4348 case 3: goto EXPAND_FAILED;
4349 }
4350
4351 /* If skipping, we don't actually do anything */
4352
4353 if (skipping) continue;
4354
4355 /* Start the interpreter if necessary */
4356
4357 if (!opt_perl_started)
4358 {
4359 uschar *initerror;
4360 if (opt_perl_startup == NULL)
4361 {
4362 expand_string_message = US"A setting of perl_startup is needed when "
4363 "using the Perl interpreter";
4364 goto EXPAND_FAILED;
4365 }
4366 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
4367 initerror = init_perl(opt_perl_startup);
4368 if (initerror != NULL)
4369 {
4370 expand_string_message =
4371 string_sprintf("error in perl_startup code: %s\n", initerror);
4372 goto EXPAND_FAILED;
4373 }
4374 opt_perl_started = TRUE;
4375 }
4376
4377 /* Call the function */
4378
4379 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
4380 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
4381 sub_arg[0], sub_arg + 1);
4382
4383 /* NULL yield indicates failure; if the message pointer has been set to
4384 NULL, the yield was undef, indicating a forced failure. Otherwise the
4385 message will indicate some kind of Perl error. */
4386
4387 if (new_yield == NULL)
4388 {
4389 if (expand_string_message == NULL)
4390 {
4391 expand_string_message =
4392 string_sprintf("Perl subroutine \"%s\" returned undef to force "
4393 "failure", sub_arg[0]);
4394 expand_string_forcedfail = TRUE;
4395 }
4396 goto EXPAND_FAILED;
4397 }
4398
4399 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
4400 set during a callback from Perl. */
4401
4402 expand_string_forcedfail = FALSE;
4403 yield = new_yield;
4404 continue;
4405 }
4406 #endif /* EXIM_PERL */
4407
fffda43a
TK		 4408 /* Transform email address to "prvs" scheme to use
4409 as BATV-signed return path */
4410
4411 case EITEM_PRVS:
4412 {
4413 uschar *sub_arg[3];
4414 uschar *p,*domain;
4415
b0e85a8f 4416 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs", &resetok))
fffda43a
TK		 4417 {
4418 case 1: goto EXPAND_FAILED_CURLY;
4419 case 2:
4420 case 3: goto EXPAND_FAILED;
4421 }
4422
4423 /* If skipping, we don't actually do anything */
4424 if (skipping) continue;
4425
4426 /* sub_arg[0] is the address */
4427 domain = Ustrrchr(sub_arg[0],'@');
4428 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
4429 {
cb9328de
PH		 4430 expand_string_message = US"prvs first argument must be a qualified email address";
4431 goto EXPAND_FAILED;
4432 }
4433
4434 /* Calculate the hash. The second argument must be a single-digit
4435 key number, or unset. */
4436
4437 if (sub_arg[2] != NULL &&
4438 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
4439 {
4440 expand_string_message = US"prvs second argument must be a single digit";
fffda43a
TK		 4441 goto EXPAND_FAILED;
4442 }
4443
fffda43a
TK		 4444 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
4445 if (p == NULL)
4446 {
cb9328de 4447 expand_string_message = US"prvs hmac-sha1 conversion failed";
fffda43a
TK		 4448 goto EXPAND_FAILED;
4449 }
4450
4451 /* Now separate the domain from the local part */
4452 *domain++ = '\0';
4453
4454 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
fffda43a
TK		 4455 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
4456 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
4457 string_cat(yield,&size,&ptr,p,6);
a48ced90
TK		 4458 string_cat(yield,&size,&ptr,US"=",1);
4459 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
fffda43a
TK		 4460 string_cat(yield,&size,&ptr,US"@",1);
4461 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
4462
4463 continue;
4464 }
4465
4466 /* Check a prvs-encoded address for validity */
4467
4468 case EITEM_PRVSCHECK:
4469 {
4470 uschar *sub_arg[3];
4471 int mysize = 0, myptr = 0;
4472 const pcre *re;
4473 uschar *p;
72fdd6ae
PH		 4474
4475 /* TF: Ugliness: We want to expand parameter 1 first, then set
fffda43a
TK		 4476 up expansion variables that are used in the expansion of
4477 parameter 2. So we clone the string for the first
72fdd6ae
PH		 4478 expansion, where we only expand parameter 1.
4479
4480 PH: Actually, that isn't necessary. The read_subs() function is
4481 designed to work this way for the ${if and ${lookup expansions. I've
4482 tidied the code.
4483 */
fffda43a
TK		 4484
4485 /* Reset expansion variables */
4486 prvscheck_result = NULL;
4487 prvscheck_address = NULL;
4488 prvscheck_keynum = NULL;
4489
b0e85a8f 4490 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
fffda43a
TK		 4491 {
4492 case 1: goto EXPAND_FAILED_CURLY;
4493 case 2:
4494 case 3: goto EXPAND_FAILED;
4495 }
4496
a48ced90 4497 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
fffda43a
TK		 4498 TRUE,FALSE);
4499
72fdd6ae
PH		 4500 if (regex_match_and_setup(re,sub_arg[0],0,-1))
4501 {
a48ced90
TK		 4502 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
4503 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
4504 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
4505 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
fffda43a
TK		 4506 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
4507
4508 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
4509 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
4510 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
4511 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
4512 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
4513
4514 /* Set up expansion variables */
4515 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
2740a2ca 4516 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
fffda43a
TK		 4517 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
4518 prvscheck_address[myptr] = '\0';
4519 prvscheck_keynum = string_copy(key_num);
4520
72fdd6ae 4521 /* Now expand the second argument */
b0e85a8f 4522 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
fffda43a
TK		 4523 {
4524 case 1: goto EXPAND_FAILED_CURLY;
4525 case 2:
4526 case 3: goto EXPAND_FAILED;
4527 }
4528
fffda43a 4529 /* Now we have the key and can check the address. */
72fdd6ae
PH		 4530
4531 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
4532 daystamp);
4533
fffda43a
TK		 4534 if (p == NULL)
4535 {
4536 expand_string_message = US"hmac-sha1 conversion failed";
4537 goto EXPAND_FAILED;
4538 }
4539
4540 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
4541 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
72fdd6ae 4542
fffda43a
TK		 4543 if (Ustrcmp(p,hash) == 0)
4544 {
4545 /* Success, valid BATV address. Now check the expiry date. */
4546 uschar *now = prvs_daystamp(0);
4547 unsigned int inow = 0,iexpire = 1;
4548
ff790e47
PH		 4549 (void)sscanf(CS now,"%u",&inow);
4550 (void)sscanf(CS daystamp,"%u",&iexpire);
fffda43a
TK		 4551
4552 /* When "iexpire" is < 7, a "flip" has occured.
4553 Adjust "inow" accordingly. */
4554 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
4555
686c36b7 4556 if (iexpire >= inow)
fffda43a
TK		 4557 {
4558 prvscheck_result = US"1";
4559 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
4560 }
4561 else
4562 {
4563 prvscheck_result = NULL;
4564 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
4565 }
4566 }
4567 else
4568 {
4569 prvscheck_result = NULL;
4570 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
4571 }
72fdd6ae
PH		 4572
4573 /* Now expand the final argument. We leave this till now so that
4574 it can include $prvscheck_result. */
4575
b0e85a8f 4576 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs", &resetok))
72fdd6ae
PH		 4577 {
4578 case 1: goto EXPAND_FAILED_CURLY;
4579 case 2:
4580 case 3: goto EXPAND_FAILED;
4581 }
4582
4583 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
4584 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
4585 else
4586 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4587
4588 /* Reset the "internal" variables afterwards, because they are in
4589 dynamic store that will be reclaimed if the expansion succeeded. */
4590
4591 prvscheck_address = NULL;
4592 prvscheck_keynum = NULL;
4593 }
fffda43a
TK		 4594 else
4595 {
4596 /* Does not look like a prvs encoded address, return the empty string.
72fdd6ae
PH		 4597 We need to make sure all subs are expanded first, so as to skip over
4598 the entire item. */
4599
b0e85a8f 4600 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs", &resetok))
fffda43a
TK		 4601 {
4602 case 1: goto EXPAND_FAILED_CURLY;
4603 case 2:
4604 case 3: goto EXPAND_FAILED;
4605 }
4606 }
4607
4608 continue;
4609 }
4610
059ec3d9
PH		 4611 /* Handle "readfile" to insert an entire file */
4612
4613 case EITEM_READFILE:
4614 {
4615 FILE *f;
4616 uschar *sub_arg[2];
4617
4618 if ((expand_forbid & RDO_READFILE) != 0)
4619 {
4620 expand_string_message = US"file insertions are not permitted";
4621 goto EXPAND_FAILED;
4622 }
4623
b0e85a8f 4624 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile", &resetok))
059ec3d9
PH		 4625 {
4626 case 1: goto EXPAND_FAILED_CURLY;
4627 case 2:
4628 case 3: goto EXPAND_FAILED;
4629 }
4630
4631 /* If skipping, we don't actually do anything */
4632
4633 if (skipping) continue;
4634
4635 /* Open the file and read it */
4636
4637 f = Ufopen(sub_arg[0], "rb");
4638 if (f == NULL)
4639 {
4640 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4641 goto EXPAND_FAILED;
4642 }
4643
4644 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
f1e894f3 4645 (void)fclose(f);
059ec3d9
PH		 4646 continue;
4647 }
4648
4649 /* Handle "readsocket" to insert data from a Unix domain socket */
4650
4651 case EITEM_READSOCK:
4652 {
4653 int fd;
4654 int timeout = 5;
4655 int save_ptr = ptr;
4656 FILE *f;
4657 struct sockaddr_un sockun; /* don't call this "sun" ! */
4658 uschar *arg;
4659 uschar *sub_arg[4];
4660
4661 if ((expand_forbid & RDO_READSOCK) != 0)
4662 {
4663 expand_string_message = US"socket insertions are not permitted";
4664 goto EXPAND_FAILED;
4665 }
4666
4667 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4668 because there may be a string for expansion on failure. */
4669
b0e85a8f 4670 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket", &resetok))
059ec3d9
PH		 4671 {
4672 case 1: goto EXPAND_FAILED_CURLY;
4673 case 2: /* Won't occur: no end check */
4674 case 3: goto EXPAND_FAILED;
4675 }
4676
4677 /* Sort out timeout, if given */
4678
4679 if (sub_arg[2] != NULL)
4680 {
4681 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
4682 if (timeout < 0)
4683 {
4684 expand_string_message = string_sprintf("bad time value %s",
4685 sub_arg[2]);
4686 goto EXPAND_FAILED;
4687 }
4688 }
4689 else sub_arg[3] = NULL; /* No eol if no timeout */
4690
1cce3af8
PH		 4691 /* If skipping, we don't actually do anything. Otherwise, arrange to
4692 connect to either an IP or a Unix socket. */
059ec3d9
PH		 4693
4694 if (!skipping)
4695 {
1cce3af8 4696 /* Handle an IP (internet) domain */
059ec3d9 4697
91ecef39 4698 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
059ec3d9 4699 {
b1f8e4f8 4700 int port;
1cce3af8
PH		 4701 uschar *server_name = sub_arg[0] + 5;
4702 uschar *port_name = Ustrrchr(server_name, ':');
4703
4704 /* Sort out the port */
4705
4706 if (port_name == NULL)
4707 {
4708 expand_string_message =
4709 string_sprintf("missing port for readsocket %s", sub_arg[0]);
4710 goto EXPAND_FAILED;
4711 }
4712 *port_name++ = 0; /* Terminate server name */
4713
4714 if (isdigit(*port_name))
4715 {
4716 uschar *end;
4717 port = Ustrtol(port_name, &end, 0);
4718 if (end != port_name + Ustrlen(port_name))
4719 {
4720 expand_string_message =
4721 string_sprintf("invalid port number %s", port_name);
4722 goto EXPAND_FAILED;
4723 }
4724 }
4725 else
4726 {
4727 struct servent *service_info = getservbyname(CS port_name, "tcp");
4728 if (service_info == NULL)
4729 {
4730 expand_string_message = string_sprintf("unknown port \"%s\"",
4731 port_name);
4732 goto EXPAND_FAILED;
4733 }
4734 port = ntohs(service_info->s_port);
4735 }
4736
b1f8e4f8
JH		 4737 if ((fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
4738 timeout, NULL, &expand_string_message)) < 0)
1cce3af8 4739 goto SOCK_FAIL;
059ec3d9
PH		 4740 }
4741
1cce3af8
PH		 4742 /* Handle a Unix domain socket */
4743
4744 else
059ec3d9 4745 {
a401ddaa 4746 int rc;
1cce3af8
PH		 4747 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4748 {
4749 expand_string_message = string_sprintf("failed to create socket: %s",
4750 strerror(errno));
4751 goto SOCK_FAIL;
4752 }
4753
4754 sockun.sun_family = AF_UNIX;
4755 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4756 sub_arg[0]);
a401ddaa
PH		 4757
4758 sigalrm_seen = FALSE;
4759 alarm(timeout);
4760 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4761 alarm(0);
734e1499 4762 if (sigalrm_seen)
1cce3af8 4763 {
734e1499 4764 expand_string_message = US "socket connect timed out";
1cce3af8
PH		 4765 goto SOCK_FAIL;
4766 }
734e1499 4767 if (rc < 0)
a401ddaa 4768 {
734e1499
PH		 4769 expand_string_message = string_sprintf("failed to connect to socket "
4770 "%s: %s", sub_arg[0], strerror(errno));
a401ddaa
PH		 4771 goto SOCK_FAIL;
4772 }
059ec3d9 4773 }
1cce3af8 4774
059ec3d9
PH		 4775 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4776
567e584c
JH		 4777 /* Allow sequencing of test actions */
4778 if (running_in_test_harness) millisleep(100);
4779
059ec3d9
PH		 4780 /* Write the request string, if not empty */
4781
4782 if (sub_arg[1][0] != 0)
4783 {
4784 int len = Ustrlen(sub_arg[1]);
4785 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4786 sub_arg[1]);
4787 if (write(fd, sub_arg[1], len) != len)
4788 {
4789 expand_string_message = string_sprintf("request write to socket "
4790 "failed: %s", strerror(errno));
4791 goto SOCK_FAIL;
4792 }
4793 }
4794
c1114884
PH		 4795 /* Shut down the sending side of the socket. This helps some servers to
4796 recognise that it is their turn to do some work. Just in case some
4797 system doesn't have this function, make it conditional. */
4798
4799 #ifdef SHUT_WR
4800 shutdown(fd, SHUT_WR);
4801 #endif
4802
567e584c
JH		 4803 if (running_in_test_harness) millisleep(100);
4804
059ec3d9
PH		 4805 /* Now we need to read from the socket, under a timeout. The function
4806 that reads a file can be used. */
4807
4808 f = fdopen(fd, "rb");
4809 sigalrm_seen = FALSE;
4810 alarm(timeout);
4811 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4812 alarm(0);
f1e894f3 4813 (void)fclose(f);
059ec3d9
PH		 4814
4815 /* After a timeout, we restore the pointer in the result, that is,
4816 make sure we add nothing from the socket. */
4817
4818 if (sigalrm_seen)
4819 {
4820 ptr = save_ptr;
1cce3af8 4821 expand_string_message = US "socket read timed out";
059ec3d9
PH		 4822 goto SOCK_FAIL;
4823 }
4824 }
4825
4826 /* The whole thing has worked (or we were skipping). If there is a
4827 failure string following, we need to skip it. */
4828
4829 if (*s == '{')
4830 {
b0e85a8f 4831 if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL)
059ec3d9
PH		 4832 goto EXPAND_FAILED;
4833 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4834 while (isspace(*s)) s++;
4835 }
4836 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4837 continue;
4838
4839 /* Come here on failure to create socket, connect socket, write to the
4840 socket, or timeout on reading. If another substring follows, expand and
4841 use it. Otherwise, those conditions give expand errors. */
4842
4843 SOCK_FAIL:
4844 if (*s != '{') goto EXPAND_FAILED;
4845 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
b0e85a8f 4846 arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok);
059ec3d9
PH		 4847 if (arg == NULL) goto EXPAND_FAILED;
4848 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4849 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4850 while (isspace(*s)) s++;
4851 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4852 continue;
4853 }
4854
4855 /* Handle "run" to execute a program. */
4856
4857 case EITEM_RUN:
4858 {
4859 FILE *f;
059ec3d9 4860 uschar *arg;
55414b25 4861 const uschar **argv;
059ec3d9
PH		 4862 pid_t pid;
4863 int fd_in, fd_out;
4864 int lsize = 0;
4865 int lptr = 0;
4866
4867 if ((expand_forbid & RDO_RUN) != 0)
4868 {
4869 expand_string_message = US"running a command is not permitted";
4870 goto EXPAND_FAILED;
4871 }
4872
4873 while (isspace(*s)) s++;
4874 if (*s != '{') goto EXPAND_FAILED_CURLY;
b0e85a8f 4875 arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
059ec3d9
PH		 4876 if (arg == NULL) goto EXPAND_FAILED;
4877 while (isspace(*s)) s++;
4878 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4879
4880 if (skipping) /* Just pretend it worked when we're skipping */
4881 {
4882 runrc = 0;
4883 }
4884 else
4885 {
4886 if (!transport_set_up_command(&argv, /* anchor for arg list */
4887 arg, /* raw command */
4888 FALSE, /* don't expand the arguments */
4889 0, /* not relevant when... */
4890 NULL, /* no transporting address */
4891 US"${run} expansion", /* for error messages */
4892 &expand_string_message)) /* where to put error message */
4893 {
4894 goto EXPAND_FAILED;
4895 }
4896
4897 /* Create the child process, making it a group leader. */
4898
55414b25 4899 pid = child_open(USS argv, NULL, 0077, &fd_in, &fd_out, TRUE);
059ec3d9
PH		 4900
4901 if (pid < 0)
4902 {
4903 expand_string_message =
4904 string_sprintf("couldn't create child process: %s", strerror(errno));
4905 goto EXPAND_FAILED;
4906 }
4907
4908 /* Nothing is written to the standard input. */
4909
f1e894f3 4910 (void)close(fd_in);
059ec3d9 4911
ac53fcda
PP		 4912 /* Read the pipe to get the command's output into $value (which is kept
4913 in lookup_value). Read during execution, so that if the output exceeds
4914 the OS pipe buffer limit, we don't block forever. */
4915
4916 f = fdopen(fd_out, "rb");
4917 sigalrm_seen = FALSE;
4918 alarm(60);
4919 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4920 alarm(0);
4921 (void)fclose(f);
4922
059ec3d9
PH		 4923 /* Wait for the process to finish, applying the timeout, and inspect its
4924 return code for serious disasters. Simple non-zero returns are passed on.
4925 */
4926
ac53fcda 4927 if (sigalrm_seen == TRUE || (runrc = child_close(pid, 30)) < 0)
059ec3d9 4928 {
ac53fcda 4929 if (sigalrm_seen == TRUE || runrc == -256)
059ec3d9
PH		 4930 {
4931 expand_string_message = string_sprintf("command timed out");
4932 killpg(pid, SIGKILL); /* Kill the whole process group */
4933 }
4934
4935 else if (runrc == -257)
4936 expand_string_message = string_sprintf("wait() failed: %s",
4937 strerror(errno));
4938
4939 else
4940 expand_string_message = string_sprintf("command killed by signal %d",
4941 -runrc);
4942
4943 goto EXPAND_FAILED;
4944 }
059ec3d9
PH		 4945 }
4946
d20976dc 4947 /* Process the yes/no strings; $value may be useful in both cases */
059ec3d9
PH		 4948
4949 switch(process_yesno(
4950 skipping, /* were previously skipping */
4951 runrc == 0, /* success/failure indicator */
d20976dc 4952 lookup_value, /* value to reset for string2 */
059ec3d9
PH		 4953 &s, /* input pointer */
4954 &yield, /* output pointer */
4955 &size, /* output size */
4956 &ptr, /* output current point */
b0e85a8f
JH		 4957 US"run", /* condition type */
4958 &resetok))
059ec3d9
PH		 4959 {
4960 case 1: goto EXPAND_FAILED; /* when all is well, the */
4961 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4962 }
4963
4964 continue;
4965 }
4966
4967 /* Handle character translation for "tr" */
4968
4969 case EITEM_TR:
4970 {
4971 int oldptr = ptr;
4972 int o2m;
4973 uschar *sub[3];
4974
b0e85a8f 4975 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr", &resetok))
059ec3d9
PH		 4976 {
4977 case 1: goto EXPAND_FAILED_CURLY;
4978 case 2:
4979 case 3: goto EXPAND_FAILED;
4980 }
4981
4982 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4983 o2m = Ustrlen(sub[2]) - 1;
4984
4985 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4986 {
4987 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4988 if (m != NULL)
4989 {
4990 int o = m - sub[1];
4991 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4992 }
4993 }
4994
4995 continue;
4996 }
4997
4998 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4999 expanded arguments. */
5000
5001 case EITEM_HASH:
5002 case EITEM_LENGTH:
5003 case EITEM_NHASH:
5004 case EITEM_SUBSTR:
5005 {
5006 int i;
5007 int len;
5008 uschar *ret;
5009 int val[2] = { 0, -1 };
5010 uschar *sub[3];
5011
5012 /* "length" takes only 2 arguments whereas the others take 2 or 3.
2e23003a 5013 Ensure that sub[2] is set in the ${length } case. */
059ec3d9
PH		 5014
5015 sub[2] = NULL;
5016 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
b0e85a8f 5017 TRUE, name, &resetok))
059ec3d9
PH		 5018 {
5019 case 1: goto EXPAND_FAILED_CURLY;
5020 case 2:
5021 case 3: goto EXPAND_FAILED;
5022 }
5023
5024 /* Juggle the arguments if there are only two of them: always move the
5025 string to the last position and make ${length{n}{str}} equivalent to
5026 ${substr{0}{n}{str}}. See the defaults for val[] above. */
5027
5028 if (sub[2] == NULL)
5029 {
5030 sub[2] = sub[1];
5031 sub[1] = NULL;
5032 if (item_type == EITEM_LENGTH)
5033 {
5034 sub[1] = sub[0];
5035 sub[0] = NULL;
5036 }
5037 }
5038
5039 for (i = 0; i < 2; i++)
5040 {
5041 if (sub[i] == NULL) continue;
5042 val[i] = (int)Ustrtol(sub[i], &ret, 10);
5043 if (*ret != 0 || (i != 0 && val[i] < 0))
5044 {
5045 expand_string_message = string_sprintf("\"%s\" is not a%s number "
5046 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
5047 goto EXPAND_FAILED;
5048 }
5049 }
5050
5051 ret =
5052 (item_type == EITEM_HASH)?
5053 compute_hash(sub[2], val[0], val[1], &len) :
5054 (item_type == EITEM_NHASH)?
5055 compute_nhash(sub[2], val[0], val[1], &len) :
5056 extract_substr(sub[2], val[0], val[1], &len);
5057
5058 if (ret == NULL) goto EXPAND_FAILED;
5059 yield = string_cat(yield, &size, &ptr, ret, len);
5060 continue;
5061 }
5062
5063 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
5064 This code originally contributed by Steve Haslam. It currently supports
5065 the use of MD5 and SHA-1 hashes.
5066
5067 We need some workspace that is large enough to handle all the supported
5068 hash types. Use macros to set the sizes rather than be too elaborate. */
5069
5070 #define MAX_HASHLEN 20
5071 #define MAX_HASHBLOCKLEN 64
5072
5073 case EITEM_HMAC:
5074 {
5075 uschar *sub[3];
5076 md5 md5_base;
5077 sha1 sha1_base;
5078 void *use_base;
5079 int type, i;
5080 int hashlen; /* Number of octets for the hash algorithm's output */
5081 int hashblocklen; /* Number of octets the hash algorithm processes */
5082 uschar *keyptr, *p;
5083 unsigned int keylen;
5084
5085 uschar keyhash[MAX_HASHLEN];
5086 uschar innerhash[MAX_HASHLEN];
5087 uschar finalhash[MAX_HASHLEN];
5088 uschar finalhash_hex[2*MAX_HASHLEN];
5089 uschar innerkey[MAX_HASHBLOCKLEN];
5090 uschar outerkey[MAX_HASHBLOCKLEN];
5091
b0e85a8f 5092 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name, &resetok))
059ec3d9
PH		 5093 {
5094 case 1: goto EXPAND_FAILED_CURLY;
5095 case 2:
5096 case 3: goto EXPAND_FAILED;
5097 }
5098
5099 if (Ustrcmp(sub[0], "md5") == 0)
5100 {
5101 type = HMAC_MD5;
5102 use_base = &md5_base;
5103 hashlen = 16;
5104 hashblocklen = 64;
5105 }
5106 else if (Ustrcmp(sub[0], "sha1") == 0)
5107 {
5108 type = HMAC_SHA1;
5109 use_base = &sha1_base;
5110 hashlen = 20;
5111 hashblocklen = 64;
5112 }
5113 else
5114 {
5115 expand_string_message =
5116 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
5117 goto EXPAND_FAILED;
5118 }
5119
5120 keyptr = sub[1];
5121 keylen = Ustrlen(keyptr);
5122
5123 /* If the key is longer than the hash block length, then hash the key
5124 first */
5125
5126 if (keylen > hashblocklen)
5127 {
5128 chash_start(type, use_base);
5129 chash_end(type, use_base, keyptr, keylen, keyhash);
5130 keyptr = keyhash;
5131 keylen = hashlen;
5132 }
5133
5134 /* Now make the inner and outer key values */
5135
5136 memset(innerkey, 0x36, hashblocklen);
5137 memset(outerkey, 0x5c, hashblocklen);
5138
5139 for (i = 0; i < keylen; i++)
5140 {
5141 innerkey[i] ^= keyptr[i];
5142 outerkey[i] ^= keyptr[i];
5143 }
5144
5145 /* Now do the hashes */
5146
5147 chash_start(type, use_base);
5148 chash_mid(type, use_base, innerkey);
5149 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
5150
5151 chash_start(type, use_base);
5152 chash_mid(type, use_base, outerkey);
5153 chash_end(type, use_base, innerhash, hashlen, finalhash);
5154
5155 /* Encode the final hash as a hex string */
5156
5157 p = finalhash_hex;
5158 for (i = 0; i < hashlen; i++)
5159 {
5160 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
5161 *p++ = hex_digits[finalhash[i] & 0x0f];
5162 }
5163
5164 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
5165 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
5166
5167 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
5168 }
5169
5170 continue;
5171
5172 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
5173 We have to save the numerical variables and restore them afterwards. */
5174
5175 case EITEM_SG:
5176 {
5177 const pcre *re;
5178 int moffset, moffsetextra, slen;
5179 int roffset;
5180 int emptyopt;
5181 const uschar *rerror;
5182 uschar *subject;
5183 uschar *sub[3];
5184 int save_expand_nmax =
5185 save_expand_strings(save_expand_nstring, save_expand_nlength);
5186
b0e85a8f 5187 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg", &resetok))
059ec3d9
PH		 5188 {
5189 case 1: goto EXPAND_FAILED_CURLY;
5190 case 2:
5191 case 3: goto EXPAND_FAILED;
5192 }
5193
5194 /* Compile the regular expression */
5195
5196 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
5197 NULL);
5198
5199 if (re == NULL)
5200 {
5201 expand_string_message = string_sprintf("regular expression error in "
5202 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
5203 goto EXPAND_FAILED;
5204 }
5205
5206 /* Now run a loop to do the substitutions as often as necessary. It ends
5207 when there are no more matches. Take care over matches of the null string;
5208 do the same thing as Perl does. */
5209
5210 subject = sub[0];
5211 slen = Ustrlen(sub[0]);
5212 moffset = moffsetextra = 0;
5213 emptyopt = 0;
5214
5215 for (;;)
5216 {
5217 int ovector[3*(EXPAND_MAXN+1)];
5218 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
0539a19d 5219 PCRE_EOPT | emptyopt, ovector, nelem(ovector));
059ec3d9
PH		 5220 int nn;
5221 uschar *insert;
5222
5223 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
5224 is not necessarily the end. We want to repeat the match from one
5225 character further along, but leaving the basic offset the same (for
5226 copying below). We can't be at the end of the string - that was checked
5227 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
5228 finished; copy the remaining string and end the loop. */
5229
5230 if (n < 0)
5231 {
5232 if (emptyopt != 0)
5233 {
5234 moffsetextra = 1;
5235 emptyopt = 0;
5236 continue;
5237 }
5238 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
5239 break;
5240 }
5241
5242 /* Match - set up for expanding the replacement. */
5243
5244 if (n == 0) n = EXPAND_MAXN + 1;
5245 expand_nmax = 0;
5246 for (nn = 0; nn < n*2; nn += 2)
5247 {
5248 expand_nstring[expand_nmax] = subject + ovector[nn];
5249 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5250 }
5251 expand_nmax--;
5252
5253 /* Copy the characters before the match, plus the expanded insertion. */
5254
5255 yield = string_cat(yield, &size, &ptr, subject + moffset,
5256 ovector[0] - moffset);
5257 insert = expand_string(sub[2]);
5258 if (insert == NULL) goto EXPAND_FAILED;
5259 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
5260
5261 moffset = ovector[1];
5262 moffsetextra = 0;
5263 emptyopt = 0;
5264
5265 /* If we have matched an empty string, first check to see if we are at
5266 the end of the subject. If so, the loop is over. Otherwise, mimic
5267 what Perl's /g options does. This turns out to be rather cunning. First
5268 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
5269 string at the same point. If this fails (picked up above) we advance to
5270 the next character. */
5271
5272 if (ovector[0] == ovector[1])
5273 {
5274 if (ovector[0] == slen) break;
5275 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
5276 }
5277 }
5278
5279 /* All done - restore numerical variables. */
5280
5281 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5282 save_expand_nlength);
5283 continue;
5284 }
5285
5286 /* Handle keyed and numbered substring extraction. If the first argument
5287 consists entirely of digits, then a numerical extraction is assumed. */
5288
5289 case EITEM_EXTRACT:
5290 {
5291 int i;
5292 int j = 2;
5293 int field_number = 1;
5294 BOOL field_number_set = FALSE;
5295 uschar *save_lookup_value = lookup_value;
5296 uschar *sub[3];
5297 int save_expand_nmax =
5298 save_expand_strings(save_expand_nstring, save_expand_nlength);
5299
5300 /* Read the arguments */
5301
5302 for (i = 0; i < j; i++)
5303 {
5304 while (isspace(*s)) s++;
aa26e137 5305 if (*s == '{') /*}*/
059ec3d9 5306 {
b0e85a8f
JH		 5307 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5308 if (sub[i] == NULL) goto EXPAND_FAILED; /*{*/
059ec3d9
PH		 5309 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5310
5311 /* After removal of leading and trailing white space, the first
5312 argument must not be empty; if it consists entirely of digits
5313 (optionally preceded by a minus sign), this is a numerical
5314 extraction, and we expect 3 arguments. */
5315
5316 if (i == 0)
5317 {
5318 int len;
5319 int x = 0;
5320 uschar *p = sub[0];
5321
5322 while (isspace(*p)) p++;
5323 sub[0] = p;
5324
5325 len = Ustrlen(p);
5326 while (len > 0 && isspace(p[len-1])) len--;
5327 p[len] = 0;
5328
82dbd376
JH		 5329 if (!skipping)
5330 {
5331 if (*p == 0)
5332 {
5333 expand_string_message = US"first argument of \"extract\" must "
5334 "not be empty";
5335 goto EXPAND_FAILED;
5336 }
5337
5338 if (*p == '-')
5339 {
5340 field_number = -1;
5341 p++;
5342 }
5343 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
5344 if (*p == 0)
5345 {
5346 field_number *= x;
5347 j = 3; /* Need 3 args */
5348 field_number_set = TRUE;
5349 }
5350 }
059ec3d9
PH		 5351 }
5352 }
5353 else goto EXPAND_FAILED_CURLY;
5354 }
5355
5356 /* Extract either the numbered or the keyed substring into $value. If
5357 skipping, just pretend the extraction failed. */
5358
5359 lookup_value = skipping? NULL : field_number_set?
5360 expand_gettokened(field_number, sub[1], sub[2]) :
5361 expand_getkeyed(sub[0], sub[1]);
5362
5363 /* If no string follows, $value gets substituted; otherwise there can
5364 be yes/no strings, as for lookup or if. */
5365
aa26e137
JH		 5366 switch(process_yesno(
5367 skipping, /* were previously skipping */
5368 lookup_value != NULL, /* success/failure indicator */
5369 save_lookup_value, /* value to reset for string2 */
5370 &s, /* input pointer */
5371 &yield, /* output pointer */
5372 &size, /* output size */
5373 &ptr, /* output current point */
5374 US"extract", /* condition type */
5375 &resetok))
5376 {
5377 case 1: goto EXPAND_FAILED; /* when all is well, the */
5378 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5379 }
5380
5381 /* All done - restore numerical variables. */
5382
5383 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5384 save_expand_nlength);
5385
5386 continue;
5387 }
5388
5389 /* return the Nth item from a list */
5390
5391 case EITEM_LISTEXTRACT:
5392 {
5393 int i;
5394 int field_number = 1;
5395 uschar *save_lookup_value = lookup_value;
5396 uschar *sub[2];
5397 int save_expand_nmax =
5398 save_expand_strings(save_expand_nstring, save_expand_nlength);
5399
5400 /* Read the field & list arguments */
5401
5402 for (i = 0; i < 2; i++)
5403 {
5404 while (isspace(*s)) s++;
5405 if (*s != '{') /*}*/
5406 goto EXPAND_FAILED_CURLY;
5407
5408 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5409 if (!sub[i]) goto EXPAND_FAILED; /*{*/
5410 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5411
5412 /* After removal of leading and trailing white space, the first
5413 argument must be numeric and nonempty. */
5414
5415 if (i == 0)
5416 {
5417 int len;
5418 int x = 0;
5419 uschar *p = sub[0];
5420
5421 while (isspace(*p)) p++;
5422 sub[0] = p;
5423
5424 len = Ustrlen(p);
5425 while (len > 0 && isspace(p[len-1])) len--;
5426 p[len] = 0;
5427
5428 if (!*p && !skipping)
5429 {
5430 expand_string_message = US"first argument of \"listextract\" must "
5431 "not be empty";
5432 goto EXPAND_FAILED;
5433 }
5434
5435 if (*p == '-')
5436 {
5437 field_number = -1;
5438 p++;
5439 }
5440 while (*p && isdigit(*p)) x = x * 10 + *p++ - '0';
5441 if (*p)
5442 {
5443 expand_string_message = US"first argument of \"listextract\" must "
5444 "be numeric";
5445 goto EXPAND_FAILED;
5446 }
5447 field_number *= x;
5448 }
5449 }
5450
5451 /* Extract the numbered element into $value. If
5452 skipping, just pretend the extraction failed. */
5453
5454 lookup_value = skipping? NULL : expand_getlistele(field_number, sub[1]);
5455
5456 /* If no string follows, $value gets substituted; otherwise there can
5457 be yes/no strings, as for lookup or if. */
5458
059ec3d9
PH		 5459 switch(process_yesno(
5460 skipping, /* were previously skipping */
5461 lookup_value != NULL, /* success/failure indicator */
5462 save_lookup_value, /* value to reset for string2 */
5463 &s, /* input pointer */
5464 &yield, /* output pointer */
5465 &size, /* output size */
5466 &ptr, /* output current point */
b0e85a8f
JH		 5467 US"extract", /* condition type */
5468 &resetok))
059ec3d9
PH		 5469 {
5470 case 1: goto EXPAND_FAILED; /* when all is well, the */
5471 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5472 }
5473
5474 /* All done - restore numerical variables. */
5475
5476 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5477 save_expand_nlength);
5478
5479 continue;
5480 }
1a46a8c5 5481
9d1c15ef
JH		 5482#ifdef SUPPORT_TLS
5483 case EITEM_CERTEXTRACT:
5484 {
9d1c15ef
JH		 5485 uschar *save_lookup_value = lookup_value;
5486 uschar *sub[2];
5487 int save_expand_nmax =
5488 save_expand_strings(save_expand_nstring, save_expand_nlength);
5489
5490 /* Read the field argument */
5491 while (isspace(*s)) s++;
5492 if (*s != '{') /*}*/
5493 goto EXPAND_FAILED_CURLY;
5494 sub[0] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5495 if (!sub[0]) goto EXPAND_FAILED; /*{*/
5496 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5497 /* strip spaces fore & aft */
5498 {
5499 int len;
9d1c15ef
JH		 5500 uschar *p = sub[0];
5501
5502 while (isspace(*p)) p++;
5503 sub[0] = p;
5504
5505 len = Ustrlen(p);
5506 while (len > 0 && isspace(p[len-1])) len--;
5507 p[len] = 0;
5508 }
5509
5510 /* inspect the cert argument */
5511 while (isspace(*s)) s++;
5512 if (*s != '{') /*}*/
5513 goto EXPAND_FAILED_CURLY;
5514 if (*++s != '$')
5515 {
5516 expand_string_message = US"second argument of \"certextract\" must "
5517 "be a certificate variable";
5518 goto EXPAND_FAILED;
5519 }
5520 sub[1] = expand_string_internal(s+1, TRUE, &s, skipping, FALSE, &resetok);
5521 if (!sub[1]) goto EXPAND_FAILED; /*{*/
5522 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5523
5524 if (skipping)
5525 lookup_value = NULL;
5526 else
5527 {
5528 lookup_value = expand_getcertele(sub[0], sub[1]);
5529 if (*expand_string_message) goto EXPAND_FAILED;
5530 }
5531 switch(process_yesno(
5532 skipping, /* were previously skipping */
5533 lookup_value != NULL, /* success/failure indicator */
5534 save_lookup_value, /* value to reset for string2 */
5535 &s, /* input pointer */
5536 &yield, /* output pointer */
5537 &size, /* output size */
5538 &ptr, /* output current point */
5539 US"extract", /* condition type */
5540 &resetok))
5541 {
5542 case 1: goto EXPAND_FAILED; /* when all is well, the */
5543 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5544 }
5545
5546 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5547 save_expand_nlength);
5548 continue;
5549 }
5550#endif /*SUPPORT_TLS*/
5551
29f89cad
PH		 5552 /* Handle list operations */
5553
5554 case EITEM_FILTER:
5555 case EITEM_MAP:
5556 case EITEM_REDUCE:
5557 {
5558 int sep = 0;
5559 int save_ptr = ptr;
5560 uschar outsep[2] = { '\0', '\0' };
55414b25 5561 const uschar *list, *expr, *temp;
29f89cad
PH		 5562 uschar *save_iterate_item = iterate_item;
5563 uschar *save_lookup_value = lookup_value;
5564
5565 while (isspace(*s)) s++;
5566 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5567
b0e85a8f 5568 list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
29f89cad
PH		 5569 if (list == NULL) goto EXPAND_FAILED;
5570 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5571
5572 if (item_type == EITEM_REDUCE)
5573 {
55414b25 5574 uschar * t;
29f89cad
PH		 5575 while (isspace(*s)) s++;
5576 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
55414b25 5577 t = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
e1af7642 5578 if (!t) goto EXPAND_FAILED;
55414b25 5579 lookup_value = t;
29f89cad
PH		 5580 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5581 }
5582
5583 while (isspace(*s)) s++;
5584 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5585
5586 expr = s;
5587
5588 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
5589 if scanning a "false" part). This allows us to find the end of the
5590 condition, because if the list is empty, we won't actually evaluate the
5591 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
5592 the normal internal expansion function. */
5593
5594 if (item_type == EITEM_FILTER)
5595 {
b0e85a8f 5596 temp = eval_condition(expr, &resetok, NULL);
29f89cad
PH		 5597 if (temp != NULL) s = temp;
5598 }
5599 else
b0e85a8f 5600 temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
29f89cad
PH		 5601
5602 if (temp == NULL)
5603 {
5604 expand_string_message = string_sprintf("%s inside \"%s\" item",
5605 expand_string_message, name);
5606 goto EXPAND_FAILED;
5607 }
5608
5609 while (isspace(*s)) s++;
5610 if (*s++ != '}')
2e23003a 5611 { /*{*/
29f89cad
PH		 5612 expand_string_message = string_sprintf("missing } at end of condition "
5613 "or expression inside \"%s\"", name);
5614 goto EXPAND_FAILED;
5615 }
5616
2e23003a 5617 while (isspace(*s)) s++; /*{*/
29f89cad 5618 if (*s++ != '}')
2e23003a 5619 { /*{*/
29f89cad
PH		 5620 expand_string_message = string_sprintf("missing } at end of \"%s\"",
5621 name);
5622 goto EXPAND_FAILED;
5623 }
5624
5625 /* If we are skipping, we can now just move on to the next item. When
5626 processing for real, we perform the iteration. */
5627
5628 if (skipping) continue;
5629 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
5630 {
5631 *outsep = (uschar)sep; /* Separator as a string */
5632
5633 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
5634
5635 if (item_type == EITEM_FILTER)
5636 {
5637 BOOL condresult;
b0e85a8f 5638 if (eval_condition(expr, &resetok, &condresult) == NULL)
29f89cad 5639 {
e58c13cc
PH		 5640 iterate_item = save_iterate_item;
5641 lookup_value = save_lookup_value;
29f89cad
PH		 5642 expand_string_message = string_sprintf("%s inside \"%s\" condition",
5643 expand_string_message, name);
5644 goto EXPAND_FAILED;
5645 }
5646 DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
5647 condresult? "true":"false");
5648 if (condresult)
5649 temp = iterate_item; /* TRUE => include this item */
5650 else
5651 continue; /* FALSE => skip this item */
5652 }
5653
5654 /* EITEM_MAP and EITEM_REDUCE */
5655
5656 else
5657 {
55414b25
JH		 5658 uschar * t = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok);
5659 temp = t;
29f89cad
PH		 5660 if (temp == NULL)
5661 {
e58c13cc 5662 iterate_item = save_iterate_item;
29f89cad
PH		 5663 expand_string_message = string_sprintf("%s inside \"%s\" item",
5664 expand_string_message, name);
5665 goto EXPAND_FAILED;
5666 }
5667 if (item_type == EITEM_REDUCE)
5668 {
55414b25 5669 lookup_value = t; /* Update the value of $value */
29f89cad
PH		 5670 continue; /* and continue the iteration */
5671 }
5672 }
5673
5674 /* We reach here for FILTER if the condition is true, always for MAP,
5675 and never for REDUCE. The value in "temp" is to be added to the output
5676 list that is being created, ensuring that any occurrences of the
5677 separator character are doubled. Unless we are dealing with the first
5678 item of the output list, add in a space if the new item begins with the
5679 separator character, or is an empty string. */
5680
5681 if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
5682 yield = string_cat(yield, &size, &ptr, US" ", 1);
5683
5684 /* Add the string in "temp" to the output list that we are building,
5685 This is done in chunks by searching for the separator character. */
5686
5687 for (;;)
5688 {
5689 size_t seglen = Ustrcspn(temp, outsep);
5690 yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
5691
5692 /* If we got to the end of the string we output one character
5693 too many; backup and end the loop. Otherwise arrange to double the
5694 separator. */
5695
5696 if (temp[seglen] == '\0') { ptr--; break; }
5697 yield = string_cat(yield, &size, &ptr, outsep, 1);
5698 temp += seglen + 1;
5699 }
5700
5701 /* Output a separator after the string: we will remove the redundant
5702 final one at the end. */
5703
5704 yield = string_cat(yield, &size, &ptr, outsep, 1);
5705 } /* End of iteration over the list loop */
5706
5707 /* REDUCE has generated no output above: output the final value of
5708 $value. */
5709
5710 if (item_type == EITEM_REDUCE)
5711 {
5712 yield = string_cat(yield, &size, &ptr, lookup_value,
5713 Ustrlen(lookup_value));
5714 lookup_value = save_lookup_value; /* Restore $value */
5715 }
5716
5717 /* FILTER and MAP generate lists: if they have generated anything, remove
5718 the redundant final separator. Even though an empty item at the end of a
5719 list does not count, this is tidier. */
5720
5721 else if (ptr != save_ptr) ptr--;
5722
5723 /* Restore preserved $item */
5724
5725 iterate_item = save_iterate_item;
5726 continue;
5727 }
5728
ac4ef9bd
JH		 5729 case EITEM_SORT:
5730 {
5731 int sep = 0;
55414b25 5732 const uschar *srclist, *cmp, *xtract;
ac4ef9bd 5733 uschar *srcitem;
55414b25 5734 const uschar *dstlist = NULL, *dstkeylist = NULL;
ac4ef9bd
JH		 5735 uschar * tmp;
5736 uschar *save_iterate_item = iterate_item;
5737
5738 while (isspace(*s)) s++;
5739 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5740
5741 srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
5742 if (!srclist) goto EXPAND_FAILED;
5743 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5744
5745 while (isspace(*s)) s++;
5746 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5747
5748 cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok);
5749 if (!cmp) goto EXPAND_FAILED;
5750 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5751
5752 while (isspace(*s)) s++;
5753 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5754
5755 xtract = s;
5756 tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
5757 if (!tmp) goto EXPAND_FAILED;
5758 xtract = string_copyn(xtract, s - xtract);
5759
5760 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5761 /*{*/
5762 if (*s++ != '}')
5763 { /*{*/
5764 expand_string_message = US"missing } at end of \"sort\"";
5765 goto EXPAND_FAILED;
5766 }
5767
5768 if (skipping) continue;
5769
5770 while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0)))
5771 {
5772 uschar * dstitem;
5773 uschar * newlist = NULL;
5774 uschar * newkeylist = NULL;
5775 uschar * srcfield;
5776
5777 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, srcitem);
5778
5779 /* extract field for comparisons */
5780 iterate_item = srcitem;
5781 if ( !(srcfield = expand_string_internal(xtract, FALSE, NULL, FALSE,
5782 TRUE, &resetok))
5783 || !*srcfield)
5784 {
5785 expand_string_message = string_sprintf(
5786 "field-extract in sort: \"%s\"", xtract);
5787 goto EXPAND_FAILED;
5788 }
5789
5790 /* Insertion sort */
5791
5792 /* copy output list until new-item < list-item */
5793 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
5794 {
5795 uschar * dstfield;
5796 uschar * expr;
5797 BOOL before;
5798
5799 /* field for comparison */
5800 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
5801 goto sort_mismatch;
5802
5803 /* build and run condition string */
5804 expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield);
5805
5806 DEBUG(D_expand) debug_printf("%s: cond = \"%s\"\n", name, expr);
5807 if (!eval_condition(expr, &resetok, &before))
5808 {
5809 expand_string_message = string_sprintf("comparison in sort: %s",
5810 expr);
5811 goto EXPAND_FAILED;
5812 }
5813
5814 if (before)
5815 {
5816 /* New-item sorts before this dst-item. Append new-item,
5817 then dst-item, then remainder of dst list. */
5818
5819 newlist = string_append_listele(newlist, sep, srcitem);
5820 newkeylist = string_append_listele(newkeylist, sep, srcfield);
5821 srcitem = NULL;
5822
5823 newlist = string_append_listele(newlist, sep, dstitem);
5824 newkeylist = string_append_listele(newkeylist, sep, dstfield);
5825
5826 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
5827 {
5828 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
5829 goto sort_mismatch;
5830 newlist = string_append_listele(newlist, sep, dstitem);
5831 newkeylist = string_append_listele(newkeylist, sep, dstfield);
5832 }
5833
5834 break;
5835 }
5836
5837 newlist = string_append_listele(newlist, sep, dstitem);
5838 newkeylist = string_append_listele(newkeylist, sep, dstfield);
5839 }
5840
5841 /* If we ran out of dstlist without consuming srcitem, append it */
5842 if (srcitem)
5843 {
5844 newlist = string_append_listele(newlist, sep, srcitem);
5845 newkeylist = string_append_listele(newkeylist, sep, srcfield);
5846 }
5847
5848 dstlist = newlist;
5849 dstkeylist = newkeylist;
5850
5851 DEBUG(D_expand) debug_printf("%s: dstlist = \"%s\"\n", name, dstlist);
5852 DEBUG(D_expand) debug_printf("%s: dstkeylist = \"%s\"\n", name, dstkeylist);
5853 }
5854
5855 if (dstlist)
5856 yield = string_cat(yield, &size, &ptr, dstlist, Ustrlen(dstlist));
5857
5858 /* Restore preserved $item */
5859 iterate_item = save_iterate_item;
5860 continue;
5861
5862 sort_mismatch:
5863 expand_string_message = US"Internal error in sort (list mismatch)";
5864 goto EXPAND_FAILED;
5865 }
5866
29f89cad 5867
2e23003a 5868 /* If ${dlfunc } support is configured, handle calling dynamically-loaded
1a46a8c5
PH		 5869 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
5870 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
5871 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
5872
5873 #define EXPAND_DLFUNC_MAX_ARGS 8
5874
5875 case EITEM_DLFUNC:
089fc87a
JH		 5876#ifndef EXPAND_DLFUNC
5877 expand_string_message = US"\"${dlfunc\" encountered, but this facility " /*}*/
5878 "is not included in this binary";
5879 goto EXPAND_FAILED;
1a46a8c5 5880
089fc87a 5881#else /* EXPAND_DLFUNC */
1a46a8c5
PH		 5882 {
5883 tree_node *t;
5884 exim_dlfunc_t *func;
5885 uschar *result;
5886 int status, argc;
5887 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
5888
5889 if ((expand_forbid & RDO_DLFUNC) != 0)
5890 {
5891 expand_string_message =
5892 US"dynamically-loaded functions are not permitted";
5893 goto EXPAND_FAILED;
5894 }
5895
5896 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
b0e85a8f 5897 TRUE, US"dlfunc", &resetok))
1a46a8c5
PH		 5898 {
5899 case 1: goto EXPAND_FAILED_CURLY;
5900 case 2:
5901 case 3: goto EXPAND_FAILED;
5902 }
5903
5904 /* If skipping, we don't actually do anything */
5905
5906 if (skipping) continue;
5907
5908 /* Look up the dynamically loaded object handle in the tree. If it isn't
5909 found, dlopen() the file and put the handle in the tree for next time. */
5910
5911 t = tree_search(dlobj_anchor, argv[0]);
5912 if (t == NULL)
5913 {
5914 void *handle = dlopen(CS argv[0], RTLD_LAZY);
5915 if (handle == NULL)
5916 {
5917 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
5918 argv[0], dlerror());
5919 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5920 goto EXPAND_FAILED;
5921 }
5922 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
5923 Ustrcpy(t->name, argv[0]);
5924 t->data.ptr = handle;
5925 (void)tree_insertnode(&dlobj_anchor, t);
5926 }
5927
5928 /* Having obtained the dynamically loaded object handle, look up the
5929 function pointer. */
5930
5931 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
5932 if (func == NULL)
5933 {
5934 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
5935 "%s", argv[1], argv[0], dlerror());
7dbf77c9 5936 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
1a46a8c5
PH		 5937 goto EXPAND_FAILED;
5938 }
5939
5940 /* Call the function and work out what to do with the result. If it
5941 returns OK, we have a replacement string; if it returns DEFER then
5942 expansion has failed in a non-forced manner; if it returns FAIL then
5943 failure was forced; if it returns ERROR or any other value there's a
d6b4d938
TF		 5944 problem, so panic slightly. In any case, assume that the function has
5945 side-effects on the store that must be preserved. */
1a46a8c5 5946
d6b4d938 5947 resetok = FALSE;
1a46a8c5
PH		 5948 result = NULL;
5949 for (argc = 0; argv[argc] != NULL; argc++);
5950 status = func(&result, argc - 2, &argv[2]);
5951 if(status == OK)
5952 {
5953 if (result == NULL) result = US"";
5954 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
5955 continue;
5956 }
5957 else
5958 {
5959 expand_string_message = result == NULL ? US"(no message)" : result;
5960 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
5961 else if(status != FAIL)
5962 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
5963 argv[0], argv[1], status, expand_string_message);
5964 goto EXPAND_FAILED;
5965 }
5966 }
089fc87a
JH		 5967#endif /* EXPAND_DLFUNC */
5968
5969 case EITEM_ENV: /* ${env {name} {val_if_found} {val_if_unfound}} */
5970 {
5971 uschar * key;
5972 uschar *save_lookup_value = lookup_value;
5973
5974 while (isspace(*s)) s++;
5975 if (*s != '{') /*}*/
5976 goto EXPAND_FAILED;
5977
5978 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5979 if (!key) goto EXPAND_FAILED; /*{*/
5980 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5981
5982 lookup_value = US getenv(CS key);
5983
5984 switch(process_yesno(
5985 skipping, /* were previously skipping */
5986 lookup_value != NULL, /* success/failure indicator */
5987 save_lookup_value, /* value to reset for string2 */
5988 &s, /* input pointer */
5989 &yield, /* output pointer */
5990 &size, /* output size */
5991 &ptr, /* output current point */
5992 US"env", /* condition type */
5993 &resetok))
5994 {
5995 case 1: goto EXPAND_FAILED; /* when all is well, the */
5996 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5997 }
5998 continue;
5999 }
2e23003a 6000 } /* EITEM_* switch */
059ec3d9
PH		 6001
6002 /* Control reaches here if the name is not recognized as one of the more
6003 complicated expansion items. Check for the "operator" syntax (name terminated
6004 by a colon). Some of the operators have arguments, separated by _ from the
6005 name. */
6006
6007 if (*s == ':')
6008 {
6009 int c;
6010 uschar *arg = NULL;
6a8a60e0 6011 uschar *sub;
e3dd1d67 6012 var_entry *vp = NULL;
059ec3d9
PH		 6013
6014 /* Owing to an historical mis-design, an underscore may be part of the
6015 operator name, or it may introduce arguments. We therefore first scan the
6016 table of names that contain underscores. If there is no match, we cut off
6017 the arguments and then scan the main table. */
6018
6a8a60e0 6019 if ((c = chop_match(name, op_table_underscore,
0539a19d 6020 nelem(op_table_underscore))) < 0)
059ec3d9
PH		 6021 {
6022 arg = Ustrchr(name, '_');
6023 if (arg != NULL) *arg = 0;
0539a19d
JH		 6024 c = chop_match(name, op_table_main, nelem(op_table_main));
6025 if (c >= 0) c += nelem(op_table_underscore);
059ec3d9
PH		 6026 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
6027 }
6028
6a8a60e0
JH		 6029 /* Deal specially with operators that might take a certificate variable
6030 as we do not want to do the usual expansion. For most, expand the string.*/
6031 switch(c)
6032 {
80c974f8 6033#ifdef SUPPORT_TLS
6a8a60e0 6034 case EOP_MD5:
9ef9101c
JH		 6035 case EOP_SHA1:
6036 case EOP_SHA256:
6a8a60e0
JH		 6037 if (s[1] == '$')
6038 {
55414b25 6039 const uschar * s1 = s;
6a8a60e0
JH		 6040 sub = expand_string_internal(s+2, TRUE, &s1, skipping,
6041 FALSE, &resetok);
6042 if (!sub) goto EXPAND_FAILED; /*{*/
6043 if (*s1 != '}') goto EXPAND_FAILED_CURLY;
6044 if ((vp = find_var_ent(sub)) && vp->type == vtype_cert)
6045 {
6046 s = s1+1;
6047 break;
6048 }
fabe4dd9 6049 vp = NULL;
6a8a60e0 6050 }
6a8a60e0 6051 /*FALLTHROUGH*/
80c974f8 6052#endif
6a8a60e0
JH		 6053 default:
6054 sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
6055 if (!sub) goto EXPAND_FAILED;
6056 s++;
6057 break;
6058 }
6059
059ec3d9
PH		 6060 /* If we are skipping, we don't need to perform the operation at all.
6061 This matters for operations like "mask", because the data may not be
6062 in the correct format when skipping. For example, the expression may test
6063 for the existence of $sender_host_address before trying to mask it. For
6064 other operations, doing them may not fail, but it is a waste of time. */
6065
6066 if (skipping && c >= 0) continue;
6067
6068 /* Otherwise, switch on the operator type */
6069
6070 switch(c)
6071 {
6072 case EOP_BASE62:
6073 {
6074 uschar *t;
6075 unsigned long int n = Ustrtoul(sub, &t, 10);
6076 if (*t != 0)
6077 {
6078 expand_string_message = string_sprintf("argument for base62 "
6079 "operator is \"%s\", which is not a decimal number", sub);
6080 goto EXPAND_FAILED;
6081 }
6082 t = string_base62(n);
6083 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6084 continue;
6085 }
6086
9a799bc0
PH		 6087 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
6088
059ec3d9
PH		 6089 case EOP_BASE62D:
6090 {
6091 uschar buf[16];
6092 uschar *tt = sub;
6093 unsigned long int n = 0;
6094 while (*tt != 0)
6095 {
6096 uschar *t = Ustrchr(base62_chars, *tt++);
6097 if (t == NULL)
6098 {
6099 expand_string_message = string_sprintf("argument for base62d "
9a799bc0
PH		 6100 "operator is \"%s\", which is not a base %d number", sub,
6101 BASE_62);
059ec3d9
PH		 6102 goto EXPAND_FAILED;
6103 }
9a799bc0 6104 n = n * BASE_62 + (t - base62_chars);
059ec3d9
PH		 6105 }
6106 (void)sprintf(CS buf, "%ld", n);
6107 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
6108 continue;
6109 }
6110
6111 case EOP_EXPAND:
6112 {
b0e85a8f 6113 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
059ec3d9
PH		 6114 if (expanded == NULL)
6115 {
6116 expand_string_message =
6117 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
6118 expand_string_message);
6119 goto EXPAND_FAILED;
6120 }
6121 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
6122 continue;
6123 }
6124
6125 case EOP_LC:
6126 {
6127 int count = 0;
6128 uschar *t = sub - 1;
6129 while (*(++t) != 0) { *t = tolower(*t); count++; }
6130 yield = string_cat(yield, &size, &ptr, sub, count);
6131 continue;
6132 }
6133
6134 case EOP_UC:
6135 {
6136 int count = 0;
6137 uschar *t = sub - 1;
6138 while (*(++t) != 0) { *t = toupper(*t); count++; }
6139 yield = string_cat(yield, &size, &ptr, sub, count);
6140 continue;
6141 }
6142
6143 case EOP_MD5:
80c974f8 6144#ifdef SUPPORT_TLS
6a8a60e0
JH		 6145 if (vp && *(void **)vp->value)
6146 {
6147 uschar * cp = tls_cert_fprt_md5(*(void **)vp->value);
e3dd1d67 6148 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
6a8a60e0
JH		 6149 }
6150 else
80c974f8 6151#endif
6a8a60e0
JH		 6152 {
6153 md5 base;
6154 uschar digest[16];
6155 int j;
6156 char st[33];
6157 md5_start(&base);
6158 md5_end(&base, sub, Ustrlen(sub), digest);
6159 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
6160 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
6161 }
059ec3d9 6162 continue;
059ec3d9
PH		 6163
6164 case EOP_SHA1:
80c974f8 6165#ifdef SUPPORT_TLS
6a8a60e0
JH		 6166 if (vp && *(void **)vp->value)
6167 {
6168 uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value);
e3dd1d67 6169 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
6a8a60e0
JH		 6170 }
6171 else
80c974f8 6172#endif
6a8a60e0
JH		 6173 {
6174 sha1 base;
6175 uschar digest[20];
6176 int j;
6177 char st[41];
6178 sha1_start(&base);
6179 sha1_end(&base, sub, Ustrlen(sub), digest);
6180 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
6181 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
6182 }
059ec3d9 6183 continue;
059ec3d9 6184
9ef9101c
JH		 6185 case EOP_SHA256:
6186#ifdef SUPPORT_TLS
6187 if (vp && *(void **)vp->value)
6188 {
6189 uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
ca492d88 6190 yield = string_cat(yield, &size, &ptr, cp, (int)Ustrlen(cp));
9ef9101c
JH		 6191 }
6192 else
6193#endif
6194 expand_string_message = US"sha256 only supported for certificates";
6195 continue;
6196
059ec3d9
PH		 6197 /* Convert hex encoding to base64 encoding */
6198
6199 case EOP_HEX2B64:
6200 {
6201 int c = 0;
6202 int b = -1;
6203 uschar *in = sub;
6204 uschar *out = sub;
6205 uschar *enc;
6206
6207 for (enc = sub; *enc != 0; enc++)
6208 {
6209 if (!isxdigit(*enc))
6210 {
6211 expand_string_message = string_sprintf("\"%s\" is not a hex "
6212 "string", sub);
6213 goto EXPAND_FAILED;
6214 }
6215 c++;
6216 }
6217
6218 if ((c & 1) != 0)
6219 {
6220 expand_string_message = string_sprintf("\"%s\" contains an odd "
6221 "number of characters", sub);
6222 goto EXPAND_FAILED;
6223 }
6224
6225 while ((c = *in++) != 0)
6226 {
6227 if (isdigit(c)) c -= '0';
6228 else c = toupper(c) - 'A' + 10;
6229 if (b == -1)
6230 {
6231 b = c << 4;
6232 }
6233 else
6234 {
6235 *out++ = b | c;
6236 b = -1;
6237 }
6238 }
6239
6240 enc = auth_b64encode(sub, out - sub);
6241 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
6242 continue;
6243 }
6244
c393f931
TF		 6245 /* Convert octets outside 0x21..0x7E to \xXX form */
6246
6247 case EOP_HEXQUOTE:
6248 {
6249 uschar *t = sub - 1;
6250 while (*(++t) != 0)
6251 {
6252 if (*t < 0x21 || 0x7E < *t)
6253 yield = string_cat(yield, &size, &ptr,
6254 string_sprintf("\\x%02x", *t), 4);
6255 else
6256 yield = string_cat(yield, &size, &ptr, t, 1);
6257 }
6258 continue;
6259 }
6260
a64a3dfa
JH		 6261 /* count the number of list elements */
6262
6263 case EOP_LISTCOUNT:
6264 {
6265 int cnt = 0;
6266 int sep = 0;
6267 uschar * cp;
6268 uschar buffer[256];
6269
55414b25 6270 while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
a64a3dfa
JH		 6271 cp = string_sprintf("%d", cnt);
6272 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
6273 continue;
6274 }
6275
042eb971 6276 /* expand a named list given the name */
a64a3dfa 6277 /* handles nested named lists; requotes as colon-sep list */
042eb971 6278
a64a3dfa 6279 case EOP_LISTNAMED:
042eb971
JH		 6280 {
6281 tree_node *t = NULL;
55414b25 6282 const uschar * list;
042eb971
JH		 6283 int sep = 0;
6284 uschar * item;
6d9cfc47 6285 uschar * suffix = US"";
042eb971
JH		 6286 BOOL needsep = FALSE;
6287 uschar buffer[256];
6288
6289 if (*sub == '+') sub++;
6290 if (arg == NULL) /* no-argument version */
6291 {
6292 if (!(t = tree_search(addresslist_anchor, sub)) &&
6293 !(t = tree_search(domainlist_anchor, sub)) &&
6294 !(t = tree_search(hostlist_anchor, sub)))
6295 t = tree_search(localpartlist_anchor, sub);
6296 }
6297 else switch(*arg) /* specific list-type version */
6298 {
6d9cfc47
JH		 6299 case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break;
6300 case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break;
6301 case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break;
6302 case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
042eb971
JH		 6303 default:
6304 expand_string_message = string_sprintf("bad suffix on \"list\" operator");
6305 goto EXPAND_FAILED;
6306 }
6307
6308 if(!t)
6309 {
6310 expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
6311 sub, !arg?""
6312 : *arg=='a'?"address "
6313 : *arg=='d'?"domain "
6314 : *arg=='h'?"host "
6315 : *arg=='l'?"localpart "
6316 : 0);
6317 goto EXPAND_FAILED;
6318 }
6319
042eb971
JH		 6320 list = ((namedlist_block *)(t->data.ptr))->string;
6321
6322 while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
6323 {
6324 uschar * buf = US" : ";
6325 if (needsep)
6326 yield = string_cat(yield, &size, &ptr, buf, 3);
6327 else
6328 needsep = TRUE;
6329
6330 if (*item == '+') /* list item is itself a named list */
6331 {
a64a3dfa 6332 uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
b0e85a8f 6333 item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE, &resetok);
042eb971
JH		 6334 }
6335 else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
6336 {
6337 char * cp;
6338 char tok[3];
6339 tok[0] = sep; tok[1] = ':'; tok[2] = 0;
6340 while ((cp= strpbrk((const char *)item, tok)))
6341 {
6342 yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
6343 if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
6344 {
6345 yield = string_cat(yield, &size, &ptr, US"::", 2);
6d9cfc47 6346 item = (uschar *)cp;
042eb971
JH		 6347 }
6348 else /* sep in item; should already be doubled; emit once */
6349 {
6350 yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
6351 if (*cp == sep) cp++;
6d9cfc47 6352 item = (uschar *)cp;
042eb971
JH		 6353 }
6354 }
6355 }
6356 yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
6357 }
6358 continue;
6359 }
6360
059ec3d9
PH		 6361 /* mask applies a mask to an IP address; for example the result of
6362 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
6363
6364 case EOP_MASK:
6365 {
6366 int count;
6367 uschar *endptr;
6368 int binary[4];
6369 int mask, maskoffset;
6370 int type = string_is_ip_address(sub, &maskoffset);
6371 uschar buffer[64];
6372
6373 if (type == 0)
6374 {
6375 expand_string_message = string_sprintf("\"%s\" is not an IP address",
6376 sub);
6377 goto EXPAND_FAILED;
6378 }
6379
6380 if (maskoffset == 0)
6381 {
6382 expand_string_message = string_sprintf("missing mask value in \"%s\"",
6383 sub);
6384 goto EXPAND_FAILED;
6385 }
6386
6387 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
6388
6389 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
6390 {
6391 expand_string_message = string_sprintf("mask value too big in \"%s\"",
6392 sub);
6393 goto EXPAND_FAILED;
6394 }
6395
6396 /* Convert the address to binary integer(s) and apply the mask */
6397
6398 sub[maskoffset] = 0;
6399 count = host_aton(sub, binary);
6400 host_mask(count, binary, mask);
6401
6402 /* Convert to masked textual format and add to output. */
6403
6404 yield = string_cat(yield, &size, &ptr, buffer,
6f0c9a4f 6405 host_nmtoa(count, binary, mask, buffer, '.'));
059ec3d9
PH		 6406 continue;
6407 }
6408
6409 case EOP_ADDRESS:
6410 case EOP_LOCAL_PART:
6411 case EOP_DOMAIN:
6412 {
6413 uschar *error;
6414 int start, end, domain;
6415 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
6416 FALSE);
6417 if (t != NULL)
6418 {
6419 if (c != EOP_DOMAIN)
6420 {
6421 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
6422 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
6423 }
6424 else if (domain != 0)
6425 {
6426 domain += start;
6427 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
6428 }
6429 }
6430 continue;
6431 }
6432
29f89cad
PH		 6433 case EOP_ADDRESSES:
6434 {
6435 uschar outsep[2] = { ':', '\0' };
6436 uschar *address, *error;
6437 int save_ptr = ptr;
6438 int start, end, domain; /* Not really used */
6439
6440 while (isspace(*sub)) sub++;
6441 if (*sub == '>') { *outsep = *++sub; ++sub; }
6442 parse_allow_group = TRUE;
6443
6444 for (;;)
6445 {
6446 uschar *p = parse_find_address_end(sub, FALSE);
6447 uschar saveend = *p;
6448 *p = '\0';
6449 address = parse_extract_address(sub, &error, &start, &end, &domain,
6450 FALSE);
6451 *p = saveend;
6452
6453 /* Add the address to the output list that we are building. This is
6454 done in chunks by searching for the separator character. At the
6455 start, unless we are dealing with the first address of the output
6456 list, add in a space if the new address begins with the separator
6457 character, or is an empty string. */
6458
6459 if (address != NULL)
6460 {
6461 if (ptr != save_ptr && address[0] == *outsep)
6462 yield = string_cat(yield, &size, &ptr, US" ", 1);
6463
6464 for (;;)
6465 {
6466 size_t seglen = Ustrcspn(address, outsep);
6467 yield = string_cat(yield, &size, &ptr, address, seglen + 1);
6468
6469 /* If we got to the end of the string we output one character
6470 too many. */
6471
6472 if (address[seglen] == '\0') { ptr--; break; }
6473 yield = string_cat(yield, &size, &ptr, outsep, 1);
6474 address += seglen + 1;
6475 }
6476
6477 /* Output a separator after the string: we will remove the
6478 redundant final one at the end. */
6479
6480 yield = string_cat(yield, &size, &ptr, outsep, 1);
6481 }
6482
6483 if (saveend == '\0') break;
6484 sub = p + 1;
6485 }
6486
6487 /* If we have generated anything, remove the redundant final
6488 separator. */
6489
6490 if (ptr != save_ptr) ptr--;
6491 parse_allow_group = FALSE;
6492 continue;
6493 }
6494
6495
059ec3d9
PH		 6496 /* quote puts a string in quotes if it is empty or contains anything
6497 other than alphamerics, underscore, dot, or hyphen.
6498
6499 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
6500 be quoted in order to be a valid local part.
6501
6502 In both cases, newlines and carriage returns are converted into \n and \r
6503 respectively */
6504
6505 case EOP_QUOTE:
6506 case EOP_QUOTE_LOCAL_PART:
6507 if (arg == NULL)
6508 {
6509 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
6510 uschar *t = sub - 1;
6511
6512 if (c == EOP_QUOTE)
6513 {
6514 while (!needs_quote && *(++t) != 0)
6515 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
6516 }
6517 else /* EOP_QUOTE_LOCAL_PART */
6518 {
6519 while (!needs_quote && *(++t) != 0)
6520 needs_quote = !isalnum(*t) &&
6521 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
6522 (*t != '.' || t == sub || t[1] == 0);
6523 }
6524
6525 if (needs_quote)
6526 {
6527 yield = string_cat(yield, &size, &ptr, US"\"", 1);
6528 t = sub - 1;
6529 while (*(++t) != 0)
6530 {
6531 if (*t == '\n')
6532 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
6533 else if (*t == '\r')
6534 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
6535 else
6536 {
6537 if (*t == '\\' || *t == '"')
6538 yield = string_cat(yield, &size, &ptr, US"\\", 1);
6539 yield = string_cat(yield, &size, &ptr, t, 1);
6540 }
6541 }
6542 yield = string_cat(yield, &size, &ptr, US"\"", 1);
6543 }
6544 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
6545 continue;
6546 }
6547
6548 /* quote_lookuptype does lookup-specific quoting */
6549
6550 else
6551 {
6552 int n;
6553 uschar *opt = Ustrchr(arg, '_');
6554
6555 if (opt != NULL) *opt++ = 0;
6556
6557 n = search_findtype(arg, Ustrlen(arg));
6558 if (n < 0)
6559 {
6560 expand_string_message = search_error_message;
6561 goto EXPAND_FAILED;
6562 }
6563
e6d225ae
DW		 6564 if (lookup_list[n]->quote != NULL)
6565 sub = (lookup_list[n]->quote)(sub, opt);
059ec3d9
PH		 6566 else if (opt != NULL) sub = NULL;
6567
6568 if (sub == NULL)
6569 {
6570 expand_string_message = string_sprintf(
6571 "\"%s\" unrecognized after \"${quote_%s\"",
6572 opt, arg);
6573 goto EXPAND_FAILED;
6574 }
6575
6576 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
6577 continue;
6578 }
6579
6580 /* rx quote sticks in \ before any non-alphameric character so that
6581 the insertion works in a regular expression. */
6582
6583 case EOP_RXQUOTE:
6584 {
6585 uschar *t = sub - 1;
6586 while (*(++t) != 0)
6587 {
6588 if (!isalnum(*t))
6589 yield = string_cat(yield, &size, &ptr, US"\\", 1);
6590 yield = string_cat(yield, &size, &ptr, t, 1);
6591 }
6592 continue;
6593 }
6594
6595 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
6596 prescribed by the RFC, if there are characters that need to be encoded */
6597
6598 case EOP_RFC2047:
6599 {
14702f5b 6600 uschar buffer[2048];
55414b25 6601 const uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
46218253 6602 buffer, sizeof(buffer), FALSE);
059ec3d9
PH		 6603 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
6604 continue;
6605 }
6606
9c57cbc0
PH		 6607 /* RFC 2047 decode */
6608
6609 case EOP_RFC2047D:
6610 {
6611 int len;
6612 uschar *error;
6613 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
6614 headers_charset, '?', &len, &error);
6615 if (error != NULL)
6616 {
6617 expand_string_message = error;
6618 goto EXPAND_FAILED;
6619 }
6620 yield = string_cat(yield, &size, &ptr, decoded, len);
6621 continue;
6622 }
6623
059ec3d9
PH		 6624 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
6625 underscores */
6626
6627 case EOP_FROM_UTF8:
6628 {
6629 while (*sub != 0)
6630 {
6631 int c;
6632 uschar buff[4];
6633 GETUTF8INC(c, sub);
6634 if (c > 255) c = '_';
6635 buff[0] = c;
6636 yield = string_cat(yield, &size, &ptr, buff, 1);
6637 }
6638 continue;
6639 }
6640
b9c2e32f 6641 /* replace illegal UTF-8 sequences by replacement character */
94431adb 6642
b9c2e32f
AR		 6643 #define UTF8_REPLACEMENT_CHAR US"?"
6644
6645 case EOP_UTF8CLEAN:
6646 {
85098ee7 6647 int seq_len = 0, index = 0;
e3dd1d67 6648 int bytes_left = 0;
e8e86723 6649 long codepoint = -1;
b9c2e32f 6650 uschar seq_buff[4]; /* accumulate utf-8 here */
94431adb 6651
b9c2e32f
AR		 6652 while (*sub != 0)
6653 {
e8e86723
JH		 6654 int complete = 0;
6655 uschar c = *sub++;
b9c2e32f 6656
e3dd1d67 6657 if (bytes_left)
b9c2e32f
AR		 6658 {
6659 if ((c & 0xc0) != 0x80)
b9c2e32f
AR		 6660 /* wrong continuation byte; invalidate all bytes */
6661 complete = 1; /* error */
b9c2e32f
AR		 6662 else
6663 {
6664 codepoint = (codepoint << 6) | (c & 0x3f);
6665 seq_buff[index++] = c;
6666 if (--bytes_left == 0) /* codepoint complete */
b9c2e32f 6667 if(codepoint > 0x10FFFF) /* is it too large? */
e8e86723 6668 complete = -1; /* error (RFC3629 limit) */
b9c2e32f
AR		 6669 else
6670 { /* finished; output utf-8 sequence */
6671 yield = string_cat(yield, &size, &ptr, seq_buff, seq_len);
6672 index = 0;
6673 }
b9c2e32f
AR		 6674 }
6675 }
6676 else /* no bytes left: new sequence */
6677 {
6678 if((c & 0x80) == 0) /* 1-byte sequence, US-ASCII, keep it */
6679 {
6680 yield = string_cat(yield, &size, &ptr, &c, 1);
6681 continue;
6682 }
6683 if((c & 0xe0) == 0xc0) /* 2-byte sequence */
6684 {
10cc8a1e
AR		 6685 if(c == 0xc0 || c == 0xc1) /* 0xc0 and 0xc1 are illegal */
6686 complete = -1;
6687 else
6688 {
6689 bytes_left = 1;
6690 codepoint = c & 0x1f;
6691 }
b9c2e32f
AR		 6692 }
6693 else if((c & 0xf0) == 0xe0) /* 3-byte sequence */
6694 {
6695 bytes_left = 2;
6696 codepoint = c & 0x0f;
6697 }
6698 else if((c & 0xf8) == 0xf0) /* 4-byte sequence */
6699 {
6700 bytes_left = 3;
6701 codepoint = c & 0x07;
6702 }
6703 else /* invalid or too long (RFC3629 allows only 4 bytes) */
6704 complete = -1;
6705
6706 seq_buff[index++] = c;
6707 seq_len = bytes_left + 1;
6708 } /* if(bytes_left) */
6709
6710 if (complete != 0)
6711 {
6712 bytes_left = index = 0;
6713 yield = string_cat(yield, &size, &ptr, UTF8_REPLACEMENT_CHAR, 1);
6714 }
6715 if ((complete == 1) && ((c & 0x80) == 0))
4e08fd50 6716 /* ASCII character follows incomplete sequence */
b9c2e32f 6717 yield = string_cat(yield, &size, &ptr, &c, 1);
b9c2e32f
AR		 6718 }
6719 continue;
6720 }
6721
4e08fd50
JH		 6722#ifdef EXPERIMENTAL_INTERNATIONAL
6723 case EOP_UTF8_DOMAIN_TO_ALABEL:
6724 {
6725 uschar * error = NULL;
6726 uschar * s = string_domain_utf8_to_alabel(sub, &error);
6727 if (error)
6728 {
6729 expand_string_message = string_sprintf(
6730 "error converting utf8 (%s) to alabel: %s",
6731 string_printing(sub), error);
6732 goto EXPAND_FAILED;
6733 }
6734 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6735 continue;
6736 }
6737
6738 case EOP_UTF8_DOMAIN_FROM_ALABEL:
6739 {
6740 uschar * error = NULL;
6741 uschar * s = string_domain_alabel_to_utf8(sub, &error);
6742 if (error)
6743 {
6744 expand_string_message = string_sprintf(
6745 "error converting alabel (%s) to utf8: %s",
6746 string_printing(sub), error);
6747 goto EXPAND_FAILED;
6748 }
6749 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6750 continue;
6751 }
6752
6753 case EOP_UTF8_LOCALPART_TO_ALABEL:
6754 {
6755 uschar * error = NULL;
6756 uschar * s = string_localpart_utf8_to_alabel(sub, &error);
6757 if (error)
6758 {
6759 expand_string_message = string_sprintf(
6760 "error converting utf8 (%s) to alabel: %s",
6761 string_printing(sub), error);
6762 goto EXPAND_FAILED;
6763 }
6764 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6765 DEBUG(D_expand) debug_printf("yield: '%s'\n", yield);
6766 continue;
6767 }
6768
6769 case EOP_UTF8_LOCALPART_FROM_ALABEL:
6770 {
6771 uschar * error = NULL;
6772 uschar * s = string_localpart_alabel_to_utf8(sub, &error);
6773 if (error)
6774 {
6775 expand_string_message = string_sprintf(
6776 "error converting alabel (%s) to utf8: %s",
6777 string_printing(sub), error);
6778 goto EXPAND_FAILED;
6779 }
6780 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6781 continue;
6782 }
6783#endif /* EXPERIMENTAL_INTERNATIONAL */
6784
059ec3d9
PH		 6785 /* escape turns all non-printing characters into escape sequences. */
6786
6787 case EOP_ESCAPE:
6788 {
55414b25 6789 const uschar *t = string_printing(sub);
059ec3d9
PH		 6790 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6791 continue;
6792 }
6793
6794 /* Handle numeric expression evaluation */
6795
6796 case EOP_EVAL:
6797 case EOP_EVAL10:
6798 {
6799 uschar *save_sub = sub;
6800 uschar *error = NULL;
97d17305 6801 int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
059ec3d9
PH		 6802 if (error != NULL)
6803 {
6804 expand_string_message = string_sprintf("error in expression "
6805 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
6806 save_sub);
6807 goto EXPAND_FAILED;
6808 }
97d17305 6809 sprintf(CS var_buffer, PR_EXIM_ARITH, n);
059ec3d9
PH		 6810 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
6811 continue;
6812 }
6813
6814 /* Handle time period formating */
6815
f90d018c
PH		 6816 case EOP_TIME_EVAL:
6817 {
6818 int n = readconf_readtime(sub, 0, FALSE);
6819 if (n < 0)
6820 {
6821 expand_string_message = string_sprintf("string \"%s\" is not an "
6822 "Exim time interval in \"%s\" operator", sub, name);
6823 goto EXPAND_FAILED;
6824 }
6825 sprintf(CS var_buffer, "%d", n);
6826 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
6827 continue;
6828 }
6829
059ec3d9
PH		 6830 case EOP_TIME_INTERVAL:
6831 {
6832 int n;
6833 uschar *t = read_number(&n, sub);
6834 if (*t != 0) /* Not A Number*/
6835 {
6836 expand_string_message = string_sprintf("string \"%s\" is not a "
6837 "positive number in \"%s\" operator", sub, name);
6838 goto EXPAND_FAILED;
6839 }
6840 t = readconf_printtime(n);
6841 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6842 continue;
6843 }
6844
6845 /* Convert string to base64 encoding */
6846
6847 case EOP_STR2B64:
6848 {
6849 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
6850 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
6851 continue;
6852 }
6853
6854 /* strlen returns the length of the string */
6855
6856 case EOP_STRLEN:
6857 {
6858 uschar buff[24];
6859 (void)sprintf(CS buff, "%d", Ustrlen(sub));
6860 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
6861 continue;
6862 }
6863
6864 /* length_n or l_n takes just the first n characters or the whole string,
6865 whichever is the shorter;
6866
6867 substr_m_n, and s_m_n take n characters from offset m; negative m take
6868 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
6869 takes the rest, either to the right or to the left.
6870
6871 hash_n or h_n makes a hash of length n from the string, yielding n
6872 characters from the set a-z; hash_n_m makes a hash of length n, but
6873 uses m characters from the set a-zA-Z0-9.
6874
6875 nhash_n returns a single number between 0 and n-1 (in text form), while
6876 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
6877 between 0 and n-1 and the second between 0 and m-1. */
6878
6879 case EOP_LENGTH:
6880 case EOP_L:
6881 case EOP_SUBSTR:
6882 case EOP_S:
6883 case EOP_HASH:
6884 case EOP_H:
6885 case EOP_NHASH:
6886 case EOP_NH:
6887 {
6888 int sign = 1;
6889 int value1 = 0;
6890 int value2 = -1;
6891 int *pn;
6892 int len;
6893 uschar *ret;
6894
6895 if (arg == NULL)
6896 {
6897 expand_string_message = string_sprintf("missing values after %s",
6898 name);
6899 goto EXPAND_FAILED;
6900 }
6901
6902 /* "length" has only one argument, effectively being synonymous with
6903 substr_0_n. */
6904
6905 if (c == EOP_LENGTH || c == EOP_L)
6906 {
6907 pn = &value2;
6908 value2 = 0;
6909 }
6910
6911 /* The others have one or two arguments; for "substr" the first may be
6912 negative. The second being negative means "not supplied". */
6913
6914 else
6915 {
6916 pn = &value1;
6917 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
6918 }
6919
6920 /* Read up to two numbers, separated by underscores */
6921
6922 ret = arg;
6923 while (*arg != 0)
6924 {
6925 if (arg != ret && *arg == '_' && pn == &value1)
6926 {
6927 pn = &value2;
6928 value2 = 0;
6929 if (arg[1] != 0) arg++;
6930 }
6931 else if (!isdigit(*arg))
6932 {
6933 expand_string_message =
6934 string_sprintf("non-digit after underscore in \"%s\"", name);
6935 goto EXPAND_FAILED;
6936 }
6937 else *pn = (*pn)*10 + *arg++ - '0';
6938 }
6939 value1 *= sign;
6940
6941 /* Perform the required operation */
6942
6943 ret =
6944 (c == EOP_HASH || c == EOP_H)?
6945 compute_hash(sub, value1, value2, &len) :
6946 (c == EOP_NHASH || c == EOP_NH)?
6947 compute_nhash(sub, value1, value2, &len) :
6948 extract_substr(sub, value1, value2, &len);
6949
6950 if (ret == NULL) goto EXPAND_FAILED;
6951 yield = string_cat(yield, &size, &ptr, ret, len);
6952 continue;
6953 }
6954
6955 /* Stat a path */
6956
6957 case EOP_STAT:
6958 {
6959 uschar *s;
6960 uschar smode[12];
6961 uschar **modetable[3];
6962 int i;
6963 mode_t mode;
6964 struct stat st;
6965
254e032f
PH		 6966 if ((expand_forbid & RDO_EXISTS) != 0)
6967 {
6968 expand_string_message = US"Use of the stat() expansion is not permitted";
6969 goto EXPAND_FAILED;
6970 }
6971
059ec3d9
PH		 6972 if (stat(CS sub, &st) < 0)
6973 {
6974 expand_string_message = string_sprintf("stat(%s) failed: %s",
6975 sub, strerror(errno));
6976 goto EXPAND_FAILED;
6977 }
6978 mode = st.st_mode;
6979 switch (mode & S_IFMT)
6980 {
6981 case S_IFIFO: smode[0] = 'p'; break;
6982 case S_IFCHR: smode[0] = 'c'; break;
6983 case S_IFDIR: smode[0] = 'd'; break;
6984 case S_IFBLK: smode[0] = 'b'; break;
6985 case S_IFREG: smode[0] = '-'; break;
6986 default: smode[0] = '?'; break;
6987 }
6988
6989 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
6990 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
6991 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
6992
6993 for (i = 0; i < 3; i++)
6994 {
6995 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
6996 mode >>= 3;
6997 }
6998
6999 smode[10] = 0;
7000 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
b1c749bb 7001 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
059ec3d9
PH		 7002 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
7003 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
b1c749bb 7004 (long)st.st_gid, st.st_size, (long)st.st_atime,
059ec3d9
PH		 7005 (long)st.st_mtime, (long)st.st_ctime);
7006 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
7007 continue;
7008 }
7009
17c76198 7010 /* vaguely random number less than N */
9e3331ea
TK		 7011
7012 case EOP_RANDINT:
7013 {
97d17305 7014 int_eximarith_t max;
9e3331ea
TK		 7015 uschar *s;
7016
7685ce68 7017 max = expanded_string_integer(sub, TRUE);
9e3331ea
TK		 7018 if (expand_string_message != NULL)
7019 goto EXPAND_FAILED;
17c76198 7020 s = string_sprintf("%d", vaguely_random_number((int)max));
9e3331ea
TK		 7021 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
7022 continue;
7023 }
7024
83e029d5
PP		 7025 /* Reverse IP, including IPv6 to dotted-nibble */
7026
7027 case EOP_REVERSE_IP:
7028 {
7029 int family, maskptr;
7030 uschar reversed[128];
7031
7032 family = string_is_ip_address(sub, &maskptr);
7033 if (family == 0)
7034 {
7035 expand_string_message = string_sprintf(
7036 "reverse_ip() not given an IP address [%s]", sub);
7037 goto EXPAND_FAILED;
7038 }
7039 invert_address(reversed, sub);
7040 yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed));
7041 continue;
7042 }
7043
059ec3d9
PH		 7044 /* Unknown operator */
7045
7046 default:
7047 expand_string_message =
7048 string_sprintf("unknown expansion operator \"%s\"", name);
7049 goto EXPAND_FAILED;
7050 }
7051 }
7052
7053 /* Handle a plain name. If this is the first thing in the expansion, release
7054 the pre-allocated buffer. If the result data is known to be in a new buffer,
7055 newsize will be set to the size of that buffer, and we can just point at that
7056 store instead of copying. Many expansion strings contain just one reference,
7057 so this is a useful optimization, especially for humungous headers
7058 ($message_headers). */
2e23003a 7059 /*{*/
059ec3d9
PH		 7060 if (*s++ == '}')
7061 {
7062 int len;
7063 int newsize = 0;
7064 if (ptr == 0)
7065 {
d6b4d938 7066 if (resetok) store_reset(yield);
059ec3d9
PH		 7067 yield = NULL;
7068 size = 0;
7069 }
7070 value = find_variable(name, FALSE, skipping, &newsize);
7071 if (value == NULL)
7072 {
7073 expand_string_message =
7074 string_sprintf("unknown variable in \"${%s}\"", name);
641cb756 7075 check_variable_error_message(name);
059ec3d9
PH		 7076 goto EXPAND_FAILED;
7077 }
7078 len = Ustrlen(value);
7079 if (yield == NULL && newsize != 0)
7080 {
7081 yield = value;
7082 size = newsize;
7083 ptr = len;
7084 }
7085 else yield = string_cat(yield, &size, &ptr, value, len);
7086 continue;
7087 }
7088
7089 /* Else there's something wrong */
7090
7091 expand_string_message =
7092 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
7093 "in a variable reference)", name);
7094 goto EXPAND_FAILED;
7095 }
7096
7097/* If we hit the end of the string when ket_ends is set, there is a missing
7098terminating brace. */
7099
7100if (ket_ends && *s == 0)
7101 {
7102 expand_string_message = malformed_header?
7103 US"missing } at end of string - could be header name not terminated by colon"
7104 :
7105 US"missing } at end of string";
7106 goto EXPAND_FAILED;
7107 }
7108
7109/* Expansion succeeded; yield may still be NULL here if nothing was actually
7110added to the string. If so, set up an empty string. Add a terminating zero. If
7111left != NULL, return a pointer to the terminator. */
7112
7113if (yield == NULL) yield = store_get(1);
7114yield[ptr] = 0;
7115if (left != NULL) *left = s;
7116
7117/* Any stacking store that was used above the final string is no longer needed.
7118In many cases the final string will be the first one that was got and so there
7119will be optimal store usage. */
7120
d6b4d938 7121if (resetok) store_reset(yield + ptr + 1);
b0e85a8f
JH		 7122else if (resetok_p) *resetok_p = FALSE;
7123
059ec3d9
PH		 7124DEBUG(D_expand)
7125 {
7126 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
7127 yield);
7128 if (skipping) debug_printf("skipping: result is not used\n");
7129 }
7130return yield;
7131
7132/* This is the failure exit: easiest to program with a goto. We still need
7133to update the pointer to the terminator, for cases of nested calls with "fail".
7134*/
7135
7136EXPAND_FAILED_CURLY:
7137expand_string_message = malformed_header?
7138 US"missing or misplaced { or } - could be header name not terminated by colon"
7139 :
7140 US"missing or misplaced { or }";
7141
7142/* At one point, Exim reset the store to yield (if yield was not NULL), but
7143that is a bad idea, because expand_string_message is in dynamic store. */
7144
7145EXPAND_FAILED:
7146if (left != NULL) *left = s;
7147DEBUG(D_expand)
7148 {
7149 debug_printf("failed to expand: %s\n", string);
7150 debug_printf(" error message: %s\n", expand_string_message);
7151 if (expand_string_forcedfail) debug_printf("failure was forced\n");
7152 }
b0e85a8f 7153if (resetok_p) *resetok_p = resetok;
059ec3d9
PH		 7154return NULL;
7155}
7156
7157
7158/* This is the external function call. Do a quick check for any expansion
7159metacharacters, and if there are none, just return the input string.
7160
7161Argument: the string to be expanded
7162Returns: the expanded string, or NULL if expansion failed; if failure was
7163 due to a lookup deferring, search_find_defer will be TRUE
7164*/
7165
7166uschar *
7167expand_string(uschar *string)
7168{
7169search_find_defer = FALSE;
7170malformed_header = FALSE;
7171return (Ustrpbrk(string, "$\\") == NULL)? string :
b0e85a8f 7172 expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
059ec3d9
PH		 7173}
7174
7175
7176
55414b25
JH		 7177const uschar *
7178expand_cstring(const uschar *string)
7179{
7180search_find_defer = FALSE;
7181malformed_header = FALSE;
7182return (Ustrpbrk(string, "$\\") == NULL)? string :
7183 expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
7184}
7185
7186
7187
059ec3d9
PH		 7188/*************************************************
7189* Expand and copy *
7190*************************************************/
7191
7192/* Now and again we want to expand a string and be sure that the result is in a
7193new bit of store. This function does that.
55414b25 7194Since we know it has been copied, the de-const cast is safe.
059ec3d9
PH		 7195
7196Argument: the string to be expanded
7197Returns: the expanded string, always in a new bit of store, or NULL
7198*/
7199
7200uschar *
55414b25 7201expand_string_copy(const uschar *string)
059ec3d9 7202{
55414b25 7203const uschar *yield = expand_cstring(string);
059ec3d9 7204if (yield == string) yield = string_copy(string);
55414b25 7205return US yield;
059ec3d9
PH		 7206}
7207
7208
7209
7210/*************************************************
7211* Expand and interpret as an integer *
7212*************************************************/
7213
7214/* Expand a string, and convert the result into an integer.
7215
d45b1de8
PH		 7216Arguments:
7217 string the string to be expanded
7218 isplus TRUE if a non-negative number is expected
059ec3d9
PH		 7219
7220Returns: the integer value, or
7221 -1 for an expansion error ) in both cases, message in
7222 -2 for an integer interpretation error ) expand_string_message
d45b1de8 7223 expand_string_message is set NULL for an OK integer
059ec3d9
PH		 7224*/
7225
97d17305 7226int_eximarith_t
d45b1de8 7227expand_string_integer(uschar *string, BOOL isplus)
059ec3d9 7228{
7685ce68
TF		 7229return expanded_string_integer(expand_string(string), isplus);
7230}
7231
7232
7233/*************************************************
7234 * Interpret string as an integer *
7235 *************************************************/
7236
7237/* Convert a string (that has already been expanded) into an integer.
7238
7239This function is used inside the expansion code.
7240
7241Arguments:
7242 s the string to be expanded
7243 isplus TRUE if a non-negative number is expected
7244
7245Returns: the integer value, or
7246 -1 if string is NULL (which implies an expansion error)
7247 -2 for an integer interpretation error
7248 expand_string_message is set NULL for an OK integer
7249*/
7250
7251static int_eximarith_t
55414b25 7252expanded_string_integer(const uschar *s, BOOL isplus)
7685ce68 7253{
97d17305 7254int_eximarith_t value;
059ec3d9
PH		 7255uschar *msg = US"invalid integer \"%s\"";
7256uschar *endptr;
7257
d45b1de8
PH		 7258/* If expansion failed, expand_string_message will be set. */
7259
059ec3d9
PH		 7260if (s == NULL) return -1;
7261
7262/* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
7263to ERANGE. When there isn't an overflow, errno is not changed, at least on some
7264systems, so we set it zero ourselves. */
7265
7266errno = 0;
d45b1de8 7267expand_string_message = NULL; /* Indicates no error */
b52bc06e
NM		 7268
7269/* Before Exim 4.64, strings consisting entirely of whitespace compared
7270equal to 0. Unfortunately, people actually relied upon that, so preserve
7271the behaviour explicitly. Stripping leading whitespace is a harmless
7272noop change since strtol skips it anyway (provided that there is a number
7273to find at all). */
7274if (isspace(*s))
7275 {
7276 while (isspace(*s)) ++s;
7277 if (*s == '\0')
7278 {
7279 DEBUG(D_expand)
7280 debug_printf("treating blank string as number 0\n");
7281 return 0;
7282 }
7283 }
7284
aa7c82b2 7285value = strtoll(CS s, CSS &endptr, 10);
059ec3d9
PH		 7286
7287if (endptr == s)
7288 {
7289 msg = US"integer expected but \"%s\" found";
7290 }
d45b1de8
PH		 7291else if (value < 0 && isplus)
7292 {
7293 msg = US"non-negative integer expected but \"%s\" found";
7294 }
059ec3d9
PH		 7295else
7296 {
4eb9d6ef 7297 switch (tolower(*endptr))
059ec3d9 7298 {
4eb9d6ef
JH		 7299 default:
7300 break;
7301 case 'k':
4328fd3c 7302 if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE;
aa7c82b2 7303 else value *= 1024;
4eb9d6ef
JH		 7304 endptr++;
7305 break;
7306 case 'm':
4328fd3c 7307 if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE;
4eb9d6ef
JH		 7308 else value *= 1024*1024;
7309 endptr++;
7310 break;
7311 case 'g':
4328fd3c 7312 if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE;
4eb9d6ef
JH		 7313 else value *= 1024*1024*1024;
7314 endptr++;
7315 break;
059ec3d9
PH		 7316 }
7317 if (errno == ERANGE)
7318 msg = US"absolute value of integer \"%s\" is too large (overflow)";
7319 else
7320 {
7321 while (isspace(*endptr)) endptr++;
725735cd 7322 if (*endptr == 0) return value;
059ec3d9
PH		 7323 }
7324 }
7325
7326expand_string_message = string_sprintf(CS msg, s);
7327return -2;
7328}
7329
059ec3d9 7330
9c695f6d
JH		 7331/* These values are usually fixed boolean values, but they are permitted to be
7332expanded strings.
7333
7334Arguments:
7335 addr address being routed
7336 mtype the module type
7337 mname the module name
7338 dbg_opt debug selectors
7339 oname the option name
7340 bvalue the router's boolean value
7341 svalue the router's string value
7342 rvalue where to put the returned value
7343
7344Returns: OK value placed in rvalue
7345 DEFER expansion failed
7346*/
7347
7348int
7349exp_bool(address_item *addr,
7350 uschar *mtype, uschar *mname, unsigned dbg_opt,
7351 uschar *oname, BOOL bvalue,
7352 uschar *svalue, BOOL *rvalue)
7353{
7354uschar *expanded;
7355if (svalue == NULL) { *rvalue = bvalue; return OK; }
7356
7357expanded = expand_string(svalue);
7358if (expanded == NULL)
7359 {
7360 if (expand_string_forcedfail)
7361 {
7362 DEBUG(dbg_opt) debug_printf("expansion of \"%s\" forced failure\n", oname);
7363 *rvalue = bvalue;
7364 return OK;
7365 }
7366 addr->message = string_sprintf("failed to expand \"%s\" in %s %s: %s",
7367 oname, mname, mtype, expand_string_message);
7368 DEBUG(dbg_opt) debug_printf("%s\n", addr->message);
7369 return DEFER;
7370 }
7371
7372DEBUG(dbg_opt) debug_printf("expansion of \"%s\" yields \"%s\"\n", oname,
7373 expanded);
7374
7375if (strcmpic(expanded, US"true") == 0 || strcmpic(expanded, US"yes") == 0)
7376 *rvalue = TRUE;
7377else if (strcmpic(expanded, US"false") == 0 || strcmpic(expanded, US"no") == 0)
7378 *rvalue = FALSE;
7379else
7380 {
7381 addr->message = string_sprintf("\"%s\" is not a valid value for the "
7382 "\"%s\" option in the %s %s", expanded, oname, mname, mtype);
7383 return DEFER;
7384 }
7385
7386return OK;
7387}
7388
7389
7390
7391
059ec3d9
PH		 7392/*************************************************
7393**************************************************
7394* Stand-alone test program *
7395**************************************************
7396*************************************************/
7397
7398#ifdef STAND_ALONE
7399
7400
7401BOOL
7402regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
7403{
7404int ovector[3*(EXPAND_MAXN+1)];
7405int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
0539a19d 7406 ovector, nelem(ovector));
059ec3d9
PH		 7407BOOL yield = n >= 0;
7408if (n == 0) n = EXPAND_MAXN + 1;
7409if (yield)
7410 {
7411 int nn;
7412 expand_nmax = (setup < 0)? 0 : setup + 1;
7413 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
7414 {
7415 expand_nstring[expand_nmax] = subject + ovector[nn];
7416 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
7417 }
7418 expand_nmax--;
7419 }
7420return yield;
7421}
7422
7423
7424int main(int argc, uschar **argv)
7425{
7426int i;
7427uschar buffer[1024];
7428
7429debug_selector = D_v;
7430debug_file = stderr;
7431debug_fd = fileno(debug_file);
7432big_buffer = malloc(big_buffer_size);
7433
7434for (i = 1; i < argc; i++)
7435 {
7436 if (argv[i][0] == '+')
7437 {
7438 debug_trace_memory = 2;
7439 argv[i]++;
7440 }
7441 if (isdigit(argv[i][0]))
7442 debug_selector = Ustrtol(argv[i], NULL, 0);
7443 else
7444 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
7445 Ustrlen(argv[i]))
7446 {
7447 #ifdef LOOKUP_LDAP
7448 eldap_default_servers = argv[i];
7449 #endif
7450 #ifdef LOOKUP_MYSQL
7451 mysql_servers = argv[i];
7452 #endif
7453 #ifdef LOOKUP_PGSQL
7454 pgsql_servers = argv[i];
7455 #endif
9bdd29ad
TL		 7456 #ifdef EXPERIMENTAL_REDIS
7457 redis_servers = argv[i];
7458 #endif
059ec3d9
PH		 7459 }
7460 #ifdef EXIM_PERL
7461 else opt_perl_startup = argv[i];
7462 #endif
7463 }
7464
7465printf("Testing string expansion: debug_level = %d\n\n", debug_level);
7466
7467expand_nstring[1] = US"string 1....";
7468expand_nlength[1] = 8;
7469expand_nmax = 1;
7470
7471#ifdef EXIM_PERL
7472if (opt_perl_startup != NULL)
7473 {
7474 uschar *errstr;
7475 printf("Starting Perl interpreter\n");
7476 errstr = init_perl(opt_perl_startup);
7477 if (errstr != NULL)
7478 {
7479 printf("** error in perl_startup code: %s\n", errstr);
7480 return EXIT_FAILURE;
7481 }
7482 }
7483#endif /* EXIM_PERL */
7484
7485while (fgets(buffer, sizeof(buffer), stdin) != NULL)
7486 {
7487 void *reset_point = store_get(0);
7488 uschar *yield = expand_string(buffer);
7489 if (yield != NULL)
7490 {
7491 printf("%s\n", yield);
7492 store_reset(reset_point);
7493 }
7494 else
7495 {
7496 if (search_find_defer) printf("search_find deferred\n");
7497 printf("Failed: %s\n", expand_string_message);
7498 if (expand_string_forcedfail) printf("Forced failure\n");
7499 printf("\n");
7500 }
7501 }
7502
7503search_tidyup();
7504
7505return 0;
7506}
7507
7508#endif
7509
9e4dddbd 7510/* vi: aw ai sw=2
b9c2e32f 7511*/
059ec3d9 7512/* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.