projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Support dnssec in verify-callout use of smtp transport.
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH		 1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5a66c31b 5/* Copyright (c) University of Cambridge 1995 - 2014 */
059ec3d9
PH		 6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH		 14/* Recursively called function */
15
b0e85a8f 16static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL, BOOL, BOOL *);
96c065cb 17
059ec3d9
PH		 18#ifdef STAND_ALONE
19#ifndef SUPPORT_CRYPTEQ
20#define SUPPORT_CRYPTEQ
21#endif
22#endif
23
96c065cb
PH		 24#ifdef LOOKUP_LDAP
25#include "lookups/ldap.h"
26#endif
27
059ec3d9
PH		 28#ifdef SUPPORT_CRYPTEQ
29#ifdef CRYPT_H
30#include <crypt.h>
31#endif
32#ifndef HAVE_CRYPT16
33extern char* crypt16(char*, char*);
34#endif
35#endif
36
96c065cb
PH		 37/* The handling of crypt16() is a mess. I will record below the analysis of the
38mess that was sent to me. We decided, however, to make changing this very low
39priority, because in practice people are moving away from the crypt()
40algorithms nowadays, so it doesn't seem worth it.
41
42<quote>
43There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44the first 8 characters of the password using a 20-round version of crypt
45(standard crypt does 25 rounds). It then crypts the next 8 characters,
46or an empty block if the password is less than 9 characters, using a
4720-round version of crypt and the same salt as was used for the first
48block. Charaters after the first 16 are ignored. It always generates
49a 16-byte hash, which is expressed together with the salt as a string
50of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56and OSF/1. This is the same as the standard crypt if given a password
57of 8 characters or less. If given more, it first does the same as crypt
58using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59using as salt the first two base 64 digits from the first hash block.
60If the password is more than 16 characters then it crypts the 17th to 24th
61characters using as salt the first two base 64 digits from the second hash
62block. And so on: I've seen references to it cutting off the password at
6340 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70Exim has something it calls "crypt16". It will either use a native
71crypt16 or its own implementation. A native crypt16 will presumably
72be the one that I called "crypt16" above. The internal "crypt16"
73function, however, is a two-block-maximum implementation of what I called
74"bigcrypt". The documentation matches the internal code.
75
76I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77that crypt16 and bigcrypt were different things.
78
79Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80to whatever it is using under that name. This unfortunately sets a
81precedent for using "{crypt16}" to identify two incompatible algorithms
82whose output can't be distinguished. With "{crypt16}" thus rendered
83ambiguous, I suggest you deprecate it and invent two new identifiers
84for the two algorithms.
85
86Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87of the password separately means they can be cracked separately, so
88the double-length hash only doubles the cracking effort instead of
89squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90bcrypt ({CRYPT}$2a$).
91</quote>
92*/
059ec3d9
PH		 93
94
059ec3d9
PH		 95
96
97/*************************************************
98* Local statics and tables *
99*************************************************/
100
101/* Table of item names, and corresponding switch numbers. The names must be in
102alphabetical order. */
103
104static uschar *item_table[] = {
723c72e6 105 US"acl",
1a46a8c5 106 US"dlfunc",
059ec3d9 107 US"extract",
29f89cad 108 US"filter",
059ec3d9
PH		 109 US"hash",
110 US"hmac",
111 US"if",
112 US"length",
aa26e137 113 US"listextract",
059ec3d9 114 US"lookup",
29f89cad 115 US"map",
059ec3d9 116 US"nhash",
1a46a8c5 117 US"perl",
fffda43a
TK		 118 US"prvs",
119 US"prvscheck",
059ec3d9
PH		 120 US"readfile",
121 US"readsocket",
29f89cad 122 US"reduce",
059ec3d9
PH		 123 US"run",
124 US"sg",
125 US"substr",
126 US"tr" };
127
128enum {
723c72e6 129 EITEM_ACL,
1a46a8c5 130 EITEM_DLFUNC,
059ec3d9 131 EITEM_EXTRACT,
29f89cad 132 EITEM_FILTER,
059ec3d9
PH		 133 EITEM_HASH,
134 EITEM_HMAC,
135 EITEM_IF,
136 EITEM_LENGTH,
aa26e137 137 EITEM_LISTEXTRACT,
059ec3d9 138 EITEM_LOOKUP,
29f89cad 139 EITEM_MAP,
059ec3d9 140 EITEM_NHASH,
1a46a8c5 141 EITEM_PERL,
fffda43a
TK		 142 EITEM_PRVS,
143 EITEM_PRVSCHECK,
059ec3d9
PH		 144 EITEM_READFILE,
145 EITEM_READSOCK,
29f89cad 146 EITEM_REDUCE,
059ec3d9
PH		 147 EITEM_RUN,
148 EITEM_SG,
149 EITEM_SUBSTR,
150 EITEM_TR };
151
152/* Tables of operator names, and corresponding switch numbers. The names must be
153in alphabetical order. There are two tables, because underscore is used in some
154cases to introduce arguments, whereas for other it is part of the name. This is
155an historical mis-design. */
156
157static uschar *op_table_underscore[] = {
158 US"from_utf8",
159 US"local_part",
160 US"quote_local_part",
83e029d5 161 US"reverse_ip",
f90d018c 162 US"time_eval",
059ec3d9
PH		 163 US"time_interval"};
164
165enum {
166 EOP_FROM_UTF8,
167 EOP_LOCAL_PART,
168 EOP_QUOTE_LOCAL_PART,
83e029d5 169 EOP_REVERSE_IP,
f90d018c 170 EOP_TIME_EVAL,
059ec3d9
PH		 171 EOP_TIME_INTERVAL };
172
173static uschar *op_table_main[] = {
174 US"address",
29f89cad 175 US"addresses",
059ec3d9
PH		 176 US"base62",
177 US"base62d",
178 US"domain",
179 US"escape",
180 US"eval",
181 US"eval10",
182 US"expand",
183 US"h",
184 US"hash",
185 US"hex2b64",
c393f931 186 US"hexquote",
059ec3d9
PH		 187 US"l",
188 US"lc",
189 US"length",
a64a3dfa
JH		 190 US"listcount",
191 US"listnamed",
059ec3d9
PH		 192 US"mask",
193 US"md5",
194 US"nh",
195 US"nhash",
196 US"quote",
9e3331ea 197 US"randint",
059ec3d9 198 US"rfc2047",
9c57cbc0 199 US"rfc2047d",
059ec3d9
PH		 200 US"rxquote",
201 US"s",
202 US"sha1",
203 US"stat",
204 US"str2b64",
205 US"strlen",
206 US"substr",
b9c2e32f
AR		 207 US"uc",
208 US"utf8clean" };
059ec3d9
PH		 209
210enum {
211 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
29f89cad 212 EOP_ADDRESSES,
059ec3d9
PH		 213 EOP_BASE62,
214 EOP_BASE62D,
215 EOP_DOMAIN,
216 EOP_ESCAPE,
217 EOP_EVAL,
218 EOP_EVAL10,
219 EOP_EXPAND,
220 EOP_H,
221 EOP_HASH,
222 EOP_HEX2B64,
c393f931 223 EOP_HEXQUOTE,
059ec3d9
PH		 224 EOP_L,
225 EOP_LC,
226 EOP_LENGTH,
a64a3dfa
JH		 227 EOP_LISTCOUNT,
228 EOP_LISTNAMED,
059ec3d9
PH		 229 EOP_MASK,
230 EOP_MD5,
231 EOP_NH,
232 EOP_NHASH,
233 EOP_QUOTE,
9e3331ea 234 EOP_RANDINT,
059ec3d9 235 EOP_RFC2047,
9c57cbc0 236 EOP_RFC2047D,
059ec3d9
PH		 237 EOP_RXQUOTE,
238 EOP_S,
239 EOP_SHA1,
240 EOP_STAT,
241 EOP_STR2B64,
242 EOP_STRLEN,
243 EOP_SUBSTR,
b9c2e32f
AR		 244 EOP_UC,
245 EOP_UTF8CLEAN };
059ec3d9
PH		 246
247
248/* Table of condition names, and corresponding switch numbers. The names must
249be in alphabetical order. */
250
251static uschar *cond_table[] = {
252 US"<",
253 US"<=",
254 US"=",
255 US"==", /* Backward compatibility */
256 US">",
257 US">=",
333eea9c 258 US"acl",
059ec3d9 259 US"and",
f3766eb5 260 US"bool",
6a8de854 261 US"bool_lax",
059ec3d9
PH		 262 US"crypteq",
263 US"def",
264 US"eq",
265 US"eqi",
266 US"exists",
267 US"first_delivery",
0ce9abe6
PH		 268 US"forall",
269 US"forany",
059ec3d9
PH		 270 US"ge",
271 US"gei",
272 US"gt",
273 US"gti",
76dca828
PP		 274 US"inlist",
275 US"inlisti",
059ec3d9
PH		 276 US"isip",
277 US"isip4",
278 US"isip6",
279 US"ldapauth",
280 US"le",
281 US"lei",
282 US"lt",
283 US"lti",
284 US"match",
285 US"match_address",
286 US"match_domain",
32d668a5 287 US"match_ip",
059ec3d9
PH		 288 US"match_local_part",
289 US"or",
290 US"pam",
291 US"pwcheck",
292 US"queue_running",
293 US"radius",
294 US"saslauthd"
295};
296
297enum {
298 ECOND_NUM_L,
299 ECOND_NUM_LE,
300 ECOND_NUM_E,
301 ECOND_NUM_EE,
302 ECOND_NUM_G,
303 ECOND_NUM_GE,
333eea9c 304 ECOND_ACL,
059ec3d9 305 ECOND_AND,
f3766eb5 306 ECOND_BOOL,
6a8de854 307 ECOND_BOOL_LAX,
059ec3d9
PH		 308 ECOND_CRYPTEQ,
309 ECOND_DEF,
310 ECOND_STR_EQ,
311 ECOND_STR_EQI,
312 ECOND_EXISTS,
313 ECOND_FIRST_DELIVERY,
0ce9abe6
PH		 314 ECOND_FORALL,
315 ECOND_FORANY,
059ec3d9
PH		 316 ECOND_STR_GE,
317 ECOND_STR_GEI,
318 ECOND_STR_GT,
319 ECOND_STR_GTI,
76dca828
PP		 320 ECOND_INLIST,
321 ECOND_INLISTI,
059ec3d9
PH		 322 ECOND_ISIP,
323 ECOND_ISIP4,
324 ECOND_ISIP6,
325 ECOND_LDAPAUTH,
326 ECOND_STR_LE,
327 ECOND_STR_LEI,
328 ECOND_STR_LT,
329 ECOND_STR_LTI,
330 ECOND_MATCH,
331 ECOND_MATCH_ADDRESS,
332 ECOND_MATCH_DOMAIN,
32d668a5 333 ECOND_MATCH_IP,
059ec3d9
PH		 334 ECOND_MATCH_LOCAL_PART,
335 ECOND_OR,
336 ECOND_PAM,
337 ECOND_PWCHECK,
338 ECOND_QUEUE_RUNNING,
339 ECOND_RADIUS,
340 ECOND_SASLAUTHD
341};
342
343
344/* Type for main variable table */
345
346typedef struct {
1ba28e2b
PP		 347 const char *name;
348 int type;
349 void *value;
059ec3d9
PH		 350} var_entry;
351
352/* Type for entries pointing to address/length pairs. Not currently
353in use. */
354
355typedef struct {
356 uschar **address;
357 int *length;
358} alblock;
359
360/* Types of table entry */
361
362enum {
363 vtype_int, /* value is address of int */
364 vtype_filter_int, /* ditto, but recognized only when filtering */
365 vtype_ino, /* value is address of ino_t (not always an int) */
366 vtype_uid, /* value is address of uid_t (not always an int) */
367 vtype_gid, /* value is address of gid_t (not always an int) */
11d7e4fa 368 vtype_bool, /* value is address of bool */
059ec3d9
PH		 369 vtype_stringptr, /* value is address of pointer to string */
370 vtype_msgbody, /* as stringptr, but read when first required */
371 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH		 372 vtype_msgheaders, /* the message's headers, processed */
373 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH		 374 vtype_localpart, /* extract local part from string */
375 vtype_domain, /* extract domain from string */
362145b5 376 vtype_string_func, /* value is string returned by given function */
059ec3d9
PH		 377 vtype_todbsdin, /* value not used; generate BSD inbox tod */
378 vtype_tode, /* value not used; generate tod in epoch format */
f5787926 379 vtype_todel, /* value not used; generate tod in epoch/usec format */
059ec3d9
PH		 380 vtype_todf, /* value not used; generate full tod */
381 vtype_todl, /* value not used; generate log tod */
382 vtype_todlf, /* value not used; generate log file datestamp tod */
383 vtype_todzone, /* value not used; generate time zone only */
384 vtype_todzulu, /* value not used; generate zulu tod */
385 vtype_reply, /* value not used; get reply from headers */
386 vtype_pid, /* value not used; result is pid */
387 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH		 388 vtype_load_avg, /* value not used; result is int from os_getloadavg */
389 vtype_pspace, /* partition space; value is T/F for spool/log */
8e669ac1 390 vtype_pinodes /* partition inodes; value is T/F for spool/log */
80a47a2c
TK		 391 #ifndef DISABLE_DKIM
392 ,vtype_dkim /* Lookup of value in DKIM signature */
393 #endif
059ec3d9
PH		 394 };
395
362145b5
JH		 396static uschar * fn_recipients(void);
397
059ec3d9
PH		 398/* This table must be kept in alphabetical order. */
399
400static var_entry var_table[] = {
38a0a95f
PH		 401 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
402 they will be confused with user-creatable ACL variables. */
525239c1
JH		 403 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
404 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
405 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
406 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
407 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
408 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
409 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
410 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
411 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
412 { "acl_narg", vtype_int, &acl_narg },
059ec3d9
PH		 413 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
414 { "address_data", vtype_stringptr, &deliver_address_data },
415 { "address_file", vtype_stringptr, &address_file },
416 { "address_pipe", vtype_stringptr, &address_pipe },
2d07a215 417 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
059ec3d9
PH		 418 { "authenticated_id", vtype_stringptr, &authenticated_id },
419 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
420 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP		 421#ifdef WITH_CONTENT_SCAN
422 { "av_failed", vtype_int, &av_failed },
423#endif
8523533c
TK		 424#ifdef EXPERIMENTAL_BRIGHTMAIL
425 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
426 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
427 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
428 { "bmi_deliver", vtype_int, &bmi_deliver },
429#endif
059ec3d9
PH		 430 { "body_linecount", vtype_int, &body_linecount },
431 { "body_zerocount", vtype_int, &body_zerocount },
432 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
433 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
434 { "caller_gid", vtype_gid, &real_gid },
435 { "caller_uid", vtype_uid, &real_uid },
436 { "compile_date", vtype_stringptr, &version_date },
437 { "compile_number", vtype_stringptr, &version_cnumber },
e5a9dba6 438 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK		 439#ifdef EXPERIMENTAL_DCC
440 { "dcc_header", vtype_stringptr, &dcc_header },
441 { "dcc_result", vtype_stringptr, &dcc_result },
442#endif
8523533c
TK		 443#ifdef WITH_OLD_DEMIME
444 { "demime_errorlevel", vtype_int, &demime_errorlevel },
445 { "demime_reason", vtype_stringptr, &demime_reason },
fb2274d4 446#endif
80a47a2c
TK		 447#ifndef DISABLE_DKIM
448 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
449 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
450 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
451 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
452 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
453 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 454 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 455 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK		 456 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
457 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
458 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
459 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
460 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
461 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
462 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
463 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 464 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 465 { "dkim_signers", vtype_stringptr, &dkim_signers },
80a47a2c
TK		 466 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
467 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
4840604e
TL		 468#endif
469#ifdef EXPERIMENTAL_DMARC
470 { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
8c8b8274 471 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
4840604e
TL		 472 { "dmarc_status", vtype_stringptr, &dmarc_status },
473 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
474 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
8523533c 475#endif
059ec3d9 476 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 477 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH		 478 { "dnslist_text", vtype_stringptr, &dnslist_text },
479 { "dnslist_value", vtype_stringptr, &dnslist_value },
480 { "domain", vtype_stringptr, &deliver_domain },
481 { "domain_data", vtype_stringptr, &deliver_domain_data },
482 { "exim_gid", vtype_gid, &exim_gid },
483 { "exim_path", vtype_stringptr, &exim_path },
484 { "exim_uid", vtype_uid, &exim_uid },
8523533c
TK		 485#ifdef WITH_OLD_DEMIME
486 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 487#endif
362145b5 488 { "headers_added", vtype_string_func, &fn_hdrs_added },
059ec3d9
PH		 489 { "home", vtype_stringptr, &deliver_home },
490 { "host", vtype_stringptr, &deliver_host },
491 { "host_address", vtype_stringptr, &deliver_host_address },
492 { "host_data", vtype_stringptr, &host_data },
b08b24c8 493 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9
PH		 494 { "host_lookup_failed", vtype_int, &host_lookup_failed },
495 { "inode", vtype_ino, &deliver_inode },
496 { "interface_address", vtype_stringptr, &interface_address },
497 { "interface_port", vtype_int, &interface_port },
0ce9abe6 498 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH		 499 #ifdef LOOKUP_LDAP
500 { "ldap_dn", vtype_stringptr, &eldap_dn },
501 #endif
502 { "load_average", vtype_load_avg, NULL },
503 { "local_part", vtype_stringptr, &deliver_localpart },
504 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
505 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
506 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
507 { "local_scan_data", vtype_stringptr, &local_scan_data },
508 { "local_user_gid", vtype_gid, &local_user_gid },
509 { "local_user_uid", vtype_uid, &local_user_uid },
510 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 511 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 512 { "log_space", vtype_pspace, (void *)FALSE },
4e0983dc 513 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
059ec3d9 514 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK		 515#ifdef WITH_CONTENT_SCAN
516 { "malware_name", vtype_stringptr, &malware_name },
517#endif
d677b2f2 518 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH		 519 { "message_age", vtype_int, &message_age },
520 { "message_body", vtype_msgbody, &message_body },
521 { "message_body_end", vtype_msgbody_end, &message_body_end },
522 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 523 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 524 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 525 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 526 { "message_id", vtype_stringptr, &message_id },
2e0c1448 527 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 528 { "message_size", vtype_int, &message_size },
8523533c
TK		 529#ifdef WITH_CONTENT_SCAN
530 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
531 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
532 { "mime_boundary", vtype_stringptr, &mime_boundary },
533 { "mime_charset", vtype_stringptr, &mime_charset },
534 { "mime_content_description", vtype_stringptr, &mime_content_description },
535 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
536 { "mime_content_id", vtype_stringptr, &mime_content_id },
537 { "mime_content_size", vtype_int, &mime_content_size },
538 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
539 { "mime_content_type", vtype_stringptr, &mime_content_type },
540 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
541 { "mime_filename", vtype_stringptr, &mime_filename },
542 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
543 { "mime_is_multipart", vtype_int, &mime_is_multipart },
544 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
545 { "mime_part_count", vtype_int, &mime_part_count },
546#endif
059ec3d9
PH		 547 { "n0", vtype_filter_int, &filter_n[0] },
548 { "n1", vtype_filter_int, &filter_n[1] },
549 { "n2", vtype_filter_int, &filter_n[2] },
550 { "n3", vtype_filter_int, &filter_n[3] },
551 { "n4", vtype_filter_int, &filter_n[4] },
552 { "n5", vtype_filter_int, &filter_n[5] },
553 { "n6", vtype_filter_int, &filter_n[6] },
554 { "n7", vtype_filter_int, &filter_n[7] },
555 { "n8", vtype_filter_int, &filter_n[8] },
556 { "n9", vtype_filter_int, &filter_n[9] },
557 { "original_domain", vtype_stringptr, &deliver_domain_orig },
558 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
559 { "originator_gid", vtype_gid, &originator_gid },
560 { "originator_uid", vtype_uid, &originator_uid },
561 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
562 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
563 { "pid", vtype_pid, NULL },
564 { "primary_hostname", vtype_stringptr, &primary_hostname },
a3c86431 565#ifdef EXPERIMENTAL_PROXY
a3bddaa8
TL		 566 { "proxy_host_address", vtype_stringptr, &proxy_host_address },
567 { "proxy_host_port", vtype_int, &proxy_host_port },
a3c86431 568 { "proxy_session", vtype_bool, &proxy_session },
eb57651e
TL		 569 { "proxy_target_address",vtype_stringptr, &proxy_target_address },
570 { "proxy_target_port", vtype_int, &proxy_target_port },
a3c86431 571#endif
fffda43a
TK		 572 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
573 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
574 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH		 575 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
576 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
577 { "rcpt_count", vtype_int, &rcpt_count },
578 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
579 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
580 { "received_count", vtype_int, &received_count },
581 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH		 582 { "received_ip_address", vtype_stringptr, &interface_address },
583 { "received_port", vtype_int, &interface_port },
059ec3d9 584 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 585 { "received_time", vtype_int, &received_time },
059ec3d9 586 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 587 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
362145b5 588 { "recipients", vtype_string_func, &fn_recipients },
059ec3d9 589 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK		 590#ifdef WITH_CONTENT_SCAN
591 { "regex_match_string", vtype_stringptr, &regex_match_string },
592#endif
059ec3d9
PH		 593 { "reply_address", vtype_reply, NULL },
594 { "return_path", vtype_stringptr, &return_path },
595 { "return_size_limit", vtype_int, &bounce_return_size_limit },
181d9bf8 596 { "router_name", vtype_stringptr, &router_name },
059ec3d9
PH		 597 { "runrc", vtype_int, &runrc },
598 { "self_hostname", vtype_stringptr, &self_hostname },
599 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 600 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH		 601 { "sender_address_domain", vtype_domain, &sender_address },
602 { "sender_address_local_part", vtype_localpart, &sender_address },
603 { "sender_data", vtype_stringptr, &sender_data },
604 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
605 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
606 { "sender_host_address", vtype_stringptr, &sender_host_address },
607 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
11d7e4fa 608 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
059ec3d9
PH		 609 { "sender_host_name", vtype_host_lookup, NULL },
610 { "sender_host_port", vtype_int, &sender_host_port },
611 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF		 612 { "sender_rate", vtype_stringptr, &sender_rate },
613 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
614 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 615 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 616 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH		 617 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
618 { "sending_port", vtype_int, &sending_port },
8e669ac1 619 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH		 620 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
621 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
b01dd148 622 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 623 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH		 624 { "sn0", vtype_filter_int, &filter_sn[0] },
625 { "sn1", vtype_filter_int, &filter_sn[1] },
626 { "sn2", vtype_filter_int, &filter_sn[2] },
627 { "sn3", vtype_filter_int, &filter_sn[3] },
628 { "sn4", vtype_filter_int, &filter_sn[4] },
629 { "sn5", vtype_filter_int, &filter_sn[5] },
630 { "sn6", vtype_filter_int, &filter_sn[6] },
631 { "sn7", vtype_filter_int, &filter_sn[7] },
632 { "sn8", vtype_filter_int, &filter_sn[8] },
633 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c
TK		 634#ifdef WITH_CONTENT_SCAN
635 { "spam_bar", vtype_stringptr, &spam_bar },
636 { "spam_report", vtype_stringptr, &spam_report },
637 { "spam_score", vtype_stringptr, &spam_score },
638 { "spam_score_int", vtype_stringptr, &spam_score_int },
639#endif
640#ifdef EXPERIMENTAL_SPF
65a7d8c3 641 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK		 642 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
643 { "spf_received", vtype_stringptr, &spf_received },
644 { "spf_result", vtype_stringptr, &spf_result },
645 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
646#endif
059ec3d9 647 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 648 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 649 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK		 650#ifdef EXPERIMENTAL_SRS
651 { "srs_db_address", vtype_stringptr, &srs_db_address },
652 { "srs_db_key", vtype_stringptr, &srs_db_key },
653 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
654 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
655 { "srs_recipient", vtype_stringptr, &srs_recipient },
656 { "srs_status", vtype_stringptr, &srs_status },
657#endif
059ec3d9 658 { "thisaddress", vtype_stringptr, &filter_thisaddress },
817d9f57 659
d9b2312b 660 /* The non-(in,out) variables are now deprecated */
817d9f57
JH		 661 { "tls_bits", vtype_int, &tls_in.bits },
662 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
663 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
d9b2312b
JH		 664
665 { "tls_in_bits", vtype_int, &tls_in.bits },
666 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
667 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
668 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
669#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
670 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
671#endif
817d9f57 672 { "tls_out_bits", vtype_int, &tls_out.bits },
cb9d95ae 673 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
817d9f57
JH		 674 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
675 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
676#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
677 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
7be682ca 678#endif
d9b2312b 679
613dd4ae
JH		 680 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
681#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
682 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
683#endif
817d9f57 684
059ec3d9
PH		 685 { "tod_bsdinbox", vtype_todbsdin, NULL },
686 { "tod_epoch", vtype_tode, NULL },
f5787926 687 { "tod_epoch_l", vtype_todel, NULL },
059ec3d9
PH		 688 { "tod_full", vtype_todf, NULL },
689 { "tod_log", vtype_todl, NULL },
690 { "tod_logfile", vtype_todlf, NULL },
691 { "tod_zone", vtype_todzone, NULL },
692 { "tod_zulu", vtype_todzulu, NULL },
d68218c7
JH		 693#ifdef EXPERIMENTAL_TPDA
694 { "tpda_defer_errno", vtype_int, &tpda_defer_errno },
695 { "tpda_defer_errstr", vtype_stringptr, &tpda_defer_errstr },
696 { "tpda_delivery_confirmation", vtype_stringptr, &tpda_delivery_confirmation },
697 { "tpda_delivery_domain", vtype_stringptr, &tpda_delivery_domain },
698 { "tpda_delivery_fqdn", vtype_stringptr, &tpda_delivery_fqdn },
699 { "tpda_delivery_ip", vtype_stringptr, &tpda_delivery_ip },
700 { "tpda_delivery_local_part",vtype_stringptr,&tpda_delivery_local_part },
701 { "tpda_delivery_port", vtype_int, &tpda_delivery_port },
702#endif
181d9bf8 703 { "transport_name", vtype_stringptr, &transport_name },
059ec3d9
PH		 704 { "value", vtype_stringptr, &lookup_value },
705 { "version_number", vtype_stringptr, &version_string },
706 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
707 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
708 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
709 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
710 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
711 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
712};
713
714static int var_table_size = sizeof(var_table)/sizeof(var_entry);
715static uschar var_buffer[256];
716static BOOL malformed_header;
717
718/* For textual hashes */
719
1ba28e2b
PP		 720static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
721 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
722 "0123456789";
059ec3d9
PH		 723
724enum { HMAC_MD5, HMAC_SHA1 };
725
726/* For numeric hashes */
727
728static unsigned int prime[] = {
729 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
730 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
731 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
732
733/* For printing modes in symbolic form */
734
735static uschar *mtable_normal[] =
736 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
737
738static uschar *mtable_setid[] =
739 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
740
741static uschar *mtable_sticky[] =
742 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
743
744
745
746/*************************************************
747* Tables for UTF-8 support *
748*************************************************/
749
750/* Table of the number of extra characters, indexed by the first character
751masked with 0x3f. The highest number for a valid UTF-8 character is in fact
7520x3d. */
753
754static uschar utf8_table1[] = {
755 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
756 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
757 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
758 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
759
760/* These are the masks for the data bits in the first byte of a character,
761indexed by the number of additional bytes. */
762
763static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
764
765/* Get the next UTF-8 character, advancing the pointer. */
766
767#define GETUTF8INC(c, ptr) \
768 c = *ptr++; \
769 if ((c & 0xc0) == 0xc0) \
770 { \
771 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
772 int s = 6*a; \
773 c = (c & utf8_table2[a]) << s; \
774 while (a-- > 0) \
775 { \
776 s -= 6; \
777 c |= (*ptr++ & 0x3f) << s; \
778 } \
779 }
780
781
782/*************************************************
783* Binary chop search on a table *
784*************************************************/
785
786/* This is used for matching expansion items and operators.
787
788Arguments:
789 name the name that is being sought
790 table the table to search
791 table_size the number of items in the table
792
793Returns: the offset in the table, or -1
794*/
795
796static int
797chop_match(uschar *name, uschar **table, int table_size)
798{
799uschar **bot = table;
800uschar **top = table + table_size;
801
802while (top > bot)
803 {
804 uschar **mid = bot + (top - bot)/2;
805 int c = Ustrcmp(name, *mid);
806 if (c == 0) return mid - table;
807 if (c > 0) bot = mid + 1; else top = mid;
808 }
809
810return -1;
811}
812
813
814
815/*************************************************
816* Check a condition string *
817*************************************************/
818
819/* This function is called to expand a string, and test the result for a "true"
820or "false" value. Failure of the expansion yields FALSE; logged unless it was a
be7a5781
JH		 821forced fail or lookup defer.
822
823We used to release all store used, but this is not not safe due
824to ${dlfunc } and ${acl }. In any case expand_string_internal()
825is reasonably careful to release what it can.
059ec3d9 826
6a8de854
PP		 827The actual false-value tests should be replicated for ECOND_BOOL_LAX.
828
059ec3d9
PH		 829Arguments:
830 condition the condition string
831 m1 text to be incorporated in panic error
832 m2 ditto
833
834Returns: TRUE if condition is met, FALSE if not
835*/
836
837BOOL
838expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
839{
840int rc;
059ec3d9
PH		 841uschar *ss = expand_string(condition);
842if (ss == NULL)
843 {
844 if (!expand_string_forcedfail && !search_find_defer)
845 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
846 "for %s %s: %s", condition, m1, m2, expand_string_message);
847 return FALSE;
848 }
849rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
850 strcmpic(ss, US"false") != 0;
059ec3d9
PH		 851return rc;
852}
853
854
855
17c76198 856
9e3331ea
TK		 857/*************************************************
858* Pseudo-random number generation *
859*************************************************/
860
861/* Pseudo-random number generation. The result is not "expected" to be
862cryptographically strong but not so weak that someone will shoot themselves
863in the foot using it as a nonce in some email header scheme or whatever
864weirdness they'll twist this into. The result should ideally handle fork().
865
866However, if we're stuck unable to provide this, then we'll fall back to
867appallingly bad randomness.
868
17c76198
PP		 869If SUPPORT_TLS is defined then this will not be used except as an emergency
870fallback.
9e3331ea
TK		 871
872Arguments:
873 max range maximum
874Returns a random number in range [0, max-1]
875*/
876
17c76198
PP		 877#ifdef SUPPORT_TLS
878# define vaguely_random_number vaguely_random_number_fallback
879#endif
9e3331ea 880int
17c76198 881vaguely_random_number(int max)
9e3331ea 882{
17c76198
PP		 883#ifdef SUPPORT_TLS
884# undef vaguely_random_number
885#endif
9e3331ea
TK		 886 static pid_t pid = 0;
887 pid_t p2;
888#if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
889 struct timeval tv;
890#endif
891
892 p2 = getpid();
893 if (p2 != pid)
894 {
895 if (pid != 0)
896 {
897
898#ifdef HAVE_ARC4RANDOM
899 /* cryptographically strong randomness, common on *BSD platforms, not
900 so much elsewhere. Alas. */
901 arc4random_stir();
902#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
903#ifdef HAVE_SRANDOMDEV
904 /* uses random(4) for seeding */
905 srandomdev();
906#else
907 gettimeofday(&tv, NULL);
908 srandom(tv.tv_sec | tv.tv_usec | getpid());
909#endif
910#else
911 /* Poor randomness and no seeding here */
912#endif
913
914 }
915 pid = p2;
916 }
917
918#ifdef HAVE_ARC4RANDOM
919 return arc4random() % max;
920#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
921 return random() % max;
922#else
923 /* This one returns a 16-bit number, definitely not crypto-strong */
924 return random_number(max);
925#endif
926}
927
17c76198
PP		 928
929
9e3331ea 930
059ec3d9
PH		 931/*************************************************
932* Pick out a name from a string *
933*************************************************/
934
935/* If the name is too long, it is silently truncated.
936
937Arguments:
938 name points to a buffer into which to put the name
939 max is the length of the buffer
940 s points to the first alphabetic character of the name
941 extras chars other than alphanumerics to permit
942
943Returns: pointer to the first character after the name
944
945Note: The test for *s != 0 in the while loop is necessary because
946Ustrchr() yields non-NULL if the character is zero (which is not something
947I expected). */
948
949static uschar *
950read_name(uschar *name, int max, uschar *s, uschar *extras)
951{
952int ptr = 0;
953while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
954 {
955 if (ptr < max-1) name[ptr++] = *s;
956 s++;
957 }
958name[ptr] = 0;
959return s;
960}
961
962
963
964/*************************************************
965* Pick out the rest of a header name *
966*************************************************/
967
968/* A variable name starting $header_ (or just $h_ for those who like
969abbreviations) might not be the complete header name because headers can
970contain any printing characters in their names, except ':'. This function is
971called to read the rest of the name, chop h[eader]_ off the front, and put ':'
972on the end, if the name was terminated by white space.
973
974Arguments:
975 name points to a buffer in which the name read so far exists
976 max is the length of the buffer
977 s points to the first character after the name so far, i.e. the
978 first non-alphameric character after $header_xxxxx
979
980Returns: a pointer to the first character after the header name
981*/
982
983static uschar *
984read_header_name(uschar *name, int max, uschar *s)
985{
986int prelen = Ustrchr(name, '_') - name + 1;
987int ptr = Ustrlen(name) - prelen;
988if (ptr > 0) memmove(name, name+prelen, ptr);
989while (mac_isgraph(*s) && *s != ':')
990 {
991 if (ptr < max-1) name[ptr++] = *s;
992 s++;
993 }
994if (*s == ':') s++;
995name[ptr++] = ':';
996name[ptr] = 0;
997return s;
998}
999
1000
1001
1002/*************************************************
1003* Pick out a number from a string *
1004*************************************************/
1005
1006/* Arguments:
1007 n points to an integer into which to put the number
1008 s points to the first digit of the number
1009
1010Returns: a pointer to the character after the last digit
1011*/
1012
1013static uschar *
1014read_number(int *n, uschar *s)
1015{
1016*n = 0;
1017while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1018return s;
1019}
1020
1021
1022
1023/*************************************************
1024* Extract keyed subfield from a string *
1025*************************************************/
1026
1027/* The yield is in dynamic store; NULL means that the key was not found.
1028
1029Arguments:
1030 key points to the name of the key
1031 s points to the string from which to extract the subfield
1032
1033Returns: NULL if the subfield was not found, or
1034 a pointer to the subfield's data
1035*/
1036
1037static uschar *
1038expand_getkeyed(uschar *key, uschar *s)
1039{
1040int length = Ustrlen(key);
1041while (isspace(*s)) s++;
1042
1043/* Loop to search for the key */
1044
1045while (*s != 0)
1046 {
1047 int dkeylength;
1048 uschar *data;
1049 uschar *dkey = s;
1050
1051 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1052 dkeylength = s - dkey;
1053 while (isspace(*s)) s++;
1054 if (*s == '=') while (isspace((*(++s))));
1055
1056 data = string_dequote(&s);
1057 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1058 return data;
1059
1060 while (isspace(*s)) s++;
1061 }
1062
1063return NULL;
1064}
1065
1066
1067
1068
1069/*************************************************
1070* Extract numbered subfield from string *
1071*************************************************/
1072
1073/* Extracts a numbered field from a string that is divided by tokens - for
1074example a line from /etc/passwd is divided by colon characters. First field is
1075numbered one. Negative arguments count from the right. Zero returns the whole
1076string. Returns NULL if there are insufficient tokens in the string
1077
1078***WARNING***
1079Modifies final argument - this is a dynamically generated string, so that's OK.
1080
1081Arguments:
1082 field number of field to be extracted,
1083 first field = 1, whole string = 0, last field = -1
1084 separators characters that are used to break string into tokens
1085 s points to the string from which to extract the subfield
1086
1087Returns: NULL if the field was not found,
1088 a pointer to the field's data inside s (modified to add 0)
1089*/
1090
1091static uschar *
1092expand_gettokened (int field, uschar *separators, uschar *s)
1093{
1094int sep = 1;
1095int count;
1096uschar *ss = s;
1097uschar *fieldtext = NULL;
1098
1099if (field == 0) return s;
1100
1101/* Break the line up into fields in place; for field > 0 we stop when we have
1102done the number of fields we want. For field < 0 we continue till the end of
1103the string, counting the number of fields. */
1104
1105count = (field > 0)? field : INT_MAX;
1106
1107while (count-- > 0)
1108 {
1109 size_t len;
1110
1111 /* Previous field was the last one in the string. For a positive field
1112 number, this means there are not enough fields. For a negative field number,
1113 check that there are enough, and scan back to find the one that is wanted. */
1114
1115 if (sep == 0)
1116 {
1117 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1118 if ((-field) == (INT_MAX - count - 1)) return s;
1119 while (field++ < 0)
1120 {
1121 ss--;
1122 while (ss[-1] != 0) ss--;
1123 }
1124 fieldtext = ss;
1125 break;
1126 }
1127
1128 /* Previous field was not last in the string; save its start and put a
1129 zero at its end. */
1130
1131 fieldtext = ss;
1132 len = Ustrcspn(ss, separators);
1133 sep = ss[len];
1134 ss[len] = 0;
1135 ss += len + 1;
1136 }
1137
1138return fieldtext;
1139}
1140
1141
aa26e137
JH		 1142static uschar *
1143expand_getlistele (int field, uschar *list)
1144{
1145uschar * tlist= list;
1146int sep= 0;
1147uschar dummy;
1148
1149if(field<0)
1150{
1151 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1152 sep= 0;
1153}
1154if(field==0) return NULL;
1155while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1156return string_nextinlist(&list, &sep, NULL, 0);
1157}
059ec3d9
PH		 1158
1159/*************************************************
1160* Extract a substring from a string *
1161*************************************************/
1162
1163/* Perform the ${substr or ${length expansion operations.
1164
1165Arguments:
1166 subject the input string
1167 value1 the offset from the start of the input string to the start of
1168 the output string; if negative, count from the right.
1169 value2 the length of the output string, or negative (-1) for unset
1170 if value1 is positive, unset means "all after"
1171 if value1 is negative, unset means "all before"
1172 len set to the length of the returned string
1173
1174Returns: pointer to the output string, or NULL if there is an error
1175*/
1176
1177static uschar *
1178extract_substr(uschar *subject, int value1, int value2, int *len)
1179{
1180int sublen = Ustrlen(subject);
1181
1182if (value1 < 0) /* count from right */
1183 {
1184 value1 += sublen;
1185
1186 /* If the position is before the start, skip to the start, and adjust the
1187 length. If the length ends up negative, the substring is null because nothing
1188 can precede. This falls out naturally when the length is unset, meaning "all
1189 to the left". */
1190
1191 if (value1 < 0)
1192 {
1193 value2 += value1;
1194 if (value2 < 0) value2 = 0;
1195 value1 = 0;
1196 }
1197
1198 /* Otherwise an unset length => characters before value1 */
1199
1200 else if (value2 < 0)
1201 {
1202 value2 = value1;
1203 value1 = 0;
1204 }
1205 }
1206
1207/* For a non-negative offset, if the starting position is past the end of the
1208string, the result will be the null string. Otherwise, an unset length means
1209"rest"; just set it to the maximum - it will be cut down below if necessary. */
1210
1211else
1212 {
1213 if (value1 > sublen)
1214 {
1215 value1 = sublen;
1216 value2 = 0;
1217 }
1218 else if (value2 < 0) value2 = sublen;
1219 }
1220
1221/* Cut the length down to the maximum possible for the offset value, and get
1222the required characters. */
1223
1224if (value1 + value2 > sublen) value2 = sublen - value1;
1225*len = value2;
1226return subject + value1;
1227}
1228
1229
1230
1231
1232/*************************************************
1233* Old-style hash of a string *
1234*************************************************/
1235
1236/* Perform the ${hash expansion operation.
1237
1238Arguments:
1239 subject the input string (an expanded substring)
1240 value1 the length of the output string; if greater or equal to the
1241 length of the input string, the input string is returned
1242 value2 the number of hash characters to use, or 26 if negative
1243 len set to the length of the returned string
1244
1245Returns: pointer to the output string, or NULL if there is an error
1246*/
1247
1248static uschar *
1249compute_hash(uschar *subject, int value1, int value2, int *len)
1250{
1251int sublen = Ustrlen(subject);
1252
1253if (value2 < 0) value2 = 26;
1254else if (value2 > Ustrlen(hashcodes))
1255 {
1256 expand_string_message =
1257 string_sprintf("hash count \"%d\" too big", value2);
1258 return NULL;
1259 }
1260
1261/* Calculate the hash text. We know it is shorter than the original string, so
1262can safely place it in subject[] (we know that subject is always itself an
1263expanded substring). */
1264
1265if (value1 < sublen)
1266 {
1267 int c;
1268 int i = 0;
1269 int j = value1;
1270 while ((c = (subject[j])) != 0)
1271 {
1272 int shift = (c + j++) & 7;
1273 subject[i] ^= (c << shift) | (c >> (8-shift));
1274 if (++i >= value1) i = 0;
1275 }
1276 for (i = 0; i < value1; i++)
1277 subject[i] = hashcodes[(subject[i]) % value2];
1278 }
1279else value1 = sublen;
1280
1281*len = value1;
1282return subject;
1283}
1284
1285
1286
1287
1288/*************************************************
1289* Numeric hash of a string *
1290*************************************************/
1291
1292/* Perform the ${nhash expansion operation. The first characters of the
1293string are treated as most important, and get the highest prime numbers.
1294
1295Arguments:
1296 subject the input string
1297 value1 the maximum value of the first part of the result
1298 value2 the maximum value of the second part of the result,
1299 or negative to produce only a one-part result
1300 len set to the length of the returned string
1301
1302Returns: pointer to the output string, or NULL if there is an error.
1303*/
1304
1305static uschar *
1306compute_nhash (uschar *subject, int value1, int value2, int *len)
1307{
1308uschar *s = subject;
1309int i = 0;
1310unsigned long int total = 0; /* no overflow */
1311
1312while (*s != 0)
1313 {
1314 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1315 total += prime[i--] * (unsigned int)(*s++);
1316 }
1317
1318/* If value2 is unset, just compute one number */
1319
1320if (value2 < 0)
1321 {
1322 s = string_sprintf("%d", total % value1);
1323 }
1324
1325/* Otherwise do a div/mod hash */
1326
1327else
1328 {
1329 total = total % (value1 * value2);
1330 s = string_sprintf("%d/%d", total/value2, total % value2);
1331 }
1332
1333*len = Ustrlen(s);
1334return s;
1335}
1336
1337
1338
1339
1340
1341/*************************************************
1342* Find the value of a header or headers *
1343*************************************************/
1344
1345/* Multiple instances of the same header get concatenated, and this function
1346can also return a concatenation of all the header lines. When concatenating
1347specific headers that contain lists of addresses, a comma is inserted between
1348them. Otherwise we use a straight concatenation. Because some messages can have
1349pathologically large number of lines, there is a limit on the length that is
1350returned. Also, to avoid massive store use which would result from using
1351string_cat() as it copies and extends strings, we do a preliminary pass to find
1352out exactly how much store will be needed. On "normal" messages this will be
1353pretty trivial.
1354
1355Arguments:
1356 name the name of the header, without the leading $header_ or $h_,
1357 or NULL if a concatenation of all headers is required
1358 exists_only TRUE if called from a def: test; don't need to build a string;
1359 just return a string that is not "" and not "0" if the header
1360 exists
1361 newsize return the size of memory block that was obtained; may be NULL
1362 if exists_only is TRUE
1363 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH		 1364 other than concatenating, will be done on the header. Also used
1365 for $message_headers_raw.
059ec3d9
PH		 1366 charset name of charset to translate MIME words to; used only if
1367 want_raw is false; if NULL, no translation is done (this is
1368 used for $bh_ and $bheader_)
1369
1370Returns: NULL if the header does not exist, else a pointer to a new
1371 store block
1372*/
1373
1374static uschar *
1375find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1376 uschar *charset)
1377{
1378BOOL found = name == NULL;
1379int comma = 0;
1380int len = found? 0 : Ustrlen(name);
1381int i;
1382uschar *yield = NULL;
1383uschar *ptr = NULL;
1384
1385/* Loop for two passes - saves code repetition */
1386
1387for (i = 0; i < 2; i++)
1388 {
1389 int size = 0;
1390 header_line *h;
1391
1392 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1393 {
1394 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1395 {
1396 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1397 {
1398 int ilen;
1399 uschar *t;
1400
1401 if (exists_only) return US"1"; /* don't need actual string */
1402 found = TRUE;
1403 t = h->text + len; /* text to insert */
1404 if (!want_raw) /* unless wanted raw, */
1405 while (isspace(*t)) t++; /* remove leading white space */
1406 ilen = h->slen - (t - h->text); /* length to insert */
1407
fd700877
PH		 1408 /* Unless wanted raw, remove trailing whitespace, including the
1409 newline. */
1410
1411 if (!want_raw)
1412 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1413
059ec3d9
PH		 1414 /* Set comma = 1 if handling a single header and it's one of those
1415 that contains an address list, except when asked for raw headers. Only
1416 need to do this once. */
1417
1418 if (!want_raw && name != NULL && comma == 0 &&
1419 Ustrchr("BCFRST", h->type) != NULL)
1420 comma = 1;
1421
1422 /* First pass - compute total store needed; second pass - compute
1423 total store used, including this header. */
1424
fd700877 1425 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH		 1426
1427 /* Second pass - concatentate the data, up to a maximum. Note that
1428 the loop stops when size hits the limit. */
1429
1430 if (i != 0)
1431 {
1432 if (size > header_insert_maxlen)
1433 {
fd700877 1434 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH		 1435 comma = 0;
1436 }
1437 Ustrncpy(ptr, t, ilen);
1438 ptr += ilen;
fd700877
PH		 1439
1440 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH		 1441 back the newline we removed above, provided there was some text in
1442 the header. */
fd700877 1443
3168332a 1444 if (!want_raw && ilen > 0)
059ec3d9 1445 {
3168332a 1446 if (comma != 0) *ptr++ = ',';
059ec3d9
PH		 1447 *ptr++ = '\n';
1448 }
1449 }
1450 }
1451 }
1452 }
1453
fd700877
PH		 1454 /* At end of first pass, return NULL if no header found. Then truncate size
1455 if necessary, and get the buffer to hold the data, returning the buffer size.
1456 */
059ec3d9
PH		 1457
1458 if (i == 0)
1459 {
1460 if (!found) return NULL;
1461 if (size > header_insert_maxlen) size = header_insert_maxlen;
1462 *newsize = size + 1;
1463 ptr = yield = store_get(*newsize);
1464 }
1465 }
1466
059ec3d9
PH		 1467/* That's all we do for raw header expansion. */
1468
1469if (want_raw)
1470 {
1471 *ptr = 0;
1472 }
1473
fd700877
PH		 1474/* Otherwise, remove a final newline and a redundant added comma. Then we do
1475RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH		 1476function can return an error with decoded data if the charset translation
1477fails. If decoding fails, it returns NULL. */
1478
1479else
1480 {
1481 uschar *decoded, *error;
3168332a 1482 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1483 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1484 *ptr = 0;
a0d6ba8a
PH		 1485 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1486 newsize, &error);
059ec3d9
PH		 1487 if (error != NULL)
1488 {
1489 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1490 " input was: %s\n", error, yield);
1491 }
1492 if (decoded != NULL) yield = decoded;
1493 }
1494
1495return yield;
1496}
1497
1498
1499
1500
362145b5
JH		 1501/*************************************************
1502* Return list of recipients *
1503*************************************************/
1504/* A recipients list is available only during system message filtering,
1505during ACL processing after DATA, and while expanding pipe commands
1506generated from a system filter, but not elsewhere. */
1507
1508static uschar *
1509fn_recipients(void)
1510{
1511if (!enable_dollar_recipients) return NULL; else
1512 {
1513 int size = 128;
1514 int ptr = 0;
1515 int i;
1516 uschar * s = store_get(size);
1517 for (i = 0; i < recipients_count; i++)
1518 {
1519 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1520 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1521 Ustrlen(recipients_list[i].address));
1522 }
1523 s[ptr] = 0; /* string_cat() leaves room */
1524 return s;
1525 }
1526}
1527
1528
059ec3d9
PH		 1529/*************************************************
1530* Find value of a variable *
1531*************************************************/
1532
1533/* The table of variables is kept in alphabetic order, so we can search it
1534using a binary chop. The "choplen" variable is nothing to do with the binary
1535chop.
1536
1537Arguments:
1538 name the name of the variable being sought
1539 exists_only TRUE if this is a def: test; passed on to find_header()
1540 skipping TRUE => skip any processing evaluation; this is not the same as
1541 exists_only because def: may test for values that are first
1542 evaluated here
1543 newsize pointer to an int which is initially zero; if the answer is in
1544 a new memory buffer, *newsize is set to its size
1545
1546Returns: NULL if the variable does not exist, or
1547 a pointer to the variable's contents, or
1548 something non-NULL if exists_only is TRUE
1549*/
1550
1551static uschar *
1552find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1553{
1554int first = 0;
1555int last = var_table_size;
1556
38a0a95f
PH		 1557/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1558Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1559release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH		 1560characters are acl_c or acl_m and the sixth is either a digit or an underscore
1561(this gave backwards compatibility at the changeover). There may be built-in
1562variables whose names start acl_ but they should never start in this way. This
1563slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1564
38a0a95f
PH		 1565If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1566set, in which case give an error. */
47ca6d6c 1567
641cb756
PH		 1568if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1569 !isalpha(name[5]))
38a0a95f
PH		 1570 {
1571 tree_node *node =
1572 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1573 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH		 1574 }
1575
38a0a95f 1576/* Handle $auth<n> variables. */
f78eb7c6
PH		 1577
1578if (Ustrncmp(name, "auth", 4) == 0)
1579 {
1580 uschar *endptr;
1581 int n = Ustrtoul(name + 4, &endptr, 10);
1582 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1583 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1584 }
1585
47ca6d6c
PH		 1586/* For all other variables, search the table */
1587
059ec3d9
PH		 1588while (last > first)
1589 {
1590 uschar *s, *domain;
1591 uschar **ss;
1592 int middle = (first + last)/2;
1593 int c = Ustrcmp(name, var_table[middle].name);
1594
1595 if (c > 0) { first = middle + 1; continue; }
1596 if (c < 0) { last = middle; continue; }
1597
1598 /* Found an existing variable. If in skipping state, the value isn't needed,
47ca6d6c 1599 and we want to avoid processing (such as looking up the host name). */
059ec3d9
PH		 1600
1601 if (skipping) return US"";
1602
1603 switch (var_table[middle].type)
1604 {
9a26b6b2
PH		 1605 case vtype_filter_int:
1606 if (!filter_running) return NULL;
1607 /* Fall through */
1608 /* VVVVVVVVVVVV */
059ec3d9
PH		 1609 case vtype_int:
1610 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1611 return var_buffer;
1612
1613 case vtype_ino:
1614 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1615 return var_buffer;
1616
1617 case vtype_gid:
1618 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1619 return var_buffer;
1620
1621 case vtype_uid:
1622 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1623 return var_buffer;
1624
11d7e4fa
PP		 1625 case vtype_bool:
1626 sprintf(CS var_buffer, "%s", *(BOOL *)(var_table[middle].value) ? "yes" : "no"); /* bool */
1627 return var_buffer;
1628
059ec3d9
PH		 1629 case vtype_stringptr: /* Pointer to string */
1630 s = *((uschar **)(var_table[middle].value));
1631 return (s == NULL)? US"" : s;
1632
1633 case vtype_pid:
1634 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1635 return var_buffer;
1636
1637 case vtype_load_avg:
8669f003 1638 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
059ec3d9
PH		 1639 return var_buffer;
1640
1641 case vtype_host_lookup: /* Lookup if not done so */
1642 if (sender_host_name == NULL && sender_host_address != NULL &&
1643 !host_lookup_failed && host_name_lookup() == OK)
1644 host_build_sender_fullhost();
1645 return (sender_host_name == NULL)? US"" : sender_host_name;
1646
1647 case vtype_localpart: /* Get local part from address */
1648 s = *((uschar **)(var_table[middle].value));
1649 if (s == NULL) return US"";
1650 domain = Ustrrchr(s, '@');
1651 if (domain == NULL) return s;
1652 if (domain - s > sizeof(var_buffer) - 1)
81f91683
PP		 1653 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1654 " in string expansion", sizeof(var_buffer));
059ec3d9
PH		 1655 Ustrncpy(var_buffer, s, domain - s);
1656 var_buffer[domain - s] = 0;
1657 return var_buffer;
1658
1659 case vtype_domain: /* Get domain from address */
1660 s = *((uschar **)(var_table[middle].value));
1661 if (s == NULL) return US"";
1662 domain = Ustrrchr(s, '@');
1663 return (domain == NULL)? US"" : domain + 1;
1664
1665 case vtype_msgheaders:
1666 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1667
ff75a1f7
PH		 1668 case vtype_msgheaders_raw:
1669 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1670
059ec3d9
PH		 1671 case vtype_msgbody: /* Pointer to msgbody string */
1672 case vtype_msgbody_end: /* Ditto, the end of the msg */
1673 ss = (uschar **)(var_table[middle].value);
1674 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1675 {
1676 uschar *body;
0d7eb84a 1677 off_t start_offset = SPOOL_DATA_START_OFFSET;
059ec3d9
PH		 1678 int len = message_body_visible;
1679 if (len > message_size) len = message_size;
1680 *ss = body = store_malloc(len+1);
1681 body[0] = 0;
1682 if (var_table[middle].type == vtype_msgbody_end)
1683 {
1684 struct stat statbuf;
1685 if (fstat(deliver_datafile, &statbuf) == 0)
1686 {
1687 start_offset = statbuf.st_size - len;
1688 if (start_offset < SPOOL_DATA_START_OFFSET)
1689 start_offset = SPOOL_DATA_START_OFFSET;
1690 }
1691 }
1692 lseek(deliver_datafile, start_offset, SEEK_SET);
1693 len = read(deliver_datafile, body, len);
1694 if (len > 0)
1695 {
1696 body[len] = 0;
ddea74fa 1697 if (message_body_newlines) /* Separate loops for efficiency */
059ec3d9 1698 {
ddea74fa
PH		 1699 while (len > 0)
1700 { if (body[--len] == 0) body[len] = ' '; }
1701 }
1702 else
1703 {
1704 while (len > 0)
1705 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
059ec3d9
PH		 1706 }
1707 }
1708 }
1709 return (*ss == NULL)? US"" : *ss;
1710
1711 case vtype_todbsdin: /* BSD inbox time of day */
1712 return tod_stamp(tod_bsdin);
1713
1714 case vtype_tode: /* Unix epoch time of day */
1715 return tod_stamp(tod_epoch);
1716
f5787926
JH		 1717 case vtype_todel: /* Unix epoch/usec time of day */
1718 return tod_stamp(tod_epoch_l);
1719
059ec3d9
PH		 1720 case vtype_todf: /* Full time of day */
1721 return tod_stamp(tod_full);
1722
1723 case vtype_todl: /* Log format time of day */
1724 return tod_stamp(tod_log_bare); /* (without timezone) */
1725
1726 case vtype_todzone: /* Time zone offset only */
1727 return tod_stamp(tod_zone);
1728
1729 case vtype_todzulu: /* Zulu time */
1730 return tod_stamp(tod_zulu);
1731
1732 case vtype_todlf: /* Log file datestamp tod */
f1e5fef5 1733 return tod_stamp(tod_log_datestamp_daily);
059ec3d9
PH		 1734
1735 case vtype_reply: /* Get reply address */
c8ea1597 1736 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
059ec3d9 1737 headers_charset);
6979240a 1738 if (s != NULL) while (isspace(*s)) s++;
059ec3d9 1739 if (s == NULL || *s == 0)
41a13e0a
PH		 1740 {
1741 *newsize = 0; /* For the *s==0 case */
c8ea1597
PH		 1742 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1743 }
1744 if (s != NULL)
1745 {
1746 uschar *t;
1747 while (isspace(*s)) s++;
1748 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
6979240a
PH		 1749 while (t > s && isspace(t[-1])) t--;
1750 *t = 0;
41a13e0a 1751 }
059ec3d9
PH		 1752 return (s == NULL)? US"" : s;
1753
362145b5 1754 case vtype_string_func:
059ec3d9 1755 {
362145b5
JH		 1756 uschar * (*fn)() = var_table[middle].value;
1757 return fn();
059ec3d9 1758 }
8e669ac1 1759
5cb8cbc6
PH		 1760 case vtype_pspace:
1761 {
1762 int inodes;
8e669ac1
PH		 1763 sprintf(CS var_buffer, "%d",
1764 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
5cb8cbc6
PH		 1765 }
1766 return var_buffer;
8e669ac1 1767
5cb8cbc6
PH		 1768 case vtype_pinodes:
1769 {
1770 int inodes;
8e669ac1 1771 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
5cb8cbc6
PH		 1772 sprintf(CS var_buffer, "%d", inodes);
1773 }
1774 return var_buffer;
80a47a2c 1775
c8307c12 1776 #ifndef DISABLE_DKIM
80a47a2c 1777 case vtype_dkim:
da5dfc3a 1778 return dkim_exim_expand_query((int)(long)var_table[middle].value);
80a47a2c
TK		 1779 #endif
1780
059ec3d9
PH		 1781 }
1782 }
1783
1784return NULL; /* Unknown variable name */
1785}
1786
1787
1788
1789
d9b2312b
JH		 1790void
1791modify_variable(uschar *name, void * value)
1792{
1793int first = 0;
1794int last = var_table_size;
1795
1796while (last > first)
1797 {
1798 int middle = (first + last)/2;
1799 int c = Ustrcmp(name, var_table[middle].name);
1800
1801 if (c > 0) { first = middle + 1; continue; }
1802 if (c < 0) { last = middle; continue; }
1803
1804 /* Found an existing variable; change the item it refers to */
1805 var_table[middle].value = value;
1806 return;
1807 }
1808return; /* Unknown variable name, fail silently */
1809}
1810
1811
1812
1813
1814
059ec3d9
PH		 1815/*************************************************
1816* Read and expand substrings *
1817*************************************************/
1818
1819/* This function is called to read and expand argument substrings for various
1820expansion items. Some have a minimum requirement that is less than the maximum;
1821in these cases, the first non-present one is set to NULL.
1822
1823Arguments:
1824 sub points to vector of pointers to set
1825 n maximum number of substrings
1826 m minimum required
1827 sptr points to current string pointer
1828 skipping the skipping flag
1829 check_end if TRUE, check for final '}'
1830 name name of item, for error message
b0e85a8f
JH		 1831 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
1832 the store.
059ec3d9
PH		 1833
1834Returns: 0 OK; string pointer updated
1835 1 curly bracketing error (too few arguments)
1836 2 too many arguments (only if check_end is set); message set
1837 3 other error (expansion failure)
1838*/
1839
1840static int
1841read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
b0e85a8f 1842 BOOL check_end, uschar *name, BOOL *resetok)
059ec3d9
PH		 1843{
1844int i;
1845uschar *s = *sptr;
1846
1847while (isspace(*s)) s++;
1848for (i = 0; i < n; i++)
1849 {
1850 if (*s != '{')
1851 {
1852 if (i < m) return 1;
1853 sub[i] = NULL;
1854 break;
1855 }
b0e85a8f 1856 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
059ec3d9
PH		 1857 if (sub[i] == NULL) return 3;
1858 if (*s++ != '}') return 1;
1859 while (isspace(*s)) s++;
1860 }
1861if (check_end && *s++ != '}')
1862 {
1863 if (s[-1] == '{')
1864 {
1865 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1866 "(max is %d)", name, n);
1867 return 2;
1868 }
1869 return 1;
1870 }
1871
1872*sptr = s;
1873return 0;
1874}
1875
1876
1877
1878
641cb756
PH		 1879/*************************************************
1880* Elaborate message for bad variable *
1881*************************************************/
1882
1883/* For the "unknown variable" message, take a look at the variable's name, and
1884give additional information about possible ACL variables. The extra information
1885is added on to expand_string_message.
1886
1887Argument: the name of the variable
1888Returns: nothing
1889*/
1890
1891static void
1892check_variable_error_message(uschar *name)
1893{
1894if (Ustrncmp(name, "acl_", 4) == 0)
1895 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1896 (name[4] == 'c' || name[4] == 'm')?
1897 (isalpha(name[5])?
1898 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1899 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1900 ) :
1901 US"user-defined ACL variables must start acl_c or acl_m");
1902}
1903
1904
1905
f60d98e8
JH		 1906/*
1907Load args from sub array to globals, and call acl_check().
ef21c07d 1908Sub array will be corrupted on return.
f60d98e8
JH		 1909
1910Returns: OK access is granted by an ACCEPT verb
1911 DISCARD access is granted by a DISCARD verb
1912 FAIL access is denied
1913 FAIL_DROP access is denied; drop the connection
1914 DEFER can't tell at the moment
1915 ERROR disaster
1916*/
1917static int
1918eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
1919{
1920int i;
ef21c07d
JH		 1921uschar *tmp;
1922int sav_narg = acl_narg;
1923int ret;
faa05a93 1924extern int acl_where;
f60d98e8 1925
ef21c07d
JH		 1926if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg);
1927for (i = 0; i < nsub && sub[i+1]; i++)
1928 {
1929 tmp = acl_arg[i];
1930 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
1931 sub[i+1] = tmp; /* stash the old args using our caller's storage */
1932 }
1933acl_narg = i;
bef3ea7f 1934while (i < nsub)
ef21c07d
JH		 1935 {
1936 sub[i+1] = acl_arg[i];
1937 acl_arg[i++] = NULL;
1938 }
f60d98e8
JH		 1939
1940DEBUG(D_expand)
1941 debug_printf("expanding: acl: %s arg: %s%s\n",
1942 sub[0],
60f8e1e8
JH		 1943 acl_narg>0 ? acl_arg[0] : US"<none>",
1944 acl_narg>1 ? " +more" : "");
f60d98e8 1945
05caaeaa 1946ret = acl_eval(acl_where, sub[0], user_msgp, &tmp);
ef21c07d
JH		 1947
1948for (i = 0; i < nsub; i++)
1949 acl_arg[i] = sub[i+1]; /* restore old args */
1950acl_narg = sav_narg;
1951
1952return ret;
f60d98e8
JH		 1953}
1954
1955
1956
1957
059ec3d9
PH		 1958/*************************************************
1959* Read and evaluate a condition *
1960*************************************************/
1961
1962/*
1963Arguments:
1964 s points to the start of the condition text
b0e85a8f
JH		 1965 resetok points to a BOOL which is written false if it is unsafe to
1966 free memory. Certain condition types (acl) may have side-effect
1967 allocation which must be preserved.
059ec3d9
PH		 1968 yield points to a BOOL to hold the result of the condition test;
1969 if NULL, we are just reading through a condition that is
1970 part of an "or" combination to check syntax, or in a state
1971 where the answer isn't required
1972
1973Returns: a pointer to the first character after the condition, or
1974 NULL after an error
1975*/
1976
1977static uschar *
b0e85a8f 1978eval_condition(uschar *s, BOOL *resetok, BOOL *yield)
059ec3d9
PH		 1979{
1980BOOL testfor = TRUE;
1981BOOL tempcond, combined_cond;
1982BOOL *subcondptr;
5cfd2e57 1983BOOL sub2_honour_dollar = TRUE;
059ec3d9 1984int i, rc, cond_type, roffset;
97d17305 1985int_eximarith_t num[2];
059ec3d9
PH		 1986struct stat statbuf;
1987uschar name[256];
f60d98e8 1988uschar *sub[10];
059ec3d9
PH		 1989
1990const pcre *re;
1991const uschar *rerror;
1992
1993for (;;)
1994 {
1995 while (isspace(*s)) s++;
1996 if (*s == '!') { testfor = !testfor; s++; } else break;
1997 }
1998
1999/* Numeric comparisons are symbolic */
2000
2001if (*s == '=' || *s == '>' || *s == '<')
2002 {
2003 int p = 0;
2004 name[p++] = *s++;
2005 if (*s == '=')
2006 {
2007 name[p++] = '=';
2008 s++;
2009 }
2010 name[p] = 0;
2011 }
2012
2013/* All other conditions are named */
2014
2015else s = read_name(name, 256, s, US"_");
2016
2017/* If we haven't read a name, it means some non-alpha character is first. */
2018
2019if (name[0] == 0)
2020 {
2021 expand_string_message = string_sprintf("condition name expected, "
2022 "but found \"%.16s\"", s);
2023 return NULL;
2024 }
2025
2026/* Find which condition we are dealing with, and switch on it */
2027
2028cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
2029switch(cond_type)
2030 {
9b4768fa
PH		 2031 /* def: tests for a non-empty variable, or for the existence of a header. If
2032 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH		 2033
2034 case ECOND_DEF:
2035 if (*s != ':')
2036 {
2037 expand_string_message = US"\":\" expected after \"def\"";
2038 return NULL;
2039 }
2040
2041 s = read_name(name, 256, s+1, US"_");
2042
0d85fa3f
PH		 2043 /* Test for a header's existence. If the name contains a closing brace
2044 character, this may be a user error where the terminating colon has been
2045 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH		 2046
2047 if (Ustrncmp(name, "h_", 2) == 0 ||
2048 Ustrncmp(name, "rh_", 3) == 0 ||
2049 Ustrncmp(name, "bh_", 3) == 0 ||
2050 Ustrncmp(name, "header_", 7) == 0 ||
2051 Ustrncmp(name, "rheader_", 8) == 0 ||
2052 Ustrncmp(name, "bheader_", 8) == 0)
2053 {
2054 s = read_header_name(name, 256, s);
b5b871ac 2055 /* {-for-text-editors */
0d85fa3f 2056 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH		 2057 if (yield != NULL) *yield =
2058 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2059 }
2060
9b4768fa
PH		 2061 /* Test for a variable's having a non-empty value. A non-existent variable
2062 causes an expansion failure. */
059ec3d9
PH		 2063
2064 else
2065 {
2066 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2067 if (value == NULL)
2068 {
2069 expand_string_message = (name[0] == 0)?
2070 string_sprintf("variable name omitted after \"def:\"") :
2071 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 2072 check_variable_error_message(name);
059ec3d9
PH		 2073 return NULL;
2074 }
9b4768fa 2075 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH		 2076 }
2077
2078 return s;
2079
2080
2081 /* first_delivery tests for first delivery attempt */
2082
2083 case ECOND_FIRST_DELIVERY:
2084 if (yield != NULL) *yield = deliver_firsttime == testfor;
2085 return s;
2086
2087
2088 /* queue_running tests for any process started by a queue runner */
2089
2090 case ECOND_QUEUE_RUNNING:
2091 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2092 return s;
2093
2094
2095 /* exists: tests for file existence
2096 isip: tests for any IP address
2097 isip4: tests for an IPv4 address
2098 isip6: tests for an IPv6 address
2099 pam: does PAM authentication
2100 radius: does RADIUS authentication
2101 ldapauth: does LDAP authentication
2102 pwcheck: does Cyrus SASL pwcheck authentication
2103 */
2104
2105 case ECOND_EXISTS:
2106 case ECOND_ISIP:
2107 case ECOND_ISIP4:
2108 case ECOND_ISIP6:
2109 case ECOND_PAM:
2110 case ECOND_RADIUS:
2111 case ECOND_LDAPAUTH:
2112 case ECOND_PWCHECK:
2113
2114 while (isspace(*s)) s++;
b5b871ac 2115 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9 2116
b0e85a8f 2117 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
059ec3d9 2118 if (sub[0] == NULL) return NULL;
b5b871ac 2119 /* {-for-text-editors */
059ec3d9
PH		 2120 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2121
2122 if (yield == NULL) return s; /* No need to run the test if skipping */
2123
2124 switch(cond_type)
2125 {
2126 case ECOND_EXISTS:
2127 if ((expand_forbid & RDO_EXISTS) != 0)
2128 {
2129 expand_string_message = US"File existence tests are not permitted";
2130 return NULL;
2131 }
2132 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2133 break;
2134
2135 case ECOND_ISIP:
2136 case ECOND_ISIP4:
2137 case ECOND_ISIP6:
2138 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 2139 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH		 2140 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2141 break;
2142
2143 /* Various authentication tests - all optionally compiled */
2144
2145 case ECOND_PAM:
2146 #ifdef SUPPORT_PAM
2147 rc = auth_call_pam(sub[0], &expand_string_message);
2148 goto END_AUTH;
2149 #else
2150 goto COND_FAILED_NOT_COMPILED;
2151 #endif /* SUPPORT_PAM */
2152
2153 case ECOND_RADIUS:
2154 #ifdef RADIUS_CONFIG_FILE
2155 rc = auth_call_radius(sub[0], &expand_string_message);
2156 goto END_AUTH;
2157 #else
2158 goto COND_FAILED_NOT_COMPILED;
2159 #endif /* RADIUS_CONFIG_FILE */
2160
2161 case ECOND_LDAPAUTH:
2162 #ifdef LOOKUP_LDAP
2163 {
2164 /* Just to keep the interface the same */
2165 BOOL do_cache;
2166 int old_pool = store_pool;
2167 store_pool = POOL_SEARCH;
2168 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2169 &expand_string_message, &do_cache);
2170 store_pool = old_pool;
2171 }
2172 goto END_AUTH;
2173 #else
2174 goto COND_FAILED_NOT_COMPILED;
2175 #endif /* LOOKUP_LDAP */
2176
2177 case ECOND_PWCHECK:
2178 #ifdef CYRUS_PWCHECK_SOCKET
2179 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2180 goto END_AUTH;
2181 #else
2182 goto COND_FAILED_NOT_COMPILED;
2183 #endif /* CYRUS_PWCHECK_SOCKET */
2184
2185 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2186 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2187 END_AUTH:
2188 if (rc == ERROR || rc == DEFER) return NULL;
2189 *yield = (rc == OK) == testfor;
2190 #endif
2191 }
2192 return s;
2193
2194
333eea9c
JH		 2195 /* call ACL (in a conditional context). Accept true, deny false.
2196 Defer is a forced-fail. Anything set by message= goes to $value.
f60d98e8
JH		 2197 Up to ten parameters are used; we use the braces round the name+args
2198 like the saslauthd condition does, to permit a variable number of args.
2199 See also the expansion-item version EITEM_ACL and the traditional
2200 acl modifier ACLC_ACL.
fd5dad68
JH		 2201 Since the ACL may allocate new global variables, tell our caller to not
2202 reclaim memory.
f60d98e8 2203 */
333eea9c
JH		 2204
2205 case ECOND_ACL:
bef3ea7f 2206 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
333eea9c 2207 {
333eea9c 2208 uschar *user_msg;
333eea9c 2209 BOOL cond = FALSE;
bef3ea7f
JH		 2210 int size = 0;
2211 int ptr = 0;
333eea9c
JH		 2212
2213 while (isspace(*s)) s++;
6d9cfc47 2214 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
333eea9c 2215
f60d98e8 2216 switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1,
b0e85a8f 2217 &s, yield == NULL, TRUE, US"acl", resetok))
333eea9c 2218 {
f60d98e8
JH		 2219 case 1: expand_string_message = US"too few arguments or bracketing "
2220 "error for acl";
2221 case 2:
2222 case 3: return NULL;
333eea9c 2223 }
f60d98e8 2224
b0e85a8f 2225 *resetok = FALSE;
bef3ea7f 2226 if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
f60d98e8
JH		 2227 {
2228 case OK:
2229 cond = TRUE;
2230 case FAIL:
bef3ea7f 2231 lookup_value = NULL;
f60d98e8 2232 if (user_msg)
bef3ea7f 2233 {
f60d98e8 2234 lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
bef3ea7f
JH		 2235 lookup_value[ptr] = '\0';
2236 }
b5b871ac 2237 *yield = cond == testfor;
f60d98e8
JH		 2238 break;
2239
2240 case DEFER:
2241 expand_string_forcedfail = TRUE;
2242 default:
2243 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2244 return NULL;
2245 }
2246 return s;
333eea9c 2247 }
333eea9c
JH		 2248
2249
059ec3d9
PH		 2250 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2251
b0e85a8f 2252 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
059ec3d9
PH		 2253
2254 However, the last two are optional. That is why the whole set is enclosed
333eea9c 2255 in their own set of braces. */
059ec3d9
PH		 2256
2257 case ECOND_SASLAUTHD:
2258 #ifndef CYRUS_SASLAUTHD_SOCKET
2259 goto COND_FAILED_NOT_COMPILED;
2260 #else
2261 while (isspace(*s)) s++;
b5b871ac 2262 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2263 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd", resetok))
059ec3d9
PH		 2264 {
2265 case 1: expand_string_message = US"too few arguments or bracketing "
2266 "error for saslauthd";
2267 case 2:
2268 case 3: return NULL;
2269 }
2270 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2271 if (yield != NULL)
2272 {
2273 int rc;
2274 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2275 &expand_string_message);
2276 if (rc == ERROR || rc == DEFER) return NULL;
2277 *yield = (rc == OK) == testfor;
2278 }
2279 return s;
2280 #endif /* CYRUS_SASLAUTHD_SOCKET */
2281
2282
2283 /* symbolic operators for numeric and string comparison, and a number of
2284 other operators, all requiring two arguments.
2285
76dca828
PP		 2286 crypteq: encrypts plaintext and compares against an encrypted text,
2287 using crypt(), crypt16(), MD5 or SHA-1
2288 inlist/inlisti: checks if first argument is in the list of the second
059ec3d9
PH		 2289 match: does a regular expression match and sets up the numerical
2290 variables if it succeeds
2291 match_address: matches in an address list
2292 match_domain: matches in a domain list
32d668a5 2293 match_ip: matches a host list that is restricted to IP addresses
059ec3d9 2294 match_local_part: matches in a local part list
059ec3d9
PH		 2295 */
2296
059ec3d9
PH		 2297 case ECOND_MATCH_ADDRESS:
2298 case ECOND_MATCH_DOMAIN:
32d668a5 2299 case ECOND_MATCH_IP:
059ec3d9 2300 case ECOND_MATCH_LOCAL_PART:
da6dbe26
PP		 2301#ifndef EXPAND_LISTMATCH_RHS
2302 sub2_honour_dollar = FALSE;
2303#endif
2304 /* FALLTHROUGH */
2305
2306 case ECOND_CRYPTEQ:
2307 case ECOND_INLIST:
2308 case ECOND_INLISTI:
2309 case ECOND_MATCH:
059ec3d9
PH		 2310
2311 case ECOND_NUM_L: /* Numerical comparisons */
2312 case ECOND_NUM_LE:
2313 case ECOND_NUM_E:
2314 case ECOND_NUM_EE:
2315 case ECOND_NUM_G:
2316 case ECOND_NUM_GE:
2317
2318 case ECOND_STR_LT: /* String comparisons */
2319 case ECOND_STR_LTI:
2320 case ECOND_STR_LE:
2321 case ECOND_STR_LEI:
2322 case ECOND_STR_EQ:
2323 case ECOND_STR_EQI:
2324 case ECOND_STR_GT:
2325 case ECOND_STR_GTI:
2326 case ECOND_STR_GE:
2327 case ECOND_STR_GEI:
2328
2329 for (i = 0; i < 2; i++)
2330 {
da6dbe26
PP		 2331 /* Sometimes, we don't expand substrings; too many insecure configurations
2332 created using match_address{}{} and friends, where the second param
2333 includes information from untrustworthy sources. */
2334 BOOL honour_dollar = TRUE;
2335 if ((i > 0) && !sub2_honour_dollar)
2336 honour_dollar = FALSE;
2337
059ec3d9
PH		 2338 while (isspace(*s)) s++;
2339 if (*s != '{')
2340 {
2341 if (i == 0) goto COND_FAILED_CURLY_START;
2342 expand_string_message = string_sprintf("missing 2nd string in {} "
2343 "after \"%s\"", name);
2344 return NULL;
2345 }
da6dbe26 2346 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
b0e85a8f 2347 honour_dollar, resetok);
059ec3d9
PH		 2348 if (sub[i] == NULL) return NULL;
2349 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2350
2351 /* Convert to numerical if required; we know that the names of all the
2352 conditions that compare numbers do not start with a letter. This just saves
2353 checking for them individually. */
2354
d6066548 2355 if (!isalpha(name[0]) && yield != NULL)
059ec3d9 2356 {
5dd1517f
PH		 2357 if (sub[i][0] == 0)
2358 {
2359 num[i] = 0;
2360 DEBUG(D_expand)
2361 debug_printf("empty string cast to zero for numerical comparison\n");
2362 }
2363 else
2364 {
2365 num[i] = expand_string_integer(sub[i], FALSE);
2366 if (expand_string_message != NULL) return NULL;
2367 }
059ec3d9
PH		 2368 }
2369 }
2370
2371 /* Result not required */
2372
2373 if (yield == NULL) return s;
2374
2375 /* Do an appropriate comparison */
2376
2377 switch(cond_type)
2378 {
2379 case ECOND_NUM_E:
2380 case ECOND_NUM_EE:
b5b871ac 2381 tempcond = (num[0] == num[1]);
059ec3d9
PH		 2382 break;
2383
2384 case ECOND_NUM_G:
b5b871ac 2385 tempcond = (num[0] > num[1]);
059ec3d9
PH		 2386 break;
2387
2388 case ECOND_NUM_GE:
b5b871ac 2389 tempcond = (num[0] >= num[1]);
059ec3d9
PH		 2390 break;
2391
2392 case ECOND_NUM_L:
b5b871ac 2393 tempcond = (num[0] < num[1]);
059ec3d9
PH		 2394 break;
2395
2396 case ECOND_NUM_LE:
b5b871ac 2397 tempcond = (num[0] <= num[1]);
059ec3d9
PH		 2398 break;
2399
2400 case ECOND_STR_LT:
b5b871ac 2401 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
059ec3d9
PH		 2402 break;
2403
2404 case ECOND_STR_LTI:
b5b871ac 2405 tempcond = (strcmpic(sub[0], sub[1]) < 0);
059ec3d9
PH		 2406 break;
2407
2408 case ECOND_STR_LE:
b5b871ac 2409 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
059ec3d9
PH		 2410 break;
2411
2412 case ECOND_STR_LEI:
b5b871ac 2413 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
059ec3d9
PH		 2414 break;
2415
2416 case ECOND_STR_EQ:
b5b871ac 2417 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
059ec3d9
PH		 2418 break;
2419
2420 case ECOND_STR_EQI:
b5b871ac 2421 tempcond = (strcmpic(sub[0], sub[1]) == 0);
059ec3d9
PH		 2422 break;
2423
2424 case ECOND_STR_GT:
b5b871ac 2425 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
059ec3d9
PH		 2426 break;
2427
2428 case ECOND_STR_GTI:
b5b871ac 2429 tempcond = (strcmpic(sub[0], sub[1]) > 0);
059ec3d9
PH		 2430 break;
2431
2432 case ECOND_STR_GE:
b5b871ac 2433 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
059ec3d9
PH		 2434 break;
2435
2436 case ECOND_STR_GEI:
b5b871ac 2437 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
059ec3d9
PH		 2438 break;
2439
2440 case ECOND_MATCH: /* Regular expression match */
2441 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2442 NULL);
2443 if (re == NULL)
2444 {
2445 expand_string_message = string_sprintf("regular expression error in "
2446 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2447 return NULL;
2448 }
b5b871ac 2449 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
059ec3d9
PH		 2450 break;
2451
2452 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2453 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2454 goto MATCHED_SOMETHING;
2455
2456 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2457 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2458 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2459 goto MATCHED_SOMETHING;
2460
32d668a5 2461 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2462 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH		 2463 {
2464 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2465 sub[0]);
2466 return NULL;
2467 }
2468 else
2469 {
2470 unsigned int *nullcache = NULL;
2471 check_host_block cb;
2472
2473 cb.host_name = US"";
2474 cb.host_address = sub[0];
2475
2476 /* If the host address starts off ::ffff: it is an IPv6 address in
2477 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2478 addresses. */
2479
2480 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2481 cb.host_address + 7 : cb.host_address;
2482
2483 rc = match_check_list(
2484 &sub[1], /* the list */
2485 0, /* separator character */
2486 &hostlist_anchor, /* anchor pointer */
2487 &nullcache, /* cache pointer */
2488 check_host, /* function for testing */
2489 &cb, /* argument for function */
2490 MCL_HOST, /* type of check */
2491 sub[0], /* text for debugging */
2492 NULL); /* where to pass back data */
2493 }
2494 goto MATCHED_SOMETHING;
2495
059ec3d9
PH		 2496 case ECOND_MATCH_LOCAL_PART:
2497 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2498 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2499 /* Fall through */
9a26b6b2 2500 /* VVVVVVVVVVVV */
059ec3d9
PH		 2501 MATCHED_SOMETHING:
2502 switch(rc)
2503 {
2504 case OK:
b5b871ac 2505 tempcond = TRUE;
059ec3d9
PH		 2506 break;
2507
2508 case FAIL:
b5b871ac 2509 tempcond = FALSE;
059ec3d9
PH		 2510 break;
2511
2512 case DEFER:
2513 expand_string_message = string_sprintf("unable to complete match "
2514 "against \"%s\": %s", sub[1], search_error_message);
2515 return NULL;
2516 }
2517
2518 break;
2519
2520 /* Various "encrypted" comparisons. If the second string starts with
2521 "{" then an encryption type is given. Default to crypt() or crypt16()
2522 (build-time choice). */
b5b871ac 2523 /* }-for-text-editors */
059ec3d9
PH		 2524
2525 case ECOND_CRYPTEQ:
2526 #ifndef SUPPORT_CRYPTEQ
2527 goto COND_FAILED_NOT_COMPILED;
2528 #else
2529 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2530 {
2531 int sublen = Ustrlen(sub[1]+5);
2532 md5 base;
2533 uschar digest[16];
2534
2535 md5_start(&base);
2536 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2537
2538 /* If the length that we are comparing against is 24, the MD5 digest
2539 is expressed as a base64 string. This is the way LDAP does it. However,
2540 some other software uses a straightforward hex representation. We assume
2541 this if the length is 32. Other lengths fail. */
2542
2543 if (sublen == 24)
2544 {
2545 uschar *coded = auth_b64encode((uschar *)digest, 16);
2546 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2547 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2548 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
059ec3d9
PH		 2549 }
2550 else if (sublen == 32)
2551 {
2552 int i;
2553 uschar coded[36];
2554 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2555 coded[32] = 0;
2556 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2557 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2558 tempcond = (strcmpic(coded, sub[1]+5) == 0);
059ec3d9
PH		 2559 }
2560 else
2561 {
2562 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2563 "fail\n crypted=%s\n", sub[1]+5);
b5b871ac 2564 tempcond = FALSE;
059ec3d9
PH		 2565 }
2566 }
2567
2568 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2569 {
2570 int sublen = Ustrlen(sub[1]+6);
2571 sha1 base;
2572 uschar digest[20];
2573
2574 sha1_start(&base);
2575 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2576
2577 /* If the length that we are comparing against is 28, assume the SHA1
2578 digest is expressed as a base64 string. If the length is 40, assume a
2579 straightforward hex representation. Other lengths fail. */
2580
2581 if (sublen == 28)
2582 {
2583 uschar *coded = auth_b64encode((uschar *)digest, 20);
2584 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2585 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2586 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
059ec3d9
PH		 2587 }
2588 else if (sublen == 40)
2589 {
2590 int i;
2591 uschar coded[44];
2592 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2593 coded[40] = 0;
2594 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2595 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2596 tempcond = (strcmpic(coded, sub[1]+6) == 0);
059ec3d9
PH		 2597 }
2598 else
2599 {
2600 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2601 "fail\n crypted=%s\n", sub[1]+6);
b5b871ac 2602 tempcond = FALSE;
059ec3d9
PH		 2603 }
2604 }
2605
2606 else /* {crypt} or {crypt16} and non-{ at start */
76dca828 2607 /* }-for-text-editors */
059ec3d9
PH		 2608 {
2609 int which = 0;
2610 uschar *coded;
2611
2612 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2613 {
2614 sub[1] += 7;
2615 which = 1;
2616 }
2617 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2618 {
2619 sub[1] += 9;
2620 which = 2;
2621 }
b5b871ac 2622 else if (sub[1][0] == '{') /* }-for-text-editors */
059ec3d9
PH		 2623 {
2624 expand_string_message = string_sprintf("unknown encryption mechanism "
2625 "in \"%s\"", sub[1]);
2626 return NULL;
2627 }
2628
2629 switch(which)
2630 {
2631 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2632 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2633 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2634 }
2635
2636 #define STR(s) # s
2637 #define XSTR(s) STR(s)
2638 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2639 " subject=%s\n crypted=%s\n",
2640 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2641 coded, sub[1]);
2642 #undef STR
2643 #undef XSTR
2644
2645 /* If the encrypted string contains fewer than two characters (for the
2646 salt), force failure. Otherwise we get false positives: with an empty
2647 string the yield of crypt() is an empty string! */
2648
b5b871ac
JH		 2649 tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
2650 (Ustrcmp(coded, sub[1]) == 0);
059ec3d9
PH		 2651 }
2652 break;
2653 #endif /* SUPPORT_CRYPTEQ */
76dca828
PP		 2654
2655 case ECOND_INLIST:
2656 case ECOND_INLISTI:
2657 {
2658 int sep = 0;
76dca828
PP		 2659 uschar *save_iterate_item = iterate_item;
2660 int (*compare)(const uschar *, const uschar *);
2661
b5b871ac 2662 tempcond = FALSE;
76dca828
PP		 2663 if (cond_type == ECOND_INLISTI)
2664 compare = strcmpic;
2665 else
2666 compare = (int (*)(const uschar *, const uschar *)) strcmp;
2667
2668 while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
2669 if (compare(sub[0], iterate_item) == 0)
2670 {
b5b871ac 2671 tempcond = TRUE;
76dca828
PP		 2672 break;
2673 }
2674 iterate_item = save_iterate_item;
76dca828
PP		 2675 }
2676
059ec3d9
PH		 2677 } /* Switch for comparison conditions */
2678
b5b871ac 2679 *yield = tempcond == testfor;
059ec3d9
PH		 2680 return s; /* End of comparison conditions */
2681
2682
2683 /* and/or: computes logical and/or of several conditions */
2684
2685 case ECOND_AND:
2686 case ECOND_OR:
2687 subcondptr = (yield == NULL)? NULL : &tempcond;
2688 combined_cond = (cond_type == ECOND_AND);
2689
2690 while (isspace(*s)) s++;
b5b871ac 2691 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9
PH		 2692
2693 for (;;)
2694 {
2695 while (isspace(*s)) s++;
b5b871ac 2696 /* {-for-text-editors */
059ec3d9 2697 if (*s == '}') break;
b5b871ac 2698 if (*s != '{') /* }-for-text-editors */
059ec3d9
PH		 2699 {
2700 expand_string_message = string_sprintf("each subcondition "
2701 "inside an \"%s{...}\" condition must be in its own {}", name);
2702 return NULL;
2703 }
2704
b0e85a8f 2705 if (!(s = eval_condition(s+1, resetok, subcondptr)))
059ec3d9
PH		 2706 {
2707 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2708 expand_string_message, name);
2709 return NULL;
2710 }
2711 while (isspace(*s)) s++;
2712
b5b871ac 2713 /* {-for-text-editors */
059ec3d9
PH		 2714 if (*s++ != '}')
2715 {
b5b871ac 2716 /* {-for-text-editors */
059ec3d9
PH		 2717 expand_string_message = string_sprintf("missing } at end of condition "
2718 "inside \"%s\" group", name);
2719 return NULL;
2720 }
2721
2722 if (yield != NULL)
2723 {
2724 if (cond_type == ECOND_AND)
2725 {
2726 combined_cond &= tempcond;
2727 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2728 } /* evaluate any more */
2729 else
2730 {
2731 combined_cond |= tempcond;
2732 if (combined_cond) subcondptr = NULL; /* once true, don't */
2733 } /* evaluate any more */
2734 }
2735 }
2736
2737 if (yield != NULL) *yield = (combined_cond == testfor);
2738 return ++s;
2739
2740
0ce9abe6
PH		 2741 /* forall/forany: iterates a condition with different values */
2742
2743 case ECOND_FORALL:
2744 case ECOND_FORANY:
2745 {
2746 int sep = 0;
282b357d 2747 uschar *save_iterate_item = iterate_item;
0ce9abe6
PH		 2748
2749 while (isspace(*s)) s++;
b5b871ac 2750 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2751 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
0ce9abe6 2752 if (sub[0] == NULL) return NULL;
b5b871ac 2753 /* {-for-text-editors */
0ce9abe6
PH		 2754 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2755
2756 while (isspace(*s)) s++;
b5b871ac 2757 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
0ce9abe6
PH		 2758
2759 sub[1] = s;
2760
2761 /* Call eval_condition once, with result discarded (as if scanning a
2762 "false" part). This allows us to find the end of the condition, because if
2763 the list it empty, we won't actually evaluate the condition for real. */
2764
b0e85a8f 2765 if (!(s = eval_condition(sub[1], resetok, NULL)))
0ce9abe6
PH		 2766 {
2767 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2768 expand_string_message, name);
2769 return NULL;
2770 }
2771 while (isspace(*s)) s++;
2772
b5b871ac 2773 /* {-for-text-editors */
0ce9abe6
PH		 2774 if (*s++ != '}')
2775 {
b5b871ac 2776 /* {-for-text-editors */
0ce9abe6
PH		 2777 expand_string_message = string_sprintf("missing } at end of condition "
2778 "inside \"%s\"", name);
2779 return NULL;
2780 }
2781
2782 if (yield != NULL) *yield = !testfor;
2783 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2784 {
2785 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
b0e85a8f 2786 if (!eval_condition(sub[1], resetok, &tempcond))
0ce9abe6
PH		 2787 {
2788 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2789 expand_string_message, name);
e58c13cc 2790 iterate_item = save_iterate_item;
0ce9abe6
PH		 2791 return NULL;
2792 }
2793 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2794 tempcond? "true":"false");
2795
2796 if (yield != NULL) *yield = (tempcond == testfor);
2797 if (tempcond == (cond_type == ECOND_FORANY)) break;
2798 }
2799
282b357d 2800 iterate_item = save_iterate_item;
0ce9abe6
PH		 2801 return s;
2802 }
2803
2804
f3766eb5
NM		 2805 /* The bool{} expansion condition maps a string to boolean.
2806 The values supported should match those supported by the ACL condition
2807 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2808 of true/false. Note that Router "condition" rules have a different
2809 interpretation, where general data can be used and only a few values
2810 map to FALSE.
2811 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP		 2812 only matches true/yes/false/no.
2813 The bool_lax{} condition matches the Router logic, which is much more
2814 liberal. */
f3766eb5 2815 case ECOND_BOOL:
6a8de854 2816 case ECOND_BOOL_LAX:
f3766eb5
NM		 2817 {
2818 uschar *sub_arg[1];
71265ae9 2819 uschar *t, *t2;
6a8de854 2820 uschar *ourname;
f3766eb5
NM		 2821 size_t len;
2822 BOOL boolvalue = FALSE;
2823 while (isspace(*s)) s++;
b5b871ac 2824 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
6a8de854 2825 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
b0e85a8f 2826 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
f3766eb5 2827 {
6a8de854
PP		 2828 case 1: expand_string_message = string_sprintf(
2829 "too few arguments or bracketing error for %s",
2830 ourname);
f3766eb5
NM		 2831 /*FALLTHROUGH*/
2832 case 2:
2833 case 3: return NULL;
2834 }
2835 t = sub_arg[0];
2836 while (isspace(*t)) t++;
2837 len = Ustrlen(t);
71265ae9
PP		 2838 if (len)
2839 {
2840 /* trailing whitespace: seems like a good idea to ignore it too */
2841 t2 = t + len - 1;
2842 while (isspace(*t2)) t2--;
2843 if (t2 != (t + len))
2844 {
2845 *++t2 = '\0';
2846 len = t2 - t;
2847 }
2848 }
f3766eb5 2849 DEBUG(D_expand)
6a8de854
PP		 2850 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2851 /* logic for the lax case from expand_check_condition(), which also does
2852 expands, and the logic is both short and stable enough that there should
2853 be no maintenance burden from replicating it. */
f3766eb5
NM		 2854 if (len == 0)
2855 boolvalue = FALSE;
51c7471d
JH		 2856 else if (*t == '-'
2857 ? Ustrspn(t+1, "0123456789") == len-1
2858 : Ustrspn(t, "0123456789") == len)
6a8de854 2859 {
f3766eb5 2860 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP		 2861 /* expand_check_condition only does a literal string "0" check */
2862 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2863 boolvalue = TRUE;
2864 }
f3766eb5
NM		 2865 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2866 boolvalue = TRUE;
2867 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2868 boolvalue = FALSE;
6a8de854
PP		 2869 else if (cond_type == ECOND_BOOL_LAX)
2870 boolvalue = TRUE;
f3766eb5
NM		 2871 else
2872 {
2873 expand_string_message = string_sprintf("unrecognised boolean "
2874 "value \"%s\"", t);
2875 return NULL;
2876 }
5ee6f336 2877 if (yield != NULL) *yield = (boolvalue == testfor);
f3766eb5
NM		 2878 return s;
2879 }
2880
059ec3d9
PH		 2881 /* Unknown condition */
2882
2883 default:
2884 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2885 return NULL;
2886 } /* End switch on condition type */
2887
2888/* Missing braces at start and end of data */
2889
2890COND_FAILED_CURLY_START:
2891expand_string_message = string_sprintf("missing { after \"%s\"", name);
2892return NULL;
2893
2894COND_FAILED_CURLY_END:
2895expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2896 name);
2897return NULL;
2898
2899/* A condition requires code that is not compiled */
2900
2901#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2902 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2903 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2904COND_FAILED_NOT_COMPILED:
2905expand_string_message = string_sprintf("support for \"%s\" not compiled",
2906 name);
2907return NULL;
2908#endif
2909}
2910
2911
2912
2913
2914/*************************************************
2915* Save numerical variables *
2916*************************************************/
2917
2918/* This function is called from items such as "if" that want to preserve and
2919restore the numbered variables.
2920
2921Arguments:
2922 save_expand_string points to an array of pointers to set
2923 save_expand_nlength points to an array of ints for the lengths
2924
2925Returns: the value of expand max to save
2926*/
2927
2928static int
2929save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2930{
2931int i;
2932for (i = 0; i <= expand_nmax; i++)
2933 {
2934 save_expand_nstring[i] = expand_nstring[i];
2935 save_expand_nlength[i] = expand_nlength[i];
2936 }
2937return expand_nmax;
2938}
2939
2940
2941
2942/*************************************************
2943* Restore numerical variables *
2944*************************************************/
2945
2946/* This function restored saved values of numerical strings.
2947
2948Arguments:
2949 save_expand_nmax the number of strings to restore
2950 save_expand_string points to an array of pointers
2951 save_expand_nlength points to an array of ints
2952
2953Returns: nothing
2954*/
2955
2956static void
2957restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2958 int *save_expand_nlength)
2959{
2960int i;
2961expand_nmax = save_expand_nmax;
2962for (i = 0; i <= expand_nmax; i++)
2963 {
2964 expand_nstring[i] = save_expand_nstring[i];
2965 expand_nlength[i] = save_expand_nlength[i];
2966 }
2967}
2968
2969
2970
2971
2972
2973/*************************************************
2974* Handle yes/no substrings *
2975*************************************************/
2976
2977/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2978alternative substrings that depend on whether or not the condition was true,
2979or the lookup or extraction succeeded. The substrings always have to be
2980expanded, to check their syntax, but "skipping" is set when the result is not
2981needed - this avoids unnecessary nested lookups.
2982
2983Arguments:
2984 skipping TRUE if we were skipping when this item was reached
2985 yes TRUE if the first string is to be used, else use the second
2986 save_lookup a value to put back into lookup_value before the 2nd expansion
2987 sptr points to the input string pointer
2988 yieldptr points to the output string pointer
2989 sizeptr points to the output string size
2990 ptrptr points to the output string pointer
2991 type "lookup" or "if" or "extract" or "run", for error message
b0e85a8f
JH		 2992 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2993 the store.
059ec3d9
PH		 2994
2995Returns: 0 OK; lookup_value has been reset to save_lookup
2996 1 expansion failed
2997 2 expansion failed because of bracketing error
2998*/
2999
3000static int
3001process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
b0e85a8f 3002 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type, BOOL *resetok)
059ec3d9
PH		 3003{
3004int rc = 0;
3005uschar *s = *sptr; /* Local value */
3006uschar *sub1, *sub2;
3007
3008/* If there are no following strings, we substitute the contents of $value for
063b1e99 3009lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 3010"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 3011items. */
059ec3d9
PH		 3012
3013while (isspace(*s)) s++;
3014if (*s == '}')
3015 {
063b1e99
PH		 3016 if (type[0] == 'i')
3017 {
8e669ac1 3018 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH		 3019 }
3020 else
8e669ac1 3021 {
063b1e99
PH		 3022 if (yes && lookup_value != NULL)
3023 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
3024 Ustrlen(lookup_value));
3025 lookup_value = save_lookup;
3026 }
059ec3d9
PH		 3027 s++;
3028 goto RETURN;
3029 }
3030
9b4768fa
PH		 3031/* The first following string must be braced. */
3032
3033if (*s++ != '{') goto FAILED_CURLY;
3034
059ec3d9
PH		 3035/* Expand the first substring. Forced failures are noticed only if we actually
3036want this string. Set skipping in the call in the fail case (this will always
3037be the case if we were already skipping). */
3038
b0e85a8f 3039sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
059ec3d9
PH		 3040if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3041expand_string_forcedfail = FALSE;
3042if (*s++ != '}') goto FAILED_CURLY;
3043
3044/* If we want the first string, add it to the output */
3045
3046if (yes)
3047 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
3048
3049/* If this is called from a lookup or an extract, we want to restore $value to
3050what it was at the start of the item, so that it has this value during the
d20976dc
PH		 3051second string expansion. For the call from "if" or "run" to this function,
3052save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH		 3053
3054lookup_value = save_lookup;
3055
3056/* There now follows either another substring, or "fail", or nothing. This
3057time, forced failures are noticed only if we want the second string. We must
3058set skipping in the nested call if we don't want this string, or if we were
3059already skipping. */
3060
3061while (isspace(*s)) s++;
3062if (*s == '{')
3063 {
b0e85a8f 3064 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
059ec3d9
PH		 3065 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3066 expand_string_forcedfail = FALSE;
3067 if (*s++ != '}') goto FAILED_CURLY;
3068
3069 /* If we want the second string, add it to the output */
3070
3071 if (!yes)
3072 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
3073 }
3074
3075/* If there is no second string, but the word "fail" is present when the use of
3076the second string is wanted, set a flag indicating it was a forced failure
3077rather than a syntactic error. Swallow the terminating } in case this is nested
3078inside another lookup or if or extract. */
3079
3080else if (*s != '}')
3081 {
3082 uschar name[256];
3083 s = read_name(name, sizeof(name), s, US"_");
3084 if (Ustrcmp(name, "fail") == 0)
3085 {
3086 if (!yes && !skipping)
3087 {
3088 while (isspace(*s)) s++;
3089 if (*s++ != '}') goto FAILED_CURLY;
3090 expand_string_message =
3091 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3092 expand_string_forcedfail = TRUE;
3093 goto FAILED;
3094 }
3095 }
3096 else
3097 {
3098 expand_string_message =
3099 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3100 goto FAILED;
3101 }
3102 }
3103
3104/* All we have to do now is to check on the final closing brace. */
3105
3106while (isspace(*s)) s++;
3107if (*s++ == '}') goto RETURN;
3108
3109/* Get here if there is a bracketing failure */
3110
3111FAILED_CURLY:
3112rc++;
3113
3114/* Get here for other failures */
3115
3116FAILED:
3117rc++;
3118
3119/* Update the input pointer value before returning */
3120
3121RETURN:
3122*sptr = s;
3123return rc;
3124}
3125
3126
3127
3128
059ec3d9
PH		 3129/*************************************************
3130* Handle MD5 or SHA-1 computation for HMAC *
3131*************************************************/
3132
3133/* These are some wrapping functions that enable the HMAC code to be a bit
3134cleaner. A good compiler will spot the tail recursion.
3135
3136Arguments:
3137 type HMAC_MD5 or HMAC_SHA1
3138 remaining are as for the cryptographic hash functions
3139
3140Returns: nothing
3141*/
3142
3143static void
3144chash_start(int type, void *base)
3145{
3146if (type == HMAC_MD5)
3147 md5_start((md5 *)base);
3148else
3149 sha1_start((sha1 *)base);
3150}
3151
3152static void
3153chash_mid(int type, void *base, uschar *string)
3154{
3155if (type == HMAC_MD5)
3156 md5_mid((md5 *)base, string);
3157else
3158 sha1_mid((sha1 *)base, string);
3159}
3160
3161static void
3162chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3163{
3164if (type == HMAC_MD5)
3165 md5_end((md5 *)base, string, length, digest);
3166else
3167 sha1_end((sha1 *)base, string, length, digest);
3168}
3169
3170
3171
3172
3173
1549ea3b
PH		 3174/********************************************************
3175* prvs: Get last three digits of days since Jan 1, 1970 *
3176********************************************************/
3177
3178/* This is needed to implement the "prvs" BATV reverse
3179 path signing scheme
3180
3181Argument: integer "days" offset to add or substract to
3182 or from the current number of days.
3183
3184Returns: pointer to string containing the last three
3185 digits of the number of days since Jan 1, 1970,
3186 modified by the offset argument, NULL if there
3187 was an error in the conversion.
3188
3189*/
3190
3191static uschar *
3192prvs_daystamp(int day_offset)
3193{
a86229cf
PH		 3194uschar *days = store_get(32); /* Need at least 24 for cases */
3195(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 3196 (time(NULL) + day_offset*86400)/86400);
e169f567 3197return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH		 3198}
3199
3200
3201
3202/********************************************************
3203* prvs: perform HMAC-SHA1 computation of prvs bits *
3204********************************************************/
3205
3206/* This is needed to implement the "prvs" BATV reverse
3207 path signing scheme
3208
3209Arguments:
3210 address RFC2821 Address to use
3211 key The key to use (must be less than 64 characters
3212 in size)
3213 key_num Single-digit key number to use. Defaults to
3214 '0' when NULL.
3215
3216Returns: pointer to string containing the first three
3217 bytes of the final hash in hex format, NULL if
3218 there was an error in the process.
3219*/
3220
3221static uschar *
3222prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3223{
3224uschar *hash_source, *p;
3225int size = 0,offset = 0,i;
3226sha1 sha1_base;
3227void *use_base = &sha1_base;
3228uschar innerhash[20];
3229uschar finalhash[20];
3230uschar innerkey[64];
3231uschar outerkey[64];
3232uschar *finalhash_hex = store_get(40);
3233
3234if (key_num == NULL)
3235 key_num = US"0";
3236
3237if (Ustrlen(key) > 64)
3238 return NULL;
3239
3240hash_source = string_cat(NULL,&size,&offset,key_num,1);
3241string_cat(hash_source,&size,&offset,daystamp,3);
3242string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3243hash_source[offset] = '\0';
3244
3245DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3246
3247memset(innerkey, 0x36, 64);
3248memset(outerkey, 0x5c, 64);
3249
3250for (i = 0; i < Ustrlen(key); i++)
3251 {
3252 innerkey[i] ^= key[i];
3253 outerkey[i] ^= key[i];
3254 }
3255
3256chash_start(HMAC_SHA1, use_base);
3257chash_mid(HMAC_SHA1, use_base, innerkey);
3258chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3259
3260chash_start(HMAC_SHA1, use_base);
3261chash_mid(HMAC_SHA1, use_base, outerkey);
3262chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3263
3264p = finalhash_hex;
3265for (i = 0; i < 3; i++)
3266 {
3267 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3268 *p++ = hex_digits[finalhash[i] & 0x0f];
3269 }
3270*p = '\0';
3271
3272return finalhash_hex;
3273}
3274
3275
3276
3277
059ec3d9
PH		 3278/*************************************************
3279* Join a file onto the output string *
3280*************************************************/
3281
3282/* This is used for readfile and after a run expansion. It joins the contents
3283of a file onto the output string, globally replacing newlines with a given
3284string (optionally). The file is closed at the end.
3285
3286Arguments:
3287 f the FILE
3288 yield pointer to the expandable string
3289 sizep pointer to the current size
3290 ptrp pointer to the current position
3291 eol newline replacement string, or NULL
3292
3293Returns: new value of string pointer
3294*/
3295
3296static uschar *
3297cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
3298{
3299int eollen;
3300uschar buffer[1024];
3301
3302eollen = (eol == NULL)? 0 : Ustrlen(eol);
3303
3304while (Ufgets(buffer, sizeof(buffer), f) != NULL)
3305 {
3306 int len = Ustrlen(buffer);
3307 if (eol != NULL && buffer[len-1] == '\n') len--;
3308 yield = string_cat(yield, sizep, ptrp, buffer, len);
3309 if (buffer[len] != 0)
3310 yield = string_cat(yield, sizep, ptrp, eol, eollen);
3311 }
3312
3313if (yield != NULL) yield[*ptrp] = 0;
3314
3315return yield;
3316}
3317
3318
3319
3320
3321/*************************************************
3322* Evaluate numeric expression *
3323*************************************************/
3324
af561417
PH		 3325/* This is a set of mutually recursive functions that evaluate an arithmetic
3326expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3327these functions that is called from elsewhere is eval_expr, whose interface is:
059ec3d9
PH		 3328
3329Arguments:
af561417
PH		 3330 sptr pointer to the pointer to the string - gets updated
3331 decimal TRUE if numbers are to be assumed decimal
3332 error pointer to where to put an error message - must be NULL on input
3333 endket TRUE if ')' must terminate - FALSE for external call
059ec3d9 3334
af561417
PH		 3335Returns: on success: the value of the expression, with *error still NULL
3336 on failure: an undefined value, with *error = a message
059ec3d9
PH		 3337*/
3338
97d17305 3339static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
af561417 3340
059ec3d9 3341
97d17305 3342static int_eximarith_t
059ec3d9
PH		 3343eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3344{
3345uschar *s = *sptr;
97d17305 3346int_eximarith_t x = eval_op_or(&s, decimal, error);
059ec3d9
PH		 3347if (*error == NULL)
3348 {
af561417 3349 if (endket)
059ec3d9 3350 {
af561417
PH		 3351 if (*s != ')')
3352 *error = US"expecting closing parenthesis";
3353 else
3354 while (isspace(*(++s)));
059ec3d9 3355 }
af561417 3356 else if (*s != 0) *error = US"expecting operator";
059ec3d9 3357 }
059ec3d9
PH		 3358*sptr = s;
3359return x;
3360}
3361
af561417 3362
97d17305 3363static int_eximarith_t
af561417 3364eval_number(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 3365{
3366register int c;
97d17305 3367int_eximarith_t n;
059ec3d9
PH		 3368uschar *s = *sptr;
3369while (isspace(*s)) s++;
3370c = *s;
af561417 3371if (isdigit(c))
059ec3d9
PH		 3372 {
3373 int count;
97d17305 3374 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
059ec3d9 3375 s += count;
97d17305
JH		 3376 switch (tolower(*s))
3377 {
3378 default: break;
3379 case 'k': n *= 1024; s++; break;
3380 case 'm': n *= 1024*1024; s++; break;
3381 case 'g': n *= 1024*1024*1024; s++; break;
3382 }
059ec3d9
PH		 3383 while (isspace (*s)) s++;
3384 }
3385else if (c == '(')
3386 {
3387 s++;
3388 n = eval_expr(&s, decimal, error, 1);
3389 }
3390else
3391 {
3392 *error = US"expecting number or opening parenthesis";
3393 n = 0;
3394 }
3395*sptr = s;
3396return n;
3397}
3398
af561417 3399
97d17305 3400static int_eximarith_t
aa7c82b2 3401eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3402{
3403uschar *s = *sptr;
97d17305 3404int_eximarith_t x;
af561417
PH		 3405while (isspace(*s)) s++;
3406if (*s == '+' || *s == '-' || *s == '~')
3407 {
3408 int op = *s++;
3409 x = eval_op_unary(&s, decimal, error);
3410 if (op == '-') x = -x;
3411 else if (op == '~') x = ~x;
3412 }
3413else
3414 {
3415 x = eval_number(&s, decimal, error);
3416 }
3417*sptr = s;
3418return x;
3419}
3420
3421
97d17305 3422static int_eximarith_t
aa7c82b2 3423eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 3424{
3425uschar *s = *sptr;
97d17305 3426int_eximarith_t x = eval_op_unary(&s, decimal, error);
059ec3d9
PH		 3427if (*error == NULL)
3428 {
5591031b 3429 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH		 3430 {
3431 int op = *s++;
97d17305 3432 int_eximarith_t y = eval_op_unary(&s, decimal, error);
059ec3d9 3433 if (*error != NULL) break;
053a9aa3
PP		 3434 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3435 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3436 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3437 * -N*M is INT_MIN will yielf INT_MIN.
3438 * Since we don't support floating point, this is somewhat simpler.
3439 * Ideally, we'd return an error, but since we overflow for all other
3440 * arithmetic, consistency suggests otherwise, but what's the correct value
3441 * to use? There is none.
3442 * The C standard guarantees overflow for unsigned arithmetic but signed
3443 * overflow invokes undefined behaviour; in practice, this is overflow
3444 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3445 * that long/longlong larger than int are available, or we could just work
3446 * with larger types. We should consider whether to guarantee 32bit eval
3447 * and 64-bit working variables, with errors returned. For now ...
3448 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3449 * can just let the other invalid results occur otherwise, as they have
3450 * until now. For this one case, we can coerce.
3451 */
4328fd3c 3452 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
053a9aa3
PP		 3453 {
3454 DEBUG(D_expand)
97d17305 3455 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
4328fd3c
JH		 3456 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3457 x = EXIM_ARITH_MAX;
053a9aa3
PP		 3458 continue;
3459 }
a5b52695
PP		 3460 if (op == '*')
3461 x *= y;
3462 else
3463 {
3464 if (y == 0)
54e7ce4a 3465 {
a5b52695
PP		 3466 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3467 x = 0;
3468 break;
54e7ce4a 3469 }
a5b52695
PP		 3470 if (op == '/')
3471 x /= y;
3472 else
3473 x %= y;
3474 }
059ec3d9
PH		 3475 }
3476 }
3477*sptr = s;
3478return x;
3479}
3480
3481
97d17305 3482static int_eximarith_t
aa7c82b2 3483eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3484{
3485uschar *s = *sptr;
97d17305 3486int_eximarith_t x = eval_op_mult(&s, decimal, error);
af561417
PH		 3487if (*error == NULL)
3488 {
3489 while (*s == '+' || *s == '-')
3490 {
3491 int op = *s++;
97d17305 3492 int_eximarith_t y = eval_op_mult(&s, decimal, error);
af561417
PH		 3493 if (*error != NULL) break;
3494 if (op == '+') x += y; else x -= y;
3495 }
3496 }
3497*sptr = s;
3498return x;
3499}
3500
3501
97d17305 3502static int_eximarith_t
aa7c82b2 3503eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3504{
3505uschar *s = *sptr;
97d17305 3506int_eximarith_t x = eval_op_sum(&s, decimal, error);
af561417
PH		 3507if (*error == NULL)
3508 {
3509 while ((*s == '<' || *s == '>') && s[1] == s[0])
3510 {
97d17305 3511 int_eximarith_t y;
af561417
PH		 3512 int op = *s++;
3513 s++;
3514 y = eval_op_sum(&s, decimal, error);
3515 if (*error != NULL) break;
3516 if (op == '<') x <<= y; else x >>= y;
3517 }
3518 }
3519*sptr = s;
3520return x;
3521}
3522
3523
97d17305 3524static int_eximarith_t
aa7c82b2 3525eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3526{
3527uschar *s = *sptr;
97d17305 3528int_eximarith_t x = eval_op_shift(&s, decimal, error);
af561417
PH		 3529if (*error == NULL)
3530 {
3531 while (*s == '&')
3532 {
97d17305 3533 int_eximarith_t y;
af561417
PH		 3534 s++;
3535 y = eval_op_shift(&s, decimal, error);
3536 if (*error != NULL) break;
3537 x &= y;
3538 }
3539 }
3540*sptr = s;
3541return x;
3542}
3543
3544
97d17305 3545static int_eximarith_t
aa7c82b2 3546eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3547{
3548uschar *s = *sptr;
97d17305 3549int_eximarith_t x = eval_op_and(&s, decimal, error);
af561417
PH		 3550if (*error == NULL)
3551 {
3552 while (*s == '^')
3553 {
97d17305 3554 int_eximarith_t y;
af561417
PH		 3555 s++;
3556 y = eval_op_and(&s, decimal, error);
3557 if (*error != NULL) break;
3558 x ^= y;
3559 }
3560 }
3561*sptr = s;
3562return x;
3563}
3564
3565
97d17305 3566static int_eximarith_t
aa7c82b2 3567eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH		 3568{
3569uschar *s = *sptr;
97d17305 3570int_eximarith_t x = eval_op_xor(&s, decimal, error);
af561417
PH		 3571if (*error == NULL)
3572 {
3573 while (*s == '|')
3574 {
97d17305 3575 int_eximarith_t y;
af561417
PH		 3576 s++;
3577 y = eval_op_xor(&s, decimal, error);
3578 if (*error != NULL) break;
3579 x |= y;
3580 }
3581 }
3582*sptr = s;
3583return x;
3584}
3585
059ec3d9
PH		 3586
3587
3588/*************************************************
3589* Expand string *
3590*************************************************/
3591
3592/* Returns either an unchanged string, or the expanded string in stacking pool
3593store. Interpreted sequences are:
3594
3595 \... normal escaping rules
3596 $name substitutes the variable
3597 ${name} ditto
3598 ${op:string} operates on the expanded string value
3599 ${item{arg1}{arg2}...} expands the args and then does the business
3600 some literal args are not enclosed in {}
3601
3602There are now far too many operators and item types to make it worth listing
3603them here in detail any more.
3604
3605We use an internal routine recursively to handle embedded substrings. The
3606external function follows. The yield is NULL if the expansion failed, and there
3607are two cases: if something collapsed syntactically, or if "fail" was given
3608as the action on a lookup failure. These can be distinguised by looking at the
3609variable expand_string_forcedfail, which is TRUE in the latter case.
3610
3611The skipping flag is set true when expanding a substring that isn't actually
3612going to be used (after "if" or "lookup") and it prevents lookups from
3613happening lower down.
3614
3615Store usage: At start, a store block of the length of the input plus 64
3616is obtained. This is expanded as necessary by string_cat(), which might have to
3617get a new block, or might be able to expand the original. At the end of the
3618function we can release any store above that portion of the yield block that
3619was actually used. In many cases this will be optimal.
3620
3621However: if the first item in the expansion is a variable name or header name,
3622we reset the store before processing it; if the result is in fresh store, we
3623use that without copying. This is helpful for expanding strings like
3624$message_headers which can get very long.
3625
d6b4d938
TF		 3626There's a problem if a ${dlfunc item has side-effects that cause allocation,
3627since resetting the store at the end of the expansion will free store that was
3628allocated by the plugin code as well as the slop after the expanded string. So
b0e85a8f
JH		 3629we skip any resets if ${dlfunc } has been used. The same applies for ${acl }
3630and, given the acl condition, ${if }. This is an unfortunate consequence of
3631string expansion becoming too powerful.
d6b4d938 3632
059ec3d9
PH		 3633Arguments:
3634 string the string to be expanded
3635 ket_ends true if expansion is to stop at }
3636 left if not NULL, a pointer to the first character after the
3637 expansion is placed here (typically used with ket_ends)
3638 skipping TRUE for recursive calls when the value isn't actually going
3639 to be used (to allow for optimisation)
da6dbe26
PP		 3640 honour_dollar TRUE if $ is to be expanded,
3641 FALSE if it's just another character
b0e85a8f
JH		 3642 resetok_p if not NULL, pointer to flag - write FALSE if unsafe to reset
3643 the store.
059ec3d9
PH		 3644
3645Returns: NULL if expansion fails:
3646 expand_string_forcedfail is set TRUE if failure was forced
3647 expand_string_message contains a textual error message
3648 a pointer to the expanded string on success
3649*/
3650
3651static uschar *
3652expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
b0e85a8f 3653 BOOL skipping, BOOL honour_dollar, BOOL *resetok_p)
059ec3d9
PH		 3654{
3655int ptr = 0;
3656int size = Ustrlen(string)+ 64;
3657int item_type;
3658uschar *yield = store_get(size);
3659uschar *s = string;
3660uschar *save_expand_nstring[EXPAND_MAXN+1];
3661int save_expand_nlength[EXPAND_MAXN+1];
d6b4d938 3662BOOL resetok = TRUE;
059ec3d9
PH		 3663
3664expand_string_forcedfail = FALSE;
3665expand_string_message = US"";
3666
3667while (*s != 0)
3668 {
3669 uschar *value;
3670 uschar name[256];
3671
3672 /* \ escapes the next character, which must exist, or else
3673 the expansion fails. There's a special escape, \N, which causes
3674 copying of the subject verbatim up to the next \N. Otherwise,
3675 the escapes are the standard set. */
3676
3677 if (*s == '\\')
3678 {
3679 if (s[1] == 0)
3680 {
3681 expand_string_message = US"\\ at end of string";
3682 goto EXPAND_FAILED;
3683 }
3684
3685 if (s[1] == 'N')
3686 {
3687 uschar *t = s + 2;
3688 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3689 yield = string_cat(yield, &size, &ptr, t, s - t);
3690 if (*s != 0) s += 2;
3691 }
3692
3693 else
3694 {
3695 uschar ch[1];
3696 ch[0] = string_interpret_escape(&s);
3697 s++;
3698 yield = string_cat(yield, &size, &ptr, ch, 1);
3699 }
3700
3701 continue;
3702 }
3703
2e23003a 3704 /*{*/
059ec3d9
PH		 3705 /* Anything other than $ is just copied verbatim, unless we are
3706 looking for a terminating } character. */
3707
2e23003a 3708 /*{*/
059ec3d9
PH		 3709 if (ket_ends && *s == '}') break;
3710
da6dbe26 3711 if (*s != '$' || !honour_dollar)
059ec3d9
PH		 3712 {
3713 yield = string_cat(yield, &size, &ptr, s++, 1);
3714 continue;
3715 }
3716
3717 /* No { after the $ - must be a plain name or a number for string
3718 match variable. There has to be a fudge for variables that are the
3719 names of header fields preceded by "$header_" because header field
3720 names can contain any printing characters except space and colon.
3721 For those that don't like typing this much, "$h_" is a synonym for
3722 "$header_". A non-existent header yields a NULL value; nothing is
2e23003a 3723 inserted. */ /*}*/
059ec3d9
PH		 3724
3725 if (isalpha((*(++s))))
3726 {
3727 int len;
3728 int newsize = 0;
3729
3730 s = read_name(name, sizeof(name), s, US"_");
3731
3732 /* If this is the first thing to be expanded, release the pre-allocated
3733 buffer. */
3734
3735 if (ptr == 0 && yield != NULL)
3736 {
d6b4d938 3737 if (resetok) store_reset(yield);
059ec3d9
PH		 3738 yield = NULL;
3739 size = 0;
3740 }
3741
3742 /* Header */
3743
3744 if (Ustrncmp(name, "h_", 2) == 0 ||
3745 Ustrncmp(name, "rh_", 3) == 0 ||
3746 Ustrncmp(name, "bh_", 3) == 0 ||
3747 Ustrncmp(name, "header_", 7) == 0 ||
3748 Ustrncmp(name, "rheader_", 8) == 0 ||
3749 Ustrncmp(name, "bheader_", 8) == 0)
3750 {
3751 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3752 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3753 s = read_header_name(name, sizeof(name), s);
3754 value = find_header(name, FALSE, &newsize, want_raw, charset);
3755
3756 /* If we didn't find the header, and the header contains a closing brace
0d85fa3f 3757 character, this may be a user error where the terminating colon
059ec3d9
PH		 3758 has been omitted. Set a flag to adjust the error message in this case.
3759 But there is no error here - nothing gets inserted. */
3760
3761 if (value == NULL)
3762 {
3763 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3764 continue;
3765 }
3766 }
3767
3768 /* Variable */
3769
3770 else
3771 {
3772 value = find_variable(name, FALSE, skipping, &newsize);
3773 if (value == NULL)
3774 {
3775 expand_string_message =
3776 string_sprintf("unknown variable name \"%s\"", name);
641cb756 3777 check_variable_error_message(name);
059ec3d9
PH		 3778 goto EXPAND_FAILED;
3779 }
3780 }
3781
3782 /* If the data is known to be in a new buffer, newsize will be set to the
3783 size of that buffer. If this is the first thing in an expansion string,
3784 yield will be NULL; just point it at the new store instead of copying. Many
3785 expansion strings contain just one reference, so this is a useful
3786 optimization, especially for humungous headers. */
3787
3788 len = Ustrlen(value);
3789 if (yield == NULL && newsize != 0)
3790 {
3791 yield = value;
3792 size = newsize;
3793 ptr = len;
3794 }
3795 else yield = string_cat(yield, &size, &ptr, value, len);
3796
3797 continue;
3798 }
3799
3800 if (isdigit(*s))
3801 {
3802 int n;
3803 s = read_number(&n, s);
3804 if (n >= 0 && n <= expand_nmax)
3805 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3806 expand_nlength[n]);
3807 continue;
3808 }
3809
2e23003a 3810 /* Otherwise, if there's no '{' after $ it's an error. */ /*}*/
059ec3d9 3811
2e23003a 3812 if (*s != '{') /*}*/
059ec3d9 3813 {
2e23003a 3814 expand_string_message = US"$ not followed by letter, digit, or {"; /*}*/
059ec3d9
PH		 3815 goto EXPAND_FAILED;
3816 }
3817
3818 /* After { there can be various things, but they all start with
3819 an initial word, except for a number for a string match variable. */
3820
3821 if (isdigit((*(++s))))
3822 {
3823 int n;
2e23003a 3824 s = read_number(&n, s); /*{*/
059ec3d9 3825 if (*s++ != '}')
2e23003a 3826 { /*{*/
059ec3d9
PH		 3827 expand_string_message = US"} expected after number";
3828 goto EXPAND_FAILED;
3829 }
3830 if (n >= 0 && n <= expand_nmax)
3831 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3832 expand_nlength[n]);
3833 continue;
3834 }
3835
3836 if (!isalpha(*s))
3837 {
2e23003a 3838 expand_string_message = US"letter or digit expected after ${"; /*}*/
059ec3d9
PH		 3839 goto EXPAND_FAILED;
3840 }
3841
3842 /* Allow "-" in names to cater for substrings with negative
3843 arguments. Since we are checking for known names after { this is
3844 OK. */
3845
3846 s = read_name(name, sizeof(name), s, US"_-");
3847 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3848
3849 switch(item_type)
3850 {
525239c1 3851 /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
333eea9c 3852 If the ACL returns accept or reject we return content set by "message ="
723c72e6
JH		 3853 There is currently no limit on recursion; this would have us call
3854 acl_check_internal() directly and get a current level from somewhere.
f60d98e8
JH		 3855 See also the acl expansion condition ECOND_ACL and the traditional
3856 acl modifier ACLC_ACL.
be7a5781 3857 Assume that the function has side-effects on the store that must be preserved.
723c72e6
JH		 3858 */
3859
3860 case EITEM_ACL:
333eea9c 3861 /* ${acl {name} {arg1}{arg2}...} */
723c72e6 3862 {
333eea9c 3863 uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */
723c72e6 3864 uschar *user_msg;
333eea9c 3865
b0e85a8f 3866 switch(read_subs(sub, 10, 1, &s, skipping, TRUE, US"acl", &resetok))
723c72e6
JH		 3867 {
3868 case 1: goto EXPAND_FAILED_CURLY;
3869 case 2:
3870 case 3: goto EXPAND_FAILED;
3871 }
3872 if (skipping) continue;
3873
be7a5781 3874 resetok = FALSE;
f60d98e8 3875 switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
723c72e6
JH		 3876 {
3877 case OK:
333eea9c 3878 case FAIL:
723c72e6
JH		 3879 if (user_msg)
3880 yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
3881 continue;
333eea9c 3882
723c72e6 3883 case DEFER:
333eea9c 3884 expand_string_forcedfail = TRUE;
723c72e6 3885 default:
333eea9c 3886 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
723c72e6
JH		 3887 goto EXPAND_FAILED;
3888 }
3889 }
3890
059ec3d9
PH		 3891 /* Handle conditionals - preserve the values of the numerical expansion
3892 variables in case they get changed by a regular expression match in the
3893 condition. If not, they retain their external settings. At the end
3894 of this "if" section, they get restored to their previous values. */
3895
3896 case EITEM_IF:
3897 {
3898 BOOL cond = FALSE;
3899 uschar *next_s;
3900 int save_expand_nmax =
3901 save_expand_strings(save_expand_nstring, save_expand_nlength);
3902
3903 while (isspace(*s)) s++;
b0e85a8f 3904 next_s = eval_condition(s, &resetok, skipping? NULL : &cond);
059ec3d9
PH		 3905 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3906
3907 DEBUG(D_expand)
3908 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3909 cond? "true" : "false");
3910
3911 s = next_s;
3912
3913 /* The handling of "yes" and "no" result strings is now in a separate
3914 function that is also used by ${lookup} and ${extract} and ${run}. */
3915
3916 switch(process_yesno(
3917 skipping, /* were previously skipping */
3918 cond, /* success/failure indicator */
3919 lookup_value, /* value to reset for string2 */
3920 &s, /* input pointer */
3921 &yield, /* output pointer */
3922 &size, /* output size */
3923 &ptr, /* output current point */
b0e85a8f
JH		 3924 US"if", /* condition type */
3925 &resetok))
059ec3d9
PH		 3926 {
3927 case 1: goto EXPAND_FAILED; /* when all is well, the */
3928 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3929 }
3930
3931 /* Restore external setting of expansion variables for continuation
3932 at this level. */
3933
b0e85a8f
JH		 3934 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3935 save_expand_nlength);
059ec3d9
PH		 3936 continue;
3937 }
3938
3939 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3940 expanding an internal string that isn't actually going to be used. All we
3941 need to do is check the syntax, so don't do a lookup at all. Preserve the
3942 values of the numerical expansion variables in case they get changed by a
3943 partial lookup. If not, they retain their external settings. At the end
3944 of this "lookup" section, they get restored to their previous values. */
3945
3946 case EITEM_LOOKUP:
3947 {
3948 int stype, partial, affixlen, starflags;
3949 int expand_setup = 0;
3950 int nameptr = 0;
3951 uschar *key, *filename, *affix;
3952 uschar *save_lookup_value = lookup_value;
3953 int save_expand_nmax =
3954 save_expand_strings(save_expand_nstring, save_expand_nlength);
3955
3956 if ((expand_forbid & RDO_LOOKUP) != 0)
3957 {
3958 expand_string_message = US"lookup expansions are not permitted";
3959 goto EXPAND_FAILED;
3960 }
3961
3962 /* Get the key we are to look up for single-key+file style lookups.
3963 Otherwise set the key NULL pro-tem. */
3964
3965 while (isspace(*s)) s++;
2e23003a 3966 if (*s == '{') /*}*/
059ec3d9 3967 {
b0e85a8f 3968 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
2e23003a 3969 if (key == NULL) goto EXPAND_FAILED; /*{*/
059ec3d9
PH		 3970 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3971 while (isspace(*s)) s++;
3972 }
3973 else key = NULL;
3974
3975 /* Find out the type of database */
3976
3977 if (!isalpha(*s))
3978 {
3979 expand_string_message = US"missing lookup type";
3980 goto EXPAND_FAILED;
3981 }
3982
3983 /* The type is a string that may contain special characters of various
3984 kinds. Allow everything except space or { to appear; the actual content
2e23003a 3985 is checked by search_findtype_partial. */ /*}*/
059ec3d9 3986
2e23003a 3987 while (*s != 0 && *s != '{' && !isspace(*s)) /*}*/
059ec3d9
PH		 3988 {
3989 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3990 s++;
3991 }
3992 name[nameptr] = 0;
3993 while (isspace(*s)) s++;
3994
3995 /* Now check for the individual search type and any partial or default
3996 options. Only those types that are actually in the binary are valid. */
3997
3998 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3999 &starflags);
4000 if (stype < 0)
4001 {
4002 expand_string_message = search_error_message;
4003 goto EXPAND_FAILED;
4004 }
4005
4006 /* Check that a key was provided for those lookup types that need it,
4007 and was not supplied for those that use the query style. */
4008
13b685f9 4009 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
059ec3d9
PH		 4010 {
4011 if (key == NULL)
4012 {
4013 expand_string_message = string_sprintf("missing {key} for single-"
4014 "key \"%s\" lookup", name);
4015 goto EXPAND_FAILED;
4016 }
4017 }
4018 else
4019 {
4020 if (key != NULL)
4021 {
4022 expand_string_message = string_sprintf("a single key was given for "
4023 "lookup type \"%s\", which is not a single-key lookup type", name);
4024 goto EXPAND_FAILED;
4025 }
4026 }
4027
4028 /* Get the next string in brackets and expand it. It is the file name for
13b685f9
PH		 4029 single-key+file lookups, and the whole query otherwise. In the case of
4030 queries that also require a file name (e.g. sqlite), the file name comes
4031 first. */
059ec3d9
PH		 4032
4033 if (*s != '{') goto EXPAND_FAILED_CURLY;
b0e85a8f 4034 filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
059ec3d9
PH		 4035 if (filename == NULL) goto EXPAND_FAILED;
4036 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4037 while (isspace(*s)) s++;
4038
4039 /* If this isn't a single-key+file lookup, re-arrange the variables
13b685f9
PH		 4040 to be appropriate for the search_ functions. For query-style lookups,
4041 there is just a "key", and no file name. For the special query-style +
4042 file types, the query (i.e. "key") starts with a file name. */
059ec3d9
PH		 4043
4044 if (key == NULL)
4045 {
13b685f9 4046 while (isspace(*filename)) filename++;
059ec3d9 4047 key = filename;
13b685f9
PH		 4048
4049 if (mac_islookup(stype, lookup_querystyle))
4050 {
4051 filename = NULL;
4052 }
4053 else
4054 {
4055 if (*filename != '/')
4056 {
4057 expand_string_message = string_sprintf(
4058 "absolute file name expected for \"%s\" lookup", name);
4059 goto EXPAND_FAILED;
4060 }
4061 while (*key != 0 && !isspace(*key)) key++;
4062 if (*key != 0) *key++ = 0;
4063 }
059ec3d9
PH		 4064 }
4065
4066 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
4067 the entry was not found. Note that there is no search_close() function.
4068 Files are left open in case of re-use. At suitable places in higher logic,
4069 search_tidyup() is called to tidy all open files. This can save opening
4070 the same file several times. However, files may also get closed when
4071 others are opened, if too many are open at once. The rule is that a
4072 handle should not be used after a second search_open().
4073
4074 Request that a partial search sets up $1 and maybe $2 by passing
4075 expand_setup containing zero. If its value changes, reset expand_nmax,
4076 since new variables will have been set. Note that at the end of this
4077 "lookup" section, the old numeric variables are restored. */
4078
4079 if (skipping)
4080 lookup_value = NULL;
4081 else
4082 {
4083 void *handle = search_open(filename, stype, 0, NULL, NULL);
4084 if (handle == NULL)
4085 {
4086 expand_string_message = search_error_message;
4087 goto EXPAND_FAILED;
4088 }
4089 lookup_value = search_find(handle, filename, key, partial, affix,
4090 affixlen, starflags, &expand_setup);
4091 if (search_find_defer)
4092 {
4093 expand_string_message =
b72aab72
PP		 4094 string_sprintf("lookup of \"%s\" gave DEFER: %s",
4095 string_printing2(key, FALSE), search_error_message);
059ec3d9
PH		 4096 goto EXPAND_FAILED;
4097 }
4098 if (expand_setup > 0) expand_nmax = expand_setup;
4099 }
4100
4101 /* The handling of "yes" and "no" result strings is now in a separate
4102 function that is also used by ${if} and ${extract}. */
4103
4104 switch(process_yesno(
4105 skipping, /* were previously skipping */
4106 lookup_value != NULL, /* success/failure indicator */
4107 save_lookup_value, /* value to reset for string2 */
4108 &s, /* input pointer */
4109 &yield, /* output pointer */
4110 &size, /* output size */
4111 &ptr, /* output current point */
b0e85a8f
JH		 4112 US"lookup", /* condition type */
4113 &resetok))
059ec3d9
PH		 4114 {
4115 case 1: goto EXPAND_FAILED; /* when all is well, the */
4116 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4117 }
4118
4119 /* Restore external setting of expansion variables for carrying on
4120 at this level, and continue. */
4121
4122 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4123 save_expand_nlength);
4124 continue;
4125 }
4126
4127 /* If Perl support is configured, handle calling embedded perl subroutines,
4128 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
4129 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
4130 arguments (defined below). */
4131
059ec3d9
PH		 4132 #define EXIM_PERL_MAX_ARGS 8
4133
4134 case EITEM_PERL:
1a46a8c5 4135 #ifndef EXIM_PERL
2e23003a 4136 expand_string_message = US"\"${perl\" encountered, but this facility " /*}*/
1a46a8c5
PH		 4137 "is not included in this binary";
4138 goto EXPAND_FAILED;
4139
4140 #else /* EXIM_PERL */
059ec3d9
PH		 4141 {
4142 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
4143 uschar *new_yield;
4144
4145 if ((expand_forbid & RDO_PERL) != 0)
4146 {
4147 expand_string_message = US"Perl calls are not permitted";
4148 goto EXPAND_FAILED;
4149 }
4150
4151 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
b0e85a8f 4152 US"perl", &resetok))
059ec3d9
PH		 4153 {
4154 case 1: goto EXPAND_FAILED_CURLY;
4155 case 2:
4156 case 3: goto EXPAND_FAILED;
4157 }
4158
4159 /* If skipping, we don't actually do anything */
4160
4161 if (skipping) continue;
4162
4163 /* Start the interpreter if necessary */
4164
4165 if (!opt_perl_started)
4166 {
4167 uschar *initerror;
4168 if (opt_perl_startup == NULL)
4169 {
4170 expand_string_message = US"A setting of perl_startup is needed when "
4171 "using the Perl interpreter";
4172 goto EXPAND_FAILED;
4173 }
4174 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
4175 initerror = init_perl(opt_perl_startup);
4176 if (initerror != NULL)
4177 {
4178 expand_string_message =
4179 string_sprintf("error in perl_startup code: %s\n", initerror);
4180 goto EXPAND_FAILED;
4181 }
4182 opt_perl_started = TRUE;
4183 }
4184
4185 /* Call the function */
4186
4187 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
4188 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
4189 sub_arg[0], sub_arg + 1);
4190
4191 /* NULL yield indicates failure; if the message pointer has been set to
4192 NULL, the yield was undef, indicating a forced failure. Otherwise the
4193 message will indicate some kind of Perl error. */
4194
4195 if (new_yield == NULL)
4196 {
4197 if (expand_string_message == NULL)
4198 {
4199 expand_string_message =
4200 string_sprintf("Perl subroutine \"%s\" returned undef to force "
4201 "failure", sub_arg[0]);
4202 expand_string_forcedfail = TRUE;
4203 }
4204 goto EXPAND_FAILED;
4205 }
4206
4207 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
4208 set during a callback from Perl. */
4209
4210 expand_string_forcedfail = FALSE;
4211 yield = new_yield;
4212 continue;
4213 }
4214 #endif /* EXIM_PERL */
4215
fffda43a
TK		 4216 /* Transform email address to "prvs" scheme to use
4217 as BATV-signed return path */
4218
4219 case EITEM_PRVS:
4220 {
4221 uschar *sub_arg[3];
4222 uschar *p,*domain;
4223
b0e85a8f 4224 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs", &resetok))
fffda43a
TK		 4225 {
4226 case 1: goto EXPAND_FAILED_CURLY;
4227 case 2:
4228 case 3: goto EXPAND_FAILED;
4229 }
4230
4231 /* If skipping, we don't actually do anything */
4232 if (skipping) continue;
4233
4234 /* sub_arg[0] is the address */
4235 domain = Ustrrchr(sub_arg[0],'@');
4236 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
4237 {
cb9328de
PH		 4238 expand_string_message = US"prvs first argument must be a qualified email address";
4239 goto EXPAND_FAILED;
4240 }
4241
4242 /* Calculate the hash. The second argument must be a single-digit
4243 key number, or unset. */
4244
4245 if (sub_arg[2] != NULL &&
4246 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
4247 {
4248 expand_string_message = US"prvs second argument must be a single digit";
fffda43a
TK		 4249 goto EXPAND_FAILED;
4250 }
4251
fffda43a
TK		 4252 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
4253 if (p == NULL)
4254 {
cb9328de 4255 expand_string_message = US"prvs hmac-sha1 conversion failed";
fffda43a
TK		 4256 goto EXPAND_FAILED;
4257 }
4258
4259 /* Now separate the domain from the local part */
4260 *domain++ = '\0';
4261
4262 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
fffda43a
TK		 4263 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
4264 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
4265 string_cat(yield,&size,&ptr,p,6);
a48ced90
TK		 4266 string_cat(yield,&size,&ptr,US"=",1);
4267 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
fffda43a
TK		 4268 string_cat(yield,&size,&ptr,US"@",1);
4269 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
4270
4271 continue;
4272 }
4273
4274 /* Check a prvs-encoded address for validity */
4275
4276 case EITEM_PRVSCHECK:
4277 {
4278 uschar *sub_arg[3];
4279 int mysize = 0, myptr = 0;
4280 const pcre *re;
4281 uschar *p;
72fdd6ae
PH		 4282
4283 /* TF: Ugliness: We want to expand parameter 1 first, then set
fffda43a
TK		 4284 up expansion variables that are used in the expansion of
4285 parameter 2. So we clone the string for the first
72fdd6ae
PH		 4286 expansion, where we only expand parameter 1.
4287
4288 PH: Actually, that isn't necessary. The read_subs() function is
4289 designed to work this way for the ${if and ${lookup expansions. I've
4290 tidied the code.
4291 */
fffda43a
TK		 4292
4293 /* Reset expansion variables */
4294 prvscheck_result = NULL;
4295 prvscheck_address = NULL;
4296 prvscheck_keynum = NULL;
4297
b0e85a8f 4298 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
fffda43a
TK		 4299 {
4300 case 1: goto EXPAND_FAILED_CURLY;
4301 case 2:
4302 case 3: goto EXPAND_FAILED;
4303 }
4304
a48ced90 4305 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
fffda43a
TK		 4306 TRUE,FALSE);
4307
72fdd6ae
PH		 4308 if (regex_match_and_setup(re,sub_arg[0],0,-1))
4309 {
a48ced90
TK		 4310 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
4311 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
4312 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
4313 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
fffda43a
TK		 4314 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
4315
4316 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
4317 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
4318 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
4319 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
4320 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
4321
4322 /* Set up expansion variables */
4323 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
2740a2ca 4324 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
fffda43a
TK		 4325 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
4326 prvscheck_address[myptr] = '\0';
4327 prvscheck_keynum = string_copy(key_num);
4328
72fdd6ae 4329 /* Now expand the second argument */
b0e85a8f 4330 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
fffda43a
TK		 4331 {
4332 case 1: goto EXPAND_FAILED_CURLY;
4333 case 2:
4334 case 3: goto EXPAND_FAILED;
4335 }
4336
fffda43a 4337 /* Now we have the key and can check the address. */
72fdd6ae
PH		 4338
4339 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
4340 daystamp);
4341
fffda43a
TK		 4342 if (p == NULL)
4343 {
4344 expand_string_message = US"hmac-sha1 conversion failed";
4345 goto EXPAND_FAILED;
4346 }
4347
4348 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
4349 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
72fdd6ae 4350
fffda43a
TK		 4351 if (Ustrcmp(p,hash) == 0)
4352 {
4353 /* Success, valid BATV address. Now check the expiry date. */
4354 uschar *now = prvs_daystamp(0);
4355 unsigned int inow = 0,iexpire = 1;
4356
ff790e47
PH		 4357 (void)sscanf(CS now,"%u",&inow);
4358 (void)sscanf(CS daystamp,"%u",&iexpire);
fffda43a
TK		 4359
4360 /* When "iexpire" is < 7, a "flip" has occured.
4361 Adjust "inow" accordingly. */
4362 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
4363
686c36b7 4364 if (iexpire >= inow)
fffda43a
TK		 4365 {
4366 prvscheck_result = US"1";
4367 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
4368 }
4369 else
4370 {
4371 prvscheck_result = NULL;
4372 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
4373 }
4374 }
4375 else
4376 {
4377 prvscheck_result = NULL;
4378 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
4379 }
72fdd6ae
PH		 4380
4381 /* Now expand the final argument. We leave this till now so that
4382 it can include $prvscheck_result. */
4383
b0e85a8f 4384 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs", &resetok))
72fdd6ae
PH		 4385 {
4386 case 1: goto EXPAND_FAILED_CURLY;
4387 case 2:
4388 case 3: goto EXPAND_FAILED;
4389 }
4390
4391 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
4392 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
4393 else
4394 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4395
4396 /* Reset the "internal" variables afterwards, because they are in
4397 dynamic store that will be reclaimed if the expansion succeeded. */
4398
4399 prvscheck_address = NULL;
4400 prvscheck_keynum = NULL;
4401 }
fffda43a
TK		 4402 else
4403 {
4404 /* Does not look like a prvs encoded address, return the empty string.
72fdd6ae
PH		 4405 We need to make sure all subs are expanded first, so as to skip over
4406 the entire item. */
4407
b0e85a8f 4408 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs", &resetok))
fffda43a
TK		 4409 {
4410 case 1: goto EXPAND_FAILED_CURLY;
4411 case 2:
4412 case 3: goto EXPAND_FAILED;
4413 }
4414 }
4415
4416 continue;
4417 }
4418
059ec3d9
PH		 4419 /* Handle "readfile" to insert an entire file */
4420
4421 case EITEM_READFILE:
4422 {
4423 FILE *f;
4424 uschar *sub_arg[2];
4425
4426 if ((expand_forbid & RDO_READFILE) != 0)
4427 {
4428 expand_string_message = US"file insertions are not permitted";
4429 goto EXPAND_FAILED;
4430 }
4431
b0e85a8f 4432 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile", &resetok))
059ec3d9
PH		 4433 {
4434 case 1: goto EXPAND_FAILED_CURLY;
4435 case 2:
4436 case 3: goto EXPAND_FAILED;
4437 }
4438
4439 /* If skipping, we don't actually do anything */
4440
4441 if (skipping) continue;
4442
4443 /* Open the file and read it */
4444
4445 f = Ufopen(sub_arg[0], "rb");
4446 if (f == NULL)
4447 {
4448 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4449 goto EXPAND_FAILED;
4450 }
4451
4452 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
f1e894f3 4453 (void)fclose(f);
059ec3d9
PH		 4454 continue;
4455 }
4456
4457 /* Handle "readsocket" to insert data from a Unix domain socket */
4458
4459 case EITEM_READSOCK:
4460 {
4461 int fd;
4462 int timeout = 5;
4463 int save_ptr = ptr;
4464 FILE *f;
4465 struct sockaddr_un sockun; /* don't call this "sun" ! */
4466 uschar *arg;
4467 uschar *sub_arg[4];
4468
4469 if ((expand_forbid & RDO_READSOCK) != 0)
4470 {
4471 expand_string_message = US"socket insertions are not permitted";
4472 goto EXPAND_FAILED;
4473 }
4474
4475 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4476 because there may be a string for expansion on failure. */
4477
b0e85a8f 4478 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket", &resetok))
059ec3d9
PH		 4479 {
4480 case 1: goto EXPAND_FAILED_CURLY;
4481 case 2: /* Won't occur: no end check */
4482 case 3: goto EXPAND_FAILED;
4483 }
4484
4485 /* Sort out timeout, if given */
4486
4487 if (sub_arg[2] != NULL)
4488 {
4489 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
4490 if (timeout < 0)
4491 {
4492 expand_string_message = string_sprintf("bad time value %s",
4493 sub_arg[2]);
4494 goto EXPAND_FAILED;
4495 }
4496 }
4497 else sub_arg[3] = NULL; /* No eol if no timeout */
4498
1cce3af8
PH		 4499 /* If skipping, we don't actually do anything. Otherwise, arrange to
4500 connect to either an IP or a Unix socket. */
059ec3d9
PH		 4501
4502 if (!skipping)
4503 {
1cce3af8 4504 /* Handle an IP (internet) domain */
059ec3d9 4505
91ecef39 4506 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
059ec3d9 4507 {
b1f8e4f8 4508 int port;
1cce3af8
PH		 4509 uschar *server_name = sub_arg[0] + 5;
4510 uschar *port_name = Ustrrchr(server_name, ':');
4511
4512 /* Sort out the port */
4513
4514 if (port_name == NULL)
4515 {
4516 expand_string_message =
4517 string_sprintf("missing port for readsocket %s", sub_arg[0]);
4518 goto EXPAND_FAILED;
4519 }
4520 *port_name++ = 0; /* Terminate server name */
4521
4522 if (isdigit(*port_name))
4523 {
4524 uschar *end;
4525 port = Ustrtol(port_name, &end, 0);
4526 if (end != port_name + Ustrlen(port_name))
4527 {
4528 expand_string_message =
4529 string_sprintf("invalid port number %s", port_name);
4530 goto EXPAND_FAILED;
4531 }
4532 }
4533 else
4534 {
4535 struct servent *service_info = getservbyname(CS port_name, "tcp");
4536 if (service_info == NULL)
4537 {
4538 expand_string_message = string_sprintf("unknown port \"%s\"",
4539 port_name);
4540 goto EXPAND_FAILED;
4541 }
4542 port = ntohs(service_info->s_port);
4543 }
4544
b1f8e4f8
JH		 4545 if ((fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
4546 timeout, NULL, &expand_string_message)) < 0)
1cce3af8 4547 goto SOCK_FAIL;
059ec3d9
PH		 4548 }
4549
1cce3af8
PH		 4550 /* Handle a Unix domain socket */
4551
4552 else
059ec3d9 4553 {
a401ddaa 4554 int rc;
1cce3af8
PH		 4555 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4556 {
4557 expand_string_message = string_sprintf("failed to create socket: %s",
4558 strerror(errno));
4559 goto SOCK_FAIL;
4560 }
4561
4562 sockun.sun_family = AF_UNIX;
4563 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4564 sub_arg[0]);
a401ddaa
PH		 4565
4566 sigalrm_seen = FALSE;
4567 alarm(timeout);
4568 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4569 alarm(0);
734e1499 4570 if (sigalrm_seen)
1cce3af8 4571 {
734e1499 4572 expand_string_message = US "socket connect timed out";
1cce3af8
PH		 4573 goto SOCK_FAIL;
4574 }
734e1499 4575 if (rc < 0)
a401ddaa 4576 {
734e1499
PH		 4577 expand_string_message = string_sprintf("failed to connect to socket "
4578 "%s: %s", sub_arg[0], strerror(errno));
a401ddaa
PH		 4579 goto SOCK_FAIL;
4580 }
059ec3d9 4581 }
1cce3af8 4582
059ec3d9
PH		 4583 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4584
4585 /* Write the request string, if not empty */
4586
4587 if (sub_arg[1][0] != 0)
4588 {
4589 int len = Ustrlen(sub_arg[1]);
4590 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4591 sub_arg[1]);
4592 if (write(fd, sub_arg[1], len) != len)
4593 {
4594 expand_string_message = string_sprintf("request write to socket "
4595 "failed: %s", strerror(errno));
4596 goto SOCK_FAIL;
4597 }
4598 }
4599
c1114884
PH		 4600 /* Shut down the sending side of the socket. This helps some servers to
4601 recognise that it is their turn to do some work. Just in case some
4602 system doesn't have this function, make it conditional. */
4603
4604 #ifdef SHUT_WR
4605 shutdown(fd, SHUT_WR);
4606 #endif
4607
059ec3d9
PH		 4608 /* Now we need to read from the socket, under a timeout. The function
4609 that reads a file can be used. */
4610
4611 f = fdopen(fd, "rb");
4612 sigalrm_seen = FALSE;
4613 alarm(timeout);
4614 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4615 alarm(0);
f1e894f3 4616 (void)fclose(f);
059ec3d9
PH		 4617
4618 /* After a timeout, we restore the pointer in the result, that is,
4619 make sure we add nothing from the socket. */
4620
4621 if (sigalrm_seen)
4622 {
4623 ptr = save_ptr;
1cce3af8 4624 expand_string_message = US "socket read timed out";
059ec3d9
PH		 4625 goto SOCK_FAIL;
4626 }
4627 }
4628
4629 /* The whole thing has worked (or we were skipping). If there is a
4630 failure string following, we need to skip it. */
4631
4632 if (*s == '{')
4633 {
b0e85a8f 4634 if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL)
059ec3d9
PH		 4635 goto EXPAND_FAILED;
4636 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4637 while (isspace(*s)) s++;
4638 }
4639 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4640 continue;
4641
4642 /* Come here on failure to create socket, connect socket, write to the
4643 socket, or timeout on reading. If another substring follows, expand and
4644 use it. Otherwise, those conditions give expand errors. */
4645
4646 SOCK_FAIL:
4647 if (*s != '{') goto EXPAND_FAILED;
4648 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
b0e85a8f 4649 arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok);
059ec3d9
PH		 4650 if (arg == NULL) goto EXPAND_FAILED;
4651 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4652 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4653 while (isspace(*s)) s++;
4654 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4655 continue;
4656 }
4657
4658 /* Handle "run" to execute a program. */
4659
4660 case EITEM_RUN:
4661 {
4662 FILE *f;
059ec3d9
PH		 4663 uschar *arg;
4664 uschar **argv;
4665 pid_t pid;
4666 int fd_in, fd_out;
4667 int lsize = 0;
4668 int lptr = 0;
4669
4670 if ((expand_forbid & RDO_RUN) != 0)
4671 {
4672 expand_string_message = US"running a command is not permitted";
4673 goto EXPAND_FAILED;
4674 }
4675
4676 while (isspace(*s)) s++;
4677 if (*s != '{') goto EXPAND_FAILED_CURLY;
b0e85a8f 4678 arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
059ec3d9
PH		 4679 if (arg == NULL) goto EXPAND_FAILED;
4680 while (isspace(*s)) s++;
4681 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4682
4683 if (skipping) /* Just pretend it worked when we're skipping */
4684 {
4685 runrc = 0;
4686 }
4687 else
4688 {
4689 if (!transport_set_up_command(&argv, /* anchor for arg list */
4690 arg, /* raw command */
4691 FALSE, /* don't expand the arguments */
4692 0, /* not relevant when... */
4693 NULL, /* no transporting address */
4694 US"${run} expansion", /* for error messages */
4695 &expand_string_message)) /* where to put error message */
4696 {
4697 goto EXPAND_FAILED;
4698 }
4699
4700 /* Create the child process, making it a group leader. */
4701
4702 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
4703
4704 if (pid < 0)
4705 {
4706 expand_string_message =
4707 string_sprintf("couldn't create child process: %s", strerror(errno));
4708 goto EXPAND_FAILED;
4709 }
4710
4711 /* Nothing is written to the standard input. */
4712
f1e894f3 4713 (void)close(fd_in);
059ec3d9 4714
ac53fcda
PP		 4715 /* Read the pipe to get the command's output into $value (which is kept
4716 in lookup_value). Read during execution, so that if the output exceeds
4717 the OS pipe buffer limit, we don't block forever. */
4718
4719 f = fdopen(fd_out, "rb");
4720 sigalrm_seen = FALSE;
4721 alarm(60);
4722 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4723 alarm(0);
4724 (void)fclose(f);
4725
059ec3d9
PH		 4726 /* Wait for the process to finish, applying the timeout, and inspect its
4727 return code for serious disasters. Simple non-zero returns are passed on.
4728 */
4729
ac53fcda 4730 if (sigalrm_seen == TRUE || (runrc = child_close(pid, 30)) < 0)
059ec3d9 4731 {
ac53fcda 4732 if (sigalrm_seen == TRUE || runrc == -256)
059ec3d9
PH		 4733 {
4734 expand_string_message = string_sprintf("command timed out");
4735 killpg(pid, SIGKILL); /* Kill the whole process group */
4736 }
4737
4738 else if (runrc == -257)
4739 expand_string_message = string_sprintf("wait() failed: %s",
4740 strerror(errno));
4741
4742 else
4743 expand_string_message = string_sprintf("command killed by signal %d",
4744 -runrc);
4745
4746 goto EXPAND_FAILED;
4747 }
059ec3d9
PH		 4748 }
4749
d20976dc 4750 /* Process the yes/no strings; $value may be useful in both cases */
059ec3d9
PH		 4751
4752 switch(process_yesno(
4753 skipping, /* were previously skipping */
4754 runrc == 0, /* success/failure indicator */
d20976dc 4755 lookup_value, /* value to reset for string2 */
059ec3d9
PH		 4756 &s, /* input pointer */
4757 &yield, /* output pointer */
4758 &size, /* output size */
4759 &ptr, /* output current point */
b0e85a8f
JH		 4760 US"run", /* condition type */
4761 &resetok))
059ec3d9
PH		 4762 {
4763 case 1: goto EXPAND_FAILED; /* when all is well, the */
4764 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4765 }
4766
4767 continue;
4768 }
4769
4770 /* Handle character translation for "tr" */
4771
4772 case EITEM_TR:
4773 {
4774 int oldptr = ptr;
4775 int o2m;
4776 uschar *sub[3];
4777
b0e85a8f 4778 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr", &resetok))
059ec3d9
PH		 4779 {
4780 case 1: goto EXPAND_FAILED_CURLY;
4781 case 2:
4782 case 3: goto EXPAND_FAILED;
4783 }
4784
4785 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4786 o2m = Ustrlen(sub[2]) - 1;
4787
4788 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4789 {
4790 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4791 if (m != NULL)
4792 {
4793 int o = m - sub[1];
4794 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4795 }
4796 }
4797
4798 continue;
4799 }
4800
4801 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4802 expanded arguments. */
4803
4804 case EITEM_HASH:
4805 case EITEM_LENGTH:
4806 case EITEM_NHASH:
4807 case EITEM_SUBSTR:
4808 {
4809 int i;
4810 int len;
4811 uschar *ret;
4812 int val[2] = { 0, -1 };
4813 uschar *sub[3];
4814
4815 /* "length" takes only 2 arguments whereas the others take 2 or 3.
2e23003a 4816 Ensure that sub[2] is set in the ${length } case. */
059ec3d9
PH		 4817
4818 sub[2] = NULL;
4819 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
b0e85a8f 4820 TRUE, name, &resetok))
059ec3d9
PH		 4821 {
4822 case 1: goto EXPAND_FAILED_CURLY;
4823 case 2:
4824 case 3: goto EXPAND_FAILED;
4825 }
4826
4827 /* Juggle the arguments if there are only two of them: always move the
4828 string to the last position and make ${length{n}{str}} equivalent to
4829 ${substr{0}{n}{str}}. See the defaults for val[] above. */
4830
4831 if (sub[2] == NULL)
4832 {
4833 sub[2] = sub[1];
4834 sub[1] = NULL;
4835 if (item_type == EITEM_LENGTH)
4836 {
4837 sub[1] = sub[0];
4838 sub[0] = NULL;
4839 }
4840 }
4841
4842 for (i = 0; i < 2; i++)
4843 {
4844 if (sub[i] == NULL) continue;
4845 val[i] = (int)Ustrtol(sub[i], &ret, 10);
4846 if (*ret != 0 || (i != 0 && val[i] < 0))
4847 {
4848 expand_string_message = string_sprintf("\"%s\" is not a%s number "
4849 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
4850 goto EXPAND_FAILED;
4851 }
4852 }
4853
4854 ret =
4855 (item_type == EITEM_HASH)?
4856 compute_hash(sub[2], val[0], val[1], &len) :
4857 (item_type == EITEM_NHASH)?
4858 compute_nhash(sub[2], val[0], val[1], &len) :
4859 extract_substr(sub[2], val[0], val[1], &len);
4860
4861 if (ret == NULL) goto EXPAND_FAILED;
4862 yield = string_cat(yield, &size, &ptr, ret, len);
4863 continue;
4864 }
4865
4866 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
4867 This code originally contributed by Steve Haslam. It currently supports
4868 the use of MD5 and SHA-1 hashes.
4869
4870 We need some workspace that is large enough to handle all the supported
4871 hash types. Use macros to set the sizes rather than be too elaborate. */
4872
4873 #define MAX_HASHLEN 20
4874 #define MAX_HASHBLOCKLEN 64
4875
4876 case EITEM_HMAC:
4877 {
4878 uschar *sub[3];
4879 md5 md5_base;
4880 sha1 sha1_base;
4881 void *use_base;
4882 int type, i;
4883 int hashlen; /* Number of octets for the hash algorithm's output */
4884 int hashblocklen; /* Number of octets the hash algorithm processes */
4885 uschar *keyptr, *p;
4886 unsigned int keylen;
4887
4888 uschar keyhash[MAX_HASHLEN];
4889 uschar innerhash[MAX_HASHLEN];
4890 uschar finalhash[MAX_HASHLEN];
4891 uschar finalhash_hex[2*MAX_HASHLEN];
4892 uschar innerkey[MAX_HASHBLOCKLEN];
4893 uschar outerkey[MAX_HASHBLOCKLEN];
4894
b0e85a8f 4895 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name, &resetok))
059ec3d9
PH		 4896 {
4897 case 1: goto EXPAND_FAILED_CURLY;
4898 case 2:
4899 case 3: goto EXPAND_FAILED;
4900 }
4901
4902 if (Ustrcmp(sub[0], "md5") == 0)
4903 {
4904 type = HMAC_MD5;
4905 use_base = &md5_base;
4906 hashlen = 16;
4907 hashblocklen = 64;
4908 }
4909 else if (Ustrcmp(sub[0], "sha1") == 0)
4910 {
4911 type = HMAC_SHA1;
4912 use_base = &sha1_base;
4913 hashlen = 20;
4914 hashblocklen = 64;
4915 }
4916 else
4917 {
4918 expand_string_message =
4919 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
4920 goto EXPAND_FAILED;
4921 }
4922
4923 keyptr = sub[1];
4924 keylen = Ustrlen(keyptr);
4925
4926 /* If the key is longer than the hash block length, then hash the key
4927 first */
4928
4929 if (keylen > hashblocklen)
4930 {
4931 chash_start(type, use_base);
4932 chash_end(type, use_base, keyptr, keylen, keyhash);
4933 keyptr = keyhash;
4934 keylen = hashlen;
4935 }
4936
4937 /* Now make the inner and outer key values */
4938
4939 memset(innerkey, 0x36, hashblocklen);
4940 memset(outerkey, 0x5c, hashblocklen);
4941
4942 for (i = 0; i < keylen; i++)
4943 {
4944 innerkey[i] ^= keyptr[i];
4945 outerkey[i] ^= keyptr[i];
4946 }
4947
4948 /* Now do the hashes */
4949
4950 chash_start(type, use_base);
4951 chash_mid(type, use_base, innerkey);
4952 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
4953
4954 chash_start(type, use_base);
4955 chash_mid(type, use_base, outerkey);
4956 chash_end(type, use_base, innerhash, hashlen, finalhash);
4957
4958 /* Encode the final hash as a hex string */
4959
4960 p = finalhash_hex;
4961 for (i = 0; i < hashlen; i++)
4962 {
4963 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
4964 *p++ = hex_digits[finalhash[i] & 0x0f];
4965 }
4966
4967 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
4968 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
4969
4970 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
4971 }
4972
4973 continue;
4974
4975 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
4976 We have to save the numerical variables and restore them afterwards. */
4977
4978 case EITEM_SG:
4979 {
4980 const pcre *re;
4981 int moffset, moffsetextra, slen;
4982 int roffset;
4983 int emptyopt;
4984 const uschar *rerror;
4985 uschar *subject;
4986 uschar *sub[3];
4987 int save_expand_nmax =
4988 save_expand_strings(save_expand_nstring, save_expand_nlength);
4989
b0e85a8f 4990 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg", &resetok))
059ec3d9
PH		 4991 {
4992 case 1: goto EXPAND_FAILED_CURLY;
4993 case 2:
4994 case 3: goto EXPAND_FAILED;
4995 }
4996
4997 /* Compile the regular expression */
4998
4999 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
5000 NULL);
5001
5002 if (re == NULL)
5003 {
5004 expand_string_message = string_sprintf("regular expression error in "
5005 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
5006 goto EXPAND_FAILED;
5007 }
5008
5009 /* Now run a loop to do the substitutions as often as necessary. It ends
5010 when there are no more matches. Take care over matches of the null string;
5011 do the same thing as Perl does. */
5012
5013 subject = sub[0];
5014 slen = Ustrlen(sub[0]);
5015 moffset = moffsetextra = 0;
5016 emptyopt = 0;
5017
5018 for (;;)
5019 {
5020 int ovector[3*(EXPAND_MAXN+1)];
5021 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
5022 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
5023 int nn;
5024 uschar *insert;
5025
5026 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
5027 is not necessarily the end. We want to repeat the match from one
5028 character further along, but leaving the basic offset the same (for
5029 copying below). We can't be at the end of the string - that was checked
5030 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
5031 finished; copy the remaining string and end the loop. */
5032
5033 if (n < 0)
5034 {
5035 if (emptyopt != 0)
5036 {
5037 moffsetextra = 1;
5038 emptyopt = 0;
5039 continue;
5040 }
5041 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
5042 break;
5043 }
5044
5045 /* Match - set up for expanding the replacement. */
5046
5047 if (n == 0) n = EXPAND_MAXN + 1;
5048 expand_nmax = 0;
5049 for (nn = 0; nn < n*2; nn += 2)
5050 {
5051 expand_nstring[expand_nmax] = subject + ovector[nn];
5052 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5053 }
5054 expand_nmax--;
5055
5056 /* Copy the characters before the match, plus the expanded insertion. */
5057
5058 yield = string_cat(yield, &size, &ptr, subject + moffset,
5059 ovector[0] - moffset);
5060 insert = expand_string(sub[2]);
5061 if (insert == NULL) goto EXPAND_FAILED;
5062 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
5063
5064 moffset = ovector[1];
5065 moffsetextra = 0;
5066 emptyopt = 0;
5067
5068 /* If we have matched an empty string, first check to see if we are at
5069 the end of the subject. If so, the loop is over. Otherwise, mimic
5070 what Perl's /g options does. This turns out to be rather cunning. First
5071 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
5072 string at the same point. If this fails (picked up above) we advance to
5073 the next character. */
5074
5075 if (ovector[0] == ovector[1])
5076 {
5077 if (ovector[0] == slen) break;
5078 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
5079 }
5080 }
5081
5082 /* All done - restore numerical variables. */
5083
5084 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5085 save_expand_nlength);
5086 continue;
5087 }
5088
5089 /* Handle keyed and numbered substring extraction. If the first argument
5090 consists entirely of digits, then a numerical extraction is assumed. */
5091
5092 case EITEM_EXTRACT:
5093 {
5094 int i;
5095 int j = 2;
5096 int field_number = 1;
5097 BOOL field_number_set = FALSE;
5098 uschar *save_lookup_value = lookup_value;
5099 uschar *sub[3];
5100 int save_expand_nmax =
5101 save_expand_strings(save_expand_nstring, save_expand_nlength);
5102
5103 /* Read the arguments */
5104
5105 for (i = 0; i < j; i++)
5106 {
5107 while (isspace(*s)) s++;
aa26e137 5108 if (*s == '{') /*}*/
059ec3d9 5109 {
b0e85a8f
JH		 5110 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5111 if (sub[i] == NULL) goto EXPAND_FAILED; /*{*/
059ec3d9
PH		 5112 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5113
5114 /* After removal of leading and trailing white space, the first
5115 argument must not be empty; if it consists entirely of digits
5116 (optionally preceded by a minus sign), this is a numerical
5117 extraction, and we expect 3 arguments. */
5118
5119 if (i == 0)
5120 {
5121 int len;
5122 int x = 0;
5123 uschar *p = sub[0];
5124
5125 while (isspace(*p)) p++;
5126 sub[0] = p;
5127
5128 len = Ustrlen(p);
5129 while (len > 0 && isspace(p[len-1])) len--;
5130 p[len] = 0;
5131
e2803e40 5132 if (*p == 0 && !skipping)
059ec3d9 5133 {
554d2369
TF		 5134 expand_string_message = US"first argument of \"extract\" must "
5135 "not be empty";
059ec3d9
PH		 5136 goto EXPAND_FAILED;
5137 }
5138
5139 if (*p == '-')
5140 {
5141 field_number = -1;
5142 p++;
5143 }
5144 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
5145 if (*p == 0)
5146 {
5147 field_number *= x;
5148 j = 3; /* Need 3 args */
5149 field_number_set = TRUE;
5150 }
5151 }
5152 }
5153 else goto EXPAND_FAILED_CURLY;
5154 }
5155
5156 /* Extract either the numbered or the keyed substring into $value. If
5157 skipping, just pretend the extraction failed. */
5158
5159 lookup_value = skipping? NULL : field_number_set?
5160 expand_gettokened(field_number, sub[1], sub[2]) :
5161 expand_getkeyed(sub[0], sub[1]);
5162
5163 /* If no string follows, $value gets substituted; otherwise there can
5164 be yes/no strings, as for lookup or if. */
5165
aa26e137
JH		 5166 switch(process_yesno(
5167 skipping, /* were previously skipping */
5168 lookup_value != NULL, /* success/failure indicator */
5169 save_lookup_value, /* value to reset for string2 */
5170 &s, /* input pointer */
5171 &yield, /* output pointer */
5172 &size, /* output size */
5173 &ptr, /* output current point */
5174 US"extract", /* condition type */
5175 &resetok))
5176 {
5177 case 1: goto EXPAND_FAILED; /* when all is well, the */
5178 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5179 }
5180
5181 /* All done - restore numerical variables. */
5182
5183 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5184 save_expand_nlength);
5185
5186 continue;
5187 }
5188
5189 /* return the Nth item from a list */
5190
5191 case EITEM_LISTEXTRACT:
5192 {
5193 int i;
5194 int field_number = 1;
5195 uschar *save_lookup_value = lookup_value;
5196 uschar *sub[2];
5197 int save_expand_nmax =
5198 save_expand_strings(save_expand_nstring, save_expand_nlength);
5199
5200 /* Read the field & list arguments */
5201
5202 for (i = 0; i < 2; i++)
5203 {
5204 while (isspace(*s)) s++;
5205 if (*s != '{') /*}*/
5206 goto EXPAND_FAILED_CURLY;
5207
5208 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5209 if (!sub[i]) goto EXPAND_FAILED; /*{*/
5210 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5211
5212 /* After removal of leading and trailing white space, the first
5213 argument must be numeric and nonempty. */
5214
5215 if (i == 0)
5216 {
5217 int len;
5218 int x = 0;
5219 uschar *p = sub[0];
5220
5221 while (isspace(*p)) p++;
5222 sub[0] = p;
5223
5224 len = Ustrlen(p);
5225 while (len > 0 && isspace(p[len-1])) len--;
5226 p[len] = 0;
5227
5228 if (!*p && !skipping)
5229 {
5230 expand_string_message = US"first argument of \"listextract\" must "
5231 "not be empty";
5232 goto EXPAND_FAILED;
5233 }
5234
5235 if (*p == '-')
5236 {
5237 field_number = -1;
5238 p++;
5239 }
5240 while (*p && isdigit(*p)) x = x * 10 + *p++ - '0';
5241 if (*p)
5242 {
5243 expand_string_message = US"first argument of \"listextract\" must "
5244 "be numeric";
5245 goto EXPAND_FAILED;
5246 }
5247 field_number *= x;
5248 }
5249 }
5250
5251 /* Extract the numbered element into $value. If
5252 skipping, just pretend the extraction failed. */
5253
5254 lookup_value = skipping? NULL : expand_getlistele(field_number, sub[1]);
5255
5256 /* If no string follows, $value gets substituted; otherwise there can
5257 be yes/no strings, as for lookup or if. */
5258
059ec3d9
PH		 5259 switch(process_yesno(
5260 skipping, /* were previously skipping */
5261 lookup_value != NULL, /* success/failure indicator */
5262 save_lookup_value, /* value to reset for string2 */
5263 &s, /* input pointer */
5264 &yield, /* output pointer */
5265 &size, /* output size */
5266 &ptr, /* output current point */
b0e85a8f
JH		 5267 US"extract", /* condition type */
5268 &resetok))
059ec3d9
PH		 5269 {
5270 case 1: goto EXPAND_FAILED; /* when all is well, the */
5271 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5272 }
5273
5274 /* All done - restore numerical variables. */
5275
5276 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5277 save_expand_nlength);
5278
5279 continue;
5280 }
1a46a8c5 5281
29f89cad
PH		 5282 /* Handle list operations */
5283
5284 case EITEM_FILTER:
5285 case EITEM_MAP:
5286 case EITEM_REDUCE:
5287 {
5288 int sep = 0;
5289 int save_ptr = ptr;
5290 uschar outsep[2] = { '\0', '\0' };
5291 uschar *list, *expr, *temp;
5292 uschar *save_iterate_item = iterate_item;
5293 uschar *save_lookup_value = lookup_value;
5294
5295 while (isspace(*s)) s++;
5296 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5297
b0e85a8f 5298 list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
29f89cad
PH		 5299 if (list == NULL) goto EXPAND_FAILED;
5300 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5301
5302 if (item_type == EITEM_REDUCE)
5303 {
5304 while (isspace(*s)) s++;
5305 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
b0e85a8f 5306 temp = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
29f89cad
PH		 5307 if (temp == NULL) goto EXPAND_FAILED;
5308 lookup_value = temp;
5309 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5310 }
5311
5312 while (isspace(*s)) s++;
5313 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5314
5315 expr = s;
5316
5317 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
5318 if scanning a "false" part). This allows us to find the end of the
5319 condition, because if the list is empty, we won't actually evaluate the
5320 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
5321 the normal internal expansion function. */
5322
5323 if (item_type == EITEM_FILTER)
5324 {
b0e85a8f 5325 temp = eval_condition(expr, &resetok, NULL);
29f89cad
PH		 5326 if (temp != NULL) s = temp;
5327 }
5328 else
5329 {
b0e85a8f 5330 temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
29f89cad
PH		 5331 }
5332
5333 if (temp == NULL)
5334 {
5335 expand_string_message = string_sprintf("%s inside \"%s\" item",
5336 expand_string_message, name);
5337 goto EXPAND_FAILED;
5338 }
5339
5340 while (isspace(*s)) s++;
5341 if (*s++ != '}')
2e23003a 5342 { /*{*/
29f89cad
PH		 5343 expand_string_message = string_sprintf("missing } at end of condition "
5344 "or expression inside \"%s\"", name);
5345 goto EXPAND_FAILED;
5346 }
5347
2e23003a 5348 while (isspace(*s)) s++; /*{*/
29f89cad 5349 if (*s++ != '}')
2e23003a 5350 { /*{*/
29f89cad
PH		 5351 expand_string_message = string_sprintf("missing } at end of \"%s\"",
5352 name);
5353 goto EXPAND_FAILED;
5354 }
5355
5356 /* If we are skipping, we can now just move on to the next item. When
5357 processing for real, we perform the iteration. */
5358
5359 if (skipping) continue;
5360 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
5361 {
5362 *outsep = (uschar)sep; /* Separator as a string */
5363
5364 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
5365
5366 if (item_type == EITEM_FILTER)
5367 {
5368 BOOL condresult;
b0e85a8f 5369 if (eval_condition(expr, &resetok, &condresult) == NULL)
29f89cad 5370 {
e58c13cc
PH		 5371 iterate_item = save_iterate_item;
5372 lookup_value = save_lookup_value;
29f89cad
PH		 5373 expand_string_message = string_sprintf("%s inside \"%s\" condition",
5374 expand_string_message, name);
5375 goto EXPAND_FAILED;
5376 }
5377 DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
5378 condresult? "true":"false");
5379 if (condresult)
5380 temp = iterate_item; /* TRUE => include this item */
5381 else
5382 continue; /* FALSE => skip this item */
5383 }
5384
5385 /* EITEM_MAP and EITEM_REDUCE */
5386
5387 else
5388 {
b0e85a8f 5389 temp = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok);
29f89cad
PH		 5390 if (temp == NULL)
5391 {
e58c13cc 5392 iterate_item = save_iterate_item;
29f89cad
PH		 5393 expand_string_message = string_sprintf("%s inside \"%s\" item",
5394 expand_string_message, name);
5395 goto EXPAND_FAILED;
5396 }
5397 if (item_type == EITEM_REDUCE)
5398 {
5399 lookup_value = temp; /* Update the value of $value */
5400 continue; /* and continue the iteration */
5401 }
5402 }
5403
5404 /* We reach here for FILTER if the condition is true, always for MAP,
5405 and never for REDUCE. The value in "temp" is to be added to the output
5406 list that is being created, ensuring that any occurrences of the
5407 separator character are doubled. Unless we are dealing with the first
5408 item of the output list, add in a space if the new item begins with the
5409 separator character, or is an empty string. */
5410
5411 if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
5412 yield = string_cat(yield, &size, &ptr, US" ", 1);
5413
5414 /* Add the string in "temp" to the output list that we are building,
5415 This is done in chunks by searching for the separator character. */
5416
5417 for (;;)
5418 {
5419 size_t seglen = Ustrcspn(temp, outsep);
5420 yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
5421
5422 /* If we got to the end of the string we output one character
5423 too many; backup and end the loop. Otherwise arrange to double the
5424 separator. */
5425
5426 if (temp[seglen] == '\0') { ptr--; break; }
5427 yield = string_cat(yield, &size, &ptr, outsep, 1);
5428 temp += seglen + 1;
5429 }
5430
5431 /* Output a separator after the string: we will remove the redundant
5432 final one at the end. */
5433
5434 yield = string_cat(yield, &size, &ptr, outsep, 1);
5435 } /* End of iteration over the list loop */
5436
5437 /* REDUCE has generated no output above: output the final value of
5438 $value. */
5439
5440 if (item_type == EITEM_REDUCE)
5441 {
5442 yield = string_cat(yield, &size, &ptr, lookup_value,
5443 Ustrlen(lookup_value));
5444 lookup_value = save_lookup_value; /* Restore $value */
5445 }
5446
5447 /* FILTER and MAP generate lists: if they have generated anything, remove
5448 the redundant final separator. Even though an empty item at the end of a
5449 list does not count, this is tidier. */
5450
5451 else if (ptr != save_ptr) ptr--;
5452
5453 /* Restore preserved $item */
5454
5455 iterate_item = save_iterate_item;
5456 continue;
5457 }
5458
5459
2e23003a 5460 /* If ${dlfunc } support is configured, handle calling dynamically-loaded
1a46a8c5
PH		 5461 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
5462 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
5463 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
5464
5465 #define EXPAND_DLFUNC_MAX_ARGS 8
5466
5467 case EITEM_DLFUNC:
5468 #ifndef EXPAND_DLFUNC
2e23003a 5469 expand_string_message = US"\"${dlfunc\" encountered, but this facility " /*}*/
1a46a8c5
PH		 5470 "is not included in this binary";
5471 goto EXPAND_FAILED;
5472
5473 #else /* EXPAND_DLFUNC */
5474 {
5475 tree_node *t;
5476 exim_dlfunc_t *func;
5477 uschar *result;
5478 int status, argc;
5479 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
5480
5481 if ((expand_forbid & RDO_DLFUNC) != 0)
5482 {
5483 expand_string_message =
5484 US"dynamically-loaded functions are not permitted";
5485 goto EXPAND_FAILED;
5486 }
5487
5488 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
b0e85a8f 5489 TRUE, US"dlfunc", &resetok))
1a46a8c5
PH		 5490 {
5491 case 1: goto EXPAND_FAILED_CURLY;
5492 case 2:
5493 case 3: goto EXPAND_FAILED;
5494 }
5495
5496 /* If skipping, we don't actually do anything */
5497
5498 if (skipping) continue;
5499
5500 /* Look up the dynamically loaded object handle in the tree. If it isn't
5501 found, dlopen() the file and put the handle in the tree for next time. */
5502
5503 t = tree_search(dlobj_anchor, argv[0]);
5504 if (t == NULL)
5505 {
5506 void *handle = dlopen(CS argv[0], RTLD_LAZY);
5507 if (handle == NULL)
5508 {
5509 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
5510 argv[0], dlerror());
5511 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5512 goto EXPAND_FAILED;
5513 }
5514 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
5515 Ustrcpy(t->name, argv[0]);
5516 t->data.ptr = handle;
5517 (void)tree_insertnode(&dlobj_anchor, t);
5518 }
5519
5520 /* Having obtained the dynamically loaded object handle, look up the
5521 function pointer. */
5522
5523 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
5524 if (func == NULL)
5525 {
5526 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
5527 "%s", argv[1], argv[0], dlerror());
7dbf77c9 5528 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
1a46a8c5
PH		 5529 goto EXPAND_FAILED;
5530 }
5531
5532 /* Call the function and work out what to do with the result. If it
5533 returns OK, we have a replacement string; if it returns DEFER then
5534 expansion has failed in a non-forced manner; if it returns FAIL then
5535 failure was forced; if it returns ERROR or any other value there's a
d6b4d938
TF		 5536 problem, so panic slightly. In any case, assume that the function has
5537 side-effects on the store that must be preserved. */
1a46a8c5 5538
d6b4d938 5539 resetok = FALSE;
1a46a8c5
PH		 5540 result = NULL;
5541 for (argc = 0; argv[argc] != NULL; argc++);
5542 status = func(&result, argc - 2, &argv[2]);
5543 if(status == OK)
5544 {
5545 if (result == NULL) result = US"";
5546 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
5547 continue;
5548 }
5549 else
5550 {
5551 expand_string_message = result == NULL ? US"(no message)" : result;
5552 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
5553 else if(status != FAIL)
5554 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
5555 argv[0], argv[1], status, expand_string_message);
5556 goto EXPAND_FAILED;
5557 }
5558 }
5559 #endif /* EXPAND_DLFUNC */
2e23003a 5560 } /* EITEM_* switch */
059ec3d9
PH		 5561
5562 /* Control reaches here if the name is not recognized as one of the more
5563 complicated expansion items. Check for the "operator" syntax (name terminated
5564 by a colon). Some of the operators have arguments, separated by _ from the
5565 name. */
5566
5567 if (*s == ':')
5568 {
5569 int c;
5570 uschar *arg = NULL;
b0e85a8f 5571 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
059ec3d9
PH		 5572 if (sub == NULL) goto EXPAND_FAILED;
5573 s++;
5574
5575 /* Owing to an historical mis-design, an underscore may be part of the
5576 operator name, or it may introduce arguments. We therefore first scan the
5577 table of names that contain underscores. If there is no match, we cut off
5578 the arguments and then scan the main table. */
5579
5580 c = chop_match(name, op_table_underscore,
5581 sizeof(op_table_underscore)/sizeof(uschar *));
5582
5583 if (c < 0)
5584 {
5585 arg = Ustrchr(name, '_');
5586 if (arg != NULL) *arg = 0;
5587 c = chop_match(name, op_table_main,
5588 sizeof(op_table_main)/sizeof(uschar *));
5589 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
5590 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
5591 }
5592
5593 /* If we are skipping, we don't need to perform the operation at all.
5594 This matters for operations like "mask", because the data may not be
5595 in the correct format when skipping. For example, the expression may test
5596 for the existence of $sender_host_address before trying to mask it. For
5597 other operations, doing them may not fail, but it is a waste of time. */
5598
5599 if (skipping && c >= 0) continue;
5600
5601 /* Otherwise, switch on the operator type */
5602
5603 switch(c)
5604 {
5605 case EOP_BASE62:
5606 {
5607 uschar *t;
5608 unsigned long int n = Ustrtoul(sub, &t, 10);
5609 if (*t != 0)
5610 {
5611 expand_string_message = string_sprintf("argument for base62 "
5612 "operator is \"%s\", which is not a decimal number", sub);
5613 goto EXPAND_FAILED;
5614 }
5615 t = string_base62(n);
5616 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5617 continue;
5618 }
5619
9a799bc0
PH		 5620 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
5621
059ec3d9
PH		 5622 case EOP_BASE62D:
5623 {
5624 uschar buf[16];
5625 uschar *tt = sub;
5626 unsigned long int n = 0;
5627 while (*tt != 0)
5628 {
5629 uschar *t = Ustrchr(base62_chars, *tt++);
5630 if (t == NULL)
5631 {
5632 expand_string_message = string_sprintf("argument for base62d "
9a799bc0
PH		 5633 "operator is \"%s\", which is not a base %d number", sub,
5634 BASE_62);
059ec3d9
PH		 5635 goto EXPAND_FAILED;
5636 }
9a799bc0 5637 n = n * BASE_62 + (t - base62_chars);
059ec3d9
PH		 5638 }
5639 (void)sprintf(CS buf, "%ld", n);
5640 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
5641 continue;
5642 }
5643
5644 case EOP_EXPAND:
5645 {
b0e85a8f 5646 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
059ec3d9
PH		 5647 if (expanded == NULL)
5648 {
5649 expand_string_message =
5650 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
5651 expand_string_message);
5652 goto EXPAND_FAILED;
5653 }
5654 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
5655 continue;
5656 }
5657
5658 case EOP_LC:
5659 {
5660 int count = 0;
5661 uschar *t = sub - 1;
5662 while (*(++t) != 0) { *t = tolower(*t); count++; }
5663 yield = string_cat(yield, &size, &ptr, sub, count);
5664 continue;
5665 }
5666
5667 case EOP_UC:
5668 {
5669 int count = 0;
5670 uschar *t = sub - 1;
5671 while (*(++t) != 0) { *t = toupper(*t); count++; }
5672 yield = string_cat(yield, &size, &ptr, sub, count);
5673 continue;
5674 }
5675
5676 case EOP_MD5:
5677 {
5678 md5 base;
5679 uschar digest[16];
5680 int j;
5681 char st[33];
5682 md5_start(&base);
5683 md5_end(&base, sub, Ustrlen(sub), digest);
5684 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
5685 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5686 continue;
5687 }
5688
5689 case EOP_SHA1:
5690 {
5691 sha1 base;
5692 uschar digest[20];
5693 int j;
5694 char st[41];
5695 sha1_start(&base);
5696 sha1_end(&base, sub, Ustrlen(sub), digest);
5697 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
5698 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5699 continue;
5700 }
5701
5702 /* Convert hex encoding to base64 encoding */
5703
5704 case EOP_HEX2B64:
5705 {
5706 int c = 0;
5707 int b = -1;
5708 uschar *in = sub;
5709 uschar *out = sub;
5710 uschar *enc;
5711
5712 for (enc = sub; *enc != 0; enc++)
5713 {
5714 if (!isxdigit(*enc))
5715 {
5716 expand_string_message = string_sprintf("\"%s\" is not a hex "
5717 "string", sub);
5718 goto EXPAND_FAILED;
5719 }
5720 c++;
5721 }
5722
5723 if ((c & 1) != 0)
5724 {
5725 expand_string_message = string_sprintf("\"%s\" contains an odd "
5726 "number of characters", sub);
5727 goto EXPAND_FAILED;
5728 }
5729
5730 while ((c = *in++) != 0)
5731 {
5732 if (isdigit(c)) c -= '0';
5733 else c = toupper(c) - 'A' + 10;
5734 if (b == -1)
5735 {
5736 b = c << 4;
5737 }
5738 else
5739 {
5740 *out++ = b | c;
5741 b = -1;
5742 }
5743 }
5744
5745 enc = auth_b64encode(sub, out - sub);
5746 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
5747 continue;
5748 }
5749
c393f931
TF		 5750 /* Convert octets outside 0x21..0x7E to \xXX form */
5751
5752 case EOP_HEXQUOTE:
5753 {
5754 uschar *t = sub - 1;
5755 while (*(++t) != 0)
5756 {
5757 if (*t < 0x21 || 0x7E < *t)
5758 yield = string_cat(yield, &size, &ptr,
5759 string_sprintf("\\x%02x", *t), 4);
5760 else
5761 yield = string_cat(yield, &size, &ptr, t, 1);
5762 }
5763 continue;
5764 }
5765
a64a3dfa
JH		 5766 /* count the number of list elements */
5767
5768 case EOP_LISTCOUNT:
5769 {
5770 int cnt = 0;
5771 int sep = 0;
5772 uschar * cp;
5773 uschar buffer[256];
5774
5775 while (string_nextinlist(&sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
5776 cp = string_sprintf("%d", cnt);
5777 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
5778 continue;
5779 }
5780
042eb971 5781 /* expand a named list given the name */
a64a3dfa 5782 /* handles nested named lists; requotes as colon-sep list */
042eb971 5783
a64a3dfa 5784 case EOP_LISTNAMED:
042eb971
JH		 5785 {
5786 tree_node *t = NULL;
5787 uschar * list;
5788 int sep = 0;
5789 uschar * item;
6d9cfc47 5790 uschar * suffix = US"";
042eb971
JH		 5791 BOOL needsep = FALSE;
5792 uschar buffer[256];
5793
5794 if (*sub == '+') sub++;
5795 if (arg == NULL) /* no-argument version */
5796 {
5797 if (!(t = tree_search(addresslist_anchor, sub)) &&
5798 !(t = tree_search(domainlist_anchor, sub)) &&
5799 !(t = tree_search(hostlist_anchor, sub)))
5800 t = tree_search(localpartlist_anchor, sub);
5801 }
5802 else switch(*arg) /* specific list-type version */
5803 {
6d9cfc47
JH		 5804 case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break;
5805 case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break;
5806 case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break;
5807 case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
042eb971
JH		 5808 default:
5809 expand_string_message = string_sprintf("bad suffix on \"list\" operator");
5810 goto EXPAND_FAILED;
5811 }
5812
5813 if(!t)
5814 {
5815 expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
5816 sub, !arg?""
5817 : *arg=='a'?"address "
5818 : *arg=='d'?"domain "
5819 : *arg=='h'?"host "
5820 : *arg=='l'?"localpart "
5821 : 0);
5822 goto EXPAND_FAILED;
5823 }
5824
042eb971
JH		 5825 list = ((namedlist_block *)(t->data.ptr))->string;
5826
5827 while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
5828 {
5829 uschar * buf = US" : ";
5830 if (needsep)
5831 yield = string_cat(yield, &size, &ptr, buf, 3);
5832 else
5833 needsep = TRUE;
5834
5835 if (*item == '+') /* list item is itself a named list */
5836 {
a64a3dfa 5837 uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
b0e85a8f 5838 item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE, &resetok);
042eb971
JH		 5839 }
5840 else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
5841 {
5842 char * cp;
5843 char tok[3];
5844 tok[0] = sep; tok[1] = ':'; tok[2] = 0;
5845 while ((cp= strpbrk((const char *)item, tok)))
5846 {
5847 yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
5848 if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
5849 {
5850 yield = string_cat(yield, &size, &ptr, US"::", 2);
6d9cfc47 5851 item = (uschar *)cp;
042eb971
JH		 5852 }
5853 else /* sep in item; should already be doubled; emit once */
5854 {
5855 yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
5856 if (*cp == sep) cp++;
6d9cfc47 5857 item = (uschar *)cp;
042eb971
JH		 5858 }
5859 }
5860 }
5861 yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
5862 }
5863 continue;
5864 }
5865
059ec3d9
PH		 5866 /* mask applies a mask to an IP address; for example the result of
5867 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
5868
5869 case EOP_MASK:
5870 {
5871 int count;
5872 uschar *endptr;
5873 int binary[4];
5874 int mask, maskoffset;
5875 int type = string_is_ip_address(sub, &maskoffset);
5876 uschar buffer[64];
5877
5878 if (type == 0)
5879 {
5880 expand_string_message = string_sprintf("\"%s\" is not an IP address",
5881 sub);
5882 goto EXPAND_FAILED;
5883 }
5884
5885 if (maskoffset == 0)
5886 {
5887 expand_string_message = string_sprintf("missing mask value in \"%s\"",
5888 sub);
5889 goto EXPAND_FAILED;
5890 }
5891
5892 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
5893
5894 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
5895 {
5896 expand_string_message = string_sprintf("mask value too big in \"%s\"",
5897 sub);
5898 goto EXPAND_FAILED;
5899 }
5900
5901 /* Convert the address to binary integer(s) and apply the mask */
5902
5903 sub[maskoffset] = 0;
5904 count = host_aton(sub, binary);
5905 host_mask(count, binary, mask);
5906
5907 /* Convert to masked textual format and add to output. */
5908
5909 yield = string_cat(yield, &size, &ptr, buffer,
6f0c9a4f 5910 host_nmtoa(count, binary, mask, buffer, '.'));
059ec3d9
PH		 5911 continue;
5912 }
5913
5914 case EOP_ADDRESS:
5915 case EOP_LOCAL_PART:
5916 case EOP_DOMAIN:
5917 {
5918 uschar *error;
5919 int start, end, domain;
5920 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
5921 FALSE);
5922 if (t != NULL)
5923 {
5924 if (c != EOP_DOMAIN)
5925 {
5926 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
5927 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
5928 }
5929 else if (domain != 0)
5930 {
5931 domain += start;
5932 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
5933 }
5934 }
5935 continue;
5936 }
5937
29f89cad
PH		 5938 case EOP_ADDRESSES:
5939 {
5940 uschar outsep[2] = { ':', '\0' };
5941 uschar *address, *error;
5942 int save_ptr = ptr;
5943 int start, end, domain; /* Not really used */
5944
5945 while (isspace(*sub)) sub++;
5946 if (*sub == '>') { *outsep = *++sub; ++sub; }
5947 parse_allow_group = TRUE;
5948
5949 for (;;)
5950 {
5951 uschar *p = parse_find_address_end(sub, FALSE);
5952 uschar saveend = *p;
5953 *p = '\0';
5954 address = parse_extract_address(sub, &error, &start, &end, &domain,
5955 FALSE);
5956 *p = saveend;
5957
5958 /* Add the address to the output list that we are building. This is
5959 done in chunks by searching for the separator character. At the
5960 start, unless we are dealing with the first address of the output
5961 list, add in a space if the new address begins with the separator
5962 character, or is an empty string. */
5963
5964 if (address != NULL)
5965 {
5966 if (ptr != save_ptr && address[0] == *outsep)
5967 yield = string_cat(yield, &size, &ptr, US" ", 1);
5968
5969 for (;;)
5970 {
5971 size_t seglen = Ustrcspn(address, outsep);
5972 yield = string_cat(yield, &size, &ptr, address, seglen + 1);
5973
5974 /* If we got to the end of the string we output one character
5975 too many. */
5976
5977 if (address[seglen] == '\0') { ptr--; break; }
5978 yield = string_cat(yield, &size, &ptr, outsep, 1);
5979 address += seglen + 1;
5980 }
5981
5982 /* Output a separator after the string: we will remove the
5983 redundant final one at the end. */
5984
5985 yield = string_cat(yield, &size, &ptr, outsep, 1);
5986 }
5987
5988 if (saveend == '\0') break;
5989 sub = p + 1;
5990 }
5991
5992 /* If we have generated anything, remove the redundant final
5993 separator. */
5994
5995 if (ptr != save_ptr) ptr--;
5996 parse_allow_group = FALSE;
5997 continue;
5998 }
5999
6000
059ec3d9
PH		 6001 /* quote puts a string in quotes if it is empty or contains anything
6002 other than alphamerics, underscore, dot, or hyphen.
6003
6004 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
6005 be quoted in order to be a valid local part.
6006
6007 In both cases, newlines and carriage returns are converted into \n and \r
6008 respectively */
6009
6010 case EOP_QUOTE:
6011 case EOP_QUOTE_LOCAL_PART:
6012 if (arg == NULL)
6013 {
6014 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
6015 uschar *t = sub - 1;
6016
6017 if (c == EOP_QUOTE)
6018 {
6019 while (!needs_quote && *(++t) != 0)
6020 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
6021 }
6022 else /* EOP_QUOTE_LOCAL_PART */
6023 {
6024 while (!needs_quote && *(++t) != 0)
6025 needs_quote = !isalnum(*t) &&
6026 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
6027 (*t != '.' || t == sub || t[1] == 0);
6028 }
6029
6030 if (needs_quote)
6031 {
6032 yield = string_cat(yield, &size, &ptr, US"\"", 1);
6033 t = sub - 1;
6034 while (*(++t) != 0)
6035 {
6036 if (*t == '\n')
6037 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
6038 else if (*t == '\r')
6039 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
6040 else
6041 {
6042 if (*t == '\\' || *t == '"')
6043 yield = string_cat(yield, &size, &ptr, US"\\", 1);
6044 yield = string_cat(yield, &size, &ptr, t, 1);
6045 }
6046 }
6047 yield = string_cat(yield, &size, &ptr, US"\"", 1);
6048 }
6049 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
6050 continue;
6051 }
6052
6053 /* quote_lookuptype does lookup-specific quoting */
6054
6055 else
6056 {
6057 int n;
6058 uschar *opt = Ustrchr(arg, '_');
6059
6060 if (opt != NULL) *opt++ = 0;
6061
6062 n = search_findtype(arg, Ustrlen(arg));
6063 if (n < 0)
6064 {
6065 expand_string_message = search_error_message;
6066 goto EXPAND_FAILED;
6067 }
6068
e6d225ae
DW		 6069 if (lookup_list[n]->quote != NULL)
6070 sub = (lookup_list[n]->quote)(sub, opt);
059ec3d9
PH		 6071 else if (opt != NULL) sub = NULL;
6072
6073 if (sub == NULL)
6074 {
6075 expand_string_message = string_sprintf(
6076 "\"%s\" unrecognized after \"${quote_%s\"",
6077 opt, arg);
6078 goto EXPAND_FAILED;
6079 }
6080
6081 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
6082 continue;
6083 }
6084
6085 /* rx quote sticks in \ before any non-alphameric character so that
6086 the insertion works in a regular expression. */
6087
6088 case EOP_RXQUOTE:
6089 {
6090 uschar *t = sub - 1;
6091 while (*(++t) != 0)
6092 {
6093 if (!isalnum(*t))
6094 yield = string_cat(yield, &size, &ptr, US"\\", 1);
6095 yield = string_cat(yield, &size, &ptr, t, 1);
6096 }
6097 continue;
6098 }
6099
6100 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
6101 prescribed by the RFC, if there are characters that need to be encoded */
6102
6103 case EOP_RFC2047:
6104 {
14702f5b 6105 uschar buffer[2048];
059ec3d9 6106 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
46218253 6107 buffer, sizeof(buffer), FALSE);
059ec3d9
PH		 6108 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
6109 continue;
6110 }
6111
9c57cbc0
PH		 6112 /* RFC 2047 decode */
6113
6114 case EOP_RFC2047D:
6115 {
6116 int len;
6117 uschar *error;
6118 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
6119 headers_charset, '?', &len, &error);
6120 if (error != NULL)
6121 {
6122 expand_string_message = error;
6123 goto EXPAND_FAILED;
6124 }
6125 yield = string_cat(yield, &size, &ptr, decoded, len);
6126 continue;
6127 }
6128
059ec3d9
PH		 6129 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
6130 underscores */
6131
6132 case EOP_FROM_UTF8:
6133 {
6134 while (*sub != 0)
6135 {
6136 int c;
6137 uschar buff[4];
6138 GETUTF8INC(c, sub);
6139 if (c > 255) c = '_';
6140 buff[0] = c;
6141 yield = string_cat(yield, &size, &ptr, buff, 1);
6142 }
6143 continue;
6144 }
6145
b9c2e32f
AR		 6146 /* replace illegal UTF-8 sequences by replacement character */
6147
6148 #define UTF8_REPLACEMENT_CHAR US"?"
6149
6150 case EOP_UTF8CLEAN:
6151 {
6152 int seq_len, index = 0;
6153 int bytes_left = 0;
6154 uschar seq_buff[4]; /* accumulate utf-8 here */
6155
6156 while (*sub != 0)
6157 {
6158 int complete;
6159 long codepoint;
6160 uschar c;
6161
6162 complete = 0;
6163 c = *sub++;
6164 if(bytes_left)
6165 {
6166 if ((c & 0xc0) != 0x80)
6167 {
6168 /* wrong continuation byte; invalidate all bytes */
6169 complete = 1; /* error */
6170 }
6171 else
6172 {
6173 codepoint = (codepoint << 6) | (c & 0x3f);
6174 seq_buff[index++] = c;
6175 if (--bytes_left == 0) /* codepoint complete */
6176 {
6177 if(codepoint > 0x10FFFF) /* is it too large? */
6178 complete = -1; /* error */
6179 else
6180 { /* finished; output utf-8 sequence */
6181 yield = string_cat(yield, &size, &ptr, seq_buff, seq_len);
6182 index = 0;
6183 }
6184 }
6185 }
6186 }
6187 else /* no bytes left: new sequence */
6188 {
6189 if((c & 0x80) == 0) /* 1-byte sequence, US-ASCII, keep it */
6190 {
6191 yield = string_cat(yield, &size, &ptr, &c, 1);
6192 continue;
6193 }
6194 if((c & 0xe0) == 0xc0) /* 2-byte sequence */
6195 {
10cc8a1e
AR		 6196 if(c == 0xc0 || c == 0xc1) /* 0xc0 and 0xc1 are illegal */
6197 complete = -1;
6198 else
6199 {
6200 bytes_left = 1;
6201 codepoint = c & 0x1f;
6202 }
b9c2e32f
AR		 6203 }
6204 else if((c & 0xf0) == 0xe0) /* 3-byte sequence */
6205 {
6206 bytes_left = 2;
6207 codepoint = c & 0x0f;
6208 }
6209 else if((c & 0xf8) == 0xf0) /* 4-byte sequence */
6210 {
6211 bytes_left = 3;
6212 codepoint = c & 0x07;
6213 }
6214 else /* invalid or too long (RFC3629 allows only 4 bytes) */
6215 complete = -1;
6216
6217 seq_buff[index++] = c;
6218 seq_len = bytes_left + 1;
6219 } /* if(bytes_left) */
6220
6221 if (complete != 0)
6222 {
6223 bytes_left = index = 0;
6224 yield = string_cat(yield, &size, &ptr, UTF8_REPLACEMENT_CHAR, 1);
6225 }
6226 if ((complete == 1) && ((c & 0x80) == 0))
6227 { /* ASCII character follows incomplete sequence */
6228 yield = string_cat(yield, &size, &ptr, &c, 1);
6229 }
6230 }
6231 continue;
6232 }
6233
059ec3d9
PH		 6234 /* escape turns all non-printing characters into escape sequences. */
6235
6236 case EOP_ESCAPE:
6237 {
6238 uschar *t = string_printing(sub);
6239 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6240 continue;
6241 }
6242
6243 /* Handle numeric expression evaluation */
6244
6245 case EOP_EVAL:
6246 case EOP_EVAL10:
6247 {
6248 uschar *save_sub = sub;
6249 uschar *error = NULL;
97d17305 6250 int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
059ec3d9
PH		 6251 if (error != NULL)
6252 {
6253 expand_string_message = string_sprintf("error in expression "
6254 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
6255 save_sub);
6256 goto EXPAND_FAILED;
6257 }
97d17305 6258 sprintf(CS var_buffer, PR_EXIM_ARITH, n);
059ec3d9
PH		 6259 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
6260 continue;
6261 }
6262
6263 /* Handle time period formating */
6264
f90d018c
PH		 6265 case EOP_TIME_EVAL:
6266 {
6267 int n = readconf_readtime(sub, 0, FALSE);
6268 if (n < 0)
6269 {
6270 expand_string_message = string_sprintf("string \"%s\" is not an "
6271 "Exim time interval in \"%s\" operator", sub, name);
6272 goto EXPAND_FAILED;
6273 }
6274 sprintf(CS var_buffer, "%d", n);
6275 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
6276 continue;
6277 }
6278
059ec3d9
PH		 6279 case EOP_TIME_INTERVAL:
6280 {
6281 int n;
6282 uschar *t = read_number(&n, sub);
6283 if (*t != 0) /* Not A Number*/
6284 {
6285 expand_string_message = string_sprintf("string \"%s\" is not a "
6286 "positive number in \"%s\" operator", sub, name);
6287 goto EXPAND_FAILED;
6288 }
6289 t = readconf_printtime(n);
6290 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
6291 continue;
6292 }
6293
6294 /* Convert string to base64 encoding */
6295
6296 case EOP_STR2B64:
6297 {
6298 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
6299 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
6300 continue;
6301 }
6302
6303 /* strlen returns the length of the string */
6304
6305 case EOP_STRLEN:
6306 {
6307 uschar buff[24];
6308 (void)sprintf(CS buff, "%d", Ustrlen(sub));
6309 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
6310 continue;
6311 }
6312
6313 /* length_n or l_n takes just the first n characters or the whole string,
6314 whichever is the shorter;
6315
6316 substr_m_n, and s_m_n take n characters from offset m; negative m take
6317 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
6318 takes the rest, either to the right or to the left.
6319
6320 hash_n or h_n makes a hash of length n from the string, yielding n
6321 characters from the set a-z; hash_n_m makes a hash of length n, but
6322 uses m characters from the set a-zA-Z0-9.
6323
6324 nhash_n returns a single number between 0 and n-1 (in text form), while
6325 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
6326 between 0 and n-1 and the second between 0 and m-1. */
6327
6328 case EOP_LENGTH:
6329 case EOP_L:
6330 case EOP_SUBSTR:
6331 case EOP_S:
6332 case EOP_HASH:
6333 case EOP_H:
6334 case EOP_NHASH:
6335 case EOP_NH:
6336 {
6337 int sign = 1;
6338 int value1 = 0;
6339 int value2 = -1;
6340 int *pn;
6341 int len;
6342 uschar *ret;
6343
6344 if (arg == NULL)
6345 {
6346 expand_string_message = string_sprintf("missing values after %s",
6347 name);
6348 goto EXPAND_FAILED;
6349 }
6350
6351 /* "length" has only one argument, effectively being synonymous with
6352 substr_0_n. */
6353
6354 if (c == EOP_LENGTH || c == EOP_L)
6355 {
6356 pn = &value2;
6357 value2 = 0;
6358 }
6359
6360 /* The others have one or two arguments; for "substr" the first may be
6361 negative. The second being negative means "not supplied". */
6362
6363 else
6364 {
6365 pn = &value1;
6366 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
6367 }
6368
6369 /* Read up to two numbers, separated by underscores */
6370
6371 ret = arg;
6372 while (*arg != 0)
6373 {
6374 if (arg != ret && *arg == '_' && pn == &value1)
6375 {
6376 pn = &value2;
6377 value2 = 0;
6378 if (arg[1] != 0) arg++;
6379 }
6380 else if (!isdigit(*arg))
6381 {
6382 expand_string_message =
6383 string_sprintf("non-digit after underscore in \"%s\"", name);
6384 goto EXPAND_FAILED;
6385 }
6386 else *pn = (*pn)*10 + *arg++ - '0';
6387 }
6388 value1 *= sign;
6389
6390 /* Perform the required operation */
6391
6392 ret =
6393 (c == EOP_HASH || c == EOP_H)?
6394 compute_hash(sub, value1, value2, &len) :
6395 (c == EOP_NHASH || c == EOP_NH)?
6396 compute_nhash(sub, value1, value2, &len) :
6397 extract_substr(sub, value1, value2, &len);
6398
6399 if (ret == NULL) goto EXPAND_FAILED;
6400 yield = string_cat(yield, &size, &ptr, ret, len);
6401 continue;
6402 }
6403
6404 /* Stat a path */
6405
6406 case EOP_STAT:
6407 {
6408 uschar *s;
6409 uschar smode[12];
6410 uschar **modetable[3];
6411 int i;
6412 mode_t mode;
6413 struct stat st;
6414
254e032f
PH		 6415 if ((expand_forbid & RDO_EXISTS) != 0)
6416 {
6417 expand_string_message = US"Use of the stat() expansion is not permitted";
6418 goto EXPAND_FAILED;
6419 }
6420
059ec3d9
PH		 6421 if (stat(CS sub, &st) < 0)
6422 {
6423 expand_string_message = string_sprintf("stat(%s) failed: %s",
6424 sub, strerror(errno));
6425 goto EXPAND_FAILED;
6426 }
6427 mode = st.st_mode;
6428 switch (mode & S_IFMT)
6429 {
6430 case S_IFIFO: smode[0] = 'p'; break;
6431 case S_IFCHR: smode[0] = 'c'; break;
6432 case S_IFDIR: smode[0] = 'd'; break;
6433 case S_IFBLK: smode[0] = 'b'; break;
6434 case S_IFREG: smode[0] = '-'; break;
6435 default: smode[0] = '?'; break;
6436 }
6437
6438 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
6439 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
6440 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
6441
6442 for (i = 0; i < 3; i++)
6443 {
6444 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
6445 mode >>= 3;
6446 }
6447
6448 smode[10] = 0;
6449 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
b1c749bb 6450 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
059ec3d9
PH		 6451 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
6452 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
b1c749bb 6453 (long)st.st_gid, st.st_size, (long)st.st_atime,
059ec3d9
PH		 6454 (long)st.st_mtime, (long)st.st_ctime);
6455 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6456 continue;
6457 }
6458
17c76198 6459 /* vaguely random number less than N */
9e3331ea
TK		 6460
6461 case EOP_RANDINT:
6462 {
97d17305 6463 int_eximarith_t max;
9e3331ea
TK		 6464 uschar *s;
6465
6466 max = expand_string_integer(sub, TRUE);
6467 if (expand_string_message != NULL)
6468 goto EXPAND_FAILED;
17c76198 6469 s = string_sprintf("%d", vaguely_random_number((int)max));
9e3331ea
TK		 6470 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6471 continue;
6472 }
6473
83e029d5
PP		 6474 /* Reverse IP, including IPv6 to dotted-nibble */
6475
6476 case EOP_REVERSE_IP:
6477 {
6478 int family, maskptr;
6479 uschar reversed[128];
6480
6481 family = string_is_ip_address(sub, &maskptr);
6482 if (family == 0)
6483 {
6484 expand_string_message = string_sprintf(
6485 "reverse_ip() not given an IP address [%s]", sub);
6486 goto EXPAND_FAILED;
6487 }
6488 invert_address(reversed, sub);
6489 yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed));
6490 continue;
6491 }
6492
059ec3d9
PH		 6493 /* Unknown operator */
6494
6495 default:
6496 expand_string_message =
6497 string_sprintf("unknown expansion operator \"%s\"", name);
6498 goto EXPAND_FAILED;
6499 }
6500 }
6501
6502 /* Handle a plain name. If this is the first thing in the expansion, release
6503 the pre-allocated buffer. If the result data is known to be in a new buffer,
6504 newsize will be set to the size of that buffer, and we can just point at that
6505 store instead of copying. Many expansion strings contain just one reference,
6506 so this is a useful optimization, especially for humungous headers
6507 ($message_headers). */
2e23003a 6508 /*{*/
059ec3d9
PH		 6509 if (*s++ == '}')
6510 {
6511 int len;
6512 int newsize = 0;
6513 if (ptr == 0)
6514 {
d6b4d938 6515 if (resetok) store_reset(yield);
059ec3d9
PH		 6516 yield = NULL;
6517 size = 0;
6518 }
6519 value = find_variable(name, FALSE, skipping, &newsize);
6520 if (value == NULL)
6521 {
6522 expand_string_message =
6523 string_sprintf("unknown variable in \"${%s}\"", name);
641cb756 6524 check_variable_error_message(name);
059ec3d9
PH		 6525 goto EXPAND_FAILED;
6526 }
6527 len = Ustrlen(value);
6528 if (yield == NULL && newsize != 0)
6529 {
6530 yield = value;
6531 size = newsize;
6532 ptr = len;
6533 }
6534 else yield = string_cat(yield, &size, &ptr, value, len);
6535 continue;
6536 }
6537
6538 /* Else there's something wrong */
6539
6540 expand_string_message =
6541 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
6542 "in a variable reference)", name);
6543 goto EXPAND_FAILED;
6544 }
6545
6546/* If we hit the end of the string when ket_ends is set, there is a missing
6547terminating brace. */
6548
6549if (ket_ends && *s == 0)
6550 {
6551 expand_string_message = malformed_header?
6552 US"missing } at end of string - could be header name not terminated by colon"
6553 :
6554 US"missing } at end of string";
6555 goto EXPAND_FAILED;
6556 }
6557
6558/* Expansion succeeded; yield may still be NULL here if nothing was actually
6559added to the string. If so, set up an empty string. Add a terminating zero. If
6560left != NULL, return a pointer to the terminator. */
6561
6562if (yield == NULL) yield = store_get(1);
6563yield[ptr] = 0;
6564if (left != NULL) *left = s;
6565
6566/* Any stacking store that was used above the final string is no longer needed.
6567In many cases the final string will be the first one that was got and so there
6568will be optimal store usage. */
6569
d6b4d938 6570if (resetok) store_reset(yield + ptr + 1);
b0e85a8f
JH		 6571else if (resetok_p) *resetok_p = FALSE;
6572
059ec3d9
PH		 6573DEBUG(D_expand)
6574 {
6575 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
6576 yield);
6577 if (skipping) debug_printf("skipping: result is not used\n");
6578 }
6579return yield;
6580
6581/* This is the failure exit: easiest to program with a goto. We still need
6582to update the pointer to the terminator, for cases of nested calls with "fail".
6583*/
6584
6585EXPAND_FAILED_CURLY:
6586expand_string_message = malformed_header?
6587 US"missing or misplaced { or } - could be header name not terminated by colon"
6588 :
6589 US"missing or misplaced { or }";
6590
6591/* At one point, Exim reset the store to yield (if yield was not NULL), but
6592that is a bad idea, because expand_string_message is in dynamic store. */
6593
6594EXPAND_FAILED:
6595if (left != NULL) *left = s;
6596DEBUG(D_expand)
6597 {
6598 debug_printf("failed to expand: %s\n", string);
6599 debug_printf(" error message: %s\n", expand_string_message);
6600 if (expand_string_forcedfail) debug_printf("failure was forced\n");
6601 }
b0e85a8f 6602if (resetok_p) *resetok_p = resetok;
059ec3d9
PH		 6603return NULL;
6604}
6605
6606
6607/* This is the external function call. Do a quick check for any expansion
6608metacharacters, and if there are none, just return the input string.
6609
6610Argument: the string to be expanded
6611Returns: the expanded string, or NULL if expansion failed; if failure was
6612 due to a lookup deferring, search_find_defer will be TRUE
6613*/
6614
6615uschar *
6616expand_string(uschar *string)
6617{
6618search_find_defer = FALSE;
6619malformed_header = FALSE;
6620return (Ustrpbrk(string, "$\\") == NULL)? string :
b0e85a8f 6621 expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
059ec3d9
PH		 6622}
6623
6624
6625
6626/*************************************************
6627* Expand and copy *
6628*************************************************/
6629
6630/* Now and again we want to expand a string and be sure that the result is in a
6631new bit of store. This function does that.
6632
6633Argument: the string to be expanded
6634Returns: the expanded string, always in a new bit of store, or NULL
6635*/
6636
6637uschar *
6638expand_string_copy(uschar *string)
6639{
6640uschar *yield = expand_string(string);
6641if (yield == string) yield = string_copy(string);
6642return yield;
6643}
6644
6645
6646
6647/*************************************************
6648* Expand and interpret as an integer *
6649*************************************************/
6650
6651/* Expand a string, and convert the result into an integer.
6652
d45b1de8
PH		 6653Arguments:
6654 string the string to be expanded
6655 isplus TRUE if a non-negative number is expected
059ec3d9
PH		 6656
6657Returns: the integer value, or
6658 -1 for an expansion error ) in both cases, message in
6659 -2 for an integer interpretation error ) expand_string_message
d45b1de8 6660 expand_string_message is set NULL for an OK integer
059ec3d9
PH		 6661*/
6662
97d17305 6663int_eximarith_t
d45b1de8 6664expand_string_integer(uschar *string, BOOL isplus)
059ec3d9 6665{
97d17305 6666int_eximarith_t value;
059ec3d9
PH		 6667uschar *s = expand_string(string);
6668uschar *msg = US"invalid integer \"%s\"";
6669uschar *endptr;
6670
d45b1de8
PH		 6671/* If expansion failed, expand_string_message will be set. */
6672
059ec3d9
PH		 6673if (s == NULL) return -1;
6674
6675/* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
6676to ERANGE. When there isn't an overflow, errno is not changed, at least on some
6677systems, so we set it zero ourselves. */
6678
6679errno = 0;
d45b1de8 6680expand_string_message = NULL; /* Indicates no error */
b52bc06e
NM		 6681
6682/* Before Exim 4.64, strings consisting entirely of whitespace compared
6683equal to 0. Unfortunately, people actually relied upon that, so preserve
6684the behaviour explicitly. Stripping leading whitespace is a harmless
6685noop change since strtol skips it anyway (provided that there is a number
6686to find at all). */
6687if (isspace(*s))
6688 {
6689 while (isspace(*s)) ++s;
6690 if (*s == '\0')
6691 {
6692 DEBUG(D_expand)
6693 debug_printf("treating blank string as number 0\n");
6694 return 0;
6695 }
6696 }
6697
aa7c82b2 6698value = strtoll(CS s, CSS &endptr, 10);
059ec3d9
PH		 6699
6700if (endptr == s)
6701 {
6702 msg = US"integer expected but \"%s\" found";
6703 }
d45b1de8
PH		 6704else if (value < 0 && isplus)
6705 {
6706 msg = US"non-negative integer expected but \"%s\" found";
6707 }
059ec3d9
PH		 6708else
6709 {
4eb9d6ef 6710 switch (tolower(*endptr))
059ec3d9 6711 {
4eb9d6ef
JH		 6712 default:
6713 break;
6714 case 'k':
4328fd3c 6715 if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE;
aa7c82b2 6716 else value *= 1024;
4eb9d6ef
JH		 6717 endptr++;
6718 break;
6719 case 'm':
4328fd3c 6720 if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE;
4eb9d6ef
JH		 6721 else value *= 1024*1024;
6722 endptr++;
6723 break;
6724 case 'g':
4328fd3c 6725 if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE;
4eb9d6ef
JH		 6726 else value *= 1024*1024*1024;
6727 endptr++;
6728 break;
059ec3d9
PH		 6729 }
6730 if (errno == ERANGE)
6731 msg = US"absolute value of integer \"%s\" is too large (overflow)";
6732 else
6733 {
6734 while (isspace(*endptr)) endptr++;
725735cd 6735 if (*endptr == 0) return value;
059ec3d9
PH		 6736 }
6737 }
6738
6739expand_string_message = string_sprintf(CS msg, s);
6740return -2;
6741}
6742
059ec3d9
PH		 6743
6744/*************************************************
6745**************************************************
6746* Stand-alone test program *
6747**************************************************
6748*************************************************/
6749
6750#ifdef STAND_ALONE
6751
6752
6753BOOL
6754regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
6755{
6756int ovector[3*(EXPAND_MAXN+1)];
6757int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
6758 ovector, sizeof(ovector)/sizeof(int));
6759BOOL yield = n >= 0;
6760if (n == 0) n = EXPAND_MAXN + 1;
6761if (yield)
6762 {
6763 int nn;
6764 expand_nmax = (setup < 0)? 0 : setup + 1;
6765 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
6766 {
6767 expand_nstring[expand_nmax] = subject + ovector[nn];
6768 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
6769 }
6770 expand_nmax--;
6771 }
6772return yield;
6773}
6774
6775
6776int main(int argc, uschar **argv)
6777{
6778int i;
6779uschar buffer[1024];
6780
6781debug_selector = D_v;
6782debug_file = stderr;
6783debug_fd = fileno(debug_file);
6784big_buffer = malloc(big_buffer_size);
6785
6786for (i = 1; i < argc; i++)
6787 {
6788 if (argv[i][0] == '+')
6789 {
6790 debug_trace_memory = 2;
6791 argv[i]++;
6792 }
6793 if (isdigit(argv[i][0]))
6794 debug_selector = Ustrtol(argv[i], NULL, 0);
6795 else
6796 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
6797 Ustrlen(argv[i]))
6798 {
6799 #ifdef LOOKUP_LDAP
6800 eldap_default_servers = argv[i];
6801 #endif
6802 #ifdef LOOKUP_MYSQL
6803 mysql_servers = argv[i];
6804 #endif
6805 #ifdef LOOKUP_PGSQL
6806 pgsql_servers = argv[i];
6807 #endif
9bdd29ad
TL		 6808 #ifdef EXPERIMENTAL_REDIS
6809 redis_servers = argv[i];
6810 #endif
059ec3d9
PH		 6811 }
6812 #ifdef EXIM_PERL
6813 else opt_perl_startup = argv[i];
6814 #endif
6815 }
6816
6817printf("Testing string expansion: debug_level = %d\n\n", debug_level);
6818
6819expand_nstring[1] = US"string 1....";
6820expand_nlength[1] = 8;
6821expand_nmax = 1;
6822
6823#ifdef EXIM_PERL
6824if (opt_perl_startup != NULL)
6825 {
6826 uschar *errstr;
6827 printf("Starting Perl interpreter\n");
6828 errstr = init_perl(opt_perl_startup);
6829 if (errstr != NULL)
6830 {
6831 printf("** error in perl_startup code: %s\n", errstr);
6832 return EXIT_FAILURE;
6833 }
6834 }
6835#endif /* EXIM_PERL */
6836
6837while (fgets(buffer, sizeof(buffer), stdin) != NULL)
6838 {
6839 void *reset_point = store_get(0);
6840 uschar *yield = expand_string(buffer);
6841 if (yield != NULL)
6842 {
6843 printf("%s\n", yield);
6844 store_reset(reset_point);
6845 }
6846 else
6847 {
6848 if (search_find_defer) printf("search_find deferred\n");
6849 printf("Failed: %s\n", expand_string_message);
6850 if (expand_string_forcedfail) printf("Forced failure\n");
6851 printf("\n");
6852 }
6853 }
6854
6855search_tidyup();
6856
6857return 0;
6858}
6859
6860#endif
6861
b9c2e32f
AR		 6862/*
6863 vi: aw ai sw=2
6864*/
059ec3d9 6865/* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.