Support dnssec in verify-callout use of smtp transport.
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5a66c31b 5/* Copyright (c) University of Cambridge 1995 - 2014 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH
14/* Recursively called function */
15
b0e85a8f 16static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL, BOOL, BOOL *);
96c065cb 17
059ec3d9
PH
18#ifdef STAND_ALONE
19#ifndef SUPPORT_CRYPTEQ
20#define SUPPORT_CRYPTEQ
21#endif
22#endif
23
96c065cb
PH
24#ifdef LOOKUP_LDAP
25#include "lookups/ldap.h"
26#endif
27
059ec3d9
PH
28#ifdef SUPPORT_CRYPTEQ
29#ifdef CRYPT_H
30#include <crypt.h>
31#endif
32#ifndef HAVE_CRYPT16
33extern char* crypt16(char*, char*);
34#endif
35#endif
36
96c065cb
PH
37/* The handling of crypt16() is a mess. I will record below the analysis of the
38mess that was sent to me. We decided, however, to make changing this very low
39priority, because in practice people are moving away from the crypt()
40algorithms nowadays, so it doesn't seem worth it.
41
42<quote>
43There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44the first 8 characters of the password using a 20-round version of crypt
45(standard crypt does 25 rounds). It then crypts the next 8 characters,
46or an empty block if the password is less than 9 characters, using a
4720-round version of crypt and the same salt as was used for the first
48block. Charaters after the first 16 are ignored. It always generates
49a 16-byte hash, which is expressed together with the salt as a string
50of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56and OSF/1. This is the same as the standard crypt if given a password
57of 8 characters or less. If given more, it first does the same as crypt
58using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59using as salt the first two base 64 digits from the first hash block.
60If the password is more than 16 characters then it crypts the 17th to 24th
61characters using as salt the first two base 64 digits from the second hash
62block. And so on: I've seen references to it cutting off the password at
6340 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70Exim has something it calls "crypt16". It will either use a native
71crypt16 or its own implementation. A native crypt16 will presumably
72be the one that I called "crypt16" above. The internal "crypt16"
73function, however, is a two-block-maximum implementation of what I called
74"bigcrypt". The documentation matches the internal code.
75
76I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77that crypt16 and bigcrypt were different things.
78
79Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80to whatever it is using under that name. This unfortunately sets a
81precedent for using "{crypt16}" to identify two incompatible algorithms
82whose output can't be distinguished. With "{crypt16}" thus rendered
83ambiguous, I suggest you deprecate it and invent two new identifiers
84for the two algorithms.
85
86Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87of the password separately means they can be cracked separately, so
88the double-length hash only doubles the cracking effort instead of
89squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90bcrypt ({CRYPT}$2a$).
91</quote>
92*/
059ec3d9
PH
93
94
059ec3d9
PH
95
96
97/*************************************************
98* Local statics and tables *
99*************************************************/
100
101/* Table of item names, and corresponding switch numbers. The names must be in
102alphabetical order. */
103
104static uschar *item_table[] = {
723c72e6 105 US"acl",
1a46a8c5 106 US"dlfunc",
059ec3d9 107 US"extract",
29f89cad 108 US"filter",
059ec3d9
PH
109 US"hash",
110 US"hmac",
111 US"if",
112 US"length",
aa26e137 113 US"listextract",
059ec3d9 114 US"lookup",
29f89cad 115 US"map",
059ec3d9 116 US"nhash",
1a46a8c5 117 US"perl",
fffda43a
TK
118 US"prvs",
119 US"prvscheck",
059ec3d9
PH
120 US"readfile",
121 US"readsocket",
29f89cad 122 US"reduce",
059ec3d9
PH
123 US"run",
124 US"sg",
125 US"substr",
126 US"tr" };
127
128enum {
723c72e6 129 EITEM_ACL,
1a46a8c5 130 EITEM_DLFUNC,
059ec3d9 131 EITEM_EXTRACT,
29f89cad 132 EITEM_FILTER,
059ec3d9
PH
133 EITEM_HASH,
134 EITEM_HMAC,
135 EITEM_IF,
136 EITEM_LENGTH,
aa26e137 137 EITEM_LISTEXTRACT,
059ec3d9 138 EITEM_LOOKUP,
29f89cad 139 EITEM_MAP,
059ec3d9 140 EITEM_NHASH,
1a46a8c5 141 EITEM_PERL,
fffda43a
TK
142 EITEM_PRVS,
143 EITEM_PRVSCHECK,
059ec3d9
PH
144 EITEM_READFILE,
145 EITEM_READSOCK,
29f89cad 146 EITEM_REDUCE,
059ec3d9
PH
147 EITEM_RUN,
148 EITEM_SG,
149 EITEM_SUBSTR,
150 EITEM_TR };
151
152/* Tables of operator names, and corresponding switch numbers. The names must be
153in alphabetical order. There are two tables, because underscore is used in some
154cases to introduce arguments, whereas for other it is part of the name. This is
155an historical mis-design. */
156
157static uschar *op_table_underscore[] = {
158 US"from_utf8",
159 US"local_part",
160 US"quote_local_part",
83e029d5 161 US"reverse_ip",
f90d018c 162 US"time_eval",
059ec3d9
PH
163 US"time_interval"};
164
165enum {
166 EOP_FROM_UTF8,
167 EOP_LOCAL_PART,
168 EOP_QUOTE_LOCAL_PART,
83e029d5 169 EOP_REVERSE_IP,
f90d018c 170 EOP_TIME_EVAL,
059ec3d9
PH
171 EOP_TIME_INTERVAL };
172
173static uschar *op_table_main[] = {
174 US"address",
29f89cad 175 US"addresses",
059ec3d9
PH
176 US"base62",
177 US"base62d",
178 US"domain",
179 US"escape",
180 US"eval",
181 US"eval10",
182 US"expand",
183 US"h",
184 US"hash",
185 US"hex2b64",
c393f931 186 US"hexquote",
059ec3d9
PH
187 US"l",
188 US"lc",
189 US"length",
a64a3dfa
JH
190 US"listcount",
191 US"listnamed",
059ec3d9
PH
192 US"mask",
193 US"md5",
194 US"nh",
195 US"nhash",
196 US"quote",
9e3331ea 197 US"randint",
059ec3d9 198 US"rfc2047",
9c57cbc0 199 US"rfc2047d",
059ec3d9
PH
200 US"rxquote",
201 US"s",
202 US"sha1",
203 US"stat",
204 US"str2b64",
205 US"strlen",
206 US"substr",
b9c2e32f
AR
207 US"uc",
208 US"utf8clean" };
059ec3d9
PH
209
210enum {
211 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
29f89cad 212 EOP_ADDRESSES,
059ec3d9
PH
213 EOP_BASE62,
214 EOP_BASE62D,
215 EOP_DOMAIN,
216 EOP_ESCAPE,
217 EOP_EVAL,
218 EOP_EVAL10,
219 EOP_EXPAND,
220 EOP_H,
221 EOP_HASH,
222 EOP_HEX2B64,
c393f931 223 EOP_HEXQUOTE,
059ec3d9
PH
224 EOP_L,
225 EOP_LC,
226 EOP_LENGTH,
a64a3dfa
JH
227 EOP_LISTCOUNT,
228 EOP_LISTNAMED,
059ec3d9
PH
229 EOP_MASK,
230 EOP_MD5,
231 EOP_NH,
232 EOP_NHASH,
233 EOP_QUOTE,
9e3331ea 234 EOP_RANDINT,
059ec3d9 235 EOP_RFC2047,
9c57cbc0 236 EOP_RFC2047D,
059ec3d9
PH
237 EOP_RXQUOTE,
238 EOP_S,
239 EOP_SHA1,
240 EOP_STAT,
241 EOP_STR2B64,
242 EOP_STRLEN,
243 EOP_SUBSTR,
b9c2e32f
AR
244 EOP_UC,
245 EOP_UTF8CLEAN };
059ec3d9
PH
246
247
248/* Table of condition names, and corresponding switch numbers. The names must
249be in alphabetical order. */
250
251static uschar *cond_table[] = {
252 US"<",
253 US"<=",
254 US"=",
255 US"==", /* Backward compatibility */
256 US">",
257 US">=",
333eea9c 258 US"acl",
059ec3d9 259 US"and",
f3766eb5 260 US"bool",
6a8de854 261 US"bool_lax",
059ec3d9
PH
262 US"crypteq",
263 US"def",
264 US"eq",
265 US"eqi",
266 US"exists",
267 US"first_delivery",
0ce9abe6
PH
268 US"forall",
269 US"forany",
059ec3d9
PH
270 US"ge",
271 US"gei",
272 US"gt",
273 US"gti",
76dca828
PP
274 US"inlist",
275 US"inlisti",
059ec3d9
PH
276 US"isip",
277 US"isip4",
278 US"isip6",
279 US"ldapauth",
280 US"le",
281 US"lei",
282 US"lt",
283 US"lti",
284 US"match",
285 US"match_address",
286 US"match_domain",
32d668a5 287 US"match_ip",
059ec3d9
PH
288 US"match_local_part",
289 US"or",
290 US"pam",
291 US"pwcheck",
292 US"queue_running",
293 US"radius",
294 US"saslauthd"
295};
296
297enum {
298 ECOND_NUM_L,
299 ECOND_NUM_LE,
300 ECOND_NUM_E,
301 ECOND_NUM_EE,
302 ECOND_NUM_G,
303 ECOND_NUM_GE,
333eea9c 304 ECOND_ACL,
059ec3d9 305 ECOND_AND,
f3766eb5 306 ECOND_BOOL,
6a8de854 307 ECOND_BOOL_LAX,
059ec3d9
PH
308 ECOND_CRYPTEQ,
309 ECOND_DEF,
310 ECOND_STR_EQ,
311 ECOND_STR_EQI,
312 ECOND_EXISTS,
313 ECOND_FIRST_DELIVERY,
0ce9abe6
PH
314 ECOND_FORALL,
315 ECOND_FORANY,
059ec3d9
PH
316 ECOND_STR_GE,
317 ECOND_STR_GEI,
318 ECOND_STR_GT,
319 ECOND_STR_GTI,
76dca828
PP
320 ECOND_INLIST,
321 ECOND_INLISTI,
059ec3d9
PH
322 ECOND_ISIP,
323 ECOND_ISIP4,
324 ECOND_ISIP6,
325 ECOND_LDAPAUTH,
326 ECOND_STR_LE,
327 ECOND_STR_LEI,
328 ECOND_STR_LT,
329 ECOND_STR_LTI,
330 ECOND_MATCH,
331 ECOND_MATCH_ADDRESS,
332 ECOND_MATCH_DOMAIN,
32d668a5 333 ECOND_MATCH_IP,
059ec3d9
PH
334 ECOND_MATCH_LOCAL_PART,
335 ECOND_OR,
336 ECOND_PAM,
337 ECOND_PWCHECK,
338 ECOND_QUEUE_RUNNING,
339 ECOND_RADIUS,
340 ECOND_SASLAUTHD
341};
342
343
344/* Type for main variable table */
345
346typedef struct {
1ba28e2b
PP
347 const char *name;
348 int type;
349 void *value;
059ec3d9
PH
350} var_entry;
351
352/* Type for entries pointing to address/length pairs. Not currently
353in use. */
354
355typedef struct {
356 uschar **address;
357 int *length;
358} alblock;
359
360/* Types of table entry */
361
362enum {
363 vtype_int, /* value is address of int */
364 vtype_filter_int, /* ditto, but recognized only when filtering */
365 vtype_ino, /* value is address of ino_t (not always an int) */
366 vtype_uid, /* value is address of uid_t (not always an int) */
367 vtype_gid, /* value is address of gid_t (not always an int) */
11d7e4fa 368 vtype_bool, /* value is address of bool */
059ec3d9
PH
369 vtype_stringptr, /* value is address of pointer to string */
370 vtype_msgbody, /* as stringptr, but read when first required */
371 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH
372 vtype_msgheaders, /* the message's headers, processed */
373 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH
374 vtype_localpart, /* extract local part from string */
375 vtype_domain, /* extract domain from string */
362145b5 376 vtype_string_func, /* value is string returned by given function */
059ec3d9
PH
377 vtype_todbsdin, /* value not used; generate BSD inbox tod */
378 vtype_tode, /* value not used; generate tod in epoch format */
f5787926 379 vtype_todel, /* value not used; generate tod in epoch/usec format */
059ec3d9
PH
380 vtype_todf, /* value not used; generate full tod */
381 vtype_todl, /* value not used; generate log tod */
382 vtype_todlf, /* value not used; generate log file datestamp tod */
383 vtype_todzone, /* value not used; generate time zone only */
384 vtype_todzulu, /* value not used; generate zulu tod */
385 vtype_reply, /* value not used; get reply from headers */
386 vtype_pid, /* value not used; result is pid */
387 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH
388 vtype_load_avg, /* value not used; result is int from os_getloadavg */
389 vtype_pspace, /* partition space; value is T/F for spool/log */
8e669ac1 390 vtype_pinodes /* partition inodes; value is T/F for spool/log */
80a47a2c
TK
391 #ifndef DISABLE_DKIM
392 ,vtype_dkim /* Lookup of value in DKIM signature */
393 #endif
059ec3d9
PH
394 };
395
362145b5
JH
396static uschar * fn_recipients(void);
397
059ec3d9
PH
398/* This table must be kept in alphabetical order. */
399
400static var_entry var_table[] = {
38a0a95f
PH
401 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
402 they will be confused with user-creatable ACL variables. */
525239c1
JH
403 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
404 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
405 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
406 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
407 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
408 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
409 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
410 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
411 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
412 { "acl_narg", vtype_int, &acl_narg },
059ec3d9
PH
413 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
414 { "address_data", vtype_stringptr, &deliver_address_data },
415 { "address_file", vtype_stringptr, &address_file },
416 { "address_pipe", vtype_stringptr, &address_pipe },
2d07a215 417 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
059ec3d9
PH
418 { "authenticated_id", vtype_stringptr, &authenticated_id },
419 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
420 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP
421#ifdef WITH_CONTENT_SCAN
422 { "av_failed", vtype_int, &av_failed },
423#endif
8523533c
TK
424#ifdef EXPERIMENTAL_BRIGHTMAIL
425 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
426 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
427 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
428 { "bmi_deliver", vtype_int, &bmi_deliver },
429#endif
059ec3d9
PH
430 { "body_linecount", vtype_int, &body_linecount },
431 { "body_zerocount", vtype_int, &body_zerocount },
432 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
433 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
434 { "caller_gid", vtype_gid, &real_gid },
435 { "caller_uid", vtype_uid, &real_uid },
436 { "compile_date", vtype_stringptr, &version_date },
437 { "compile_number", vtype_stringptr, &version_cnumber },
e5a9dba6 438 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK
439#ifdef EXPERIMENTAL_DCC
440 { "dcc_header", vtype_stringptr, &dcc_header },
441 { "dcc_result", vtype_stringptr, &dcc_result },
442#endif
8523533c
TK
443#ifdef WITH_OLD_DEMIME
444 { "demime_errorlevel", vtype_int, &demime_errorlevel },
445 { "demime_reason", vtype_stringptr, &demime_reason },
446#endif
80a47a2c
TK
447#ifndef DISABLE_DKIM
448 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
449 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
450 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
451 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
452 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
453 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 454 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 455 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK
456 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
457 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
458 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
459 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
460 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
461 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
462 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
463 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 464 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 465 { "dkim_signers", vtype_stringptr, &dkim_signers },
80a47a2c
TK
466 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
467 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
e08d09e5 468#endif
4840604e
TL
469#ifdef EXPERIMENTAL_DMARC
470 { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
8c8b8274 471 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
4840604e
TL
472 { "dmarc_status", vtype_stringptr, &dmarc_status },
473 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
474 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
475#endif
059ec3d9 476 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 477 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH
478 { "dnslist_text", vtype_stringptr, &dnslist_text },
479 { "dnslist_value", vtype_stringptr, &dnslist_value },
480 { "domain", vtype_stringptr, &deliver_domain },
481 { "domain_data", vtype_stringptr, &deliver_domain_data },
482 { "exim_gid", vtype_gid, &exim_gid },
483 { "exim_path", vtype_stringptr, &exim_path },
484 { "exim_uid", vtype_uid, &exim_uid },
8523533c
TK
485#ifdef WITH_OLD_DEMIME
486 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 487#endif
362145b5 488 { "headers_added", vtype_string_func, &fn_hdrs_added },
059ec3d9
PH
489 { "home", vtype_stringptr, &deliver_home },
490 { "host", vtype_stringptr, &deliver_host },
491 { "host_address", vtype_stringptr, &deliver_host_address },
492 { "host_data", vtype_stringptr, &host_data },
b08b24c8 493 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9
PH
494 { "host_lookup_failed", vtype_int, &host_lookup_failed },
495 { "inode", vtype_ino, &deliver_inode },
496 { "interface_address", vtype_stringptr, &interface_address },
497 { "interface_port", vtype_int, &interface_port },
0ce9abe6 498 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH
499 #ifdef LOOKUP_LDAP
500 { "ldap_dn", vtype_stringptr, &eldap_dn },
501 #endif
502 { "load_average", vtype_load_avg, NULL },
503 { "local_part", vtype_stringptr, &deliver_localpart },
504 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
505 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
506 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
507 { "local_scan_data", vtype_stringptr, &local_scan_data },
508 { "local_user_gid", vtype_gid, &local_user_gid },
509 { "local_user_uid", vtype_uid, &local_user_uid },
510 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 511 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 512 { "log_space", vtype_pspace, (void *)FALSE },
4e0983dc 513 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
059ec3d9 514 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK
515#ifdef WITH_CONTENT_SCAN
516 { "malware_name", vtype_stringptr, &malware_name },
517#endif
d677b2f2 518 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH
519 { "message_age", vtype_int, &message_age },
520 { "message_body", vtype_msgbody, &message_body },
521 { "message_body_end", vtype_msgbody_end, &message_body_end },
522 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 523 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 524 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 525 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 526 { "message_id", vtype_stringptr, &message_id },
2e0c1448 527 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 528 { "message_size", vtype_int, &message_size },
8523533c
TK
529#ifdef WITH_CONTENT_SCAN
530 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
531 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
532 { "mime_boundary", vtype_stringptr, &mime_boundary },
533 { "mime_charset", vtype_stringptr, &mime_charset },
534 { "mime_content_description", vtype_stringptr, &mime_content_description },
535 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
536 { "mime_content_id", vtype_stringptr, &mime_content_id },
537 { "mime_content_size", vtype_int, &mime_content_size },
538 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
539 { "mime_content_type", vtype_stringptr, &mime_content_type },
540 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
541 { "mime_filename", vtype_stringptr, &mime_filename },
542 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
543 { "mime_is_multipart", vtype_int, &mime_is_multipart },
544 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
545 { "mime_part_count", vtype_int, &mime_part_count },
546#endif
059ec3d9
PH
547 { "n0", vtype_filter_int, &filter_n[0] },
548 { "n1", vtype_filter_int, &filter_n[1] },
549 { "n2", vtype_filter_int, &filter_n[2] },
550 { "n3", vtype_filter_int, &filter_n[3] },
551 { "n4", vtype_filter_int, &filter_n[4] },
552 { "n5", vtype_filter_int, &filter_n[5] },
553 { "n6", vtype_filter_int, &filter_n[6] },
554 { "n7", vtype_filter_int, &filter_n[7] },
555 { "n8", vtype_filter_int, &filter_n[8] },
556 { "n9", vtype_filter_int, &filter_n[9] },
557 { "original_domain", vtype_stringptr, &deliver_domain_orig },
558 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
559 { "originator_gid", vtype_gid, &originator_gid },
560 { "originator_uid", vtype_uid, &originator_uid },
561 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
562 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
563 { "pid", vtype_pid, NULL },
564 { "primary_hostname", vtype_stringptr, &primary_hostname },
a3c86431 565#ifdef EXPERIMENTAL_PROXY
a3bddaa8
TL
566 { "proxy_host_address", vtype_stringptr, &proxy_host_address },
567 { "proxy_host_port", vtype_int, &proxy_host_port },
a3c86431 568 { "proxy_session", vtype_bool, &proxy_session },
eb57651e
TL
569 { "proxy_target_address",vtype_stringptr, &proxy_target_address },
570 { "proxy_target_port", vtype_int, &proxy_target_port },
a3c86431 571#endif
fffda43a
TK
572 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
573 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
574 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH
575 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
576 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
577 { "rcpt_count", vtype_int, &rcpt_count },
578 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
579 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
580 { "received_count", vtype_int, &received_count },
581 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH
582 { "received_ip_address", vtype_stringptr, &interface_address },
583 { "received_port", vtype_int, &interface_port },
059ec3d9 584 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 585 { "received_time", vtype_int, &received_time },
059ec3d9 586 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 587 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
362145b5 588 { "recipients", vtype_string_func, &fn_recipients },
059ec3d9 589 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK
590#ifdef WITH_CONTENT_SCAN
591 { "regex_match_string", vtype_stringptr, &regex_match_string },
592#endif
059ec3d9
PH
593 { "reply_address", vtype_reply, NULL },
594 { "return_path", vtype_stringptr, &return_path },
595 { "return_size_limit", vtype_int, &bounce_return_size_limit },
181d9bf8 596 { "router_name", vtype_stringptr, &router_name },
059ec3d9
PH
597 { "runrc", vtype_int, &runrc },
598 { "self_hostname", vtype_stringptr, &self_hostname },
599 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 600 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH
601 { "sender_address_domain", vtype_domain, &sender_address },
602 { "sender_address_local_part", vtype_localpart, &sender_address },
603 { "sender_data", vtype_stringptr, &sender_data },
604 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
605 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
606 { "sender_host_address", vtype_stringptr, &sender_host_address },
607 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
11d7e4fa 608 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
059ec3d9
PH
609 { "sender_host_name", vtype_host_lookup, NULL },
610 { "sender_host_port", vtype_int, &sender_host_port },
611 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF
612 { "sender_rate", vtype_stringptr, &sender_rate },
613 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
614 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 615 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 616 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH
617 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
618 { "sending_port", vtype_int, &sending_port },
8e669ac1 619 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH
620 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
621 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
b01dd148 622 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 623 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH
624 { "sn0", vtype_filter_int, &filter_sn[0] },
625 { "sn1", vtype_filter_int, &filter_sn[1] },
626 { "sn2", vtype_filter_int, &filter_sn[2] },
627 { "sn3", vtype_filter_int, &filter_sn[3] },
628 { "sn4", vtype_filter_int, &filter_sn[4] },
629 { "sn5", vtype_filter_int, &filter_sn[5] },
630 { "sn6", vtype_filter_int, &filter_sn[6] },
631 { "sn7", vtype_filter_int, &filter_sn[7] },
632 { "sn8", vtype_filter_int, &filter_sn[8] },
633 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c
TK
634#ifdef WITH_CONTENT_SCAN
635 { "spam_bar", vtype_stringptr, &spam_bar },
636 { "spam_report", vtype_stringptr, &spam_report },
637 { "spam_score", vtype_stringptr, &spam_score },
638 { "spam_score_int", vtype_stringptr, &spam_score_int },
639#endif
640#ifdef EXPERIMENTAL_SPF
65a7d8c3 641 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK
642 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
643 { "spf_received", vtype_stringptr, &spf_received },
644 { "spf_result", vtype_stringptr, &spf_result },
645 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
646#endif
059ec3d9 647 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 648 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 649 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK
650#ifdef EXPERIMENTAL_SRS
651 { "srs_db_address", vtype_stringptr, &srs_db_address },
652 { "srs_db_key", vtype_stringptr, &srs_db_key },
653 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
654 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
655 { "srs_recipient", vtype_stringptr, &srs_recipient },
656 { "srs_status", vtype_stringptr, &srs_status },
657#endif
059ec3d9 658 { "thisaddress", vtype_stringptr, &filter_thisaddress },
817d9f57 659
d9b2312b 660 /* The non-(in,out) variables are now deprecated */
817d9f57
JH
661 { "tls_bits", vtype_int, &tls_in.bits },
662 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
663 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
d9b2312b
JH
664
665 { "tls_in_bits", vtype_int, &tls_in.bits },
666 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
667 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
668 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
669#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
670 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
671#endif
817d9f57 672 { "tls_out_bits", vtype_int, &tls_out.bits },
cb9d95ae 673 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
817d9f57
JH
674 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
675 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
676#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
677 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
7be682ca 678#endif
d9b2312b 679
613dd4ae
JH
680 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
681#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
682 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
683#endif
817d9f57 684
059ec3d9
PH
685 { "tod_bsdinbox", vtype_todbsdin, NULL },
686 { "tod_epoch", vtype_tode, NULL },
f5787926 687 { "tod_epoch_l", vtype_todel, NULL },
059ec3d9
PH
688 { "tod_full", vtype_todf, NULL },
689 { "tod_log", vtype_todl, NULL },
690 { "tod_logfile", vtype_todlf, NULL },
691 { "tod_zone", vtype_todzone, NULL },
692 { "tod_zulu", vtype_todzulu, NULL },
d68218c7
JH
693#ifdef EXPERIMENTAL_TPDA
694 { "tpda_defer_errno", vtype_int, &tpda_defer_errno },
695 { "tpda_defer_errstr", vtype_stringptr, &tpda_defer_errstr },
696 { "tpda_delivery_confirmation", vtype_stringptr, &tpda_delivery_confirmation },
697 { "tpda_delivery_domain", vtype_stringptr, &tpda_delivery_domain },
698 { "tpda_delivery_fqdn", vtype_stringptr, &tpda_delivery_fqdn },
699 { "tpda_delivery_ip", vtype_stringptr, &tpda_delivery_ip },
700 { "tpda_delivery_local_part",vtype_stringptr,&tpda_delivery_local_part },
701 { "tpda_delivery_port", vtype_int, &tpda_delivery_port },
702#endif
181d9bf8 703 { "transport_name", vtype_stringptr, &transport_name },
059ec3d9
PH
704 { "value", vtype_stringptr, &lookup_value },
705 { "version_number", vtype_stringptr, &version_string },
706 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
707 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
708 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
709 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
710 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
711 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
712};
713
714static int var_table_size = sizeof(var_table)/sizeof(var_entry);
715static uschar var_buffer[256];
716static BOOL malformed_header;
717
718/* For textual hashes */
719
1ba28e2b
PP
720static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
721 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
722 "0123456789";
059ec3d9
PH
723
724enum { HMAC_MD5, HMAC_SHA1 };
725
726/* For numeric hashes */
727
728static unsigned int prime[] = {
729 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
730 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
731 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
732
733/* For printing modes in symbolic form */
734
735static uschar *mtable_normal[] =
736 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
737
738static uschar *mtable_setid[] =
739 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
740
741static uschar *mtable_sticky[] =
742 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
743
744
745
746/*************************************************
747* Tables for UTF-8 support *
748*************************************************/
749
750/* Table of the number of extra characters, indexed by the first character
751masked with 0x3f. The highest number for a valid UTF-8 character is in fact
7520x3d. */
753
754static uschar utf8_table1[] = {
755 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
756 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
757 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
758 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
759
760/* These are the masks for the data bits in the first byte of a character,
761indexed by the number of additional bytes. */
762
763static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
764
765/* Get the next UTF-8 character, advancing the pointer. */
766
767#define GETUTF8INC(c, ptr) \
768 c = *ptr++; \
769 if ((c & 0xc0) == 0xc0) \
770 { \
771 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
772 int s = 6*a; \
773 c = (c & utf8_table2[a]) << s; \
774 while (a-- > 0) \
775 { \
776 s -= 6; \
777 c |= (*ptr++ & 0x3f) << s; \
778 } \
779 }
780
781
782/*************************************************
783* Binary chop search on a table *
784*************************************************/
785
786/* This is used for matching expansion items and operators.
787
788Arguments:
789 name the name that is being sought
790 table the table to search
791 table_size the number of items in the table
792
793Returns: the offset in the table, or -1
794*/
795
796static int
797chop_match(uschar *name, uschar **table, int table_size)
798{
799uschar **bot = table;
800uschar **top = table + table_size;
801
802while (top > bot)
803 {
804 uschar **mid = bot + (top - bot)/2;
805 int c = Ustrcmp(name, *mid);
806 if (c == 0) return mid - table;
807 if (c > 0) bot = mid + 1; else top = mid;
808 }
809
810return -1;
811}
812
813
814
815/*************************************************
816* Check a condition string *
817*************************************************/
818
819/* This function is called to expand a string, and test the result for a "true"
820or "false" value. Failure of the expansion yields FALSE; logged unless it was a
be7a5781
JH
821forced fail or lookup defer.
822
823We used to release all store used, but this is not not safe due
824to ${dlfunc } and ${acl }. In any case expand_string_internal()
825is reasonably careful to release what it can.
059ec3d9 826
6a8de854
PP
827The actual false-value tests should be replicated for ECOND_BOOL_LAX.
828
059ec3d9
PH
829Arguments:
830 condition the condition string
831 m1 text to be incorporated in panic error
832 m2 ditto
833
834Returns: TRUE if condition is met, FALSE if not
835*/
836
837BOOL
838expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
839{
840int rc;
059ec3d9
PH
841uschar *ss = expand_string(condition);
842if (ss == NULL)
843 {
844 if (!expand_string_forcedfail && !search_find_defer)
845 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
846 "for %s %s: %s", condition, m1, m2, expand_string_message);
847 return FALSE;
848 }
849rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
850 strcmpic(ss, US"false") != 0;
059ec3d9
PH
851return rc;
852}
853
854
855
17c76198 856
059ec3d9 857/*************************************************
9e3331ea
TK
858* Pseudo-random number generation *
859*************************************************/
860
861/* Pseudo-random number generation. The result is not "expected" to be
862cryptographically strong but not so weak that someone will shoot themselves
863in the foot using it as a nonce in some email header scheme or whatever
864weirdness they'll twist this into. The result should ideally handle fork().
865
866However, if we're stuck unable to provide this, then we'll fall back to
867appallingly bad randomness.
868
17c76198
PP
869If SUPPORT_TLS is defined then this will not be used except as an emergency
870fallback.
9e3331ea
TK
871
872Arguments:
873 max range maximum
874Returns a random number in range [0, max-1]
875*/
876
17c76198
PP
877#ifdef SUPPORT_TLS
878# define vaguely_random_number vaguely_random_number_fallback
879#endif
9e3331ea 880int
17c76198 881vaguely_random_number(int max)
9e3331ea 882{
17c76198
PP
883#ifdef SUPPORT_TLS
884# undef vaguely_random_number
885#endif
9e3331ea
TK
886 static pid_t pid = 0;
887 pid_t p2;
888#if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
889 struct timeval tv;
890#endif
891
892 p2 = getpid();
893 if (p2 != pid)
894 {
895 if (pid != 0)
896 {
897
898#ifdef HAVE_ARC4RANDOM
899 /* cryptographically strong randomness, common on *BSD platforms, not
900 so much elsewhere. Alas. */
901 arc4random_stir();
902#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
903#ifdef HAVE_SRANDOMDEV
904 /* uses random(4) for seeding */
905 srandomdev();
906#else
907 gettimeofday(&tv, NULL);
908 srandom(tv.tv_sec | tv.tv_usec | getpid());
909#endif
910#else
911 /* Poor randomness and no seeding here */
912#endif
913
914 }
915 pid = p2;
916 }
917
918#ifdef HAVE_ARC4RANDOM
919 return arc4random() % max;
920#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
921 return random() % max;
922#else
923 /* This one returns a 16-bit number, definitely not crypto-strong */
924 return random_number(max);
925#endif
926}
927
17c76198
PP
928
929
9e3331ea
TK
930
931/*************************************************
059ec3d9
PH
932* Pick out a name from a string *
933*************************************************/
934
935/* If the name is too long, it is silently truncated.
936
937Arguments:
938 name points to a buffer into which to put the name
939 max is the length of the buffer
940 s points to the first alphabetic character of the name
941 extras chars other than alphanumerics to permit
942
943Returns: pointer to the first character after the name
944
945Note: The test for *s != 0 in the while loop is necessary because
946Ustrchr() yields non-NULL if the character is zero (which is not something
947I expected). */
948
949static uschar *
950read_name(uschar *name, int max, uschar *s, uschar *extras)
951{
952int ptr = 0;
953while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
954 {
955 if (ptr < max-1) name[ptr++] = *s;
956 s++;
957 }
958name[ptr] = 0;
959return s;
960}
961
962
963
964/*************************************************
965* Pick out the rest of a header name *
966*************************************************/
967
968/* A variable name starting $header_ (or just $h_ for those who like
969abbreviations) might not be the complete header name because headers can
970contain any printing characters in their names, except ':'. This function is
971called to read the rest of the name, chop h[eader]_ off the front, and put ':'
972on the end, if the name was terminated by white space.
973
974Arguments:
975 name points to a buffer in which the name read so far exists
976 max is the length of the buffer
977 s points to the first character after the name so far, i.e. the
978 first non-alphameric character after $header_xxxxx
979
980Returns: a pointer to the first character after the header name
981*/
982
983static uschar *
984read_header_name(uschar *name, int max, uschar *s)
985{
986int prelen = Ustrchr(name, '_') - name + 1;
987int ptr = Ustrlen(name) - prelen;
988if (ptr > 0) memmove(name, name+prelen, ptr);
989while (mac_isgraph(*s) && *s != ':')
990 {
991 if (ptr < max-1) name[ptr++] = *s;
992 s++;
993 }
994if (*s == ':') s++;
995name[ptr++] = ':';
996name[ptr] = 0;
997return s;
998}
999
1000
1001
1002/*************************************************
1003* Pick out a number from a string *
1004*************************************************/
1005
1006/* Arguments:
1007 n points to an integer into which to put the number
1008 s points to the first digit of the number
1009
1010Returns: a pointer to the character after the last digit
1011*/
1012
1013static uschar *
1014read_number(int *n, uschar *s)
1015{
1016*n = 0;
1017while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1018return s;
1019}
1020
1021
1022
1023/*************************************************
1024* Extract keyed subfield from a string *
1025*************************************************/
1026
1027/* The yield is in dynamic store; NULL means that the key was not found.
1028
1029Arguments:
1030 key points to the name of the key
1031 s points to the string from which to extract the subfield
1032
1033Returns: NULL if the subfield was not found, or
1034 a pointer to the subfield's data
1035*/
1036
1037static uschar *
1038expand_getkeyed(uschar *key, uschar *s)
1039{
1040int length = Ustrlen(key);
1041while (isspace(*s)) s++;
1042
1043/* Loop to search for the key */
1044
1045while (*s != 0)
1046 {
1047 int dkeylength;
1048 uschar *data;
1049 uschar *dkey = s;
1050
1051 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1052 dkeylength = s - dkey;
1053 while (isspace(*s)) s++;
1054 if (*s == '=') while (isspace((*(++s))));
1055
1056 data = string_dequote(&s);
1057 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1058 return data;
1059
1060 while (isspace(*s)) s++;
1061 }
1062
1063return NULL;
1064}
1065
1066
1067
1068
1069/*************************************************
1070* Extract numbered subfield from string *
1071*************************************************/
1072
1073/* Extracts a numbered field from a string that is divided by tokens - for
1074example a line from /etc/passwd is divided by colon characters. First field is
1075numbered one. Negative arguments count from the right. Zero returns the whole
1076string. Returns NULL if there are insufficient tokens in the string
1077
1078***WARNING***
1079Modifies final argument - this is a dynamically generated string, so that's OK.
1080
1081Arguments:
1082 field number of field to be extracted,
1083 first field = 1, whole string = 0, last field = -1
1084 separators characters that are used to break string into tokens
1085 s points to the string from which to extract the subfield
1086
1087Returns: NULL if the field was not found,
1088 a pointer to the field's data inside s (modified to add 0)
1089*/
1090
1091static uschar *
1092expand_gettokened (int field, uschar *separators, uschar *s)
1093{
1094int sep = 1;
1095int count;
1096uschar *ss = s;
1097uschar *fieldtext = NULL;
1098
1099if (field == 0) return s;
1100
1101/* Break the line up into fields in place; for field > 0 we stop when we have
1102done the number of fields we want. For field < 0 we continue till the end of
1103the string, counting the number of fields. */
1104
1105count = (field > 0)? field : INT_MAX;
1106
1107while (count-- > 0)
1108 {
1109 size_t len;
1110
1111 /* Previous field was the last one in the string. For a positive field
1112 number, this means there are not enough fields. For a negative field number,
1113 check that there are enough, and scan back to find the one that is wanted. */
1114
1115 if (sep == 0)
1116 {
1117 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1118 if ((-field) == (INT_MAX - count - 1)) return s;
1119 while (field++ < 0)
1120 {
1121 ss--;
1122 while (ss[-1] != 0) ss--;
1123 }
1124 fieldtext = ss;
1125 break;
1126 }
1127
1128 /* Previous field was not last in the string; save its start and put a
1129 zero at its end. */
1130
1131 fieldtext = ss;
1132 len = Ustrcspn(ss, separators);
1133 sep = ss[len];
1134 ss[len] = 0;
1135 ss += len + 1;
1136 }
1137
1138return fieldtext;
1139}
1140
1141
aa26e137
JH
1142static uschar *
1143expand_getlistele (int field, uschar *list)
1144{
1145uschar * tlist= list;
1146int sep= 0;
1147uschar dummy;
1148
1149if(field<0)
1150{
1151 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1152 sep= 0;
1153}
1154if(field==0) return NULL;
1155while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1156return string_nextinlist(&list, &sep, NULL, 0);
1157}
059ec3d9
PH
1158
1159/*************************************************
1160* Extract a substring from a string *
1161*************************************************/
1162
1163/* Perform the ${substr or ${length expansion operations.
1164
1165Arguments:
1166 subject the input string
1167 value1 the offset from the start of the input string to the start of
1168 the output string; if negative, count from the right.
1169 value2 the length of the output string, or negative (-1) for unset
1170 if value1 is positive, unset means "all after"
1171 if value1 is negative, unset means "all before"
1172 len set to the length of the returned string
1173
1174Returns: pointer to the output string, or NULL if there is an error
1175*/
1176
1177static uschar *
1178extract_substr(uschar *subject, int value1, int value2, int *len)
1179{
1180int sublen = Ustrlen(subject);
1181
1182if (value1 < 0) /* count from right */
1183 {
1184 value1 += sublen;
1185
1186 /* If the position is before the start, skip to the start, and adjust the
1187 length. If the length ends up negative, the substring is null because nothing
1188 can precede. This falls out naturally when the length is unset, meaning "all
1189 to the left". */
1190
1191 if (value1 < 0)
1192 {
1193 value2 += value1;
1194 if (value2 < 0) value2 = 0;
1195 value1 = 0;
1196 }
1197
1198 /* Otherwise an unset length => characters before value1 */
1199
1200 else if (value2 < 0)
1201 {
1202 value2 = value1;
1203 value1 = 0;
1204 }
1205 }
1206
1207/* For a non-negative offset, if the starting position is past the end of the
1208string, the result will be the null string. Otherwise, an unset length means
1209"rest"; just set it to the maximum - it will be cut down below if necessary. */
1210
1211else
1212 {
1213 if (value1 > sublen)
1214 {
1215 value1 = sublen;
1216 value2 = 0;
1217 }
1218 else if (value2 < 0) value2 = sublen;
1219 }
1220
1221/* Cut the length down to the maximum possible for the offset value, and get
1222the required characters. */
1223
1224if (value1 + value2 > sublen) value2 = sublen - value1;
1225*len = value2;
1226return subject + value1;
1227}
1228
1229
1230
1231
1232/*************************************************
1233* Old-style hash of a string *
1234*************************************************/
1235
1236/* Perform the ${hash expansion operation.
1237
1238Arguments:
1239 subject the input string (an expanded substring)
1240 value1 the length of the output string; if greater or equal to the
1241 length of the input string, the input string is returned
1242 value2 the number of hash characters to use, or 26 if negative
1243 len set to the length of the returned string
1244
1245Returns: pointer to the output string, or NULL if there is an error
1246*/
1247
1248static uschar *
1249compute_hash(uschar *subject, int value1, int value2, int *len)
1250{
1251int sublen = Ustrlen(subject);
1252
1253if (value2 < 0) value2 = 26;
1254else if (value2 > Ustrlen(hashcodes))
1255 {
1256 expand_string_message =
1257 string_sprintf("hash count \"%d\" too big", value2);
1258 return NULL;
1259 }
1260
1261/* Calculate the hash text. We know it is shorter than the original string, so
1262can safely place it in subject[] (we know that subject is always itself an
1263expanded substring). */
1264
1265if (value1 < sublen)
1266 {
1267 int c;
1268 int i = 0;
1269 int j = value1;
1270 while ((c = (subject[j])) != 0)
1271 {
1272 int shift = (c + j++) & 7;
1273 subject[i] ^= (c << shift) | (c >> (8-shift));
1274 if (++i >= value1) i = 0;
1275 }
1276 for (i = 0; i < value1; i++)
1277 subject[i] = hashcodes[(subject[i]) % value2];
1278 }
1279else value1 = sublen;
1280
1281*len = value1;
1282return subject;
1283}
1284
1285
1286
1287
1288/*************************************************
1289* Numeric hash of a string *
1290*************************************************/
1291
1292/* Perform the ${nhash expansion operation. The first characters of the
1293string are treated as most important, and get the highest prime numbers.
1294
1295Arguments:
1296 subject the input string
1297 value1 the maximum value of the first part of the result
1298 value2 the maximum value of the second part of the result,
1299 or negative to produce only a one-part result
1300 len set to the length of the returned string
1301
1302Returns: pointer to the output string, or NULL if there is an error.
1303*/
1304
1305static uschar *
1306compute_nhash (uschar *subject, int value1, int value2, int *len)
1307{
1308uschar *s = subject;
1309int i = 0;
1310unsigned long int total = 0; /* no overflow */
1311
1312while (*s != 0)
1313 {
1314 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1315 total += prime[i--] * (unsigned int)(*s++);
1316 }
1317
1318/* If value2 is unset, just compute one number */
1319
1320if (value2 < 0)
1321 {
1322 s = string_sprintf("%d", total % value1);
1323 }
1324
1325/* Otherwise do a div/mod hash */
1326
1327else
1328 {
1329 total = total % (value1 * value2);
1330 s = string_sprintf("%d/%d", total/value2, total % value2);
1331 }
1332
1333*len = Ustrlen(s);
1334return s;
1335}
1336
1337
1338
1339
1340
1341/*************************************************
1342* Find the value of a header or headers *
1343*************************************************/
1344
1345/* Multiple instances of the same header get concatenated, and this function
1346can also return a concatenation of all the header lines. When concatenating
1347specific headers that contain lists of addresses, a comma is inserted between
1348them. Otherwise we use a straight concatenation. Because some messages can have
1349pathologically large number of lines, there is a limit on the length that is
1350returned. Also, to avoid massive store use which would result from using
1351string_cat() as it copies and extends strings, we do a preliminary pass to find
1352out exactly how much store will be needed. On "normal" messages this will be
1353pretty trivial.
1354
1355Arguments:
1356 name the name of the header, without the leading $header_ or $h_,
1357 or NULL if a concatenation of all headers is required
1358 exists_only TRUE if called from a def: test; don't need to build a string;
1359 just return a string that is not "" and not "0" if the header
1360 exists
1361 newsize return the size of memory block that was obtained; may be NULL
1362 if exists_only is TRUE
1363 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH
1364 other than concatenating, will be done on the header. Also used
1365 for $message_headers_raw.
059ec3d9
PH
1366 charset name of charset to translate MIME words to; used only if
1367 want_raw is false; if NULL, no translation is done (this is
1368 used for $bh_ and $bheader_)
1369
1370Returns: NULL if the header does not exist, else a pointer to a new
1371 store block
1372*/
1373
1374static uschar *
1375find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1376 uschar *charset)
1377{
1378BOOL found = name == NULL;
1379int comma = 0;
1380int len = found? 0 : Ustrlen(name);
1381int i;
1382uschar *yield = NULL;
1383uschar *ptr = NULL;
1384
1385/* Loop for two passes - saves code repetition */
1386
1387for (i = 0; i < 2; i++)
1388 {
1389 int size = 0;
1390 header_line *h;
1391
1392 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1393 {
1394 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1395 {
1396 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1397 {
1398 int ilen;
1399 uschar *t;
1400
1401 if (exists_only) return US"1"; /* don't need actual string */
1402 found = TRUE;
1403 t = h->text + len; /* text to insert */
1404 if (!want_raw) /* unless wanted raw, */
1405 while (isspace(*t)) t++; /* remove leading white space */
1406 ilen = h->slen - (t - h->text); /* length to insert */
1407
fd700877
PH
1408 /* Unless wanted raw, remove trailing whitespace, including the
1409 newline. */
1410
1411 if (!want_raw)
1412 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1413
059ec3d9
PH
1414 /* Set comma = 1 if handling a single header and it's one of those
1415 that contains an address list, except when asked for raw headers. Only
1416 need to do this once. */
1417
1418 if (!want_raw && name != NULL && comma == 0 &&
1419 Ustrchr("BCFRST", h->type) != NULL)
1420 comma = 1;
1421
1422 /* First pass - compute total store needed; second pass - compute
1423 total store used, including this header. */
1424
fd700877 1425 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH
1426
1427 /* Second pass - concatentate the data, up to a maximum. Note that
1428 the loop stops when size hits the limit. */
1429
1430 if (i != 0)
1431 {
1432 if (size > header_insert_maxlen)
1433 {
fd700877 1434 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH
1435 comma = 0;
1436 }
1437 Ustrncpy(ptr, t, ilen);
1438 ptr += ilen;
fd700877
PH
1439
1440 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH
1441 back the newline we removed above, provided there was some text in
1442 the header. */
fd700877 1443
3168332a 1444 if (!want_raw && ilen > 0)
059ec3d9 1445 {
3168332a 1446 if (comma != 0) *ptr++ = ',';
059ec3d9
PH
1447 *ptr++ = '\n';
1448 }
1449 }
1450 }
1451 }
1452 }
1453
fd700877
PH
1454 /* At end of first pass, return NULL if no header found. Then truncate size
1455 if necessary, and get the buffer to hold the data, returning the buffer size.
1456 */
059ec3d9
PH
1457
1458 if (i == 0)
1459 {
1460 if (!found) return NULL;
1461 if (size > header_insert_maxlen) size = header_insert_maxlen;
1462 *newsize = size + 1;
1463 ptr = yield = store_get(*newsize);
1464 }
1465 }
1466
059ec3d9
PH
1467/* That's all we do for raw header expansion. */
1468
1469if (want_raw)
1470 {
1471 *ptr = 0;
1472 }
1473
fd700877
PH
1474/* Otherwise, remove a final newline and a redundant added comma. Then we do
1475RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH
1476function can return an error with decoded data if the charset translation
1477fails. If decoding fails, it returns NULL. */
1478
1479else
1480 {
1481 uschar *decoded, *error;
3168332a 1482 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1483 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1484 *ptr = 0;
a0d6ba8a
PH
1485 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1486 newsize, &error);
059ec3d9
PH
1487 if (error != NULL)
1488 {
1489 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1490 " input was: %s\n", error, yield);
1491 }
1492 if (decoded != NULL) yield = decoded;
1493 }
1494
1495return yield;
1496}
1497
1498
1499
1500
1501/*************************************************
362145b5
JH
1502* Return list of recipients *
1503*************************************************/
1504/* A recipients list is available only during system message filtering,
1505during ACL processing after DATA, and while expanding pipe commands
1506generated from a system filter, but not elsewhere. */
1507
1508static uschar *
1509fn_recipients(void)
1510{
1511if (!enable_dollar_recipients) return NULL; else
1512 {
1513 int size = 128;
1514 int ptr = 0;
1515 int i;
1516 uschar * s = store_get(size);
1517 for (i = 0; i < recipients_count; i++)
1518 {
1519 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1520 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1521 Ustrlen(recipients_list[i].address));
1522 }
1523 s[ptr] = 0; /* string_cat() leaves room */
1524 return s;
1525 }
1526}
1527
1528
1529/*************************************************
059ec3d9
PH
1530* Find value of a variable *
1531*************************************************/
1532
1533/* The table of variables is kept in alphabetic order, so we can search it
1534using a binary chop. The "choplen" variable is nothing to do with the binary
1535chop.
1536
1537Arguments:
1538 name the name of the variable being sought
1539 exists_only TRUE if this is a def: test; passed on to find_header()
1540 skipping TRUE => skip any processing evaluation; this is not the same as
1541 exists_only because def: may test for values that are first
1542 evaluated here
1543 newsize pointer to an int which is initially zero; if the answer is in
1544 a new memory buffer, *newsize is set to its size
1545
1546Returns: NULL if the variable does not exist, or
1547 a pointer to the variable's contents, or
1548 something non-NULL if exists_only is TRUE
1549*/
1550
1551static uschar *
1552find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1553{
1554int first = 0;
1555int last = var_table_size;
1556
38a0a95f
PH
1557/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1558Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1559release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH
1560characters are acl_c or acl_m and the sixth is either a digit or an underscore
1561(this gave backwards compatibility at the changeover). There may be built-in
1562variables whose names start acl_ but they should never start in this way. This
1563slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1564
38a0a95f
PH
1565If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1566set, in which case give an error. */
47ca6d6c 1567
641cb756
PH
1568if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1569 !isalpha(name[5]))
38a0a95f
PH
1570 {
1571 tree_node *node =
1572 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1573 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH
1574 }
1575
38a0a95f 1576/* Handle $auth<n> variables. */
f78eb7c6
PH
1577
1578if (Ustrncmp(name, "auth", 4) == 0)
1579 {
1580 uschar *endptr;
1581 int n = Ustrtoul(name + 4, &endptr, 10);
1582 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1583 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1584 }
1585
47ca6d6c
PH
1586/* For all other variables, search the table */
1587
059ec3d9
PH
1588while (last > first)
1589 {
1590 uschar *s, *domain;
1591 uschar **ss;
1592 int middle = (first + last)/2;
1593 int c = Ustrcmp(name, var_table[middle].name);
1594
1595 if (c > 0) { first = middle + 1; continue; }
1596 if (c < 0) { last = middle; continue; }
1597
1598 /* Found an existing variable. If in skipping state, the value isn't needed,
47ca6d6c 1599 and we want to avoid processing (such as looking up the host name). */
059ec3d9
PH
1600
1601 if (skipping) return US"";
1602
1603 switch (var_table[middle].type)
1604 {
9a26b6b2
PH
1605 case vtype_filter_int:
1606 if (!filter_running) return NULL;
1607 /* Fall through */
1608 /* VVVVVVVVVVVV */
059ec3d9
PH
1609 case vtype_int:
1610 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1611 return var_buffer;
1612
1613 case vtype_ino:
1614 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1615 return var_buffer;
1616
1617 case vtype_gid:
1618 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1619 return var_buffer;
1620
1621 case vtype_uid:
1622 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1623 return var_buffer;
1624
11d7e4fa
PP
1625 case vtype_bool:
1626 sprintf(CS var_buffer, "%s", *(BOOL *)(var_table[middle].value) ? "yes" : "no"); /* bool */
1627 return var_buffer;
1628
059ec3d9
PH
1629 case vtype_stringptr: /* Pointer to string */
1630 s = *((uschar **)(var_table[middle].value));
1631 return (s == NULL)? US"" : s;
1632
1633 case vtype_pid:
1634 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1635 return var_buffer;
1636
1637 case vtype_load_avg:
8669f003 1638 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
059ec3d9
PH
1639 return var_buffer;
1640
1641 case vtype_host_lookup: /* Lookup if not done so */
1642 if (sender_host_name == NULL && sender_host_address != NULL &&
1643 !host_lookup_failed && host_name_lookup() == OK)
1644 host_build_sender_fullhost();
1645 return (sender_host_name == NULL)? US"" : sender_host_name;
1646
1647 case vtype_localpart: /* Get local part from address */
1648 s = *((uschar **)(var_table[middle].value));
1649 if (s == NULL) return US"";
1650 domain = Ustrrchr(s, '@');
1651 if (domain == NULL) return s;
1652 if (domain - s > sizeof(var_buffer) - 1)
81f91683
PP
1653 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1654 " in string expansion", sizeof(var_buffer));
059ec3d9
PH
1655 Ustrncpy(var_buffer, s, domain - s);
1656 var_buffer[domain - s] = 0;
1657 return var_buffer;
1658
1659 case vtype_domain: /* Get domain from address */
1660 s = *((uschar **)(var_table[middle].value));
1661 if (s == NULL) return US"";
1662 domain = Ustrrchr(s, '@');
1663 return (domain == NULL)? US"" : domain + 1;
1664
1665 case vtype_msgheaders:
1666 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1667
ff75a1f7
PH
1668 case vtype_msgheaders_raw:
1669 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1670
059ec3d9
PH
1671 case vtype_msgbody: /* Pointer to msgbody string */
1672 case vtype_msgbody_end: /* Ditto, the end of the msg */
1673 ss = (uschar **)(var_table[middle].value);
1674 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1675 {
1676 uschar *body;
0d7eb84a 1677 off_t start_offset = SPOOL_DATA_START_OFFSET;
059ec3d9
PH
1678 int len = message_body_visible;
1679 if (len > message_size) len = message_size;
1680 *ss = body = store_malloc(len+1);
1681 body[0] = 0;
1682 if (var_table[middle].type == vtype_msgbody_end)
1683 {
1684 struct stat statbuf;
1685 if (fstat(deliver_datafile, &statbuf) == 0)
1686 {
1687 start_offset = statbuf.st_size - len;
1688 if (start_offset < SPOOL_DATA_START_OFFSET)
1689 start_offset = SPOOL_DATA_START_OFFSET;
1690 }
1691 }
1692 lseek(deliver_datafile, start_offset, SEEK_SET);
1693 len = read(deliver_datafile, body, len);
1694 if (len > 0)
1695 {
1696 body[len] = 0;
ddea74fa 1697 if (message_body_newlines) /* Separate loops for efficiency */
059ec3d9 1698 {
ddea74fa
PH
1699 while (len > 0)
1700 { if (body[--len] == 0) body[len] = ' '; }
1701 }
1702 else
1703 {
1704 while (len > 0)
1705 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
059ec3d9
PH
1706 }
1707 }
1708 }
1709 return (*ss == NULL)? US"" : *ss;
1710
1711 case vtype_todbsdin: /* BSD inbox time of day */
1712 return tod_stamp(tod_bsdin);
1713
1714 case vtype_tode: /* Unix epoch time of day */
1715 return tod_stamp(tod_epoch);
1716
f5787926
JH
1717 case vtype_todel: /* Unix epoch/usec time of day */
1718 return tod_stamp(tod_epoch_l);
1719
059ec3d9
PH
1720 case vtype_todf: /* Full time of day */
1721 return tod_stamp(tod_full);
1722
1723 case vtype_todl: /* Log format time of day */
1724 return tod_stamp(tod_log_bare); /* (without timezone) */
1725
1726 case vtype_todzone: /* Time zone offset only */
1727 return tod_stamp(tod_zone);
1728
1729 case vtype_todzulu: /* Zulu time */
1730 return tod_stamp(tod_zulu);
1731
1732 case vtype_todlf: /* Log file datestamp tod */
f1e5fef5 1733 return tod_stamp(tod_log_datestamp_daily);
059ec3d9
PH
1734
1735 case vtype_reply: /* Get reply address */
c8ea1597 1736 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
059ec3d9 1737 headers_charset);
6979240a 1738 if (s != NULL) while (isspace(*s)) s++;
059ec3d9 1739 if (s == NULL || *s == 0)
41a13e0a
PH
1740 {
1741 *newsize = 0; /* For the *s==0 case */
c8ea1597
PH
1742 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1743 }
1744 if (s != NULL)
1745 {
1746 uschar *t;
1747 while (isspace(*s)) s++;
1748 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
6979240a
PH
1749 while (t > s && isspace(t[-1])) t--;
1750 *t = 0;
41a13e0a 1751 }
059ec3d9
PH
1752 return (s == NULL)? US"" : s;
1753
362145b5 1754 case vtype_string_func:
059ec3d9 1755 {
362145b5
JH
1756 uschar * (*fn)() = var_table[middle].value;
1757 return fn();
059ec3d9 1758 }
8e669ac1 1759
5cb8cbc6
PH
1760 case vtype_pspace:
1761 {
1762 int inodes;
8e669ac1
PH
1763 sprintf(CS var_buffer, "%d",
1764 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
5cb8cbc6
PH
1765 }
1766 return var_buffer;
8e669ac1 1767
5cb8cbc6
PH
1768 case vtype_pinodes:
1769 {
1770 int inodes;
8e669ac1 1771 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
5cb8cbc6
PH
1772 sprintf(CS var_buffer, "%d", inodes);
1773 }
1774 return var_buffer;
80a47a2c 1775
c8307c12 1776 #ifndef DISABLE_DKIM
80a47a2c 1777 case vtype_dkim:
da5dfc3a 1778 return dkim_exim_expand_query((int)(long)var_table[middle].value);
80a47a2c
TK
1779 #endif
1780
059ec3d9
PH
1781 }
1782 }
1783
1784return NULL; /* Unknown variable name */
1785}
1786
1787
1788
1789
d9b2312b
JH
1790void
1791modify_variable(uschar *name, void * value)
1792{
1793int first = 0;
1794int last = var_table_size;
1795
1796while (last > first)
1797 {
1798 int middle = (first + last)/2;
1799 int c = Ustrcmp(name, var_table[middle].name);
1800
1801 if (c > 0) { first = middle + 1; continue; }
1802 if (c < 0) { last = middle; continue; }
1803
1804 /* Found an existing variable; change the item it refers to */
1805 var_table[middle].value = value;
1806 return;
1807 }
1808return; /* Unknown variable name, fail silently */
1809}
1810
1811
1812
1813
1814
059ec3d9
PH
1815/*************************************************
1816* Read and expand substrings *
1817*************************************************/
1818
1819/* This function is called to read and expand argument substrings for various
1820expansion items. Some have a minimum requirement that is less than the maximum;
1821in these cases, the first non-present one is set to NULL.
1822
1823Arguments:
1824 sub points to vector of pointers to set
1825 n maximum number of substrings
1826 m minimum required
1827 sptr points to current string pointer
1828 skipping the skipping flag
1829 check_end if TRUE, check for final '}'
1830 name name of item, for error message
b0e85a8f
JH
1831 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
1832 the store.
059ec3d9
PH
1833
1834Returns: 0 OK; string pointer updated
1835 1 curly bracketing error (too few arguments)
1836 2 too many arguments (only if check_end is set); message set
1837 3 other error (expansion failure)
1838*/
1839
1840static int
1841read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
b0e85a8f 1842 BOOL check_end, uschar *name, BOOL *resetok)
059ec3d9
PH
1843{
1844int i;
1845uschar *s = *sptr;
1846
1847while (isspace(*s)) s++;
1848for (i = 0; i < n; i++)
1849 {
1850 if (*s != '{')
1851 {
1852 if (i < m) return 1;
1853 sub[i] = NULL;
1854 break;
1855 }
b0e85a8f 1856 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
059ec3d9
PH
1857 if (sub[i] == NULL) return 3;
1858 if (*s++ != '}') return 1;
1859 while (isspace(*s)) s++;
1860 }
1861if (check_end && *s++ != '}')
1862 {
1863 if (s[-1] == '{')
1864 {
1865 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1866 "(max is %d)", name, n);
1867 return 2;
1868 }
1869 return 1;
1870 }
1871
1872*sptr = s;
1873return 0;
1874}
1875
1876
1877
1878
1879/*************************************************
641cb756
PH
1880* Elaborate message for bad variable *
1881*************************************************/
1882
1883/* For the "unknown variable" message, take a look at the variable's name, and
1884give additional information about possible ACL variables. The extra information
1885is added on to expand_string_message.
1886
1887Argument: the name of the variable
1888Returns: nothing
1889*/
1890
1891static void
1892check_variable_error_message(uschar *name)
1893{
1894if (Ustrncmp(name, "acl_", 4) == 0)
1895 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1896 (name[4] == 'c' || name[4] == 'm')?
1897 (isalpha(name[5])?
1898 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1899 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1900 ) :
1901 US"user-defined ACL variables must start acl_c or acl_m");
1902}
1903
1904
1905
f60d98e8
JH
1906/*
1907Load args from sub array to globals, and call acl_check().
ef21c07d 1908Sub array will be corrupted on return.
f60d98e8
JH
1909
1910Returns: OK access is granted by an ACCEPT verb
1911 DISCARD access is granted by a DISCARD verb
1912 FAIL access is denied
1913 FAIL_DROP access is denied; drop the connection
1914 DEFER can't tell at the moment
1915 ERROR disaster
1916*/
1917static int
1918eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
1919{
1920int i;
ef21c07d
JH
1921uschar *tmp;
1922int sav_narg = acl_narg;
1923int ret;
faa05a93 1924extern int acl_where;
f60d98e8 1925
ef21c07d
JH
1926if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg);
1927for (i = 0; i < nsub && sub[i+1]; i++)
1928 {
1929 tmp = acl_arg[i];
1930 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
1931 sub[i+1] = tmp; /* stash the old args using our caller's storage */
1932 }
1933acl_narg = i;
bef3ea7f 1934while (i < nsub)
ef21c07d
JH
1935 {
1936 sub[i+1] = acl_arg[i];
1937 acl_arg[i++] = NULL;
1938 }
f60d98e8
JH
1939
1940DEBUG(D_expand)
1941 debug_printf("expanding: acl: %s arg: %s%s\n",
1942 sub[0],
60f8e1e8
JH
1943 acl_narg>0 ? acl_arg[0] : US"<none>",
1944 acl_narg>1 ? " +more" : "");
f60d98e8 1945
05caaeaa 1946ret = acl_eval(acl_where, sub[0], user_msgp, &tmp);
ef21c07d
JH
1947
1948for (i = 0; i < nsub; i++)
1949 acl_arg[i] = sub[i+1]; /* restore old args */
1950acl_narg = sav_narg;
1951
1952return ret;
f60d98e8
JH
1953}
1954
1955
1956
1957
641cb756 1958/*************************************************
059ec3d9
PH
1959* Read and evaluate a condition *
1960*************************************************/
1961
1962/*
1963Arguments:
1964 s points to the start of the condition text
b0e85a8f
JH
1965 resetok points to a BOOL which is written false if it is unsafe to
1966 free memory. Certain condition types (acl) may have side-effect
1967 allocation which must be preserved.
059ec3d9
PH
1968 yield points to a BOOL to hold the result of the condition test;
1969 if NULL, we are just reading through a condition that is
1970 part of an "or" combination to check syntax, or in a state
1971 where the answer isn't required
1972
1973Returns: a pointer to the first character after the condition, or
1974 NULL after an error
1975*/
1976
1977static uschar *
b0e85a8f 1978eval_condition(uschar *s, BOOL *resetok, BOOL *yield)
059ec3d9
PH
1979{
1980BOOL testfor = TRUE;
1981BOOL tempcond, combined_cond;
1982BOOL *subcondptr;
5cfd2e57 1983BOOL sub2_honour_dollar = TRUE;
059ec3d9 1984int i, rc, cond_type, roffset;
97d17305 1985int_eximarith_t num[2];
059ec3d9
PH
1986struct stat statbuf;
1987uschar name[256];
f60d98e8 1988uschar *sub[10];
059ec3d9
PH
1989
1990const pcre *re;
1991const uschar *rerror;
1992
1993for (;;)
1994 {
1995 while (isspace(*s)) s++;
1996 if (*s == '!') { testfor = !testfor; s++; } else break;
1997 }
1998
1999/* Numeric comparisons are symbolic */
2000
2001if (*s == '=' || *s == '>' || *s == '<')
2002 {
2003 int p = 0;
2004 name[p++] = *s++;
2005 if (*s == '=')
2006 {
2007 name[p++] = '=';
2008 s++;
2009 }
2010 name[p] = 0;
2011 }
2012
2013/* All other conditions are named */
2014
2015else s = read_name(name, 256, s, US"_");
2016
2017/* If we haven't read a name, it means some non-alpha character is first. */
2018
2019if (name[0] == 0)
2020 {
2021 expand_string_message = string_sprintf("condition name expected, "
2022 "but found \"%.16s\"", s);
2023 return NULL;
2024 }
2025
2026/* Find which condition we are dealing with, and switch on it */
2027
2028cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
2029switch(cond_type)
2030 {
9b4768fa
PH
2031 /* def: tests for a non-empty variable, or for the existence of a header. If
2032 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH
2033
2034 case ECOND_DEF:
2035 if (*s != ':')
2036 {
2037 expand_string_message = US"\":\" expected after \"def\"";
2038 return NULL;
2039 }
2040
2041 s = read_name(name, 256, s+1, US"_");
2042
0d85fa3f
PH
2043 /* Test for a header's existence. If the name contains a closing brace
2044 character, this may be a user error where the terminating colon has been
2045 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH
2046
2047 if (Ustrncmp(name, "h_", 2) == 0 ||
2048 Ustrncmp(name, "rh_", 3) == 0 ||
2049 Ustrncmp(name, "bh_", 3) == 0 ||
2050 Ustrncmp(name, "header_", 7) == 0 ||
2051 Ustrncmp(name, "rheader_", 8) == 0 ||
2052 Ustrncmp(name, "bheader_", 8) == 0)
2053 {
2054 s = read_header_name(name, 256, s);
b5b871ac 2055 /* {-for-text-editors */
0d85fa3f 2056 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH
2057 if (yield != NULL) *yield =
2058 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2059 }
2060
9b4768fa
PH
2061 /* Test for a variable's having a non-empty value. A non-existent variable
2062 causes an expansion failure. */
059ec3d9
PH
2063
2064 else
2065 {
2066 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2067 if (value == NULL)
2068 {
2069 expand_string_message = (name[0] == 0)?
2070 string_sprintf("variable name omitted after \"def:\"") :
2071 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 2072 check_variable_error_message(name);
059ec3d9
PH
2073 return NULL;
2074 }
9b4768fa 2075 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH
2076 }
2077
2078 return s;
2079
2080
2081 /* first_delivery tests for first delivery attempt */
2082
2083 case ECOND_FIRST_DELIVERY:
2084 if (yield != NULL) *yield = deliver_firsttime == testfor;
2085 return s;
2086
2087
2088 /* queue_running tests for any process started by a queue runner */
2089
2090 case ECOND_QUEUE_RUNNING:
2091 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2092 return s;
2093
2094
2095 /* exists: tests for file existence
2096 isip: tests for any IP address
2097 isip4: tests for an IPv4 address
2098 isip6: tests for an IPv6 address
2099 pam: does PAM authentication
2100 radius: does RADIUS authentication
2101 ldapauth: does LDAP authentication
2102 pwcheck: does Cyrus SASL pwcheck authentication
2103 */
2104
2105 case ECOND_EXISTS:
2106 case ECOND_ISIP:
2107 case ECOND_ISIP4:
2108 case ECOND_ISIP6:
2109 case ECOND_PAM:
2110 case ECOND_RADIUS:
2111 case ECOND_LDAPAUTH:
2112 case ECOND_PWCHECK:
2113
2114 while (isspace(*s)) s++;
b5b871ac 2115 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9 2116
b0e85a8f 2117 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
059ec3d9 2118 if (sub[0] == NULL) return NULL;
b5b871ac 2119 /* {-for-text-editors */
059ec3d9
PH
2120 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2121
2122 if (yield == NULL) return s; /* No need to run the test if skipping */
2123
2124 switch(cond_type)
2125 {
2126 case ECOND_EXISTS:
2127 if ((expand_forbid & RDO_EXISTS) != 0)
2128 {
2129 expand_string_message = US"File existence tests are not permitted";
2130 return NULL;
2131 }
2132 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2133 break;
2134
2135 case ECOND_ISIP:
2136 case ECOND_ISIP4:
2137 case ECOND_ISIP6:
2138 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 2139 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH
2140 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2141 break;
2142
2143 /* Various authentication tests - all optionally compiled */
2144
2145 case ECOND_PAM:
2146 #ifdef SUPPORT_PAM
2147 rc = auth_call_pam(sub[0], &expand_string_message);
2148 goto END_AUTH;
2149 #else
2150 goto COND_FAILED_NOT_COMPILED;
2151 #endif /* SUPPORT_PAM */
2152
2153 case ECOND_RADIUS:
2154 #ifdef RADIUS_CONFIG_FILE
2155 rc = auth_call_radius(sub[0], &expand_string_message);
2156 goto END_AUTH;
2157 #else
2158 goto COND_FAILED_NOT_COMPILED;
2159 #endif /* RADIUS_CONFIG_FILE */
2160
2161 case ECOND_LDAPAUTH:
2162 #ifdef LOOKUP_LDAP
2163 {
2164 /* Just to keep the interface the same */
2165 BOOL do_cache;
2166 int old_pool = store_pool;
2167 store_pool = POOL_SEARCH;
2168 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2169 &expand_string_message, &do_cache);
2170 store_pool = old_pool;
2171 }
2172 goto END_AUTH;
2173 #else
2174 goto COND_FAILED_NOT_COMPILED;
2175 #endif /* LOOKUP_LDAP */
2176
2177 case ECOND_PWCHECK:
2178 #ifdef CYRUS_PWCHECK_SOCKET
2179 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2180 goto END_AUTH;
2181 #else
2182 goto COND_FAILED_NOT_COMPILED;
2183 #endif /* CYRUS_PWCHECK_SOCKET */
2184
2185 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2186 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2187 END_AUTH:
2188 if (rc == ERROR || rc == DEFER) return NULL;
2189 *yield = (rc == OK) == testfor;
2190 #endif
2191 }
2192 return s;
2193
2194
333eea9c
JH
2195 /* call ACL (in a conditional context). Accept true, deny false.
2196 Defer is a forced-fail. Anything set by message= goes to $value.
f60d98e8
JH
2197 Up to ten parameters are used; we use the braces round the name+args
2198 like the saslauthd condition does, to permit a variable number of args.
2199 See also the expansion-item version EITEM_ACL and the traditional
2200 acl modifier ACLC_ACL.
fd5dad68
JH
2201 Since the ACL may allocate new global variables, tell our caller to not
2202 reclaim memory.
f60d98e8 2203 */
333eea9c
JH
2204
2205 case ECOND_ACL:
bef3ea7f 2206 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
333eea9c 2207 {
333eea9c 2208 uschar *user_msg;
333eea9c 2209 BOOL cond = FALSE;
bef3ea7f
JH
2210 int size = 0;
2211 int ptr = 0;
333eea9c
JH
2212
2213 while (isspace(*s)) s++;
6d9cfc47 2214 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
333eea9c 2215
f60d98e8 2216 switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1,
b0e85a8f 2217 &s, yield == NULL, TRUE, US"acl", resetok))
333eea9c 2218 {
f60d98e8
JH
2219 case 1: expand_string_message = US"too few arguments or bracketing "
2220 "error for acl";
2221 case 2:
2222 case 3: return NULL;
333eea9c 2223 }
f60d98e8 2224
b0e85a8f 2225 *resetok = FALSE;
bef3ea7f 2226 if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
f60d98e8
JH
2227 {
2228 case OK:
2229 cond = TRUE;
2230 case FAIL:
bef3ea7f 2231 lookup_value = NULL;
f60d98e8 2232 if (user_msg)
bef3ea7f 2233 {
f60d98e8 2234 lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
bef3ea7f
JH
2235 lookup_value[ptr] = '\0';
2236 }
b5b871ac 2237 *yield = cond == testfor;
f60d98e8
JH
2238 break;
2239
2240 case DEFER:
2241 expand_string_forcedfail = TRUE;
2242 default:
2243 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2244 return NULL;
2245 }
2246 return s;
333eea9c 2247 }
333eea9c
JH
2248
2249
059ec3d9
PH
2250 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2251
b0e85a8f 2252 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
059ec3d9
PH
2253
2254 However, the last two are optional. That is why the whole set is enclosed
333eea9c 2255 in their own set of braces. */
059ec3d9
PH
2256
2257 case ECOND_SASLAUTHD:
2258 #ifndef CYRUS_SASLAUTHD_SOCKET
2259 goto COND_FAILED_NOT_COMPILED;
2260 #else
2261 while (isspace(*s)) s++;
b5b871ac 2262 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2263 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd", resetok))
059ec3d9
PH
2264 {
2265 case 1: expand_string_message = US"too few arguments or bracketing "
2266 "error for saslauthd";
2267 case 2:
2268 case 3: return NULL;
2269 }
2270 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2271 if (yield != NULL)
2272 {
2273 int rc;
2274 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2275 &expand_string_message);
2276 if (rc == ERROR || rc == DEFER) return NULL;
2277 *yield = (rc == OK) == testfor;
2278 }
2279 return s;
2280 #endif /* CYRUS_SASLAUTHD_SOCKET */
2281
2282
2283 /* symbolic operators for numeric and string comparison, and a number of
2284 other operators, all requiring two arguments.
2285
76dca828
PP
2286 crypteq: encrypts plaintext and compares against an encrypted text,
2287 using crypt(), crypt16(), MD5 or SHA-1
2288 inlist/inlisti: checks if first argument is in the list of the second
059ec3d9
PH
2289 match: does a regular expression match and sets up the numerical
2290 variables if it succeeds
2291 match_address: matches in an address list
2292 match_domain: matches in a domain list
32d668a5 2293 match_ip: matches a host list that is restricted to IP addresses
059ec3d9 2294 match_local_part: matches in a local part list
059ec3d9
PH
2295 */
2296
059ec3d9
PH
2297 case ECOND_MATCH_ADDRESS:
2298 case ECOND_MATCH_DOMAIN:
32d668a5 2299 case ECOND_MATCH_IP:
059ec3d9 2300 case ECOND_MATCH_LOCAL_PART:
da6dbe26
PP
2301#ifndef EXPAND_LISTMATCH_RHS
2302 sub2_honour_dollar = FALSE;
2303#endif
2304 /* FALLTHROUGH */
2305
2306 case ECOND_CRYPTEQ:
2307 case ECOND_INLIST:
2308 case ECOND_INLISTI:
2309 case ECOND_MATCH:
059ec3d9
PH
2310
2311 case ECOND_NUM_L: /* Numerical comparisons */
2312 case ECOND_NUM_LE:
2313 case ECOND_NUM_E:
2314 case ECOND_NUM_EE:
2315 case ECOND_NUM_G:
2316 case ECOND_NUM_GE:
2317
2318 case ECOND_STR_LT: /* String comparisons */
2319 case ECOND_STR_LTI:
2320 case ECOND_STR_LE:
2321 case ECOND_STR_LEI:
2322 case ECOND_STR_EQ:
2323 case ECOND_STR_EQI:
2324 case ECOND_STR_GT:
2325 case ECOND_STR_GTI:
2326 case ECOND_STR_GE:
2327 case ECOND_STR_GEI:
2328
2329 for (i = 0; i < 2; i++)
2330 {
da6dbe26
PP
2331 /* Sometimes, we don't expand substrings; too many insecure configurations
2332 created using match_address{}{} and friends, where the second param
2333 includes information from untrustworthy sources. */
2334 BOOL honour_dollar = TRUE;
2335 if ((i > 0) && !sub2_honour_dollar)
2336 honour_dollar = FALSE;
2337
059ec3d9
PH
2338 while (isspace(*s)) s++;
2339 if (*s != '{')
2340 {
2341 if (i == 0) goto COND_FAILED_CURLY_START;
2342 expand_string_message = string_sprintf("missing 2nd string in {} "
2343 "after \"%s\"", name);
2344 return NULL;
2345 }
da6dbe26 2346 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
b0e85a8f 2347 honour_dollar, resetok);
059ec3d9
PH
2348 if (sub[i] == NULL) return NULL;
2349 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2350
2351 /* Convert to numerical if required; we know that the names of all the
2352 conditions that compare numbers do not start with a letter. This just saves
2353 checking for them individually. */
2354
d6066548 2355 if (!isalpha(name[0]) && yield != NULL)
059ec3d9 2356 {
5dd1517f
PH
2357 if (sub[i][0] == 0)
2358 {
2359 num[i] = 0;
2360 DEBUG(D_expand)
2361 debug_printf("empty string cast to zero for numerical comparison\n");
2362 }
2363 else
2364 {
2365 num[i] = expand_string_integer(sub[i], FALSE);
2366 if (expand_string_message != NULL) return NULL;
2367 }
059ec3d9
PH
2368 }
2369 }
2370
2371 /* Result not required */
2372
2373 if (yield == NULL) return s;
2374
2375 /* Do an appropriate comparison */
2376
2377 switch(cond_type)
2378 {
2379 case ECOND_NUM_E:
2380 case ECOND_NUM_EE:
b5b871ac 2381 tempcond = (num[0] == num[1]);
059ec3d9
PH
2382 break;
2383
2384 case ECOND_NUM_G:
b5b871ac 2385 tempcond = (num[0] > num[1]);
059ec3d9
PH
2386 break;
2387
2388 case ECOND_NUM_GE:
b5b871ac 2389 tempcond = (num[0] >= num[1]);
059ec3d9
PH
2390 break;
2391
2392 case ECOND_NUM_L:
b5b871ac 2393 tempcond = (num[0] < num[1]);
059ec3d9
PH
2394 break;
2395
2396 case ECOND_NUM_LE:
b5b871ac 2397 tempcond = (num[0] <= num[1]);
059ec3d9
PH
2398 break;
2399
2400 case ECOND_STR_LT:
b5b871ac 2401 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
059ec3d9
PH
2402 break;
2403
2404 case ECOND_STR_LTI:
b5b871ac 2405 tempcond = (strcmpic(sub[0], sub[1]) < 0);
059ec3d9
PH
2406 break;
2407
2408 case ECOND_STR_LE:
b5b871ac 2409 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
059ec3d9
PH
2410 break;
2411
2412 case ECOND_STR_LEI:
b5b871ac 2413 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
059ec3d9
PH
2414 break;
2415
2416 case ECOND_STR_EQ:
b5b871ac 2417 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
059ec3d9
PH
2418 break;
2419
2420 case ECOND_STR_EQI:
b5b871ac 2421 tempcond = (strcmpic(sub[0], sub[1]) == 0);
059ec3d9
PH
2422 break;
2423
2424 case ECOND_STR_GT:
b5b871ac 2425 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
059ec3d9
PH
2426 break;
2427
2428 case ECOND_STR_GTI:
b5b871ac 2429 tempcond = (strcmpic(sub[0], sub[1]) > 0);
059ec3d9
PH
2430 break;
2431
2432 case ECOND_STR_GE:
b5b871ac 2433 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
059ec3d9
PH
2434 break;
2435
2436 case ECOND_STR_GEI:
b5b871ac 2437 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
059ec3d9
PH
2438 break;
2439
2440 case ECOND_MATCH: /* Regular expression match */
2441 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2442 NULL);
2443 if (re == NULL)
2444 {
2445 expand_string_message = string_sprintf("regular expression error in "
2446 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2447 return NULL;
2448 }
b5b871ac 2449 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
059ec3d9
PH
2450 break;
2451
2452 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2453 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2454 goto MATCHED_SOMETHING;
2455
2456 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2457 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2458 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2459 goto MATCHED_SOMETHING;
2460
32d668a5 2461 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2462 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH
2463 {
2464 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2465 sub[0]);
2466 return NULL;
2467 }
2468 else
2469 {
2470 unsigned int *nullcache = NULL;
2471 check_host_block cb;
2472
2473 cb.host_name = US"";
2474 cb.host_address = sub[0];
2475
2476 /* If the host address starts off ::ffff: it is an IPv6 address in
2477 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2478 addresses. */
2479
2480 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2481 cb.host_address + 7 : cb.host_address;
2482
2483 rc = match_check_list(
2484 &sub[1], /* the list */
2485 0, /* separator character */
2486 &hostlist_anchor, /* anchor pointer */
2487 &nullcache, /* cache pointer */
2488 check_host, /* function for testing */
2489 &cb, /* argument for function */
2490 MCL_HOST, /* type of check */
2491 sub[0], /* text for debugging */
2492 NULL); /* where to pass back data */
2493 }
2494 goto MATCHED_SOMETHING;
2495
059ec3d9
PH
2496 case ECOND_MATCH_LOCAL_PART:
2497 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2498 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2499 /* Fall through */
9a26b6b2 2500 /* VVVVVVVVVVVV */
059ec3d9
PH
2501 MATCHED_SOMETHING:
2502 switch(rc)
2503 {
2504 case OK:
b5b871ac 2505 tempcond = TRUE;
059ec3d9
PH
2506 break;
2507
2508 case FAIL:
b5b871ac 2509 tempcond = FALSE;
059ec3d9
PH
2510 break;
2511
2512 case DEFER:
2513 expand_string_message = string_sprintf("unable to complete match "
2514 "against \"%s\": %s", sub[1], search_error_message);
2515 return NULL;
2516 }
2517
2518 break;
2519
2520 /* Various "encrypted" comparisons. If the second string starts with
2521 "{" then an encryption type is given. Default to crypt() or crypt16()
2522 (build-time choice). */
b5b871ac 2523 /* }-for-text-editors */
059ec3d9
PH
2524
2525 case ECOND_CRYPTEQ:
2526 #ifndef SUPPORT_CRYPTEQ
2527 goto COND_FAILED_NOT_COMPILED;
2528 #else
2529 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2530 {
2531 int sublen = Ustrlen(sub[1]+5);
2532 md5 base;
2533 uschar digest[16];
2534
2535 md5_start(&base);
2536 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2537
2538 /* If the length that we are comparing against is 24, the MD5 digest
2539 is expressed as a base64 string. This is the way LDAP does it. However,
2540 some other software uses a straightforward hex representation. We assume
2541 this if the length is 32. Other lengths fail. */
2542
2543 if (sublen == 24)
2544 {
2545 uschar *coded = auth_b64encode((uschar *)digest, 16);
2546 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2547 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2548 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
059ec3d9
PH
2549 }
2550 else if (sublen == 32)
2551 {
2552 int i;
2553 uschar coded[36];
2554 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2555 coded[32] = 0;
2556 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2557 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2558 tempcond = (strcmpic(coded, sub[1]+5) == 0);
059ec3d9
PH
2559 }
2560 else
2561 {
2562 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2563 "fail\n crypted=%s\n", sub[1]+5);
b5b871ac 2564 tempcond = FALSE;
059ec3d9
PH
2565 }
2566 }
2567
2568 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2569 {
2570 int sublen = Ustrlen(sub[1]+6);
2571 sha1 base;
2572 uschar digest[20];
2573
2574 sha1_start(&base);
2575 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2576
2577 /* If the length that we are comparing against is 28, assume the SHA1
2578 digest is expressed as a base64 string. If the length is 40, assume a
2579 straightforward hex representation. Other lengths fail. */
2580
2581 if (sublen == 28)
2582 {
2583 uschar *coded = auth_b64encode((uschar *)digest, 20);
2584 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2585 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2586 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
059ec3d9
PH
2587 }
2588 else if (sublen == 40)
2589 {
2590 int i;
2591 uschar coded[44];
2592 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2593 coded[40] = 0;
2594 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2595 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2596 tempcond = (strcmpic(coded, sub[1]+6) == 0);
059ec3d9
PH
2597 }
2598 else
2599 {
2600 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2601 "fail\n crypted=%s\n", sub[1]+6);
b5b871ac 2602 tempcond = FALSE;
059ec3d9
PH
2603 }
2604 }
2605
2606 else /* {crypt} or {crypt16} and non-{ at start */
76dca828 2607 /* }-for-text-editors */
059ec3d9
PH
2608 {
2609 int which = 0;
2610 uschar *coded;
2611
2612 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2613 {
2614 sub[1] += 7;
2615 which = 1;
2616 }
2617 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2618 {
2619 sub[1] += 9;
2620 which = 2;
2621 }
b5b871ac 2622 else if (sub[1][0] == '{') /* }-for-text-editors */
059ec3d9
PH
2623 {
2624 expand_string_message = string_sprintf("unknown encryption mechanism "
2625 "in \"%s\"", sub[1]);
2626 return NULL;
2627 }
2628
2629 switch(which)
2630 {
2631 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2632 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2633 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2634 }
2635
2636 #define STR(s) # s
2637 #define XSTR(s) STR(s)
2638 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2639 " subject=%s\n crypted=%s\n",
2640 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2641 coded, sub[1]);
2642 #undef STR
2643 #undef XSTR
2644
2645 /* If the encrypted string contains fewer than two characters (for the
2646 salt), force failure. Otherwise we get false positives: with an empty
2647 string the yield of crypt() is an empty string! */
2648
b5b871ac
JH
2649 tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
2650 (Ustrcmp(coded, sub[1]) == 0);
059ec3d9
PH
2651 }
2652 break;
2653 #endif /* SUPPORT_CRYPTEQ */
76dca828
PP
2654
2655 case ECOND_INLIST:
2656 case ECOND_INLISTI:
2657 {
2658 int sep = 0;
76dca828
PP
2659 uschar *save_iterate_item = iterate_item;
2660 int (*compare)(const uschar *, const uschar *);
2661
b5b871ac 2662 tempcond = FALSE;
76dca828
PP
2663 if (cond_type == ECOND_INLISTI)
2664 compare = strcmpic;
2665 else
2666 compare = (int (*)(const uschar *, const uschar *)) strcmp;
2667
2668 while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
2669 if (compare(sub[0], iterate_item) == 0)
2670 {
b5b871ac 2671 tempcond = TRUE;
76dca828
PP
2672 break;
2673 }
2674 iterate_item = save_iterate_item;
76dca828
PP
2675 }
2676
059ec3d9
PH
2677 } /* Switch for comparison conditions */
2678
b5b871ac 2679 *yield = tempcond == testfor;
059ec3d9
PH
2680 return s; /* End of comparison conditions */
2681
2682
2683 /* and/or: computes logical and/or of several conditions */
2684
2685 case ECOND_AND:
2686 case ECOND_OR:
2687 subcondptr = (yield == NULL)? NULL : &tempcond;
2688 combined_cond = (cond_type == ECOND_AND);
2689
2690 while (isspace(*s)) s++;
b5b871ac 2691 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9
PH
2692
2693 for (;;)
2694 {
2695 while (isspace(*s)) s++;
b5b871ac 2696 /* {-for-text-editors */
059ec3d9 2697 if (*s == '}') break;
b5b871ac 2698 if (*s != '{') /* }-for-text-editors */
059ec3d9
PH
2699 {
2700 expand_string_message = string_sprintf("each subcondition "
2701 "inside an \"%s{...}\" condition must be in its own {}", name);
2702 return NULL;
2703 }
2704
b0e85a8f 2705 if (!(s = eval_condition(s+1, resetok, subcondptr)))
059ec3d9
PH
2706 {
2707 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2708 expand_string_message, name);
2709 return NULL;
2710 }
2711 while (isspace(*s)) s++;
2712
b5b871ac 2713 /* {-for-text-editors */
059ec3d9
PH
2714 if (*s++ != '}')
2715 {
b5b871ac 2716 /* {-for-text-editors */
059ec3d9
PH
2717 expand_string_message = string_sprintf("missing } at end of condition "
2718 "inside \"%s\" group", name);
2719 return NULL;
2720 }
2721
2722 if (yield != NULL)
2723 {
2724 if (cond_type == ECOND_AND)
2725 {
2726 combined_cond &= tempcond;
2727 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2728 } /* evaluate any more */
2729 else
2730 {
2731 combined_cond |= tempcond;
2732 if (combined_cond) subcondptr = NULL; /* once true, don't */
2733 } /* evaluate any more */
2734 }
2735 }
2736
2737 if (yield != NULL) *yield = (combined_cond == testfor);
2738 return ++s;
2739
2740
0ce9abe6
PH
2741 /* forall/forany: iterates a condition with different values */
2742
2743 case ECOND_FORALL:
2744 case ECOND_FORANY:
2745 {
2746 int sep = 0;
282b357d 2747 uschar *save_iterate_item = iterate_item;
0ce9abe6
PH
2748
2749 while (isspace(*s)) s++;
b5b871ac 2750 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2751 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
0ce9abe6 2752 if (sub[0] == NULL) return NULL;
b5b871ac 2753 /* {-for-text-editors */
0ce9abe6
PH
2754 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2755
2756 while (isspace(*s)) s++;
b5b871ac 2757 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
0ce9abe6
PH
2758
2759 sub[1] = s;
2760
2761 /* Call eval_condition once, with result discarded (as if scanning a
2762 "false" part). This allows us to find the end of the condition, because if
2763 the list it empty, we won't actually evaluate the condition for real. */
2764
b0e85a8f 2765 if (!(s = eval_condition(sub[1], resetok, NULL)))
0ce9abe6
PH
2766 {
2767 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2768 expand_string_message, name);
2769 return NULL;
2770 }
2771 while (isspace(*s)) s++;
2772
b5b871ac 2773 /* {-for-text-editors */
0ce9abe6
PH
2774 if (*s++ != '}')
2775 {
b5b871ac 2776 /* {-for-text-editors */
0ce9abe6
PH
2777 expand_string_message = string_sprintf("missing } at end of condition "
2778 "inside \"%s\"", name);
2779 return NULL;
2780 }
2781
2782 if (yield != NULL) *yield = !testfor;
2783 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2784 {
2785 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
b0e85a8f 2786 if (!eval_condition(sub[1], resetok, &tempcond))
0ce9abe6
PH
2787 {
2788 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2789 expand_string_message, name);
e58c13cc 2790 iterate_item = save_iterate_item;
0ce9abe6
PH
2791 return NULL;
2792 }
2793 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2794 tempcond? "true":"false");
2795
2796 if (yield != NULL) *yield = (tempcond == testfor);
2797 if (tempcond == (cond_type == ECOND_FORANY)) break;
2798 }
2799
282b357d 2800 iterate_item = save_iterate_item;
0ce9abe6
PH
2801 return s;
2802 }
2803
2804
f3766eb5
NM
2805 /* The bool{} expansion condition maps a string to boolean.
2806 The values supported should match those supported by the ACL condition
2807 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2808 of true/false. Note that Router "condition" rules have a different
2809 interpretation, where general data can be used and only a few values
2810 map to FALSE.
2811 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP
2812 only matches true/yes/false/no.
2813 The bool_lax{} condition matches the Router logic, which is much more
2814 liberal. */
f3766eb5 2815 case ECOND_BOOL:
6a8de854 2816 case ECOND_BOOL_LAX:
f3766eb5
NM
2817 {
2818 uschar *sub_arg[1];
71265ae9 2819 uschar *t, *t2;
6a8de854 2820 uschar *ourname;
f3766eb5
NM
2821 size_t len;
2822 BOOL boolvalue = FALSE;
2823 while (isspace(*s)) s++;
b5b871ac 2824 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
6a8de854 2825 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
b0e85a8f 2826 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
f3766eb5 2827 {
6a8de854
PP
2828 case 1: expand_string_message = string_sprintf(
2829 "too few arguments or bracketing error for %s",
2830 ourname);
f3766eb5
NM
2831 /*FALLTHROUGH*/
2832 case 2:
2833 case 3: return NULL;
2834 }
2835 t = sub_arg[0];
2836 while (isspace(*t)) t++;
2837 len = Ustrlen(t);
71265ae9
PP
2838 if (len)
2839 {
2840 /* trailing whitespace: seems like a good idea to ignore it too */
2841 t2 = t + len - 1;
2842 while (isspace(*t2)) t2--;
2843 if (t2 != (t + len))
2844 {
2845 *++t2 = '\0';
2846 len = t2 - t;
2847 }
2848 }
f3766eb5 2849 DEBUG(D_expand)
6a8de854
PP
2850 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2851 /* logic for the lax case from expand_check_condition(), which also does
2852 expands, and the logic is both short and stable enough that there should
2853 be no maintenance burden from replicating it. */
f3766eb5
NM
2854 if (len == 0)
2855 boolvalue = FALSE;
51c7471d
JH
2856 else if (*t == '-'
2857 ? Ustrspn(t+1, "0123456789") == len-1
2858 : Ustrspn(t, "0123456789") == len)
6a8de854 2859 {
f3766eb5 2860 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP
2861 /* expand_check_condition only does a literal string "0" check */
2862 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2863 boolvalue = TRUE;
2864 }
f3766eb5
NM
2865 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2866 boolvalue = TRUE;
2867 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2868 boolvalue = FALSE;
6a8de854
PP
2869 else if (cond_type == ECOND_BOOL_LAX)
2870 boolvalue = TRUE;
f3766eb5
NM
2871 else
2872 {
2873 expand_string_message = string_sprintf("unrecognised boolean "
2874 "value \"%s\"", t);
2875 return NULL;
2876 }
5ee6f336 2877 if (yield != NULL) *yield = (boolvalue == testfor);
f3766eb5
NM
2878 return s;
2879 }
2880
059ec3d9
PH
2881 /* Unknown condition */
2882
2883 default:
2884 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2885 return NULL;
2886 } /* End switch on condition type */
2887
2888/* Missing braces at start and end of data */
2889
2890COND_FAILED_CURLY_START:
2891expand_string_message = string_sprintf("missing { after \"%s\"", name);
2892return NULL;
2893
2894COND_FAILED_CURLY_END:
2895expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2896 name);
2897return NULL;
2898
2899/* A condition requires code that is not compiled */
2900
2901#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2902 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2903 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2904COND_FAILED_NOT_COMPILED:
2905expand_string_message = string_sprintf("support for \"%s\" not compiled",
2906 name);
2907return NULL;
2908#endif
2909}
2910
2911
2912
2913
2914/*************************************************
2915* Save numerical variables *
2916*************************************************/
2917
2918/* This function is called from items such as "if" that want to preserve and
2919restore the numbered variables.
2920
2921Arguments:
2922 save_expand_string points to an array of pointers to set
2923 save_expand_nlength points to an array of ints for the lengths
2924
2925Returns: the value of expand max to save
2926*/
2927
2928static int
2929save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2930{
2931int i;
2932for (i = 0; i <= expand_nmax; i++)
2933 {
2934 save_expand_nstring[i] = expand_nstring[i];
2935 save_expand_nlength[i] = expand_nlength[i];
2936 }
2937return expand_nmax;
2938}
2939
2940
2941
2942/*************************************************
2943* Restore numerical variables *
2944*************************************************/
2945
2946/* This function restored saved values of numerical strings.
2947
2948Arguments:
2949 save_expand_nmax the number of strings to restore
2950 save_expand_string points to an array of pointers
2951 save_expand_nlength points to an array of ints
2952
2953Returns: nothing
2954*/
2955
2956static void
2957restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2958 int *save_expand_nlength)
2959{
2960int i;
2961expand_nmax = save_expand_nmax;
2962for (i = 0; i <= expand_nmax; i++)
2963 {
2964 expand_nstring[i] = save_expand_nstring[i];
2965 expand_nlength[i] = save_expand_nlength[i];
2966 }
2967}
2968
2969
2970
2971
2972
2973/*************************************************
2974* Handle yes/no substrings *
2975*************************************************/
2976
2977/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2978alternative substrings that depend on whether or not the condition was true,
2979or the lookup or extraction succeeded. The substrings always have to be
2980expanded, to check their syntax, but "skipping" is set when the result is not
2981needed - this avoids unnecessary nested lookups.
2982
2983Arguments:
2984 skipping TRUE if we were skipping when this item was reached
2985 yes TRUE if the first string is to be used, else use the second
2986 save_lookup a value to put back into lookup_value before the 2nd expansion
2987 sptr points to the input string pointer
2988 yieldptr points to the output string pointer
2989 sizeptr points to the output string size
2990 ptrptr points to the output string pointer
2991 type "lookup" or "if" or "extract" or "run", for error message
b0e85a8f
JH
2992 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2993 the store.
059ec3d9
PH
2994
2995Returns: 0 OK; lookup_value has been reset to save_lookup
2996 1 expansion failed
2997 2 expansion failed because of bracketing error
2998*/
2999
3000static int
3001process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
b0e85a8f 3002 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type, BOOL *resetok)
059ec3d9
PH
3003{
3004int rc = 0;
3005uschar *s = *sptr; /* Local value */
3006uschar *sub1, *sub2;
3007
3008/* If there are no following strings, we substitute the contents of $value for
063b1e99 3009lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 3010"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 3011items. */
059ec3d9
PH
3012
3013while (isspace(*s)) s++;
3014if (*s == '}')
3015 {
063b1e99
PH
3016 if (type[0] == 'i')
3017 {
8e669ac1 3018 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH
3019 }
3020 else
8e669ac1 3021 {
063b1e99
PH
3022 if (yes && lookup_value != NULL)
3023 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
3024 Ustrlen(lookup_value));
3025 lookup_value = save_lookup;
3026 }
059ec3d9
PH
3027 s++;
3028 goto RETURN;
3029 }
3030
9b4768fa
PH
3031/* The first following string must be braced. */
3032
3033if (*s++ != '{') goto FAILED_CURLY;
3034
059ec3d9
PH
3035/* Expand the first substring. Forced failures are noticed only if we actually
3036want this string. Set skipping in the call in the fail case (this will always
3037be the case if we were already skipping). */
3038
b0e85a8f 3039sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
059ec3d9
PH
3040if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3041expand_string_forcedfail = FALSE;
3042if (*s++ != '}') goto FAILED_CURLY;
3043
3044/* If we want the first string, add it to the output */
3045
3046if (yes)
3047 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
3048
3049/* If this is called from a lookup or an extract, we want to restore $value to
3050what it was at the start of the item, so that it has this value during the
d20976dc
PH
3051second string expansion. For the call from "if" or "run" to this function,
3052save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH
3053
3054lookup_value = save_lookup;
3055
3056/* There now follows either another substring, or "fail", or nothing. This
3057time, forced failures are noticed only if we want the second string. We must
3058set skipping in the nested call if we don't want this string, or if we were
3059already skipping. */
3060
3061while (isspace(*s)) s++;
3062if (*s == '{')
3063 {
b0e85a8f 3064 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
059ec3d9
PH
3065 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3066 expand_string_forcedfail = FALSE;
3067 if (*s++ != '}') goto FAILED_CURLY;
3068
3069 /* If we want the second string, add it to the output */
3070
3071 if (!yes)
3072 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
3073 }
3074
3075/* If there is no second string, but the word "fail" is present when the use of
3076the second string is wanted, set a flag indicating it was a forced failure
3077rather than a syntactic error. Swallow the terminating } in case this is nested
3078inside another lookup or if or extract. */
3079
3080else if (*s != '}')
3081 {
3082 uschar name[256];
3083 s = read_name(name, sizeof(name), s, US"_");
3084 if (Ustrcmp(name, "fail") == 0)
3085 {
3086 if (!yes && !skipping)
3087 {
3088 while (isspace(*s)) s++;
3089 if (*s++ != '}') goto FAILED_CURLY;
3090 expand_string_message =
3091 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3092 expand_string_forcedfail = TRUE;
3093 goto FAILED;
3094 }
3095 }
3096 else
3097 {
3098 expand_string_message =
3099 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3100 goto FAILED;
3101 }
3102 }
3103
3104/* All we have to do now is to check on the final closing brace. */
3105
3106while (isspace(*s)) s++;
3107if (*s++ == '}') goto RETURN;
3108
3109/* Get here if there is a bracketing failure */
3110
3111FAILED_CURLY:
3112rc++;
3113
3114/* Get here for other failures */
3115
3116FAILED:
3117rc++;
3118
3119/* Update the input pointer value before returning */
3120
3121RETURN:
3122*sptr = s;
3123return rc;
3124}
3125
3126
3127
3128
059ec3d9
PH
3129/*************************************************
3130* Handle MD5 or SHA-1 computation for HMAC *
3131*************************************************/
3132
3133/* These are some wrapping functions that enable the HMAC code to be a bit
3134cleaner. A good compiler will spot the tail recursion.
3135
3136Arguments:
3137 type HMAC_MD5 or HMAC_SHA1
3138 remaining are as for the cryptographic hash functions
3139
3140Returns: nothing
3141*/
3142
3143static void
3144chash_start(int type, void *base)
3145{
3146if (type == HMAC_MD5)
3147 md5_start((md5 *)base);
3148else
3149 sha1_start((sha1 *)base);
3150}
3151
3152static void
3153chash_mid(int type, void *base, uschar *string)
3154{
3155if (type == HMAC_MD5)
3156 md5_mid((md5 *)base, string);
3157else
3158 sha1_mid((sha1 *)base, string);
3159}
3160
3161static void
3162chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3163{
3164if (type == HMAC_MD5)
3165 md5_end((md5 *)base, string, length, digest);
3166else
3167 sha1_end((sha1 *)base, string, length, digest);
3168}
3169
3170
3171
3172
3173
1549ea3b
PH
3174/********************************************************
3175* prvs: Get last three digits of days since Jan 1, 1970 *
3176********************************************************/
3177
3178/* This is needed to implement the "prvs" BATV reverse
3179 path signing scheme
3180
3181Argument: integer "days" offset to add or substract to
3182 or from the current number of days.
3183
3184Returns: pointer to string containing the last three
3185 digits of the number of days since Jan 1, 1970,
3186 modified by the offset argument, NULL if there
3187 was an error in the conversion.
3188
3189*/
3190
3191static uschar *
3192prvs_daystamp(int day_offset)
3193{
a86229cf
PH
3194uschar *days = store_get(32); /* Need at least 24 for cases */
3195(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 3196 (time(NULL) + day_offset*86400)/86400);
e169f567 3197return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH
3198}
3199
3200
3201
3202/********************************************************
3203* prvs: perform HMAC-SHA1 computation of prvs bits *
3204********************************************************/
3205
3206/* This is needed to implement the "prvs" BATV reverse
3207 path signing scheme
3208
3209Arguments:
3210 address RFC2821 Address to use
3211 key The key to use (must be less than 64 characters
3212 in size)
3213 key_num Single-digit key number to use. Defaults to
3214 '0' when NULL.
3215
3216Returns: pointer to string containing the first three
3217 bytes of the final hash in hex format, NULL if
3218 there was an error in the process.
3219*/
3220
3221static uschar *
3222prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3223{
3224uschar *hash_source, *p;
3225int size = 0,offset = 0,i;
3226sha1 sha1_base;
3227void *use_base = &sha1_base;
3228uschar innerhash[20];
3229uschar finalhash[20];
3230uschar innerkey[64];
3231uschar outerkey[64];
3232uschar *finalhash_hex = store_get(40);
3233
3234if (key_num == NULL)
3235 key_num = US"0";
3236
3237if (Ustrlen(key) > 64)
3238 return NULL;
3239
3240hash_source = string_cat(NULL,&size,&offset,key_num,1);
3241string_cat(hash_source,&size,&offset,daystamp,3);
3242string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3243hash_source[offset] = '\0';
3244
3245DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3246
3247memset(innerkey, 0x36, 64);
3248memset(outerkey, 0x5c, 64);
3249
3250for (i = 0; i < Ustrlen(key); i++)
3251 {
3252 innerkey[i] ^= key[i];
3253 outerkey[i] ^= key[i];
3254 }
3255
3256chash_start(HMAC_SHA1, use_base);
3257chash_mid(HMAC_SHA1, use_base, innerkey);
3258chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3259
3260chash_start(HMAC_SHA1, use_base);
3261chash_mid(HMAC_SHA1, use_base, outerkey);
3262chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3263
3264p = finalhash_hex;
3265for (i = 0; i < 3; i++)
3266 {
3267 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3268 *p++ = hex_digits[finalhash[i] & 0x0f];
3269 }
3270*p = '\0';
3271
3272return finalhash_hex;
3273}
3274
3275
3276
3277
059ec3d9
PH
3278/*************************************************
3279* Join a file onto the output string *
3280*************************************************/
3281
3282/* This is used for readfile and after a run expansion. It joins the contents
3283of a file onto the output string, globally replacing newlines with a given
3284string (optionally). The file is closed at the end.
3285
3286Arguments:
3287 f the FILE
3288 yield pointer to the expandable string
3289 sizep pointer to the current size
3290 ptrp pointer to the current position
3291 eol newline replacement string, or NULL
3292
3293Returns: new value of string pointer
3294*/
3295
3296static uschar *
3297cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
3298{
3299int eollen;
3300uschar buffer[1024];
3301
3302eollen = (eol == NULL)? 0 : Ustrlen(eol);
3303
3304while (Ufgets(buffer, sizeof(buffer), f) != NULL)
3305 {
3306 int len = Ustrlen(buffer);
3307 if (eol != NULL && buffer[len-1] == '\n') len--;
3308 yield = string_cat(yield, sizep, ptrp, buffer, len);
3309 if (buffer[len] != 0)
3310 yield = string_cat(yield, sizep, ptrp, eol, eollen);
3311 }
3312
3313if (yield != NULL) yield[*ptrp] = 0;
3314
3315return yield;
3316}
3317
3318
3319
3320
3321/*************************************************
3322* Evaluate numeric expression *
3323*************************************************/
3324
af561417
PH
3325/* This is a set of mutually recursive functions that evaluate an arithmetic
3326expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3327these functions that is called from elsewhere is eval_expr, whose interface is:
059ec3d9
PH
3328
3329Arguments:
af561417
PH
3330 sptr pointer to the pointer to the string - gets updated
3331 decimal TRUE if numbers are to be assumed decimal
3332 error pointer to where to put an error message - must be NULL on input
3333 endket TRUE if ')' must terminate - FALSE for external call
059ec3d9 3334
af561417
PH
3335Returns: on success: the value of the expression, with *error still NULL
3336 on failure: an undefined value, with *error = a message
059ec3d9
PH
3337*/
3338
97d17305 3339static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
af561417 3340
059ec3d9 3341
97d17305 3342static int_eximarith_t
059ec3d9
PH
3343eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3344{
3345uschar *s = *sptr;
97d17305 3346int_eximarith_t x = eval_op_or(&s, decimal, error);
059ec3d9
PH
3347if (*error == NULL)
3348 {
af561417 3349 if (endket)
059ec3d9 3350 {
af561417
PH
3351 if (*s != ')')
3352 *error = US"expecting closing parenthesis";
3353 else
3354 while (isspace(*(++s)));
059ec3d9 3355 }
af561417 3356 else if (*s != 0) *error = US"expecting operator";
059ec3d9 3357 }
059ec3d9
PH
3358*sptr = s;
3359return x;
3360}
3361
af561417 3362
97d17305 3363static int_eximarith_t
af561417 3364eval_number(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH
3365{
3366register int c;
97d17305 3367int_eximarith_t n;
059ec3d9
PH
3368uschar *s = *sptr;
3369while (isspace(*s)) s++;
3370c = *s;
af561417 3371if (isdigit(c))
059ec3d9
PH
3372 {
3373 int count;
97d17305 3374 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
059ec3d9 3375 s += count;
97d17305
JH
3376 switch (tolower(*s))
3377 {
3378 default: break;
3379 case 'k': n *= 1024; s++; break;
3380 case 'm': n *= 1024*1024; s++; break;
3381 case 'g': n *= 1024*1024*1024; s++; break;
3382 }
059ec3d9
PH
3383 while (isspace (*s)) s++;
3384 }
3385else if (c == '(')
3386 {
3387 s++;
3388 n = eval_expr(&s, decimal, error, 1);
3389 }
3390else
3391 {
3392 *error = US"expecting number or opening parenthesis";
3393 n = 0;
3394 }
3395*sptr = s;
3396return n;
3397}
3398
af561417 3399
97d17305 3400static int_eximarith_t
aa7c82b2 3401eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3402{
3403uschar *s = *sptr;
97d17305 3404int_eximarith_t x;
af561417
PH
3405while (isspace(*s)) s++;
3406if (*s == '+' || *s == '-' || *s == '~')
3407 {
3408 int op = *s++;
3409 x = eval_op_unary(&s, decimal, error);
3410 if (op == '-') x = -x;
3411 else if (op == '~') x = ~x;
3412 }
3413else
3414 {
3415 x = eval_number(&s, decimal, error);
3416 }
3417*sptr = s;
3418return x;
3419}
3420
3421
97d17305 3422static int_eximarith_t
aa7c82b2 3423eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH
3424{
3425uschar *s = *sptr;
97d17305 3426int_eximarith_t x = eval_op_unary(&s, decimal, error);
059ec3d9
PH
3427if (*error == NULL)
3428 {
5591031b 3429 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH
3430 {
3431 int op = *s++;
97d17305 3432 int_eximarith_t y = eval_op_unary(&s, decimal, error);
059ec3d9 3433 if (*error != NULL) break;
053a9aa3
PP
3434 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3435 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3436 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3437 * -N*M is INT_MIN will yielf INT_MIN.
3438 * Since we don't support floating point, this is somewhat simpler.
3439 * Ideally, we'd return an error, but since we overflow for all other
3440 * arithmetic, consistency suggests otherwise, but what's the correct value
3441 * to use? There is none.
3442 * The C standard guarantees overflow for unsigned arithmetic but signed
3443 * overflow invokes undefined behaviour; in practice, this is overflow
3444 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3445 * that long/longlong larger than int are available, or we could just work
3446 * with larger types. We should consider whether to guarantee 32bit eval
3447 * and 64-bit working variables, with errors returned. For now ...
3448 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3449 * can just let the other invalid results occur otherwise, as they have
3450 * until now. For this one case, we can coerce.
3451 */
4328fd3c 3452 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
053a9aa3
PP
3453 {
3454 DEBUG(D_expand)
97d17305 3455 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
4328fd3c
JH
3456 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3457 x = EXIM_ARITH_MAX;
053a9aa3
PP
3458 continue;
3459 }
a5b52695
PP
3460 if (op == '*')
3461 x *= y;
3462 else
3463 {
3464 if (y == 0)
54e7ce4a 3465 {
a5b52695
PP
3466 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3467 x = 0;
3468 break;
54e7ce4a 3469 }
a5b52695
PP
3470 if (op == '/')
3471 x /= y;
3472 else
3473 x %= y;
3474 }
059ec3d9
PH
3475 }
3476 }
3477*sptr = s;
3478return x;
3479}
3480
3481
97d17305 3482static int_eximarith_t
aa7c82b2 3483eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3484{
3485uschar *s = *sptr;
97d17305 3486int_eximarith_t x = eval_op_mult(&s, decimal, error);
af561417
PH
3487if (*error == NULL)
3488 {
3489 while (*s == '+' || *s == '-')
3490 {
3491 int op = *s++;
97d17305 3492 int_eximarith_t y = eval_op_mult(&s, decimal, error);
af561417
PH
3493 if (*error != NULL) break;
3494 if (op == '+') x += y; else x -= y;
3495 }
3496 }
3497*sptr = s;
3498return x;
3499}
3500
3501
97d17305 3502static int_eximarith_t
aa7c82b2 3503eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3504{
3505uschar *s = *sptr;
97d17305 3506int_eximarith_t x = eval_op_sum(&s, decimal, error);
af561417
PH
3507if (*error == NULL)
3508 {
3509 while ((*s == '<' || *s == '>') && s[1] == s[0])
3510 {
97d17305 3511 int_eximarith_t y;
af561417
PH
3512 int op = *s++;
3513 s++;
3514 y = eval_op_sum(&s, decimal, error);
3515 if (*error != NULL) break;
3516 if (op == '<') x <<= y; else x >>= y;
3517 }
3518 }
3519*sptr = s;
3520return x;
3521}
3522
3523
97d17305 3524static int_eximarith_t
aa7c82b2 3525eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3526{
3527uschar *s = *sptr;
97d17305 3528int_eximarith_t x = eval_op_shift(&s, decimal, error);
af561417
PH
3529if (*error == NULL)
3530 {
3531 while (*s == '&')
3532 {
97d17305 3533 int_eximarith_t y;
af561417
PH
3534 s++;
3535 y = eval_op_shift(&s, decimal, error);
3536 if (*error != NULL) break;
3537 x &= y;
3538 }
3539 }
3540*sptr = s;
3541return x;
3542}
3543
3544
97d17305 3545static int_eximarith_t
aa7c82b2 3546eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3547{
3548uschar *s = *sptr;
97d17305 3549int_eximarith_t x = eval_op_and(&s, decimal, error);
af561417
PH
3550if (*error == NULL)
3551 {
3552 while (*s == '^')
3553 {
97d17305 3554 int_eximarith_t y;
af561417
PH
3555 s++;
3556 y = eval_op_and(&s, decimal, error);
3557 if (*error != NULL) break;
3558 x ^= y;
3559 }
3560 }
3561*sptr = s;
3562return x;
3563}
3564
3565
97d17305 3566static int_eximarith_t
aa7c82b2 3567eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3568{
3569uschar *s = *sptr;
97d17305 3570int_eximarith_t x = eval_op_xor(&s, decimal, error);
af561417
PH
3571if (*error == NULL)
3572 {
3573 while (*s == '|')
3574 {
97d17305 3575 int_eximarith_t y;
af561417
PH
3576 s++;
3577 y = eval_op_xor(&s, decimal, error);
3578 if (*error != NULL) break;
3579 x |= y;
3580 }
3581 }
3582*sptr = s;
3583return x;
3584}
3585
059ec3d9
PH
3586
3587
3588/*************************************************
3589* Expand string *
3590*************************************************/
3591
3592/* Returns either an unchanged string, or the expanded string in stacking pool
3593store. Interpreted sequences are:
3594
3595 \... normal escaping rules
3596 $name substitutes the variable
3597 ${name} ditto
3598 ${op:string} operates on the expanded string value
3599 ${item{arg1}{arg2}...} expands the args and then does the business
3600 some literal args are not enclosed in {}
3601
3602There are now far too many operators and item types to make it worth listing
3603them here in detail any more.
3604
3605We use an internal routine recursively to handle embedded substrings. The
3606external function follows. The yield is NULL if the expansion failed, and there
3607are two cases: if something collapsed syntactically, or if "fail" was given
3608as the action on a lookup failure. These can be distinguised by looking at the
3609variable expand_string_forcedfail, which is TRUE in the latter case.
3610
3611The skipping flag is set true when expanding a substring that isn't actually
3612going to be used (after "if" or "lookup") and it prevents lookups from
3613happening lower down.
3614
3615Store usage: At start, a store block of the length of the input plus 64
3616is obtained. This is expanded as necessary by string_cat(), which might have to
3617get a new block, or might be able to expand the original. At the end of the
3618function we can release any store above that portion of the yield block that
3619was actually used. In many cases this will be optimal.
3620
3621However: if the first item in the expansion is a variable name or header name,
3622we reset the store before processing it; if the result is in fresh store, we
3623use that without copying. This is helpful for expanding strings like
3624$message_headers which can get very long.
3625
d6b4d938
TF
3626There's a problem if a ${dlfunc item has side-effects that cause allocation,
3627since resetting the store at the end of the expansion will free store that was
3628allocated by the plugin code as well as the slop after the expanded string. So
b0e85a8f
JH
3629we skip any resets if ${dlfunc } has been used. The same applies for ${acl }
3630and, given the acl condition, ${if }. This is an unfortunate consequence of
3631string expansion becoming too powerful.
d6b4d938 3632
059ec3d9
PH
3633Arguments:
3634 string the string to be expanded
3635 ket_ends true if expansion is to stop at }
3636 left if not NULL, a pointer to the first character after the
3637 expansion is placed here (typically used with ket_ends)
3638 skipping TRUE for recursive calls when the value isn't actually going
3639 to be used (to allow for optimisation)
da6dbe26
PP
3640 honour_dollar TRUE if $ is to be expanded,
3641 FALSE if it's just another character
b0e85a8f
JH
3642 resetok_p if not NULL, pointer to flag - write FALSE if unsafe to reset
3643 the store.
059ec3d9
PH
3644
3645Returns: NULL if expansion fails:
3646 expand_string_forcedfail is set TRUE if failure was forced
3647 expand_string_message contains a textual error message
3648 a pointer to the expanded string on success
3649*/
3650
3651static uschar *
3652expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
b0e85a8f 3653 BOOL skipping, BOOL honour_dollar, BOOL *resetok_p)
059ec3d9
PH
3654{
3655int ptr = 0;
3656int size = Ustrlen(string)+ 64;
3657int item_type;
3658uschar *yield = store_get(size);
3659uschar *s = string;
3660uschar *save_expand_nstring[EXPAND_MAXN+1];
3661int save_expand_nlength[EXPAND_MAXN+1];
d6b4d938 3662BOOL resetok = TRUE;
059ec3d9
PH
3663
3664expand_string_forcedfail = FALSE;
3665expand_string_message = US"";
3666
3667while (*s != 0)
3668 {
3669 uschar *value;
3670 uschar name[256];
3671
3672 /* \ escapes the next character, which must exist, or else
3673 the expansion fails. There's a special escape, \N, which causes
3674 copying of the subject verbatim up to the next \N. Otherwise,
3675 the escapes are the standard set. */
3676
3677 if (*s == '\\')
3678 {
3679 if (s[1] == 0)
3680 {
3681 expand_string_message = US"\\ at end of string";
3682 goto EXPAND_FAILED;
3683 }
3684
3685 if (s[1] == 'N')
3686 {
3687 uschar *t = s + 2;
3688 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3689 yield = string_cat(yield, &size, &ptr, t, s - t);
3690 if (*s != 0) s += 2;
3691 }
3692
3693 else
3694 {
3695 uschar ch[1];
3696 ch[0] = string_interpret_escape(&s);
3697 s++;
3698 yield = string_cat(yield, &size, &ptr, ch, 1);
3699 }
3700
3701 continue;
3702 }
3703
2e23003a 3704 /*{*/
059ec3d9
PH
3705 /* Anything other than $ is just copied verbatim, unless we are
3706 looking for a terminating } character. */
3707
2e23003a 3708 /*{*/
059ec3d9
PH
3709 if (ket_ends && *s == '}') break;
3710
da6dbe26 3711 if (*s != '$' || !honour_dollar)
059ec3d9
PH
3712 {
3713 yield = string_cat(yield, &size, &ptr, s++, 1);
3714 continue;
3715 }
3716
3717 /* No { after the $ - must be a plain name or a number for string
3718 match variable. There has to be a fudge for variables that are the
3719 names of header fields preceded by "$header_" because header field
3720 names can contain any printing characters except space and colon.
3721 For those that don't like typing this much, "$h_" is a synonym for
3722 "$header_". A non-existent header yields a NULL value; nothing is
2e23003a 3723 inserted. */ /*}*/
059ec3d9
PH
3724
3725 if (isalpha((*(++s))))
3726 {
3727 int len;
3728 int newsize = 0;
3729
3730 s = read_name(name, sizeof(name), s, US"_");
3731
3732 /* If this is the first thing to be expanded, release the pre-allocated
3733 buffer. */
3734
3735 if (ptr == 0 && yield != NULL)
3736 {
d6b4d938 3737 if (resetok) store_reset(yield);
059ec3d9
PH