Use Ustrlen() on a uschar
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
5a66c31b 5/* Copyright (c) University of Cambridge 1995 - 2014 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH
14/* Recursively called function */
15
b0e85a8f 16static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL, BOOL, BOOL *);
96c065cb 17
059ec3d9
PH
18#ifdef STAND_ALONE
19#ifndef SUPPORT_CRYPTEQ
20#define SUPPORT_CRYPTEQ
21#endif
22#endif
23
96c065cb
PH
24#ifdef LOOKUP_LDAP
25#include "lookups/ldap.h"
26#endif
27
059ec3d9
PH
28#ifdef SUPPORT_CRYPTEQ
29#ifdef CRYPT_H
30#include <crypt.h>
31#endif
32#ifndef HAVE_CRYPT16
33extern char* crypt16(char*, char*);
34#endif
35#endif
36
96c065cb
PH
37/* The handling of crypt16() is a mess. I will record below the analysis of the
38mess that was sent to me. We decided, however, to make changing this very low
39priority, because in practice people are moving away from the crypt()
40algorithms nowadays, so it doesn't seem worth it.
41
42<quote>
43There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44the first 8 characters of the password using a 20-round version of crypt
45(standard crypt does 25 rounds). It then crypts the next 8 characters,
46or an empty block if the password is less than 9 characters, using a
4720-round version of crypt and the same salt as was used for the first
48block. Charaters after the first 16 are ignored. It always generates
49a 16-byte hash, which is expressed together with the salt as a string
50of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56and OSF/1. This is the same as the standard crypt if given a password
57of 8 characters or less. If given more, it first does the same as crypt
58using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59using as salt the first two base 64 digits from the first hash block.
60If the password is more than 16 characters then it crypts the 17th to 24th
61characters using as salt the first two base 64 digits from the second hash
62block. And so on: I've seen references to it cutting off the password at
6340 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70Exim has something it calls "crypt16". It will either use a native
71crypt16 or its own implementation. A native crypt16 will presumably
72be the one that I called "crypt16" above. The internal "crypt16"
73function, however, is a two-block-maximum implementation of what I called
74"bigcrypt". The documentation matches the internal code.
75
76I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77that crypt16 and bigcrypt were different things.
78
79Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80to whatever it is using under that name. This unfortunately sets a
81precedent for using "{crypt16}" to identify two incompatible algorithms
82whose output can't be distinguished. With "{crypt16}" thus rendered
83ambiguous, I suggest you deprecate it and invent two new identifiers
84for the two algorithms.
85
86Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87of the password separately means they can be cracked separately, so
88the double-length hash only doubles the cracking effort instead of
89squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90bcrypt ({CRYPT}$2a$).
91</quote>
92*/
059ec3d9
PH
93
94
059ec3d9 95
9d1c15ef
JH
96#ifndef nelements
97# define nelements(arr) (sizeof(arr) / sizeof(*arr))
98#endif
059ec3d9
PH
99
100/*************************************************
101* Local statics and tables *
102*************************************************/
103
104/* Table of item names, and corresponding switch numbers. The names must be in
105alphabetical order. */
106
107static uschar *item_table[] = {
723c72e6 108 US"acl",
9d1c15ef 109 US"certextract",
1a46a8c5 110 US"dlfunc",
059ec3d9 111 US"extract",
29f89cad 112 US"filter",
059ec3d9
PH
113 US"hash",
114 US"hmac",
115 US"if",
116 US"length",
aa26e137 117 US"listextract",
059ec3d9 118 US"lookup",
29f89cad 119 US"map",
059ec3d9 120 US"nhash",
1a46a8c5 121 US"perl",
fffda43a
TK
122 US"prvs",
123 US"prvscheck",
059ec3d9
PH
124 US"readfile",
125 US"readsocket",
29f89cad 126 US"reduce",
059ec3d9
PH
127 US"run",
128 US"sg",
129 US"substr",
130 US"tr" };
131
132enum {
723c72e6 133 EITEM_ACL,
9d1c15ef 134 EITEM_CERTEXTRACT,
1a46a8c5 135 EITEM_DLFUNC,
059ec3d9 136 EITEM_EXTRACT,
29f89cad 137 EITEM_FILTER,
059ec3d9
PH
138 EITEM_HASH,
139 EITEM_HMAC,
140 EITEM_IF,
141 EITEM_LENGTH,
aa26e137 142 EITEM_LISTEXTRACT,
059ec3d9 143 EITEM_LOOKUP,
29f89cad 144 EITEM_MAP,
059ec3d9 145 EITEM_NHASH,
1a46a8c5 146 EITEM_PERL,
fffda43a
TK
147 EITEM_PRVS,
148 EITEM_PRVSCHECK,
059ec3d9
PH
149 EITEM_READFILE,
150 EITEM_READSOCK,
29f89cad 151 EITEM_REDUCE,
059ec3d9
PH
152 EITEM_RUN,
153 EITEM_SG,
154 EITEM_SUBSTR,
155 EITEM_TR };
156
157/* Tables of operator names, and corresponding switch numbers. The names must be
158in alphabetical order. There are two tables, because underscore is used in some
159cases to introduce arguments, whereas for other it is part of the name. This is
160an historical mis-design. */
161
162static uschar *op_table_underscore[] = {
163 US"from_utf8",
164 US"local_part",
165 US"quote_local_part",
83e029d5 166 US"reverse_ip",
f90d018c 167 US"time_eval",
059ec3d9
PH
168 US"time_interval"};
169
170enum {
171 EOP_FROM_UTF8,
172 EOP_LOCAL_PART,
173 EOP_QUOTE_LOCAL_PART,
83e029d5 174 EOP_REVERSE_IP,
f90d018c 175 EOP_TIME_EVAL,
059ec3d9
PH
176 EOP_TIME_INTERVAL };
177
178static uschar *op_table_main[] = {
179 US"address",
29f89cad 180 US"addresses",
059ec3d9
PH
181 US"base62",
182 US"base62d",
183 US"domain",
184 US"escape",
185 US"eval",
186 US"eval10",
187 US"expand",
188 US"h",
189 US"hash",
190 US"hex2b64",
c393f931 191 US"hexquote",
059ec3d9
PH
192 US"l",
193 US"lc",
194 US"length",
a64a3dfa
JH
195 US"listcount",
196 US"listnamed",
059ec3d9
PH
197 US"mask",
198 US"md5",
199 US"nh",
200 US"nhash",
201 US"quote",
9e3331ea 202 US"randint",
059ec3d9 203 US"rfc2047",
9c57cbc0 204 US"rfc2047d",
059ec3d9
PH
205 US"rxquote",
206 US"s",
207 US"sha1",
9ef9101c 208 US"sha256",
059ec3d9
PH
209 US"stat",
210 US"str2b64",
211 US"strlen",
212 US"substr",
b9c2e32f
AR
213 US"uc",
214 US"utf8clean" };
059ec3d9
PH
215
216enum {
217 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
29f89cad 218 EOP_ADDRESSES,
059ec3d9
PH
219 EOP_BASE62,
220 EOP_BASE62D,
221 EOP_DOMAIN,
222 EOP_ESCAPE,
223 EOP_EVAL,
224 EOP_EVAL10,
225 EOP_EXPAND,
226 EOP_H,
227 EOP_HASH,
228 EOP_HEX2B64,
c393f931 229 EOP_HEXQUOTE,
059ec3d9
PH
230 EOP_L,
231 EOP_LC,
232 EOP_LENGTH,
a64a3dfa
JH
233 EOP_LISTCOUNT,
234 EOP_LISTNAMED,
059ec3d9
PH
235 EOP_MASK,
236 EOP_MD5,
237 EOP_NH,
238 EOP_NHASH,
239 EOP_QUOTE,
9e3331ea 240 EOP_RANDINT,
059ec3d9 241 EOP_RFC2047,
9c57cbc0 242 EOP_RFC2047D,
059ec3d9
PH
243 EOP_RXQUOTE,
244 EOP_S,
245 EOP_SHA1,
9ef9101c 246 EOP_SHA256,
059ec3d9
PH
247 EOP_STAT,
248 EOP_STR2B64,
249 EOP_STRLEN,
250 EOP_SUBSTR,
b9c2e32f
AR
251 EOP_UC,
252 EOP_UTF8CLEAN };
059ec3d9
PH
253
254
255/* Table of condition names, and corresponding switch numbers. The names must
256be in alphabetical order. */
257
258static uschar *cond_table[] = {
259 US"<",
260 US"<=",
261 US"=",
262 US"==", /* Backward compatibility */
263 US">",
264 US">=",
333eea9c 265 US"acl",
059ec3d9 266 US"and",
f3766eb5 267 US"bool",
6a8de854 268 US"bool_lax",
059ec3d9
PH
269 US"crypteq",
270 US"def",
271 US"eq",
272 US"eqi",
273 US"exists",
274 US"first_delivery",
0ce9abe6
PH
275 US"forall",
276 US"forany",
059ec3d9
PH
277 US"ge",
278 US"gei",
279 US"gt",
280 US"gti",
76dca828
PP
281 US"inlist",
282 US"inlisti",
059ec3d9
PH
283 US"isip",
284 US"isip4",
285 US"isip6",
286 US"ldapauth",
287 US"le",
288 US"lei",
289 US"lt",
290 US"lti",
291 US"match",
292 US"match_address",
293 US"match_domain",
32d668a5 294 US"match_ip",
059ec3d9
PH
295 US"match_local_part",
296 US"or",
297 US"pam",
298 US"pwcheck",
299 US"queue_running",
300 US"radius",
301 US"saslauthd"
302};
303
304enum {
305 ECOND_NUM_L,
306 ECOND_NUM_LE,
307 ECOND_NUM_E,
308 ECOND_NUM_EE,
309 ECOND_NUM_G,
310 ECOND_NUM_GE,
333eea9c 311 ECOND_ACL,
059ec3d9 312 ECOND_AND,
f3766eb5 313 ECOND_BOOL,
6a8de854 314 ECOND_BOOL_LAX,
059ec3d9
PH
315 ECOND_CRYPTEQ,
316 ECOND_DEF,
317 ECOND_STR_EQ,
318 ECOND_STR_EQI,
319 ECOND_EXISTS,
320 ECOND_FIRST_DELIVERY,
0ce9abe6
PH
321 ECOND_FORALL,
322 ECOND_FORANY,
059ec3d9
PH
323 ECOND_STR_GE,
324 ECOND_STR_GEI,
325 ECOND_STR_GT,
326 ECOND_STR_GTI,
76dca828
PP
327 ECOND_INLIST,
328 ECOND_INLISTI,
059ec3d9
PH
329 ECOND_ISIP,
330 ECOND_ISIP4,
331 ECOND_ISIP6,
332 ECOND_LDAPAUTH,
333 ECOND_STR_LE,
334 ECOND_STR_LEI,
335 ECOND_STR_LT,
336 ECOND_STR_LTI,
337 ECOND_MATCH,
338 ECOND_MATCH_ADDRESS,
339 ECOND_MATCH_DOMAIN,
32d668a5 340 ECOND_MATCH_IP,
059ec3d9
PH
341 ECOND_MATCH_LOCAL_PART,
342 ECOND_OR,
343 ECOND_PAM,
344 ECOND_PWCHECK,
345 ECOND_QUEUE_RUNNING,
346 ECOND_RADIUS,
347 ECOND_SASLAUTHD
348};
349
350
059ec3d9
PH
351/* Types of table entry */
352
7e75538e 353enum vtypes {
059ec3d9
PH
354 vtype_int, /* value is address of int */
355 vtype_filter_int, /* ditto, but recognized only when filtering */
356 vtype_ino, /* value is address of ino_t (not always an int) */
357 vtype_uid, /* value is address of uid_t (not always an int) */
358 vtype_gid, /* value is address of gid_t (not always an int) */
11d7e4fa 359 vtype_bool, /* value is address of bool */
059ec3d9
PH
360 vtype_stringptr, /* value is address of pointer to string */
361 vtype_msgbody, /* as stringptr, but read when first required */
362 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH
363 vtype_msgheaders, /* the message's headers, processed */
364 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH
365 vtype_localpart, /* extract local part from string */
366 vtype_domain, /* extract domain from string */
362145b5 367 vtype_string_func, /* value is string returned by given function */
059ec3d9
PH
368 vtype_todbsdin, /* value not used; generate BSD inbox tod */
369 vtype_tode, /* value not used; generate tod in epoch format */
f5787926 370 vtype_todel, /* value not used; generate tod in epoch/usec format */
059ec3d9
PH
371 vtype_todf, /* value not used; generate full tod */
372 vtype_todl, /* value not used; generate log tod */
373 vtype_todlf, /* value not used; generate log file datestamp tod */
374 vtype_todzone, /* value not used; generate time zone only */
375 vtype_todzulu, /* value not used; generate zulu tod */
376 vtype_reply, /* value not used; get reply from headers */
377 vtype_pid, /* value not used; result is pid */
378 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH
379 vtype_load_avg, /* value not used; result is int from os_getloadavg */
380 vtype_pspace, /* partition space; value is T/F for spool/log */
9d1c15ef
JH
381 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
382 vtype_cert /* SSL certificate */
80a47a2c
TK
383 #ifndef DISABLE_DKIM
384 ,vtype_dkim /* Lookup of value in DKIM signature */
385 #endif
7e75538e
JH
386};
387
388/* Type for main variable table */
389
390typedef struct {
391 const char *name;
392 enum vtypes type;
393 void *value;
394} var_entry;
395
396/* Type for entries pointing to address/length pairs. Not currently
397in use. */
398
399typedef struct {
400 uschar **address;
401 int *length;
402} alblock;
059ec3d9 403
362145b5
JH
404static uschar * fn_recipients(void);
405
059ec3d9
PH
406/* This table must be kept in alphabetical order. */
407
408static var_entry var_table[] = {
38a0a95f
PH
409 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
410 they will be confused with user-creatable ACL variables. */
525239c1
JH
411 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
412 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
413 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
414 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
415 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
416 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
417 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
418 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
419 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
420 { "acl_narg", vtype_int, &acl_narg },
059ec3d9
PH
421 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
422 { "address_data", vtype_stringptr, &deliver_address_data },
423 { "address_file", vtype_stringptr, &address_file },
424 { "address_pipe", vtype_stringptr, &address_pipe },
2d07a215 425 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
059ec3d9
PH
426 { "authenticated_id", vtype_stringptr, &authenticated_id },
427 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
428 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP
429#ifdef WITH_CONTENT_SCAN
430 { "av_failed", vtype_int, &av_failed },
431#endif
8523533c
TK
432#ifdef EXPERIMENTAL_BRIGHTMAIL
433 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
434 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
435 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
436 { "bmi_deliver", vtype_int, &bmi_deliver },
437#endif
059ec3d9
PH
438 { "body_linecount", vtype_int, &body_linecount },
439 { "body_zerocount", vtype_int, &body_zerocount },
440 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
441 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
442 { "caller_gid", vtype_gid, &real_gid },
443 { "caller_uid", vtype_uid, &real_uid },
444 { "compile_date", vtype_stringptr, &version_date },
445 { "compile_number", vtype_stringptr, &version_cnumber },
e5a9dba6 446 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK
447#ifdef EXPERIMENTAL_DCC
448 { "dcc_header", vtype_stringptr, &dcc_header },
449 { "dcc_result", vtype_stringptr, &dcc_result },
450#endif
8523533c
TK
451#ifdef WITH_OLD_DEMIME
452 { "demime_errorlevel", vtype_int, &demime_errorlevel },
453 { "demime_reason", vtype_stringptr, &demime_reason },
454#endif
80a47a2c
TK
455#ifndef DISABLE_DKIM
456 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
457 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
458 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
459 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
460 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
461 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 462 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 463 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK
464 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
465 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
466 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
467 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
468 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
469 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
470 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
471 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 472 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 473 { "dkim_signers", vtype_stringptr, &dkim_signers },
80a47a2c
TK
474 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
475 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
e08d09e5 476#endif
4840604e
TL
477#ifdef EXPERIMENTAL_DMARC
478 { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
8c8b8274 479 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
4840604e
TL
480 { "dmarc_status", vtype_stringptr, &dmarc_status },
481 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
482 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
483#endif
059ec3d9 484 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 485 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH
486 { "dnslist_text", vtype_stringptr, &dnslist_text },
487 { "dnslist_value", vtype_stringptr, &dnslist_value },
488 { "domain", vtype_stringptr, &deliver_domain },
489 { "domain_data", vtype_stringptr, &deliver_domain_data },
490 { "exim_gid", vtype_gid, &exim_gid },
491 { "exim_path", vtype_stringptr, &exim_path },
492 { "exim_uid", vtype_uid, &exim_uid },
8523533c
TK
493#ifdef WITH_OLD_DEMIME
494 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 495#endif
362145b5 496 { "headers_added", vtype_string_func, &fn_hdrs_added },
059ec3d9
PH
497 { "home", vtype_stringptr, &deliver_home },
498 { "host", vtype_stringptr, &deliver_host },
499 { "host_address", vtype_stringptr, &deliver_host_address },
500 { "host_data", vtype_stringptr, &host_data },
b08b24c8 501 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9
PH
502 { "host_lookup_failed", vtype_int, &host_lookup_failed },
503 { "inode", vtype_ino, &deliver_inode },
504 { "interface_address", vtype_stringptr, &interface_address },
505 { "interface_port", vtype_int, &interface_port },
0ce9abe6 506 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH
507 #ifdef LOOKUP_LDAP
508 { "ldap_dn", vtype_stringptr, &eldap_dn },
509 #endif
510 { "load_average", vtype_load_avg, NULL },
511 { "local_part", vtype_stringptr, &deliver_localpart },
512 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
513 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
514 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
515 { "local_scan_data", vtype_stringptr, &local_scan_data },
516 { "local_user_gid", vtype_gid, &local_user_gid },
517 { "local_user_uid", vtype_uid, &local_user_uid },
518 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 519 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 520 { "log_space", vtype_pspace, (void *)FALSE },
4e0983dc 521 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
059ec3d9 522 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK
523#ifdef WITH_CONTENT_SCAN
524 { "malware_name", vtype_stringptr, &malware_name },
525#endif
d677b2f2 526 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH
527 { "message_age", vtype_int, &message_age },
528 { "message_body", vtype_msgbody, &message_body },
529 { "message_body_end", vtype_msgbody_end, &message_body_end },
530 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 531 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 532 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 533 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 534 { "message_id", vtype_stringptr, &message_id },
2e0c1448 535 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 536 { "message_size", vtype_int, &message_size },
8523533c
TK
537#ifdef WITH_CONTENT_SCAN
538 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
539 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
540 { "mime_boundary", vtype_stringptr, &mime_boundary },
541 { "mime_charset", vtype_stringptr, &mime_charset },
542 { "mime_content_description", vtype_stringptr, &mime_content_description },
543 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
544 { "mime_content_id", vtype_stringptr, &mime_content_id },
545 { "mime_content_size", vtype_int, &mime_content_size },
546 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
547 { "mime_content_type", vtype_stringptr, &mime_content_type },
548 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
549 { "mime_filename", vtype_stringptr, &mime_filename },
550 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
551 { "mime_is_multipart", vtype_int, &mime_is_multipart },
552 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
553 { "mime_part_count", vtype_int, &mime_part_count },
554#endif
059ec3d9
PH
555 { "n0", vtype_filter_int, &filter_n[0] },
556 { "n1", vtype_filter_int, &filter_n[1] },
557 { "n2", vtype_filter_int, &filter_n[2] },
558 { "n3", vtype_filter_int, &filter_n[3] },
559 { "n4", vtype_filter_int, &filter_n[4] },
560 { "n5", vtype_filter_int, &filter_n[5] },
561 { "n6", vtype_filter_int, &filter_n[6] },
562 { "n7", vtype_filter_int, &filter_n[7] },
563 { "n8", vtype_filter_int, &filter_n[8] },
564 { "n9", vtype_filter_int, &filter_n[9] },
565 { "original_domain", vtype_stringptr, &deliver_domain_orig },
566 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
567 { "originator_gid", vtype_gid, &originator_gid },
568 { "originator_uid", vtype_uid, &originator_uid },
569 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
570 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
571 { "pid", vtype_pid, NULL },
572 { "primary_hostname", vtype_stringptr, &primary_hostname },
a3c86431 573#ifdef EXPERIMENTAL_PROXY
a3bddaa8
TL
574 { "proxy_host_address", vtype_stringptr, &proxy_host_address },
575 { "proxy_host_port", vtype_int, &proxy_host_port },
a3c86431 576 { "proxy_session", vtype_bool, &proxy_session },
eb57651e
TL
577 { "proxy_target_address",vtype_stringptr, &proxy_target_address },
578 { "proxy_target_port", vtype_int, &proxy_target_port },
a3c86431 579#endif
fffda43a
TK
580 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
581 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
582 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH
583 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
584 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
585 { "rcpt_count", vtype_int, &rcpt_count },
586 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
587 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
588 { "received_count", vtype_int, &received_count },
589 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH
590 { "received_ip_address", vtype_stringptr, &interface_address },
591 { "received_port", vtype_int, &interface_port },
059ec3d9 592 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 593 { "received_time", vtype_int, &received_time },
059ec3d9 594 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 595 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
362145b5 596 { "recipients", vtype_string_func, &fn_recipients },
059ec3d9 597 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK
598#ifdef WITH_CONTENT_SCAN
599 { "regex_match_string", vtype_stringptr, &regex_match_string },
600#endif
059ec3d9
PH
601 { "reply_address", vtype_reply, NULL },
602 { "return_path", vtype_stringptr, &return_path },
603 { "return_size_limit", vtype_int, &bounce_return_size_limit },
181d9bf8 604 { "router_name", vtype_stringptr, &router_name },
059ec3d9
PH
605 { "runrc", vtype_int, &runrc },
606 { "self_hostname", vtype_stringptr, &self_hostname },
607 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 608 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH
609 { "sender_address_domain", vtype_domain, &sender_address },
610 { "sender_address_local_part", vtype_localpart, &sender_address },
611 { "sender_data", vtype_stringptr, &sender_data },
612 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
613 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
614 { "sender_host_address", vtype_stringptr, &sender_host_address },
615 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
11d7e4fa 616 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
059ec3d9
PH
617 { "sender_host_name", vtype_host_lookup, NULL },
618 { "sender_host_port", vtype_int, &sender_host_port },
619 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF
620 { "sender_rate", vtype_stringptr, &sender_rate },
621 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
622 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 623 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 624 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH
625 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
626 { "sending_port", vtype_int, &sending_port },
8e669ac1 627 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH
628 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
629 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
b01dd148 630 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 631 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH
632 { "sn0", vtype_filter_int, &filter_sn[0] },
633 { "sn1", vtype_filter_int, &filter_sn[1] },
634 { "sn2", vtype_filter_int, &filter_sn[2] },
635 { "sn3", vtype_filter_int, &filter_sn[3] },
636 { "sn4", vtype_filter_int, &filter_sn[4] },
637 { "sn5", vtype_filter_int, &filter_sn[5] },
638 { "sn6", vtype_filter_int, &filter_sn[6] },
639 { "sn7", vtype_filter_int, &filter_sn[7] },
640 { "sn8", vtype_filter_int, &filter_sn[8] },
641 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c
TK
642#ifdef WITH_CONTENT_SCAN
643 { "spam_bar", vtype_stringptr, &spam_bar },
644 { "spam_report", vtype_stringptr, &spam_report },
645 { "spam_score", vtype_stringptr, &spam_score },
646 { "spam_score_int", vtype_stringptr, &spam_score_int },
647#endif
648#ifdef EXPERIMENTAL_SPF
65a7d8c3 649 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK
650 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
651 { "spf_received", vtype_stringptr, &spf_received },
652 { "spf_result", vtype_stringptr, &spf_result },
653 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
654#endif
059ec3d9 655 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 656 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 657 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK
658#ifdef EXPERIMENTAL_SRS
659 { "srs_db_address", vtype_stringptr, &srs_db_address },
660 { "srs_db_key", vtype_stringptr, &srs_db_key },
661 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
662 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
663 { "srs_recipient", vtype_stringptr, &srs_recipient },
664 { "srs_status", vtype_stringptr, &srs_status },
665#endif
059ec3d9 666 { "thisaddress", vtype_stringptr, &filter_thisaddress },
817d9f57 667
d9b2312b 668 /* The non-(in,out) variables are now deprecated */
817d9f57
JH
669 { "tls_bits", vtype_int, &tls_in.bits },
670 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
671 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
d9b2312b
JH
672
673 { "tls_in_bits", vtype_int, &tls_in.bits },
674 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
675 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
44662487 676 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
9d1c15ef
JH
677 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
678 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
d9b2312b 679 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
4b57b15d 680#if defined(SUPPORT_TLS)
d9b2312b
JH
681 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
682#endif
817d9f57 683 { "tls_out_bits", vtype_int, &tls_out.bits },
cb9d95ae 684 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
817d9f57 685 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
44662487 686 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
9d1c15ef
JH
687 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
688 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
817d9f57 689 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
4b57b15d 690#if defined(SUPPORT_TLS)
817d9f57 691 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
7be682ca 692#endif
d9b2312b 693
613dd4ae 694 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
4b57b15d 695#if defined(SUPPORT_TLS)
613dd4ae
JH
696 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
697#endif
817d9f57 698
059ec3d9
PH
699 { "tod_bsdinbox", vtype_todbsdin, NULL },
700 { "tod_epoch", vtype_tode, NULL },
f5787926 701 { "tod_epoch_l", vtype_todel, NULL },
059ec3d9
PH
702 { "tod_full", vtype_todf, NULL },
703 { "tod_log", vtype_todl, NULL },
704 { "tod_logfile", vtype_todlf, NULL },
705 { "tod_zone", vtype_todzone, NULL },
706 { "tod_zulu", vtype_todzulu, NULL },
d68218c7
JH
707#ifdef EXPERIMENTAL_TPDA
708 { "tpda_defer_errno", vtype_int, &tpda_defer_errno },
709 { "tpda_defer_errstr", vtype_stringptr, &tpda_defer_errstr },
710 { "tpda_delivery_confirmation", vtype_stringptr, &tpda_delivery_confirmation },
711 { "tpda_delivery_domain", vtype_stringptr, &tpda_delivery_domain },
712 { "tpda_delivery_fqdn", vtype_stringptr, &tpda_delivery_fqdn },
713 { "tpda_delivery_ip", vtype_stringptr, &tpda_delivery_ip },
714 { "tpda_delivery_local_part",vtype_stringptr,&tpda_delivery_local_part },
715 { "tpda_delivery_port", vtype_int, &tpda_delivery_port },
716#endif
181d9bf8 717 { "transport_name", vtype_stringptr, &transport_name },
059ec3d9
PH
718 { "value", vtype_stringptr, &lookup_value },
719 { "version_number", vtype_stringptr, &version_string },
720 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
721 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
722 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
723 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
724 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
725 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
726};
727
728static int var_table_size = sizeof(var_table)/sizeof(var_entry);
729static uschar var_buffer[256];
730static BOOL malformed_header;
731
732/* For textual hashes */
733
1ba28e2b
PP
734static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
735 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
736 "0123456789";
059ec3d9
PH
737
738enum { HMAC_MD5, HMAC_SHA1 };
739
740/* For numeric hashes */
741
742static unsigned int prime[] = {
743 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
744 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
745 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
746
747/* For printing modes in symbolic form */
748
749static uschar *mtable_normal[] =
750 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
751
752static uschar *mtable_setid[] =
753 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
754
755static uschar *mtable_sticky[] =
756 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
757
758
759
760/*************************************************
761* Tables for UTF-8 support *
762*************************************************/
763
764/* Table of the number of extra characters, indexed by the first character
765masked with 0x3f. The highest number for a valid UTF-8 character is in fact
7660x3d. */
767
768static uschar utf8_table1[] = {
769 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
770 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
771 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
772 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
773
774/* These are the masks for the data bits in the first byte of a character,
775indexed by the number of additional bytes. */
776
777static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
778
779/* Get the next UTF-8 character, advancing the pointer. */
780
781#define GETUTF8INC(c, ptr) \
782 c = *ptr++; \
783 if ((c & 0xc0) == 0xc0) \
784 { \
785 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
786 int s = 6*a; \
787 c = (c & utf8_table2[a]) << s; \
788 while (a-- > 0) \
789 { \
790 s -= 6; \
791 c |= (*ptr++ & 0x3f) << s; \
792 } \
793 }
794
795
796/*************************************************
797* Binary chop search on a table *
798*************************************************/
799
800/* This is used for matching expansion items and operators.
801
802Arguments:
803 name the name that is being sought
804 table the table to search
805 table_size the number of items in the table
806
807Returns: the offset in the table, or -1
808*/
809
810static int
811chop_match(uschar *name, uschar **table, int table_size)
812{
813uschar **bot = table;
814uschar **top = table + table_size;
815
816while (top > bot)
817 {
818 uschar **mid = bot + (top - bot)/2;
819 int c = Ustrcmp(name, *mid);
820 if (c == 0) return mid - table;
821 if (c > 0) bot = mid + 1; else top = mid;
822 }
823
824return -1;
825}
826
827
828
829/*************************************************
830* Check a condition string *
831*************************************************/
832
833/* This function is called to expand a string, and test the result for a "true"
834or "false" value. Failure of the expansion yields FALSE; logged unless it was a
be7a5781
JH
835forced fail or lookup defer.
836
837We used to release all store used, but this is not not safe due
838to ${dlfunc } and ${acl }. In any case expand_string_internal()
839is reasonably careful to release what it can.
059ec3d9 840
6a8de854
PP
841The actual false-value tests should be replicated for ECOND_BOOL_LAX.
842
059ec3d9
PH
843Arguments:
844 condition the condition string
845 m1 text to be incorporated in panic error
846 m2 ditto
847
848Returns: TRUE if condition is met, FALSE if not
849*/
850
851BOOL
852expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
853{
854int rc;
059ec3d9
PH
855uschar *ss = expand_string(condition);
856if (ss == NULL)
857 {
858 if (!expand_string_forcedfail && !search_find_defer)
859 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
860 "for %s %s: %s", condition, m1, m2, expand_string_message);
861 return FALSE;
862 }
863rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
864 strcmpic(ss, US"false") != 0;
059ec3d9
PH
865return rc;
866}
867
868
869
17c76198 870
059ec3d9 871/*************************************************
9e3331ea
TK
872* Pseudo-random number generation *
873*************************************************/
874
875/* Pseudo-random number generation. The result is not "expected" to be
876cryptographically strong but not so weak that someone will shoot themselves
877in the foot using it as a nonce in some email header scheme or whatever
878weirdness they'll twist this into. The result should ideally handle fork().
879
880However, if we're stuck unable to provide this, then we'll fall back to
881appallingly bad randomness.
882
17c76198
PP
883If SUPPORT_TLS is defined then this will not be used except as an emergency
884fallback.
9e3331ea
TK
885
886Arguments:
887 max range maximum
888Returns a random number in range [0, max-1]
889*/
890
17c76198
PP
891#ifdef SUPPORT_TLS
892# define vaguely_random_number vaguely_random_number_fallback
893#endif
9e3331ea 894int
17c76198 895vaguely_random_number(int max)
9e3331ea 896{
17c76198
PP
897#ifdef SUPPORT_TLS
898# undef vaguely_random_number
899#endif
9e3331ea
TK
900 static pid_t pid = 0;
901 pid_t p2;
902#if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
903 struct timeval tv;
904#endif
905
906 p2 = getpid();
907 if (p2 != pid)
908 {
909 if (pid != 0)
910 {
911
912#ifdef HAVE_ARC4RANDOM
913 /* cryptographically strong randomness, common on *BSD platforms, not
914 so much elsewhere. Alas. */
915 arc4random_stir();
916#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
917#ifdef HAVE_SRANDOMDEV
918 /* uses random(4) for seeding */
919 srandomdev();
920#else
921 gettimeofday(&tv, NULL);
922 srandom(tv.tv_sec | tv.tv_usec | getpid());
923#endif
924#else
925 /* Poor randomness and no seeding here */
926#endif
927
928 }
929 pid = p2;
930 }
931
932#ifdef HAVE_ARC4RANDOM
933 return arc4random() % max;
934#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
935 return random() % max;
936#else
937 /* This one returns a 16-bit number, definitely not crypto-strong */
938 return random_number(max);
939#endif
940}
941
17c76198
PP
942
943
9e3331ea
TK
944
945/*************************************************
059ec3d9
PH
946* Pick out a name from a string *
947*************************************************/
948
949/* If the name is too long, it is silently truncated.
950
951Arguments:
952 name points to a buffer into which to put the name
953 max is the length of the buffer
954 s points to the first alphabetic character of the name
955 extras chars other than alphanumerics to permit
956
957Returns: pointer to the first character after the name
958
959Note: The test for *s != 0 in the while loop is necessary because
960Ustrchr() yields non-NULL if the character is zero (which is not something
961I expected). */
962
963static uschar *
964read_name(uschar *name, int max, uschar *s, uschar *extras)
965{
966int ptr = 0;
967while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
968 {
969 if (ptr < max-1) name[ptr++] = *s;
970 s++;
971 }
972name[ptr] = 0;
973return s;
974}
975
976
977
978/*************************************************
979* Pick out the rest of a header name *
980*************************************************/
981
982/* A variable name starting $header_ (or just $h_ for those who like
983abbreviations) might not be the complete header name because headers can
984contain any printing characters in their names, except ':'. This function is
985called to read the rest of the name, chop h[eader]_ off the front, and put ':'
986on the end, if the name was terminated by white space.
987
988Arguments:
989 name points to a buffer in which the name read so far exists
990 max is the length of the buffer
991 s points to the first character after the name so far, i.e. the
992 first non-alphameric character after $header_xxxxx
993
994Returns: a pointer to the first character after the header name
995*/
996
997static uschar *
998read_header_name(uschar *name, int max, uschar *s)
999{
1000int prelen = Ustrchr(name, '_') - name + 1;
1001int ptr = Ustrlen(name) - prelen;
1002if (ptr > 0) memmove(name, name+prelen, ptr);
1003while (mac_isgraph(*s) && *s != ':')
1004 {
1005 if (ptr < max-1) name[ptr++] = *s;
1006 s++;
1007 }
1008if (*s == ':') s++;
1009name[ptr++] = ':';
1010name[ptr] = 0;
1011return s;
1012}
1013
1014
1015
1016/*************************************************
1017* Pick out a number from a string *
1018*************************************************/
1019
1020/* Arguments:
1021 n points to an integer into which to put the number
1022 s points to the first digit of the number
1023
1024Returns: a pointer to the character after the last digit
1025*/
1026
1027static uschar *
1028read_number(int *n, uschar *s)
1029{
1030*n = 0;
1031while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1032return s;
1033}
1034
1035
1036
1037/*************************************************
1038* Extract keyed subfield from a string *
1039*************************************************/
1040
1041/* The yield is in dynamic store; NULL means that the key was not found.
1042
1043Arguments:
1044 key points to the name of the key
1045 s points to the string from which to extract the subfield
1046
1047Returns: NULL if the subfield was not found, or
1048 a pointer to the subfield's data
1049*/
1050
1051static uschar *
1052expand_getkeyed(uschar *key, uschar *s)
1053{
1054int length = Ustrlen(key);
1055while (isspace(*s)) s++;
1056
1057/* Loop to search for the key */
1058
1059while (*s != 0)
1060 {
1061 int dkeylength;
1062 uschar *data;
1063 uschar *dkey = s;
1064
1065 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1066 dkeylength = s - dkey;
1067 while (isspace(*s)) s++;
1068 if (*s == '=') while (isspace((*(++s))));
1069
1070 data = string_dequote(&s);
1071 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1072 return data;
1073
1074 while (isspace(*s)) s++;
1075 }
1076
1077return NULL;
1078}
1079
1080
1081
9d1c15ef
JH
1082static var_entry *
1083find_var_ent(uschar * name)
1084{
1085int first = 0;
1086int last = var_table_size;
1087
1088while (last > first)
1089 {
1090 int middle = (first + last)/2;
1091 int c = Ustrcmp(name, var_table[middle].name);
1092
1093 if (c > 0) { first = middle + 1; continue; }
1094 if (c < 0) { last = middle; continue; }
1095 return &var_table[middle];
1096 }
1097return NULL;
1098}
059ec3d9
PH
1099
1100/*************************************************
1101* Extract numbered subfield from string *
1102*************************************************/
1103
1104/* Extracts a numbered field from a string that is divided by tokens - for
1105example a line from /etc/passwd is divided by colon characters. First field is
1106numbered one. Negative arguments count from the right. Zero returns the whole
1107string. Returns NULL if there are insufficient tokens in the string
1108
1109***WARNING***
1110Modifies final argument - this is a dynamically generated string, so that's OK.
1111
1112Arguments:
1113 field number of field to be extracted,
1114 first field = 1, whole string = 0, last field = -1
1115 separators characters that are used to break string into tokens
1116 s points to the string from which to extract the subfield
1117
1118Returns: NULL if the field was not found,
1119 a pointer to the field's data inside s (modified to add 0)
1120*/
1121
1122static uschar *
1123expand_gettokened (int field, uschar *separators, uschar *s)
1124{
1125int sep = 1;
1126int count;
1127uschar *ss = s;
1128uschar *fieldtext = NULL;
1129
1130if (field == 0) return s;
1131
1132/* Break the line up into fields in place; for field > 0 we stop when we have
1133done the number of fields we want. For field < 0 we continue till the end of
1134the string, counting the number of fields. */
1135
1136count = (field > 0)? field : INT_MAX;
1137
1138while (count-- > 0)
1139 {
1140 size_t len;
1141
1142 /* Previous field was the last one in the string. For a positive field
1143 number, this means there are not enough fields. For a negative field number,
1144 check that there are enough, and scan back to find the one that is wanted. */
1145
1146 if (sep == 0)
1147 {
1148 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1149 if ((-field) == (INT_MAX - count - 1)) return s;
1150 while (field++ < 0)
1151 {
1152 ss--;
1153 while (ss[-1] != 0) ss--;
1154 }
1155 fieldtext = ss;
1156 break;
1157 }
1158
1159 /* Previous field was not last in the string; save its start and put a
1160 zero at its end. */
1161
1162 fieldtext = ss;
1163 len = Ustrcspn(ss, separators);
1164 sep = ss[len];
1165 ss[len] = 0;
1166 ss += len + 1;
1167 }
1168
1169return fieldtext;
1170}
1171
1172
aa26e137 1173static uschar *
9d1c15ef 1174expand_getlistele(int field, uschar * list)
aa26e137
JH
1175{
1176uschar * tlist= list;
1177int sep= 0;
1178uschar dummy;
1179
1180if(field<0)
1181{
1182 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1183 sep= 0;
1184}
1185if(field==0) return NULL;
1186while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1187return string_nextinlist(&list, &sep, NULL, 0);
1188}
059ec3d9 1189
9d1c15ef
JH
1190
1191/* Certificate fields, by name. Worry about by-OID later */
9e4dddbd 1192/* Names are chosen to not have common prefixes */
9d1c15ef
JH
1193
1194#ifdef SUPPORT_TLS
1195typedef struct
1196{
1197uschar * name;
9e4dddbd
JH
1198int namelen;
1199uschar * (*getfn)(void * cert, uschar * mod);
9d1c15ef
JH
1200} certfield;
1201static certfield certfields[] =
1202{ /* linear search; no special order */
9e4dddbd
JH
1203 { US"version", 7, &tls_cert_version },
1204 { US"serial_number", 13, &tls_cert_serial_number },
1205 { US"subject", 7, &tls_cert_subject },
1206 { US"notbefore", 9, &tls_cert_not_before },
1207 { US"notafter", 8, &tls_cert_not_after },
1208 { US"issuer", 6, &tls_cert_issuer },
1209 { US"signature", 9, &tls_cert_signature },
1210 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1211 { US"subj_altname", 12, &tls_cert_subject_altname },
1212 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1213 { US"crl_uri", 7, &tls_cert_crl_uri },
9d1c15ef
JH
1214};
1215
1216static uschar *
1217expand_getcertele(uschar * field, uschar * certvar)
1218{
1219var_entry * vp;
1220certfield * cp;
1221
1222if (!(vp = find_var_ent(certvar)))
1223 {
1224 expand_string_message =
1225 string_sprintf("no variable named \"%s\"", certvar);
1226 return NULL; /* Unknown variable name */
1227 }
1228/* NB this stops us passing certs around in variable. Might
1229want to do that in future */
1230if (vp->type != vtype_cert)
1231 {
1232 expand_string_message =
1233 string_sprintf("\"%s\" is not a certificate", certvar);
1234 return NULL; /* Unknown variable name */
1235 }
1236if (!*(void **)vp->value)
1237 return NULL;
1238
1239if (*field >= '0' && *field <= '9')
1240 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1241
1242for(cp = certfields;
1243 cp < certfields + nelements(certfields);
1244 cp++)
9e4dddbd
JH
1245 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1246 {
1247 uschar * modifier = *(field += cp->namelen) == ','
1248 ? ++field : NULL;
1249 return (*cp->getfn)( *(void **)vp->value, modifier );
1250 }
9d1c15ef
JH
1251
1252expand_string_message =
1253 string_sprintf("bad field selector \"%s\" for certextract", field);
1254return NULL;
1255}
1256#endif /*SUPPORT_TLS*/
1257
059ec3d9
PH
1258/*************************************************
1259* Extract a substring from a string *
1260*************************************************/
1261
1262/* Perform the ${substr or ${length expansion operations.
1263
1264Arguments:
1265 subject the input string
1266 value1 the offset from the start of the input string to the start of
1267 the output string; if negative, count from the right.
1268 value2 the length of the output string, or negative (-1) for unset
1269 if value1 is positive, unset means "all after"
1270 if value1 is negative, unset means "all before"
1271 len set to the length of the returned string
1272
1273Returns: pointer to the output string, or NULL if there is an error
1274*/
1275
1276static uschar *
1277extract_substr(uschar *subject, int value1, int value2, int *len)
1278{
1279int sublen = Ustrlen(subject);
1280
1281if (value1 < 0) /* count from right */
1282 {
1283 value1 += sublen;
1284
1285 /* If the position is before the start, skip to the start, and adjust the
1286 length. If the length ends up negative, the substring is null because nothing
1287 can precede. This falls out naturally when the length is unset, meaning "all
1288 to the left". */
1289
1290 if (value1 < 0)
1291 {
1292 value2 += value1;
1293 if (value2 < 0) value2 = 0;
1294 value1 = 0;
1295 }
1296
1297 /* Otherwise an unset length => characters before value1 */
1298
1299 else if (value2 < 0)
1300 {
1301 value2 = value1;
1302 value1 = 0;
1303 }
1304 }
1305
1306/* For a non-negative offset, if the starting position is past the end of the
1307string, the result will be the null string. Otherwise, an unset length means
1308"rest"; just set it to the maximum - it will be cut down below if necessary. */
1309
1310else
1311 {
1312 if (value1 > sublen)
1313 {
1314 value1 = sublen;
1315 value2 = 0;
1316 }
1317 else if (value2 < 0) value2 = sublen;
1318 }
1319
1320/* Cut the length down to the maximum possible for the offset value, and get
1321the required characters. */
1322
1323if (value1 + value2 > sublen) value2 = sublen - value1;
1324*len = value2;
1325return subject + value1;
1326}
1327
1328
1329
1330
1331/*************************************************
1332* Old-style hash of a string *
1333*************************************************/
1334
1335/* Perform the ${hash expansion operation.
1336
1337Arguments:
1338 subject the input string (an expanded substring)
1339 value1 the length of the output string; if greater or equal to the
1340 length of the input string, the input string is returned
1341 value2 the number of hash characters to use, or 26 if negative
1342 len set to the length of the returned string
1343
1344Returns: pointer to the output string, or NULL if there is an error
1345*/
1346
1347static uschar *
1348compute_hash(uschar *subject, int value1, int value2, int *len)
1349{
1350int sublen = Ustrlen(subject);
1351
1352if (value2 < 0) value2 = 26;
1353else if (value2 > Ustrlen(hashcodes))
1354 {
1355 expand_string_message =
1356 string_sprintf("hash count \"%d\" too big", value2);
1357 return NULL;
1358 }
1359
1360/* Calculate the hash text. We know it is shorter than the original string, so
1361can safely place it in subject[] (we know that subject is always itself an
1362expanded substring). */
1363
1364if (value1 < sublen)
1365 {
1366 int c;
1367 int i = 0;
1368 int j = value1;
1369 while ((c = (subject[j])) != 0)
1370 {
1371 int shift = (c + j++) & 7;
1372 subject[i] ^= (c << shift) | (c >> (8-shift));
1373 if (++i >= value1) i = 0;
1374 }
1375 for (i = 0; i < value1; i++)
1376 subject[i] = hashcodes[(subject[i]) % value2];
1377 }
1378else value1 = sublen;
1379
1380*len = value1;
1381return subject;
1382}
1383
1384
1385
1386
1387/*************************************************
1388* Numeric hash of a string *
1389*************************************************/
1390
1391/* Perform the ${nhash expansion operation. The first characters of the
1392string are treated as most important, and get the highest prime numbers.
1393
1394Arguments:
1395 subject the input string
1396 value1 the maximum value of the first part of the result
1397 value2 the maximum value of the second part of the result,
1398 or negative to produce only a one-part result
1399 len set to the length of the returned string
1400
1401Returns: pointer to the output string, or NULL if there is an error.
1402*/
1403
1404static uschar *
1405compute_nhash (uschar *subject, int value1, int value2, int *len)
1406{
1407uschar *s = subject;
1408int i = 0;
1409unsigned long int total = 0; /* no overflow */
1410
1411while (*s != 0)
1412 {
1413 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1414 total += prime[i--] * (unsigned int)(*s++);
1415 }
1416
1417/* If value2 is unset, just compute one number */
1418
1419if (value2 < 0)
1420 {
1421 s = string_sprintf("%d", total % value1);
1422 }
1423
1424/* Otherwise do a div/mod hash */
1425
1426else
1427 {
1428 total = total % (value1 * value2);
1429 s = string_sprintf("%d/%d", total/value2, total % value2);
1430 }
1431
1432*len = Ustrlen(s);
1433return s;
1434}
1435
1436
1437
1438
1439
1440/*************************************************
1441* Find the value of a header or headers *
1442*************************************************/
1443
1444/* Multiple instances of the same header get concatenated, and this function
1445can also return a concatenation of all the header lines. When concatenating
1446specific headers that contain lists of addresses, a comma is inserted between
1447them. Otherwise we use a straight concatenation. Because some messages can have
1448pathologically large number of lines, there is a limit on the length that is
1449returned. Also, to avoid massive store use which would result from using
1450string_cat() as it copies and extends strings, we do a preliminary pass to find
1451out exactly how much store will be needed. On "normal" messages this will be
1452pretty trivial.
1453
1454Arguments:
1455 name the name of the header, without the leading $header_ or $h_,
1456 or NULL if a concatenation of all headers is required
1457 exists_only TRUE if called from a def: test; don't need to build a string;
1458 just return a string that is not "" and not "0" if the header
1459 exists
1460 newsize return the size of memory block that was obtained; may be NULL
1461 if exists_only is TRUE
1462 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
ff75a1f7
PH
1463 other than concatenating, will be done on the header. Also used
1464 for $message_headers_raw.
059ec3d9
PH
1465 charset name of charset to translate MIME words to; used only if
1466 want_raw is false; if NULL, no translation is done (this is
1467 used for $bh_ and $bheader_)
1468
1469Returns: NULL if the header does not exist, else a pointer to a new
1470 store block
1471*/
1472
1473static uschar *
1474find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1475 uschar *charset)
1476{
1477BOOL found = name == NULL;
1478int comma = 0;
1479int len = found? 0 : Ustrlen(name);
1480int i;
1481uschar *yield = NULL;
1482uschar *ptr = NULL;
1483
1484/* Loop for two passes - saves code repetition */
1485
1486for (i = 0; i < 2; i++)
1487 {
1488 int size = 0;
1489 header_line *h;
1490
1491 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1492 {
1493 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1494 {
1495 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1496 {
1497 int ilen;
1498 uschar *t;
1499
1500 if (exists_only) return US"1"; /* don't need actual string */
1501 found = TRUE;
1502 t = h->text + len; /* text to insert */
1503 if (!want_raw) /* unless wanted raw, */
1504 while (isspace(*t)) t++; /* remove leading white space */
1505 ilen = h->slen - (t - h->text); /* length to insert */
1506
fd700877
PH
1507 /* Unless wanted raw, remove trailing whitespace, including the
1508 newline. */
1509
1510 if (!want_raw)
1511 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1512
059ec3d9
PH
1513 /* Set comma = 1 if handling a single header and it's one of those
1514 that contains an address list, except when asked for raw headers. Only
1515 need to do this once. */
1516
1517 if (!want_raw && name != NULL && comma == 0 &&
1518 Ustrchr("BCFRST", h->type) != NULL)
1519 comma = 1;
1520
1521 /* First pass - compute total store needed; second pass - compute
1522 total store used, including this header. */
1523
fd700877 1524 size += ilen + comma + 1; /* +1 for the newline */
059ec3d9
PH
1525
1526 /* Second pass - concatentate the data, up to a maximum. Note that
1527 the loop stops when size hits the limit. */
1528
1529 if (i != 0)
1530 {
1531 if (size > header_insert_maxlen)
1532 {
fd700877 1533 ilen -= size - header_insert_maxlen - 1;
059ec3d9
PH
1534 comma = 0;
1535 }
1536 Ustrncpy(ptr, t, ilen);
1537 ptr += ilen;
fd700877
PH
1538
1539 /* For a non-raw header, put in the comma if needed, then add
3168332a
PH
1540 back the newline we removed above, provided there was some text in
1541 the header. */
fd700877 1542
3168332a 1543 if (!want_raw && ilen > 0)
059ec3d9 1544 {
3168332a 1545 if (comma != 0) *ptr++ = ',';
059ec3d9
PH
1546 *ptr++ = '\n';
1547 }
1548 }
1549 }
1550 }
1551 }
1552
fd700877
PH
1553 /* At end of first pass, return NULL if no header found. Then truncate size
1554 if necessary, and get the buffer to hold the data, returning the buffer size.
1555 */
059ec3d9
PH
1556
1557 if (i == 0)
1558 {
1559 if (!found) return NULL;
1560 if (size > header_insert_maxlen) size = header_insert_maxlen;
1561 *newsize = size + 1;
1562 ptr = yield = store_get(*newsize);
1563 }
1564 }
1565
059ec3d9
PH
1566/* That's all we do for raw header expansion. */
1567
1568if (want_raw)
1569 {
1570 *ptr = 0;
1571 }
1572
fd700877
PH
1573/* Otherwise, remove a final newline and a redundant added comma. Then we do
1574RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
059ec3d9
PH
1575function can return an error with decoded data if the charset translation
1576fails. If decoding fails, it returns NULL. */
1577
1578else
1579 {
1580 uschar *decoded, *error;
3168332a 1581 if (ptr > yield && ptr[-1] == '\n') ptr--;
fd700877 1582 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
059ec3d9 1583 *ptr = 0;
a0d6ba8a
PH
1584 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1585 newsize, &error);
059ec3d9
PH
1586 if (error != NULL)
1587 {
1588 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1589 " input was: %s\n", error, yield);
1590 }
1591 if (decoded != NULL) yield = decoded;
1592 }
1593
1594return yield;
1595}
1596
1597
1598
1599
1600/*************************************************
362145b5
JH
1601* Return list of recipients *
1602*************************************************/
1603/* A recipients list is available only during system message filtering,
1604during ACL processing after DATA, and while expanding pipe commands
1605generated from a system filter, but not elsewhere. */
1606
1607static uschar *
1608fn_recipients(void)
1609{
1610if (!enable_dollar_recipients) return NULL; else
1611 {
1612 int size = 128;
1613 int ptr = 0;
1614 int i;
1615 uschar * s = store_get(size);
1616 for (i = 0; i < recipients_count; i++)
1617 {
1618 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1619 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1620 Ustrlen(recipients_list[i].address));
1621 }
1622 s[ptr] = 0; /* string_cat() leaves room */
1623 return s;
1624 }
1625}
1626
1627
1628/*************************************************
059ec3d9
PH
1629* Find value of a variable *
1630*************************************************/
1631
1632/* The table of variables is kept in alphabetic order, so we can search it
1633using a binary chop. The "choplen" variable is nothing to do with the binary
1634chop.
1635
1636Arguments:
1637 name the name of the variable being sought
1638 exists_only TRUE if this is a def: test; passed on to find_header()
1639 skipping TRUE => skip any processing evaluation; this is not the same as
1640 exists_only because def: may test for values that are first
1641 evaluated here
1642 newsize pointer to an int which is initially zero; if the answer is in
1643 a new memory buffer, *newsize is set to its size
1644
1645Returns: NULL if the variable does not exist, or
1646 a pointer to the variable's contents, or
1647 something non-NULL if exists_only is TRUE
1648*/
1649
1650static uschar *
1651find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1652{
9d1c15ef
JH
1653var_entry * vp;
1654uschar *s, *domain;
1655uschar **ss;
1656void * val;
059ec3d9 1657
38a0a95f
PH
1658/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1659Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1660release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH
1661characters are acl_c or acl_m and the sixth is either a digit or an underscore
1662(this gave backwards compatibility at the changeover). There may be built-in
1663variables whose names start acl_ but they should never start in this way. This
1664slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1665
38a0a95f
PH
1666If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1667set, in which case give an error. */
47ca6d6c 1668
641cb756
PH
1669if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1670 !isalpha(name[5]))
38a0a95f
PH
1671 {
1672 tree_node *node =
1673 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1674 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
47ca6d6c
PH
1675 }
1676
38a0a95f 1677/* Handle $auth<n> variables. */
f78eb7c6
PH
1678
1679if (Ustrncmp(name, "auth", 4) == 0)
1680 {
1681 uschar *endptr;
1682 int n = Ustrtoul(name + 4, &endptr, 10);
1683 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1684 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1685 }
1686
47ca6d6c
PH
1687/* For all other variables, search the table */
1688
9d1c15ef
JH
1689if (!(vp = find_var_ent(name)))
1690 return NULL; /* Unknown variable name */
059ec3d9 1691
9d1c15ef
JH
1692/* Found an existing variable. If in skipping state, the value isn't needed,
1693and we want to avoid processing (such as looking up the host name). */
059ec3d9 1694
9d1c15ef
JH
1695if (skipping)
1696 return US"";
059ec3d9 1697
9d1c15ef
JH
1698val = vp->value;
1699switch (vp->type)
1700 {
1701 case vtype_filter_int:
1702 if (!filter_running) return NULL;
1703 /* Fall through */
1704 /* VVVVVVVVVVVV */
1705 case vtype_int:
1706 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1707 return var_buffer;
1708
1709 case vtype_ino:
1710 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1711 return var_buffer;
1712
1713 case vtype_gid:
1714 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1715 return var_buffer;
1716
1717 case vtype_uid:
1718 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1719 return var_buffer;
1720
1721 case vtype_bool:
1722 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1723 return var_buffer;
1724
1725 case vtype_stringptr: /* Pointer to string */
1726 s = *((uschar **)(val));
1727 return (s == NULL)? US"" : s;
1728
1729 case vtype_pid:
1730 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1731 return var_buffer;
1732
1733 case vtype_load_avg:
1734 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1735 return var_buffer;
1736
1737 case vtype_host_lookup: /* Lookup if not done so */
1738 if (sender_host_name == NULL && sender_host_address != NULL &&
1739 !host_lookup_failed && host_name_lookup() == OK)
1740 host_build_sender_fullhost();
1741 return (sender_host_name == NULL)? US"" : sender_host_name;
1742
1743 case vtype_localpart: /* Get local part from address */
1744 s = *((uschar **)(val));
1745 if (s == NULL) return US"";
1746 domain = Ustrrchr(s, '@');
1747 if (domain == NULL) return s;
1748 if (domain - s > sizeof(var_buffer) - 1)
1749 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1750 " in string expansion", sizeof(var_buffer));
1751 Ustrncpy(var_buffer, s, domain - s);
1752 var_buffer[domain - s] = 0;
1753 return var_buffer;
1754
1755 case vtype_domain: /* Get domain from address */
1756 s = *((uschar **)(val));
1757 if (s == NULL) return US"";
1758 domain = Ustrrchr(s, '@');
1759 return (domain == NULL)? US"" : domain + 1;
1760
1761 case vtype_msgheaders:
1762 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1763
1764 case vtype_msgheaders_raw:
1765 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1766
1767 case vtype_msgbody: /* Pointer to msgbody string */
1768 case vtype_msgbody_end: /* Ditto, the end of the msg */
1769 ss = (uschar **)(val);
1770 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
059ec3d9 1771 {
9d1c15ef
JH
1772 uschar *body;
1773 off_t start_offset = SPOOL_DATA_START_OFFSET;
1774 int len = message_body_visible;
1775 if (len > message_size) len = message_size;
1776 *ss = body = store_malloc(len+1);
1777 body[0] = 0;
1778 if (vp->type == vtype_msgbody_end)
059ec3d9 1779 {
9d1c15ef
JH
1780 struct stat statbuf;
1781 if (fstat(deliver_datafile, &statbuf) == 0)
1782 {
1783 start_offset = statbuf.st_size - len;
1784 if (start_offset < SPOOL_DATA_START_OFFSET)
1785 start_offset = SPOOL_DATA_START_OFFSET;
1786 }
1787 }
1788 lseek(deliver_datafile, start_offset, SEEK_SET);
1789 len = read(deliver_datafile, body, len);
1790 if (len > 0)
1791 {
1792 body[len] = 0;
1793 if (message_body_newlines) /* Separate loops for efficiency */
1794 {
1795 while (len > 0)
1796 { if (body[--len] == 0) body[len] = ' '; }
1797 }
1798 else
1799 {
1800 while (len > 0)
1801 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1802 }
059ec3d9 1803 }
9d1c15ef
JH
1804 }
1805 return (*ss == NULL)? US"" : *ss;
059ec3d9 1806
9d1c15ef
JH
1807 case vtype_todbsdin: /* BSD inbox time of day */
1808 return tod_stamp(tod_bsdin);
059ec3d9 1809
9d1c15ef
JH
1810 case vtype_tode: /* Unix epoch time of day */
1811 return tod_stamp(tod_epoch);
059ec3d9 1812
9d1c15ef
JH
1813 case vtype_todel: /* Unix epoch/usec time of day */
1814 return tod_stamp(tod_epoch_l);
f5787926 1815
9d1c15ef
JH
1816 case vtype_todf: /* Full time of day */
1817 return tod_stamp(tod_full);
059ec3d9 1818
9d1c15ef
JH
1819 case vtype_todl: /* Log format time of day */
1820 return tod_stamp(tod_log_bare); /* (without timezone) */
059ec3d9 1821
9d1c15ef
JH
1822 case vtype_todzone: /* Time zone offset only */
1823 return tod_stamp(tod_zone);
059ec3d9 1824
9d1c15ef
JH
1825 case vtype_todzulu: /* Zulu time */
1826 return tod_stamp(tod_zulu);
059ec3d9 1827
9d1c15ef
JH
1828 case vtype_todlf: /* Log file datestamp tod */
1829 return tod_stamp(tod_log_datestamp_daily);
059ec3d9 1830
9d1c15ef
JH
1831 case vtype_reply: /* Get reply address */
1832 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1833 headers_charset);
1834 if (s != NULL) while (isspace(*s)) s++;
1835 if (s == NULL || *s == 0)
1836 {
1837 *newsize = 0; /* For the *s==0 case */
1838 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1839 }
1840 if (s != NULL)
1841 {
1842 uschar *t;
1843 while (isspace(*s)) s++;
1844 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1845 while (t > s && isspace(t[-1])) t--;
1846 *t = 0;
1847 }
1848 return (s == NULL)? US"" : s;
059ec3d9 1849
9d1c15ef
JH
1850 case vtype_string_func:
1851 {
1852 uschar * (*fn)() = val;
1853 return fn();
1854 }
8e669ac1 1855
9d1c15ef
JH
1856 case vtype_pspace:
1857 {
1858 int inodes;
1859 sprintf(CS var_buffer, "%d",
1860 receive_statvfs(val == (void *)TRUE, &inodes));
1861 }
1862 return var_buffer;
8e669ac1 1863
9d1c15ef
JH
1864 case vtype_pinodes:
1865 {
1866 int inodes;
1867 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1868 sprintf(CS var_buffer, "%d", inodes);
1869 }
1870 return var_buffer;
80a47a2c 1871
9d1c15ef
JH
1872 case vtype_cert:
1873 return *(void **)val ? US"<cert>" : US"";
80a47a2c 1874
9d1c15ef
JH
1875 #ifndef DISABLE_DKIM
1876 case vtype_dkim:
1877 return dkim_exim_expand_query((int)(long)val);
1878 #endif
059ec3d9 1879
9d1c15ef 1880 }
059ec3d9
PH
1881}
1882
1883
1884
1885
d9b2312b
JH
1886void
1887modify_variable(uschar *name, void * value)
1888{
9d1c15ef
JH
1889var_entry * vp;
1890if ((vp = find_var_ent(name))) vp->value = value;
d9b2312b
JH
1891return; /* Unknown variable name, fail silently */
1892}
1893
1894
1895
1896
1897
059ec3d9
PH
1898/*************************************************
1899* Read and expand substrings *
1900*************************************************/
1901
1902/* This function is called to read and expand argument substrings for various
1903expansion items. Some have a minimum requirement that is less than the maximum;
1904in these cases, the first non-present one is set to NULL.
1905
1906Arguments:
1907 sub points to vector of pointers to set
1908 n maximum number of substrings
1909 m minimum required
1910 sptr points to current string pointer
1911 skipping the skipping flag
1912 check_end if TRUE, check for final '}'
1913 name name of item, for error message
b0e85a8f
JH
1914 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
1915 the store.
059ec3d9
PH
1916
1917Returns: 0 OK; string pointer updated
1918 1 curly bracketing error (too few arguments)
1919 2 too many arguments (only if check_end is set); message set
1920 3 other error (expansion failure)
1921*/
1922
1923static int
1924read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
b0e85a8f 1925 BOOL check_end, uschar *name, BOOL *resetok)
059ec3d9
PH
1926{
1927int i;
1928uschar *s = *sptr;
1929
1930while (isspace(*s)) s++;
1931for (i = 0; i < n; i++)
1932 {
1933 if (*s != '{')
1934 {
1935 if (i < m) return 1;
1936 sub[i] = NULL;
1937 break;
1938 }
b0e85a8f 1939 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
059ec3d9
PH
1940 if (sub[i] == NULL) return 3;
1941 if (*s++ != '}') return 1;
1942 while (isspace(*s)) s++;
1943 }
1944if (check_end && *s++ != '}')
1945 {
1946 if (s[-1] == '{')
1947 {
1948 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1949 "(max is %d)", name, n);
1950 return 2;
1951 }
1952 return 1;
1953 }
1954
1955*sptr = s;
1956return 0;
1957}
1958
1959
1960
1961
1962/*************************************************
641cb756
PH
1963* Elaborate message for bad variable *
1964*************************************************/
1965
1966/* For the "unknown variable" message, take a look at the variable's name, and
1967give additional information about possible ACL variables. The extra information
1968is added on to expand_string_message.
1969
1970Argument: the name of the variable
1971Returns: nothing
1972*/
1973
1974static void
1975check_variable_error_message(uschar *name)
1976{
1977if (Ustrncmp(name, "acl_", 4) == 0)
1978 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1979 (name[4] == 'c' || name[4] == 'm')?
1980 (isalpha(name[5])?
1981 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1982 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1983 ) :
1984 US"user-defined ACL variables must start acl_c or acl_m");
1985}
1986
1987
1988
f60d98e8
JH
1989/*
1990Load args from sub array to globals, and call acl_check().
ef21c07d 1991Sub array will be corrupted on return.
f60d98e8
JH
1992
1993Returns: OK access is granted by an ACCEPT verb
1994 DISCARD access is granted by a DISCARD verb
1995 FAIL access is denied
1996 FAIL_DROP access is denied; drop the connection
1997 DEFER can't tell at the moment
1998 ERROR disaster
1999*/
2000static int
2001eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2002{
2003int i;
ef21c07d
JH
2004uschar *tmp;
2005int sav_narg = acl_narg;
2006int ret;
faa05a93 2007extern int acl_where;
f60d98e8 2008
ef21c07d
JH
2009if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg);
2010for (i = 0; i < nsub && sub[i+1]; i++)
2011 {
2012 tmp = acl_arg[i];
2013 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2014 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2015 }
2016acl_narg = i;
bef3ea7f 2017while (i < nsub)
ef21c07d
JH
2018 {
2019 sub[i+1] = acl_arg[i];
2020 acl_arg[i++] = NULL;
2021 }
f60d98e8
JH
2022
2023DEBUG(D_expand)
2024 debug_printf("expanding: acl: %s arg: %s%s\n",
2025 sub[0],
60f8e1e8
JH
2026 acl_narg>0 ? acl_arg[0] : US"<none>",
2027 acl_narg>1 ? " +more" : "");
f60d98e8 2028
05caaeaa 2029ret = acl_eval(acl_where, sub[0], user_msgp, &tmp);
ef21c07d
JH
2030
2031for (i = 0; i < nsub; i++)
2032 acl_arg[i] = sub[i+1]; /* restore old args */
2033acl_narg = sav_narg;
2034
2035return ret;
f60d98e8
JH
2036}
2037
2038
2039
2040
641cb756 2041/*************************************************
059ec3d9
PH
2042* Read and evaluate a condition *
2043*************************************************/
2044
2045/*
2046Arguments:
2047 s points to the start of the condition text
b0e85a8f
JH
2048 resetok points to a BOOL which is written false if it is unsafe to
2049 free memory. Certain condition types (acl) may have side-effect
2050 allocation which must be preserved.
059ec3d9
PH
2051 yield points to a BOOL to hold the result of the condition test;
2052 if NULL, we are just reading through a condition that is
2053 part of an "or" combination to check syntax, or in a state
2054 where the answer isn't required
2055
2056Returns: a pointer to the first character after the condition, or
2057 NULL after an error
2058*/
2059
2060static uschar *
b0e85a8f 2061eval_condition(uschar *s, BOOL *resetok, BOOL *yield)
059ec3d9
PH
2062{
2063BOOL testfor = TRUE;
2064BOOL tempcond, combined_cond;
2065BOOL *subcondptr;
5cfd2e57 2066BOOL sub2_honour_dollar = TRUE;
059ec3d9 2067int i, rc, cond_type, roffset;
97d17305 2068int_eximarith_t num[2];
059ec3d9
PH
2069struct stat statbuf;
2070uschar name[256];
f60d98e8 2071uschar *sub[10];
059ec3d9
PH
2072
2073const pcre *re;
2074const uschar *rerror;
2075
2076for (;;)
2077 {
2078 while (isspace(*s)) s++;
2079 if (*s == '!') { testfor = !testfor; s++; } else break;
2080 }
2081
2082/* Numeric comparisons are symbolic */
2083
2084if (*s == '=' || *s == '>' || *s == '<')
2085 {
2086 int p = 0;
2087 name[p++] = *s++;
2088 if (*s == '=')
2089 {
2090 name[p++] = '=';
2091 s++;
2092 }
2093 name[p] = 0;
2094 }
2095
2096/* All other conditions are named */
2097
2098else s = read_name(name, 256, s, US"_");
2099
2100/* If we haven't read a name, it means some non-alpha character is first. */
2101
2102if (name[0] == 0)
2103 {
2104 expand_string_message = string_sprintf("condition name expected, "
2105 "but found \"%.16s\"", s);
2106 return NULL;
2107 }
2108
2109/* Find which condition we are dealing with, and switch on it */
2110
2111cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
2112switch(cond_type)
2113 {
9b4768fa
PH
2114 /* def: tests for a non-empty variable, or for the existence of a header. If
2115 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH
2116
2117 case ECOND_DEF:
2118 if (*s != ':')
2119 {
2120 expand_string_message = US"\":\" expected after \"def\"";
2121 return NULL;
2122 }
2123
2124 s = read_name(name, 256, s+1, US"_");
2125
0d85fa3f
PH
2126 /* Test for a header's existence. If the name contains a closing brace
2127 character, this may be a user error where the terminating colon has been
2128 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9
PH
2129
2130 if (Ustrncmp(name, "h_", 2) == 0 ||
2131 Ustrncmp(name, "rh_", 3) == 0 ||
2132 Ustrncmp(name, "bh_", 3) == 0 ||
2133 Ustrncmp(name, "header_", 7) == 0 ||
2134 Ustrncmp(name, "rheader_", 8) == 0 ||
2135 Ustrncmp(name, "bheader_", 8) == 0)
2136 {
2137 s = read_header_name(name, 256, s);
b5b871ac 2138 /* {-for-text-editors */
0d85fa3f 2139 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
059ec3d9
PH
2140 if (yield != NULL) *yield =
2141 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2142 }
2143
9b4768fa
PH
2144 /* Test for a variable's having a non-empty value. A non-existent variable
2145 causes an expansion failure. */
059ec3d9
PH
2146
2147 else
2148 {
2149 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2150 if (value == NULL)
2151 {
2152 expand_string_message = (name[0] == 0)?
2153 string_sprintf("variable name omitted after \"def:\"") :
2154 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
641cb756 2155 check_variable_error_message(name);
059ec3d9
PH
2156 return NULL;
2157 }
9b4768fa 2158 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH
2159 }
2160
2161 return s;
2162
2163
2164 /* first_delivery tests for first delivery attempt */
2165
2166 case ECOND_FIRST_DELIVERY:
2167 if (yield != NULL) *yield = deliver_firsttime == testfor;
2168 return s;
2169
2170
2171 /* queue_running tests for any process started by a queue runner */
2172
2173 case ECOND_QUEUE_RUNNING:
2174 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2175 return s;
2176
2177
2178 /* exists: tests for file existence
2179 isip: tests for any IP address
2180 isip4: tests for an IPv4 address
2181 isip6: tests for an IPv6 address
2182 pam: does PAM authentication
2183 radius: does RADIUS authentication
2184 ldapauth: does LDAP authentication
2185 pwcheck: does Cyrus SASL pwcheck authentication
2186 */
2187
2188 case ECOND_EXISTS:
2189 case ECOND_ISIP:
2190 case ECOND_ISIP4:
2191 case ECOND_ISIP6:
2192 case ECOND_PAM:
2193 case ECOND_RADIUS:
2194 case ECOND_LDAPAUTH:
2195 case ECOND_PWCHECK:
2196
2197 while (isspace(*s)) s++;
b5b871ac 2198 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9 2199
b0e85a8f 2200 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
059ec3d9 2201 if (sub[0] == NULL) return NULL;
b5b871ac 2202 /* {-for-text-editors */
059ec3d9
PH
2203 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2204
2205 if (yield == NULL) return s; /* No need to run the test if skipping */
2206
2207 switch(cond_type)
2208 {
2209 case ECOND_EXISTS:
2210 if ((expand_forbid & RDO_EXISTS) != 0)
2211 {
2212 expand_string_message = US"File existence tests are not permitted";
2213 return NULL;
2214 }
2215 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2216 break;
2217
2218 case ECOND_ISIP:
2219 case ECOND_ISIP4:
2220 case ECOND_ISIP6:
2221 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 2222 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH
2223 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2224 break;
2225
2226 /* Various authentication tests - all optionally compiled */
2227
2228 case ECOND_PAM:
2229 #ifdef SUPPORT_PAM
2230 rc = auth_call_pam(sub[0], &expand_string_message);
2231 goto END_AUTH;
2232 #else
2233 goto COND_FAILED_NOT_COMPILED;
2234 #endif /* SUPPORT_PAM */
2235
2236 case ECOND_RADIUS:
2237 #ifdef RADIUS_CONFIG_FILE
2238 rc = auth_call_radius(sub[0], &expand_string_message);
2239 goto END_AUTH;
2240 #else
2241 goto COND_FAILED_NOT_COMPILED;
2242 #endif /* RADIUS_CONFIG_FILE */
2243
2244 case ECOND_LDAPAUTH:
2245 #ifdef LOOKUP_LDAP
2246 {
2247 /* Just to keep the interface the same */
2248 BOOL do_cache;
2249 int old_pool = store_pool;
2250 store_pool = POOL_SEARCH;
2251 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2252 &expand_string_message, &do_cache);
2253 store_pool = old_pool;
2254 }
2255 goto END_AUTH;
2256 #else
2257 goto COND_FAILED_NOT_COMPILED;
2258 #endif /* LOOKUP_LDAP */
2259
2260 case ECOND_PWCHECK:
2261 #ifdef CYRUS_PWCHECK_SOCKET
2262 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2263 goto END_AUTH;
2264 #else
2265 goto COND_FAILED_NOT_COMPILED;
2266 #endif /* CYRUS_PWCHECK_SOCKET */
2267
2268 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2269 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2270 END_AUTH:
2271 if (rc == ERROR || rc == DEFER) return NULL;
2272 *yield = (rc == OK) == testfor;
2273 #endif
2274 }
2275 return s;
2276
2277
333eea9c
JH
2278 /* call ACL (in a conditional context). Accept true, deny false.
2279 Defer is a forced-fail. Anything set by message= goes to $value.
f60d98e8
JH
2280 Up to ten parameters are used; we use the braces round the name+args
2281 like the saslauthd condition does, to permit a variable number of args.
2282 See also the expansion-item version EITEM_ACL and the traditional
2283 acl modifier ACLC_ACL.
fd5dad68
JH
2284 Since the ACL may allocate new global variables, tell our caller to not
2285 reclaim memory.
f60d98e8 2286 */
333eea9c
JH
2287
2288 case ECOND_ACL:
bef3ea7f 2289 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
333eea9c 2290 {
333eea9c 2291 uschar *user_msg;
333eea9c 2292 BOOL cond = FALSE;
bef3ea7f
JH
2293 int size = 0;
2294 int ptr = 0;
333eea9c
JH
2295
2296 while (isspace(*s)) s++;
6d9cfc47 2297 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
333eea9c 2298
f60d98e8 2299 switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1,
b0e85a8f 2300 &s, yield == NULL, TRUE, US"acl", resetok))
333eea9c 2301 {
f60d98e8
JH
2302 case 1: expand_string_message = US"too few arguments or bracketing "
2303 "error for acl";
2304 case 2:
2305 case 3: return NULL;
333eea9c 2306 }
f60d98e8 2307
b0e85a8f 2308 *resetok = FALSE;
bef3ea7f 2309 if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
f60d98e8
JH
2310 {
2311 case OK:
2312 cond = TRUE;
2313 case FAIL:
bef3ea7f 2314 lookup_value = NULL;
f60d98e8 2315 if (user_msg)
bef3ea7f 2316 {
f60d98e8 2317 lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
bef3ea7f
JH
2318 lookup_value[ptr] = '\0';
2319 }
b5b871ac 2320 *yield = cond == testfor;
f60d98e8
JH
2321 break;
2322
2323 case DEFER:
2324 expand_string_forcedfail = TRUE;
2325 default:
2326 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2327 return NULL;
2328 }
2329 return s;
333eea9c 2330 }
333eea9c
JH
2331
2332
059ec3d9
PH
2333 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2334
b0e85a8f 2335 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
059ec3d9
PH
2336
2337 However, the last two are optional. That is why the whole set is enclosed
333eea9c 2338 in their own set of braces. */
059ec3d9
PH
2339
2340 case ECOND_SASLAUTHD:
2341 #ifndef CYRUS_SASLAUTHD_SOCKET
2342 goto COND_FAILED_NOT_COMPILED;
2343 #else
2344 while (isspace(*s)) s++;
b5b871ac 2345 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2346 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd", resetok))
059ec3d9
PH
2347 {
2348 case 1: expand_string_message = US"too few arguments or bracketing "
2349 "error for saslauthd";
2350 case 2:
2351 case 3: return NULL;
2352 }
2353 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2354 if (yield != NULL)
2355 {
2356 int rc;
2357 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2358 &expand_string_message);
2359 if (rc == ERROR || rc == DEFER) return NULL;
2360 *yield = (rc == OK) == testfor;
2361 }
2362 return s;
2363 #endif /* CYRUS_SASLAUTHD_SOCKET */
2364
2365
2366 /* symbolic operators for numeric and string comparison, and a number of
2367 other operators, all requiring two arguments.
2368
76dca828
PP
2369 crypteq: encrypts plaintext and compares against an encrypted text,
2370 using crypt(), crypt16(), MD5 or SHA-1
2371 inlist/inlisti: checks if first argument is in the list of the second
059ec3d9
PH
2372 match: does a regular expression match and sets up the numerical
2373 variables if it succeeds
2374 match_address: matches in an address list
2375 match_domain: matches in a domain list
32d668a5 2376 match_ip: matches a host list that is restricted to IP addresses
059ec3d9 2377 match_local_part: matches in a local part list
059ec3d9
PH
2378 */
2379
059ec3d9
PH
2380 case ECOND_MATCH_ADDRESS:
2381 case ECOND_MATCH_DOMAIN:
32d668a5 2382 case ECOND_MATCH_IP:
059ec3d9 2383 case ECOND_MATCH_LOCAL_PART:
da6dbe26
PP
2384#ifndef EXPAND_LISTMATCH_RHS
2385 sub2_honour_dollar = FALSE;
2386#endif
2387 /* FALLTHROUGH */
2388
2389 case ECOND_CRYPTEQ:
2390 case ECOND_INLIST:
2391 case ECOND_INLISTI:
2392 case ECOND_MATCH:
059ec3d9
PH
2393
2394 case ECOND_NUM_L: /* Numerical comparisons */
2395 case ECOND_NUM_LE:
2396 case ECOND_NUM_E:
2397 case ECOND_NUM_EE:
2398 case ECOND_NUM_G:
2399 case ECOND_NUM_GE:
2400
2401 case ECOND_STR_LT: /* String comparisons */
2402 case ECOND_STR_LTI:
2403 case ECOND_STR_LE:
2404 case ECOND_STR_LEI:
2405 case ECOND_STR_EQ:
2406 case ECOND_STR_EQI:
2407 case ECOND_STR_GT:
2408 case ECOND_STR_GTI:
2409 case ECOND_STR_GE:
2410 case ECOND_STR_GEI:
2411
2412 for (i = 0; i < 2; i++)
2413 {
da6dbe26
PP
2414 /* Sometimes, we don't expand substrings; too many insecure configurations
2415 created using match_address{}{} and friends, where the second param
2416 includes information from untrustworthy sources. */
2417 BOOL honour_dollar = TRUE;
2418 if ((i > 0) && !sub2_honour_dollar)
2419 honour_dollar = FALSE;
2420
059ec3d9
PH
2421 while (isspace(*s)) s++;
2422 if (*s != '{')
2423 {
2424 if (i == 0) goto COND_FAILED_CURLY_START;
2425 expand_string_message = string_sprintf("missing 2nd string in {} "
2426 "after \"%s\"", name);
2427 return NULL;
2428 }
da6dbe26 2429 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
b0e85a8f 2430 honour_dollar, resetok);
059ec3d9
PH
2431 if (sub[i] == NULL) return NULL;
2432 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2433
2434 /* Convert to numerical if required; we know that the names of all the
2435 conditions that compare numbers do not start with a letter. This just saves
2436 checking for them individually. */
2437
d6066548 2438 if (!isalpha(name[0]) && yield != NULL)
059ec3d9 2439 {
5dd1517f
PH
2440 if (sub[i][0] == 0)
2441 {
2442 num[i] = 0;
2443 DEBUG(D_expand)
2444 debug_printf("empty string cast to zero for numerical comparison\n");
2445 }
2446 else
2447 {
2448 num[i] = expand_string_integer(sub[i], FALSE);
2449 if (expand_string_message != NULL) return NULL;
2450 }
059ec3d9
PH
2451 }
2452 }
2453
2454 /* Result not required */
2455
2456 if (yield == NULL) return s;
2457
2458 /* Do an appropriate comparison */
2459
2460 switch(cond_type)
2461 {
2462 case ECOND_NUM_E:
2463 case ECOND_NUM_EE:
b5b871ac 2464 tempcond = (num[0] == num[1]);
059ec3d9
PH
2465 break;
2466
2467 case ECOND_NUM_G:
b5b871ac 2468 tempcond = (num[0] > num[1]);
059ec3d9
PH
2469 break;
2470
2471 case ECOND_NUM_GE:
b5b871ac 2472 tempcond = (num[0] >= num[1]);
059ec3d9
PH
2473 break;
2474
2475 case ECOND_NUM_L:
b5b871ac 2476 tempcond = (num[0] < num[1]);
059ec3d9
PH
2477 break;
2478
2479 case ECOND_NUM_LE:
b5b871ac 2480 tempcond = (num[0] <= num[1]);
059ec3d9
PH
2481 break;
2482
2483 case ECOND_STR_LT:
b5b871ac 2484 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
059ec3d9
PH
2485 break;
2486
2487 case ECOND_STR_LTI:
b5b871ac 2488 tempcond = (strcmpic(sub[0], sub[1]) < 0);
059ec3d9
PH
2489 break;
2490
2491 case ECOND_STR_LE:
b5b871ac 2492 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
059ec3d9
PH
2493 break;
2494
2495 case ECOND_STR_LEI:
b5b871ac 2496 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
059ec3d9
PH
2497 break;
2498
2499 case ECOND_STR_EQ:
b5b871ac 2500 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
059ec3d9
PH
2501 break;
2502
2503 case ECOND_STR_EQI:
b5b871ac 2504 tempcond = (strcmpic(sub[0], sub[1]) == 0);
059ec3d9
PH
2505 break;
2506
2507 case ECOND_STR_GT:
b5b871ac 2508 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
059ec3d9
PH
2509 break;
2510
2511 case ECOND_STR_GTI:
b5b871ac 2512 tempcond = (strcmpic(sub[0], sub[1]) > 0);
059ec3d9
PH
2513 break;
2514
2515 case ECOND_STR_GE:
b5b871ac 2516 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
059ec3d9
PH
2517 break;
2518
2519 case ECOND_STR_GEI:
b5b871ac 2520 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
059ec3d9
PH
2521 break;
2522
2523 case ECOND_MATCH: /* Regular expression match */
2524 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2525 NULL);
2526 if (re == NULL)
2527 {
2528 expand_string_message = string_sprintf("regular expression error in "
2529 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2530 return NULL;
2531 }
b5b871ac 2532 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
059ec3d9
PH
2533 break;
2534
2535 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2536 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2537 goto MATCHED_SOMETHING;
2538
2539 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2540 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2541 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2542 goto MATCHED_SOMETHING;
2543
32d668a5 2544 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2545 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH
2546 {
2547 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2548 sub[0]);
2549 return NULL;
2550 }
2551 else
2552 {
2553 unsigned int *nullcache = NULL;
2554 check_host_block cb;
2555
2556 cb.host_name = US"";
2557 cb.host_address = sub[0];
2558
2559 /* If the host address starts off ::ffff: it is an IPv6 address in
2560 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2561 addresses. */
2562
2563 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2564 cb.host_address + 7 : cb.host_address;
2565
2566 rc = match_check_list(
2567 &sub[1], /* the list */
2568 0, /* separator character */
2569 &hostlist_anchor, /* anchor pointer */
2570 &nullcache, /* cache pointer */
2571 check_host, /* function for testing */
2572 &cb, /* argument for function */
2573 MCL_HOST, /* type of check */
2574 sub[0], /* text for debugging */
2575 NULL); /* where to pass back data */
2576 }
2577 goto MATCHED_SOMETHING;
2578
059ec3d9
PH
2579 case ECOND_MATCH_LOCAL_PART:
2580 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2581 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2582 /* Fall through */
9a26b6b2 2583 /* VVVVVVVVVVVV */
059ec3d9
PH
2584 MATCHED_SOMETHING:
2585 switch(rc)
2586 {
2587 case OK:
b5b871ac 2588 tempcond = TRUE;
059ec3d9
PH
2589 break;
2590
2591 case FAIL:
b5b871ac 2592 tempcond = FALSE;
059ec3d9
PH
2593 break;
2594
2595 case DEFER:
2596 expand_string_message = string_sprintf("unable to complete match "
2597 "against \"%s\": %s", sub[1], search_error_message);
2598 return NULL;
2599 }
2600
2601 break;
2602
2603 /* Various "encrypted" comparisons. If the second string starts with
2604 "{" then an encryption type is given. Default to crypt() or crypt16()
2605 (build-time choice). */
b5b871ac 2606 /* }-for-text-editors */
059ec3d9
PH
2607
2608 case ECOND_CRYPTEQ:
2609 #ifndef SUPPORT_CRYPTEQ
2610 goto COND_FAILED_NOT_COMPILED;
2611 #else
2612 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2613 {
2614 int sublen = Ustrlen(sub[1]+5);
2615 md5 base;
2616 uschar digest[16];
2617
2618 md5_start(&base);
2619 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2620
2621 /* If the length that we are comparing against is 24, the MD5 digest
2622 is expressed as a base64 string. This is the way LDAP does it. However,
2623 some other software uses a straightforward hex representation. We assume
2624 this if the length is 32. Other lengths fail. */
2625
2626 if (sublen == 24)
2627 {
2628 uschar *coded = auth_b64encode((uschar *)digest, 16);
2629 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2630 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2631 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
059ec3d9
PH
2632 }
2633 else if (sublen == 32)
2634 {
2635 int i;
2636 uschar coded[36];
2637 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2638 coded[32] = 0;
2639 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2640 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2641 tempcond = (strcmpic(coded, sub[1]+5) == 0);
059ec3d9
PH
2642 }
2643 else
2644 {
2645 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2646 "fail\n crypted=%s\n", sub[1]+5);
b5b871ac 2647 tempcond = FALSE;
059ec3d9
PH
2648 }
2649 }
2650
2651 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2652 {
2653 int sublen = Ustrlen(sub[1]+6);
2654 sha1 base;
2655 uschar digest[20];
2656
2657 sha1_start(&base);
2658 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2659
2660 /* If the length that we are comparing against is 28, assume the SHA1
2661 digest is expressed as a base64 string. If the length is 40, assume a
2662 straightforward hex representation. Other lengths fail. */
2663
2664 if (sublen == 28)
2665 {
2666 uschar *coded = auth_b64encode((uschar *)digest, 20);
2667 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2668 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2669 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
059ec3d9
PH
2670 }
2671 else if (sublen == 40)
2672 {
2673 int i;
2674 uschar coded[44];
2675 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2676 coded[40] = 0;
2677 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2678 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2679 tempcond = (strcmpic(coded, sub[1]+6) == 0);
059ec3d9
PH
2680 }
2681 else
2682 {
2683 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2684 "fail\n crypted=%s\n", sub[1]+6);
b5b871ac 2685 tempcond = FALSE;
059ec3d9
PH
2686 }
2687 }
2688
2689 else /* {crypt} or {crypt16} and non-{ at start */
76dca828 2690 /* }-for-text-editors */
059ec3d9
PH
2691 {
2692 int which = 0;
2693 uschar *coded;
2694
2695 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2696 {
2697 sub[1] += 7;
2698 which = 1;
2699 }
2700 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2701 {
2702 sub[1] += 9;
2703 which = 2;
2704 }
b5b871ac 2705 else if (sub[1][0] == '{') /* }-for-text-editors */
059ec3d9
PH
2706 {
2707 expand_string_message = string_sprintf("unknown encryption mechanism "
2708 "in \"%s\"", sub[1]);
2709 return NULL;
2710 }
2711
2712 switch(which)
2713 {
2714 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2715 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2716 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2717 }
2718
2719 #define STR(s) # s
2720 #define XSTR(s) STR(s)
2721 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2722 " subject=%s\n crypted=%s\n",
2723 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2724 coded, sub[1]);
2725 #undef STR
2726 #undef XSTR
2727
2728 /* If the encrypted string contains fewer than two characters (for the
2729 salt), force failure. Otherwise we get false positives: with an empty
2730 string the yield of crypt() is an empty string! */
2731
b5b871ac
JH
2732 tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
2733 (Ustrcmp(coded, sub[1]) == 0);
059ec3d9
PH
2734 }
2735 break;
2736 #endif /* SUPPORT_CRYPTEQ */
76dca828
PP
2737
2738 case ECOND_INLIST:
2739 case ECOND_INLISTI:
2740 {
2741 int sep = 0;
76dca828
PP
2742 uschar *save_iterate_item = iterate_item;
2743 int (*compare)(const uschar *, const uschar *);
2744
b5b871ac 2745 tempcond = FALSE;
76dca828
PP
2746 if (cond_type == ECOND_INLISTI)
2747 compare = strcmpic;
2748 else
2749 compare = (int (*)(const uschar *, const uschar *)) strcmp;
2750
2751 while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
2752 if (compare(sub[0], iterate_item) == 0)
2753 {
b5b871ac 2754 tempcond = TRUE;
76dca828
PP
2755 break;
2756 }
2757 iterate_item = save_iterate_item;
76dca828
PP
2758 }
2759
059ec3d9
PH
2760 } /* Switch for comparison conditions */
2761
b5b871ac 2762 *yield = tempcond == testfor;
059ec3d9
PH
2763 return s; /* End of comparison conditions */
2764
2765
2766 /* and/or: computes logical and/or of several conditions */
2767
2768 case ECOND_AND:
2769 case ECOND_OR:
2770 subcondptr = (yield == NULL)? NULL : &tempcond;
2771 combined_cond = (cond_type == ECOND_AND);
2772
2773 while (isspace(*s)) s++;
b5b871ac 2774 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9
PH
2775
2776 for (;;)
2777 {
2778 while (isspace(*s)) s++;
b5b871ac 2779 /* {-for-text-editors */
059ec3d9 2780 if (*s == '}') break;
b5b871ac 2781 if (*s != '{') /* }-for-text-editors */
059ec3d9
PH
2782 {
2783 expand_string_message = string_sprintf("each subcondition "
2784 "inside an \"%s{...}\" condition must be in its own {}", name);
2785 return NULL;
2786 }
2787
b0e85a8f 2788 if (!(s = eval_condition(s+1, resetok, subcondptr)))
059ec3d9
PH
2789 {
2790 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2791 expand_string_message, name);
2792 return NULL;
2793 }
2794 while (isspace(*s)) s++;
2795
b5b871ac 2796 /* {-for-text-editors */
059ec3d9
PH
2797 if (*s++ != '}')
2798 {
b5b871ac 2799 /* {-for-text-editors */
059ec3d9
PH
2800 expand_string_message = string_sprintf("missing } at end of condition "
2801 "inside \"%s\" group", name);
2802 return NULL;
2803 }
2804
2805 if (yield != NULL)
2806 {
2807 if (cond_type == ECOND_AND)
2808 {
2809 combined_cond &= tempcond;
2810 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2811 } /* evaluate any more */
2812 else
2813 {
2814 combined_cond |= tempcond;
2815 if (combined_cond) subcondptr = NULL; /* once true, don't */
2816 } /* evaluate any more */
2817 }
2818 }
2819
2820 if (yield != NULL) *yield = (combined_cond == testfor);
2821 return ++s;
2822
2823
0ce9abe6
PH
2824 /* forall/forany: iterates a condition with different values */
2825
2826 case ECOND_FORALL:
2827 case ECOND_FORANY:
2828 {
2829 int sep = 0;
282b357d 2830 uschar *save_iterate_item = iterate_item;
0ce9abe6
PH
2831
2832 while (isspace(*s)) s++;
b5b871ac 2833 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 2834 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
0ce9abe6 2835 if (sub[0] == NULL) return NULL;
b5b871ac 2836 /* {-for-text-editors */
0ce9abe6
PH
2837 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2838
2839 while (isspace(*s)) s++;
b5b871ac 2840 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
0ce9abe6
PH
2841
2842 sub[1] = s;
2843
2844 /* Call eval_condition once, with result discarded (as if scanning a
2845 "false" part). This allows us to find the end of the condition, because if
2846 the list it empty, we won't actually evaluate the condition for real. */
2847
b0e85a8f 2848 if (!(s = eval_condition(sub[1], resetok, NULL)))
0ce9abe6
PH
2849 {
2850 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2851 expand_string_message, name);
2852 return NULL;
2853 }
2854 while (isspace(*s)) s++;
2855
b5b871ac 2856 /* {-for-text-editors */
0ce9abe6
PH
2857 if (*s++ != '}')
2858 {
b5b871ac 2859 /* {-for-text-editors */
0ce9abe6
PH
2860 expand_string_message = string_sprintf("missing } at end of condition "
2861 "inside \"%s\"", name);
2862 return NULL;
2863 }
2864
2865 if (yield != NULL) *yield = !testfor;
2866 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2867 {
2868 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
b0e85a8f 2869 if (!eval_condition(sub[1], resetok, &tempcond))
0ce9abe6
PH
2870 {
2871 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2872 expand_string_message, name);
e58c13cc 2873 iterate_item = save_iterate_item;
0ce9abe6
PH
2874 return NULL;
2875 }
2876 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2877 tempcond? "true":"false");
2878
2879 if (yield != NULL) *yield = (tempcond == testfor);
2880 if (tempcond == (cond_type == ECOND_FORANY)) break;
2881 }
2882
282b357d 2883 iterate_item = save_iterate_item;
0ce9abe6
PH
2884 return s;
2885 }
2886
2887
f3766eb5
NM
2888 /* The bool{} expansion condition maps a string to boolean.
2889 The values supported should match those supported by the ACL condition
2890 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2891 of true/false. Note that Router "condition" rules have a different
2892 interpretation, where general data can be used and only a few values
2893 map to FALSE.
2894 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP
2895 only matches true/yes/false/no.
2896 The bool_lax{} condition matches the Router logic, which is much more
2897 liberal. */
f3766eb5 2898 case ECOND_BOOL:
6a8de854 2899 case ECOND_BOOL_LAX:
f3766eb5
NM
2900 {
2901 uschar *sub_arg[1];
71265ae9 2902 uschar *t, *t2;
6a8de854 2903 uschar *ourname;
f3766eb5
NM
2904 size_t len;
2905 BOOL boolvalue = FALSE;
2906 while (isspace(*s)) s++;
b5b871ac 2907 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
6a8de854 2908 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
b0e85a8f 2909 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
f3766eb5 2910 {
6a8de854
PP
2911 case 1: expand_string_message = string_sprintf(
2912 "too few arguments or bracketing error for %s",
2913 ourname);
f3766eb5
NM
2914 /*FALLTHROUGH*/
2915 case 2:
2916 case 3: return NULL;
2917 }
2918 t = sub_arg[0];
2919 while (isspace(*t)) t++;
2920 len = Ustrlen(t);
71265ae9
PP
2921 if (len)
2922 {
2923 /* trailing whitespace: seems like a good idea to ignore it too */
2924 t2 = t + len - 1;
2925 while (isspace(*t2)) t2--;
2926 if (t2 != (t + len))
2927 {
2928 *++t2 = '\0';
2929 len = t2 - t;
2930 }
2931 }
f3766eb5 2932 DEBUG(D_expand)
6a8de854
PP
2933 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2934 /* logic for the lax case from expand_check_condition(), which also does
2935 expands, and the logic is both short and stable enough that there should
2936 be no maintenance burden from replicating it. */
f3766eb5
NM
2937 if (len == 0)
2938 boolvalue = FALSE;
51c7471d
JH
2939 else if (*t == '-'
2940 ? Ustrspn(t+1, "0123456789") == len-1
2941 : Ustrspn(t, "0123456789") == len)
6a8de854 2942 {
f3766eb5 2943 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP
2944 /* expand_check_condition only does a literal string "0" check */
2945 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2946 boolvalue = TRUE;
2947 }
f3766eb5
NM
2948 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2949 boolvalue = TRUE;
2950 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2951 boolvalue = FALSE;
6a8de854
PP
2952 else if (cond_type == ECOND_BOOL_LAX)
2953 boolvalue = TRUE;
f3766eb5
NM
2954 else
2955 {
2956 expand_string_message = string_sprintf("unrecognised boolean "
2957 "value \"%s\"", t);
2958 return NULL;
2959 }
5ee6f336 2960 if (yield != NULL) *yield = (boolvalue == testfor);
f3766eb5
NM
2961 return s;
2962 }
2963
059ec3d9
PH
2964 /* Unknown condition */
2965
2966 default:
2967 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2968 return NULL;
2969 } /* End switch on condition type */
2970
2971/* Missing braces at start and end of data */
2972
2973COND_FAILED_CURLY_START:
2974expand_string_message = string_sprintf("missing { after \"%s\"", name);
2975return NULL;
2976
2977COND_FAILED_CURLY_END:
2978expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2979 name);
2980return NULL;
2981
2982/* A condition requires code that is not compiled */
2983
2984#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2985 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2986 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2987COND_FAILED_NOT_COMPILED:
2988expand_string_message = string_sprintf("support for \"%s\" not compiled",
2989 name);
2990return NULL;
2991#endif
2992}
2993
2994
2995
2996
2997/*************************************************
2998* Save numerical variables *
2999*************************************************/
3000
3001/* This function is called from items such as "if" that want to preserve and
3002restore the numbered variables.
3003
3004Arguments:
3005 save_expand_string points to an array of pointers to set
3006 save_expand_nlength points to an array of ints for the lengths
3007
3008Returns: the value of expand max to save
3009*/
3010
3011static int
3012save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3013{
3014int i;
3015for (i = 0; i <= expand_nmax; i++)
3016 {
3017 save_expand_nstring[i] = expand_nstring[i];
3018 save_expand_nlength[i] = expand_nlength[i];
3019 }
3020return expand_nmax;
3021}
3022
3023
3024
3025/*************************************************
3026* Restore numerical variables *
3027*************************************************/
3028
3029/* This function restored saved values of numerical strings.
3030
3031Arguments:
3032 save_expand_nmax the number of strings to restore
3033 save_expand_string points to an array of pointers
3034 save_expand_nlength points to an array of ints
3035
3036Returns: nothing
3037*/
3038
3039static void
3040restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3041 int *save_expand_nlength)
3042{
3043int i;
3044expand_nmax = save_expand_nmax;
3045for (i = 0; i <= expand_nmax; i++)
3046 {
3047 expand_nstring[i] = save_expand_nstring[i];
3048 expand_nlength[i] = save_expand_nlength[i];
3049 }
3050}
3051
3052
3053
3054
3055
3056/*************************************************
3057* Handle yes/no substrings *
3058*************************************************/
3059
3060/* This function is used by ${if}, ${lookup} and ${extract} to handle the
3061alternative substrings that depend on whether or not the condition was true,
3062or the lookup or extraction succeeded. The substrings always have to be
3063expanded, to check their syntax, but "skipping" is set when the result is not
3064needed - this avoids unnecessary nested lookups.
3065
3066Arguments:
3067 skipping TRUE if we were skipping when this item was reached
3068 yes TRUE if the first string is to be used, else use the second
3069 save_lookup a value to put back into lookup_value before the 2nd expansion
3070 sptr points to the input string pointer
3071 yieldptr points to the output string pointer
3072 sizeptr points to the output string size
3073 ptrptr points to the output string pointer
3074 type "lookup" or "if" or "extract" or "run", for error message
b0e85a8f
JH
3075 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3076 the store.
059ec3d9
PH
3077
3078Returns: 0 OK; lookup_value has been reset to save_lookup
3079 1 expansion failed
3080 2 expansion failed because of bracketing error
3081*/
3082
3083static int
3084process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
b0e85a8f 3085 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type, BOOL *resetok)
059ec3d9
PH
3086{
3087int rc = 0;
3088uschar *s = *sptr; /* Local value */
3089uschar *sub1, *sub2;
3090
3091/* If there are no following strings, we substitute the contents of $value for
063b1e99 3092lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 3093"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 3094items. */
059ec3d9
PH
3095
3096while (isspace(*s)) s++;
3097if (*s == '}')
3098 {
063b1e99
PH
3099 if (type[0] == 'i')
3100 {
8e669ac1 3101 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH
3102 }
3103 else
8e669ac1 3104 {
063b1e99
PH
3105 if (yes && lookup_value != NULL)
3106 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
3107 Ustrlen(lookup_value));
3108 lookup_value = save_lookup;
3109 }
059ec3d9
PH
3110 s++;
3111 goto RETURN;
3112 }
3113
9b4768fa
PH
3114/* The first following string must be braced. */
3115
3116if (*s++ != '{') goto FAILED_CURLY;
3117
059ec3d9
PH
3118/* Expand the first substring. Forced failures are noticed only if we actually
3119want this string. Set skipping in the call in the fail case (this will always
3120be the case if we were already skipping). */
3121
b0e85a8f 3122sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
059ec3d9
PH
3123if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3124expand_string_forcedfail = FALSE;
3125if (*s++ != '}') goto FAILED_CURLY;
3126
3127/* If we want the first string, add it to the output */
3128
3129if (yes)
3130 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
3131
3132/* If this is called from a lookup or an extract, we want to restore $value to
3133what it was at the start of the item, so that it has this value during the
d20976dc
PH
3134second string expansion. For the call from "if" or "run" to this function,
3135save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH
3136
3137lookup_value = save_lookup;
3138
3139/* There now follows either another substring, or "fail", or nothing. This
3140time, forced failures are noticed only if we want the second string. We must
3141set skipping in the nested call if we don't want this string, or if we were
3142already skipping. */
3143
3144while (isspace(*s)) s++;
3145if (*s == '{')
3146 {
b0e85a8f 3147 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
059ec3d9
PH
3148 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3149 expand_string_forcedfail = FALSE;
3150 if (*s++ != '}') goto FAILED_CURLY;
3151
3152 /* If we want the second string, add it to the output */
3153
3154 if (!yes)
3155 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
3156 }
3157
3158/* If there is no second string, but the word "fail" is present when the use of
3159the second string is wanted, set a flag indicating it was a forced failure
3160rather than a syntactic error. Swallow the terminating } in case this is nested
3161inside another lookup or if or extract. */
3162
3163else if (*s != '}')
3164 {
3165 uschar name[256];
3166 s = read_name(name, sizeof(name), s, US"_");
3167 if (Ustrcmp(name, "fail") == 0)
3168 {
3169 if (!yes && !skipping)
3170 {
3171 while (isspace(*s)) s++;
3172 if (*s++ != '}') goto FAILED_CURLY;
3173 expand_string_message =
3174 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3175 expand_string_forcedfail = TRUE;
3176 goto FAILED;
3177 }
3178 }
3179 else
3180 {
3181 expand_string_message =
3182 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3183 goto FAILED;
3184 }
3185 }
3186
3187/* All we have to do now is to check on the final closing brace. */
3188
3189while (isspace(*s)) s++;
3190if (*s++ == '}') goto RETURN;
3191
3192/* Get here if there is a bracketing failure */
3193
3194FAILED_CURLY:
3195rc++;
3196
3197/* Get here for other failures */
3198
3199FAILED:
3200rc++;
3201
3202/* Update the input pointer value before returning */
3203
3204RETURN:
3205*sptr = s;
3206return rc;
3207}
3208
3209
3210
3211
059ec3d9
PH
3212/*************************************************
3213* Handle MD5 or SHA-1 computation for HMAC *
3214*************************************************/
3215
3216/* These are some wrapping functions that enable the HMAC code to be a bit
3217cleaner. A good compiler will spot the tail recursion.
3218
3219Arguments:
3220 type HMAC_MD5 or HMAC_SHA1
3221 remaining are as for the cryptographic hash functions
3222
3223Returns: nothing
3224*/
3225
3226static void
3227chash_start(int type, void *base)
3228{
3229if (type == HMAC_MD5)
3230 md5_start((md5 *)base);
3231else
3232 sha1_start((sha1 *)base);
3233}
3234
3235static void
3236chash_mid(int type, void *base, uschar *string)
3237{
3238if (type == HMAC_MD5)
3239 md5_mid((md5 *)base, string);
3240else
3241 sha1_mid((sha1 *)base, string);
3242}
3243
3244static void
3245chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3246{
3247if (type == HMAC_MD5)
3248 md5_end((md5 *)base, string, length, digest);
3249else
3250 sha1_end((sha1 *)base, string, length, digest);
3251}
3252
3253
3254
3255
3256
1549ea3b
PH
3257/********************************************************
3258* prvs: Get last three digits of days since Jan 1, 1970 *
3259********************************************************/
3260
3261/* This is needed to implement the "prvs" BATV reverse
3262 path signing scheme
3263
3264Argument: integer "days" offset to add or substract to
3265 or from the current number of days.
3266
3267Returns: pointer to string containing the last three
3268 digits of the number of days since Jan 1, 1970,
3269 modified by the offset argument, NULL if there
3270 was an error in the conversion.
3271
3272*/
3273
3274static uschar *
3275prvs_daystamp(int day_offset)
3276{
a86229cf
PH
3277uschar *days = store_get(32); /* Need at least 24 for cases */
3278(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
1549ea3b 3279 (time(NULL) + day_offset*86400)/86400);
e169f567 3280return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
1549ea3b
PH
3281}
3282
3283
3284
3285/********************************************************
3286* prvs: perform HMAC-SHA1 computation of prvs bits *
3287********************************************************/
3288
3289/* This is needed to implement the "prvs" BATV reverse
3290 path signing scheme
3291
3292Arguments:
3293 address RFC2821 Address to use
3294 key The key to use (must be less than 64 characters
3295 in size)
3296 key_num Single-digit key number to use. Defaults to
3297 '0' when NULL.
3298
3299Returns: pointer to string containing the first three
3300 bytes of the final hash in hex format, NULL if
3301 there was an error in the process.
3302*/
3303
3304static uschar *
3305prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3306{
3307uschar *hash_source, *p;
3308int size = 0,offset = 0,i;
3309sha1 sha1_base;
3310void *use_base = &sha1_base;
3311uschar innerhash[20];
3312uschar finalhash[20];
3313uschar innerkey[64];
3314uschar outerkey[64];
3315uschar *finalhash_hex = store_get(40);
3316
3317if (key_num == NULL)
3318 key_num = US"0";
3319
3320if (Ustrlen(key) > 64)
3321 return NULL;
3322
3323hash_source = string_cat(NULL,&size,&offset,key_num,1);
3324string_cat(hash_source,&size,&offset,daystamp,3);
3325string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3326hash_source[offset] = '\0';
3327
3328DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3329
3330memset(innerkey, 0x36, 64);
3331memset(outerkey, 0x5c, 64);
3332
3333for (i = 0; i < Ustrlen(key); i++)
3334 {
3335 innerkey[i] ^= key[i];
3336 outerkey[i] ^= key[i];
3337 }
3338
3339chash_start(HMAC_SHA1, use_base);
3340chash_mid(HMAC_SHA1, use_base, innerkey);
3341chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3342
3343chash_start(HMAC_SHA1, use_base);
3344chash_mid(HMAC_SHA1, use_base, outerkey);
3345chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3346
3347p = finalhash_hex;
3348for (i = 0; i < 3; i++)
3349 {
3350 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3351 *p++ = hex_digits[finalhash[i] & 0x0f];
3352 }
3353*p = '\0';
3354
3355return finalhash_hex;
3356}
3357
3358
3359
3360
059ec3d9
PH
3361/*************************************************
3362* Join a file onto the output string *
3363*************************************************/
3364
3365/* This is used for readfile and after a run expansion. It joins the contents
3366of a file onto the output string, globally replacing newlines with a given
3367string (optionally). The file is closed at the end.
3368
3369Arguments:
3370 f the FILE
3371 yield pointer to the expandable string
3372 sizep pointer to the current size
3373 ptrp pointer to the current position
3374 eol newline replacement string, or NULL
3375
3376Returns: new value of string pointer
3377*/
3378
3379static uschar *
3380cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
3381{
3382int eollen;
3383uschar buffer[1024];
3384
3385eollen = (eol == NULL)? 0 : Ustrlen(eol);
3386
3387while (Ufgets(buffer, sizeof(buffer), f) != NULL)
3388 {
3389 int len = Ustrlen(buffer);
3390 if (eol != NULL && buffer[len-1] == '\n') len--;
3391 yield = string_cat(yield, sizep, ptrp, buffer, len);
3392 if (buffer[len] != 0)
3393 yield = string_cat(yield, sizep, ptrp, eol, eollen);
3394 }
3395
3396if (yield != NULL) yield[*ptrp] = 0;
3397
3398return yield;
3399}
3400
3401
3402
3403
3404/*************************************************
3405* Evaluate numeric expression *
3406*************************************************/
3407
af561417
PH
3408/* This is a set of mutually recursive functions that evaluate an arithmetic
3409expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3410these functions that is called from elsewhere is eval_expr, whose interface is:
059ec3d9
PH
3411
3412Arguments:
af561417
PH
3413 sptr pointer to the pointer to the string - gets updated
3414 decimal TRUE if numbers are to be assumed decimal
3415 error pointer to where to put an error message - must be NULL on input
3416 endket TRUE if ')' must terminate - FALSE for external call
059ec3d9 3417
af561417
PH
3418Returns: on success: the value of the expression, with *error still NULL
3419 on failure: an undefined value, with *error = a message
059ec3d9
PH
3420*/
3421
97d17305 3422static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
af561417 3423
059ec3d9 3424
97d17305 3425static int_eximarith_t
059ec3d9
PH
3426eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3427{
3428uschar *s = *sptr;
97d17305 3429int_eximarith_t x = eval_op_or(&s, decimal, error);
059ec3d9
PH
3430if (*error == NULL)
3431 {
af561417 3432 if (endket)
059ec3d9 3433 {
af561417
PH
3434 if (*s != ')')
3435 *error = US"expecting closing parenthesis";
3436 else
3437 while (isspace(*(++s)));
059ec3d9 3438 }
af561417 3439 else if (*s != 0) *error = US"expecting operator";
059ec3d9 3440 }
059ec3d9
PH
3441*sptr = s;
3442return x;
3443}
3444
af561417 3445
97d17305 3446static int_eximarith_t
af561417 3447eval_number(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH
3448{
3449register int c;
97d17305 3450int_eximarith_t n;
059ec3d9
PH
3451uschar *s = *sptr;
3452while (isspace(*s)) s++;
3453c = *s;
af561417 3454if (isdigit(c))
059ec3d9
PH
3455 {
3456 int count;
97d17305 3457 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
059ec3d9 3458 s += count;
97d17305
JH
3459 switch (tolower(*s))
3460 {
3461 default: break;
3462 case 'k': n *= 1024; s++; break;
3463 case 'm': n *= 1024*1024; s++; break;
3464 case 'g': n *= 1024*1024*1024; s++; break;
3465 }
059ec3d9
PH
3466 while (isspace (*s)) s++;
3467 }
3468else if (c == '(')
3469 {
3470 s++;
3471 n = eval_expr(&s, decimal, error, 1);
3472 }
3473else
3474 {
3475 *error = US"expecting number or opening parenthesis";
3476 n = 0;
3477 }
3478*sptr = s;
3479return n;
3480}
3481
af561417 3482
97d17305 3483static int_eximarith_t
aa7c82b2 3484eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3485{
3486uschar *s = *sptr;
97d17305 3487int_eximarith_t x;
af561417
PH
3488while (isspace(*s)) s++;
3489if (*s == '+' || *s == '-' || *s == '~')
3490 {
3491 int op = *s++;
3492 x = eval_op_unary(&s, decimal, error);
3493 if (op == '-') x = -x;
3494 else if (op == '~') x = ~x;
3495 }
3496else
3497 {
3498 x = eval_number(&s, decimal, error);
3499 }
3500*sptr = s;
3501return x;
3502}
3503
3504
97d17305 3505static int_eximarith_t
aa7c82b2 3506eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
059ec3d9
PH
3507{
3508uschar *s = *sptr;
97d17305 3509int_eximarith_t x = eval_op_unary(&s, decimal, error);
059ec3d9
PH
3510if (*error == NULL)
3511 {
5591031b 3512 while (*s == '*' || *s == '/' || *s == '%')
059ec3d9
PH
3513 {
3514 int op = *s++;
97d17305 3515 int_eximarith_t y = eval_op_unary(&s, decimal, error);
059ec3d9 3516 if (*error != NULL) break;
053a9aa3
PP
3517 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3518 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3519 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3520 * -N*M is INT_MIN will yielf INT_MIN.
3521 * Since we don't support floating point, this is somewhat simpler.
3522 * Ideally, we'd return an error, but since we overflow for all other
3523 * arithmetic, consistency suggests otherwise, but what's the correct value
3524 * to use? There is none.
3525 * The C standard guarantees overflow for unsigned arithmetic but signed
3526 * overflow invokes undefined behaviour; in practice, this is overflow
3527 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3528 * that long/longlong larger than int are available, or we could just work
3529 * with larger types. We should consider whether to guarantee 32bit eval
3530 * and 64-bit working variables, with errors returned. For now ...
3531 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3532 * can just let the other invalid results occur otherwise, as they have
3533 * until now. For this one case, we can coerce.
3534 */
4328fd3c 3535 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
053a9aa3
PP
3536 {
3537 DEBUG(D_expand)
97d17305 3538 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
4328fd3c
JH
3539 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3540 x = EXIM_ARITH_MAX;
053a9aa3
PP
3541 continue;
3542 }
a5b52695
PP
3543 if (op == '*')
3544 x *= y;
3545 else
3546 {
3547 if (y == 0)
54e7ce4a 3548 {
a5b52695
PP
3549 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3550 x = 0;
3551 break;
54e7ce4a 3552 }
a5b52695
PP
3553 if (op == '/')
3554 x /= y;
3555 else
3556 x %= y;
3557 }
059ec3d9
PH
3558 }
3559 }
3560*sptr = s;
3561return x;
3562}
3563
3564
97d17305 3565static int_eximarith_t
aa7c82b2 3566eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3567{
3568uschar *s = *sptr;
97d17305 3569int_eximarith_t x = eval_op_mult(&s, decimal, error);
af561417
PH
3570if (*error == NULL)
3571 {
3572 while (*s == '+' || *s == '-')
3573 {
3574 int op = *s++;
97d17305 3575 int_eximarith_t y = eval_op_mult(&s, decimal, error);
af561417
PH
3576 if (*error != NULL) break;
3577 if (op == '+') x += y; else x -= y;
3578 }
3579 }
3580*sptr = s;
3581return x;
3582}
3583
3584
97d17305 3585static int_eximarith_t
aa7c82b2 3586eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3587{
3588uschar *s = *sptr;
97d17305 3589int_eximarith_t x = eval_op_sum(&s, decimal, error);
af561417
PH
3590if (*error == NULL)
3591 {
3592 while ((*s == '<' || *s == '>') && s[1] == s[0])
3593 {
97d17305 3594 int_eximarith_t y;
af561417
PH
3595 int op = *s++;
3596 s++;
3597 y = eval_op_sum(&s, decimal, error);
3598 if (*error != NULL) break;
3599 if (op == '<') x <<= y; else x >>= y;
3600 }
3601 }
3602*sptr = s;
3603return x;
3604}
3605
3606
97d17305 3607static int_eximarith_t
aa7c82b2 3608eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3609{
3610uschar *s = *sptr;
97d17305 3611int_eximarith_t x = eval_op_shift(&s, decimal, error);
af561417
PH
3612if (*error == NULL)
3613 {
3614 while (*s == '&')
3615 {
97d17305 3616 int_eximarith_t y;
af561417
PH
3617 s++;
3618 y = eval_op_shift(&s, decimal, error);
3619 if (*error != NULL) break;
3620 x &= y;
3621 }
3622 }
3623*sptr = s;
3624return x;
3625}
3626
3627
97d17305 3628static int_eximarith_t
aa7c82b2 3629eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3630{
3631uschar *s = *sptr;
97d17305 3632int_eximarith_t x = eval_op_and(&s, decimal, error);
af561417
PH
3633if (*error == NULL)
3634 {
3635 while (*s == '^')
3636 {
97d17305 3637 int_eximarith_t y;
af561417
PH
3638 s++;
3639 y = eval_op_and(&s, decimal, error);
3640 if (*error != NULL) break;
3641 x ^= y;
3642 }
3643 }
3644*sptr = s;
3645return x;
3646}
3647
3648
97d17305 3649static int_eximarith_t
aa7c82b2 3650eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
af561417
PH
3651{
3652uschar *s = *sptr;
97d17305 3653int_eximarith_t x = eval_op_xor(&s, decimal, error);
af561417
PH
3654if (*error == NULL)
3655 {
3656 while (*s == '|')
3657 {
97d17305 3658 int_eximarith_t y;
af561417
PH
3659 s++;
3660 y = eval_op_xor(&s, decimal, error);
3661 if (*error != NULL) break;
3662 x |= y;
3663 }
3664 }
3665*sptr = s;
3666return x;
3667}
3668
059ec3d9
PH
3669
3670
3671/*************************************************
3672* Expand string *
3673*************************************************/
3674
3675/* Returns either an unchanged string, or the expanded string in stacking pool
3676store. Interpreted sequences are:
3677
3678 \... normal escaping rules
3679 $name substitutes the variable
3680 ${name} ditto
3681 ${op:string} operates on the expanded string value
3682 ${item{arg1}{arg2}...} expands the args and then does the business
3683 some literal args are not enclosed in {}
3684
3685There are now far too many operators and item types to make it worth listing
3686them here in detail any more.
3687
3688We use an internal routine recursively to handle embedded substrings. The
3689external function follows. The yield is NULL if the expansion failed, and there
3690are two cases: if something collapsed syntactically, or if "fail" was given
3691as the action on a lookup failure. These can be distinguised by looking at the
3692variable expand_string_forcedfail, which is TRUE in the latter case.
3693
3694The skipping flag is set true when expanding a substring that isn't actually
3695going to be used (after "if" or "lookup") and it prevents lookups from
3696happening lower down.
3697
3698Store usage: At start, a store block of the length of the input plus 64
3699is obtained. This is expanded as necessary by string_cat(), which might have to
3700get a new block, or might be able to expand the original. At the end of the
3701function we can release any store above that portion of the yield block that
3702was actually used. In many cases this will be optimal.
3703
3704However: if the first item in the expansion is a variable name or header name,
3705we reset the store before processing it; if the result is in fresh store, we
3706use that without copying. This is helpful for expanding strings like
3707$message_headers which can get very long.
3708
d6b4d938
TF
3709There's a problem if a ${dlfunc item has side-effects that cause allocation,
3710since resetting the store at the end of the expansion will free store that was
3711allocated by the plugin code as well as the slop after the expanded string. So
b0e85a8f
JH
3712we skip any resets if ${dlfunc } has been used. The same applies for ${acl }
3713and, given the acl condition, ${if }. This is an unfortunate consequence of
3714string expansion becoming too powerful.
d6b4d938 3715
059ec3d9
PH
3716Arguments:
3717 string the string to be expanded
3718 ket_ends true if expansion is to stop at }
3719 left if not NULL, a pointer to the first character after the
3720 expansion is placed here (typically used with ket_ends)
3721 skipping TRUE for recursive calls when the value isn't actually going
3722 to be used (to allow for optimisation)
da6dbe26
PP
3723 honour_dollar TRUE if $ is to be expanded,
3724 FALSE if it's just another character
b0e85a8f
JH
3725 resetok_p if not NULL, pointer to flag - write FALSE if unsafe to reset
3726 the store.
059ec3d9
PH
3727
3728Returns: NULL if expansion fails:
3729 expand_string_forcedfail is set TRUE if failure was forced
3730 expand_string_message contains a textual error message
3731 a pointer to the expanded string on success
3732*/
3733
3734static uschar *</