projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add timeout to connect() for Unix domain socket in ${readsocket.
[exim.git] / src / src / expand.c
CommitLineData
a401ddaa 1/* $Cambridge: exim/src/src/expand.c,v 1.71 2006/11/13 12:29:30 ph10 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
d7d7b7b9 7/* Copyright (c) University of Cambridge 1995 - 2006 */
059ec3d9
PH		 8/* See the file NOTICE for conditions of use and distribution. */
9
10
11/* Functions for handling string expansion. */
12
13
14#include "exim.h"
15
16#ifdef STAND_ALONE
17#ifndef SUPPORT_CRYPTEQ
18#define SUPPORT_CRYPTEQ
19#endif
20#endif
21
22#ifdef SUPPORT_CRYPTEQ
23#ifdef CRYPT_H
24#include <crypt.h>
25#endif
26#ifndef HAVE_CRYPT16
27extern char* crypt16(char*, char*);
28#endif
29#endif
30
31#ifdef LOOKUP_LDAP
32#include "lookups/ldap.h"
33#endif
34
35
36
37/* Recursively called function */
38
39static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43/*************************************************
44* Local statics and tables *
45*************************************************/
46
47/* Table of item names, and corresponding switch numbers. The names must be in
48alphabetical order. */
49
50static uschar *item_table[] = {
1a46a8c5 51 US"dlfunc",
059ec3d9
PH		 52 US"extract",
53 US"hash",
54 US"hmac",
55 US"if",
56 US"length",
57 US"lookup",
58 US"nhash",
1a46a8c5 59 US"perl",
fffda43a
TK		 60 US"prvs",
61 US"prvscheck",
059ec3d9
PH		 62 US"readfile",
63 US"readsocket",
64 US"run",
65 US"sg",
66 US"substr",
67 US"tr" };
68
69enum {
1a46a8c5 70 EITEM_DLFUNC,
059ec3d9
PH		 71 EITEM_EXTRACT,
72 EITEM_HASH,
73 EITEM_HMAC,
74 EITEM_IF,
75 EITEM_LENGTH,
76 EITEM_LOOKUP,
77 EITEM_NHASH,
1a46a8c5 78 EITEM_PERL,
fffda43a
TK		 79 EITEM_PRVS,
80 EITEM_PRVSCHECK,
059ec3d9
PH		 81 EITEM_READFILE,
82 EITEM_READSOCK,
83 EITEM_RUN,
84 EITEM_SG,
85 EITEM_SUBSTR,
86 EITEM_TR };
87
88/* Tables of operator names, and corresponding switch numbers. The names must be
89in alphabetical order. There are two tables, because underscore is used in some
90cases to introduce arguments, whereas for other it is part of the name. This is
91an historical mis-design. */
92
93static uschar *op_table_underscore[] = {
94 US"from_utf8",
95 US"local_part",
96 US"quote_local_part",
f90d018c 97 US"time_eval",
059ec3d9
PH		 98 US"time_interval"};
99
100enum {
101 EOP_FROM_UTF8,
102 EOP_LOCAL_PART,
103 EOP_QUOTE_LOCAL_PART,
f90d018c 104 EOP_TIME_EVAL,
059ec3d9
PH		 105 EOP_TIME_INTERVAL };
106
107static uschar *op_table_main[] = {
108 US"address",
109 US"base62",
110 US"base62d",
111 US"domain",
112 US"escape",
113 US"eval",
114 US"eval10",
115 US"expand",
116 US"h",
117 US"hash",
118 US"hex2b64",
119 US"l",
120 US"lc",
121 US"length",
122 US"mask",
123 US"md5",
124 US"nh",
125 US"nhash",
126 US"quote",
127 US"rfc2047",
128 US"rxquote",
129 US"s",
130 US"sha1",
131 US"stat",
132 US"str2b64",
133 US"strlen",
134 US"substr",
135 US"uc" };
136
137enum {
138 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
139 EOP_BASE62,
140 EOP_BASE62D,
141 EOP_DOMAIN,
142 EOP_ESCAPE,
143 EOP_EVAL,
144 EOP_EVAL10,
145 EOP_EXPAND,
146 EOP_H,
147 EOP_HASH,
148 EOP_HEX2B64,
149 EOP_L,
150 EOP_LC,
151 EOP_LENGTH,
152 EOP_MASK,
153 EOP_MD5,
154 EOP_NH,
155 EOP_NHASH,
156 EOP_QUOTE,
157 EOP_RFC2047,
158 EOP_RXQUOTE,
159 EOP_S,
160 EOP_SHA1,
161 EOP_STAT,
162 EOP_STR2B64,
163 EOP_STRLEN,
164 EOP_SUBSTR,
165 EOP_UC };
166
167
168/* Table of condition names, and corresponding switch numbers. The names must
169be in alphabetical order. */
170
171static uschar *cond_table[] = {
172 US"<",
173 US"<=",
174 US"=",
175 US"==", /* Backward compatibility */
176 US">",
177 US">=",
178 US"and",
179 US"crypteq",
180 US"def",
181 US"eq",
182 US"eqi",
183 US"exists",
184 US"first_delivery",
185 US"ge",
186 US"gei",
187 US"gt",
188 US"gti",
189 US"isip",
190 US"isip4",
191 US"isip6",
192 US"ldapauth",
193 US"le",
194 US"lei",
195 US"lt",
196 US"lti",
197 US"match",
198 US"match_address",
199 US"match_domain",
32d668a5 200 US"match_ip",
059ec3d9
PH		 201 US"match_local_part",
202 US"or",
203 US"pam",
204 US"pwcheck",
205 US"queue_running",
206 US"radius",
207 US"saslauthd"
208};
209
210enum {
211 ECOND_NUM_L,
212 ECOND_NUM_LE,
213 ECOND_NUM_E,
214 ECOND_NUM_EE,
215 ECOND_NUM_G,
216 ECOND_NUM_GE,
217 ECOND_AND,
218 ECOND_CRYPTEQ,
219 ECOND_DEF,
220 ECOND_STR_EQ,
221 ECOND_STR_EQI,
222 ECOND_EXISTS,
223 ECOND_FIRST_DELIVERY,
224 ECOND_STR_GE,
225 ECOND_STR_GEI,
226 ECOND_STR_GT,
227 ECOND_STR_GTI,
228 ECOND_ISIP,
229 ECOND_ISIP4,
230 ECOND_ISIP6,
231 ECOND_LDAPAUTH,
232 ECOND_STR_LE,
233 ECOND_STR_LEI,
234 ECOND_STR_LT,
235 ECOND_STR_LTI,
236 ECOND_MATCH,
237 ECOND_MATCH_ADDRESS,
238 ECOND_MATCH_DOMAIN,
32d668a5 239 ECOND_MATCH_IP,
059ec3d9
PH		 240 ECOND_MATCH_LOCAL_PART,
241 ECOND_OR,
242 ECOND_PAM,
243 ECOND_PWCHECK,
244 ECOND_QUEUE_RUNNING,
245 ECOND_RADIUS,
246 ECOND_SASLAUTHD
247};
248
249
250/* Type for main variable table */
251
252typedef struct {
253 char *name;
254 int type;
255 void *value;
256} var_entry;
257
258/* Type for entries pointing to address/length pairs. Not currently
259in use. */
260
261typedef struct {
262 uschar **address;
263 int *length;
264} alblock;
265
266/* Types of table entry */
267
268enum {
269 vtype_int, /* value is address of int */
270 vtype_filter_int, /* ditto, but recognized only when filtering */
271 vtype_ino, /* value is address of ino_t (not always an int) */
272 vtype_uid, /* value is address of uid_t (not always an int) */
273 vtype_gid, /* value is address of gid_t (not always an int) */
274 vtype_stringptr, /* value is address of pointer to string */
275 vtype_msgbody, /* as stringptr, but read when first required */
276 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH		 277 vtype_msgheaders, /* the message's headers, processed */
278 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH		 279 vtype_localpart, /* extract local part from string */
280 vtype_domain, /* extract domain from string */
281 vtype_recipients, /* extract recipients from recipients list */
282 /* (enabled only during system filtering */
283 vtype_todbsdin, /* value not used; generate BSD inbox tod */
284 vtype_tode, /* value not used; generate tod in epoch format */
285 vtype_todf, /* value not used; generate full tod */
286 vtype_todl, /* value not used; generate log tod */
287 vtype_todlf, /* value not used; generate log file datestamp tod */
288 vtype_todzone, /* value not used; generate time zone only */
289 vtype_todzulu, /* value not used; generate zulu tod */
290 vtype_reply, /* value not used; get reply from headers */
291 vtype_pid, /* value not used; result is pid */
292 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH		 293 vtype_load_avg, /* value not used; result is int from os_getloadavg */
294 vtype_pspace, /* partition space; value is T/F for spool/log */
8e669ac1 295 vtype_pinodes /* partition inodes; value is T/F for spool/log */
fb2274d4
TK		 296#ifdef EXPERIMENTAL_DOMAINKEYS
297 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
84330b7b 298#endif
059ec3d9
PH		 299 };
300
301/* This table must be kept in alphabetical order. */
302
303static var_entry var_table[] = {
38a0a95f
PH		 304 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
305 they will be confused with user-creatable ACL variables. */
059ec3d9
PH		 306 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
307 { "address_data", vtype_stringptr, &deliver_address_data },
308 { "address_file", vtype_stringptr, &address_file },
309 { "address_pipe", vtype_stringptr, &address_pipe },
310 { "authenticated_id", vtype_stringptr, &authenticated_id },
311 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
312 { "authentication_failed",vtype_int, &authentication_failed },
8523533c
TK		 313#ifdef EXPERIMENTAL_BRIGHTMAIL
314 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
315 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
316 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
317 { "bmi_deliver", vtype_int, &bmi_deliver },
318#endif
059ec3d9
PH		 319 { "body_linecount", vtype_int, &body_linecount },
320 { "body_zerocount", vtype_int, &body_zerocount },
321 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
322 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
323 { "caller_gid", vtype_gid, &real_gid },
324 { "caller_uid", vtype_uid, &real_uid },
325 { "compile_date", vtype_stringptr, &version_date },
326 { "compile_number", vtype_stringptr, &version_cnumber },
e5a9dba6 327 { "csa_status", vtype_stringptr, &csa_status },
8523533c
TK		 328#ifdef WITH_OLD_DEMIME
329 { "demime_errorlevel", vtype_int, &demime_errorlevel },
330 { "demime_reason", vtype_stringptr, &demime_reason },
fb2274d4
TK		 331#endif
332#ifdef EXPERIMENTAL_DOMAINKEYS
333 { "dk_domain", vtype_stringptr, &dk_signing_domain },
334 { "dk_is_signed", vtype_dk_verify, NULL },
335 { "dk_result", vtype_dk_verify, NULL },
336 { "dk_selector", vtype_stringptr, &dk_signing_selector },
337 { "dk_sender", vtype_dk_verify, NULL },
338 { "dk_sender_domain", vtype_dk_verify, NULL },
339 { "dk_sender_local_part",vtype_dk_verify, NULL },
340 { "dk_sender_source", vtype_dk_verify, NULL },
341 { "dk_signsall", vtype_dk_verify, NULL },
342 { "dk_status", vtype_dk_verify, NULL },
343 { "dk_testing", vtype_dk_verify, NULL },
8523533c 344#endif
059ec3d9
PH		 345 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
346 { "dnslist_text", vtype_stringptr, &dnslist_text },
347 { "dnslist_value", vtype_stringptr, &dnslist_value },
348 { "domain", vtype_stringptr, &deliver_domain },
349 { "domain_data", vtype_stringptr, &deliver_domain_data },
350 { "exim_gid", vtype_gid, &exim_gid },
351 { "exim_path", vtype_stringptr, &exim_path },
352 { "exim_uid", vtype_uid, &exim_uid },
8523533c
TK		 353#ifdef WITH_OLD_DEMIME
354 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 355#endif
059ec3d9
PH		 356 { "home", vtype_stringptr, &deliver_home },
357 { "host", vtype_stringptr, &deliver_host },
358 { "host_address", vtype_stringptr, &deliver_host_address },
359 { "host_data", vtype_stringptr, &host_data },
b08b24c8 360 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9
PH		 361 { "host_lookup_failed", vtype_int, &host_lookup_failed },
362 { "inode", vtype_ino, &deliver_inode },
363 { "interface_address", vtype_stringptr, &interface_address },
364 { "interface_port", vtype_int, &interface_port },
365 #ifdef LOOKUP_LDAP
366 { "ldap_dn", vtype_stringptr, &eldap_dn },
367 #endif
368 { "load_average", vtype_load_avg, NULL },
369 { "local_part", vtype_stringptr, &deliver_localpart },
370 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
371 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
372 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
373 { "local_scan_data", vtype_stringptr, &local_scan_data },
374 { "local_user_gid", vtype_gid, &local_user_gid },
375 { "local_user_uid", vtype_uid, &local_user_uid },
376 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 377 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 378 { "log_space", vtype_pspace, (void *)FALSE },
059ec3d9 379 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK		 380#ifdef WITH_CONTENT_SCAN
381 { "malware_name", vtype_stringptr, &malware_name },
382#endif
059ec3d9
PH		 383 { "message_age", vtype_int, &message_age },
384 { "message_body", vtype_msgbody, &message_body },
385 { "message_body_end", vtype_msgbody_end, &message_body_end },
386 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 387 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 388 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 389 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 390 { "message_id", vtype_stringptr, &message_id },
2e0c1448 391 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 392 { "message_size", vtype_int, &message_size },
8523533c
TK		 393#ifdef WITH_CONTENT_SCAN
394 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
395 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
396 { "mime_boundary", vtype_stringptr, &mime_boundary },
397 { "mime_charset", vtype_stringptr, &mime_charset },
398 { "mime_content_description", vtype_stringptr, &mime_content_description },
399 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
400 { "mime_content_id", vtype_stringptr, &mime_content_id },
401 { "mime_content_size", vtype_int, &mime_content_size },
402 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
403 { "mime_content_type", vtype_stringptr, &mime_content_type },
404 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
405 { "mime_filename", vtype_stringptr, &mime_filename },
406 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
407 { "mime_is_multipart", vtype_int, &mime_is_multipart },
408 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
409 { "mime_part_count", vtype_int, &mime_part_count },
410#endif
059ec3d9
PH		 411 { "n0", vtype_filter_int, &filter_n[0] },
412 { "n1", vtype_filter_int, &filter_n[1] },
413 { "n2", vtype_filter_int, &filter_n[2] },
414 { "n3", vtype_filter_int, &filter_n[3] },
415 { "n4", vtype_filter_int, &filter_n[4] },
416 { "n5", vtype_filter_int, &filter_n[5] },
417 { "n6", vtype_filter_int, &filter_n[6] },
418 { "n7", vtype_filter_int, &filter_n[7] },
419 { "n8", vtype_filter_int, &filter_n[8] },
420 { "n9", vtype_filter_int, &filter_n[9] },
421 { "original_domain", vtype_stringptr, &deliver_domain_orig },
422 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
423 { "originator_gid", vtype_gid, &originator_gid },
424 { "originator_uid", vtype_uid, &originator_uid },
425 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
426 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
427 { "pid", vtype_pid, NULL },
428 { "primary_hostname", vtype_stringptr, &primary_hostname },
fffda43a
TK		 429 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
430 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
431 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH		 432 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
433 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
434 { "rcpt_count", vtype_int, &rcpt_count },
435 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
436 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
437 { "received_count", vtype_int, &received_count },
438 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH		 439 { "received_ip_address", vtype_stringptr, &interface_address },
440 { "received_port", vtype_int, &interface_port },
059ec3d9 441 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 442 { "received_time", vtype_int, &received_time },
059ec3d9 443 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 444 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
059ec3d9
PH		 445 { "recipients", vtype_recipients, NULL },
446 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK		 447#ifdef WITH_CONTENT_SCAN
448 { "regex_match_string", vtype_stringptr, &regex_match_string },
449#endif
059ec3d9
PH		 450 { "reply_address", vtype_reply, NULL },
451 { "return_path", vtype_stringptr, &return_path },
452 { "return_size_limit", vtype_int, &bounce_return_size_limit },
453 { "runrc", vtype_int, &runrc },
454 { "self_hostname", vtype_stringptr, &self_hostname },
455 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 456 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH		 457 { "sender_address_domain", vtype_domain, &sender_address },
458 { "sender_address_local_part", vtype_localpart, &sender_address },
459 { "sender_data", vtype_stringptr, &sender_data },
460 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
461 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
462 { "sender_host_address", vtype_stringptr, &sender_host_address },
463 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
464 { "sender_host_name", vtype_host_lookup, NULL },
465 { "sender_host_port", vtype_int, &sender_host_port },
466 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF		 467 { "sender_rate", vtype_stringptr, &sender_rate },
468 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
469 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 470 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1
PH		 471 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
472 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH		 473 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
474 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
059ec3d9
PH		 475 { "sn0", vtype_filter_int, &filter_sn[0] },
476 { "sn1", vtype_filter_int, &filter_sn[1] },
477 { "sn2", vtype_filter_int, &filter_sn[2] },
478 { "sn3", vtype_filter_int, &filter_sn[3] },
479 { "sn4", vtype_filter_int, &filter_sn[4] },
480 { "sn5", vtype_filter_int, &filter_sn[5] },
481 { "sn6", vtype_filter_int, &filter_sn[6] },
482 { "sn7", vtype_filter_int, &filter_sn[7] },
483 { "sn8", vtype_filter_int, &filter_sn[8] },
484 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c
TK		 485#ifdef WITH_CONTENT_SCAN
486 { "spam_bar", vtype_stringptr, &spam_bar },
487 { "spam_report", vtype_stringptr, &spam_report },
488 { "spam_score", vtype_stringptr, &spam_score },
489 { "spam_score_int", vtype_stringptr, &spam_score_int },
490#endif
491#ifdef EXPERIMENTAL_SPF
492 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
493 { "spf_received", vtype_stringptr, &spf_received },
494 { "spf_result", vtype_stringptr, &spf_result },
495 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
496#endif
059ec3d9 497 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 498 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 499 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK		 500#ifdef EXPERIMENTAL_SRS
501 { "srs_db_address", vtype_stringptr, &srs_db_address },
502 { "srs_db_key", vtype_stringptr, &srs_db_key },
503 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
504 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
505 { "srs_recipient", vtype_stringptr, &srs_recipient },
506 { "srs_status", vtype_stringptr, &srs_status },
507#endif
059ec3d9
PH		 508 { "thisaddress", vtype_stringptr, &filter_thisaddress },
509 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
510 { "tls_cipher", vtype_stringptr, &tls_cipher },
511 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
512 { "tod_bsdinbox", vtype_todbsdin, NULL },
513 { "tod_epoch", vtype_tode, NULL },
514 { "tod_full", vtype_todf, NULL },
515 { "tod_log", vtype_todl, NULL },
516 { "tod_logfile", vtype_todlf, NULL },
517 { "tod_zone", vtype_todzone, NULL },
518 { "tod_zulu", vtype_todzulu, NULL },
519 { "value", vtype_stringptr, &lookup_value },
520 { "version_number", vtype_stringptr, &version_string },
521 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
522 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
523 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
524 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
525 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
526 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
527};
528
529static int var_table_size = sizeof(var_table)/sizeof(var_entry);
530static uschar var_buffer[256];
531static BOOL malformed_header;
532
533/* For textual hashes */
534
535static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
536 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
537 "0123456789";
538
539enum { HMAC_MD5, HMAC_SHA1 };
540
541/* For numeric hashes */
542
543static unsigned int prime[] = {
544 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
545 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
546 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
547
548/* For printing modes in symbolic form */
549
550static uschar *mtable_normal[] =
551 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
552
553static uschar *mtable_setid[] =
554 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
555
556static uschar *mtable_sticky[] =
557 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
558
559
560
561/*************************************************
562* Tables for UTF-8 support *
563*************************************************/
564
565/* Table of the number of extra characters, indexed by the first character
566masked with 0x3f. The highest number for a valid UTF-8 character is in fact
5670x3d. */
568
569static uschar utf8_table1[] = {
570 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
571 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
572 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
573 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
574
575/* These are the masks for the data bits in the first byte of a character,
576indexed by the number of additional bytes. */
577
578static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
579
580/* Get the next UTF-8 character, advancing the pointer. */
581
582#define GETUTF8INC(c, ptr) \
583 c = *ptr++; \
584 if ((c & 0xc0) == 0xc0) \
585 { \
586 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
587 int s = 6*a; \
588 c = (c & utf8_table2[a]) << s; \
589 while (a-- > 0) \
590 { \
591 s -= 6; \
592 c |= (*ptr++ & 0x3f) << s; \
593 } \
594 }
595
596
597/*************************************************
598* Binary chop search on a table *
599*************************************************/
600
601/* This is used for matching expansion items and operators.
602
603Arguments:
604 name the name that is being sought
605 table the table to search
606 table_size the number of items in the table
607
608Returns: the offset in the table, or -1
609*/
610
611static int
612chop_match(uschar *name, uschar **table, int table_size)
613{
614uschar **bot = table;
615uschar **top = table + table_size;
616
617while (top > bot)
618 {
619 uschar **mid = bot + (top - bot)/2;
620 int c = Ustrcmp(name, *mid);
621 if (c == 0) return mid - table;
622 if (c > 0) bot = mid + 1; else top = mid;
623 }
624
625return -1;
626}
627
628
629
630/*************************************************
631* Check a condition string *
632*************************************************/
633
634/* This function is called to expand a string, and test the result for a "true"
635or "false" value. Failure of the expansion yields FALSE; logged unless it was a
636forced fail or lookup defer. All store used by the function can be released on
637exit.
638
639Arguments:
640 condition the condition string
641 m1 text to be incorporated in panic error
642 m2 ditto
643
644Returns: TRUE if condition is met, FALSE if not
645*/
646
647BOOL
648expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
649{
650int rc;
651void *reset_point = store_get(0);
652uschar *ss = expand_string(condition);
653if (ss == NULL)
654 {
655 if (!expand_string_forcedfail && !search_find_defer)
656 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
657 "for %s %s: %s", condition, m1, m2, expand_string_message);
658 return FALSE;
659 }
660rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
661 strcmpic(ss, US"false") != 0;
662store_reset(reset_point);
663return rc;
664}
665
666
667
668/*************************************************
669* Pick out a name from a string *
670*************************************************/
671
672/* If the name is too long, it is silently truncated.
673
674Arguments:
675 name points to a buffer into which to put the name
676 max is the length of the buffer
677 s points to the first alphabetic character of the name
678 extras chars other than alphanumerics to permit
679
680Returns: pointer to the first character after the name
681
682Note: The test for *s != 0 in the while loop is necessary because
683Ustrchr() yields non-NULL if the character is zero (which is not something
684I expected). */
685
686static uschar *
687read_name(uschar *name, int max, uschar *s, uschar *extras)
688{
689int ptr = 0;
690while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
691 {
692 if (ptr < max-1) name[ptr++] = *s;
693 s++;
694 }
695name[ptr] = 0;
696return s;
697}
698
699
700
701/*************************************************
702* Pick out the rest of a header name *
703*************************************************/
704
705/* A variable name starting $header_ (or just $h_ for those who like
706abbreviations) might not be the complete header name because headers can
707contain any printing characters in their names, except ':'. This function is
708called to read the rest of the name, chop h[eader]_ off the front, and put ':'
709on the end, if the name was terminated by white space.
710
711Arguments:
712 name points to a buffer in which the name read so far exists
713 max is the length of the buffer
714 s points to the first character after the name so far, i.e. the
715 first non-alphameric character after $header_xxxxx
716
717Returns: a pointer to the first character after the header name
718*/
719
720static uschar *
721read_header_name(uschar *name, int max, uschar *s)
722{
723int prelen = Ustrchr(name, '_') - name + 1;
724int ptr = Ustrlen(name) - prelen;
725if (ptr > 0) memmove(name, name+prelen, ptr);
726while (mac_isgraph(*s) && *s != ':')
727 {
728 if (ptr < max-1) name[ptr++] = *s;
729 s++;
730 }
731if (*s == ':') s++;
732name[ptr++] = ':';
733name[ptr] = 0;
734return s;
735}
736
737
738
739/*************************************************
740* Pick out a number from a string *
741*************************************************/
742
743/* Arguments:
744 n points to an integer into which to put the number
745 s points to the first digit of the number
746
747Returns: a pointer to the character after the last digit
748*/
749
750static uschar *
751read_number(int *n, uschar *s)
752{
753*n = 0;
754while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
755return s;
756}
757
758
759
760/*************************************************
761* Extract keyed subfield from a string *
762*************************************************/
763
764/* The yield is in dynamic store; NULL means that the key was not found.
765
766Arguments:
767 key points to the name of the key
768 s points to the string from which to extract the subfield
769
770Returns: NULL if the subfield was not found, or
771 a pointer to the subfield's data
772*/
773
774static uschar *
775expand_getkeyed(uschar *key, uschar *s)
776{
777int length = Ustrlen(key);
778while (isspace(*s)) s++;
779
780/* Loop to search for the key */
781
782while (*s != 0)
783 {
784 int dkeylength;
785 uschar *data;
786 uschar *dkey = s;
787
788 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
789 dkeylength = s - dkey;
790 while (isspace(*s)) s++;
791 if (*s == '=') while (isspace((*(++s))));
792
793 data = string_dequote(&s);
794 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
795 return data;
796
797 while (isspace(*s)) s++;
798 }
799
800return NULL;
801}
802
803
804
805
806/*************************************************
807* Extract numbered subfield from string *
808*************************************************/
809
810/* Extracts a numbered field from a string that is divided by tokens - for
811example a line from /etc/passwd is divided by colon characters. First field is
812numbered one. Negative arguments count from the right. Zero returns the whole
813string. Returns NULL if there are insufficient tokens in the string
814
815***WARNING***
816Modifies final argument - this is a dynamically generated string, so that's OK.
817
818Arguments:
819 field number of field to be extracted,
820 first field = 1, whole string = 0, last field = -1
821 separators characters that are used to break string into tokens
822 s points to the string from which to extract the subfield
823
824Returns: NULL if the field was not found,
825 a pointer to the field's data inside s (modified to add 0)
826*/
827
828static uschar *
829expand_gettokened (int field, uschar *separators, uschar *s)
830{
831int sep = 1;
832int count;
833uschar *ss = s;
834uschar *fieldtext = NULL;
835
836if (field == 0) return s;
837
838/* Break the line up into fields in place; for field > 0 we stop when we have
839done the number of fields we want. For field < 0 we continue till the end of
840the string, counting the number of fields. */
841
842count = (field > 0)? field : INT_MAX;
843
844while (count-- > 0)
845 {
846 size_t len;
847
848 /* Previous field was the last one in the string. For a positive field
849 number, this means there are not enough fields. For a negative field number,
850 check that there are enough, and scan back to find the one that is wanted. */
851
852 if (sep == 0)
853 {
854 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
855 if ((-field) == (INT_MAX - count - 1)) return s;
856 while (field++ < 0)
857 {
858 ss--;
859 while (ss[-1] != 0) ss--;
860 }
861 fieldtext = ss;
862 break;
863 }
864
865 /* Previous field was not last in the string; save its start and put a
866 zero at its end. */
867
868 fieldtext = ss;
869 len = Ustrcspn(ss, separators);
870 sep = ss[len];
871 ss[len] = 0;
872 ss += len + 1;
873 }
874
875return fieldtext;
876}
877
878
879
880/*************************************************
881* Extract a substring from a string *
882*************************************************/
883
884/* Perform the ${substr or ${length expansion operations.
885
886Arguments:
887 subject the input string
888 value1 the offset from the start of the input string to the start of
889 the output string; if negative, count from the right.
890 value2 the length of the output string, or negative (-1) for unset
891 if value1 is positive, unset means "all after"
892 if value1 is negative, unset means "all before"
893 len set to the length of the returned string
894
895Returns: pointer to the output string, or NULL if there is an error
896*/
897
898static uschar *
899extract_substr(uschar *subject, int value1, int value2, int *len)
900{
901int sublen = Ustrlen(subject);
902
903if (value1 < 0) /* count from right */
904 {
905 value1 += sublen;
906
907 /* If the position is before the start, skip to the start, and adjust the
908 length. If the length ends up negative, the substring is null because nothing
909 can precede. This falls out naturally when the length is unset, meaning "all
910 to the left". */
911
912 if (value1 < 0)
913 {
914 value2 += value1;
915 if (value2 < 0) value2 = 0;
916 value1 = 0;
917 }
918
919 /* Otherwise an unset length => characters before value1 */
920
921 else if (value2 < 0)
922 {
923 value2 = value1;
924 value1 = 0;
925 }
926 }
927
928/* For a non-negative offset, if the starting position is past the end of the
929string, the result will be the null string. Otherwise, an unset length means
930"rest"; just set it to the maximum - it will be cut down below if necessary. */
931
932else
933 {
934 if (value1 > sublen)
935 {
936 value1 = sublen;
937 value2 = 0;
938 }
939 else if (value2 < 0) value2 = sublen;
940 }
941
942/* Cut the length down to the maximum possible for the offset value, and get
943the required characters. */
944
945if (value1 + value2 > sublen) value2 = sublen - value1;
946*len = value2;
947return subject + value1;
948}
949
950
951
952
953/*************************************************
954* Old-style hash of a string *
955*************************************************/
956
957/* Perform the ${hash expansion operation.
958
959Arguments:
960 subject the input string (an expanded substring)
961 value1 the length of the output string; if greater or equal to the
962 length of the input string, the input string is returned
963 value2 the number of hash characters to use, or 26 if negative
964 len set to the length of the returned string
965
966Returns: pointer to the output string, or NULL if there is an error
967*/
968
969static uschar *
970compute_hash(uschar *subject, int value1, int value2, int *len)
971{
972int sublen = Ustrlen(subject);
973
974if (value2 < 0) value2 = 26;
975else if (value2 > Ustrlen(hashcodes))
976 {
977 expand_string_message =
978 string_sprintf("hash count \"%d\" too big", value2);
979 return NULL;
980 }
981
982/* Calculate the hash text. We know it is shorter than the original string, so
983can safely place it in subject[] (we know that subject is always itself an
984expanded substring). */
985
986if (value1 < sublen)
987 {
988 int c;
989 int i = 0;
990 int j = value1;
991 while ((c = (subject[j])) != 0)
992 {
993 int shift = (c + j++) & 7;
994 subject[i] ^= (c << shift) | (c >> (8-shift));
995 if (++i >= value1) i = 0;
996 }
997 for (i = 0; i < value1; i++)
998 subject[i] = hashcodes[(subject[i]) % value2];
999 }
1000else value1 = sublen;
1001
1002*len = value1;
1003return subject;
1004}
1005
1006
1007
1008
1009/*************************************************
1010* Numeric hash of a string *
1011*************************************************/
1012
1013/* Perform the ${nhash expansion operation. The first characters of the
1014string are treated as most important, and get the highest prime numbers.
1015
1016Arguments:
1017 subject the input string
1018 value1 the maximum value of the first part of the result
1019 value2 the maximum value of the second part of the result,
1020 or negative to produce only a one-part result
1021 len set to the length of the returned string
1022
1023Returns: pointer to the output string, or NULL if there is an error.
1024*/
1025
1026static uschar *
1027compute_nhash (uschar *subject, int value1, int value2, int *len)
1028{
1029uschar *s = subject;
1030int i = 0;
1031unsigned long int total = 0; /* no overflow */
1032
1033while (*s != 0)
1034 {
1035 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1036 total += prime[i--] * (unsigned int)(*s++);
1037 }
1038
1039/* If value2 is unset, just compute one number */
1040
1041if (value2 < 0)
1042 {
1043 s = string_sprintf("%d", total % value1);
1044 }
1045
1046/* Otherwise do a div/mod hash */
1047
1048else
1049 {
1050 total = total % (value1 * value2);
1051 s = string_sprintf("%d/%d", total/value2, total % value2);
1052 }
1053
1054*len = Ustrlen(s);
1055return s;
1056}
1057
1058
1059
1060
1061
1062/*************************************************
1063* Find the value of a header or headers *
1064*************************************************/
1065
1066/* Multiple instances of the same header get concatenated, and this function
1067can also return a concatenation of all the header lines. When concatenating
1068specific headers that contain lists of addresses, a comma is inserted between
1069them. Otherwise we use a straight concatenation. Because some messages can have
1070pathologically large number of lines, there is a limit on the length that is
1071returned. Also, to avoid massive store use which would result from using
1072string_cat() as it copies and extends strings, we do a preliminary pass to find
1073out exactly how much store will be needed. On "normal" messages this will be
1074pretty trivial.
1075
1076Arguments:
1077 name the name of the header, without the leading $header_ or $h_,
1078 or NULL if a concatenation of all headers is required
1079 exists_only TRUE if called from a def: test; don't need to build a string;
1080 just return a string that is not "" and not "0" if the header
1081 exists
1082 newsize return the size of memory block that was obtained; may be NULL
1083 if exists_only is TRUE
1084 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH		 1085 other than concatenating, will be done on the header. Also used
1086 for $message_headers_raw.
059ec3d9
PH		 1087 charset name of charset to translate MIME words to; used only if
1088 want_raw is false; if NULL, no translation is done (this is
1089 used for $bh_ and $bheader_)
1090
1091Returns: NULL if the header does not exist, else a pointer to a new
1092 store block
1093*/
1094
1095static uschar *
1096find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1097 uschar *charset)
1098{
1099BOOL found = name == NULL;
1100int comma = 0;
1101int len = found? 0 : Ustrlen(name);
1102int i;
1103uschar *yield = NULL;
1104uschar *ptr = NULL;
1105
1106/* Loop for two passes - saves code repetition */
1107
1108for (i = 0; i < 2; i++)
1109 {
1110 int size = 0;
1111 header_line *h;
1112
1113 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1114 {
1115 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1116 {
1117 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1118 {
1119 int ilen;
1120 uschar *t;
1121
1122 if (exists_only) return US"1"; /* don't need actual string */
1123 found = TRUE;
1124 t = h->text + len; /* text to insert */
1125 if (!want_raw) /* unless wanted raw, */
1126 while (isspace(*t)) t++; /* remove leading white space */
1127 ilen = h->slen - (t - h->text); /* length to insert */
1128
fd700877
PH		 1129 /* Unless wanted raw, remove trailing whitespace, including the
1130 newline. */
1131
1132 if (!want_raw)
1133 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1134
059ec3d9
PH		 1135 /* Set comma = 1 if handling a single header and it's one of those
1136 that contains an address list, except when asked for raw headers. Only
1137 need to do this once. */
1138
1139 if (!want_raw && name != NULL && comma == 0 &&
1140 Ustrchr("BCFRST", h->type) != NULL)
1141 comma = 1;
1142
1143 /* First pass - compute total store needed; second pass - compute
1144 total store used, including this header. */
1145
fd700877 1146 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH		 1147
1148 /* Second pass - concatentate the data, up to a maximum. Note that
1149 the loop stops when size hits the limit. */
1150
1151 if (i != 0)
1152 {
1153 if (size > header_insert_maxlen)
1154 {
fd700877 1155 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH		 1156 comma = 0;
1157 }
1158 Ustrncpy(ptr, t, ilen);
1159 ptr += ilen;
fd700877
PH		 1160
1161 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH		 1162 back the newline we removed above, provided there was some text in
1163 the header. */
fd700877 1164
3168332a 1165 if (!want_raw && ilen > 0)
059ec3d9 1166 {
3168332a 1167 if (comma != 0) *ptr++ = ',';
059ec3d9
PH		 1168 *ptr++ = '\n';
1169 }
1170 }
1171 }
1172 }
1173 }
1174
fd700877
PH		 1175 /* At end of first pass, return NULL if no header found. Then truncate size
1176 if necessary, and get the buffer to hold the data, returning the buffer size.
1177 */
059ec3d9
PH		 1178
1179 if (i == 0)
1180 {
1181 if (!found) return NULL;
1182 if (size > header_insert_maxlen) size = header_insert_maxlen;
1183 *newsize = size + 1;
1184 ptr = yield = store_get(*newsize);
1185 }
1186 }
1187
059ec3d9
PH		 1188/* That's all we do for raw header expansion. */
1189
1190if (want_raw)
1191 {
1192 *ptr = 0;
1193 }
1194
fd700877
PH		 1195/* Otherwise, remove a final newline and a redundant added comma. Then we do
1196RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH		 1197function can return an error with decoded data if the charset translation
1198fails. If decoding fails, it returns NULL. */
1199
1200else
1201 {
1202 uschar *decoded, *error;
3168332a 1203 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1204 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1205 *ptr = 0;
a0d6ba8a
PH		 1206 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1207 newsize, &error);
059ec3d9
PH		 1208 if (error != NULL)
1209 {
1210 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1211 " input was: %s\n", error, yield);
1212 }
1213 if (decoded != NULL) yield = decoded;
1214 }
1215
1216return yield;
1217}
1218
1219
1220
1221
1222/*************************************************
1223* Find value of a variable *
1224*************************************************/
1225
1226/* The table of variables is kept in alphabetic order, so we can search it
1227using a binary chop. The "choplen" variable is nothing to do with the binary
1228chop.
1229
1230Arguments:
1231 name the name of the variable being sought
1232 exists_only TRUE if this is a def: test; passed on to find_header()
1233 skipping TRUE => skip any processing evaluation; this is not the same as
1234 exists_only because def: may test for values that are first
1235 evaluated here
1236 newsize pointer to an int which is initially zero; if the answer is in
1237 a new memory buffer, *newsize is set to its size
1238
1239Returns: NULL if the variable does not exist, or
1240 a pointer to the variable's contents, or
1241 something non-NULL if exists_only is TRUE
1242*/
1243
1244static uschar *
1245find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1246{
1247int first = 0;
1248int last = var_table_size;
1249
38a0a95f
PH		 1250/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1251Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1252release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH		 1253characters are acl_c or acl_m and the sixth is either a digit or an underscore
1254(this gave backwards compatibility at the changeover). There may be built-in
1255variables whose names start acl_ but they should never start in this way. This
1256slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1257
38a0a95f
PH		 1258If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1259set, in which case give an error. */
47ca6d6c 1260
641cb756
PH		 1261if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1262 !isalpha(name[5]))
38a0a95f
PH		 1263 {
1264 tree_node *node =
1265 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1266 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH		 1267 }
1268
38a0a95f 1269/* Handle $auth<n> variables. */
f78eb7c6
PH		 1270
1271if (Ustrncmp(name, "auth", 4) == 0)
1272 {
1273 uschar *endptr;
1274 int n = Ustrtoul(name + 4, &endptr, 10);
1275 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1276 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1277 }
1278
47ca6d6c
PH		 1279/* For all other variables, search the table */
1280
059ec3d9
PH		 1281while (last > first)
1282 {
1283 uschar *s, *domain;
1284 uschar **ss;
1285 int middle = (first + last)/2;
1286 int c = Ustrcmp(name, var_table[middle].name);
1287
1288 if (c > 0) { first = middle + 1; continue; }
1289 if (c < 0) { last = middle; continue; }
1290
1291 /* Found an existing variable. If in skipping state, the value isn't needed,
47ca6d6c 1292 and we want to avoid processing (such as looking up the host name). */
059ec3d9
PH		 1293
1294 if (skipping) return US"";
1295
1296 switch (var_table[middle].type)
1297 {
fb2274d4
TK		 1298#ifdef EXPERIMENTAL_DOMAINKEYS
1299
1300 case vtype_dk_verify:
cacfbf29 1301 if (dk_verify_block == NULL) return US"";
fb2274d4
TK		 1302 s = NULL;
1303 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1304 s = dk_verify_block->result_string;
1305 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1306 s = dk_verify_block->address;
1307 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1308 s = dk_verify_block->domain;
1309 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1310 s = dk_verify_block->local_part;
84330b7b 1311
fb2274d4
TK		 1312 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1313 switch(dk_verify_block->address_source) {
a8d97c8a
PH		 1314 case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
1315 case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
1316 case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
fb2274d4
TK		 1317 }
1318
1319 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1320 switch(dk_verify_block->result) {
a8d97c8a
PH		 1321 case DK_EXIM_RESULT_ERR: s = US"error"; break;
1322 case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
1323 case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
1324 case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
1325 case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
1326 case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
1327 case DK_EXIM_RESULT_GOOD: s = US"good"; break;
1328 case DK_EXIM_RESULT_BAD: s = US"bad"; break;
fb2274d4 1329 }
84330b7b 1330
fb2274d4 1331 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
a8d97c8a 1332 s = (dk_verify_block->signsall)? US"1" : US"0";
84330b7b 1333
fb2274d4 1334 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
a8d97c8a 1335 s = (dk_verify_block->testing)? US"1" : US"0";
84330b7b 1336
fb2274d4 1337 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
a8d97c8a 1338 s = (dk_verify_block->is_signed)? US"1" : US"0";
84330b7b 1339
fb2274d4
TK		 1340 return (s == NULL)? US"" : s;
1341#endif
1342
9a26b6b2
PH		 1343 case vtype_filter_int:
1344 if (!filter_running) return NULL;
1345 /* Fall through */
1346 /* VVVVVVVVVVVV */
059ec3d9
PH		 1347 case vtype_int:
1348 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1349 return var_buffer;
1350
1351 case vtype_ino:
1352 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1353 return var_buffer;
1354
1355 case vtype_gid:
1356 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1357 return var_buffer;
1358
1359 case vtype_uid:
1360 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1361 return var_buffer;
1362
1363 case vtype_stringptr: /* Pointer to string */
1364 s = *((uschar **)(var_table[middle].value));
1365 return (s == NULL)? US"" : s;
1366
1367 case vtype_pid:
1368 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1369 return var_buffer;
1370
1371 case vtype_load_avg:
1372 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1373 return var_buffer;
1374
1375 case vtype_host_lookup: /* Lookup if not done so */
1376 if (sender_host_name == NULL && sender_host_address != NULL &&
1377 !host_lookup_failed && host_name_lookup() == OK)
1378 host_build_sender_fullhost();
1379 return (sender_host_name == NULL)? US"" : sender_host_name;
1380
1381 case vtype_localpart: /* Get local part from address */
1382 s = *((uschar **)(var_table[middle].value));
1383 if (s == NULL) return US"";
1384 domain = Ustrrchr(s, '@');
1385 if (domain == NULL) return s;
1386 if (domain - s > sizeof(var_buffer) - 1)
1387 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1388 "string expansion", sizeof(var_buffer));
1389 Ustrncpy(var_buffer, s, domain - s);
1390 var_buffer[domain - s] = 0;
1391 return var_buffer;
1392
1393 case vtype_domain: /* Get domain from address */
1394 s = *((uschar **)(var_table[middle].value));
1395 if (s == NULL) return US"";
1396 domain = Ustrrchr(s, '@');
1397 return (domain == NULL)? US"" : domain + 1;
1398
1399 case vtype_msgheaders:
1400 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1401
ff75a1f7
PH		 1402 case vtype_msgheaders_raw:
1403 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1404
059ec3d9
PH		 1405 case vtype_msgbody: /* Pointer to msgbody string */
1406 case vtype_msgbody_end: /* Ditto, the end of the msg */
1407 ss = (uschar **)(var_table[middle].value);
1408 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1409 {
1410 uschar *body;
0d7eb84a 1411 off_t start_offset = SPOOL_DATA_START_OFFSET;
059ec3d9
PH		 1412 int len = message_body_visible;
1413 if (len > message_size) len = message_size;
1414 *ss = body = store_malloc(len+1);
1415 body[0] = 0;
1416 if (var_table[middle].type == vtype_msgbody_end)
1417 {
1418 struct stat statbuf;
1419 if (fstat(deliver_datafile, &statbuf) == 0)
1420 {
1421 start_offset = statbuf.st_size - len;
1422 if (start_offset < SPOOL_DATA_START_OFFSET)
1423 start_offset = SPOOL_DATA_START_OFFSET;
1424 }
1425 }
1426 lseek(deliver_datafile, start_offset, SEEK_SET);
1427 len = read(deliver_datafile, body, len);
1428 if (len > 0)
1429 {
1430 body[len] = 0;
1431 while (len > 0)
1432 {
1433 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1434 }
1435 }
1436 }
1437 return (*ss == NULL)? US"" : *ss;
1438
1439 case vtype_todbsdin: /* BSD inbox time of day */
1440 return tod_stamp(tod_bsdin);
1441
1442 case vtype_tode: /* Unix epoch time of day */
1443 return tod_stamp(tod_epoch);
1444
1445 case vtype_todf: /* Full time of day */
1446 return tod_stamp(tod_full);
1447
1448 case vtype_todl: /* Log format time of day */
1449 return tod_stamp(tod_log_bare); /* (without timezone) */
1450
1451 case vtype_todzone: /* Time zone offset only */
1452 return tod_stamp(tod_zone);
1453
1454 case vtype_todzulu: /* Zulu time */
1455 return tod_stamp(tod_zulu);
1456
1457 case vtype_todlf: /* Log file datestamp tod */
1458 return tod_stamp(tod_log_datestamp);
1459
1460 case vtype_reply: /* Get reply address */
c8ea1597 1461 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
059ec3d9 1462 headers_charset);
6979240a 1463 if (s != NULL) while (isspace(*s)) s++;
059ec3d9 1464 if (s == NULL || *s == 0)
41a13e0a
PH		 1465 {
1466 *newsize = 0; /* For the *s==0 case */
c8ea1597
PH		 1467 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1468 }
1469 if (s != NULL)
1470 {
1471 uschar *t;
1472 while (isspace(*s)) s++;
1473 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
6979240a
PH		 1474 while (t > s && isspace(t[-1])) t--;
1475 *t = 0;
41a13e0a 1476 }
059ec3d9
PH		 1477 return (s == NULL)? US"" : s;
1478
1479 /* A recipients list is available only during system message filtering,
1480 during ACL processing after DATA, and while expanding pipe commands
1481 generated from a system filter, but not elsewhere. */
1482
1483 case vtype_recipients:
1484 if (!enable_dollar_recipients) return NULL; else
1485 {
1486 int size = 128;
1487 int ptr = 0;
1488 int i;
1489 s = store_get(size);
1490 for (i = 0; i < recipients_count; i++)
1491 {
1492 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1493 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1494 Ustrlen(recipients_list[i].address));
1495 }
1496 s[ptr] = 0; /* string_cat() leaves room */
1497 }
1498 return s;
8e669ac1 1499
5cb8cbc6
PH		 1500 case vtype_pspace:
1501 {
1502 int inodes;
8e669ac1
PH		 1503 sprintf(CS var_buffer, "%d",
1504 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
5cb8cbc6
PH		 1505 }
1506 return var_buffer;
8e669ac1 1507
5cb8cbc6
PH		 1508 case vtype_pinodes:
1509 {
1510 int inodes;
8e669ac1 1511 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
5cb8cbc6
PH		 1512 sprintf(CS var_buffer, "%d", inodes);
1513 }
1514 return var_buffer;
059ec3d9
PH		 1515 }
1516 }
1517
1518return NULL; /* Unknown variable name */
1519}
1520
1521
1522
1523
1524/*************************************************
1525* Read and expand substrings *
1526*************************************************/
1527
1528/* This function is called to read and expand argument substrings for various
1529expansion items. Some have a minimum requirement that is less than the maximum;
1530in these cases, the first non-present one is set to NULL.
1531
1532Arguments:
1533 sub points to vector of pointers to set
1534 n maximum number of substrings
1535 m minimum required
1536 sptr points to current string pointer
1537 skipping the skipping flag
1538 check_end if TRUE, check for final '}'
1539 name name of item, for error message
1540
1541Returns: 0 OK; string pointer updated
1542 1 curly bracketing error (too few arguments)
1543 2 too many arguments (only if check_end is set); message set
1544 3 other error (expansion failure)
1545*/
1546
1547static int
1548read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1549 BOOL check_end, uschar *name)
1550{
1551int i;
1552uschar *s = *sptr;
1553
1554while (isspace(*s)) s++;
1555for (i = 0; i < n; i++)
1556 {
1557 if (*s != '{')
1558 {
1559 if (i < m) return 1;
1560 sub[i] = NULL;
1561 break;
1562 }
1563 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1564 if (sub[i] == NULL) return 3;
1565 if (*s++ != '}') return 1;
1566 while (isspace(*s)) s++;
1567 }
1568if (check_end && *s++ != '}')
1569 {
1570 if (s[-1] == '{')
1571 {
1572 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1573 "(max is %d)", name, n);
1574 return 2;
1575 }
1576 return 1;
1577 }
1578
1579*sptr = s;
1580return 0;
1581}
1582
1583
1584
1585
641cb756
PH		 1586/*************************************************
1587* Elaborate message for bad variable *
1588*************************************************/
1589
1590/* For the "unknown variable" message, take a look at the variable's name, and
1591give additional information about possible ACL variables. The extra information
1592is added on to expand_string_message.
1593
1594Argument: the name of the variable
1595Returns: nothing
1596*/
1597
1598static void
1599check_variable_error_message(uschar *name)
1600{
1601if (Ustrncmp(name, "acl_", 4) == 0)
1602 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1603 (name[4] == 'c' || name[4] == 'm')?
1604 (isalpha(name[5])?
1605 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1606 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1607 ) :
1608 US"user-defined ACL variables must start acl_c or acl_m");
1609}
1610
1611
1612
059ec3d9
PH		 1613/*************************************************
1614* Read and evaluate a condition *
1615*************************************************/
1616
1617/*
1618Arguments:
1619 s points to the start of the condition text
1620 yield points to a BOOL to hold the result of the condition test;
1621 if NULL, we are just reading through a condition that is
1622 part of an "or" combination to check syntax, or in a state
1623 where the answer isn't required
1624
1625Returns: a pointer to the first character after the condition, or
1626 NULL after an error
1627*/
1628
1629static uschar *
1630eval_condition(uschar *s, BOOL *yield)
1631{
1632BOOL testfor = TRUE;
1633BOOL tempcond, combined_cond;
1634BOOL *subcondptr;
1635int i, rc, cond_type, roffset;
1636int num[2];
1637struct stat statbuf;
1638uschar name[256];
1639uschar *sub[4];
1640
1641const pcre *re;
1642const uschar *rerror;
1643
1644for (;;)
1645 {
1646 while (isspace(*s)) s++;
1647 if (*s == '!') { testfor = !testfor; s++; } else break;
1648 }
1649
1650/* Numeric comparisons are symbolic */
1651
1652if (*s == '=' || *s == '>' || *s == '<')
1653 {
1654 int p = 0;
1655 name[p++] = *s++;
1656 if (*s == '=')
1657 {
1658 name[p++] = '=';
1659 s++;
1660 }
1661 name[p] = 0;
1662 }
1663
1664/* All other conditions are named */
1665
1666else s = read_name(name, 256, s, US"_");
1667
1668/* If we haven't read a name, it means some non-alpha character is first. */
1669
1670if (name[0] == 0)
1671 {
1672 expand_string_message = string_sprintf("condition name expected, "
1673 "but found \"%.16s\"", s);
1674 return NULL;
1675 }
1676
1677/* Find which condition we are dealing with, and switch on it */
1678
1679cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1680switch(cond_type)
1681 {
9b4768fa
PH		 1682 /* def: tests for a non-empty variable, or for the existence of a header. If
1683 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH		 1684
1685 case ECOND_DEF:
1686 if (*s != ':')
1687 {
1688 expand_string_message = US"\":\" expected after \"def\"";
1689 return NULL;
1690 }
1691
1692 s = read_name(name, 256, s+1, US"_");
1693
0d85fa3f
PH		 1694 /* Test for a header's existence. If the name contains a closing brace
1695 character, this may be a user error where the terminating colon has been
1696 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH		 1697
1698 if (Ustrncmp(name, "h_", 2) == 0 ||
1699 Ustrncmp(name, "rh_", 3) == 0 ||
1700 Ustrncmp(name, "bh_", 3) == 0 ||
1701 Ustrncmp(name, "header_", 7) == 0 ||
1702 Ustrncmp(name, "rheader_", 8) == 0 ||
1703 Ustrncmp(name, "bheader_", 8) == 0)
1704 {
1705 s = read_header_name(name, 256, s);
0d85fa3f 1706 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH		 1707 if (yield != NULL) *yield =
1708 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1709 }
1710
9b4768fa
PH		 1711 /* Test for a variable's having a non-empty value. A non-existent variable
1712 causes an expansion failure. */
059ec3d9
PH		 1713
1714 else
1715 {
1716 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1717 if (value == NULL)
1718 {
1719 expand_string_message = (name[0] == 0)?
1720 string_sprintf("variable name omitted after \"def:\"") :
1721 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 1722 check_variable_error_message(name);
059ec3d9
PH		 1723 return NULL;
1724 }
9b4768fa 1725 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH		 1726 }
1727
1728 return s;
1729
1730
1731 /* first_delivery tests for first delivery attempt */
1732
1733 case ECOND_FIRST_DELIVERY:
1734 if (yield != NULL) *yield = deliver_firsttime == testfor;
1735 return s;
1736
1737
1738 /* queue_running tests for any process started by a queue runner */
1739
1740 case ECOND_QUEUE_RUNNING:
1741 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1742 return s;
1743
1744
1745 /* exists: tests for file existence
1746 isip: tests for any IP address
1747 isip4: tests for an IPv4 address
1748 isip6: tests for an IPv6 address
1749 pam: does PAM authentication
1750 radius: does RADIUS authentication
1751 ldapauth: does LDAP authentication
1752 pwcheck: does Cyrus SASL pwcheck authentication
1753 */
1754
1755 case ECOND_EXISTS:
1756 case ECOND_ISIP:
1757 case ECOND_ISIP4:
1758 case ECOND_ISIP6:
1759 case ECOND_PAM:
1760 case ECOND_RADIUS:
1761 case ECOND_LDAPAUTH:
1762 case ECOND_PWCHECK:
1763
1764 while (isspace(*s)) s++;
1765 if (*s != '{') goto COND_FAILED_CURLY_START;
1766
1767 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1768 if (sub[0] == NULL) return NULL;
1769 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1770
1771 if (yield == NULL) return s; /* No need to run the test if skipping */
1772
1773 switch(cond_type)
1774 {
1775 case ECOND_EXISTS:
1776 if ((expand_forbid & RDO_EXISTS) != 0)
1777 {
1778 expand_string_message = US"File existence tests are not permitted";
1779 return NULL;
1780 }
1781 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1782 break;
1783
1784 case ECOND_ISIP:
1785 case ECOND_ISIP4:
1786 case ECOND_ISIP6:
1787 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 1788 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH		 1789 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1790 break;
1791
1792 /* Various authentication tests - all optionally compiled */
1793
1794 case ECOND_PAM:
1795 #ifdef SUPPORT_PAM
1796 rc = auth_call_pam(sub[0], &expand_string_message);
1797 goto END_AUTH;
1798 #else
1799 goto COND_FAILED_NOT_COMPILED;
1800 #endif /* SUPPORT_PAM */
1801
1802 case ECOND_RADIUS:
1803 #ifdef RADIUS_CONFIG_FILE
1804 rc = auth_call_radius(sub[0], &expand_string_message);
1805 goto END_AUTH;
1806 #else
1807 goto COND_FAILED_NOT_COMPILED;
1808 #endif /* RADIUS_CONFIG_FILE */
1809
1810 case ECOND_LDAPAUTH:
1811 #ifdef LOOKUP_LDAP
1812 {
1813 /* Just to keep the interface the same */
1814 BOOL do_cache;
1815 int old_pool = store_pool;
1816 store_pool = POOL_SEARCH;
1817 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1818 &expand_string_message, &do_cache);
1819 store_pool = old_pool;
1820 }
1821 goto END_AUTH;
1822 #else
1823 goto COND_FAILED_NOT_COMPILED;
1824 #endif /* LOOKUP_LDAP */
1825
1826 case ECOND_PWCHECK:
1827 #ifdef CYRUS_PWCHECK_SOCKET
1828 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1829 goto END_AUTH;
1830 #else
1831 goto COND_FAILED_NOT_COMPILED;
1832 #endif /* CYRUS_PWCHECK_SOCKET */
1833
1834 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1835 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1836 END_AUTH:
1837 if (rc == ERROR || rc == DEFER) return NULL;
1838 *yield = (rc == OK) == testfor;
1839 #endif
1840 }
1841 return s;
1842
1843
1844 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1845
1846 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1847
1848 However, the last two are optional. That is why the whole set is enclosed
1849 in their own set or braces. */
1850
1851 case ECOND_SASLAUTHD:
1852 #ifndef CYRUS_SASLAUTHD_SOCKET
1853 goto COND_FAILED_NOT_COMPILED;
1854 #else
1855 while (isspace(*s)) s++;
1856 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1857 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1858 {
1859 case 1: expand_string_message = US"too few arguments or bracketing "
1860 "error for saslauthd";
1861 case 2:
1862 case 3: return NULL;
1863 }
1864 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1865 if (yield != NULL)
1866 {
1867 int rc;
1868 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1869 &expand_string_message);
1870 if (rc == ERROR || rc == DEFER) return NULL;
1871 *yield = (rc == OK) == testfor;
1872 }
1873 return s;
1874 #endif /* CYRUS_SASLAUTHD_SOCKET */
1875
1876
1877 /* symbolic operators for numeric and string comparison, and a number of
1878 other operators, all requiring two arguments.
1879
1880 match: does a regular expression match and sets up the numerical
1881 variables if it succeeds
1882 match_address: matches in an address list
1883 match_domain: matches in a domain list
32d668a5 1884 match_ip: matches a host list that is restricted to IP addresses
059ec3d9
PH		 1885 match_local_part: matches in a local part list
1886 crypteq: encrypts plaintext and compares against an encrypted text,
1887 using crypt(), crypt16(), MD5 or SHA-1
1888 */
1889
1890 case ECOND_MATCH:
1891 case ECOND_MATCH_ADDRESS:
1892 case ECOND_MATCH_DOMAIN:
32d668a5 1893 case ECOND_MATCH_IP:
059ec3d9
PH		 1894 case ECOND_MATCH_LOCAL_PART:
1895 case ECOND_CRYPTEQ:
1896
1897 case ECOND_NUM_L: /* Numerical comparisons */
1898 case ECOND_NUM_LE:
1899 case ECOND_NUM_E:
1900 case ECOND_NUM_EE:
1901 case ECOND_NUM_G:
1902 case ECOND_NUM_GE:
1903
1904 case ECOND_STR_LT: /* String comparisons */
1905 case ECOND_STR_LTI:
1906 case ECOND_STR_LE:
1907 case ECOND_STR_LEI:
1908 case ECOND_STR_EQ:
1909 case ECOND_STR_EQI:
1910 case ECOND_STR_GT:
1911 case ECOND_STR_GTI:
1912 case ECOND_STR_GE:
1913 case ECOND_STR_GEI:
1914
1915 for (i = 0; i < 2; i++)
1916 {
1917 while (isspace(*s)) s++;
1918 if (*s != '{')
1919 {
1920 if (i == 0) goto COND_FAILED_CURLY_START;
1921 expand_string_message = string_sprintf("missing 2nd string in {} "
1922 "after \"%s\"", name);
1923 return NULL;
1924 }
1925 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1926 if (sub[i] == NULL) return NULL;
1927 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1928
1929 /* Convert to numerical if required; we know that the names of all the
1930 conditions that compare numbers do not start with a letter. This just saves
1931 checking for them individually. */
1932
1933 if (!isalpha(name[0]))
1934 {
d45b1de8
PH		 1935 num[i] = expand_string_integer(sub[i], FALSE);
1936 if (expand_string_message != NULL) return NULL;
059ec3d9
PH		 1937 }
1938 }
1939
1940 /* Result not required */
1941
1942 if (yield == NULL) return s;
1943
1944 /* Do an appropriate comparison */
1945
1946 switch(cond_type)
1947 {
1948 case ECOND_NUM_E:
1949 case ECOND_NUM_EE:
1950 *yield = (num[0] == num[1]) == testfor;
1951 break;
1952
1953 case ECOND_NUM_G:
1954 *yield = (num[0] > num[1]) == testfor;
1955 break;
1956
1957 case ECOND_NUM_GE:
1958 *yield = (num[0] >= num[1]) == testfor;
1959 break;
1960
1961 case ECOND_NUM_L:
1962 *yield = (num[0] < num[1]) == testfor;
1963 break;
1964
1965 case ECOND_NUM_LE:
1966 *yield = (num[0] <= num[1]) == testfor;
1967 break;
1968
1969 case ECOND_STR_LT:
1970 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1971 break;
1972
1973 case ECOND_STR_LTI:
1974 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1975 break;
1976
1977 case ECOND_STR_LE:
1978 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1979 break;
1980
1981 case ECOND_STR_LEI:
1982 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1983 break;
1984
1985 case ECOND_STR_EQ:
1986 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1987 break;
1988
1989 case ECOND_STR_EQI:
1990 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1991 break;
1992
1993 case ECOND_STR_GT:
1994 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1995 break;
1996
1997 case ECOND_STR_GTI:
1998 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1999 break;
2000
2001 case ECOND_STR_GE:
2002 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2003 break;
2004
2005 case ECOND_STR_GEI:
2006 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2007 break;
2008
2009 case ECOND_MATCH: /* Regular expression match */
2010 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2011 NULL);
2012 if (re == NULL)
2013 {
2014 expand_string_message = string_sprintf("regular expression error in "
2015 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2016 return NULL;
2017 }
2018 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2019 break;
2020
2021 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2022 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2023 goto MATCHED_SOMETHING;
2024
2025 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2026 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2027 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2028 goto MATCHED_SOMETHING;
2029
32d668a5 2030 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2031 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH		 2032 {
2033 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2034 sub[0]);
2035 return NULL;
2036 }
2037 else
2038 {
2039 unsigned int *nullcache = NULL;
2040 check_host_block cb;
2041
2042 cb.host_name = US"";
2043 cb.host_address = sub[0];
2044
2045 /* If the host address starts off ::ffff: it is an IPv6 address in
2046 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2047 addresses. */
2048
2049 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2050 cb.host_address + 7 : cb.host_address;
2051
2052 rc = match_check_list(
2053 &sub[1], /* the list */
2054 0, /* separator character */
2055 &hostlist_anchor, /* anchor pointer */
2056 &nullcache, /* cache pointer */
2057 check_host, /* function for testing */
2058 &cb, /* argument for function */
2059 MCL_HOST, /* type of check */
2060 sub[0], /* text for debugging */
2061 NULL); /* where to pass back data */
2062 }
2063 goto MATCHED_SOMETHING;
2064
059ec3d9
PH		 2065 case ECOND_MATCH_LOCAL_PART:
2066 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2067 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2068 /* Fall through */
9a26b6b2 2069 /* VVVVVVVVVVVV */
059ec3d9
PH		 2070 MATCHED_SOMETHING:
2071 switch(rc)
2072 {
2073 case OK:
2074 *yield = testfor;
2075 break;
2076
2077 case FAIL:
2078 *yield = !testfor;
2079 break;
2080
2081 case DEFER:
2082 expand_string_message = string_sprintf("unable to complete match "
2083 "against \"%s\": %s", sub[1], search_error_message);
2084 return NULL;
2085 }
2086
2087 break;
2088
2089 /* Various "encrypted" comparisons. If the second string starts with
2090 "{" then an encryption type is given. Default to crypt() or crypt16()
2091 (build-time choice). */
2092
2093 case ECOND_CRYPTEQ:
2094 #ifndef SUPPORT_CRYPTEQ
2095 goto COND_FAILED_NOT_COMPILED;
2096 #else
2097 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2098 {
2099 int sublen = Ustrlen(sub[1]+5);
2100 md5 base;
2101 uschar digest[16];
2102
2103 md5_start(&base);
2104 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2105
2106 /* If the length that we are comparing against is 24, the MD5 digest
2107 is expressed as a base64 string. This is the way LDAP does it. However,
2108 some other software uses a straightforward hex representation. We assume
2109 this if the length is 32. Other lengths fail. */
2110
2111 if (sublen == 24)
2112 {
2113 uschar *coded = auth_b64encode((uschar *)digest, 16);
2114 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2115 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2116 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2117 }
2118 else if (sublen == 32)
2119 {
2120 int i;
2121 uschar coded[36];
2122 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2123 coded[32] = 0;
2124 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2125 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2126 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2127 }
2128 else
2129 {
2130 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2131 "fail\n crypted=%s\n", sub[1]+5);
2132 *yield = !testfor;
2133 }
2134 }
2135
2136 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2137 {
2138 int sublen = Ustrlen(sub[1]+6);
2139 sha1 base;
2140 uschar digest[20];
2141
2142 sha1_start(&base);
2143 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2144
2145 /* If the length that we are comparing against is 28, assume the SHA1
2146 digest is expressed as a base64 string. If the length is 40, assume a
2147 straightforward hex representation. Other lengths fail. */
2148
2149 if (sublen == 28)
2150 {
2151 uschar *coded = auth_b64encode((uschar *)digest, 20);
2152 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2153 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2154 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2155 }
2156 else if (sublen == 40)
2157 {
2158 int i;
2159 uschar coded[44];
2160 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2161 coded[40] = 0;
2162 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2163 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2164 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2165 }
2166 else
2167 {
2168 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2169 "fail\n crypted=%s\n", sub[1]+6);
2170 *yield = !testfor;
2171 }
2172 }
2173
2174 else /* {crypt} or {crypt16} and non-{ at start */
2175 {
2176 int which = 0;
2177 uschar *coded;
2178
2179 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2180 {
2181 sub[1] += 7;
2182 which = 1;
2183 }
2184 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2185 {
2186 sub[1] += 9;
2187 which = 2;
2188 }
2189 else if (sub[1][0] == '{')
2190 {
2191 expand_string_message = string_sprintf("unknown encryption mechanism "
2192 "in \"%s\"", sub[1]);
2193 return NULL;
2194 }
2195
2196 switch(which)
2197 {
2198 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2199 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2200 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2201 }
2202
2203 #define STR(s) # s
2204 #define XSTR(s) STR(s)
2205 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2206 " subject=%s\n crypted=%s\n",
2207 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2208 coded, sub[1]);
2209 #undef STR
2210 #undef XSTR
2211
2212 /* If the encrypted string contains fewer than two characters (for the
2213 salt), force failure. Otherwise we get false positives: with an empty
2214 string the yield of crypt() is an empty string! */
2215
2216 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2217 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2218 }
2219 break;
2220 #endif /* SUPPORT_CRYPTEQ */
2221 } /* Switch for comparison conditions */
2222
2223 return s; /* End of comparison conditions */
2224
2225
2226 /* and/or: computes logical and/or of several conditions */
2227
2228 case ECOND_AND:
2229 case ECOND_OR:
2230 subcondptr = (yield == NULL)? NULL : &tempcond;
2231 combined_cond = (cond_type == ECOND_AND);
2232
2233 while (isspace(*s)) s++;
2234 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2235
2236 for (;;)
2237 {
2238 while (isspace(*s)) s++;
2239 if (*s == '}') break;
2240 if (*s != '{')
2241 {
2242 expand_string_message = string_sprintf("each subcondition "
2243 "inside an \"%s{...}\" condition must be in its own {}", name);
2244 return NULL;
2245 }
2246
2247 s = eval_condition(s+1, subcondptr);
2248 if (s == NULL)
2249 {
2250 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2251 expand_string_message, name);
2252 return NULL;
2253 }
2254 while (isspace(*s)) s++;
2255
2256 if (*s++ != '}')
2257 {
2258 expand_string_message = string_sprintf("missing } at end of condition "
2259 "inside \"%s\" group", name);
2260 return NULL;
2261 }
2262
2263 if (yield != NULL)
2264 {
2265 if (cond_type == ECOND_AND)
2266 {
2267 combined_cond &= tempcond;
2268 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2269 } /* evaluate any more */
2270 else
2271 {
2272 combined_cond |= tempcond;
2273 if (combined_cond) subcondptr = NULL; /* once true, don't */
2274 } /* evaluate any more */
2275 }
2276 }
2277
2278 if (yield != NULL) *yield = (combined_cond == testfor);
2279 return ++s;
2280
2281
2282 /* Unknown condition */
2283
2284 default:
2285 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2286 return NULL;
2287 } /* End switch on condition type */
2288
2289/* Missing braces at start and end of data */
2290
2291COND_FAILED_CURLY_START:
2292expand_string_message = string_sprintf("missing { after \"%s\"", name);
2293return NULL;
2294
2295COND_FAILED_CURLY_END:
2296expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2297 name);
2298return NULL;
2299
2300/* A condition requires code that is not compiled */
2301
2302#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2303 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2304 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2305COND_FAILED_NOT_COMPILED:
2306expand_string_message = string_sprintf("support for \"%s\" not compiled",
2307 name);
2308return NULL;
2309#endif
2310}
2311
2312
2313
2314
2315/*************************************************
2316* Save numerical variables *
2317*************************************************/
2318
2319/* This function is called from items such as "if" that want to preserve and
2320restore the numbered variables.
2321
2322Arguments:
2323 save_expand_string points to an array of pointers to set
2324 save_expand_nlength points to an array of ints for the lengths
2325
2326Returns: the value of expand max to save
2327*/
2328
2329static int
2330save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2331{
2332int i;
2333for (i = 0; i <= expand_nmax; i++)
2334 {
2335 save_expand_nstring[i] = expand_nstring[i];
2336 save_expand_nlength[i] = expand_nlength[i];
2337 }
2338return expand_nmax;
2339}
2340
2341
2342
2343/*************************************************
2344* Restore numerical variables *
2345*************************************************/
2346
2347/* This function restored saved values of numerical strings.
2348
2349Arguments:
2350 save_expand_nmax the number of strings to restore
2351 save_expand_string points to an array of pointers
2352 save_expand_nlength points to an array of ints
2353
2354Returns: nothing
2355*/
2356
2357static void
2358restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2359 int *save_expand_nlength)
2360{
2361int i;
2362expand_nmax = save_expand_nmax;
2363for (i = 0; i <= expand_nmax; i++)
2364 {
2365 expand_nstring[i] = save_expand_nstring[i];
2366 expand_nlength[i] = save_expand_nlength[i];
2367 }
2368}
2369
2370
2371
2372
2373
2374/*************************************************
2375* Handle yes/no substrings *
2376*************************************************/
2377
2378/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2379alternative substrings that depend on whether or not the condition was true,
2380or the lookup or extraction succeeded. The substrings always have to be
2381expanded, to check their syntax, but "skipping" is set when the result is not
2382needed - this avoids unnecessary nested lookups.
2383
2384Arguments:
2385 skipping TRUE if we were skipping when this item was reached
2386 yes TRUE if the first string is to be used, else use the second
2387 save_lookup a value to put back into lookup_value before the 2nd expansion
2388 sptr points to the input string pointer
2389 yieldptr points to the output string pointer
2390 sizeptr points to the output string size
2391 ptrptr points to the output string pointer
2392 type "lookup" or "if" or "extract" or "run", for error message
2393
2394Returns: 0 OK; lookup_value has been reset to save_lookup
2395 1 expansion failed
2396 2 expansion failed because of bracketing error
2397*/
2398
2399static int
2400process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2401 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2402{
2403int rc = 0;
2404uschar *s = *sptr; /* Local value */
2405uschar *sub1, *sub2;
2406
2407/* If there are no following strings, we substitute the contents of $value for
063b1e99 2408lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 2409"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 2410items. */
059ec3d9
PH		 2411
2412while (isspace(*s)) s++;
2413if (*s == '}')
2414 {
063b1e99
PH		 2415 if (type[0] == 'i')
2416 {
8e669ac1 2417 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH		 2418 }
2419 else
8e669ac1 2420 {
063b1e99
PH		 2421 if (yes && lookup_value != NULL)
2422 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2423 Ustrlen(lookup_value));
2424 lookup_value = save_lookup;
2425 }
059ec3d9
PH		 2426 s++;
2427 goto RETURN;
2428 }
2429
9b4768fa
PH		 2430/* The first following string must be braced. */
2431
2432if (*s++ != '{') goto FAILED_CURLY;
2433
059ec3d9
PH		 2434/* Expand the first substring. Forced failures are noticed only if we actually
2435want this string. Set skipping in the call in the fail case (this will always
2436be the case if we were already skipping). */
2437
9b4768fa 2438sub1 = expand_string_internal(s, TRUE, &s, !yes);
059ec3d9
PH		 2439if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2440expand_string_forcedfail = FALSE;
2441if (*s++ != '}') goto FAILED_CURLY;
2442
2443/* If we want the first string, add it to the output */
2444
2445if (yes)
2446 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2447
2448/* If this is called from a lookup or an extract, we want to restore $value to
2449what it was at the start of the item, so that it has this value during the
d20976dc
PH		 2450second string expansion. For the call from "if" or "run" to this function,
2451save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH		 2452
2453lookup_value = save_lookup;
2454
2455/* There now follows either another substring, or "fail", or nothing. This
2456time, forced failures are noticed only if we want the second string. We must
2457set skipping in the nested call if we don't want this string, or if we were
2458already skipping. */
2459
2460while (isspace(*s)) s++;
2461if (*s == '{')
2462 {
2463 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2464 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2465 expand_string_forcedfail = FALSE;
2466 if (*s++ != '}') goto FAILED_CURLY;
2467
2468 /* If we want the second string, add it to the output */
2469
2470 if (!yes)
2471 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2472 }
2473
2474/* If there is no second string, but the word "fail" is present when the use of
2475the second string is wanted, set a flag indicating it was a forced failure
2476rather than a syntactic error. Swallow the terminating } in case this is nested
2477inside another lookup or if or extract. */
2478
2479else if (*s != '}')
2480 {
2481 uschar name[256];
2482 s = read_name(name, sizeof(name), s, US"_");
2483 if (Ustrcmp(name, "fail") == 0)
2484 {
2485 if (!yes && !skipping)
2486 {
2487 while (isspace(*s)) s++;
2488 if (*s++ != '}') goto FAILED_CURLY;
2489 expand_string_message =
2490 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2491 expand_string_forcedfail = TRUE;
2492 goto FAILED;
2493 }
2494 }
2495 else
2496 {
2497 expand_string_message =
2498 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2499 goto FAILED;
2500 }
2501 }
2502
2503/* All we have to do now is to check on the final closing brace. */
2504
2505while (isspace(*s)) s++;
2506if (*s++ == '}') goto RETURN;
2507
2508/* Get here if there is a bracketing failure */
2509
2510FAILED_CURLY:
2511rc++;
2512
2513/* Get here for other failures */
2514
2515FAILED:
2516rc++;
2517
2518/* Update the input pointer value before returning */
2519
2520RETURN:
2521*sptr = s;
2522return rc;
2523}
2524
2525
2526
2527
059ec3d9
PH		 2528/*************************************************
2529* Handle MD5 or SHA-1 computation for HMAC *
2530*************************************************/
2531
2532/* These are some wrapping functions that enable the HMAC code to be a bit
2533cleaner. A good compiler will spot the tail recursion.
2534
2535Arguments:
2536 type HMAC_MD5 or HMAC_SHA1
2537 remaining are as for the cryptographic hash functions
2538
2539Returns: nothing
2540*/
2541
2542static void
2543chash_start(int type, void *base)
2544{
2545if (type == HMAC_MD5)
2546 md5_start((md5 *)base);
2547else
2548 sha1_start((sha1 *)base);
2549}
2550
2551static void
2552chash_mid(int type, void *base, uschar *string)
2553{
2554if (type == HMAC_MD5)
2555 md5_mid((md5 *)base, string);
2556else
2557 sha1_mid((sha1 *)base, string);
2558}
2559
2560static void
2561chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2562{
2563if (type == HMAC_MD5)
2564 md5_end((md5 *)base, string, length, digest);
2565else
2566 sha1_end((sha1 *)base, string, length, digest);
2567}
2568
2569
2570
2571
2572
1549ea3b
PH		 2573/********************************************************
2574* prvs: Get last three digits of days since Jan 1, 1970 *
2575********************************************************/
2576
2577/* This is needed to implement the "prvs" BATV reverse
2578 path signing scheme
2579
2580Argument: integer "days" offset to add or substract to
2581 or from the current number of days.
2582
2583Returns: pointer to string containing the last three
2584 digits of the number of days since Jan 1, 1970,
2585 modified by the offset argument, NULL if there
2586 was an error in the conversion.
2587
2588*/
2589
2590static uschar *
2591prvs_daystamp(int day_offset)
2592{
a86229cf
PH		 2593uschar *days = store_get(32); /* Need at least 24 for cases */
2594(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 2595 (time(NULL) + day_offset*86400)/86400);
e169f567 2596return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH		 2597}
2598
2599
2600
2601/********************************************************
2602* prvs: perform HMAC-SHA1 computation of prvs bits *
2603********************************************************/
2604
2605/* This is needed to implement the "prvs" BATV reverse
2606 path signing scheme
2607
2608Arguments:
2609 address RFC2821 Address to use
2610 key The key to use (must be less than 64 characters
2611 in size)
2612 key_num Single-digit key number to use. Defaults to
2613 '0' when NULL.
2614
2615Returns: pointer to string containing the first three
2616 bytes of the final hash in hex format, NULL if
2617 there was an error in the process.
2618*/
2619
2620static uschar *
2621prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2622{
2623uschar *hash_source, *p;
2624int size = 0,offset = 0,i;
2625sha1 sha1_base;
2626void *use_base = &sha1_base;
2627uschar innerhash[20];
2628uschar finalhash[20];
2629uschar innerkey[64];
2630uschar outerkey[64];
2631uschar *finalhash_hex = store_get(40);
2632
2633if (key_num == NULL)
2634 key_num = US"0";
2635
2636if (Ustrlen(key) > 64)
2637 return NULL;
2638
2639hash_source = string_cat(NULL,&size,&offset,key_num,1);
2640string_cat(hash_source,&size,&offset,daystamp,3);
2641string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2642hash_source[offset] = '\0';
2643
2644DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2645
2646memset(innerkey, 0x36, 64);
2647memset(outerkey, 0x5c, 64);
2648
2649for (i = 0; i < Ustrlen(key); i++)
2650 {
2651 innerkey[i] ^= key[i];
2652 outerkey[i] ^= key[i];
2653 }
2654
2655chash_start(HMAC_SHA1, use_base);
2656chash_mid(HMAC_SHA1, use_base, innerkey);
2657chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2658
2659chash_start(HMAC_SHA1, use_base);
2660chash_mid(HMAC_SHA1, use_base, outerkey);
2661chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2662
2663p = finalhash_hex;
2664for (i = 0; i < 3; i++)
2665 {
2666 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2667 *p++ = hex_digits[finalhash[i] & 0x0f];
2668 }
2669*p = '\0';
2670
2671return finalhash_hex;
2672}
2673
2674
2675
2676
059ec3d9
PH		 2677/*************************************************
2678* Join a file onto the output string *
2679*************************************************/
2680
2681/* This is used for readfile and after a run expansion. It joins the contents
2682of a file onto the output string, globally replacing newlines with a given
2683string (optionally). The file is closed at the end.
2684
2685Arguments:
2686 f the FILE
2687 yield pointer to the expandable string
2688 sizep pointer to the current size
2689 ptrp pointer to the current position
2690 eol newline replacement string, or NULL
2691
2692Returns: new value of string pointer
2693*/
2694
2695static uschar *
2696cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2697{
2698int eollen;
2699uschar buffer[1024];
2700
2701eollen = (eol == NULL)? 0 : Ustrlen(eol);
2702
2703while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2704 {
2705 int len = Ustrlen(buffer);
2706 if (eol != NULL && buffer[len-1] == '\n') len--;
2707 yield = string_cat(yield, sizep, ptrp, buffer, len);
2708 if (buffer[len] != 0)
2709 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2710 }
2711
2712if (yield != NULL) yield[*ptrp] = 0;
2713
2714return yield;
2715}
2716
2717
2718
2719
2720/*************************************************
2721* Evaluate numeric expression *
2722*************************************************/
2723
af561417
PH		 2724/* This is a set of mutually recursive functions that evaluate an arithmetic
2725expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
2726these functions that is called from elsewhere is eval_expr, whose interface is:
059ec3d9
PH		 2727
2728Arguments:
af561417
PH		 2729 sptr pointer to the pointer to the string - gets updated
2730 decimal TRUE if numbers are to be assumed decimal
2731 error pointer to where to put an error message - must be NULL on input
2732 endket TRUE if ')' must terminate - FALSE for external call
059ec3d9 2733
af561417
PH		 2734Returns: on success: the value of the expression, with *error still NULL
2735 on failure: an undefined value, with *error = a message
059ec3d9
PH		 2736*/
2737
af561417
PH		 2738static int eval_op_or(uschar **, BOOL, uschar **);
2739
059ec3d9
PH		 2740
2741static int
2742eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2743{
2744uschar *s = *sptr;
af561417 2745int x = eval_op_or(&s, decimal, error);
059ec3d9
PH		 2746if (*error == NULL)
2747 {
af561417 2748 if (endket)
059ec3d9 2749 {
af561417
PH		 2750 if (*s != ')')
2751 *error = US"expecting closing parenthesis";
2752 else
2753 while (isspace(*(++s)));
059ec3d9 2754 }
af561417 2755 else if (*s != 0) *error = US"expecting operator";
059ec3d9 2756 }
059ec3d9
PH		 2757*sptr = s;
2758return x;
2759}
2760
af561417 2761
059ec3d9 2762static int
af561417 2763eval_number(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 2764{
2765register int c;
2766int n;
2767uschar *s = *sptr;
2768while (isspace(*s)) s++;
2769c = *s;
af561417 2770if (isdigit(c))
059ec3d9
PH		 2771 {
2772 int count;
2773 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2774 s += count;
2775 if (tolower(*s) == 'k') { n *= 1024; s++; }
2776 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2777 while (isspace (*s)) s++;
2778 }
2779else if (c == '(')
2780 {
2781 s++;
2782 n = eval_expr(&s, decimal, error, 1);
2783 }
2784else
2785 {
2786 *error = US"expecting number or opening parenthesis";
2787 n = 0;
2788 }
2789*sptr = s;
2790return n;
2791}
2792
af561417
PH		 2793
2794static int eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
2795{
2796uschar *s = *sptr;
2797int x;
2798while (isspace(*s)) s++;
2799if (*s == '+' || *s == '-' || *s == '~')
2800 {
2801 int op = *s++;
2802 x = eval_op_unary(&s, decimal, error);
2803 if (op == '-') x = -x;
2804 else if (op == '~') x = ~x;
2805 }
2806else
2807 {
2808 x = eval_number(&s, decimal, error);
2809 }
2810*sptr = s;
2811return x;
2812}
2813
2814
2815static int eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH		 2816{
2817uschar *s = *sptr;
af561417 2818int x = eval_op_unary(&s, decimal, error);
059ec3d9
PH		 2819if (*error == NULL)
2820 {
5591031b 2821 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH		 2822 {
2823 int op = *s++;
af561417 2824 int y = eval_op_unary(&s, decimal, error);
059ec3d9 2825 if (*error != NULL) break;
5591031b
PH		 2826 if (op == '*') x *= y;
2827 else if (op == '/') x /= y;
2828 else x %= y;
059ec3d9
PH		 2829 }
2830 }
2831*sptr = s;
2832return x;
2833}
2834
2835
af561417
PH		 2836static int eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
2837{
2838uschar *s = *sptr;
2839int x = eval_op_mult(&s, decimal, error);
2840if (*error == NULL)
2841 {
2842 while (*s == '+' || *s == '-')
2843 {
2844 int op = *s++;
2845 int y = eval_op_mult(&s, decimal, error);
2846 if (*error != NULL) break;
2847 if (op == '+') x += y; else x -= y;
2848 }
2849 }
2850*sptr = s;
2851return x;
2852}
2853
2854
2855static int eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
2856{
2857uschar *s = *sptr;
2858int x = eval_op_sum(&s, decimal, error);
2859if (*error == NULL)
2860 {
2861 while ((*s == '<' || *s == '>') && s[1] == s[0])
2862 {
2863 int y;
2864 int op = *s++;
2865 s++;
2866 y = eval_op_sum(&s, decimal, error);
2867 if (*error != NULL) break;
2868 if (op == '<') x <<= y; else x >>= y;
2869 }
2870 }
2871*sptr = s;
2872return x;
2873}
2874
2875
2876static int eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
2877{
2878uschar *s = *sptr;
2879int x = eval_op_shift(&s, decimal, error);
2880if (*error == NULL)
2881 {
2882 while (*s == '&')
2883 {
2884 int y;
2885 s++;
2886 y = eval_op_shift(&s, decimal, error);
2887 if (*error != NULL) break;
2888 x &= y;
2889 }
2890 }
2891*sptr = s;
2892return x;
2893}
2894
2895
2896static int eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
2897{
2898uschar *s = *sptr;
2899int x = eval_op_and(&s, decimal, error);
2900if (*error == NULL)
2901 {
2902 while (*s == '^')
2903 {
2904 int y;
2905 s++;
2906 y = eval_op_and(&s, decimal, error);
2907 if (*error != NULL) break;
2908 x ^= y;
2909 }
2910 }
2911*sptr = s;
2912return x;
2913}
2914
2915
2916static int eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
2917{
2918uschar *s = *sptr;
2919int x = eval_op_xor(&s, decimal, error);
2920if (*error == NULL)
2921 {
2922 while (*s == '|')
2923 {
2924 int y;
2925 s++;
2926 y = eval_op_xor(&s, decimal, error);
2927 if (*error != NULL) break;
2928 x |= y;
2929 }
2930 }
2931*sptr = s;
2932return x;
2933}
2934
059ec3d9
PH		 2935
2936
2937/*************************************************
2938* Expand string *
2939*************************************************/
2940
2941/* Returns either an unchanged string, or the expanded string in stacking pool
2942store. Interpreted sequences are:
2943
2944 \... normal escaping rules
2945 $name substitutes the variable
2946 ${name} ditto
2947 ${op:string} operates on the expanded string value
2948 ${item{arg1}{arg2}...} expands the args and then does the business
2949 some literal args are not enclosed in {}
2950
2951There are now far too many operators and item types to make it worth listing
2952them here in detail any more.
2953
2954We use an internal routine recursively to handle embedded substrings. The
2955external function follows. The yield is NULL if the expansion failed, and there
2956are two cases: if something collapsed syntactically, or if "fail" was given
2957as the action on a lookup failure. These can be distinguised by looking at the
2958variable expand_string_forcedfail, which is TRUE in the latter case.
2959
2960The skipping flag is set true when expanding a substring that isn't actually
2961going to be used (after "if" or "lookup") and it prevents lookups from
2962happening lower down.
2963
2964Store usage: At start, a store block of the length of the input plus 64
2965is obtained. This is expanded as necessary by string_cat(), which might have to
2966get a new block, or might be able to expand the original. At the end of the
2967function we can release any store above that portion of the yield block that
2968was actually used. In many cases this will be optimal.
2969
2970However: if the first item in the expansion is a variable name or header name,
2971we reset the store before processing it; if the result is in fresh store, we
2972use that without copying. This is helpful for expanding strings like
2973$message_headers which can get very long.
2974
2975Arguments:
2976 string the string to be expanded
2977 ket_ends true if expansion is to stop at }
2978 left if not NULL, a pointer to the first character after the
2979 expansion is placed here (typically used with ket_ends)
2980 skipping TRUE for recursive calls when the value isn't actually going
2981 to be used (to allow for optimisation)
2982
2983Returns: NULL if expansion fails:
2984 expand_string_forcedfail is set TRUE if failure was forced
2985 expand_string_message contains a textual error message
2986 a pointer to the expanded string on success
2987*/
2988
2989static uschar *
2990expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2991 BOOL skipping)
2992{
2993int ptr = 0;
2994int size = Ustrlen(string)+ 64;
2995int item_type;
2996uschar *yield = store_get(size);
2997uschar *s = string;
2998uschar *save_expand_nstring[EXPAND_MAXN+1];
2999int save_expand_nlength[EXPAND_MAXN+1];
3000
3001expand_string_forcedfail = FALSE;
3002expand_string_message = US"";
3003
3004while (*s != 0)
3005 {
3006 uschar *value;
3007 uschar name[256];
3008
3009 /* \ escapes the next character, which must exist, or else
3010 the expansion fails. There's a special escape, \N, which causes
3011 copying of the subject verbatim up to the next \N. Otherwise,
3012 the escapes are the standard set. */
3013
3014 if (*s == '\\')
3015 {
3016 if (s[1] == 0)
3017 {
3018 expand_string_message = US"\\ at end of string";
3019 goto EXPAND_FAILED;
3020 }
3021
3022 if (s[1] == 'N')
3023 {
3024 uschar *t = s + 2;
3025 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3026 yield = string_cat(yield, &size, &ptr, t, s - t);
3027 if (*s != 0) s += 2;
3028 }
3029
3030 else
3031 {
3032 uschar ch[1];
3033 ch[0] = string_interpret_escape(&s);
3034 s++;
3035 yield = string_cat(yield, &size, &ptr, ch, 1);
3036 }
3037
3038 continue;
3039 }
3040
3041 /* Anything other than $ is just copied verbatim, unless we are
3042 looking for a terminating } character. */
3043
3044 if (ket_ends && *s == '}') break;
3045
3046 if (*s != '$')
3047 {
3048 yield = string_cat(yield, &size, &ptr, s++, 1);
3049 continue;
3050 }
3051
3052 /* No { after the $ - must be a plain name or a number for string
3053 match variable. There has to be a fudge for variables that are the
3054 names of header fields preceded by "$header_" because header field
3055 names can contain any printing characters except space and colon.
3056 For those that don't like typing this much, "$h_" is a synonym for
3057 "$header_". A non-existent header yields a NULL value; nothing is
3058 inserted. */
3059
3060 if (isalpha((*(++s))))
3061 {
3062 int len;
3063 int newsize = 0;
3064
3065 s = read_name(name, sizeof(name), s, US"_");
3066
3067 /* If this is the first thing to be expanded, release the pre-allocated
3068 buffer. */
3069
3070 if (ptr == 0 && yield != NULL)
3071 {
3072 store_reset(yield);
3073 yield = NULL;
3074 size = 0;
3075 }
3076
3077 /* Header */
3078
3079 if (Ustrncmp(name, "h_", 2) == 0 ||
3080 Ustrncmp(name, "rh_", 3) == 0 ||
3081 Ustrncmp(name, "bh_", 3) == 0 ||
3082 Ustrncmp(name, "header_", 7) == 0 ||
3083 Ustrncmp(name, "rheader_", 8) == 0 ||
3084 Ustrncmp(name, "bheader_", 8) == 0)
3085 {
3086 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3087 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3088 s = read_header_name(name, sizeof(name), s);
3089 value = find_header(name, FALSE, &newsize, want_raw, charset);
3090
3091 /* If we didn't find the header, and the header contains a closing brace
0d85fa3f 3092 character, this may be a user error where the terminating colon
059ec3d9
PH		 3093 has been omitted. Set a flag to adjust the error message in this case.
3094 But there is no error here - nothing gets inserted. */
3095
3096 if (value == NULL)
3097 {
3098 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3099 continue;
3100 }
3101 }
3102
3103 /* Variable */
3104
3105 else
3106 {
3107 value = find_variable(name, FALSE, skipping, &newsize);
3108 if (value == NULL)
3109 {
3110 expand_string_message =
3111 string_sprintf("unknown variable name \"%s\"", name);
641cb756 3112 check_variable_error_message(name);
059ec3d9
PH		 3113 goto EXPAND_FAILED;
3114 }
3115 }
3116
3117 /* If the data is known to be in a new buffer, newsize will be set to the
3118 size of that buffer. If this is the first thing in an expansion string,
3119 yield will be NULL; just point it at the new store instead of copying. Many
3120 expansion strings contain just one reference, so this is a useful
3121 optimization, especially for humungous headers. */
3122
3123 len = Ustrlen(value);
3124 if (yield == NULL && newsize != 0)
3125 {
3126 yield = value;
3127 size = newsize;
3128 ptr = len;
3129 }
3130 else yield = string_cat(yield, &size, &ptr, value, len);
3131
3132 continue;
3133 }
3134
3135 if (isdigit(*s))
3136 {
3137 int n;
3138 s = read_number(&n, s);
3139 if (n >= 0 && n <= expand_nmax)
3140 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3141 expand_nlength[n]);
3142 continue;
3143 }
3144
3145 /* Otherwise, if there's no '{' after $ it's an error. */
3146
3147 if (*s != '{')
3148 {
3149 expand_string_message = US"$ not followed by letter, digit, or {";
3150 goto EXPAND_FAILED;
3151 }
3152
3153 /* After { there can be various things, but they all start with
3154 an initial word, except for a number for a string match variable. */
3155
3156 if (isdigit((*(++s))))
3157 {
3158 int n;
3159 s = read_number(&n, s);
3160 if (*s++ != '}')
3161 {
3162 expand_string_message = US"} expected after number";
3163 goto EXPAND_FAILED;
3164 }
3165 if (n >= 0 && n <= expand_nmax)
3166 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3167 expand_nlength[n]);
3168 continue;
3169 }
3170
3171 if (!isalpha(*s))
3172 {
3173 expand_string_message = US"letter or digit expected after ${";
3174 goto EXPAND_FAILED;
3175 }
3176
3177 /* Allow "-" in names to cater for substrings with negative
3178 arguments. Since we are checking for known names after { this is
3179 OK. */
3180
3181 s = read_name(name, sizeof(name), s, US"_-");
3182 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3183
3184 switch(item_type)
3185 {
3186 /* Handle conditionals - preserve the values of the numerical expansion
3187 variables in case they get changed by a regular expression match in the
3188 condition. If not, they retain their external settings. At the end
3189 of this "if" section, they get restored to their previous values. */
3190
3191 case EITEM_IF:
3192 {
3193 BOOL cond = FALSE;
3194 uschar *next_s;
3195 int save_expand_nmax =
3196 save_expand_strings(save_expand_nstring, save_expand_nlength);
3197
3198 while (isspace(*s)) s++;
3199 next_s = eval_condition(s, skipping? NULL : &cond);
3200 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3201
3202 DEBUG(D_expand)
3203 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3204 cond? "true" : "false");
3205
3206 s = next_s;
3207
3208 /* The handling of "yes" and "no" result strings is now in a separate
3209 function that is also used by ${lookup} and ${extract} and ${run}. */
3210
3211 switch(process_yesno(
3212 skipping, /* were previously skipping */
3213 cond, /* success/failure indicator */
3214 lookup_value, /* value to reset for string2 */
3215 &s, /* input pointer */
3216 &yield, /* output pointer */
3217 &size, /* output size */
3218 &ptr, /* output current point */
3219 US"if")) /* condition type */
3220 {
3221 case 1: goto EXPAND_FAILED; /* when all is well, the */
3222 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3223 }
3224
3225 /* Restore external setting of expansion variables for continuation
3226 at this level. */
3227
3228 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3229 save_expand_nlength);
3230 continue;
3231 }
3232
3233 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3234 expanding an internal string that isn't actually going to be used. All we
3235 need to do is check the syntax, so don't do a lookup at all. Preserve the
3236 values of the numerical expansion variables in case they get changed by a
3237 partial lookup. If not, they retain their external settings. At the end
3238 of this "lookup" section, they get restored to their previous values. */
3239
3240 case EITEM_LOOKUP:
3241 {
3242 int stype, partial, affixlen, starflags;
3243 int expand_setup = 0;
3244 int nameptr = 0;
3245 uschar *key, *filename, *affix;
3246 uschar *save_lookup_value = lookup_value;
3247 int save_expand_nmax =
3248 save_expand_strings(save_expand_nstring, save_expand_nlength);
3249
3250 if ((expand_forbid & RDO_LOOKUP) != 0)
3251 {
3252 expand_string_message = US"lookup expansions are not permitted";
3253 goto EXPAND_FAILED;
3254 }
3255
3256 /* Get the key we are to look up for single-key+file style lookups.
3257 Otherwise set the key NULL pro-tem. */
3258
3259 while (isspace(*s)) s++;
3260 if (*s == '{')
3261 {
3262 key = expand_string_internal(s+1, TRUE, &s, skipping);
3263 if (key == NULL) goto EXPAND_FAILED;
3264 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3265 while (isspace(*s)) s++;
3266 }
3267 else key = NULL;
3268
3269 /* Find out the type of database */
3270
3271 if (!isalpha(*s))
3272 {
3273 expand_string_message = US"missing lookup type";
3274 goto EXPAND_FAILED;
3275 }
3276
3277 /* The type is a string that may contain special characters of various
3278 kinds. Allow everything except space or { to appear; the actual content
3279 is checked by search_findtype_partial. */
3280
3281 while (*s != 0 && *s != '{' && !isspace(*s))
3282 {
3283 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3284 s++;
3285 }
3286 name[nameptr] = 0;
3287 while (isspace(*s)) s++;
3288
3289 /* Now check for the individual search type and any partial or default
3290 options. Only those types that are actually in the binary are valid. */
3291
3292 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3293 &starflags);
3294 if (stype < 0)
3295 {
3296 expand_string_message = search_error_message;
3297 goto EXPAND_FAILED;
3298 }
3299
3300 /* Check that a key was provided for those lookup types that need it,
3301 and was not supplied for those that use the query style. */
3302
13b685f9 3303 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
059ec3d9
PH		 3304 {
3305 if (key == NULL)
3306 {
3307 expand_string_message = string_sprintf("missing {key} for single-"
3308 "key \"%s\" lookup", name);
3309 goto EXPAND_FAILED;
3310 }
3311 }
3312 else
3313 {
3314 if (key != NULL)
3315 {
3316 expand_string_message = string_sprintf("a single key was given for "
3317 "lookup type \"%s\", which is not a single-key lookup type", name);
3318 goto EXPAND_FAILED;
3319 }
3320 }
3321
3322 /* Get the next string in brackets and expand it. It is the file name for
13b685f9
PH		 3323 single-key+file lookups, and the whole query otherwise. In the case of
3324 queries that also require a file name (e.g. sqlite), the file name comes
3325 first. */
059ec3d9
PH		 3326
3327 if (*s != '{') goto EXPAND_FAILED_CURLY;
3328 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3329 if (filename == NULL) goto EXPAND_FAILED;
3330 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3331 while (isspace(*s)) s++;
3332
3333 /* If this isn't a single-key+file lookup, re-arrange the variables
13b685f9
PH		 3334 to be appropriate for the search_ functions. For query-style lookups,
3335 there is just a "key", and no file name. For the special query-style +
3336 file types, the query (i.e. "key") starts with a file name. */
059ec3d9
PH		 3337
3338 if (key == NULL)
3339 {
13b685f9 3340 while (isspace(*filename)) filename++;
059ec3d9 3341 key = filename;
13b685f9
PH		 3342
3343 if (mac_islookup(stype, lookup_querystyle))
3344 {
3345 filename = NULL;
3346 }
3347 else
3348 {
3349 if (*filename != '/')
3350 {
3351 expand_string_message = string_sprintf(
3352 "absolute file name expected for \"%s\" lookup", name);
3353 goto EXPAND_FAILED;
3354 }
3355 while (*key != 0 && !isspace(*key)) key++;
3356 if (*key != 0) *key++ = 0;
3357 }
059ec3d9
PH		 3358 }
3359
3360 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3361 the entry was not found. Note that there is no search_close() function.
3362 Files are left open in case of re-use. At suitable places in higher logic,
3363 search_tidyup() is called to tidy all open files. This can save opening
3364 the same file several times. However, files may also get closed when
3365 others are opened, if too many are open at once. The rule is that a
3366 handle should not be used after a second search_open().
3367
3368 Request that a partial search sets up $1 and maybe $2 by passing
3369 expand_setup containing zero. If its value changes, reset expand_nmax,
3370 since new variables will have been set. Note that at the end of this
3371 "lookup" section, the old numeric variables are restored. */
3372
3373 if (skipping)
3374 lookup_value = NULL;
3375 else
3376 {
3377 void *handle = search_open(filename, stype, 0, NULL, NULL);
3378 if (handle == NULL)
3379 {
3380 expand_string_message = search_error_message;
3381 goto EXPAND_FAILED;
3382 }
3383 lookup_value = search_find(handle, filename, key, partial, affix,
3384 affixlen, starflags, &expand_setup);
3385 if (search_find_defer)
3386 {
3387 expand_string_message =
3388 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3389 search_error_message);
3390 goto EXPAND_FAILED;
3391 }
3392 if (expand_setup > 0) expand_nmax = expand_setup;
3393 }
3394
3395 /* The handling of "yes" and "no" result strings is now in a separate
3396 function that is also used by ${if} and ${extract}. */
3397
3398 switch(process_yesno(
3399 skipping, /* were previously skipping */
3400 lookup_value != NULL, /* success/failure indicator */
3401 save_lookup_value, /* value to reset for string2 */
3402 &s, /* input pointer */
3403 &yield, /* output pointer */
3404 &size, /* output size */
3405 &ptr, /* output current point */
3406 US"lookup")) /* condition type */
3407 {
3408 case 1: goto EXPAND_FAILED; /* when all is well, the */
3409 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3410 }
3411
3412 /* Restore external setting of expansion variables for carrying on
3413 at this level, and continue. */
3414
3415 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3416 save_expand_nlength);
3417 continue;
3418 }
3419
3420 /* If Perl support is configured, handle calling embedded perl subroutines,
3421 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3422 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3423 arguments (defined below). */
3424
059ec3d9
PH		 3425 #define EXIM_PERL_MAX_ARGS 8
3426
3427 case EITEM_PERL:
1a46a8c5
PH		 3428 #ifndef EXIM_PERL
3429 expand_string_message = US"\"${perl\" encountered, but this facility "
3430 "is not included in this binary";
3431 goto EXPAND_FAILED;
3432
3433 #else /* EXIM_PERL */
059ec3d9
PH		 3434 {
3435 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3436 uschar *new_yield;
3437
3438 if ((expand_forbid & RDO_PERL) != 0)
3439 {
3440 expand_string_message = US"Perl calls are not permitted";
3441 goto EXPAND_FAILED;
3442 }
3443
3444 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3445 US"perl"))
3446 {
3447 case 1: goto EXPAND_FAILED_CURLY;
3448 case 2:
3449 case 3: goto EXPAND_FAILED;
3450 }
3451
3452 /* If skipping, we don't actually do anything */
3453
3454 if (skipping) continue;
3455
3456 /* Start the interpreter if necessary */
3457
3458 if (!opt_perl_started)
3459 {
3460 uschar *initerror;
3461 if (opt_perl_startup == NULL)
3462 {
3463 expand_string_message = US"A setting of perl_startup is needed when "
3464 "using the Perl interpreter";
3465 goto EXPAND_FAILED;
3466 }
3467 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3468 initerror = init_perl(opt_perl_startup);
3469 if (initerror != NULL)
3470 {
3471 expand_string_message =
3472 string_sprintf("error in perl_startup code: %s\n", initerror);
3473 goto EXPAND_FAILED;
3474 }
3475 opt_perl_started = TRUE;
3476 }
3477
3478 /* Call the function */
3479
3480 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3481 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3482 sub_arg[0], sub_arg + 1);
3483
3484 /* NULL yield indicates failure; if the message pointer has been set to
3485 NULL, the yield was undef, indicating a forced failure. Otherwise the
3486 message will indicate some kind of Perl error. */
3487
3488 if (new_yield == NULL)
3489 {
3490 if (expand_string_message == NULL)
3491 {
3492 expand_string_message =
3493 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3494 "failure", sub_arg[0]);
3495 expand_string_forcedfail = TRUE;
3496 }
3497 goto EXPAND_FAILED;
3498 }
3499
3500 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3501 set during a callback from Perl. */
3502
3503 expand_string_forcedfail = FALSE;
3504 yield = new_yield;
3505 continue;
3506 }
3507 #endif /* EXIM_PERL */
3508
fffda43a
TK		 3509 /* Transform email address to "prvs" scheme to use
3510 as BATV-signed return path */
3511
3512 case EITEM_PRVS:
3513 {
3514 uschar *sub_arg[3];
3515 uschar *p,*domain;
3516
3517 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3518 {
3519 case 1: goto EXPAND_FAILED_CURLY;
3520 case 2:
3521 case 3: goto EXPAND_FAILED;
3522 }
3523
3524 /* If skipping, we don't actually do anything */
3525 if (skipping) continue;
3526
3527 /* sub_arg[0] is the address */
3528 domain = Ustrrchr(sub_arg[0],'@');
3529 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3530 {
cb9328de
PH		 3531 expand_string_message = US"prvs first argument must be a qualified email address";
3532 goto EXPAND_FAILED;
3533 }
3534
3535 /* Calculate the hash. The second argument must be a single-digit
3536 key number, or unset. */
3537
3538 if (sub_arg[2] != NULL &&
3539 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
3540 {
3541 expand_string_message = US"prvs second argument must be a single digit";
fffda43a
TK		 3542 goto EXPAND_FAILED;
3543 }
3544
fffda43a
TK		 3545 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3546 if (p == NULL)
3547 {
cb9328de 3548 expand_string_message = US"prvs hmac-sha1 conversion failed";
fffda43a
TK		 3549 goto EXPAND_FAILED;
3550 }
3551
3552 /* Now separate the domain from the local part */
3553 *domain++ = '\0';
3554
3555 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3556 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3557 string_cat(yield,&size,&ptr,US"/",1);
3558 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3559 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3560 string_cat(yield,&size,&ptr,p,6);
3561 string_cat(yield,&size,&ptr,US"@",1);
3562 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3563
3564 continue;
3565 }
3566
3567 /* Check a prvs-encoded address for validity */
3568
3569 case EITEM_PRVSCHECK:
3570 {
3571 uschar *sub_arg[3];
3572 int mysize = 0, myptr = 0;
3573 const pcre *re;
3574 uschar *p;
72fdd6ae
PH		 3575
3576 /* TF: Ugliness: We want to expand parameter 1 first, then set
fffda43a
TK		 3577 up expansion variables that are used in the expansion of
3578 parameter 2. So we clone the string for the first
72fdd6ae
PH		 3579 expansion, where we only expand parameter 1.
3580
3581 PH: Actually, that isn't necessary. The read_subs() function is
3582 designed to work this way for the ${if and ${lookup expansions. I've
3583 tidied the code.
3584 */
fffda43a
TK		 3585
3586 /* Reset expansion variables */
3587 prvscheck_result = NULL;
3588 prvscheck_address = NULL;
3589 prvscheck_keynum = NULL;
3590
72fdd6ae 3591 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
fffda43a
TK		 3592 {
3593 case 1: goto EXPAND_FAILED_CURLY;
3594 case 2:
3595 case 3: goto EXPAND_FAILED;
3596 }
3597
3598 re = regex_must_compile(US"^prvs\\=(.+)\\/([0-9])([0-9]{3})([A-F0-9]{6})\\@(.+)$",
3599 TRUE,FALSE);
3600
72fdd6ae
PH		 3601 if (regex_match_and_setup(re,sub_arg[0],0,-1))
3602 {
fffda43a
TK		 3603 uschar *local_part = string_copyn(expand_nstring[1],expand_nlength[1]);
3604 uschar *key_num = string_copyn(expand_nstring[2],expand_nlength[2]);
3605 uschar *daystamp = string_copyn(expand_nstring[3],expand_nlength[3]);
3606 uschar *hash = string_copyn(expand_nstring[4],expand_nlength[4]);
3607 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3608
3609 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3610 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3611 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3612 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3613 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3614
3615 /* Set up expansion variables */
3616 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
2740a2ca 3617 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
fffda43a
TK		 3618 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3619 prvscheck_address[myptr] = '\0';
3620 prvscheck_keynum = string_copy(key_num);
3621
72fdd6ae
PH		 3622 /* Now expand the second argument */
3623 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
fffda43a
TK		 3624 {
3625 case 1: goto EXPAND_FAILED_CURLY;
3626 case 2:
3627 case 3: goto EXPAND_FAILED;
3628 }
3629
fffda43a 3630 /* Now we have the key and can check the address. */
72fdd6ae
PH		 3631
3632 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
3633 daystamp);
3634
fffda43a
TK		 3635 if (p == NULL)
3636 {
3637 expand_string_message = US"hmac-sha1 conversion failed";
3638 goto EXPAND_FAILED;
3639 }
3640
3641 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
3642 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
72fdd6ae 3643
fffda43a
TK		 3644 if (Ustrcmp(p,hash) == 0)
3645 {
3646 /* Success, valid BATV address. Now check the expiry date. */
3647 uschar *now = prvs_daystamp(0);
3648 unsigned int inow = 0,iexpire = 1;
3649
ff790e47
PH		 3650 (void)sscanf(CS now,"%u",&inow);
3651 (void)sscanf(CS daystamp,"%u",&iexpire);
fffda43a
TK		 3652
3653 /* When "iexpire" is < 7, a "flip" has occured.
3654 Adjust "inow" accordingly. */
3655 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
3656
3657 if (iexpire > inow)
3658 {
3659 prvscheck_result = US"1";
3660 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
3661 }
3662 else
3663 {
3664 prvscheck_result = NULL;
3665 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
3666 }
3667 }
3668 else
3669 {
3670 prvscheck_result = NULL;
3671 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
3672 }
72fdd6ae
PH		 3673
3674 /* Now expand the final argument. We leave this till now so that
3675 it can include $prvscheck_result. */
3676
3677 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
3678 {
3679 case 1: goto EXPAND_FAILED_CURLY;
3680 case 2:
3681 case 3: goto EXPAND_FAILED;
3682 }
3683
3684 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
3685 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
3686 else
3687 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3688
3689 /* Reset the "internal" variables afterwards, because they are in
3690 dynamic store that will be reclaimed if the expansion succeeded. */
3691
3692 prvscheck_address = NULL;
3693 prvscheck_keynum = NULL;
3694 }
fffda43a
TK		 3695 else
3696 {
3697 /* Does not look like a prvs encoded address, return the empty string.
72fdd6ae
PH		 3698 We need to make sure all subs are expanded first, so as to skip over
3699 the entire item. */
3700
5a03bd24 3701 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
fffda43a
TK		 3702 {
3703 case 1: goto EXPAND_FAILED_CURLY;
3704 case 2:
3705 case 3: goto EXPAND_FAILED;
3706 }
3707 }
3708
3709 continue;
3710 }
3711
059ec3d9
PH		 3712 /* Handle "readfile" to insert an entire file */
3713
3714 case EITEM_READFILE:
3715 {
3716 FILE *f;
3717 uschar *sub_arg[2];
3718
3719 if ((expand_forbid & RDO_READFILE) != 0)
3720 {
3721 expand_string_message = US"file insertions are not permitted";
3722 goto EXPAND_FAILED;
3723 }
3724
3725 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3726 {
3727 case 1: goto EXPAND_FAILED_CURLY;
3728 case 2:
3729 case 3: goto EXPAND_FAILED;
3730 }
3731
3732 /* If skipping, we don't actually do anything */
3733
3734 if (skipping) continue;
3735
3736 /* Open the file and read it */
3737
3738 f = Ufopen(sub_arg[0], "rb");
3739 if (f == NULL)
3740 {
3741 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3742 goto EXPAND_FAILED;
3743 }
3744
3745 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
f1e894f3 3746 (void)fclose(f);
059ec3d9
PH		 3747 continue;
3748 }
3749
3750 /* Handle "readsocket" to insert data from a Unix domain socket */
3751
3752 case EITEM_READSOCK:
3753 {
3754 int fd;
3755 int timeout = 5;
3756 int save_ptr = ptr;
3757 FILE *f;
3758 struct sockaddr_un sockun; /* don't call this "sun" ! */
3759 uschar *arg;
3760 uschar *sub_arg[4];
3761
3762 if ((expand_forbid & RDO_READSOCK) != 0)
3763 {
3764 expand_string_message = US"socket insertions are not permitted";
3765 goto EXPAND_FAILED;
3766 }
3767
3768 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3769 because there may be a string for expansion on failure. */
3770
3771 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3772 {
3773 case 1: goto EXPAND_FAILED_CURLY;
3774 case 2: /* Won't occur: no end check */
3775 case 3: goto EXPAND_FAILED;
3776 }
3777
3778 /* Sort out timeout, if given */
3779
3780 if (sub_arg[2] != NULL)
3781 {
3782 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3783 if (timeout < 0)
3784 {
3785 expand_string_message = string_sprintf("bad time value %s",
3786 sub_arg[2]);
3787 goto EXPAND_FAILED;
3788 }
3789 }
3790 else sub_arg[3] = NULL; /* No eol if no timeout */
3791
1cce3af8
PH		 3792 /* If skipping, we don't actually do anything. Otherwise, arrange to
3793 connect to either an IP or a Unix socket. */
059ec3d9
PH		 3794
3795 if (!skipping)
3796 {
1cce3af8 3797 /* Handle an IP (internet) domain */
059ec3d9 3798
91ecef39 3799 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
059ec3d9 3800 {
1cce3af8
PH		 3801 BOOL connected = FALSE;
3802 int namelen, port;
3803 host_item shost;
3804 host_item *h;
3805 uschar *server_name = sub_arg[0] + 5;
3806 uschar *port_name = Ustrrchr(server_name, ':');
3807
3808 /* Sort out the port */
3809
3810 if (port_name == NULL)
3811 {
3812 expand_string_message =
3813 string_sprintf("missing port for readsocket %s", sub_arg[0]);
3814 goto EXPAND_FAILED;
3815 }
3816 *port_name++ = 0; /* Terminate server name */
3817
3818 if (isdigit(*port_name))
3819 {
3820 uschar *end;
3821 port = Ustrtol(port_name, &end, 0);
3822 if (end != port_name + Ustrlen(port_name))
3823 {
3824 expand_string_message =
3825 string_sprintf("invalid port number %s", port_name);
3826 goto EXPAND_FAILED;
3827 }
3828 }
3829 else
3830 {
3831 struct servent *service_info = getservbyname(CS port_name, "tcp");
3832 if (service_info == NULL)
3833 {
3834 expand_string_message = string_sprintf("unknown port \"%s\"",
3835 port_name);
3836 goto EXPAND_FAILED;
3837 }
3838 port = ntohs(service_info->s_port);
3839 }
3840
3841 /* Sort out the server. */
3842
3843 shost.next = NULL;
3844 shost.address = NULL;
3845 shost.port = port;
3846 shost.mx = -1;
3847
3848 namelen = Ustrlen(server_name);
3849
3850 /* Anything enclosed in [] must be an IP address. */
3851
3852 if (server_name[0] == '[' &&
3853 server_name[namelen - 1] == ']')
3854 {
3855 server_name[namelen - 1] = 0;
3856 server_name++;
3857 if (string_is_ip_address(server_name, NULL) == 0)
3858 {
3859 expand_string_message =
3860 string_sprintf("malformed IP address \"%s\"", server_name);
3861 goto EXPAND_FAILED;
3862 }
3863 shost.name = shost.address = server_name;
3864 }
3865
3866 /* Otherwise check for an unadorned IP address */
3867
3868 else if (string_is_ip_address(server_name, NULL) != 0)
3869 shost.name = shost.address = server_name;
3870
3871 /* Otherwise lookup IP address(es) from the name */
3872
3873 else
3874 {
3875 shost.name = server_name;
322050c2
PH		 3876 if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
3877 FALSE) != HOST_FOUND)
1cce3af8
PH		 3878 {
3879 expand_string_message =
3880 string_sprintf("no IP address found for host %s", shost.name);
3881 goto EXPAND_FAILED;
3882 }
3883 }
3884
3885 /* Try to connect to the server - test each IP till one works */
3886
3887 for (h = &shost; h != NULL; h = h->next)
3888 {
3889 int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
3890 if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
3891 {
3892 expand_string_message = string_sprintf("failed to create socket: "
3893 "%s", strerror(errno));
3894 goto SOCK_FAIL;
3895 }
3896
3897 if (ip_connect(fd, af, h->address, port, timeout) == 0)
3898 {
3899 connected = TRUE;
3900 break;
3901 }
3902 }
3903
3904 if (!connected)
3905 {
3906 expand_string_message = string_sprintf("failed to connect to "
3907 "socket %s: couldn't connect to any host", sub_arg[0],
3908 strerror(errno));
3909 goto SOCK_FAIL;
3910 }
059ec3d9
PH		 3911 }
3912
1cce3af8
PH		 3913 /* Handle a Unix domain socket */
3914
3915 else
059ec3d9 3916 {
a401ddaa 3917 int rc;
1cce3af8
PH		 3918 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3919 {
3920 expand_string_message = string_sprintf("failed to create socket: %s",
3921 strerror(errno));
3922 goto SOCK_FAIL;
3923 }
3924
3925 sockun.sun_family = AF_UNIX;
3926 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3927 sub_arg[0]);
a401ddaa
PH		 3928
3929 sigalrm_seen = FALSE;
3930 alarm(timeout);
3931 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
3932 alarm(0);
3933 if (rc < 0)
1cce3af8
PH		 3934 {
3935 expand_string_message = string_sprintf("failed to connect to socket "
3936 "%s: %s", sub_arg[0], strerror(errno));
3937 goto SOCK_FAIL;
3938 }
a401ddaa
PH		 3939 if (sigalrm_seen)
3940 {
3941 expand_string_message = US "socket connect timed out";
3942 goto SOCK_FAIL;
3943 }
059ec3d9 3944 }
1cce3af8 3945
059ec3d9
PH		 3946 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3947
3948 /* Write the request string, if not empty */
3949
3950 if (sub_arg[1][0] != 0)
3951 {
3952 int len = Ustrlen(sub_arg[1]);
3953 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3954 sub_arg[1]);
3955 if (write(fd, sub_arg[1], len) != len)
3956 {
3957 expand_string_message = string_sprintf("request write to socket "
3958 "failed: %s", strerror(errno));
3959 goto SOCK_FAIL;
3960 }
3961 }
3962
c1114884
PH		 3963 /* Shut down the sending side of the socket. This helps some servers to
3964 recognise that it is their turn to do some work. Just in case some
3965 system doesn't have this function, make it conditional. */
3966
3967 #ifdef SHUT_WR
3968 shutdown(fd, SHUT_WR);
3969 #endif
3970
059ec3d9
PH		 3971 /* Now we need to read from the socket, under a timeout. The function
3972 that reads a file can be used. */
3973
3974 f = fdopen(fd, "rb");
3975 sigalrm_seen = FALSE;
3976 alarm(timeout);
3977 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3978 alarm(0);
f1e894f3 3979 (void)fclose(f);
059ec3d9
PH		 3980
3981 /* After a timeout, we restore the pointer in the result, that is,
3982 make sure we add nothing from the socket. */
3983
3984 if (sigalrm_seen)
3985 {
3986 ptr = save_ptr;
1cce3af8 3987 expand_string_message = US "socket read timed out";
059ec3d9
PH		 3988 goto SOCK_FAIL;
3989 }
3990 }
3991
3992 /* The whole thing has worked (or we were skipping). If there is a
3993 failure string following, we need to skip it. */
3994
3995 if (*s == '{')
3996 {
3997 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3998 goto EXPAND_FAILED;
3999 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4000 while (isspace(*s)) s++;
4001 }
4002 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4003 continue;
4004
4005 /* Come here on failure to create socket, connect socket, write to the
4006 socket, or timeout on reading. If another substring follows, expand and
4007 use it. Otherwise, those conditions give expand errors. */
4008
4009 SOCK_FAIL:
4010 if (*s != '{') goto EXPAND_FAILED;
4011 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
4012 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
4013 if (arg == NULL) goto EXPAND_FAILED;
4014 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4015 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4016 while (isspace(*s)) s++;
4017 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4018 continue;
4019 }
4020
4021 /* Handle "run" to execute a program. */
4022
4023 case EITEM_RUN:
4024 {
4025 FILE *f;
059ec3d9
PH		 4026 uschar *arg;
4027 uschar **argv;
4028 pid_t pid;
4029 int fd_in, fd_out;
4030 int lsize = 0;
4031 int lptr = 0;
4032
4033 if ((expand_forbid & RDO_RUN) != 0)
4034 {
4035 expand_string_message = US"running a command is not permitted";
4036 goto EXPAND_FAILED;
4037 }
4038
4039 while (isspace(*s)) s++;
4040 if (*s != '{') goto EXPAND_FAILED_CURLY;
4041 arg = expand_string_internal(s+1, TRUE, &s, skipping);
4042 if (arg == NULL) goto EXPAND_FAILED;
4043 while (isspace(*s)) s++;
4044 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4045
4046 if (skipping) /* Just pretend it worked when we're skipping */
4047 {
4048 runrc = 0;
4049 }
4050 else
4051 {
4052 if (!transport_set_up_command(&argv, /* anchor for arg list */
4053 arg, /* raw command */
4054 FALSE, /* don't expand the arguments */
4055 0, /* not relevant when... */
4056 NULL, /* no transporting address */
4057 US"${run} expansion", /* for error messages */
4058 &expand_string_message)) /* where to put error message */
4059 {
4060 goto EXPAND_FAILED;
4061 }
4062
4063 /* Create the child process, making it a group leader. */
4064
4065 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
4066
4067 if (pid < 0)
4068 {
4069 expand_string_message =
4070 string_sprintf("couldn't create child process: %s", strerror(errno));
4071 goto EXPAND_FAILED;
4072 }
4073
4074 /* Nothing is written to the standard input. */
4075
f1e894f3 4076 (void)close(fd_in);
059ec3d9
PH		 4077
4078 /* Wait for the process to finish, applying the timeout, and inspect its
4079 return code for serious disasters. Simple non-zero returns are passed on.
4080 */
4081
4082 if ((runrc = child_close(pid, 60)) < 0)
4083 {
4084 if (runrc == -256)
4085 {
4086 expand_string_message = string_sprintf("command timed out");
4087 killpg(pid, SIGKILL); /* Kill the whole process group */
4088 }
4089
4090 else if (runrc == -257)
4091 expand_string_message = string_sprintf("wait() failed: %s",
4092 strerror(errno));
4093
4094 else
4095 expand_string_message = string_sprintf("command killed by signal %d",
4096 -runrc);
4097
4098 goto EXPAND_FAILED;
4099 }
4100
4101 /* Read the pipe to get the command's output into $value (which is kept
4102 in lookup_value). */
4103
4104 f = fdopen(fd_out, "rb");
059ec3d9
PH		 4105 lookup_value = NULL;
4106 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
f1e894f3 4107 (void)fclose(f);
059ec3d9
PH		 4108 }
4109
d20976dc 4110 /* Process the yes/no strings; $value may be useful in both cases */
059ec3d9
PH		 4111
4112 switch(process_yesno(
4113 skipping, /* were previously skipping */
4114 runrc == 0, /* success/failure indicator */
d20976dc 4115 lookup_value, /* value to reset for string2 */
059ec3d9
PH		 4116 &s, /* input pointer */
4117 &yield, /* output pointer */
4118 &size, /* output size */
4119 &ptr, /* output current point */
4120 US"run")) /* condition type */
4121 {
4122 case 1: goto EXPAND_FAILED; /* when all is well, the */
4123 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4124 }
4125
4126 continue;
4127 }
4128
4129 /* Handle character translation for "tr" */
4130
4131 case EITEM_TR:
4132 {
4133 int oldptr = ptr;
4134 int o2m;
4135 uschar *sub[3];
4136
4137 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
4138 {
4139 case 1: goto EXPAND_FAILED_CURLY;
4140 case 2:
4141 case 3: goto EXPAND_FAILED;
4142 }
4143
4144 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4145 o2m = Ustrlen(sub[2]) - 1;
4146
4147 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4148 {
4149 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4150 if (m != NULL)
4151 {
4152 int o = m - sub[1];
4153 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4154 }
4155 }
4156
4157 continue;
4158 }
4159
4160 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4161 expanded arguments. */
4162
4163 case EITEM_HASH:
4164 case EITEM_LENGTH:
4165 case EITEM_NHASH:
4166 case EITEM_SUBSTR:
4167 {
4168 int i;
4169 int len;
4170 uschar *ret;
4171 int val[2] = { 0, -1 };
4172 uschar *sub[3];
4173
4174 /* "length" takes only 2 arguments whereas the others take 2 or 3.
4175 Ensure that sub[2] is set in the ${length case. */
4176
4177 sub[2] = NULL;
4178 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
4179 TRUE, name))
4180 {
4181 case 1: goto EXPAND_FAILED_CURLY;
4182 case 2:
4183 case 3: goto EXPAND_FAILED;
4184 }
4185
4186 /* Juggle the arguments if there are only two of them: always move the
4187 string to the last position and make ${length{n}{str}} equivalent to
4188 ${substr{0}{n}{str}}. See the defaults for val[] above. */
4189
4190 if (sub[2] == NULL)
4191 {
4192 sub[2] = sub[1];
4193 sub[1] = NULL;
4194 if (item_type == EITEM_LENGTH)
4195 {
4196 sub[1] = sub[0];
4197 sub[0] = NULL;
4198 }
4199 }
4200
4201 for (i = 0; i < 2; i++)
4202 {
4203 if (sub[i] == NULL) continue;
4204 val[i] = (int)Ustrtol(sub[i], &ret, 10);
4205 if (*ret != 0 || (i != 0 && val[i] < 0))
4206 {
4207 expand_string_message = string_sprintf("\"%s\" is not a%s number "
4208 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
4209 goto EXPAND_FAILED;
4210 }
4211 }
4212
4213 ret =
4214 (item_type == EITEM_HASH)?
4215 compute_hash(sub[2], val[0], val[1], &len) :
4216 (item_type == EITEM_NHASH)?
4217 compute_nhash(sub[2], val[0], val[1], &len) :
4218 extract_substr(sub[2], val[0], val[1], &len);
4219
4220 if (ret == NULL) goto EXPAND_FAILED;
4221 yield = string_cat(yield, &size, &ptr, ret, len);
4222 continue;
4223 }
4224
4225 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
4226 This code originally contributed by Steve Haslam. It currently supports
4227 the use of MD5 and SHA-1 hashes.
4228
4229 We need some workspace that is large enough to handle all the supported
4230 hash types. Use macros to set the sizes rather than be too elaborate. */
4231
4232 #define MAX_HASHLEN 20
4233 #define MAX_HASHBLOCKLEN 64
4234
4235 case EITEM_HMAC:
4236 {
4237 uschar *sub[3];
4238 md5 md5_base;
4239 sha1 sha1_base;
4240 void *use_base;
4241 int type, i;
4242 int hashlen; /* Number of octets for the hash algorithm's output */
4243 int hashblocklen; /* Number of octets the hash algorithm processes */
4244 uschar *keyptr, *p;
4245 unsigned int keylen;
4246
4247 uschar keyhash[MAX_HASHLEN];
4248 uschar innerhash[MAX_HASHLEN];
4249 uschar finalhash[MAX_HASHLEN];
4250 uschar finalhash_hex[2*MAX_HASHLEN];
4251 uschar innerkey[MAX_HASHBLOCKLEN];
4252 uschar outerkey[MAX_HASHBLOCKLEN];
4253
4254 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
4255 {
4256 case 1: goto EXPAND_FAILED_CURLY;
4257 case 2:
4258 case 3: goto EXPAND_FAILED;
4259 }
4260
4261 if (Ustrcmp(sub[0], "md5") == 0)
4262 {
4263 type = HMAC_MD5;
4264 use_base = &md5_base;
4265 hashlen = 16;
4266 hashblocklen = 64;
4267 }
4268 else if (Ustrcmp(sub[0], "sha1") == 0)
4269 {
4270 type = HMAC_SHA1;
4271 use_base = &sha1_base;
4272 hashlen = 20;
4273 hashblocklen = 64;
4274 }
4275 else
4276 {
4277 expand_string_message =
4278 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
4279 goto EXPAND_FAILED;
4280 }
4281
4282 keyptr = sub[1];
4283 keylen = Ustrlen(keyptr);
4284
4285 /* If the key is longer than the hash block length, then hash the key
4286 first */
4287
4288 if (keylen > hashblocklen)
4289 {
4290 chash_start(type, use_base);
4291 chash_end(type, use_base, keyptr, keylen, keyhash);
4292 keyptr = keyhash;
4293 keylen = hashlen;
4294 }
4295
4296 /* Now make the inner and outer key values */
4297
4298 memset(innerkey, 0x36, hashblocklen);
4299 memset(outerkey, 0x5c, hashblocklen);
4300
4301 for (i = 0; i < keylen; i++)
4302 {
4303 innerkey[i] ^= keyptr[i];
4304 outerkey[i] ^= keyptr[i];
4305 }
4306
4307 /* Now do the hashes */
4308
4309 chash_start(type, use_base);
4310 chash_mid(type, use_base, innerkey);
4311 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
4312
4313 chash_start(type, use_base);
4314 chash_mid(type, use_base, outerkey);
4315 chash_end(type, use_base, innerhash, hashlen, finalhash);
4316
4317 /* Encode the final hash as a hex string */
4318
4319 p = finalhash_hex;
4320 for (i = 0; i < hashlen; i++)
4321 {
4322 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
4323 *p++ = hex_digits[finalhash[i] & 0x0f];
4324 }
4325
4326 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
4327 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
4328
4329 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
4330 }
4331
4332 continue;
4333
4334 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
4335 We have to save the numerical variables and restore them afterwards. */
4336
4337 case EITEM_SG:
4338 {
4339 const pcre *re;
4340 int moffset, moffsetextra, slen;
4341 int roffset;
4342 int emptyopt;
4343 const uschar *rerror;
4344 uschar *subject;
4345 uschar *sub[3];
4346 int save_expand_nmax =
4347 save_expand_strings(save_expand_nstring, save_expand_nlength);
4348
4349 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
4350 {
4351 case 1: goto EXPAND_FAILED_CURLY;
4352 case 2:
4353 case 3: goto EXPAND_FAILED;
4354 }
4355
4356 /* Compile the regular expression */
4357
4358 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
4359 NULL);
4360
4361 if (re == NULL)
4362 {
4363 expand_string_message = string_sprintf("regular expression error in "
4364 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
4365 goto EXPAND_FAILED;
4366 }
4367
4368 /* Now run a loop to do the substitutions as often as necessary. It ends
4369 when there are no more matches. Take care over matches of the null string;
4370 do the same thing as Perl does. */
4371
4372 subject = sub[0];
4373 slen = Ustrlen(sub[0]);
4374 moffset = moffsetextra = 0;
4375 emptyopt = 0;
4376
4377 for (;;)
4378 {
4379 int ovector[3*(EXPAND_MAXN+1)];
4380 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
4381 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
4382 int nn;
4383 uschar *insert;
4384
4385 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
4386 is not necessarily the end. We want to repeat the match from one
4387 character further along, but leaving the basic offset the same (for
4388 copying below). We can't be at the end of the string - that was checked
4389 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
4390 finished; copy the remaining string and end the loop. */
4391
4392 if (n < 0)
4393 {
4394 if (emptyopt != 0)
4395 {
4396 moffsetextra = 1;
4397 emptyopt = 0;
4398 continue;
4399 }
4400 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
4401 break;
4402 }
4403
4404 /* Match - set up for expanding the replacement. */
4405
4406 if (n == 0) n = EXPAND_MAXN + 1;
4407 expand_nmax = 0;
4408 for (nn = 0; nn < n*2; nn += 2)
4409 {
4410 expand_nstring[expand_nmax] = subject + ovector[nn];
4411 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4412 }
4413 expand_nmax--;
4414
4415 /* Copy the characters before the match, plus the expanded insertion. */
4416
4417 yield = string_cat(yield, &size, &ptr, subject + moffset,
4418 ovector[0] - moffset);
4419 insert = expand_string(sub[2]);
4420 if (insert == NULL) goto EXPAND_FAILED;
4421 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
4422
4423 moffset = ovector[1];
4424 moffsetextra = 0;
4425 emptyopt = 0;
4426
4427 /* If we have matched an empty string, first check to see if we are at
4428 the end of the subject. If so, the loop is over. Otherwise, mimic
4429 what Perl's /g options does. This turns out to be rather cunning. First
4430 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
4431 string at the same point. If this fails (picked up above) we advance to
4432 the next character. */
4433
4434 if (ovector[0] == ovector[1])
4435 {
4436 if (ovector[0] == slen) break;
4437 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
4438 }
4439 }
4440
4441 /* All done - restore numerical variables. */
4442
4443 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4444 save_expand_nlength);
4445 continue;
4446 }
4447
4448 /* Handle keyed and numbered substring extraction. If the first argument
4449 consists entirely of digits, then a numerical extraction is assumed. */
4450
4451 case EITEM_EXTRACT:
4452 {
4453 int i;
4454 int j = 2;
4455 int field_number = 1;
4456 BOOL field_number_set = FALSE;
4457 uschar *save_lookup_value = lookup_value;
4458 uschar *sub[3];
4459 int save_expand_nmax =
4460 save_expand_strings(save_expand_nstring, save_expand_nlength);
4461
4462 /* Read the arguments */
4463
4464 for (i = 0; i < j; i++)
4465 {
4466 while (isspace(*s)) s++;
4467 if (*s == '{')
4468 {
4469 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
4470 if (sub[i] == NULL) goto EXPAND_FAILED;
4471 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4472
4473 /* After removal of leading and trailing white space, the first
4474 argument must not be empty; if it consists entirely of digits
4475 (optionally preceded by a minus sign), this is a numerical
4476 extraction, and we expect 3 arguments. */
4477
4478 if (i == 0)
4479 {
4480 int len;
4481 int x = 0;
4482 uschar *p = sub[0];
4483
4484 while (isspace(*p)) p++;
4485 sub[0] = p;
4486
4487 len = Ustrlen(p);
4488 while (len > 0 && isspace(p[len-1])) len--;
4489 p[len] = 0;
4490
4491 if (*p == 0)
4492 {
554d2369
TF		 4493 expand_string_message = US"first argument of \"extract\" must "
4494 "not be empty";
059ec3d9
PH		 4495 goto EXPAND_FAILED;
4496 }
4497
4498 if (*p == '-')
4499 {
4500 field_number = -1;
4501 p++;
4502 }
4503 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
4504 if (*p == 0)
4505 {
4506 field_number *= x;
4507 j = 3; /* Need 3 args */
4508 field_number_set = TRUE;
4509 }
4510 }
4511 }
4512 else goto EXPAND_FAILED_CURLY;
4513 }
4514
4515 /* Extract either the numbered or the keyed substring into $value. If
4516 skipping, just pretend the extraction failed. */
4517
4518 lookup_value = skipping? NULL : field_number_set?
4519 expand_gettokened(field_number, sub[1], sub[2]) :
4520 expand_getkeyed(sub[0], sub[1]);
4521
4522 /* If no string follows, $value gets substituted; otherwise there can
4523 be yes/no strings, as for lookup or if. */
4524
4525 switch(process_yesno(
4526 skipping, /* were previously skipping */
4527 lookup_value != NULL, /* success/failure indicator */
4528 save_lookup_value, /* value to reset for string2 */
4529 &s, /* input pointer */
4530 &yield, /* output pointer */
4531 &size, /* output size */
4532 &ptr, /* output current point */
4533 US"extract")) /* condition type */
4534 {
4535 case 1: goto EXPAND_FAILED; /* when all is well, the */
4536 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4537 }
4538
4539 /* All done - restore numerical variables. */
4540
4541 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4542 save_expand_nlength);
4543
4544 continue;
4545 }
1a46a8c5
PH		 4546
4547
4548 /* If ${dlfunc support is configured, handle calling dynamically-loaded
4549 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
4550 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
4551 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
4552
4553 #define EXPAND_DLFUNC_MAX_ARGS 8
4554
4555 case EITEM_DLFUNC:
4556 #ifndef EXPAND_DLFUNC
4557 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
4558 "is not included in this binary";
4559 goto EXPAND_FAILED;
4560
4561 #else /* EXPAND_DLFUNC */
4562 {
4563 tree_node *t;
4564 exim_dlfunc_t *func;
4565 uschar *result;
4566 int status, argc;
4567 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
4568
4569 if ((expand_forbid & RDO_DLFUNC) != 0)
4570 {
4571 expand_string_message =
4572 US"dynamically-loaded functions are not permitted";
4573 goto EXPAND_FAILED;
4574 }
4575
4576 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
4577 TRUE, US"dlfunc"))
4578 {
4579 case 1: goto EXPAND_FAILED_CURLY;
4580 case 2:
4581 case 3: goto EXPAND_FAILED;
4582 }
4583
4584 /* If skipping, we don't actually do anything */
4585
4586 if (skipping) continue;
4587
4588 /* Look up the dynamically loaded object handle in the tree. If it isn't
4589 found, dlopen() the file and put the handle in the tree for next time. */
4590
4591 t = tree_search(dlobj_anchor, argv[0]);
4592 if (t == NULL)
4593 {
4594 void *handle = dlopen(CS argv[0], RTLD_LAZY);
4595 if (handle == NULL)
4596 {
4597 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
4598 argv[0], dlerror());
4599 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4600 goto EXPAND_FAILED;
4601 }
4602 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
4603 Ustrcpy(t->name, argv[0]);
4604 t->data.ptr = handle;
4605 (void)tree_insertnode(&dlobj_anchor, t);
4606 }
4607
4608 /* Having obtained the dynamically loaded object handle, look up the
4609 function pointer. */
4610
4611 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
4612 if (func == NULL)
4613 {
4614 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
4615 "%s", argv[1], argv[0], dlerror());
7dbf77c9 4616 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
1a46a8c5
PH		 4617 goto EXPAND_FAILED;
4618 }
4619
4620 /* Call the function and work out what to do with the result. If it
4621 returns OK, we have a replacement string; if it returns DEFER then
4622 expansion has failed in a non-forced manner; if it returns FAIL then
4623 failure was forced; if it returns ERROR or any other value there's a
4624 problem, so panic slightly. */
4625
4626 result = NULL;
4627 for (argc = 0; argv[argc] != NULL; argc++);
4628 status = func(&result, argc - 2, &argv[2]);
4629 if(status == OK)
4630 {
4631 if (result == NULL) result = US"";
4632 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
4633 continue;
4634 }
4635 else
4636 {
4637 expand_string_message = result == NULL ? US"(no message)" : result;
4638 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
4639 else if(status != FAIL)
4640 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
4641 argv[0], argv[1], status, expand_string_message);
4642 goto EXPAND_FAILED;
4643 }
4644 }
4645 #endif /* EXPAND_DLFUNC */
059ec3d9
PH		 4646 }
4647
4648 /* Control reaches here if the name is not recognized as one of the more
4649 complicated expansion items. Check for the "operator" syntax (name terminated
4650 by a colon). Some of the operators have arguments, separated by _ from the
4651 name. */
4652
4653 if (*s == ':')
4654 {
4655 int c;
4656 uschar *arg = NULL;
4657 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
4658 if (sub == NULL) goto EXPAND_FAILED;
4659 s++;
4660
4661 /* Owing to an historical mis-design, an underscore may be part of the
4662 operator name, or it may introduce arguments. We therefore first scan the
4663 table of names that contain underscores. If there is no match, we cut off
4664 the arguments and then scan the main table. */
4665
4666 c = chop_match(name, op_table_underscore,
4667 sizeof(op_table_underscore)/sizeof(uschar *));
4668
4669 if (c < 0)
4670 {
4671 arg = Ustrchr(name, '_');
4672 if (arg != NULL) *arg = 0;
4673 c = chop_match(name, op_table_main,
4674 sizeof(op_table_main)/sizeof(uschar *));
4675 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
4676 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
4677 }
4678
4679 /* If we are skipping, we don't need to perform the operation at all.
4680 This matters for operations like "mask", because the data may not be
4681 in the correct format when skipping. For example, the expression may test
4682 for the existence of $sender_host_address before trying to mask it. For
4683 other operations, doing them may not fail, but it is a waste of time. */
4684
4685 if (skipping && c >= 0) continue;
4686
4687 /* Otherwise, switch on the operator type */
4688
4689 switch(c)
4690 {
4691 case EOP_BASE62:
4692 {
4693 uschar *t;
4694 unsigned long int n = Ustrtoul(sub, &t, 10);
4695 if (*t != 0)
4696 {
4697 expand_string_message = string_sprintf("argument for base62 "
4698 "operator is \"%s\", which is not a decimal number", sub);
4699 goto EXPAND_FAILED;
4700 }
4701 t = string_base62(n);
4702 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4703 continue;
4704 }
4705
9a799bc0
PH		 4706 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
4707
059ec3d9
PH		 4708 case EOP_BASE62D:
4709 {
4710 uschar buf[16];
4711 uschar *tt = sub;
4712 unsigned long int n = 0;
4713 while (*tt != 0)
4714 {
4715 uschar *t = Ustrchr(base62_chars, *tt++);
4716 if (t == NULL)
4717 {
4718 expand_string_message = string_sprintf("argument for base62d "
9a799bc0
PH		 4719 "operator is \"%s\", which is not a base %d number", sub,
4720 BASE_62);
059ec3d9
PH		 4721 goto EXPAND_FAILED;
4722 }
9a799bc0 4723 n = n * BASE_62 + (t - base62_chars);
059ec3d9
PH		 4724 }
4725 (void)sprintf(CS buf, "%ld", n);
4726 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
4727 continue;
4728 }
4729
4730 case EOP_EXPAND:
4731 {
4732 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
4733 if (expanded == NULL)
4734 {
4735 expand_string_message =
4736 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
4737 expand_string_message);
4738 goto EXPAND_FAILED;
4739 }
4740 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
4741 continue;
4742 }
4743
4744 case EOP_LC:
4745 {
4746 int count = 0;
4747 uschar *t = sub - 1;
4748 while (*(++t) != 0) { *t = tolower(*t); count++; }
4749 yield = string_cat(yield, &size, &ptr, sub, count);
4750 continue;
4751 }
4752
4753 case EOP_UC:
4754 {
4755 int count = 0;
4756 uschar *t = sub - 1;
4757 while (*(++t) != 0) { *t = toupper(*t); count++; }
4758 yield = string_cat(yield, &size, &ptr, sub, count);
4759 continue;
4760 }
4761
4762 case EOP_MD5:
4763 {
4764 md5 base;
4765 uschar digest[16];
4766 int j;
4767 char st[33];
4768 md5_start(&base);
4769 md5_end(&base, sub, Ustrlen(sub), digest);
4770 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
4771 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
4772 continue;
4773 }
4774
4775 case EOP_SHA1:
4776 {
4777 sha1 base;
4778 uschar digest[20];
4779 int j;
4780 char st[41];
4781 sha1_start(&base);
4782 sha1_end(&base, sub, Ustrlen(sub), digest);
4783 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
4784 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
4785 continue;
4786 }
4787
4788 /* Convert hex encoding to base64 encoding */
4789
4790 case EOP_HEX2B64:
4791 {
4792 int c = 0;
4793 int b = -1;
4794 uschar *in = sub;
4795 uschar *out = sub;
4796 uschar *enc;
4797
4798 for (enc = sub; *enc != 0; enc++)
4799 {
4800 if (!isxdigit(*enc))
4801 {
4802 expand_string_message = string_sprintf("\"%s\" is not a hex "
4803 "string", sub);
4804 goto EXPAND_FAILED;
4805 }
4806 c++;
4807 }
4808
4809 if ((c & 1) != 0)
4810 {
4811 expand_string_message = string_sprintf("\"%s\" contains an odd "
4812 "number of characters", sub);
4813 goto EXPAND_FAILED;
4814 }
4815
4816 while ((c = *in++) != 0)
4817 {
4818 if (isdigit(c)) c -= '0';
4819 else c = toupper(c) - 'A' + 10;
4820 if (b == -1)
4821 {
4822 b = c << 4;
4823 }
4824 else
4825 {
4826 *out++ = b | c;
4827 b = -1;
4828 }
4829 }
4830
4831 enc = auth_b64encode(sub, out - sub);
4832 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
4833 continue;
4834 }
4835
4836 /* mask applies a mask to an IP address; for example the result of
4837 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
4838
4839 case EOP_MASK:
4840 {
4841 int count;
4842 uschar *endptr;
4843 int binary[4];
4844 int mask, maskoffset;
4845 int type = string_is_ip_address(sub, &maskoffset);
4846 uschar buffer[64];
4847
4848 if (type == 0)
4849 {
4850 expand_string_message = string_sprintf("\"%s\" is not an IP address",
4851 sub);
4852 goto EXPAND_FAILED;
4853 }
4854
4855 if (maskoffset == 0)
4856 {
4857 expand_string_message = string_sprintf("missing mask value in \"%s\"",
4858 sub);
4859 goto EXPAND_FAILED;
4860 }
4861
4862 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
4863
4864 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
4865 {
4866 expand_string_message = string_sprintf("mask value too big in \"%s\"",
4867 sub);
4868 goto EXPAND_FAILED;
4869 }
4870
4871 /* Convert the address to binary integer(s) and apply the mask */
4872
4873 sub[maskoffset] = 0;
4874 count = host_aton(sub, binary);
4875 host_mask(count, binary, mask);
4876
4877 /* Convert to masked textual format and add to output. */
4878
4879 yield = string_cat(yield, &size, &ptr, buffer,
6f0c9a4f 4880 host_nmtoa(count, binary, mask, buffer, '.'));
059ec3d9
PH		 4881 continue;
4882 }
4883
4884 case EOP_ADDRESS:
4885 case EOP_LOCAL_PART:
4886 case EOP_DOMAIN:
4887 {
4888 uschar *error;
4889 int start, end, domain;
4890 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
4891 FALSE);
4892 if (t != NULL)
4893 {
4894 if (c != EOP_DOMAIN)
4895 {
4896 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
4897 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
4898 }
4899 else if (domain != 0)
4900 {
4901 domain += start;
4902 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
4903 }
4904 }
4905 continue;
4906 }
4907
4908 /* quote puts a string in quotes if it is empty or contains anything
4909 other than alphamerics, underscore, dot, or hyphen.
4910
4911 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
4912 be quoted in order to be a valid local part.
4913
4914 In both cases, newlines and carriage returns are converted into \n and \r
4915 respectively */
4916
4917 case EOP_QUOTE:
4918 case EOP_QUOTE_LOCAL_PART:
4919 if (arg == NULL)
4920 {
4921 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
4922 uschar *t = sub - 1;
4923
4924 if (c == EOP_QUOTE)
4925 {
4926 while (!needs_quote && *(++t) != 0)
4927 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
4928 }
4929 else /* EOP_QUOTE_LOCAL_PART */
4930 {
4931 while (!needs_quote && *(++t) != 0)
4932 needs_quote = !isalnum(*t) &&
4933 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
4934 (*t != '.' || t == sub || t[1] == 0);
4935 }
4936
4937 if (needs_quote)
4938 {
4939 yield = string_cat(yield, &size, &ptr, US"\"", 1);
4940 t = sub - 1;
4941 while (*(++t) != 0)
4942 {
4943 if (*t == '\n')
4944 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
4945 else if (*t == '\r')
4946 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
4947 else
4948 {
4949 if (*t == '\\' || *t == '"')
4950 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4951 yield = string_cat(yield, &size, &ptr, t, 1);
4952 }
4953 }
4954 yield = string_cat(yield, &size, &ptr, US"\"", 1);
4955 }
4956 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4957 continue;
4958 }
4959
4960 /* quote_lookuptype does lookup-specific quoting */
4961
4962 else
4963 {
4964 int n;
4965 uschar *opt = Ustrchr(arg, '_');
4966
4967 if (opt != NULL) *opt++ = 0;
4968
4969 n = search_findtype(arg, Ustrlen(arg));
4970 if (n < 0)
4971 {
4972 expand_string_message = search_error_message;
4973 goto EXPAND_FAILED;
4974 }
4975
4976 if (lookup_list[n].quote != NULL)
4977 sub = (lookup_list[n].quote)(sub, opt);
4978 else if (opt != NULL) sub = NULL;
4979
4980 if (sub == NULL)
4981 {
4982 expand_string_message = string_sprintf(
4983 "\"%s\" unrecognized after \"${quote_%s\"",
4984 opt, arg);
4985 goto EXPAND_FAILED;
4986 }
4987
4988 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4989 continue;
4990 }
4991
4992 /* rx quote sticks in \ before any non-alphameric character so that
4993 the insertion works in a regular expression. */
4994
4995 case EOP_RXQUOTE:
4996 {
4997 uschar *t = sub - 1;
4998 while (*(++t) != 0)
4999 {
5000 if (!isalnum(*t))
5001 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5002 yield = string_cat(yield, &size, &ptr, t, 1);
5003 }
5004 continue;
5005 }
5006
5007 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
5008 prescribed by the RFC, if there are characters that need to be encoded */
5009
5010 case EOP_RFC2047:
5011 {
14702f5b 5012 uschar buffer[2048];
059ec3d9 5013 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
46218253 5014 buffer, sizeof(buffer), FALSE);
059ec3d9
PH		 5015 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
5016 continue;
5017 }
5018
5019 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
5020 underscores */
5021
5022 case EOP_FROM_UTF8:
5023 {
5024 while (*sub != 0)
5025 {
5026 int c;
5027 uschar buff[4];
5028 GETUTF8INC(c, sub);
5029 if (c > 255) c = '_';
5030 buff[0] = c;
5031 yield = string_cat(yield, &size, &ptr, buff, 1);
5032 }
5033 continue;
5034 }
5035
5036 /* escape turns all non-printing characters into escape sequences. */
5037
5038 case EOP_ESCAPE:
5039 {
5040 uschar *t = string_printing(sub);
5041 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5042 continue;
5043 }
5044
5045 /* Handle numeric expression evaluation */
5046
5047 case EOP_EVAL:
5048 case EOP_EVAL10:
5049 {
5050 uschar *save_sub = sub;
5051 uschar *error = NULL;
5052 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
5053 if (error != NULL)
5054 {
5055 expand_string_message = string_sprintf("error in expression "
5056 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
5057 save_sub);
5058 goto EXPAND_FAILED;
5059 }
5060 sprintf(CS var_buffer, "%d", n);
5061 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5062 continue;
5063 }
5064
5065 /* Handle time period formating */
5066
f90d018c
PH		 5067 case EOP_TIME_EVAL:
5068 {
5069 int n = readconf_readtime(sub, 0, FALSE);
5070 if (n < 0)
5071 {
5072 expand_string_message = string_sprintf("string \"%s\" is not an "
5073 "Exim time interval in \"%s\" operator", sub, name);
5074 goto EXPAND_FAILED;
5075 }
5076 sprintf(CS var_buffer, "%d", n);
5077 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5078 continue;
5079 }
5080
059ec3d9
PH		 5081 case EOP_TIME_INTERVAL:
5082 {
5083 int n;
5084 uschar *t = read_number(&n, sub);
5085 if (*t != 0) /* Not A Number*/
5086 {
5087 expand_string_message = string_sprintf("string \"%s\" is not a "
5088 "positive number in \"%s\" operator", sub, name);
5089 goto EXPAND_FAILED;
5090 }
5091 t = readconf_printtime(n);
5092 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5093 continue;
5094 }
5095
5096 /* Convert string to base64 encoding */
5097
5098 case EOP_STR2B64:
5099 {
5100 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
5101 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
5102 continue;
5103 }
5104
5105 /* strlen returns the length of the string */
5106
5107 case EOP_STRLEN:
5108 {
5109 uschar buff[24];
5110 (void)sprintf(CS buff, "%d", Ustrlen(sub));
5111 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
5112 continue;
5113 }
5114
5115 /* length_n or l_n takes just the first n characters or the whole string,
5116 whichever is the shorter;
5117
5118 substr_m_n, and s_m_n take n characters from offset m; negative m take
5119 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
5120 takes the rest, either to the right or to the left.
5121
5122 hash_n or h_n makes a hash of length n from the string, yielding n
5123 characters from the set a-z; hash_n_m makes a hash of length n, but
5124 uses m characters from the set a-zA-Z0-9.
5125
5126 nhash_n returns a single number between 0 and n-1 (in text form), while
5127 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
5128 between 0 and n-1 and the second between 0 and m-1. */
5129
5130 case EOP_LENGTH:
5131 case EOP_L:
5132 case EOP_SUBSTR:
5133 case EOP_S:
5134 case EOP_HASH:
5135 case EOP_H:
5136 case EOP_NHASH:
5137 case EOP_NH:
5138 {
5139 int sign = 1;
5140 int value1 = 0;
5141 int value2 = -1;
5142 int *pn;
5143 int len;
5144 uschar *ret;
5145
5146 if (arg == NULL)
5147 {
5148 expand_string_message = string_sprintf("missing values after %s",
5149 name);
5150 goto EXPAND_FAILED;
5151 }
5152
5153 /* "length" has only one argument, effectively being synonymous with
5154 substr_0_n. */
5155
5156 if (c == EOP_LENGTH || c == EOP_L)
5157 {
5158 pn = &value2;
5159 value2 = 0;
5160 }
5161
5162 /* The others have one or two arguments; for "substr" the first may be
5163 negative. The second being negative means "not supplied". */
5164
5165 else
5166 {
5167 pn = &value1;
5168 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
5169 }
5170
5171 /* Read up to two numbers, separated by underscores */
5172
5173 ret = arg;
5174 while (*arg != 0)
5175 {
5176 if (arg != ret && *arg == '_' && pn == &value1)
5177 {
5178 pn = &value2;
5179 value2 = 0;
5180 if (arg[1] != 0) arg++;
5181 }
5182 else if (!isdigit(*arg))
5183 {
5184 expand_string_message =
5185 string_sprintf("non-digit after underscore in \"%s\"", name);
5186 goto EXPAND_FAILED;
5187 }
5188 else *pn = (*pn)*10 + *arg++ - '0';
5189 }
5190 value1 *= sign;
5191
5192 /* Perform the required operation */
5193
5194 ret =
5195 (c == EOP_HASH || c == EOP_H)?
5196 compute_hash(sub, value1, value2, &len) :
5197 (c == EOP_NHASH || c == EOP_NH)?
5198 compute_nhash(sub, value1, value2, &len) :
5199 extract_substr(sub, value1, value2, &len);
5200
5201 if (ret == NULL) goto EXPAND_FAILED;
5202 yield = string_cat(yield, &size, &ptr, ret, len);
5203 continue;
5204 }
5205
5206 /* Stat a path */
5207
5208 case EOP_STAT:
5209 {
5210 uschar *s;
5211 uschar smode[12];
5212 uschar **modetable[3];
5213 int i;
5214 mode_t mode;
5215 struct stat st;
5216
254e032f
PH		 5217 if ((expand_forbid & RDO_EXISTS) != 0)
5218 {
5219 expand_string_message = US"Use of the stat() expansion is not permitted";
5220 goto EXPAND_FAILED;
5221 }
5222
059ec3d9
PH		 5223 if (stat(CS sub, &st) < 0)
5224 {
5225 expand_string_message = string_sprintf("stat(%s) failed: %s",
5226 sub, strerror(errno));
5227 goto EXPAND_FAILED;
5228 }
5229 mode = st.st_mode;
5230 switch (mode & S_IFMT)
5231 {
5232 case S_IFIFO: smode[0] = 'p'; break;
5233 case S_IFCHR: smode[0] = 'c'; break;
5234 case S_IFDIR: smode[0] = 'd'; break;
5235 case S_IFBLK: smode[0] = 'b'; break;
5236 case S_IFREG: smode[0] = '-'; break;
5237 default: smode[0] = '?'; break;
5238 }
5239
5240 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
5241 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
5242 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
5243
5244 for (i = 0; i < 3; i++)
5245 {
5246 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
5247 mode >>= 3;
5248 }
5249
5250 smode[10] = 0;
5251 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
b1c749bb 5252 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
059ec3d9
PH		 5253 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
5254 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
b1c749bb 5255 (long)st.st_gid, st.st_size, (long)st.st_atime,
059ec3d9
PH		 5256 (long)st.st_mtime, (long)st.st_ctime);
5257 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
5258 continue;
5259 }
5260
5261 /* Unknown operator */
5262
5263 default:
5264 expand_string_message =
5265 string_sprintf("unknown expansion operator \"%s\"", name);
5266 goto EXPAND_FAILED;
5267 }
5268 }
5269
5270 /* Handle a plain name. If this is the first thing in the expansion, release
5271 the pre-allocated buffer. If the result data is known to be in a new buffer,
5272 newsize will be set to the size of that buffer, and we can just point at that
5273 store instead of copying. Many expansion strings contain just one reference,
5274 so this is a useful optimization, especially for humungous headers
5275 ($message_headers). */
5276
5277 if (*s++ == '}')
5278 {
5279 int len;
5280 int newsize = 0;
5281 if (ptr == 0)
5282 {
5283 store_reset(yield);
5284 yield = NULL;
5285 size = 0;
5286 }
5287 value = find_variable(name, FALSE, skipping, &newsize);
5288 if (value == NULL)
5289 {
5290 expand_string_message =
5291 string_sprintf("unknown variable in \"${%s}\"", name);
641cb756 5292 check_variable_error_message(name);
059ec3d9
PH		 5293 goto EXPAND_FAILED;
5294 }
5295 len = Ustrlen(value);
5296 if (yield == NULL && newsize != 0)
5297 {
5298 yield = value;
5299 size = newsize;
5300 ptr = len;
5301 }
5302 else yield = string_cat(yield, &size, &ptr, value, len);
5303 continue;
5304 }
5305
5306 /* Else there's something wrong */
5307
5308 expand_string_message =
5309 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
5310 "in a variable reference)", name);
5311 goto EXPAND_FAILED;
5312 }
5313
5314/* If we hit the end of the string when ket_ends is set, there is a missing
5315terminating brace. */
5316
5317if (ket_ends && *s == 0)
5318 {
5319 expand_string_message = malformed_header?
5320 US"missing } at end of string - could be header name not terminated by colon"
5321 :
5322 US"missing } at end of string";
5323 goto EXPAND_FAILED;
5324 }
5325
5326/* Expansion succeeded; yield may still be NULL here if nothing was actually
5327added to the string. If so, set up an empty string. Add a terminating zero. If
5328left != NULL, return a pointer to the terminator. */
5329
5330if (yield == NULL) yield = store_get(1);
5331yield[ptr] = 0;
5332if (left != NULL) *left = s;
5333
5334/* Any stacking store that was used above the final string is no longer needed.
5335In many cases the final string will be the first one that was got and so there
5336will be optimal store usage. */
5337
5338store_reset(yield + ptr + 1);
5339DEBUG(D_expand)
5340 {
5341 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
5342 yield);
5343 if (skipping) debug_printf("skipping: result is not used\n");
5344 }
5345return yield;
5346
5347/* This is the failure exit: easiest to program with a goto. We still need
5348to update the pointer to the terminator, for cases of nested calls with "fail".
5349*/
5350
5351EXPAND_FAILED_CURLY:
5352expand_string_message = malformed_header?
5353 US"missing or misplaced { or } - could be header name not terminated by colon"
5354 :
5355 US"missing or misplaced { or }";
5356
5357/* At one point, Exim reset the store to yield (if yield was not NULL), but
5358that is a bad idea, because expand_string_message is in dynamic store. */
5359
5360EXPAND_FAILED:
5361if (left != NULL) *left = s;
5362DEBUG(D_expand)
5363 {
5364 debug_printf("failed to expand: %s\n", string);
5365 debug_printf(" error message: %s\n", expand_string_message);
5366 if (expand_string_forcedfail) debug_printf("failure was forced\n");
5367 }
5368return NULL;
5369}
5370
5371
5372/* This is the external function call. Do a quick check for any expansion
5373metacharacters, and if there are none, just return the input string.
5374
5375Argument: the string to be expanded
5376Returns: the expanded string, or NULL if expansion failed; if failure was
5377 due to a lookup deferring, search_find_defer will be TRUE
5378*/
5379
5380uschar *
5381expand_string(uschar *string)
5382{
5383search_find_defer = FALSE;
5384malformed_header = FALSE;
5385return (Ustrpbrk(string, "$\\") == NULL)? string :
5386 expand_string_internal(string, FALSE, NULL, FALSE);
5387}
5388
5389
5390
5391/*************************************************
5392* Expand and copy *
5393*************************************************/
5394
5395/* Now and again we want to expand a string and be sure that the result is in a
5396new bit of store. This function does that.
5397
5398Argument: the string to be expanded
5399Returns: the expanded string, always in a new bit of store, or NULL
5400*/
5401
5402uschar *
5403expand_string_copy(uschar *string)
5404{
5405uschar *yield = expand_string(string);
5406if (yield == string) yield = string_copy(string);
5407return yield;
5408}
5409
5410
5411
5412/*************************************************
5413* Expand and interpret as an integer *
5414*************************************************/
5415
5416/* Expand a string, and convert the result into an integer.
5417
d45b1de8
PH		 5418Arguments:
5419 string the string to be expanded
5420 isplus TRUE if a non-negative number is expected
059ec3d9
PH		 5421
5422Returns: the integer value, or
5423 -1 for an expansion error ) in both cases, message in
5424 -2 for an integer interpretation error ) expand_string_message
d45b1de8 5425 expand_string_message is set NULL for an OK integer
059ec3d9
PH		 5426*/
5427
5428int
d45b1de8 5429expand_string_integer(uschar *string, BOOL isplus)
059ec3d9
PH		 5430{
5431long int value;
5432uschar *s = expand_string(string);
5433uschar *msg = US"invalid integer \"%s\"";
5434uschar *endptr;
5435
d45b1de8
PH		 5436/* If expansion failed, expand_string_message will be set. */
5437
059ec3d9
PH		 5438if (s == NULL) return -1;
5439
5440/* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
5441to ERANGE. When there isn't an overflow, errno is not changed, at least on some
5442systems, so we set it zero ourselves. */
5443
5444errno = 0;
d45b1de8 5445expand_string_message = NULL; /* Indicates no error */
059ec3d9
PH		 5446value = strtol(CS s, CSS &endptr, 0);
5447
5448if (endptr == s)
5449 {
5450 msg = US"integer expected but \"%s\" found";
5451 }
d45b1de8
PH		 5452else if (value < 0 && isplus)
5453 {
5454 msg = US"non-negative integer expected but \"%s\" found";
5455 }
059ec3d9
PH		 5456else
5457 {
5458 /* Ensure we can cast this down to an int */
5459 if (value > INT_MAX || value < INT_MIN) errno = ERANGE;
5460
5461 if (errno != ERANGE)
5462 {
5463 if (tolower(*endptr) == 'k')
5464 {
5465 if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE;
5466 else value *= 1024;
5467 endptr++;
5468 }
5469 else if (tolower(*endptr) == 'm')
5470 {
5471 if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024))
5472 errno = ERANGE;
5473 else value *= 1024*1024;
5474 endptr++;
5475 }
5476 }
5477 if (errno == ERANGE)
5478 msg = US"absolute value of integer \"%s\" is too large (overflow)";
5479 else
5480 {
5481 while (isspace(*endptr)) endptr++;
5482 if (*endptr == 0) return (int)value;
5483 }
5484 }
5485
5486expand_string_message = string_sprintf(CS msg, s);
5487return -2;
5488}
5489
059ec3d9
PH		 5490
5491/*************************************************
5492**************************************************
5493* Stand-alone test program *
5494**************************************************
5495*************************************************/
5496
5497#ifdef STAND_ALONE
5498
5499
5500BOOL
5501regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
5502{
5503int ovector[3*(EXPAND_MAXN+1)];
5504int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
5505 ovector, sizeof(ovector)/sizeof(int));
5506BOOL yield = n >= 0;
5507if (n == 0) n = EXPAND_MAXN + 1;
5508if (yield)
5509 {
5510 int nn;
5511 expand_nmax = (setup < 0)? 0 : setup + 1;
5512 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
5513 {
5514 expand_nstring[expand_nmax] = subject + ovector[nn];
5515 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5516 }
5517 expand_nmax--;
5518 }
5519return yield;
5520}
5521
5522
5523int main(int argc, uschar **argv)
5524{
5525int i;
5526uschar buffer[1024];
5527
5528debug_selector = D_v;
5529debug_file = stderr;
5530debug_fd = fileno(debug_file);
5531big_buffer = malloc(big_buffer_size);
5532
5533for (i = 1; i < argc; i++)
5534 {
5535 if (argv[i][0] == '+')
5536 {
5537 debug_trace_memory = 2;
5538 argv[i]++;
5539 }
5540 if (isdigit(argv[i][0]))
5541 debug_selector = Ustrtol(argv[i], NULL, 0);
5542 else
5543 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
5544 Ustrlen(argv[i]))
5545 {
5546 #ifdef LOOKUP_LDAP
5547 eldap_default_servers = argv[i];
5548 #endif
5549 #ifdef LOOKUP_MYSQL
5550 mysql_servers = argv[i];
5551 #endif
5552 #ifdef LOOKUP_PGSQL
5553 pgsql_servers = argv[i];
5554 #endif
5555 }
5556 #ifdef EXIM_PERL
5557 else opt_perl_startup = argv[i];
5558 #endif
5559 }
5560
5561printf("Testing string expansion: debug_level = %d\n\n", debug_level);
5562
5563expand_nstring[1] = US"string 1....";
5564expand_nlength[1] = 8;
5565expand_nmax = 1;
5566
5567#ifdef EXIM_PERL
5568if (opt_perl_startup != NULL)
5569 {
5570 uschar *errstr;
5571 printf("Starting Perl interpreter\n");
5572 errstr = init_perl(opt_perl_startup);
5573 if (errstr != NULL)
5574 {
5575 printf("** error in perl_startup code: %s\n", errstr);
5576 return EXIT_FAILURE;
5577 }
5578 }
5579#endif /* EXIM_PERL */
5580
5581while (fgets(buffer, sizeof(buffer), stdin) != NULL)
5582 {
5583 void *reset_point = store_get(0);
5584 uschar *yield = expand_string(buffer);
5585 if (yield != NULL)
5586 {
5587 printf("%s\n", yield);
5588 store_reset(reset_point);
5589 }
5590 else
5591 {
5592 if (search_find_defer) printf("search_find deferred\n");
5593 printf("Failed: %s\n", expand_string_message);
5594 if (expand_string_forcedfail) printf("Forced failure\n");
5595 printf("\n");
5596 }
5597 }
5598
5599search_tidyup();
5600
5601return 0;
5602}
5603
5604#endif
5605
5606/* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.