Dummies for Solaris build
[exim.git] / src / src / expand.c
CommitLineData
059ec3d9
PH
1/*************************************************
2* Exim - an Internet mail transport agent *
3*************************************************/
4
f9ba5e22 5/* Copyright (c) University of Cambridge 1995 - 2018 */
059ec3d9
PH
6/* See the file NOTICE for conditions of use and distribution. */
7
8
9/* Functions for handling string expansion. */
10
11
12#include "exim.h"
13
96c065cb
PH
14/* Recursively called function */
15
55414b25
JH
16static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
96c065cb 18
059ec3d9 19#ifdef STAND_ALONE
9d466bf7
JH
20# ifndef SUPPORT_CRYPTEQ
21# define SUPPORT_CRYPTEQ
22# endif
059ec3d9
PH
23#endif
24
96c065cb 25#ifdef LOOKUP_LDAP
9d466bf7 26# include "lookups/ldap.h"
96c065cb
PH
27#endif
28
059ec3d9 29#ifdef SUPPORT_CRYPTEQ
9d466bf7
JH
30# ifdef CRYPT_H
31# include <crypt.h>
32# endif
33# ifndef HAVE_CRYPT16
059ec3d9 34extern char* crypt16(char*, char*);
9d466bf7 35# endif
059ec3d9
PH
36#endif
37
96c065cb
PH
38/* The handling of crypt16() is a mess. I will record below the analysis of the
39mess that was sent to me. We decided, however, to make changing this very low
40priority, because in practice people are moving away from the crypt()
41algorithms nowadays, so it doesn't seem worth it.
42
43<quote>
44There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45the first 8 characters of the password using a 20-round version of crypt
46(standard crypt does 25 rounds). It then crypts the next 8 characters,
47or an empty block if the password is less than 9 characters, using a
4820-round version of crypt and the same salt as was used for the first
4c04137d 49block. Characters after the first 16 are ignored. It always generates
96c065cb
PH
50a 16-byte hash, which is expressed together with the salt as a string
51of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57and OSF/1. This is the same as the standard crypt if given a password
58of 8 characters or less. If given more, it first does the same as crypt
59using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60using as salt the first two base 64 digits from the first hash block.
61If the password is more than 16 characters then it crypts the 17th to 24th
62characters using as salt the first two base 64 digits from the second hash
63block. And so on: I've seen references to it cutting off the password at
6440 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71Exim has something it calls "crypt16". It will either use a native
72crypt16 or its own implementation. A native crypt16 will presumably
73be the one that I called "crypt16" above. The internal "crypt16"
74function, however, is a two-block-maximum implementation of what I called
75"bigcrypt". The documentation matches the internal code.
76
77I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78that crypt16 and bigcrypt were different things.
79
80Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81to whatever it is using under that name. This unfortunately sets a
82precedent for using "{crypt16}" to identify two incompatible algorithms
83whose output can't be distinguished. With "{crypt16}" thus rendered
84ambiguous, I suggest you deprecate it and invent two new identifiers
85for the two algorithms.
86
87Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88of the password separately means they can be cracked separately, so
89the double-length hash only doubles the cracking effort instead of
90squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91bcrypt ({CRYPT}$2a$).
92</quote>
93*/
059ec3d9
PH
94
95
059ec3d9 96
059ec3d9
PH
97/*************************************************
98* Local statics and tables *
99*************************************************/
100
101/* Table of item names, and corresponding switch numbers. The names must be in
102alphabetical order. */
103
104static uschar *item_table[] = {
723c72e6 105 US"acl",
dfbcb5ac 106 US"authresults",
9d1c15ef 107 US"certextract",
1a46a8c5 108 US"dlfunc",
089fc87a 109 US"env",
059ec3d9 110 US"extract",
29f89cad 111 US"filter",
059ec3d9
PH
112 US"hash",
113 US"hmac",
114 US"if",
8c5d388a 115#ifdef SUPPORT_I18N
ed0512a1
JH
116 US"imapfolder",
117#endif
059ec3d9 118 US"length",
aa26e137 119 US"listextract",
059ec3d9 120 US"lookup",
29f89cad 121 US"map",
059ec3d9 122 US"nhash",
1a46a8c5 123 US"perl",
fffda43a
TK
124 US"prvs",
125 US"prvscheck",
059ec3d9
PH
126 US"readfile",
127 US"readsocket",
29f89cad 128 US"reduce",
059ec3d9
PH
129 US"run",
130 US"sg",
ac4ef9bd 131 US"sort",
059ec3d9
PH
132 US"substr",
133 US"tr" };
134
135enum {
723c72e6 136 EITEM_ACL,
dfbcb5ac 137 EITEM_AUTHRESULTS,
9d1c15ef 138 EITEM_CERTEXTRACT,
1a46a8c5 139 EITEM_DLFUNC,
089fc87a 140 EITEM_ENV,
059ec3d9 141 EITEM_EXTRACT,
29f89cad 142 EITEM_FILTER,
059ec3d9
PH
143 EITEM_HASH,
144 EITEM_HMAC,
145 EITEM_IF,
8c5d388a 146#ifdef SUPPORT_I18N
ed0512a1
JH
147 EITEM_IMAPFOLDER,
148#endif
059ec3d9 149 EITEM_LENGTH,
aa26e137 150 EITEM_LISTEXTRACT,
059ec3d9 151 EITEM_LOOKUP,
29f89cad 152 EITEM_MAP,
059ec3d9 153 EITEM_NHASH,
1a46a8c5 154 EITEM_PERL,
fffda43a
TK
155 EITEM_PRVS,
156 EITEM_PRVSCHECK,
059ec3d9
PH
157 EITEM_READFILE,
158 EITEM_READSOCK,
29f89cad 159 EITEM_REDUCE,
059ec3d9
PH
160 EITEM_RUN,
161 EITEM_SG,
ac4ef9bd 162 EITEM_SORT,
059ec3d9
PH
163 EITEM_SUBSTR,
164 EITEM_TR };
165
166/* Tables of operator names, and corresponding switch numbers. The names must be
167in alphabetical order. There are two tables, because underscore is used in some
168cases to introduce arguments, whereas for other it is part of the name. This is
169an historical mis-design. */
170
171static uschar *op_table_underscore[] = {
172 US"from_utf8",
173 US"local_part",
174 US"quote_local_part",
83e029d5 175 US"reverse_ip",
f90d018c 176 US"time_eval",
4e08fd50 177 US"time_interval"
8c5d388a 178#ifdef SUPPORT_I18N
4e08fd50
JH
179 ,US"utf8_domain_from_alabel",
180 US"utf8_domain_to_alabel",
181 US"utf8_localpart_from_alabel",
182 US"utf8_localpart_to_alabel"
183#endif
184 };
059ec3d9
PH
185
186enum {
187 EOP_FROM_UTF8,
188 EOP_LOCAL_PART,
189 EOP_QUOTE_LOCAL_PART,
83e029d5 190 EOP_REVERSE_IP,
f90d018c 191 EOP_TIME_EVAL,
4e08fd50 192 EOP_TIME_INTERVAL
8c5d388a 193#ifdef SUPPORT_I18N
4e08fd50
JH
194 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
195 EOP_UTF8_DOMAIN_TO_ALABEL,
196 EOP_UTF8_LOCALPART_FROM_ALABEL,
197 EOP_UTF8_LOCALPART_TO_ALABEL
198#endif
199 };
059ec3d9
PH
200
201static uschar *op_table_main[] = {
202 US"address",
29f89cad 203 US"addresses",
03ca21f8
JH
204 US"base32",
205 US"base32d",
059ec3d9
PH
206 US"base62",
207 US"base62d",
9aa35e9c
JH
208 US"base64",
209 US"base64d",
059ec3d9
PH
210 US"domain",
211 US"escape",
3367f8c2 212 US"escape8bit",
059ec3d9
PH
213 US"eval",
214 US"eval10",
215 US"expand",
216 US"h",
217 US"hash",
218 US"hex2b64",
c393f931 219 US"hexquote",
fc4a7f70
JH
220 US"ipv6denorm",
221 US"ipv6norm",
059ec3d9
PH
222 US"l",
223 US"lc",
224 US"length",
a64a3dfa
JH
225 US"listcount",
226 US"listnamed",
059ec3d9
PH
227 US"mask",
228 US"md5",
229 US"nh",
230 US"nhash",
231 US"quote",
9e3331ea 232 US"randint",
059ec3d9 233 US"rfc2047",
9c57cbc0 234 US"rfc2047d",
059ec3d9
PH
235 US"rxquote",
236 US"s",
237 US"sha1",
12e9bb25 238 US"sha2",
9ef9101c 239 US"sha256",
6e773413 240 US"sha3",
059ec3d9
PH
241 US"stat",
242 US"str2b64",
243 US"strlen",
244 US"substr",
b9c2e32f
AR
245 US"uc",
246 US"utf8clean" };
059ec3d9
PH
247
248enum {
0539a19d 249 EOP_ADDRESS = nelem(op_table_underscore),
29f89cad 250 EOP_ADDRESSES,
03ca21f8
JH
251 EOP_BASE32,
252 EOP_BASE32D,
059ec3d9
PH
253 EOP_BASE62,
254 EOP_BASE62D,
9aa35e9c
JH
255 EOP_BASE64,
256 EOP_BASE64D,
059ec3d9
PH
257 EOP_DOMAIN,
258 EOP_ESCAPE,
3367f8c2 259 EOP_ESCAPE8BIT,
059ec3d9
PH
260 EOP_EVAL,
261 EOP_EVAL10,
262 EOP_EXPAND,
263 EOP_H,
264 EOP_HASH,
265 EOP_HEX2B64,
c393f931 266 EOP_HEXQUOTE,
fc4a7f70
JH
267 EOP_IPV6DENORM,
268 EOP_IPV6NORM,
059ec3d9
PH
269 EOP_L,
270 EOP_LC,
271 EOP_LENGTH,
a64a3dfa
JH
272 EOP_LISTCOUNT,
273 EOP_LISTNAMED,
059ec3d9
PH
274 EOP_MASK,
275 EOP_MD5,
276 EOP_NH,
277 EOP_NHASH,
278 EOP_QUOTE,
9e3331ea 279 EOP_RANDINT,
059ec3d9 280 EOP_RFC2047,
9c57cbc0 281 EOP_RFC2047D,
059ec3d9
PH
282 EOP_RXQUOTE,
283 EOP_S,
284 EOP_SHA1,
12e9bb25 285 EOP_SHA2,
9ef9101c 286 EOP_SHA256,
6e773413 287 EOP_SHA3,
059ec3d9
PH
288 EOP_STAT,
289 EOP_STR2B64,
290 EOP_STRLEN,
291 EOP_SUBSTR,
b9c2e32f
AR
292 EOP_UC,
293 EOP_UTF8CLEAN };
059ec3d9
PH
294
295
296/* Table of condition names, and corresponding switch numbers. The names must
297be in alphabetical order. */
298
299static uschar *cond_table[] = {
300 US"<",
301 US"<=",
302 US"=",
303 US"==", /* Backward compatibility */
304 US">",
305 US">=",
333eea9c 306 US"acl",
059ec3d9 307 US"and",
f3766eb5 308 US"bool",
6a8de854 309 US"bool_lax",
059ec3d9
PH
310 US"crypteq",
311 US"def",
312 US"eq",
313 US"eqi",
314 US"exists",
315 US"first_delivery",
0ce9abe6 316 US"forall",
7f69e814
JH
317 US"forall_json",
318 US"forall_jsons",
0ce9abe6 319 US"forany",
7f69e814
JH
320 US"forany_json",
321 US"forany_jsons",
059ec3d9
PH
322 US"ge",
323 US"gei",
324 US"gt",
325 US"gti",
76dca828
PP
326 US"inlist",
327 US"inlisti",
059ec3d9
PH
328 US"isip",
329 US"isip4",
330 US"isip6",
331 US"ldapauth",
332 US"le",
333 US"lei",
334 US"lt",
335 US"lti",
336 US"match",
337 US"match_address",
338 US"match_domain",
32d668a5 339 US"match_ip",
059ec3d9
PH
340 US"match_local_part",
341 US"or",
342 US"pam",
343 US"pwcheck",
344 US"queue_running",
345 US"radius",
346 US"saslauthd"
347};
348
349enum {
350 ECOND_NUM_L,
351 ECOND_NUM_LE,
352 ECOND_NUM_E,
353 ECOND_NUM_EE,
354 ECOND_NUM_G,
355 ECOND_NUM_GE,
333eea9c 356 ECOND_ACL,
059ec3d9 357 ECOND_AND,
f3766eb5 358 ECOND_BOOL,
6a8de854 359 ECOND_BOOL_LAX,
059ec3d9
PH
360 ECOND_CRYPTEQ,
361 ECOND_DEF,
362 ECOND_STR_EQ,
363 ECOND_STR_EQI,
364 ECOND_EXISTS,
365 ECOND_FIRST_DELIVERY,
0ce9abe6 366 ECOND_FORALL,
7f69e814
JH
367 ECOND_FORALL_JSON,
368 ECOND_FORALL_JSONS,
0ce9abe6 369 ECOND_FORANY,
7f69e814
JH
370 ECOND_FORANY_JSON,
371 ECOND_FORANY_JSONS,
059ec3d9
PH
372 ECOND_STR_GE,
373 ECOND_STR_GEI,
374 ECOND_STR_GT,
375 ECOND_STR_GTI,
76dca828
PP
376 ECOND_INLIST,
377 ECOND_INLISTI,
059ec3d9
PH
378 ECOND_ISIP,
379 ECOND_ISIP4,
380 ECOND_ISIP6,
381 ECOND_LDAPAUTH,
382 ECOND_STR_LE,
383 ECOND_STR_LEI,
384 ECOND_STR_LT,
385 ECOND_STR_LTI,
386 ECOND_MATCH,
387 ECOND_MATCH_ADDRESS,
388 ECOND_MATCH_DOMAIN,
32d668a5 389 ECOND_MATCH_IP,
059ec3d9
PH
390 ECOND_MATCH_LOCAL_PART,
391 ECOND_OR,
392 ECOND_PAM,
393 ECOND_PWCHECK,
394 ECOND_QUEUE_RUNNING,
395 ECOND_RADIUS,
396 ECOND_SASLAUTHD
397};
398
399
059ec3d9
PH
400/* Types of table entry */
401
7e75538e 402enum vtypes {
059ec3d9
PH
403 vtype_int, /* value is address of int */
404 vtype_filter_int, /* ditto, but recognized only when filtering */
405 vtype_ino, /* value is address of ino_t (not always an int) */
406 vtype_uid, /* value is address of uid_t (not always an int) */
407 vtype_gid, /* value is address of gid_t (not always an int) */
11d7e4fa 408 vtype_bool, /* value is address of bool */
059ec3d9
PH
409 vtype_stringptr, /* value is address of pointer to string */
410 vtype_msgbody, /* as stringptr, but read when first required */
411 vtype_msgbody_end, /* ditto, the end of the message */
ff75a1f7
PH
412 vtype_msgheaders, /* the message's headers, processed */
413 vtype_msgheaders_raw, /* the message's headers, unprocessed */
059ec3d9
PH
414 vtype_localpart, /* extract local part from string */
415 vtype_domain, /* extract domain from string */
362145b5 416 vtype_string_func, /* value is string returned by given function */
059ec3d9
PH
417 vtype_todbsdin, /* value not used; generate BSD inbox tod */
418 vtype_tode, /* value not used; generate tod in epoch format */
f5787926 419 vtype_todel, /* value not used; generate tod in epoch/usec format */
059ec3d9
PH
420 vtype_todf, /* value not used; generate full tod */
421 vtype_todl, /* value not used; generate log tod */
422 vtype_todlf, /* value not used; generate log file datestamp tod */
423 vtype_todzone, /* value not used; generate time zone only */
424 vtype_todzulu, /* value not used; generate zulu tod */
425 vtype_reply, /* value not used; get reply from headers */
426 vtype_pid, /* value not used; result is pid */
427 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH
428 vtype_load_avg, /* value not used; result is int from os_getloadavg */
429 vtype_pspace, /* partition space; value is T/F for spool/log */
9d1c15ef
JH
430 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
431 vtype_cert /* SSL certificate */
80a47a2c
TK
432 #ifndef DISABLE_DKIM
433 ,vtype_dkim /* Lookup of value in DKIM signature */
434 #endif
7e75538e
JH
435};
436
437/* Type for main variable table */
438
439typedef struct {
440 const char *name;
441 enum vtypes type;
442 void *value;
443} var_entry;
444
445/* Type for entries pointing to address/length pairs. Not currently
446in use. */
447
448typedef struct {
449 uschar **address;
450 int *length;
451} alblock;
059ec3d9 452
362145b5 453static uschar * fn_recipients(void);
6d95688d 454typedef uschar * stringptr_fn_t(void);
362145b5 455
059ec3d9
PH
456/* This table must be kept in alphabetical order. */
457
458static var_entry var_table[] = {
38a0a95f
PH
459 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
460 they will be confused with user-creatable ACL variables. */
525239c1
JH
461 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
462 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
463 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
464 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
465 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
466 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
467 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
468 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
469 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
470 { "acl_narg", vtype_int, &acl_narg },
059ec3d9
PH
471 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
472 { "address_data", vtype_stringptr, &deliver_address_data },
473 { "address_file", vtype_stringptr, &address_file },
474 { "address_pipe", vtype_stringptr, &address_pipe },
93c931f8 475#ifdef EXPERIMENTAL_ARC
6d95688d 476 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
ea7b1f16 477 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
93c931f8
JH
478 { "arc_state", vtype_stringptr, &arc_state },
479 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
480#endif
2d07a215 481 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
059ec3d9
PH
482 { "authenticated_id", vtype_stringptr, &authenticated_id },
483 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
484 { "authentication_failed",vtype_int, &authentication_failed },
9e949f00
PP
485#ifdef WITH_CONTENT_SCAN
486 { "av_failed", vtype_int, &av_failed },
487#endif
8523533c
TK
488#ifdef EXPERIMENTAL_BRIGHTMAIL
489 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
490 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
491 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
492 { "bmi_deliver", vtype_int, &bmi_deliver },
493#endif
059ec3d9
PH
494 { "body_linecount", vtype_int, &body_linecount },
495 { "body_zerocount", vtype_int, &body_zerocount },
496 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
497 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
498 { "caller_gid", vtype_gid, &real_gid },
499 { "caller_uid", vtype_uid, &real_uid },
055e2cb4 500 { "callout_address", vtype_stringptr, &callout_address },
059ec3d9
PH
501 { "compile_date", vtype_stringptr, &version_date },
502 { "compile_number", vtype_stringptr, &version_cnumber },
98b8312f
HSHR
503 { "config_dir", vtype_stringptr, &config_main_directory },
504 { "config_file", vtype_stringptr, &config_main_filename },
e5a9dba6 505 { "csa_status", vtype_stringptr, &csa_status },
6a8f9482
TK
506#ifdef EXPERIMENTAL_DCC
507 { "dcc_header", vtype_stringptr, &dcc_header },
508 { "dcc_result", vtype_stringptr, &dcc_result },
509#endif
80a47a2c
TK
510#ifndef DISABLE_DKIM
511 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
512 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
513 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
514 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
515 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
516 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
2df588c9 517 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
e08d09e5 518 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
80a47a2c
TK
519 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
520 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
521 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
522 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
abe1010c 523 { "dkim_key_length", vtype_int, &dkim_key_length },
80a47a2c
TK
524 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
525 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
526 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
527 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
e08d09e5 528 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
9e5d6b55 529 { "dkim_signers", vtype_stringptr, &dkim_signers },
a79d8834
JH
530 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
531 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
e08d09e5 532#endif
1a2e76e1 533#ifdef SUPPORT_DMARC
8c8b8274 534 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
4840604e
TL
535 { "dmarc_status", vtype_stringptr, &dmarc_status },
536 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
537 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
538#endif
059ec3d9 539 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
93655c46 540 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
059ec3d9
PH
541 { "dnslist_text", vtype_stringptr, &dnslist_text },
542 { "dnslist_value", vtype_stringptr, &dnslist_value },
543 { "domain", vtype_stringptr, &deliver_domain },
544 { "domain_data", vtype_stringptr, &deliver_domain_data },
0cbf2b82 545#ifndef DISABLE_EVENT
774ef2d7
JH
546 { "event_data", vtype_stringptr, &event_data },
547
548 /*XXX want to use generic vars for as many of these as possible*/
549 { "event_defer_errno", vtype_int, &event_defer_errno },
550
551 { "event_name", vtype_stringptr, &event_name },
552#endif
059ec3d9
PH
553 { "exim_gid", vtype_gid, &exim_gid },
554 { "exim_path", vtype_stringptr, &exim_path },
555 { "exim_uid", vtype_uid, &exim_uid },
71224040 556 { "exim_version", vtype_stringptr, &version_string },
6d95688d 557 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
059ec3d9
PH
558 { "home", vtype_stringptr, &deliver_home },
559 { "host", vtype_stringptr, &deliver_host },
560 { "host_address", vtype_stringptr, &deliver_host_address },
561 { "host_data", vtype_stringptr, &host_data },
b08b24c8 562 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9 563 { "host_lookup_failed", vtype_int, &host_lookup_failed },
a7538db1 564 { "host_port", vtype_int, &deliver_host_port },
3615fa9a 565 { "initial_cwd", vtype_stringptr, &initial_cwd },
059ec3d9
PH
566 { "inode", vtype_ino, &deliver_inode },
567 { "interface_address", vtype_stringptr, &interface_address },
568 { "interface_port", vtype_int, &interface_port },
0ce9abe6 569 { "item", vtype_stringptr, &iterate_item },
059ec3d9
PH
570 #ifdef LOOKUP_LDAP
571 { "ldap_dn", vtype_stringptr, &eldap_dn },
572 #endif
573 { "load_average", vtype_load_avg, NULL },
574 { "local_part", vtype_stringptr, &deliver_localpart },
575 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
576 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
577 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
9723f966 578#ifdef HAVE_LOCAL_SCAN
059ec3d9 579 { "local_scan_data", vtype_stringptr, &local_scan_data },
9723f966 580#endif
059ec3d9
PH
581 { "local_user_gid", vtype_gid, &local_user_gid },
582 { "local_user_uid", vtype_uid, &local_user_uid },
583 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 584 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 585 { "log_space", vtype_pspace, (void *)FALSE },
4e0983dc 586 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
059ec3d9 587 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK
588#ifdef WITH_CONTENT_SCAN
589 { "malware_name", vtype_stringptr, &malware_name },
590#endif
d677b2f2 591 { "max_received_linelength", vtype_int, &max_received_linelength },
059ec3d9
PH
592 { "message_age", vtype_int, &message_age },
593 { "message_body", vtype_msgbody, &message_body },
594 { "message_body_end", vtype_msgbody_end, &message_body_end },
595 { "message_body_size", vtype_int, &message_body_size },
1ab52c69 596 { "message_exim_id", vtype_stringptr, &message_id },
059ec3d9 597 { "message_headers", vtype_msgheaders, NULL },
ff75a1f7 598 { "message_headers_raw", vtype_msgheaders_raw, NULL },
059ec3d9 599 { "message_id", vtype_stringptr, &message_id },
2e0c1448 600 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 601 { "message_size", vtype_int, &message_size },
8c5d388a 602#ifdef SUPPORT_I18N
eb02f5df
JH
603 { "message_smtputf8", vtype_bool, &message_smtputf8 },
604#endif
8523533c
TK
605#ifdef WITH_CONTENT_SCAN
606 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
607 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
608 { "mime_boundary", vtype_stringptr, &mime_boundary },
609 { "mime_charset", vtype_stringptr, &mime_charset },
610 { "mime_content_description", vtype_stringptr, &mime_content_description },
611 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
612 { "mime_content_id", vtype_stringptr, &mime_content_id },
613 { "mime_content_size", vtype_int, &mime_content_size },
614 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
615 { "mime_content_type", vtype_stringptr, &mime_content_type },
616 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
617 { "mime_filename", vtype_stringptr, &mime_filename },
618 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
619 { "mime_is_multipart", vtype_int, &mime_is_multipart },
620 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
621 { "mime_part_count", vtype_int, &mime_part_count },
622#endif
059ec3d9
PH
623 { "n0", vtype_filter_int, &filter_n[0] },
624 { "n1", vtype_filter_int, &filter_n[1] },
625 { "n2", vtype_filter_int, &filter_n[2] },
626 { "n3", vtype_filter_int, &filter_n[3] },
627 { "n4", vtype_filter_int, &filter_n[4] },
628 { "n5", vtype_filter_int, &filter_n[5] },
629 { "n6", vtype_filter_int, &filter_n[6] },
630 { "n7", vtype_filter_int, &filter_n[7] },
631 { "n8", vtype_filter_int, &filter_n[8] },
632 { "n9", vtype_filter_int, &filter_n[9] },
633 { "original_domain", vtype_stringptr, &deliver_domain_orig },
634 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
635 { "originator_gid", vtype_gid, &originator_gid },
636 { "originator_uid", vtype_uid, &originator_uid },
637 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
638 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
639 { "pid", vtype_pid, NULL },
858e91c2
JH
640#ifndef DISABLE_PRDR
641 { "prdr_requested", vtype_bool, &prdr_requested },
642#endif
059ec3d9 643 { "primary_hostname", vtype_stringptr, &primary_hostname },
e6d2a989
JH
644#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
645 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
646 { "proxy_external_port", vtype_int, &proxy_external_port },
647 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
648 { "proxy_local_port", vtype_int, &proxy_local_port },
a3c86431
TL
649 { "proxy_session", vtype_bool, &proxy_session },
650#endif
fffda43a
TK
651 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
652 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
653 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH
654 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
655 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
0cd5fd23 656 { "queue_name", vtype_stringptr, &queue_name },
059ec3d9
PH
657 { "rcpt_count", vtype_int, &rcpt_count },
658 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
659 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
660 { "received_count", vtype_int, &received_count },
661 { "received_for", vtype_stringptr, &received_for },
194cc0e4
PH
662 { "received_ip_address", vtype_stringptr, &interface_address },
663 { "received_port", vtype_int, &interface_port },
059ec3d9 664 { "received_protocol", vtype_stringptr, &received_protocol },
32dfdf8b 665 { "received_time", vtype_int, &received_time.tv_sec },
059ec3d9 666 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 667 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
6d95688d 668 { "recipients", vtype_string_func, (void *) &fn_recipients },
059ec3d9 669 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK
670#ifdef WITH_CONTENT_SCAN
671 { "regex_match_string", vtype_stringptr, &regex_match_string },
672#endif
059ec3d9
PH
673 { "reply_address", vtype_reply, NULL },
674 { "return_path", vtype_stringptr, &return_path },
675 { "return_size_limit", vtype_int, &bounce_return_size_limit },
181d9bf8 676 { "router_name", vtype_stringptr, &router_name },
059ec3d9
PH
677 { "runrc", vtype_int, &runrc },
678 { "self_hostname", vtype_stringptr, &self_hostname },
679 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 680 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH
681 { "sender_address_domain", vtype_domain, &sender_address },
682 { "sender_address_local_part", vtype_localpart, &sender_address },
683 { "sender_data", vtype_stringptr, &sender_data },
684 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
1705dd20 685 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
059ec3d9
PH
686 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
687 { "sender_host_address", vtype_stringptr, &sender_host_address },
688 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
11d7e4fa 689 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
059ec3d9
PH
690 { "sender_host_name", vtype_host_lookup, NULL },
691 { "sender_host_port", vtype_int, &sender_host_port },
692 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF
693 { "sender_rate", vtype_stringptr, &sender_rate },
694 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
695 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 696 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1 697 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
41c7c167
PH
698 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
699 { "sending_port", vtype_int, &sending_port },
8e669ac1 700 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
3ee512ff
PH
701 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
702 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
6d95688d 703 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
b01dd148 704 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
8f128379 705 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
059ec3d9
PH
706 { "sn0", vtype_filter_int, &filter_sn[0] },
707 { "sn1", vtype_filter_int, &filter_sn[1] },
708 { "sn2", vtype_filter_int, &filter_sn[2] },
709 { "sn3", vtype_filter_int, &filter_sn[3] },
710 { "sn4", vtype_filter_int, &filter_sn[4] },
711 { "sn5", vtype_filter_int, &filter_sn[5] },
712 { "sn6", vtype_filter_int, &filter_sn[6] },
713 { "sn7", vtype_filter_int, &filter_sn[7] },
714 { "sn8", vtype_filter_int, &filter_sn[8] },
715 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c 716#ifdef WITH_CONTENT_SCAN
c5f280e2 717 { "spam_action", vtype_stringptr, &spam_action },
8523533c
TK
718 { "spam_bar", vtype_stringptr, &spam_bar },
719 { "spam_report", vtype_stringptr, &spam_report },
720 { "spam_score", vtype_stringptr, &spam_score },
721 { "spam_score_int", vtype_stringptr, &spam_score_int },
722#endif
7952eef9 723#ifdef SUPPORT_SPF
65a7d8c3 724 { "spf_guess", vtype_stringptr, &spf_guess },
8523533c
TK
725 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
726 { "spf_received", vtype_stringptr, &spf_received },
727 { "spf_result", vtype_stringptr, &spf_result },
87e9d061 728 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
8523533c
TK
729 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
730#endif
059ec3d9 731 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 732 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 733 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK
734#ifdef EXPERIMENTAL_SRS
735 { "srs_db_address", vtype_stringptr, &srs_db_address },
736 { "srs_db_key", vtype_stringptr, &srs_db_key },
737 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
738 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
739 { "srs_recipient", vtype_stringptr, &srs_recipient },
740 { "srs_status", vtype_stringptr, &srs_status },
741#endif
059ec3d9 742 { "thisaddress", vtype_stringptr, &filter_thisaddress },
817d9f57 743
d9b2312b 744 /* The non-(in,out) variables are now deprecated */
817d9f57
JH
745 { "tls_bits", vtype_int, &tls_in.bits },
746 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
747 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
d9b2312b
JH
748
749 { "tls_in_bits", vtype_int, &tls_in.bits },
750 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
751 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
f1be21cf 752 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
44662487 753 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
9d1c15ef
JH
754 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
755 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
d9b2312b 756 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
b10c87b3
JH
757#ifdef EXPERIMENTAL_TLS_RESUME
758 { "tls_in_resumption", vtype_int, &tls_in.resumption },
759#endif
01603eec 760#ifndef DISABLE_TLS
d9b2312b
JH
761 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
762#endif
817d9f57 763 { "tls_out_bits", vtype_int, &tls_out.bits },
cb9d95ae 764 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
817d9f57 765 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
f1be21cf 766 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
c0635b6d 767#ifdef SUPPORT_DANE
594706ea
JH
768 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
769#endif
44662487 770 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
9d1c15ef
JH
771 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
772 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
817d9f57 773 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
b10c87b3
JH
774#ifdef EXPERIMENTAL_TLS_RESUME
775 { "tls_out_resumption", vtype_int, &tls_out.resumption },
776#endif
01603eec 777#ifndef DISABLE_TLS
817d9f57 778 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
7be682ca 779#endif
c0635b6d 780#ifdef SUPPORT_DANE
594706ea
JH
781 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
782#endif
d9b2312b 783
613dd4ae 784 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
01603eec 785#ifndef DISABLE_TLS
613dd4ae
JH
786 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
787#endif
817d9f57 788
059ec3d9
PH
789 { "tod_bsdinbox", vtype_todbsdin, NULL },
790 { "tod_epoch", vtype_tode, NULL },
f5787926 791 { "tod_epoch_l", vtype_todel, NULL },
059ec3d9
PH
792 { "tod_full", vtype_todf, NULL },
793 { "tod_log", vtype_todl, NULL },
794 { "tod_logfile", vtype_todlf, NULL },
795 { "tod_zone", vtype_todzone, NULL },
796 { "tod_zulu", vtype_todzulu, NULL },
181d9bf8 797 { "transport_name", vtype_stringptr, &transport_name },
059ec3d9 798 { "value", vtype_stringptr, &lookup_value },
aec45841 799 { "verify_mode", vtype_stringptr, &verify_mode },
059ec3d9
PH
800 { "version_number", vtype_stringptr, &version_string },
801 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
802 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
803 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
804 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
805 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
806 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
807};
808
0539a19d 809static int var_table_size = nelem(var_table);
059ec3d9
PH
810static uschar var_buffer[256];
811static BOOL malformed_header;
812
813/* For textual hashes */
814
1ba28e2b
PP
815static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
816 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
817 "0123456789";
059ec3d9
PH
818
819enum { HMAC_MD5, HMAC_SHA1 };
820
821/* For numeric hashes */
822
823static unsigned int prime[] = {
824 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
825 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
826 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
827
828/* For printing modes in symbolic form */
829
830static uschar *mtable_normal[] =
831 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
832
833static uschar *mtable_setid[] =
834 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
835
836static uschar *mtable_sticky[] =
837 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
838
bce15b62
JH
839/* flags for find_header() */
840#define FH_EXISTS_ONLY BIT(0)
841#define FH_WANT_RAW BIT(1)
842#define FH_WANT_LIST BIT(2)
059ec3d9
PH
843
844
845/*************************************************
846* Tables for UTF-8 support *
847*************************************************/
848
849/* Table of the number of extra characters, indexed by the first character
850masked with 0x3f. The highest number for a valid UTF-8 character is in fact
8510x3d. */
852
853static uschar utf8_table1[] = {
854 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
855 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
856 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
857 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
858
859/* These are the masks for the data bits in the first byte of a character,
860indexed by the number of additional bytes. */
861
862static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
863
864/* Get the next UTF-8 character, advancing the pointer. */
865
866#define GETUTF8INC(c, ptr) \
867 c = *ptr++; \
868 if ((c & 0xc0) == 0xc0) \
869 { \
870 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
871 int s = 6*a; \
872 c = (c & utf8_table2[a]) << s; \
873 while (a-- > 0) \
874 { \
875 s -= 6; \
876 c |= (*ptr++ & 0x3f) << s; \
877 } \
878 }
879
880
03ca21f8
JH
881
882static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
883
059ec3d9
PH
884/*************************************************
885* Binary chop search on a table *
886*************************************************/
887
888/* This is used for matching expansion items and operators.
889
890Arguments:
891 name the name that is being sought
892 table the table to search
893 table_size the number of items in the table
894
895Returns: the offset in the table, or -1
896*/
897
898static int
899chop_match(uschar *name, uschar **table, int table_size)
900{
901uschar **bot = table;
902uschar **top = table + table_size;
903
904while (top > bot)
905 {
906 uschar **mid = bot + (top - bot)/2;
907 int c = Ustrcmp(name, *mid);
908 if (c == 0) return mid - table;
909 if (c > 0) bot = mid + 1; else top = mid;
910 }
911
912return -1;
913}
914
915
916
917/*************************************************
918* Check a condition string *
919*************************************************/
920
921/* This function is called to expand a string, and test the result for a "true"
922or "false" value. Failure of the expansion yields FALSE; logged unless it was a
be7a5781
JH
923forced fail or lookup defer.
924
925We used to release all store used, but this is not not safe due
926to ${dlfunc } and ${acl }. In any case expand_string_internal()
927is reasonably careful to release what it can.
059ec3d9 928
6a8de854
PP
929The actual false-value tests should be replicated for ECOND_BOOL_LAX.
930
059ec3d9
PH
931Arguments:
932 condition the condition string
933 m1 text to be incorporated in panic error
934 m2 ditto
935
936Returns: TRUE if condition is met, FALSE if not
937*/
938
939BOOL
940expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
941{
942int rc;
059ec3d9
PH
943uschar *ss = expand_string(condition);
944if (ss == NULL)
945 {
8768d548 946 if (!f.expand_string_forcedfail && !f.search_find_defer)
059ec3d9
PH
947 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
948 "for %s %s: %s", condition, m1, m2, expand_string_message);
949 return FALSE;
950 }
951rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
952 strcmpic(ss, US"false") != 0;
059ec3d9
PH
953return rc;
954}
955
956
957
17c76198 958
059ec3d9 959/*************************************************
9e3331ea
TK
960* Pseudo-random number generation *
961*************************************************/
962
963/* Pseudo-random number generation. The result is not "expected" to be
964cryptographically strong but not so weak that someone will shoot themselves
965in the foot using it as a nonce in some email header scheme or whatever
966weirdness they'll twist this into. The result should ideally handle fork().
967
968However, if we're stuck unable to provide this, then we'll fall back to
969appallingly bad randomness.
970
01603eec 971If DISABLE_TLS is not defined then this will not be used except as an emergency
17c76198 972fallback.
9e3331ea
TK
973
974Arguments:
975 max range maximum
976Returns a random number in range [0, max-1]
977*/
978
01603eec 979#ifndef DISABLE_TLS
17c76198
PP
980# define vaguely_random_number vaguely_random_number_fallback
981#endif
9e3331ea 982int
17c76198 983vaguely_random_number(int max)
9e3331ea 984{
01603eec 985#ifndef DISABLE_TLS
17c76198
PP
986# undef vaguely_random_number
987#endif
dca6d121
JH
988static pid_t pid = 0;
989pid_t p2;
9e3331ea 990
dca6d121
JH
991if ((p2 = getpid()) != pid)
992 {
993 if (pid != 0)
9e3331ea 994 {
9e3331ea
TK
995
996#ifdef HAVE_ARC4RANDOM
dca6d121
JH
997 /* cryptographically strong randomness, common on *BSD platforms, not
998 so much elsewhere. Alas. */
999# ifndef NOT_HAVE_ARC4RANDOM_STIR
1000 arc4random_stir();
1001# endif
9e3331ea 1002#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
dca6d121
JH
1003# ifdef HAVE_SRANDOMDEV
1004 /* uses random(4) for seeding */
1005 srandomdev();
1006# else
1007 {
1008 struct timeval tv;
1009 gettimeofday(&tv, NULL);
1010 srandom(tv.tv_sec | tv.tv_usec | getpid());
1011 }
1012# endif
9e3331ea 1013#else
dca6d121 1014 /* Poor randomness and no seeding here */
9e3331ea
TK
1015#endif
1016
9e3331ea 1017 }
dca6d121
JH
1018 pid = p2;
1019 }
9e3331ea
TK
1020
1021#ifdef HAVE_ARC4RANDOM
dca6d121 1022return arc4random() % max;
9e3331ea 1023#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
dca6d121 1024return random() % max;
9e3331ea 1025#else
dca6d121
JH
1026/* This one returns a 16-bit number, definitely not crypto-strong */
1027return random_number(max);
9e3331ea
TK
1028#endif
1029}
1030
17c76198
PP
1031
1032
9e3331ea
TK
1033
1034/*************************************************
059ec3d9
PH
1035* Pick out a name from a string *
1036*************************************************/
1037
1038/* If the name is too long, it is silently truncated.
1039
1040Arguments:
1041 name points to a buffer into which to put the name
1042 max is the length of the buffer
1043 s points to the first alphabetic character of the name
1044 extras chars other than alphanumerics to permit
1045
1046Returns: pointer to the first character after the name
1047
1048Note: The test for *s != 0 in the while loop is necessary because
1049Ustrchr() yields non-NULL if the character is zero (which is not something
1050I expected). */
1051
55414b25
JH
1052static const uschar *
1053read_name(uschar *name, int max, const uschar *s, uschar *extras)
059ec3d9
PH
1054{
1055int ptr = 0;
1056while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1057 {
1058 if (ptr < max-1) name[ptr++] = *s;
1059 s++;
1060 }
1061name[ptr] = 0;
1062return s;
1063}
1064
1065
1066
1067/*************************************************
1068* Pick out the rest of a header name *
1069*************************************************/
1070
1071/* A variable name starting $header_ (or just $h_ for those who like
1072abbreviations) might not be the complete header name because headers can
1073contain any printing characters in their names, except ':'. This function is
1074called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1075on the end, if the name was terminated by white space.
1076
1077Arguments:
1078 name points to a buffer in which the name read so far exists
1079 max is the length of the buffer
1080 s points to the first character after the name so far, i.e. the
1081 first non-alphameric character after $header_xxxxx
1082
1083Returns: a pointer to the first character after the header name
1084*/
1085
55414b25
JH
1086static const uschar *
1087read_header_name(uschar *name, int max, const uschar *s)
059ec3d9
PH
1088{
1089int prelen = Ustrchr(name, '_') - name + 1;
1090int ptr = Ustrlen(name) - prelen;
1091if (ptr > 0) memmove(name, name+prelen, ptr);
1092while (mac_isgraph(*s) && *s != ':')
1093 {
1094 if (ptr < max-1) name[ptr++] = *s;
1095 s++;
1096 }
1097if (*s == ':') s++;
1098name[ptr++] = ':';
1099name[ptr] = 0;
1100return s;
1101}
1102
1103
1104
1105/*************************************************
1106* Pick out a number from a string *
1107*************************************************/
1108
1109/* Arguments:
1110 n points to an integer into which to put the number
1111 s points to the first digit of the number
1112
1113Returns: a pointer to the character after the last digit
1114*/
13559da6
JH
1115/*XXX consider expanding to int_eximarith_t. But the test for
1116"overbig numbers" in 0002 still needs to overflow it. */
059ec3d9
PH
1117
1118static uschar *
1119read_number(int *n, uschar *s)
1120{
1121*n = 0;
1122while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1123return s;
1124}
1125
55414b25
JH
1126static const uschar *
1127read_cnumber(int *n, const uschar *s)
1128{
1129*n = 0;
1130while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1131return s;
1132}
1133
059ec3d9
PH
1134
1135
1136/*************************************************
1137* Extract keyed subfield from a string *
1138*************************************************/
1139
1140/* The yield is in dynamic store; NULL means that the key was not found.
1141
1142Arguments:
1143 key points to the name of the key
1144 s points to the string from which to extract the subfield
1145
1146Returns: NULL if the subfield was not found, or
1147 a pointer to the subfield's data
1148*/
1149
1150static uschar *
8fdf20fd 1151expand_getkeyed(uschar * key, const uschar * s)
059ec3d9
PH
1152{
1153int length = Ustrlen(key);
1154while (isspace(*s)) s++;
1155
1156/* Loop to search for the key */
1157
8fdf20fd 1158while (*s)
059ec3d9
PH
1159 {
1160 int dkeylength;
8fdf20fd
JH
1161 uschar * data;
1162 const uschar * dkey = s;
059ec3d9 1163
8fdf20fd 1164 while (*s && *s != '=' && !isspace(*s)) s++;
059ec3d9
PH
1165 dkeylength = s - dkey;
1166 while (isspace(*s)) s++;
1167 if (*s == '=') while (isspace((*(++s))));
1168
1169 data = string_dequote(&s);
1170 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1171 return data;
1172
1173 while (isspace(*s)) s++;
1174 }
1175
1176return NULL;
1177}
1178
1179
1180
9d1c15ef
JH
1181static var_entry *
1182find_var_ent(uschar * name)
1183{
1184int first = 0;
1185int last = var_table_size;
1186
1187while (last > first)
1188 {
1189 int middle = (first + last)/2;
1190 int c = Ustrcmp(name, var_table[middle].name);
1191
1192 if (c > 0) { first = middle + 1; continue; }
1193 if (c < 0) { last = middle; continue; }
1194 return &var_table[middle];
1195 }
1196return NULL;
1197}
059ec3d9
PH
1198
1199/*************************************************
1200* Extract numbered subfield from string *
1201*************************************************/
1202
1203/* Extracts a numbered field from a string that is divided by tokens - for
1204example a line from /etc/passwd is divided by colon characters. First field is
1205numbered one. Negative arguments count from the right. Zero returns the whole
1206string. Returns NULL if there are insufficient tokens in the string
1207
1208***WARNING***
1209Modifies final argument - this is a dynamically generated string, so that's OK.
1210
1211Arguments:
1212 field number of field to be extracted,
1213 first field = 1, whole string = 0, last field = -1
1214 separators characters that are used to break string into tokens
1215 s points to the string from which to extract the subfield
1216
1217Returns: NULL if the field was not found,
1218 a pointer to the field's data inside s (modified to add 0)
1219*/
1220
1221static uschar *
1222expand_gettokened (int field, uschar *separators, uschar *s)
1223{
1224int sep = 1;
1225int count;
1226uschar *ss = s;
1227uschar *fieldtext = NULL;
1228
1229if (field == 0) return s;
1230
1231/* Break the line up into fields in place; for field > 0 we stop when we have
1232done the number of fields we want. For field < 0 we continue till the end of
1233the string, counting the number of fields. */
1234
1235count = (field > 0)? field : INT_MAX;
1236
1237while (count-- > 0)
1238 {
1239 size_t len;
1240
1241 /* Previous field was the last one in the string. For a positive field
1242 number, this means there are not enough fields. For a negative field number,
1243 check that there are enough, and scan back to find the one that is wanted. */
1244
1245 if (sep == 0)
1246 {
1247 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1248 if ((-field) == (INT_MAX - count - 1)) return s;
1249 while (field++ < 0)
1250 {
1251 ss--;
1252 while (ss[-1] != 0) ss--;
1253 }
1254 fieldtext = ss;
1255 break;
1256 }
1257
1258 /* Previous field was not last in the string; save its start and put a
1259 zero at its end. */
1260
1261 fieldtext = ss;
1262 len = Ustrcspn(ss, separators);
1263 sep = ss[len];
1264 ss[len] = 0;
1265 ss += len + 1;
1266 }
1267
1268return fieldtext;
1269}
1270
1271
aa26e137 1272static uschar *
55414b25 1273expand_getlistele(int field, const uschar * list)
aa26e137 1274{
8fdf20fd
JH
1275const uschar * tlist = list;
1276int sep = 0;
aa26e137
JH
1277uschar dummy;
1278
8fdf20fd 1279if (field < 0)
0f0c8159 1280 {
8fdf20fd
JH
1281 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1282 sep = 0;
0f0c8159 1283 }
8fdf20fd
JH
1284if (field == 0) return NULL;
1285while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
aa26e137
JH
1286return string_nextinlist(&list, &sep, NULL, 0);
1287}
059ec3d9 1288
9d1c15ef
JH
1289
1290/* Certificate fields, by name. Worry about by-OID later */
9e4dddbd 1291/* Names are chosen to not have common prefixes */
9d1c15ef 1292
01603eec 1293#ifndef DISABLE_TLS
9d1c15ef
JH
1294typedef struct
1295{
1296uschar * name;
9e4dddbd
JH
1297int namelen;
1298uschar * (*getfn)(void * cert, uschar * mod);
9d1c15ef
JH
1299} certfield;
1300static certfield certfields[] =
1301{ /* linear search; no special order */
9e4dddbd
JH
1302 { US"version", 7, &tls_cert_version },
1303 { US"serial_number", 13, &tls_cert_serial_number },
1304 { US"subject", 7, &tls_cert_subject },
1305 { US"notbefore", 9, &tls_cert_not_before },
1306 { US"notafter", 8, &tls_cert_not_after },
1307 { US"issuer", 6, &tls_cert_issuer },
1308 { US"signature", 9, &tls_cert_signature },
1309 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1310 { US"subj_altname", 12, &tls_cert_subject_altname },
1311 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1312 { US"crl_uri", 7, &tls_cert_crl_uri },
9d1c15ef
JH
1313};
1314
1315static uschar *
1316expand_getcertele(uschar * field, uschar * certvar)
1317{
1318var_entry * vp;
9d1c15ef
JH
1319
1320if (!(vp = find_var_ent(certvar)))
1321 {
94431adb 1322 expand_string_message =
9d1c15ef
JH
1323 string_sprintf("no variable named \"%s\"", certvar);
1324 return NULL; /* Unknown variable name */
1325 }
1326/* NB this stops us passing certs around in variable. Might
1327want to do that in future */
1328if (vp->type != vtype_cert)
1329 {
94431adb 1330 expand_string_message =
9d1c15ef
JH
1331 string_sprintf("\"%s\" is not a certificate", certvar);
1332 return NULL; /* Unknown variable name */
1333 }
1334if (!*(void **)vp->value)
1335 return NULL;
1336
1337if (*field >= '0' && *field <= '9')
1338 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1339
d7978c0f
JH
1340for (certfield * cp = certfields;
1341 cp < certfields + nelem(certfields);
1342 cp++)
9e4dddbd
JH
1343 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1344 {
1345 uschar * modifier = *(field += cp->namelen) == ','
1346 ? ++field : NULL;
1347 return (*cp->getfn)( *(void **)vp->value, modifier );
1348 }
9d1c15ef 1349
94431adb 1350expand_string_message =
9d1c15ef
JH
1351 string_sprintf("bad field selector \"%s\" for certextract", field);
1352return NULL;
1353}
01603eec 1354#endif /*DISABLE_TLS*/
9d1c15ef 1355
059ec3d9
PH
1356/*************************************************
1357* Extract a substring from a string *
1358*************************************************/
1359
1360/* Perform the ${substr or ${length expansion operations.
1361
1362Arguments:
1363 subject the input string
1364 value1 the offset from the start of the input string to the start of
1365 the output string; if negative, count from the right.
1366 value2 the length of the output string, or negative (-1) for unset
1367 if value1 is positive, unset means "all after"
1368 if value1 is negative, unset means "all before"
1369 len set to the length of the returned string
1370
1371Returns: pointer to the output string, or NULL if there is an error
1372*/
1373
1374static uschar *
1375extract_substr(uschar *subject, int value1, int value2, int *len)
1376{
1377int sublen = Ustrlen(subject);
1378
1379if (value1 < 0) /* count from right */
1380 {
1381 value1 += sublen;
1382
1383 /* If the position is before the start, skip to the start, and adjust the
1384 length. If the length ends up negative, the substring is null because nothing
1385 can precede. This falls out naturally when the length is unset, meaning "all
1386 to the left". */
1387
1388 if (value1 < 0)
1389 {
1390 value2 += value1;
1391 if (value2 < 0) value2 = 0;
1392 value1 = 0;
1393 }
1394
1395 /* Otherwise an unset length => characters before value1 */
1396
1397 else if (value2 < 0)
1398 {
1399 value2 = value1;
1400 value1 = 0;
1401 }
1402 }
1403
1404/* For a non-negative offset, if the starting position is past the end of the
1405string, the result will be the null string. Otherwise, an unset length means
1406"rest"; just set it to the maximum - it will be cut down below if necessary. */
1407
1408else
1409 {
1410 if (value1 > sublen)
1411 {
1412 value1 = sublen;
1413 value2 = 0;
1414 }
1415 else if (value2 < 0) value2 = sublen;
1416 }
1417
1418/* Cut the length down to the maximum possible for the offset value, and get
1419the required characters. */
1420
1421if (value1 + value2 > sublen) value2 = sublen - value1;
1422*len = value2;
1423return subject + value1;
1424}
1425
1426
1427
1428
1429/*************************************************
1430* Old-style hash of a string *
1431*************************************************/
1432
1433/* Perform the ${hash expansion operation.
1434
1435Arguments:
1436 subject the input string (an expanded substring)
1437 value1 the length of the output string; if greater or equal to the
1438 length of the input string, the input string is returned
1439 value2 the number of hash characters to use, or 26 if negative
1440 len set to the length of the returned string
1441
1442Returns: pointer to the output string, or NULL if there is an error
1443*/
1444
1445static uschar *
1446compute_hash(uschar *subject, int value1, int value2, int *len)
1447{
1448int sublen = Ustrlen(subject);
1449
1450if (value2 < 0) value2 = 26;
1451else if (value2 > Ustrlen(hashcodes))
1452 {
1453 expand_string_message =
1454 string_sprintf("hash count \"%d\" too big", value2);
1455 return NULL;
1456 }
1457
1458/* Calculate the hash text. We know it is shorter than the original string, so
1459can safely place it in subject[] (we know that subject is always itself an
1460expanded substring). */
1461
1462if (value1 < sublen)
1463 {
1464 int c;
1465 int i = 0;
1466 int j = value1;
1467 while ((c = (subject[j])) != 0)
1468 {
1469 int shift = (c + j++) & 7;
1470 subject[i] ^= (c << shift) | (c >> (8-shift));
1471 if (++i >= value1) i = 0;
1472 }
1473 for (i = 0; i < value1; i++)
1474 subject[i] = hashcodes[(subject[i]) % value2];
1475 }
1476else value1 = sublen;
1477
1478*len = value1;
1479return subject;
1480}
1481
1482
1483
1484
1485/*************************************************
1486* Numeric hash of a string *
1487*************************************************/
1488
1489/* Perform the ${nhash expansion operation. The first characters of the
1490string are treated as most important, and get the highest prime numbers.
1491
1492Arguments:
1493 subject the input string
1494 value1 the maximum value of the first part of the result
1495 value2 the maximum value of the second part of the result,
1496 or negative to produce only a one-part result
1497 len set to the length of the returned string
1498
1499Returns: pointer to the output string, or NULL if there is an error.
1500*/
1501
1502static uschar *
1503compute_nhash (uschar *subject, int value1, int value2, int *len)
1504{
1505uschar *s = subject;
1506int i = 0;
1507unsigned long int total = 0; /* no overflow */
1508
1509while (*s != 0)
1510 {
0539a19d 1511 if (i == 0) i = nelem(prime) - 1;
059ec3d9
PH
1512 total += prime[i--] * (unsigned int)(*s++);
1513 }
1514
1515/* If value2 is unset, just compute one number */
1516
1517if (value2 < 0)
bb07bcd3 1518 s = string_sprintf("%lu", total % value1);
059ec3d9
PH
1519
1520/* Otherwise do a div/mod hash */
1521
1522else
1523 {
1524 total = total % (value1 * value2);
bb07bcd3 1525 s = string_sprintf("%lu/%lu", total/value2, total % value2);
059ec3d9
PH
1526 }
1527
1528*len = Ustrlen(s);
1529return s;
1530}
1531
1532
1533
1534
1535
1536/*************************************************
1537* Find the value of a header or headers *
1538*************************************************/
1539
1540/* Multiple instances of the same header get concatenated, and this function
1541can also return a concatenation of all the header lines. When concatenating
1542specific headers that contain lists of addresses, a comma is inserted between
1543them. Otherwise we use a straight concatenation. Because some messages can have
1544pathologically large number of lines, there is a limit on the length that is
5d26aacd 1545returned.
059ec3d9
PH
1546
1547Arguments:
1548 name the name of the header, without the leading $header_ or $h_,
1549 or NULL if a concatenation of all headers is required
059ec3d9
PH
1550 newsize return the size of memory block that was obtained; may be NULL
1551 if exists_only is TRUE
bce15b62
JH
1552 flags FH_EXISTS_ONLY
1553 set if called from a def: test; don't need to build a string;
1554 just return a string that is not "" and not "0" if the header
1555 exists
1556 FH_WANT_RAW
5d26aacd 1557 set if called for $rh_ or $rheader_ items; no processing,
bce15b62
JH
1558 other than concatenating, will be done on the header. Also used
1559 for $message_headers_raw.
1560 FH_WANT_LIST
1561 Double colon chars in the content, and replace newline with
1562 colon between each element when concatenating; returning a
1563 colon-sep list (elements might contain newlines)
059ec3d9
PH
1564 charset name of charset to translate MIME words to; used only if
1565 want_raw is false; if NULL, no translation is done (this is
1566 used for $bh_ and $bheader_)
1567
1568Returns: NULL if the header does not exist, else a pointer to a new
1569 store block
1570*/
1571
1572static uschar *
bce15b62 1573find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
059ec3d9 1574{
bce15b62
JH
1575BOOL found = !name;
1576int len = name ? Ustrlen(name) : 0;
1577BOOL comma = FALSE;
bce15b62 1578gstring * g = NULL;
059ec3d9 1579
d7978c0f 1580for (header_line * h = header_list; h; h = h->next)
bce15b62
JH
1581 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1582 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1583 {
1584 uschar * s, * t;
1585 size_t inc;
fd700877 1586
bce15b62
JH
1587 if (flags & FH_EXISTS_ONLY)
1588 return US"1"; /* don't need actual string */
fd700877 1589
bce15b62
JH
1590 found = TRUE;
1591 s = h->text + len; /* text to insert */
1592 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1593 while (isspace(*s)) s++; /* remove leading white space */
1594 t = h->text + h->slen; /* end-point */
059ec3d9 1595
bce15b62
JH
1596 /* Unless wanted raw, remove trailing whitespace, including the
1597 newline. */
059ec3d9 1598
bce15b62
JH
1599 if (flags & FH_WANT_LIST)
1600 while (t > s && t[-1] == '\n') t--;
1601 else if (!(flags & FH_WANT_RAW))
1602 {
1603 while (t > s && isspace(t[-1])) t--;
059ec3d9 1604
bce15b62
JH
1605 /* Set comma if handling a single header and it's one of those
1606 that contains an address list, except when asked for raw headers. Only
1607 need to do this once. */
059ec3d9 1608
bce15b62
JH
1609 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1610 }
059ec3d9 1611
bce15b62
JH
1612 /* Trim the header roughly if we're approaching limits */
1613 inc = t - s;
1614 if ((g ? g->ptr : 0) + inc > header_insert_maxlen)
1615 inc = header_insert_maxlen - (g ? g->ptr : 0);
1616
1617 /* For raw just copy the data; for a list, add the data as a colon-sep
1618 list-element; for comma-list add as an unchecked comma,newline sep
1619 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1620 stripped trailing WS above including the newline). We ignore the potential
1621 expansion due to colon-doubling, just leaving the loop if the limit is met
1622 or exceeded. */
1623
1624 if (flags & FH_WANT_LIST)
1625 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1626 else if (flags & FH_WANT_RAW)
1627 {
1628 g = string_catn(g, s, (unsigned)inc);
1629 (void) string_from_gstring(g);
1630 }
1631 else if (inc > 0)
1632 if (comma)
1633 g = string_append2_listele_n(g, US",\n", s, (unsigned)inc);
1634 else
1635 g = string_append2_listele_n(g, US"\n", s, (unsigned)inc);
059ec3d9 1636
bce15b62
JH
1637 if (g && g->ptr >= header_insert_maxlen) break;
1638 }
059ec3d9 1639
bce15b62
JH
1640if (!found) return NULL; /* No header found */
1641if (!g) return US"";
059ec3d9 1642
059ec3d9
PH
1643/* That's all we do for raw header expansion. */
1644
bce15b62
JH
1645*newsize = g->size;
1646if (flags & FH_WANT_RAW)
1647 return g->s;
059ec3d9 1648
bce15b62
JH
1649/* Otherwise do RFC 2047 decoding, translating the charset if requested.
1650The rfc2047_decode2() function can return an error with decoded data if the
1651charset translation fails. If decoding fails, it returns NULL. */
059ec3d9
PH
1652
1653else
1654 {
1655 uschar *decoded, *error;
bce15b62
JH
1656
1657 decoded = rfc2047_decode2(g->s, check_rfc2047_length, charset, '?', NULL,
a0d6ba8a 1658 newsize, &error);
bce15b62 1659 if (error)
059ec3d9
PH
1660 {
1661 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
bce15b62 1662 " input was: %s\n", error, g->s);
059ec3d9 1663 }
bce15b62 1664 return decoded ? decoded : g->s;
059ec3d9 1665 }
059ec3d9
PH
1666}
1667
1668
1669
1670
c8599aad 1671/* Append a "local" element to an Authentication-Results: header
40394cc1
JH
1672if this was a non-smtp message.
1673*/
1674
1675static gstring *
1676authres_local(gstring * g, const uschar * sysname)
1677{
8768d548 1678if (!f.authentication_local)
40394cc1
JH
1679 return g;
1680g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1681if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1682return g;
1683}
1684
1685
c8599aad 1686/* Append an "iprev" element to an Authentication-Results: header
dfbcb5ac
JH
1687if we have attempted to get the calling host's name.
1688*/
1689
1690static gstring *
1691authres_iprev(gstring * g)
1692{
1693if (sender_host_name)
61e3f250
JH
1694 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1695else if (host_lookup_deferred)
1696 g = string_catn(g, US";\n\tiprev=temperror", 19);
1697else if (host_lookup_failed)
1698 g = string_catn(g, US";\n\tiprev=fail", 13);
0a682b6c 1699else
61e3f250
JH
1700 return g;
1701
1702if (sender_host_address)
99efa4cf 1703 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
dfbcb5ac
JH
1704return g;
1705}
1706
1707
1708
059ec3d9 1709/*************************************************
362145b5
JH
1710* Return list of recipients *
1711*************************************************/
1712/* A recipients list is available only during system message filtering,
1713during ACL processing after DATA, and while expanding pipe commands
1714generated from a system filter, but not elsewhere. */
1715
1716static uschar *
1717fn_recipients(void)
1718{
bce15b62 1719uschar * s;
acec9514 1720gstring * g = NULL;
acec9514 1721
8768d548 1722if (!f.enable_dollar_recipients) return NULL;
acec9514 1723
d7978c0f 1724for (int i = 0; i < recipients_count; i++)
362145b5 1725 {
bce15b62
JH
1726 s = recipients_list[i].address;
1727 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
362145b5 1728 }
bce15b62 1729return g ? g->s : NULL;
362145b5
JH
1730}
1731
1732
1733/*************************************************
059ec3d9
PH
1734* Find value of a variable *
1735*************************************************/
1736
1737/* The table of variables is kept in alphabetic order, so we can search it
1738using a binary chop. The "choplen" variable is nothing to do with the binary
1739chop.
1740
1741Arguments:
1742 name the name of the variable being sought
1743 exists_only TRUE if this is a def: test; passed on to find_header()
1744 skipping TRUE => skip any processing evaluation; this is not the same as
1745 exists_only because def: may test for values that are first
1746 evaluated here
1747 newsize pointer to an int which is initially zero; if the answer is in
1748 a new memory buffer, *newsize is set to its size
1749
1750Returns: NULL if the variable does not exist, or
1751 a pointer to the variable's contents, or
1752 something non-NULL if exists_only is TRUE
1753*/
1754
1755static uschar *
1756find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1757{
9d1c15ef
JH
1758var_entry * vp;
1759uschar *s, *domain;
1760uschar **ss;
1761void * val;
059ec3d9 1762
38a0a95f
PH
1763/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1764Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1765release 4.64 onwards arbitrary names are permitted, as long as the first 5
641cb756
PH
1766characters are acl_c or acl_m and the sixth is either a digit or an underscore
1767(this gave backwards compatibility at the changeover). There may be built-in
1768variables whose names start acl_ but they should never start in this way. This
1769slightly messy specification is a consequence of the history, needless to say.
47ca6d6c 1770
38a0a95f
PH
1771If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1772set, in which case give an error. */
47ca6d6c 1773
641cb756
PH
1774if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1775 !isalpha(name[5]))
38a0a95f 1776 {
fa7b17bd
JH
1777 tree_node * node =
1778 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1779 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1780 }
1781else if (Ustrncmp(name, "r_", 2) == 0)
1782 {
1783 tree_node * node = tree_search(router_var, name + 2);
63df3f26 1784 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
47ca6d6c
PH
1785 }
1786
38a0a95f 1787/* Handle $auth<n> variables. */
f78eb7c6
PH
1788
1789if (Ustrncmp(name, "auth", 4) == 0)
1790 {
1791 uschar *endptr;
1792 int n = Ustrtoul(name + 4, &endptr, 10);
1793 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
f38917cc
JH
1794 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1795 }
1796else if (Ustrncmp(name, "regex", 5) == 0)
1797 {
1798 uschar *endptr;
1799 int n = Ustrtoul(name + 5, &endptr, 10);
1800 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1801 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
f78eb7c6
PH
1802 }
1803
47ca6d6c
PH
1804/* For all other variables, search the table */
1805
9d1c15ef
JH
1806if (!(vp = find_var_ent(name)))
1807 return NULL; /* Unknown variable name */
059ec3d9 1808
9d1c15ef
JH
1809/* Found an existing variable. If in skipping state, the value isn't needed,
1810and we want to avoid processing (such as looking up the host name). */
059ec3d9 1811
9d1c15ef
JH
1812if (skipping)
1813 return US"";
059ec3d9 1814
9d1c15ef
JH
1815val = vp->value;
1816switch (vp->type)
1817 {
1818 case vtype_filter_int:
8768d548 1819 if (!f.filter_running) return NULL;
63df3f26
JH
1820 /* Fall through */
1821 /* VVVVVVVVVVVV */
9d1c15ef 1822 case vtype_int:
63df3f26
JH
1823 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1824 return var_buffer;
9d1c15ef
JH
1825
1826 case vtype_ino:
63df3f26
JH
1827 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1828 return var_buffer;
9d1c15ef
JH
1829
1830 case vtype_gid:
63df3f26
JH
1831 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1832 return var_buffer;
9d1c15ef
JH
1833
1834 case vtype_uid:
63df3f26
JH
1835 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1836 return var_buffer;
9d1c15ef
JH
1837
1838 case vtype_bool:
63df3f26
JH
1839 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1840 return var_buffer;
9d1c15ef
JH
1841
1842 case vtype_stringptr: /* Pointer to string */
63df3f26 1843 return (s = *((uschar **)(val))) ? s : US"";
9d1c15ef
JH
1844
1845 case vtype_pid:
63df3f26
JH
1846 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1847 return var_buffer;
9d1c15ef
JH
1848
1849 case vtype_load_avg:
63df3f26
JH
1850 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1851 return var_buffer;
9d1c15ef
JH
1852
1853 case vtype_host_lookup: /* Lookup if not done so */
2d0dc929
JH
1854 if ( !sender_host_name && sender_host_address
1855 && !host_lookup_failed && host_name_lookup() == OK)
63df3f26 1856 host_build_sender_fullhost();
2d0dc929 1857 return sender_host_name ? sender_host_name : US"";
9d1c15ef
JH
1858
1859 case vtype_localpart: /* Get local part from address */
f3ebb786
JH
1860 if (!(s = *((uschar **)(val)))) return US"";
1861 if (!(domain = Ustrrchr(s, '@'))) return s;
63df3f26
JH
1862 if (domain - s > sizeof(var_buffer) - 1)
1863 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1864 " in string expansion", sizeof(var_buffer));
f3ebb786 1865 return string_copyn(s, domain - s);
9d1c15ef
JH
1866
1867 case vtype_domain: /* Get domain from address */
f3ebb786 1868 if (!(s = *((uschar **)(val)))) return US"";
63df3f26 1869 domain = Ustrrchr(s, '@');
f3ebb786 1870 return domain ? domain + 1 : US"";
9d1c15ef
JH
1871
1872 case vtype_msgheaders:
bce15b62 1873 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
9d1c15ef
JH
1874
1875 case vtype_msgheaders_raw:
bce15b62
JH
1876 return find_header(NULL, newsize,
1877 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
9d1c15ef
JH
1878
1879 case vtype_msgbody: /* Pointer to msgbody string */
1880 case vtype_msgbody_end: /* Ditto, the end of the msg */
63df3f26 1881 ss = (uschar **)(val);
d315eda1 1882 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
059ec3d9 1883 {
63df3f26
JH
1884 uschar *body;
1885 off_t start_offset = SPOOL_DATA_START_OFFSET;
1886 int len = message_body_visible;
1887 if (len > message_size) len = message_size;
1888 *ss = body = store_malloc(len+1);
1889 body[0] = 0;
1890 if (vp->type == vtype_msgbody_end)
9d1c15ef 1891 {
63df3f26
JH
1892 struct stat statbuf;
1893 if (fstat(deliver_datafile, &statbuf) == 0)
1894 {
1895 start_offset = statbuf.st_size - len;
1896 if (start_offset < SPOOL_DATA_START_OFFSET)
1897 start_offset = SPOOL_DATA_START_OFFSET;
1898 }
9d1c15ef 1899 }
d4ff61d1
JH
1900 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1901 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1902 strerror(errno));
63df3f26
JH
1903 len = read(deliver_datafile, body, len);
1904 if (len > 0)
9d1c15ef 1905 {
63df3f26
JH
1906 body[len] = 0;
1907 if (message_body_newlines) /* Separate loops for efficiency */
1908 while (len > 0)
1909 { if (body[--len] == 0) body[len] = ' '; }
1910 else
1911 while (len > 0)
1912 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
9d1c15ef 1913 }
059ec3d9 1914 }
d315eda1 1915 return *ss ? *ss : US"";
059ec3d9 1916
9d1c15ef 1917 case vtype_todbsdin: /* BSD inbox time of day */
63df3f26 1918 return tod_stamp(tod_bsdin);
059ec3d9 1919
9d1c15ef 1920 case vtype_tode: /* Unix epoch time of day */
63df3f26 1921 return tod_stamp(tod_epoch);
059ec3d9 1922
9d1c15ef 1923 case vtype_todel: /* Unix epoch/usec time of day */
63df3f26 1924 return tod_stamp(tod_epoch_l);
f5787926 1925
9d1c15ef 1926 case vtype_todf: /* Full time of day */
63df3f26 1927 return tod_stamp(tod_full);
059ec3d9 1928
9d1c15ef 1929 case vtype_todl: /* Log format time of day */
63df3f26 1930 return tod_stamp(tod_log_bare); /* (without timezone) */
059ec3d9 1931
9d1c15ef 1932 case vtype_todzone: /* Time zone offset only */
63df3f26 1933 return tod_stamp(tod_zone);
059ec3d9 1934
9d1c15ef 1935 case vtype_todzulu: /* Zulu time */
63df3f26 1936 return tod_stamp(tod_zulu);
059ec3d9 1937
9d1c15ef 1938 case vtype_todlf: /* Log file datestamp tod */
63df3f26 1939 return tod_stamp(tod_log_datestamp_daily);
059ec3d9 1940
9d1c15ef 1941 case vtype_reply: /* Get reply address */
bce15b62
JH
1942 s = find_header(US"reply-to:", newsize,
1943 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1944 headers_charset);
9cffa436
JH
1945 if (s) while (isspace(*s)) s++;
1946 if (!s || !*s)
63df3f26
JH
1947 {
1948 *newsize = 0; /* For the *s==0 case */
bce15b62
JH
1949 s = find_header(US"from:", newsize,
1950 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1951 headers_charset);
63df3f26 1952 }
9cffa436 1953 if (s)
63df3f26
JH
1954 {
1955 uschar *t;
1956 while (isspace(*s)) s++;
1957 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1958 while (t > s && isspace(t[-1])) t--;
1959 *t = 0;
1960 }
9cffa436 1961 return s ? s : US"";
059ec3d9 1962
9d1c15ef
JH
1963 case vtype_string_func:
1964 {
6d95688d 1965 stringptr_fn_t * fn = (stringptr_fn_t *) val;
9d1c15ef
JH
1966 return fn();
1967 }
8e669ac1 1968
9d1c15ef
JH
1969 case vtype_pspace:
1970 {
1971 int inodes;
8c513105 1972 sprintf(CS var_buffer, PR_EXIM_ARITH,
9d1c15ef
JH
1973 receive_statvfs(val == (void *)TRUE, &inodes));
1974 }
1975 return var_buffer;
8e669ac1 1976
9d1c15ef
JH
1977 case vtype_pinodes:
1978 {
1979 int inodes;
1980 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1981 sprintf(CS var_buffer, "%d", inodes);
1982 }
1983 return var_buffer;
80a47a2c 1984
9d1c15ef 1985 case vtype_cert:
63df3f26 1986 return *(void **)val ? US"<cert>" : US"";
80a47a2c 1987
63df3f26 1988#ifndef DISABLE_DKIM
9d1c15ef 1989 case vtype_dkim:
63df3f26
JH
1990 return dkim_exim_expand_query((int)(long)val);
1991#endif
059ec3d9 1992
9d1c15ef 1993 }
6c08476d
LM
1994
1995return NULL; /* Unknown variable. Silences static checkers. */
059ec3d9
PH
1996}
1997
1998
1999
2000
d9b2312b
JH
2001void
2002modify_variable(uschar *name, void * value)
2003{
9d1c15ef
JH
2004var_entry * vp;
2005if ((vp = find_var_ent(name))) vp->value = value;
d9b2312b
JH
2006return; /* Unknown variable name, fail silently */
2007}
2008
2009
2010
2011
2012
cf0812d5 2013
059ec3d9
PH
2014/*************************************************
2015* Read and expand substrings *
2016*************************************************/
2017
2018/* This function is called to read and expand argument substrings for various
2019expansion items. Some have a minimum requirement that is less than the maximum;
2020in these cases, the first non-present one is set to NULL.
2021
2022Arguments:
2023 sub points to vector of pointers to set
2024 n maximum number of substrings
2025 m minimum required
2026 sptr points to current string pointer
2027 skipping the skipping flag
2028 check_end if TRUE, check for final '}'
2029 name name of item, for error message
b0e85a8f
JH
2030 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2031 the store.
059ec3d9
PH
2032
2033Returns: 0 OK; string pointer updated
2034 1 curly bracketing error (too few arguments)
2035 2 too many arguments (only if check_end is set); message set
2036 3 other error (expansion failure)
2037*/
2038
2039static int
55414b25 2040read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
b0e85a8f 2041 BOOL check_end, uschar *name, BOOL *resetok)
059ec3d9 2042{
55414b25 2043const uschar *s = *sptr;
059ec3d9
PH
2044
2045while (isspace(*s)) s++;
d7978c0f 2046for (int i = 0; i < n; i++)
059ec3d9
PH
2047 {
2048 if (*s != '{')
2049 {
e47376be
JH
2050 if (i < m)
2051 {
2052 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2053 "(min is %d)", name, m);
2054 return 1;
2055 }
059ec3d9
PH
2056 sub[i] = NULL;
2057 break;
2058 }
e47376be
JH
2059 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2060 return 3;
059ec3d9
PH
2061 if (*s++ != '}') return 1;
2062 while (isspace(*s)) s++;
2063 }
2064if (check_end && *s++ != '}')
2065 {
2066 if (s[-1] == '{')
2067 {
e47376be 2068 expand_string_message = string_sprintf("Too many arguments for '%s' "
059ec3d9
PH
2069 "(max is %d)", name, n);
2070 return 2;
2071 }
e47376be 2072 expand_string_message = string_sprintf("missing '}' after '%s'", name);
059ec3d9
PH
2073 return 1;
2074 }
2075
2076*sptr = s;
2077return 0;
2078}
2079
2080
2081
2082
2083/*************************************************
641cb756
PH
2084* Elaborate message for bad variable *
2085*************************************************/
2086
2087/* For the "unknown variable" message, take a look at the variable's name, and
2088give additional information about possible ACL variables. The extra information
2089is added on to expand_string_message.
2090
2091Argument: the name of the variable
2092Returns: nothing
2093*/
2094
2095static void
2096check_variable_error_message(uschar *name)
2097{
2098if (Ustrncmp(name, "acl_", 4) == 0)
2099 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2100 (name[4] == 'c' || name[4] == 'm')?
2101 (isalpha(name[5])?
2102 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2103 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2104 ) :
2105 US"user-defined ACL variables must start acl_c or acl_m");
2106}
2107
2108
2109
f60d98e8
JH
2110/*
2111Load args from sub array to globals, and call acl_check().
ef21c07d 2112Sub array will be corrupted on return.
f60d98e8
JH
2113
2114Returns: OK access is granted by an ACCEPT verb
6e3b198d 2115 DISCARD access is (apparently) granted by a DISCARD verb
f60d98e8
JH
2116 FAIL access is denied
2117 FAIL_DROP access is denied; drop the connection
2118 DEFER can't tell at the moment
2119 ERROR disaster
2120*/
2121static int
2122eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2123{
2124int i;
ef21c07d
JH
2125int sav_narg = acl_narg;
2126int ret;
93a6fce2 2127uschar * dummy_logmsg;
faa05a93 2128extern int acl_where;
f60d98e8 2129
0539a19d 2130if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
ef21c07d
JH
2131for (i = 0; i < nsub && sub[i+1]; i++)
2132 {
93a6fce2 2133 uschar * tmp = acl_arg[i];
ef21c07d
JH
2134 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2135 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2136 }
2137acl_narg = i;
bef3ea7f 2138while (i < nsub)
ef21c07d
JH
2139 {
2140 sub[i+1] = acl_arg[i];
2141 acl_arg[i++] = NULL;
2142 }
f60d98e8
JH
2143
2144DEBUG(D_expand)
e1d04f48 2145 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
f60d98e8 2146 sub[0],
60f8e1e8
JH
2147 acl_narg>0 ? acl_arg[0] : US"<none>",
2148 acl_narg>1 ? " +more" : "");
f60d98e8 2149
93a6fce2 2150ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
ef21c07d
JH
2151
2152for (i = 0; i < nsub; i++)
2153 acl_arg[i] = sub[i+1]; /* restore old args */
2154acl_narg = sav_narg;
2155
2156return ret;
f60d98e8
JH
2157}
2158
2159
2160
2161
7f69e814
JH
2162/* Return pointer to dewrapped string, with enclosing specified chars removed.
2163The given string is modified on return. Leading whitespace is skipped while
2164looking for the opening wrap character, then the rest is scanned for the trailing
2165(non-escaped) wrap character. A backslash in the string will act as an escape.
2166
2167A nul is written over the trailing wrap, and a pointer to the char after the
2168leading wrap is returned.
2169
2170Arguments:
2171 s String for de-wrapping
2172 wrap Two-char string, the first being the opener, second the closer wrapping
2173 character
2174Return:
2175 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2176*/
2177
2178static uschar *
2179dewrap(uschar * s, const uschar * wrap)
2180{
2181uschar * p = s;
2182unsigned depth = 0;
2183BOOL quotesmode = wrap[0] == wrap[1];
2184
2185while (isspace(*p)) p++;
2186
2187if (*p == *wrap)
2188 {
2189 s = ++p;
2190 wrap++;
2191 while (*p)
2192 {
2193 if (*p == '\\') p++;
2194 else if (!quotesmode && *p == wrap[-1]) depth++;
2195 else if (*p == *wrap)
2196 if (depth == 0)
2197 {
2198 *p = '\0';
2199 return s;
2200 }
2201 else
2202 depth--;
2203 p++;
2204 }
2205 }
2206expand_string_message = string_sprintf("missing '%c'", *wrap);
2207return NULL;
2208}
2209
2210
2211/* Pull off the leading array or object element, returning
2212a copy in an allocated string. Update the list pointer.
2213
2214The element may itself be an abject or array.
2215Return NULL when the list is empty.
2216*/
2217
2218static uschar *
2219json_nextinlist(const uschar ** list)
2220{
2221unsigned array_depth = 0, object_depth = 0;
2222const uschar * s = *list, * item;
2223
2224while (isspace(*s)) s++;
2225
2226for (item = s;
2227 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2228 s++)
2229 switch (*s)
2230 {
2231 case '[': array_depth++; break;
2232 case ']': array_depth--; break;
2233 case '{': object_depth++; break;
2234 case '}': object_depth--; break;
2235 }
2236*list = *s ? s+1 : s;
2237if (item == s) return NULL;
2238item = string_copyn(item, s - item);
2239DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2240return US item;
2241}
2242
2243
2244
21aa0597
JH
2245/************************************************/
2246/* Return offset in ops table, or -1 if not found.
2247Repoint to just after the operator in the string.
2248
2249Argument:
2250 ss string representation of operator
2251 opname split-out operator name
2252*/
2253
2254static int
2255identify_operator(const uschar ** ss, uschar ** opname)
2256{
2257const uschar * s = *ss;
2258uschar name[256];
2259
2260/* Numeric comparisons are symbolic */
2261
2262if (*s == '=' || *s == '>' || *s == '<')
2263 {
2264 int p = 0;
2265 name[p++] = *s++;
2266 if (*s == '=')
2267 {
2268 name[p++] = '=';
2269 s++;
2270 }
2271 name[p] = 0;
2272 }
2273
2274/* All other conditions are named */
2275
2276else
2277 s = read_name(name, sizeof(name), s, US"_");
2278*ss = s;
2279
2280/* If we haven't read a name, it means some non-alpha character is first. */
2281
2282if (!name[0])
2283 {
2284 expand_string_message = string_sprintf("condition name expected, "
2285 "but found \"%.16s\"", s);
2286 return -1;
2287 }
2288if (opname)
2289 *opname = string_copy(name);
2290
2291return chop_match(name, cond_table, nelem(cond_table));
2292}
2293
2294
641cb756 2295/*************************************************
059ec3d9
PH
2296* Read and evaluate a condition *
2297*************************************************/
2298
2299/*
2300Arguments:
2301 s points to the start of the condition text
b0e85a8f
JH
2302 resetok points to a BOOL which is written false if it is unsafe to
2303 free memory. Certain condition types (acl) may have side-effect
2304 allocation which must be preserved.
059ec3d9
PH
2305 yield points to a BOOL to hold the result of the condition test;
2306 if NULL, we are just reading through a condition that is
2307 part of an "or" combination to check syntax, or in a state
2308 where the answer isn't required
2309
2310Returns: a pointer to the first character after the condition, or
2311 NULL after an error
2312*/
2313
55414b25
JH
2314static const uschar *
2315eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
059ec3d9
PH
2316{
2317BOOL testfor = TRUE;
2318BOOL tempcond, combined_cond;
2319BOOL *subcondptr;
5cfd2e57 2320BOOL sub2_honour_dollar = TRUE;
7f69e814 2321BOOL is_forany, is_json, is_jsons;
56dbf856 2322int rc, cond_type, roffset;
97d17305 2323int_eximarith_t num[2];
059ec3d9 2324struct stat statbuf;
21aa0597 2325uschar * opname;
059ec3d9 2326uschar name[256];
55414b25 2327const uschar *sub[10];
059ec3d9
PH
2328
2329const pcre *re;
2330const uschar *rerror;
2331
2332for (;;)
2333 {
2334 while (isspace(*s)) s++;
2335 if (*s == '!') { testfor = !testfor; s++; } else break;
2336 }
2337
21aa0597 2338switch(cond_type = identify_operator(&s, &opname))
059ec3d9 2339 {
9b4768fa
PH
2340 /* def: tests for a non-empty variable, or for the existence of a header. If
2341 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH
2342
2343 case ECOND_DEF:
059ec3d9 2344 {
bce15b62 2345 uschar * t;
059ec3d9 2346
bce15b62
JH
2347 if (*s != ':')
2348 {
2349 expand_string_message = US"\":\" expected after \"def\"";
2350 return NULL;
2351 }
059ec3d9 2352
f3ebb786 2353 s = read_name(name, sizeof(name), s+1, US"_");
059ec3d9 2354
bce15b62
JH
2355 /* Test for a header's existence. If the name contains a closing brace
2356 character, this may be a user error where the terminating colon has been
2357 omitted. Set a flag to adjust a subsequent error message in this case. */
059ec3d9 2358
bce15b62
JH
2359 if ( ( *(t = name) == 'h'
2360 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2361 )
2362 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2363 )
2364 {
f3ebb786 2365 s = read_header_name(name, sizeof(name), s);
bce15b62
JH
2366 /* {-for-text-editors */
2367 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2368 if (yield) *yield =
2369 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2370 }
059ec3d9 2371
bce15b62
JH
2372 /* Test for a variable's having a non-empty value. A non-existent variable
2373 causes an expansion failure. */
2374
2375 else
059ec3d9 2376 {
bce15b62
JH
2377 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2378 {
f3ebb786
JH
2379 expand_string_message = name[0]
2380 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2381 : US"variable name omitted after \"def:\"";
bce15b62
JH
2382 check_variable_error_message(name);
2383 return NULL;
2384 }
2385 if (yield) *yield = (t[0] != 0) == testfor;
059ec3d9 2386 }
059ec3d9 2387
bce15b62
JH
2388 return s;
2389 }
059ec3d9
PH
2390
2391
2392 /* first_delivery tests for first delivery attempt */
2393
2394 case ECOND_FIRST_DELIVERY:
8768d548 2395 if (yield != NULL) *yield = f.deliver_firsttime == testfor;
059ec3d9
PH
2396 return s;
2397
2398
2399 /* queue_running tests for any process started by a queue runner */
2400
2401 case ECOND_QUEUE_RUNNING:
2402 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2403 return s;
2404
2405
2406 /* exists: tests for file existence
2407 isip: tests for any IP address
2408 isip4: tests for an IPv4 address
2409 isip6: tests for an IPv6 address
2410 pam: does PAM authentication
2411 radius: does RADIUS authentication
2412 ldapauth: does LDAP authentication
2413 pwcheck: does Cyrus SASL pwcheck authentication
2414 */
2415
2416 case ECOND_EXISTS:
2417 case ECOND_ISIP:
2418 case ECOND_ISIP4:
2419 case ECOND_ISIP6:
2420 case ECOND_PAM:
2421 case ECOND_RADIUS:
2422 case ECOND_LDAPAUTH:
2423 case ECOND_PWCHECK:
2424
2425 while (isspace(*s)) s++;
b5b871ac 2426 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9 2427
b0e85a8f 2428 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
059ec3d9 2429 if (sub[0] == NULL) return NULL;
b5b871ac 2430 /* {-for-text-editors */
059ec3d9
PH
2431 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2432
2433 if (yield == NULL) return s; /* No need to run the test if skipping */
2434
2435 switch(cond_type)
2436 {
2437 case ECOND_EXISTS:
2438 if ((expand_forbid & RDO_EXISTS) != 0)
2439 {
2440 expand_string_message = US"File existence tests are not permitted";
2441 return NULL;
2442 }
2443 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2444 break;
2445
2446 case ECOND_ISIP:
2447 case ECOND_ISIP4:
2448 case ECOND_ISIP6:
2449 rc = string_is_ip_address(sub[0], NULL);
7e66e54d 2450 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
059ec3d9
PH
2451 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2452 break;
2453
2454 /* Various authentication tests - all optionally compiled */
2455
2456 case ECOND_PAM:
2457 #ifdef SUPPORT_PAM
2458 rc = auth_call_pam(sub[0], &expand_string_message);
2459 goto END_AUTH;
2460 #else
2461 goto COND_FAILED_NOT_COMPILED;
2462 #endif /* SUPPORT_PAM */
2463
2464 case ECOND_RADIUS:
2465 #ifdef RADIUS_CONFIG_FILE
2466 rc = auth_call_radius(sub[0], &expand_string_message);
2467 goto END_AUTH;
2468 #else
2469 goto COND_FAILED_NOT_COMPILED;
2470 #endif /* RADIUS_CONFIG_FILE */
2471
2472 case ECOND_LDAPAUTH:
2473 #ifdef LOOKUP_LDAP
2474 {
2475 /* Just to keep the interface the same */
2476 BOOL do_cache;
2477 int old_pool = store_pool;
2478 store_pool = POOL_SEARCH;
2479 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2480 &expand_string_message, &do_cache);
2481 store_pool = old_pool;
2482 }
2483 goto END_AUTH;
2484 #else
2485 goto COND_FAILED_NOT_COMPILED;
2486 #endif /* LOOKUP_LDAP */
2487
2488 case ECOND_PWCHECK:
2489 #ifdef CYRUS_PWCHECK_SOCKET
2490 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2491 goto END_AUTH;
2492 #else
2493 goto COND_FAILED_NOT_COMPILED;
2494 #endif /* CYRUS_PWCHECK_SOCKET */
2495
2496 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2497 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2498 END_AUTH:
2499 if (rc == ERROR || rc == DEFER) return NULL;
2500 *yield = (rc == OK) == testfor;
2501 #endif
2502 }
2503 return s;
2504
2505
333eea9c
JH
2506 /* call ACL (in a conditional context). Accept true, deny false.
2507 Defer is a forced-fail. Anything set by message= goes to $value.
f60d98e8
JH
2508 Up to ten parameters are used; we use the braces round the name+args
2509 like the saslauthd condition does, to permit a variable number of args.
2510 See also the expansion-item version EITEM_ACL and the traditional
2511 acl modifier ACLC_ACL.
fd5dad68
JH
2512 Since the ACL may allocate new global variables, tell our caller to not
2513 reclaim memory.
f60d98e8 2514 */
333eea9c
JH
2515
2516 case ECOND_ACL:
bef3ea7f 2517 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
333eea9c 2518 {
55414b25 2519 uschar *sub[10];
333eea9c 2520 uschar *user_msg;
333eea9c 2521 BOOL cond = FALSE;
333eea9c
JH
2522
2523 while (isspace(*s)) s++;
6d9cfc47 2524 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
333eea9c 2525
0539a19d 2526 switch(read_subs(sub, nelem(sub), 1,
b0e85a8f 2527 &s, yield == NULL, TRUE, US"acl", resetok))
333eea9c 2528 {
f60d98e8
JH
2529 case 1: expand_string_message = US"too few arguments or bracketing "
2530 "error for acl";
2531 case 2:
2532 case 3: return NULL;
333eea9c 2533 }
f60d98e8 2534
9e70917d
JH
2535 if (yield != NULL)
2536 {
17ccbda6 2537 int rc;
9e70917d 2538 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
17ccbda6 2539 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
f60d98e8
JH
2540 {
2541 case OK:
2542 cond = TRUE;
2543 case FAIL:
bef3ea7f 2544 lookup_value = NULL;
f60d98e8 2545 if (user_msg)
acec9514 2546 lookup_value = string_copy(user_msg);
b5b871ac 2547 *yield = cond == testfor;
f60d98e8
JH
2548 break;
2549
2550 case DEFER:
8768d548 2551 f.expand_string_forcedfail = TRUE;
6e3b198d 2552 /*FALLTHROUGH*/
f60d98e8 2553 default:
17ccbda6
JH
2554 expand_string_message = string_sprintf("%s from acl \"%s\"",
2555 rc_names[rc], sub[0]);
f60d98e8
JH
2556 return NULL;
2557 }
9e70917d 2558 }
f60d98e8 2559 return s;
333eea9c 2560 }
333eea9c
JH
2561
2562
059ec3d9
PH
2563 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2564
b0e85a8f 2565 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
059ec3d9
PH
2566
2567 However, the last two are optional. That is why the whole set is enclosed
333eea9c 2568 in their own set of braces. */
059ec3d9
PH
2569
2570 case ECOND_SASLAUTHD:
0539a19d
JH
2571#ifndef CYRUS_SASLAUTHD_SOCKET
2572 goto COND_FAILED_NOT_COMPILED;
2573#else
059ec3d9 2574 {
0539a19d
JH
2575 uschar *sub[4];
2576 while (isspace(*s)) s++;
2577 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2578 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2579 resetok))
2580 {
2581 case 1: expand_string_message = US"too few arguments or bracketing "
2582 "error for saslauthd";
2583 case 2:
2584 case 3: return NULL;
2585 }
2586 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2587 if (yield != NULL)
2588 {
2589 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2590 &expand_string_message);
2591 if (rc == ERROR || rc == DEFER) return NULL;
2592 *yield = (rc == OK) == testfor;
2593 }
2594 return s;
059ec3d9 2595 }
0539a19d 2596#endif /* CYRUS_SASLAUTHD_SOCKET */
059ec3d9
PH
2597
2598
2599 /* symbolic operators for numeric and string comparison, and a number of
2600 other operators, all requiring two arguments.
2601
76dca828
PP
2602 crypteq: encrypts plaintext and compares against an encrypted text,
2603 using crypt(), crypt16(), MD5 or SHA-1
2604 inlist/inlisti: checks if first argument is in the list of the second
059ec3d9
PH
2605 match: does a regular expression match and sets up the numerical
2606 variables if it succeeds
2607 match_address: matches in an address list
2608 match_domain: matches in a domain list
32d668a5 2609 match_ip: matches a host list that is restricted to IP addresses
059ec3d9 2610 match_local_part: matches in a local part list
059ec3d9
PH
2611 */
2612
059ec3d9
PH
2613 case ECOND_MATCH_ADDRESS:
2614 case ECOND_MATCH_DOMAIN:
32d668a5 2615 case ECOND_MATCH_IP:
059ec3d9 2616 case ECOND_MATCH_LOCAL_PART:
da6dbe26
PP
2617#ifndef EXPAND_LISTMATCH_RHS
2618 sub2_honour_dollar = FALSE;
2619#endif
2620 /* FALLTHROUGH */
2621
2622 case ECOND_CRYPTEQ:
2623 case ECOND_INLIST:
2624 case ECOND_INLISTI:
2625 case ECOND_MATCH:
059ec3d9
PH
2626
2627 case ECOND_NUM_L: /* Numerical comparisons */
2628 case ECOND_NUM_LE:
2629 case ECOND_NUM_E:
2630 case ECOND_NUM_EE:
2631 case ECOND_NUM_G:
2632 case ECOND_NUM_GE:
2633
2634 case ECOND_STR_LT: /* String comparisons */
2635 case ECOND_STR_LTI:
2636 case ECOND_STR_LE:
2637 case ECOND_STR_LEI:
2638 case ECOND_STR_EQ:
2639 case ECOND_STR_EQI:
2640 case ECOND_STR_GT:
2641 case ECOND_STR_GTI:
2642 case ECOND_STR_GE:
2643 case ECOND_STR_GEI:
2644
d7978c0f 2645 for (int i = 0; i < 2; i++)
059ec3d9 2646 {
da6dbe26
PP
2647 /* Sometimes, we don't expand substrings; too many insecure configurations
2648 created using match_address{}{} and friends, where the second param
2649 includes information from untrustworthy sources. */
2650 BOOL honour_dollar = TRUE;
2651 if ((i > 0) && !sub2_honour_dollar)
2652 honour_dollar = FALSE;
2653
059ec3d9
PH
2654 while (isspace(*s)) s++;
2655 if (*s != '{')
2656 {
2657 if (i == 0) goto COND_FAILED_CURLY_START;
2658 expand_string_message = string_sprintf("missing 2nd string in {} "
21aa0597 2659 "after \"%s\"", opname);
059ec3d9
PH
2660 return NULL;
2661 }
d584cdca
JH
2662 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2663 honour_dollar, resetok)))
2664 return NULL;
2665 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2666 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2667 " for security reasons\n");
059ec3d9
PH
2668 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2669
2670 /* Convert to numerical if required; we know that the names of all the
2671 conditions that compare numbers do not start with a letter. This just saves
2672 checking for them individually. */
2673
21aa0597 2674 if (!isalpha(opname[0]) && yield != NULL)
5dd1517f
PH
2675 if (sub[i][0] == 0)
2676 {
2677 num[i] = 0;
2678 DEBUG(D_expand)
e1d04f48 2679 debug_printf_indent("empty string cast to zero for numerical comparison\n");
5dd1517f
PH
2680 }
2681 else
2682 {
7685ce68 2683 num[i] = expanded_string_integer(sub[i], FALSE);
5dd1517f
PH
2684 if (expand_string_message != NULL) return NULL;
2685 }
059ec3d9
PH
2686 }
2687
2688 /* Result not required */
2689
2690 if (yield == NULL) return s;
2691
2692 /* Do an appropriate comparison */
2693
2694 switch(cond_type)
2695 {
2696 case ECOND_NUM_E:
2697 case ECOND_NUM_EE:
b5b871ac 2698 tempcond = (num[0] == num[1]);
059ec3d9
PH
2699 break;
2700
2701 case ECOND_NUM_G:
b5b871ac 2702 tempcond = (num[0] > num[1]);
059ec3d9
PH
2703 break;
2704
2705 case ECOND_NUM_GE:
b5b871ac 2706 tempcond = (num[0] >= num[1]);
059ec3d9
PH
2707 break;
2708
2709 case ECOND_NUM_L:
b5b871ac 2710 tempcond = (num[0] < num[1]);
059ec3d9
PH
2711 break;
2712
2713 case ECOND_NUM_LE:
b5b871ac 2714 tempcond = (num[0] <= num[1]);
059ec3d9
PH
2715 break;
2716
2717 case ECOND_STR_LT:
b5b871ac 2718 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
059ec3d9
PH
2719 break;
2720
2721 case ECOND_STR_LTI:
b5b871ac 2722 tempcond = (strcmpic(sub[0], sub[1]) < 0);
059ec3d9
PH
2723 break;
2724
2725 case ECOND_STR_LE:
b5b871ac 2726 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
059ec3d9
PH
2727 break;
2728
2729 case ECOND_STR_LEI:
b5b871ac 2730 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
059ec3d9
PH
2731 break;
2732
2733 case ECOND_STR_EQ:
b5b871ac 2734 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
059ec3d9
PH
2735 break;
2736
2737 case ECOND_STR_EQI:
b5b871ac 2738 tempcond = (strcmpic(sub[0], sub[1]) == 0);
059ec3d9
PH
2739 break;
2740
2741 case ECOND_STR_GT:
b5b871ac 2742 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
059ec3d9
PH
2743 break;
2744
2745 case ECOND_STR_GTI:
b5b871ac 2746 tempcond = (strcmpic(sub[0], sub[1]) > 0);
059ec3d9
PH
2747 break;
2748
2749 case ECOND_STR_GE:
b5b871ac 2750 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
059ec3d9
PH
2751 break;
2752
2753 case ECOND_STR_GEI:
b5b871ac 2754 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
059ec3d9
PH
2755 break;
2756
2757 case ECOND_MATCH: /* Regular expression match */
2758 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2759 NULL);
2760 if (re == NULL)
2761 {
2762 expand_string_message = string_sprintf("regular expression error in "
2763 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2764 return NULL;
2765 }
b5b871ac 2766 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
059ec3d9
PH
2767 break;
2768
2769 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2770 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2771 goto MATCHED_SOMETHING;
2772
2773 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2774 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2775 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2776 goto MATCHED_SOMETHING;
2777
32d668a5 2778 case ECOND_MATCH_IP: /* Match IP address in a host list */
7e66e54d 2779 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
32d668a5
PH
2780 {
2781 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2782 sub[0]);
2783 return NULL;
2784 }
2785 else
2786 {
2787 unsigned int *nullcache = NULL;
2788 check_host_block cb;
2789
2790 cb.host_name = US"";
2791 cb.host_address = sub[0];
2792
2793 /* If the host address starts off ::ffff: it is an IPv6 address in
2794 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2795 addresses. */
2796
2797 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2798 cb.host_address + 7 : cb.host_address;
2799
2800 rc = match_check_list(
2801 &sub[1], /* the list */
2802 0, /* separator character */
2803 &hostlist_anchor, /* anchor pointer */
2804 &nullcache, /* cache pointer */
2805 check_host, /* function for testing */
2806 &cb, /* argument for function */
2807 MCL_HOST, /* type of check */
2808 sub[0], /* text for debugging */
2809 NULL); /* where to pass back data */
2810 }
2811 goto MATCHED_SOMETHING;
2812
059ec3d9
PH
2813 case ECOND_MATCH_LOCAL_PART:
2814 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2815 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2816 /* Fall through */
9a26b6b2 2817 /* VVVVVVVVVVVV */
059ec3d9
PH
2818 MATCHED_SOMETHING:
2819 switch(rc)
2820 {
2821 case OK:
b5b871ac 2822 tempcond = TRUE;
059ec3d9
PH
2823 break;
2824
2825 case FAIL:
b5b871ac 2826 tempcond = FALSE;
059ec3d9
PH
2827 break;
2828
2829 case DEFER:
2830 expand_string_message = string_sprintf("unable to complete match "
2831 "against \"%s\": %s", sub[1], search_error_message);
2832 return NULL;
2833 }
2834
2835 break;
2836
2837 /* Various "encrypted" comparisons. If the second string starts with
2838 "{" then an encryption type is given. Default to crypt() or crypt16()
2839 (build-time choice). */
b5b871ac 2840 /* }-for-text-editors */
059ec3d9
PH
2841
2842 case ECOND_CRYPTEQ:
2843 #ifndef SUPPORT_CRYPTEQ
2844 goto COND_FAILED_NOT_COMPILED;
2845 #else
2846 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2847 {
2848 int sublen = Ustrlen(sub[1]+5);
2849 md5 base;
2850 uschar digest[16];
2851
2852 md5_start(&base);
cfab9d68 2853 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
059ec3d9
PH
2854
2855 /* If the length that we are comparing against is 24, the MD5 digest
2856 is expressed as a base64 string. This is the way LDAP does it. However,
2857 some other software uses a straightforward hex representation. We assume
2858 this if the length is 32. Other lengths fail. */
2859
2860 if (sublen == 24)
2861 {
1f20760b 2862 uschar *coded = b64encode(CUS digest, 16);
059ec3d9
PH
2863 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2864 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2865 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
059ec3d9
PH
2866 }
2867 else if (sublen == 32)
2868 {
059ec3d9 2869 uschar coded[36];
d7978c0f 2870 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
059ec3d9
PH
2871 coded[32] = 0;
2872 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2873 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
b5b871ac 2874 tempcond = (strcmpic(coded, sub[1]+5) == 0);
059ec3d9
PH
2875 }
2876 else
2877 {
2878 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2879 "fail\n crypted=%s\n", sub[1]+5);
b5b871ac 2880 tempcond = FALSE;
059ec3d9
PH
2881 }
2882 }
2883
2884 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2885 {
2886 int sublen = Ustrlen(sub[1]+6);
5fb822fc 2887 hctx h;
059ec3d9
PH
2888 uschar digest[20];
2889
5fb822fc 2890 sha1_start(&h);
cfab9d68 2891 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
059ec3d9
PH
2892
2893 /* If the length that we are comparing against is 28, assume the SHA1
2894 digest is expressed as a base64 string. If the length is 40, assume a
2895 straightforward hex representation. Other lengths fail. */
2896
2897 if (sublen == 28)
2898 {
1f20760b 2899 uschar *coded = b64encode(CUS digest, 20);
059ec3d9
PH
2900 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2901 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2902 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
059ec3d9
PH
2903 }
2904 else if (sublen == 40)
2905 {
059ec3d9 2906 uschar coded[44];
d7978c0f 2907 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
059ec3d9
PH
2908 coded[40] = 0;
2909 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2910 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
b5b871ac 2911 tempcond = (strcmpic(coded, sub[1]+6) == 0);
059ec3d9
PH
2912 }
2913 else
2914 {
2915 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2916 "fail\n crypted=%s\n", sub[1]+6);
b5b871ac 2917 tempcond = FALSE;
059ec3d9
PH
2918 }
2919 }
2920
2921 else /* {crypt} or {crypt16} and non-{ at start */
76dca828 2922 /* }-for-text-editors */
059ec3d9
PH
2923 {
2924 int which = 0;
2925 uschar *coded;
2926
2927 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2928 {
2929 sub[1] += 7;
2930 which = 1;
2931 }
2932 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2933 {
2934 sub[1] += 9;
2935 which = 2;
2936 }
b5b871ac 2937 else if (sub[1][0] == '{') /* }-for-text-editors */
059ec3d9
PH
2938 {
2939 expand_string_message = string_sprintf("unknown encryption mechanism "
2940 "in \"%s\"", sub[1]);
2941 return NULL;
2942 }
2943
2944 switch(which)
2945 {
2946 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2947 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2948 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2949 }
2950
2951 #define STR(s) # s
2952 #define XSTR(s) STR(s)
2953 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2954 " subject=%s\n crypted=%s\n",
9dc2b215 2955 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
059ec3d9
PH
2956 coded, sub[1]);
2957 #undef STR
2958 #undef XSTR
2959
2960 /* If the encrypted string contains fewer than two characters (for the
2961 salt), force failure. Otherwise we get false positives: with an empty
2962 string the yield of crypt() is an empty string! */
2963
9dc2b215
JH
2964 if (coded)
2965 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
2966 else if (errno == EINVAL)
2967 tempcond = FALSE;
2968 else
2969 {
2970 expand_string_message = string_sprintf("crypt error: %s\n",
2971 US strerror(errno));
2972 return NULL;
2973 }
059ec3d9
PH
2974 }
2975 break;
2976 #endif /* SUPPORT_CRYPTEQ */
76dca828
PP
2977
2978 case ECOND_INLIST:
2979 case ECOND_INLISTI:
2980 {
55414b25 2981 const uschar * list = sub[1];
76dca828 2982 int sep = 0;
76dca828
PP
2983 uschar *save_iterate_item = iterate_item;
2984 int (*compare)(const uschar *, const uschar *);
2985
21aa0597 2986 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
82dbd376 2987
b5b871ac 2988 tempcond = FALSE;
55414b25
JH
2989 compare = cond_type == ECOND_INLISTI
2990 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
76dca828 2991
55414b25 2992 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
05e796ad
JH
2993 {
2994 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
76dca828
PP
2995 if (compare(sub[0], iterate_item) == 0)
2996 {
b5b871ac 2997 tempcond = TRUE;
76dca828
PP
2998 break;
2999 }
05e796ad 3000 }
76dca828 3001 iterate_item = save_iterate_item;
76dca828
PP
3002 }
3003
059ec3d9
PH
3004 } /* Switch for comparison conditions */
3005
b5b871ac 3006 *yield = tempcond == testfor;
059ec3d9
PH
3007 return s; /* End of comparison conditions */
3008
3009
3010 /* and/or: computes logical and/or of several conditions */
3011
3012 case ECOND_AND:
3013 case ECOND_OR:
3014 subcondptr = (yield == NULL)? NULL : &tempcond;
3015 combined_cond = (cond_type == ECOND_AND);
3016
3017 while (isspace(*s)) s++;
b5b871ac 3018 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
059ec3d9
PH
3019
3020 for (;;)
3021 {
3022 while (isspace(*s)) s++;
b5b871ac 3023 /* {-for-text-editors */
059ec3d9 3024 if (*s == '}') break;
b5b871ac 3025 if (*s != '{') /* }-for-text-editors */
059ec3d9
PH
3026 {
3027 expand_string_message = string_sprintf("each subcondition "
21aa0597 3028 "inside an \"%s{...}\" condition must be in its own {}", opname);
059ec3d9
PH
3029 return NULL;
3030 }
3031
b0e85a8f 3032 if (!(s = eval_condition(s+1, resetok, subcondptr)))
059ec3d9
PH
3033 {
3034 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
21aa0597 3035 expand_string_message, opname);
059ec3d9
PH
3036 return NULL;
3037 }
3038 while (isspace(*s)) s++;
3039
b5b871ac 3040 /* {-for-text-editors */
059ec3d9
PH
3041 if (*s++ != '}')
3042 {
b5b871ac 3043 /* {-for-text-editors */
059ec3d9 3044 expand_string_message = string_sprintf("missing } at end of condition "
21aa0597 3045 "inside \"%s\" group", opname);
059ec3d9
PH
3046 return NULL;
3047 }
3048
3049 if (yield != NULL)
3050 {
3051 if (cond_type == ECOND_AND)
3052 {
3053 combined_cond &= tempcond;
3054 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3055 } /* evaluate any more */
3056 else
3057 {
3058 combined_cond |= tempcond;
3059 if (combined_cond) subcondptr = NULL; /* once true, don't */
3060 } /* evaluate any more */
3061 }
3062 }
3063
3064 if (yield != NULL) *yield = (combined_cond == testfor);
3065 return ++s;
3066
3067
0ce9abe6
PH
3068 /* forall/forany: iterates a condition with different values */
3069
7f69e814
JH
3070 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3071 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3072 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3073 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3074 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3075 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3076
3077 FORMANY:
0ce9abe6 3078 {
55414b25 3079 const uschar * list;
0ce9abe6 3080 int sep = 0;
282b357d 3081 uschar *save_iterate_item = iterate_item;
0ce9abe6 3082
21aa0597 3083 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
82dbd376 3084
0ce9abe6 3085 while (isspace(*s)) s++;
b5b871ac 3086 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
b0e85a8f 3087 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
0ce9abe6 3088 if (sub[0] == NULL) return NULL;
b5b871ac 3089 /* {-for-text-editors */
0ce9abe6
PH
3090 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3091
3092 while (isspace(*s)) s++;
b5b871ac 3093 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
0ce9abe6
PH
3094
3095 sub[1] = s;
3096
3097 /* Call eval_condition once, with result discarded (as if scanning a
3098 "false" part). This allows us to find the end of the condition, because if
3099 the list it empty, we won't actually evaluate the condition for real. */
3100
b0e85a8f 3101 if (!(s = eval_condition(sub[1], resetok, NULL)))
0ce9abe6
PH
3102 {
3103 expand_string_message = string_sprintf("%s inside \"%s\" condition",
21aa0597 3104 expand_string_message, opname);
0ce9abe6
PH
3105 return NULL;
3106 }
3107 while (isspace(*s)) s++;
3108
b5b871ac 3109 /* {-for-text-editors */
0ce9abe6
PH
3110 if (*s++ != '}')
3111 {
b5b871ac 3112 /* {-for-text-editors */
0ce9abe6 3113 expand_string_message = string_sprintf("missing } at end of condition "
21aa0597 3114 "inside \"%s\"", opname);
0ce9abe6
PH
3115 return NULL;
3116 }
3117
7f69e814 3118 if (yield) *yield = !testfor;
55414b25 3119 list = sub[0];
7f69e814
JH
3120 if (is_json) list = dewrap(string_copy(list), US"[]");
3121 while ((iterate_item = is_json
3122 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
0ce9abe6 3123 {
7f69e814
JH
3124 if (is_jsons)
3125 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3126 {
3127 expand_string_message =
3128 string_sprintf("%s wrapping string result for extract jsons",
3129 expand_string_message);
3130 iterate_item = save_iterate_item;
3131 return NULL;
3132 }
3133
f3ebb786 3134 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", opname, iterate_item);
b0e85a8f 3135 if (!eval_condition(sub[1], resetok, &tempcond))
0ce9abe6
PH
3136 {
3137 expand_string_message = string_sprintf("%s inside \"%s\" condition",
21aa0597 3138 expand_string_message, opname);
e58c13cc 3139 iterate_item = save_iterate_item;
0ce9abe6
PH
3140 return NULL;
3141 }
21aa0597 3142 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
0ce9abe6
PH
3143 tempcond? "true":"false");
3144
7f69e814
JH
3145 if (yield) *yield = (tempcond == testfor);
3146 if (tempcond == is_forany) break;
0ce9abe6
PH
3147 }
3148
282b357d 3149 iterate_item = save_iterate_item;
0ce9abe6
PH
3150 return s;
3151 }
3152
3153
f3766eb5
NM
3154 /* The bool{} expansion condition maps a string to boolean.
3155 The values supported should match those supported by the ACL condition
3156 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3157 of true/false. Note that Router "condition" rules have a different
3158 interpretation, where general data can be used and only a few values
3159 map to FALSE.
3160 Note that readconf.c boolean matching, for boolean configuration options,
6a8de854
PP
3161 only matches true/yes/false/no.
3162 The bool_lax{} condition matches the Router logic, which is much more
3163 liberal. */
f3766eb5 3164 case ECOND_BOOL:
6a8de854 3165 case ECOND_BOOL_LAX:
f3766eb5
NM
3166 {
3167 uschar *sub_arg[1];
71265ae9 3168 uschar *t, *t2;
6a8de854 3169 uschar *ourname;
f3766eb5
NM
3170 size_t len;
3171 BOOL boolvalue = FALSE;
3172 while (isspace(*s)) s++;
b5b871ac 3173 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
6a8de854 3174 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
b0e85a8f 3175 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
f3766eb5 3176 {
6a8de854
PP
3177 case 1: expand_string_message = string_sprintf(
3178 "too few arguments or bracketing error for %s",
3179 ourname);
f3766eb5
NM
3180 /*FALLTHROUGH*/
3181 case 2:
3182 case 3: return NULL;
3183 }
3184 t = sub_arg[0];
3185 while (isspace(*t)) t++;
3186 len = Ustrlen(t);
71265ae9
PP
3187 if (len)
3188 {
3189 /* trailing whitespace: seems like a good idea to ignore it too */
3190 t2 = t + len - 1;
3191 while (isspace(*t2)) t2--;
3192 if (t2 != (t + len))
3193 {
3194 *++t2 = '\0';
3195 len = t2 - t;
3196 }
3197 }
f3766eb5 3198 DEBUG(D_expand)
e1d04f48 3199 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
6a8de854
PP
3200 /* logic for the lax case from expand_check_condition(), which also does
3201 expands, and the logic is both short and stable enough that there should
3202 be no maintenance burden from replicating it. */
f3766eb5
NM
3203 if (len == 0)
3204 boolvalue = FALSE;
51c7471d
JH
3205 else if (*t == '-'
3206 ? Ustrspn(t+1, "0123456789") == len-1
3207 : Ustrspn(t, "0123456789") == len)
6a8de854 3208 {
f3766eb5 3209 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
6a8de854
PP
3210 /* expand_check_condition only does a literal string "0" check */
3211 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3212 boolvalue = TRUE;
3213 }
f3766eb5
NM
3214 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3215 boolvalue = TRUE;
3216 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3217 boolvalue = FALSE;
6a8de854
PP
3218 else if (cond_type == ECOND_BOOL_LAX)
3219 boolvalue = TRUE;
f3766eb5
NM
3220 else
3221 {
3222 expand_string_message = string_sprintf("unrecognised boolean "
3223 "value \"%s\"", t);
3224 return NULL;
3225 }
e1d04f48 3226 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
c7c833c6 3227 boolvalue? "true":"false");
5ee6f336 3228 if (yield != NULL) *yield = (boolvalue == testfor);
f3766eb5
NM
3229 return s;
3230 }
3231
059ec3d9
PH
3232 /* Unknown condition */
3233
3234 default:
21aa0597
JH
3235 if (!expand_string_message || !*expand_string_message)
3236 expand_string_message = string_sprintf("unknown condition \"%s\"", opname);
3237 return NULL;
059ec3d9
PH
3238 } /* End switch on condition type */
3239
3240/* Missing braces at start and end of data */
3241
3242COND_FAILED_CURLY_START:
21aa0597 3243expand_string_message = string_sprintf("missing { after \"%s\"", opname);
059ec3d9
PH
3244return NULL;
3245
3246COND_FAILED_CURLY_END:
3247expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
21aa0597 3248 opname);
059ec3d9
PH
3249return NULL;
3250
3251/* A condition requires code that is not compiled */
3252
3253#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3254 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3255 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3256COND_FAILED_NOT_COMPILED:
3257expand_string_message = string_sprintf("support for \"%s\" not compiled",
21aa0597 3258 opname);
059ec3d9
PH
3259return NULL;
3260#endif
3261}
3262
3263
3264
3265
3266/*************************************************
3267* Save numerical variables *
3268*************************************************/
3269
3270/* This function is called from items such as "if" that want to preserve and
3271restore the numbered variables.
3272
3273Arguments:
3274 save_expand_string points to an array of pointers to set
3275 save_expand_nlength points to an array of ints for the lengths
3276
3277Returns: the value of expand max to save
3278*/
3279
3280static int
3281save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3282{
d7978c0f 3283for (int i = 0; i <= expand_nmax; i++)
059ec3d9
PH
3284 {
3285 save_expand_nstring[i] = expand_nstring[i];
3286 save_expand_nlength[i] = expand_nlength[i];
3287 }
3288return expand_nmax;
3289}
3290
3291
3292
3293/*************************************************
3294* Restore numerical variables *
3295*************************************************/
3296
3297/* This function restored saved values of numerical strings.
3298
3299Arguments:
3300 save_expand_nmax the number of strings to restore
3301 save_expand_string points to an array of pointers
3302 save_expand_nlength points to an array of ints
3303
3304Returns: nothing
3305*/
3306
3307static void
3308restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3309 int *save_expand_nlength)
3310{
059ec3d9 3311expand_nmax = save_expand_nmax;
d7978c0f 3312for (int i = 0; i <= expand_nmax; i++)
059ec3d9
PH
3313 {
3314 expand_nstring[i] = save_expand_nstring[i];
3315 expand_nlength[i] = save_expand_nlength[i];
3316 }
3317}
3318
3319
3320
3321
3322
3323/*************************************************
3324* Handle yes/no substrings *
3325*************************************************/
3326
3327/* This function is used by ${if}, ${lookup} and ${extract} to handle the
3328alternative substrings that depend on whether or not the condition was true,
3329or the lookup or extraction succeeded. The substrings always have to be
3330expanded, to check their syntax, but "skipping" is set when the result is not
3331needed - this avoids unnecessary nested lookups.
3332
3333Arguments:
3334 skipping TRUE if we were skipping when this item was reached
3335 yes TRUE if the first string is to be used, else use the second
3336 save_lookup a value to put back into lookup_value before the 2nd expansion
3337 sptr points to the input string pointer
acec9514 3338 yieldptr points to the output growable-string pointer
f90d49f7
JH
3339 type "lookup", "if", "extract", "run", "env", "listextract" or
3340 "certextract" for error message
b0e85a8f
JH
3341 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3342 the store.
059ec3d9
PH
3343
3344Returns: 0 OK; lookup_value has been reset to save_lookup
3345 1 expansion failed
3346 2 expansion failed because of bracketing error
3347*/
3348
3349static int
55414b25 3350process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
acec9514 3351 gstring ** yieldptr, uschar *type, BOOL *resetok)
059ec3d9
PH
3352{
3353int rc = 0;
55414b25 3354const uschar *s = *sptr; /* Local value */
059ec3d9 3355uschar *sub1, *sub2;
e47376be 3356const uschar * errwhere;
059ec3d9
PH
3357
3358/* If there are no following strings, we substitute the contents of $value for
063b1e99 3359lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 3360"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 3361items. */
059ec3d9
PH
3362
3363while (isspace(*s)) s++;
3364if (*s == '}')
3365 {
9e09521e
JH
3366 if (type[0] == 'i')
3367 {
3368 if (yes && !skipping)
acec9514 3369 *yieldptr = string_catn(*yieldptr, US"true", 4);
9e09521e
JH
3370 }
3371 else
3372 {
3373 if (yes && lookup_value && !skipping)
acec9514 3374 *yieldptr = string_cat(*yieldptr, lookup_value);
9e09521e
JH
3375 lookup_value = save_lookup;
3376 }
059ec3d9
PH
3377 s++;
3378 goto RETURN;
3379 }
3380
9b4768fa
PH
3381/* The first following string must be braced. */
3382
e47376be
JH
3383if (*s++ != '{')
3384 {
3385 errwhere = US"'yes' part did not start with '{'";
3386 goto FAILED_CURLY;
3387 }
9b4768fa 3388
059ec3d9
PH
3389/* Expand the first substring. Forced failures are noticed only if we actually
3390want this string. Set skipping in the call in the fail case (this will always
3391be the case if we were already skipping). */
3392
b0e85a8f 3393sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
8768d548
JH
3394if (sub1 == NULL && (yes || !f.expand_string_forcedfail)) goto FAILED;
3395f.expand_string_forcedfail = FALSE;
e47376be
JH
3396if (*s++ != '}')
3397 {
3398 errwhere = US"'yes' part did not end with '}'";
3399 goto FAILED_CURLY;
3400 }
059ec3d9
PH
3401
3402/* If we want the first string, add it to the output */
3403
3404if (yes)
acec9514 3405 *yieldptr = string_cat(*yieldptr, sub1);
059ec3d9 3406
fa01e4f8
JH
3407/* If this is called from a lookup/env or a (cert)extract, we want to restore
3408$value to what it was at the start of the item, so that it has this value
3409during the second string expansion. For the call from "if" or "run" to this
3410function, save_lookup is set to lookup_value, so that this statement does
3411nothing. */
059ec3d9
PH
3412
3413lookup_value = save_lookup;
3414
3415/* There now follows either another substring, or "fail", or nothing. This
3416time, forced failures are noticed only if we want the second string. We must
3417set skipping in the nested call if we don't want this string, or if we were
3418already skipping. */
3419
3420while (isspace(*s)) s++;
3421if (*s == '{')
3422 {
b0e85a8f 3423 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
8768d548
JH
3424 if (sub2 == NULL && (!yes || !f.expand_string_forcedfail)) goto FAILED;
3425 f.expand_string_forcedfail = FALSE;
e47376be
JH
3426 if (*s++ != '}')
3427 {
3428 errwhere = US"'no' part did not start with '{'";
3429 goto FAILED_CURLY;
3430 }
059ec3d9
PH
3431
3432 /* If we want the second string, add it to the output */
3433
3434 if (!yes)
acec9514 3435 *yieldptr = string_cat(*yieldptr, sub2);
059ec3d9
PH
3436 }
3437
3438/* If there is no second string, but the word "fail" is present when the use of
3439the second string is wanted, set a flag indicating it was a forced failure
3440rather than a syntactic error. Swallow the terminating } in case this is nested
3441inside another lookup or if or extract. */
3442
3443else if (*s != '}')
3444 {
3445 uschar name[256];
55414b25
JH
3446 /* deconst cast ok here as source is s anyway */
3447 s = US read_name(name, sizeof(name), s, US"_");
059ec3d9
PH
3448 if (Ustrcmp(name, "fail") == 0)
3449 {
3450 if (!yes && !skipping)
3451 {
3452 while (isspace(*s)) s++;
e47376be
JH
3453 if (*s++ != '}')
3454 {
3455 errwhere = US"did not close with '}' after forcedfail";
3456 goto FAILED_CURLY;
3457 }
059ec3d9
PH
3458 expand_string_message =
3459 string_sprintf("\"%s\" failed and \"fail\" requested", type);
8768d548 3460 f.expand_string_forcedfail = TRUE;
059ec3d9
PH
3461 goto FAILED;
3462 }
3463 }
3464 else
3465 {
3466 expand_string_message =
3467 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3468 goto FAILED;
3469 }
3470 }
3471
3472/* All we have to do now is to check on the final closing brace. */
3473
3474while (isspace(*s)) s++;
e47376be
JH
3475if (*s++ != '}')
3476 {
3477 errwhere = US"did not close with '}'";
3478 goto FAILED_CURLY;
3479 }
059ec3d9 3480
059ec3d9
PH
3481
3482RETURN:
e47376be 3483/* Update the input pointer value before returning */
059ec3d9
PH
3484*sptr = s;
3485return rc;
e47376be
JH
3486
3487FAILED_CURLY:
3488 /* Get here if there is a bracketing failure */
3489 expand_string_message = string_sprintf(
3490 "curly-bracket problem in conditional yes/no parsing: %s\n"
3491 " remaining string is '%s'", errwhere, --s);
3492 rc = 2;
3493