added "prvs" and "prvscheck" expansion items
[exim.git] / src / src / expand.c
CommitLineData
fffda43a 1/* $Cambridge: exim/src/src/expand.c,v 1.27 2005/06/16 20:01:29 tom Exp $ */
059ec3d9
PH
2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
c988f1f4 7/* Copyright (c) University of Cambridge 1995 - 2005 */
059ec3d9
PH
8/* See the file NOTICE for conditions of use and distribution. */
9
10
11/* Functions for handling string expansion. */
12
13
14#include "exim.h"
15
16#ifdef STAND_ALONE
17#ifndef SUPPORT_CRYPTEQ
18#define SUPPORT_CRYPTEQ
19#endif
20#endif
21
22#ifdef SUPPORT_CRYPTEQ
23#ifdef CRYPT_H
24#include <crypt.h>
25#endif
26#ifndef HAVE_CRYPT16
27extern char* crypt16(char*, char*);
28#endif
29#endif
30
31#ifdef LOOKUP_LDAP
32#include "lookups/ldap.h"
33#endif
34
35
36
37/* Recursively called function */
38
39static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43/*************************************************
44* Local statics and tables *
45*************************************************/
46
47/* Table of item names, and corresponding switch numbers. The names must be in
48alphabetical order. */
49
50static uschar *item_table[] = {
1a46a8c5 51 US"dlfunc",
059ec3d9
PH
52 US"extract",
53 US"hash",
54 US"hmac",
55 US"if",
56 US"length",
57 US"lookup",
58 US"nhash",
1a46a8c5 59 US"perl",
fffda43a
TK
60 US"prvs",
61 US"prvscheck",
059ec3d9
PH
62 US"readfile",
63 US"readsocket",
64 US"run",
65 US"sg",
66 US"substr",
67 US"tr" };
68
69enum {
1a46a8c5 70 EITEM_DLFUNC,
059ec3d9
PH
71 EITEM_EXTRACT,
72 EITEM_HASH,
73 EITEM_HMAC,
74 EITEM_IF,
75 EITEM_LENGTH,
76 EITEM_LOOKUP,
77 EITEM_NHASH,
1a46a8c5 78 EITEM_PERL,
fffda43a
TK
79 EITEM_PRVS,
80 EITEM_PRVSCHECK,
059ec3d9
PH
81 EITEM_READFILE,
82 EITEM_READSOCK,
83 EITEM_RUN,
84 EITEM_SG,
85 EITEM_SUBSTR,
86 EITEM_TR };
87
88/* Tables of operator names, and corresponding switch numbers. The names must be
89in alphabetical order. There are two tables, because underscore is used in some
90cases to introduce arguments, whereas for other it is part of the name. This is
91an historical mis-design. */
92
93static uschar *op_table_underscore[] = {
94 US"from_utf8",
95 US"local_part",
96 US"quote_local_part",
97 US"time_interval"};
98
99enum {
100 EOP_FROM_UTF8,
101 EOP_LOCAL_PART,
102 EOP_QUOTE_LOCAL_PART,
103 EOP_TIME_INTERVAL };
104
105static uschar *op_table_main[] = {
106 US"address",
107 US"base62",
108 US"base62d",
109 US"domain",
110 US"escape",
111 US"eval",
112 US"eval10",
113 US"expand",
114 US"h",
115 US"hash",
116 US"hex2b64",
117 US"l",
118 US"lc",
119 US"length",
120 US"mask",
121 US"md5",
122 US"nh",
123 US"nhash",
124 US"quote",
125 US"rfc2047",
126 US"rxquote",
127 US"s",
128 US"sha1",
129 US"stat",
130 US"str2b64",
131 US"strlen",
132 US"substr",
133 US"uc" };
134
135enum {
136 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
137 EOP_BASE62,
138 EOP_BASE62D,
139 EOP_DOMAIN,
140 EOP_ESCAPE,
141 EOP_EVAL,
142 EOP_EVAL10,
143 EOP_EXPAND,
144 EOP_H,
145 EOP_HASH,
146 EOP_HEX2B64,
147 EOP_L,
148 EOP_LC,
149 EOP_LENGTH,
150 EOP_MASK,
151 EOP_MD5,
152 EOP_NH,
153 EOP_NHASH,
154 EOP_QUOTE,
155 EOP_RFC2047,
156 EOP_RXQUOTE,
157 EOP_S,
158 EOP_SHA1,
159 EOP_STAT,
160 EOP_STR2B64,
161 EOP_STRLEN,
162 EOP_SUBSTR,
163 EOP_UC };
164
165
166/* Table of condition names, and corresponding switch numbers. The names must
167be in alphabetical order. */
168
169static uschar *cond_table[] = {
170 US"<",
171 US"<=",
172 US"=",
173 US"==", /* Backward compatibility */
174 US">",
175 US">=",
176 US"and",
177 US"crypteq",
178 US"def",
179 US"eq",
180 US"eqi",
181 US"exists",
182 US"first_delivery",
183 US"ge",
184 US"gei",
185 US"gt",
186 US"gti",
187 US"isip",
188 US"isip4",
189 US"isip6",
190 US"ldapauth",
191 US"le",
192 US"lei",
193 US"lt",
194 US"lti",
195 US"match",
196 US"match_address",
197 US"match_domain",
198 US"match_local_part",
199 US"or",
200 US"pam",
201 US"pwcheck",
202 US"queue_running",
203 US"radius",
204 US"saslauthd"
205};
206
207enum {
208 ECOND_NUM_L,
209 ECOND_NUM_LE,
210 ECOND_NUM_E,
211 ECOND_NUM_EE,
212 ECOND_NUM_G,
213 ECOND_NUM_GE,
214 ECOND_AND,
215 ECOND_CRYPTEQ,
216 ECOND_DEF,
217 ECOND_STR_EQ,
218 ECOND_STR_EQI,
219 ECOND_EXISTS,
220 ECOND_FIRST_DELIVERY,
221 ECOND_STR_GE,
222 ECOND_STR_GEI,
223 ECOND_STR_GT,
224 ECOND_STR_GTI,
225 ECOND_ISIP,
226 ECOND_ISIP4,
227 ECOND_ISIP6,
228 ECOND_LDAPAUTH,
229 ECOND_STR_LE,
230 ECOND_STR_LEI,
231 ECOND_STR_LT,
232 ECOND_STR_LTI,
233 ECOND_MATCH,
234 ECOND_MATCH_ADDRESS,
235 ECOND_MATCH_DOMAIN,
236 ECOND_MATCH_LOCAL_PART,
237 ECOND_OR,
238 ECOND_PAM,
239 ECOND_PWCHECK,
240 ECOND_QUEUE_RUNNING,
241 ECOND_RADIUS,
242 ECOND_SASLAUTHD
243};
244
245
246/* Type for main variable table */
247
248typedef struct {
249 char *name;
250 int type;
251 void *value;
252} var_entry;
253
254/* Type for entries pointing to address/length pairs. Not currently
255in use. */
256
257typedef struct {
258 uschar **address;
259 int *length;
260} alblock;
261
262/* Types of table entry */
263
264enum {
265 vtype_int, /* value is address of int */
266 vtype_filter_int, /* ditto, but recognized only when filtering */
267 vtype_ino, /* value is address of ino_t (not always an int) */
268 vtype_uid, /* value is address of uid_t (not always an int) */
269 vtype_gid, /* value is address of gid_t (not always an int) */
270 vtype_stringptr, /* value is address of pointer to string */
271 vtype_msgbody, /* as stringptr, but read when first required */
272 vtype_msgbody_end, /* ditto, the end of the message */
273 vtype_msgheaders, /* the message's headers */
274 vtype_localpart, /* extract local part from string */
275 vtype_domain, /* extract domain from string */
276 vtype_recipients, /* extract recipients from recipients list */
277 /* (enabled only during system filtering */
278 vtype_todbsdin, /* value not used; generate BSD inbox tod */
279 vtype_tode, /* value not used; generate tod in epoch format */
280 vtype_todf, /* value not used; generate full tod */
281 vtype_todl, /* value not used; generate log tod */
282 vtype_todlf, /* value not used; generate log file datestamp tod */
283 vtype_todzone, /* value not used; generate time zone only */
284 vtype_todzulu, /* value not used; generate zulu tod */
285 vtype_reply, /* value not used; get reply from headers */
286 vtype_pid, /* value not used; result is pid */
287 vtype_host_lookup, /* value not used; get host name */
5cb8cbc6
PH
288 vtype_load_avg, /* value not used; result is int from os_getloadavg */
289 vtype_pspace, /* partition space; value is T/F for spool/log */
8e669ac1 290 vtype_pinodes /* partition inodes; value is T/F for spool/log */
fb2274d4
TK
291#ifdef EXPERIMENTAL_DOMAINKEYS
292 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
84330b7b 293#endif
059ec3d9
PH
294 };
295
296/* This table must be kept in alphabetical order. */
297
298static var_entry var_table[] = {
299 { "acl_c0", vtype_stringptr, &acl_var[0] },
300 { "acl_c1", vtype_stringptr, &acl_var[1] },
301 { "acl_c2", vtype_stringptr, &acl_var[2] },
302 { "acl_c3", vtype_stringptr, &acl_var[3] },
303 { "acl_c4", vtype_stringptr, &acl_var[4] },
304 { "acl_c5", vtype_stringptr, &acl_var[5] },
305 { "acl_c6", vtype_stringptr, &acl_var[6] },
306 { "acl_c7", vtype_stringptr, &acl_var[7] },
307 { "acl_c8", vtype_stringptr, &acl_var[8] },
308 { "acl_c9", vtype_stringptr, &acl_var[9] },
309 { "acl_m0", vtype_stringptr, &acl_var[10] },
310 { "acl_m1", vtype_stringptr, &acl_var[11] },
311 { "acl_m2", vtype_stringptr, &acl_var[12] },
312 { "acl_m3", vtype_stringptr, &acl_var[13] },
313 { "acl_m4", vtype_stringptr, &acl_var[14] },
314 { "acl_m5", vtype_stringptr, &acl_var[15] },
315 { "acl_m6", vtype_stringptr, &acl_var[16] },
316 { "acl_m7", vtype_stringptr, &acl_var[17] },
317 { "acl_m8", vtype_stringptr, &acl_var[18] },
318 { "acl_m9", vtype_stringptr, &acl_var[19] },
319 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
320 { "address_data", vtype_stringptr, &deliver_address_data },
321 { "address_file", vtype_stringptr, &address_file },
322 { "address_pipe", vtype_stringptr, &address_pipe },
323 { "authenticated_id", vtype_stringptr, &authenticated_id },
324 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
325 { "authentication_failed",vtype_int, &authentication_failed },
8523533c
TK
326#ifdef EXPERIMENTAL_BRIGHTMAIL
327 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
328 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
329 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
330 { "bmi_deliver", vtype_int, &bmi_deliver },
331#endif
059ec3d9
PH
332 { "body_linecount", vtype_int, &body_linecount },
333 { "body_zerocount", vtype_int, &body_zerocount },
334 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
335 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
336 { "caller_gid", vtype_gid, &real_gid },
337 { "caller_uid", vtype_uid, &real_uid },
338 { "compile_date", vtype_stringptr, &version_date },
339 { "compile_number", vtype_stringptr, &version_cnumber },
e5a9dba6 340 { "csa_status", vtype_stringptr, &csa_status },
8523533c
TK
341#ifdef WITH_OLD_DEMIME
342 { "demime_errorlevel", vtype_int, &demime_errorlevel },
343 { "demime_reason", vtype_stringptr, &demime_reason },
344#endif
fb2274d4
TK
345#ifdef EXPERIMENTAL_DOMAINKEYS
346 { "dk_domain", vtype_stringptr, &dk_signing_domain },
347 { "dk_is_signed", vtype_dk_verify, NULL },
348 { "dk_result", vtype_dk_verify, NULL },
349 { "dk_selector", vtype_stringptr, &dk_signing_selector },
350 { "dk_sender", vtype_dk_verify, NULL },
351 { "dk_sender_domain", vtype_dk_verify, NULL },
352 { "dk_sender_local_part",vtype_dk_verify, NULL },
353 { "dk_sender_source", vtype_dk_verify, NULL },
354 { "dk_signsall", vtype_dk_verify, NULL },
355 { "dk_status", vtype_dk_verify, NULL },
356 { "dk_testing", vtype_dk_verify, NULL },
357#endif
059ec3d9
PH
358 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
359 { "dnslist_text", vtype_stringptr, &dnslist_text },
360 { "dnslist_value", vtype_stringptr, &dnslist_value },
361 { "domain", vtype_stringptr, &deliver_domain },
362 { "domain_data", vtype_stringptr, &deliver_domain_data },
363 { "exim_gid", vtype_gid, &exim_gid },
364 { "exim_path", vtype_stringptr, &exim_path },
365 { "exim_uid", vtype_uid, &exim_uid },
8523533c
TK
366#ifdef WITH_OLD_DEMIME
367 { "found_extension", vtype_stringptr, &found_extension },
8e669ac1 368#endif
059ec3d9
PH
369 { "home", vtype_stringptr, &deliver_home },
370 { "host", vtype_stringptr, &deliver_host },
371 { "host_address", vtype_stringptr, &deliver_host_address },
372 { "host_data", vtype_stringptr, &host_data },
b08b24c8 373 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
059ec3d9
PH
374 { "host_lookup_failed", vtype_int, &host_lookup_failed },
375 { "inode", vtype_ino, &deliver_inode },
376 { "interface_address", vtype_stringptr, &interface_address },
377 { "interface_port", vtype_int, &interface_port },
378 #ifdef LOOKUP_LDAP
379 { "ldap_dn", vtype_stringptr, &eldap_dn },
380 #endif
381 { "load_average", vtype_load_avg, NULL },
382 { "local_part", vtype_stringptr, &deliver_localpart },
383 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
384 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
385 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
386 { "local_scan_data", vtype_stringptr, &local_scan_data },
387 { "local_user_gid", vtype_gid, &local_user_gid },
388 { "local_user_uid", vtype_uid, &local_user_uid },
389 { "localhost_number", vtype_int, &host_number },
5cb8cbc6 390 { "log_inodes", vtype_pinodes, (void *)FALSE },
8e669ac1 391 { "log_space", vtype_pspace, (void *)FALSE },
059ec3d9 392 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
8523533c
TK
393#ifdef WITH_CONTENT_SCAN
394 { "malware_name", vtype_stringptr, &malware_name },
395#endif
059ec3d9
PH
396 { "message_age", vtype_int, &message_age },
397 { "message_body", vtype_msgbody, &message_body },
398 { "message_body_end", vtype_msgbody_end, &message_body_end },
399 { "message_body_size", vtype_int, &message_body_size },
400 { "message_headers", vtype_msgheaders, NULL },
401 { "message_id", vtype_stringptr, &message_id },
2e0c1448 402 { "message_linecount", vtype_int, &message_linecount },
059ec3d9 403 { "message_size", vtype_int, &message_size },
8523533c
TK
404#ifdef WITH_CONTENT_SCAN
405 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
406 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
407 { "mime_boundary", vtype_stringptr, &mime_boundary },
408 { "mime_charset", vtype_stringptr, &mime_charset },
409 { "mime_content_description", vtype_stringptr, &mime_content_description },
410 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
411 { "mime_content_id", vtype_stringptr, &mime_content_id },
412 { "mime_content_size", vtype_int, &mime_content_size },
413 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
414 { "mime_content_type", vtype_stringptr, &mime_content_type },
415 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
416 { "mime_filename", vtype_stringptr, &mime_filename },
417 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
418 { "mime_is_multipart", vtype_int, &mime_is_multipart },
419 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
420 { "mime_part_count", vtype_int, &mime_part_count },
421#endif
059ec3d9
PH
422 { "n0", vtype_filter_int, &filter_n[0] },
423 { "n1", vtype_filter_int, &filter_n[1] },
424 { "n2", vtype_filter_int, &filter_n[2] },
425 { "n3", vtype_filter_int, &filter_n[3] },
426 { "n4", vtype_filter_int, &filter_n[4] },
427 { "n5", vtype_filter_int, &filter_n[5] },
428 { "n6", vtype_filter_int, &filter_n[6] },
429 { "n7", vtype_filter_int, &filter_n[7] },
430 { "n8", vtype_filter_int, &filter_n[8] },
431 { "n9", vtype_filter_int, &filter_n[9] },
432 { "original_domain", vtype_stringptr, &deliver_domain_orig },
433 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
434 { "originator_gid", vtype_gid, &originator_gid },
435 { "originator_uid", vtype_uid, &originator_uid },
436 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
437 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
438 { "pid", vtype_pid, NULL },
439 { "primary_hostname", vtype_stringptr, &primary_hostname },
fffda43a
TK
440 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
441 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
442 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
059ec3d9
PH
443 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
444 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
445 { "rcpt_count", vtype_int, &rcpt_count },
446 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
447 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
448 { "received_count", vtype_int, &received_count },
449 { "received_for", vtype_stringptr, &received_for },
450 { "received_protocol", vtype_stringptr, &received_protocol },
7dbf77c9 451 { "received_time", vtype_int, &received_time },
059ec3d9 452 { "recipient_data", vtype_stringptr, &recipient_data },
8e669ac1 453 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
059ec3d9
PH
454 { "recipients", vtype_recipients, NULL },
455 { "recipients_count", vtype_int, &recipients_count },
8523533c
TK
456#ifdef WITH_CONTENT_SCAN
457 { "regex_match_string", vtype_stringptr, &regex_match_string },
458#endif
059ec3d9
PH
459 { "reply_address", vtype_reply, NULL },
460 { "return_path", vtype_stringptr, &return_path },
461 { "return_size_limit", vtype_int, &bounce_return_size_limit },
462 { "runrc", vtype_int, &runrc },
463 { "self_hostname", vtype_stringptr, &self_hostname },
464 { "sender_address", vtype_stringptr, &sender_address },
2a3eea10 465 { "sender_address_data", vtype_stringptr, &sender_address_data },
059ec3d9
PH
466 { "sender_address_domain", vtype_domain, &sender_address },
467 { "sender_address_local_part", vtype_localpart, &sender_address },
468 { "sender_data", vtype_stringptr, &sender_data },
469 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
470 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
471 { "sender_host_address", vtype_stringptr, &sender_host_address },
472 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
473 { "sender_host_name", vtype_host_lookup, NULL },
474 { "sender_host_port", vtype_int, &sender_host_port },
475 { "sender_ident", vtype_stringptr, &sender_ident },
870f6ba8
TF
476 { "sender_rate", vtype_stringptr, &sender_rate },
477 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
478 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
059ec3d9 479 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
8e669ac1
PH
480 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
481 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
059ec3d9
PH
482 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
483 { "sn0", vtype_filter_int, &filter_sn[0] },
484 { "sn1", vtype_filter_int, &filter_sn[1] },
485 { "sn2", vtype_filter_int, &filter_sn[2] },
486 { "sn3", vtype_filter_int, &filter_sn[3] },
487 { "sn4", vtype_filter_int, &filter_sn[4] },
488 { "sn5", vtype_filter_int, &filter_sn[5] },
489 { "sn6", vtype_filter_int, &filter_sn[6] },
490 { "sn7", vtype_filter_int, &filter_sn[7] },
491 { "sn8", vtype_filter_int, &filter_sn[8] },
492 { "sn9", vtype_filter_int, &filter_sn[9] },
8523533c
TK
493#ifdef WITH_CONTENT_SCAN
494 { "spam_bar", vtype_stringptr, &spam_bar },
495 { "spam_report", vtype_stringptr, &spam_report },
496 { "spam_score", vtype_stringptr, &spam_score },
497 { "spam_score_int", vtype_stringptr, &spam_score_int },
498#endif
499#ifdef EXPERIMENTAL_SPF
500 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
501 { "spf_received", vtype_stringptr, &spf_received },
502 { "spf_result", vtype_stringptr, &spf_result },
503 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
504#endif
059ec3d9 505 { "spool_directory", vtype_stringptr, &spool_directory },
5cb8cbc6 506 { "spool_inodes", vtype_pinodes, (void *)TRUE },
8e669ac1 507 { "spool_space", vtype_pspace, (void *)TRUE },
8523533c
TK
508#ifdef EXPERIMENTAL_SRS
509 { "srs_db_address", vtype_stringptr, &srs_db_address },
510 { "srs_db_key", vtype_stringptr, &srs_db_key },
511 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
512 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
513 { "srs_recipient", vtype_stringptr, &srs_recipient },
514 { "srs_status", vtype_stringptr, &srs_status },
515#endif
059ec3d9
PH
516 { "thisaddress", vtype_stringptr, &filter_thisaddress },
517 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
518 { "tls_cipher", vtype_stringptr, &tls_cipher },
519 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
520 { "tod_bsdinbox", vtype_todbsdin, NULL },
521 { "tod_epoch", vtype_tode, NULL },
522 { "tod_full", vtype_todf, NULL },
523 { "tod_log", vtype_todl, NULL },
524 { "tod_logfile", vtype_todlf, NULL },
525 { "tod_zone", vtype_todzone, NULL },
526 { "tod_zulu", vtype_todzulu, NULL },
527 { "value", vtype_stringptr, &lookup_value },
528 { "version_number", vtype_stringptr, &version_string },
529 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
530 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
531 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
532 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
533 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
534 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
535};
536
537static int var_table_size = sizeof(var_table)/sizeof(var_entry);
538static uschar var_buffer[256];
539static BOOL malformed_header;
540
541/* For textual hashes */
542
543static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
544 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
545 "0123456789";
546
547enum { HMAC_MD5, HMAC_SHA1 };
548
549/* For numeric hashes */
550
551static unsigned int prime[] = {
552 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
553 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
554 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
555
556/* For printing modes in symbolic form */
557
558static uschar *mtable_normal[] =
559 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
560
561static uschar *mtable_setid[] =
562 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
563
564static uschar *mtable_sticky[] =
565 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
566
567
568
569/*************************************************
570* Tables for UTF-8 support *
571*************************************************/
572
573/* Table of the number of extra characters, indexed by the first character
574masked with 0x3f. The highest number for a valid UTF-8 character is in fact
5750x3d. */
576
577static uschar utf8_table1[] = {
578 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
579 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
580 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
581 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
582
583/* These are the masks for the data bits in the first byte of a character,
584indexed by the number of additional bytes. */
585
586static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
587
588/* Get the next UTF-8 character, advancing the pointer. */
589
590#define GETUTF8INC(c, ptr) \
591 c = *ptr++; \
592 if ((c & 0xc0) == 0xc0) \
593 { \
594 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
595 int s = 6*a; \
596 c = (c & utf8_table2[a]) << s; \
597 while (a-- > 0) \
598 { \
599 s -= 6; \
600 c |= (*ptr++ & 0x3f) << s; \
601 } \
602 }
603
604
605/*************************************************
606* Binary chop search on a table *
607*************************************************/
608
609/* This is used for matching expansion items and operators.
610
611Arguments:
612 name the name that is being sought
613 table the table to search
614 table_size the number of items in the table
615
616Returns: the offset in the table, or -1
617*/
618
619static int
620chop_match(uschar *name, uschar **table, int table_size)
621{
622uschar **bot = table;
623uschar **top = table + table_size;
624
625while (top > bot)
626 {
627 uschar **mid = bot + (top - bot)/2;
628 int c = Ustrcmp(name, *mid);
629 if (c == 0) return mid - table;
630 if (c > 0) bot = mid + 1; else top = mid;
631 }
632
633return -1;
634}
635
636
637
638/*************************************************
639* Check a condition string *
640*************************************************/
641
642/* This function is called to expand a string, and test the result for a "true"
643or "false" value. Failure of the expansion yields FALSE; logged unless it was a
644forced fail or lookup defer. All store used by the function can be released on
645exit.
646
647Arguments:
648 condition the condition string
649 m1 text to be incorporated in panic error
650 m2 ditto
651
652Returns: TRUE if condition is met, FALSE if not
653*/
654
655BOOL
656expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
657{
658int rc;
659void *reset_point = store_get(0);
660uschar *ss = expand_string(condition);
661if (ss == NULL)
662 {
663 if (!expand_string_forcedfail && !search_find_defer)
664 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
665 "for %s %s: %s", condition, m1, m2, expand_string_message);
666 return FALSE;
667 }
668rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
669 strcmpic(ss, US"false") != 0;
670store_reset(reset_point);
671return rc;
672}
673
674
675
676/*************************************************
677* Pick out a name from a string *
678*************************************************/
679
680/* If the name is too long, it is silently truncated.
681
682Arguments:
683 name points to a buffer into which to put the name
684 max is the length of the buffer
685 s points to the first alphabetic character of the name
686 extras chars other than alphanumerics to permit
687
688Returns: pointer to the first character after the name
689
690Note: The test for *s != 0 in the while loop is necessary because
691Ustrchr() yields non-NULL if the character is zero (which is not something
692I expected). */
693
694static uschar *
695read_name(uschar *name, int max, uschar *s, uschar *extras)
696{
697int ptr = 0;
698while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
699 {
700 if (ptr < max-1) name[ptr++] = *s;
701 s++;
702 }
703name[ptr] = 0;
704return s;
705}
706
707
708
709/*************************************************
710* Pick out the rest of a header name *
711*************************************************/
712
713/* A variable name starting $header_ (or just $h_ for those who like
714abbreviations) might not be the complete header name because headers can
715contain any printing characters in their names, except ':'. This function is
716called to read the rest of the name, chop h[eader]_ off the front, and put ':'
717on the end, if the name was terminated by white space.
718
719Arguments:
720 name points to a buffer in which the name read so far exists
721 max is the length of the buffer
722 s points to the first character after the name so far, i.e. the
723 first non-alphameric character after $header_xxxxx
724
725Returns: a pointer to the first character after the header name
726*/
727
728static uschar *
729read_header_name(uschar *name, int max, uschar *s)
730{
731int prelen = Ustrchr(name, '_') - name + 1;
732int ptr = Ustrlen(name) - prelen;
733if (ptr > 0) memmove(name, name+prelen, ptr);
734while (mac_isgraph(*s) && *s != ':')
735 {
736 if (ptr < max-1) name[ptr++] = *s;
737 s++;
738 }
739if (*s == ':') s++;
740name[ptr++] = ':';
741name[ptr] = 0;
742return s;
743}
744
745
746
747/*************************************************
748* Pick out a number from a string *
749*************************************************/
750
751/* Arguments:
752 n points to an integer into which to put the number
753 s points to the first digit of the number
754
755Returns: a pointer to the character after the last digit
756*/
757
758static uschar *
759read_number(int *n, uschar *s)
760{
761*n = 0;
762while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
763return s;
764}
765
766
767
768/*************************************************
769* Extract keyed subfield from a string *
770*************************************************/
771
772/* The yield is in dynamic store; NULL means that the key was not found.
773
774Arguments:
775 key points to the name of the key
776 s points to the string from which to extract the subfield
777
778Returns: NULL if the subfield was not found, or
779 a pointer to the subfield's data
780*/
781
782static uschar *
783expand_getkeyed(uschar *key, uschar *s)
784{
785int length = Ustrlen(key);
786while (isspace(*s)) s++;
787
788/* Loop to search for the key */
789
790while (*s != 0)
791 {
792 int dkeylength;
793 uschar *data;
794 uschar *dkey = s;
795
796 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
797 dkeylength = s - dkey;
798 while (isspace(*s)) s++;
799 if (*s == '=') while (isspace((*(++s))));
800
801 data = string_dequote(&s);
802 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
803 return data;
804
805 while (isspace(*s)) s++;
806 }
807
808return NULL;
809}
810
811
812
813
814/*************************************************
815* Extract numbered subfield from string *
816*************************************************/
817
818/* Extracts a numbered field from a string that is divided by tokens - for
819example a line from /etc/passwd is divided by colon characters. First field is
820numbered one. Negative arguments count from the right. Zero returns the whole
821string. Returns NULL if there are insufficient tokens in the string
822
823***WARNING***
824Modifies final argument - this is a dynamically generated string, so that's OK.
825
826Arguments:
827 field number of field to be extracted,
828 first field = 1, whole string = 0, last field = -1
829 separators characters that are used to break string into tokens
830 s points to the string from which to extract the subfield
831
832Returns: NULL if the field was not found,
833 a pointer to the field's data inside s (modified to add 0)
834*/
835
836static uschar *
837expand_gettokened (int field, uschar *separators, uschar *s)
838{
839int sep = 1;
840int count;
841uschar *ss = s;
842uschar *fieldtext = NULL;
843
844if (field == 0) return s;
845
846/* Break the line up into fields in place; for field > 0 we stop when we have
847done the number of fields we want. For field < 0 we continue till the end of
848the string, counting the number of fields. */
849
850count = (field > 0)? field : INT_MAX;
851
852while (count-- > 0)
853 {
854 size_t len;
855
856 /* Previous field was the last one in the string. For a positive field
857 number, this means there are not enough fields. For a negative field number,
858 check that there are enough, and scan back to find the one that is wanted. */
859
860 if (sep == 0)
861 {
862 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
863 if ((-field) == (INT_MAX - count - 1)) return s;
864 while (field++ < 0)
865 {
866 ss--;
867 while (ss[-1] != 0) ss--;
868 }
869 fieldtext = ss;
870 break;
871 }
872
873 /* Previous field was not last in the string; save its start and put a
874 zero at its end. */
875
876 fieldtext = ss;
877 len = Ustrcspn(ss, separators);
878 sep = ss[len];
879 ss[len] = 0;
880 ss += len + 1;
881 }
882
883return fieldtext;
884}
885
886
887
888/*************************************************
889* Extract a substring from a string *
890*************************************************/
891
892/* Perform the ${substr or ${length expansion operations.
893
894Arguments:
895 subject the input string
896 value1 the offset from the start of the input string to the start of
897 the output string; if negative, count from the right.
898 value2 the length of the output string, or negative (-1) for unset
899 if value1 is positive, unset means "all after"
900 if value1 is negative, unset means "all before"
901 len set to the length of the returned string
902
903Returns: pointer to the output string, or NULL if there is an error
904*/
905
906static uschar *
907extract_substr(uschar *subject, int value1, int value2, int *len)
908{
909int sublen = Ustrlen(subject);
910
911if (value1 < 0) /* count from right */
912 {
913 value1 += sublen;
914
915 /* If the position is before the start, skip to the start, and adjust the
916 length. If the length ends up negative, the substring is null because nothing
917 can precede. This falls out naturally when the length is unset, meaning "all
918 to the left". */
919
920 if (value1 < 0)
921 {
922 value2 += value1;
923 if (value2 < 0) value2 = 0;
924 value1 = 0;
925 }
926
927 /* Otherwise an unset length => characters before value1 */
928
929 else if (value2 < 0)
930 {
931 value2 = value1;
932 value1 = 0;
933 }
934 }
935
936/* For a non-negative offset, if the starting position is past the end of the
937string, the result will be the null string. Otherwise, an unset length means
938"rest"; just set it to the maximum - it will be cut down below if necessary. */
939
940else
941 {
942 if (value1 > sublen)
943 {
944 value1 = sublen;
945 value2 = 0;
946 }
947 else if (value2 < 0) value2 = sublen;
948 }
949
950/* Cut the length down to the maximum possible for the offset value, and get
951the required characters. */
952
953if (value1 + value2 > sublen) value2 = sublen - value1;
954*len = value2;
955return subject + value1;
956}
957
958
959
960
961/*************************************************
962* Old-style hash of a string *
963*************************************************/
964
965/* Perform the ${hash expansion operation.
966
967Arguments:
968 subject the input string (an expanded substring)
969 value1 the length of the output string; if greater or equal to the
970 length of the input string, the input string is returned
971 value2 the number of hash characters to use, or 26 if negative
972 len set to the length of the returned string
973
974Returns: pointer to the output string, or NULL if there is an error
975*/
976
977static uschar *
978compute_hash(uschar *subject, int value1, int value2, int *len)
979{
980int sublen = Ustrlen(subject);
981
982if (value2 < 0) value2 = 26;
983else if (value2 > Ustrlen(hashcodes))
984 {
985 expand_string_message =
986 string_sprintf("hash count \"%d\" too big", value2);
987 return NULL;
988 }
989
990/* Calculate the hash text. We know it is shorter than the original string, so
991can safely place it in subject[] (we know that subject is always itself an
992expanded substring). */
993
994if (value1 < sublen)
995 {
996 int c;
997 int i = 0;
998 int j = value1;
999 while ((c = (subject[j])) != 0)
1000 {
1001 int shift = (c + j++) & 7;
1002 subject[i] ^= (c << shift) | (c >> (8-shift));
1003 if (++i >= value1) i = 0;
1004 }
1005 for (i = 0; i < value1; i++)
1006 subject[i] = hashcodes[(subject[i]) % value2];
1007 }
1008else value1 = sublen;
1009
1010*len = value1;
1011return subject;
1012}
1013
1014
1015
1016
1017/*************************************************
1018* Numeric hash of a string *
1019*************************************************/
1020
1021/* Perform the ${nhash expansion operation. The first characters of the
1022string are treated as most important, and get the highest prime numbers.
1023
1024Arguments:
1025 subject the input string
1026 value1 the maximum value of the first part of the result
1027 value2 the maximum value of the second part of the result,
1028 or negative to produce only a one-part result
1029 len set to the length of the returned string
1030
1031Returns: pointer to the output string, or NULL if there is an error.
1032*/
1033
1034static uschar *
1035compute_nhash (uschar *subject, int value1, int value2, int *len)
1036{
1037uschar *s = subject;
1038int i = 0;
1039unsigned long int total = 0; /* no overflow */
1040
1041while (*s != 0)
1042 {
1043 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1044 total += prime[i--] * (unsigned int)(*s++);
1045 }
1046
1047/* If value2 is unset, just compute one number */
1048
1049if (value2 < 0)
1050 {
1051 s = string_sprintf("%d", total % value1);
1052 }
1053
1054/* Otherwise do a div/mod hash */
1055
1056else
1057 {
1058 total = total % (value1 * value2);
1059 s = string_sprintf("%d/%d", total/value2, total % value2);
1060 }
1061
1062*len = Ustrlen(s);
1063return s;
1064}
1065
1066
1067
1068
1069
1070/*************************************************
1071* Find the value of a header or headers *
1072*************************************************/
1073
1074/* Multiple instances of the same header get concatenated, and this function
1075can also return a concatenation of all the header lines. When concatenating
1076specific headers that contain lists of addresses, a comma is inserted between
1077them. Otherwise we use a straight concatenation. Because some messages can have
1078pathologically large number of lines, there is a limit on the length that is
1079returned. Also, to avoid massive store use which would result from using
1080string_cat() as it copies and extends strings, we do a preliminary pass to find
1081out exactly how much store will be needed. On "normal" messages this will be
1082pretty trivial.
1083
1084Arguments:
1085 name the name of the header, without the leading $header_ or $h_,
1086 or NULL if a concatenation of all headers is required
1087 exists_only TRUE if called from a def: test; don't need to build a string;
1088 just return a string that is not "" and not "0" if the header
1089 exists
1090 newsize return the size of memory block that was obtained; may be NULL
1091 if exists_only is TRUE
1092 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1093 other than concatenating, will be done on the header
1094 charset name of charset to translate MIME words to; used only if
1095 want_raw is false; if NULL, no translation is done (this is
1096 used for $bh_ and $bheader_)
1097
1098Returns: NULL if the header does not exist, else a pointer to a new
1099 store block
1100*/
1101
1102static uschar *
1103find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1104 uschar *charset)
1105{
1106BOOL found = name == NULL;
1107int comma = 0;
1108int len = found? 0 : Ustrlen(name);
1109int i;
1110uschar *yield = NULL;
1111uschar *ptr = NULL;
1112
1113/* Loop for two passes - saves code repetition */
1114
1115for (i = 0; i < 2; i++)
1116 {
1117 int size = 0;
1118 header_line *h;
1119
1120 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1121 {
1122 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1123 {
1124 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1125 {
1126 int ilen;
1127 uschar *t;
1128
1129 if (exists_only) return US"1"; /* don't need actual string */
1130 found = TRUE;
1131 t = h->text + len; /* text to insert */
1132 if (!want_raw) /* unless wanted raw, */
1133 while (isspace(*t)) t++; /* remove leading white space */
1134 ilen = h->slen - (t - h->text); /* length to insert */
1135
1136 /* Set comma = 1 if handling a single header and it's one of those
1137 that contains an address list, except when asked for raw headers. Only
1138 need to do this once. */
1139
1140 if (!want_raw && name != NULL && comma == 0 &&
1141 Ustrchr("BCFRST", h->type) != NULL)
1142 comma = 1;
1143
1144 /* First pass - compute total store needed; second pass - compute
1145 total store used, including this header. */
1146
1147 size += ilen + comma;
1148
1149 /* Second pass - concatentate the data, up to a maximum. Note that
1150 the loop stops when size hits the limit. */
1151
1152 if (i != 0)
1153 {
1154 if (size > header_insert_maxlen)
1155 {
1156 ilen -= size - header_insert_maxlen;
1157 comma = 0;
1158 }
1159 Ustrncpy(ptr, t, ilen);
1160 ptr += ilen;
1161 if (comma != 0 && ilen > 0)
1162 {
1163 ptr[-1] = ',';
1164 *ptr++ = '\n';
1165 }
1166 }
1167 }
1168 }
1169 }
1170
1171 /* At end of first pass, truncate size if necessary, and get the buffer
1172 to hold the data, returning the buffer size. */
1173
1174 if (i == 0)
1175 {
1176 if (!found) return NULL;
1177 if (size > header_insert_maxlen) size = header_insert_maxlen;
1178 *newsize = size + 1;
1179 ptr = yield = store_get(*newsize);
1180 }
1181 }
1182
1183/* Remove a redundant added comma if present */
1184
1185if (comma != 0 && ptr > yield) ptr -= 2;
1186
1187/* That's all we do for raw header expansion. */
1188
1189if (want_raw)
1190 {
1191 *ptr = 0;
1192 }
1193
1194/* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
11952047 decoding, translating the charset if requested. The rfc2047_decode2()
1196function can return an error with decoded data if the charset translation
1197fails. If decoding fails, it returns NULL. */
1198
1199else
1200 {
1201 uschar *decoded, *error;
1202 while (ptr > yield && isspace(ptr[-1])) ptr--;
1203 *ptr = 0;
1204 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1205 if (error != NULL)
1206 {
1207 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1208 " input was: %s\n", error, yield);
1209 }
1210 if (decoded != NULL) yield = decoded;
1211 }
1212
1213return yield;
1214}
1215
1216
1217
1218
1219/*************************************************
1220* Find value of a variable *
1221*************************************************/
1222
1223/* The table of variables is kept in alphabetic order, so we can search it
1224using a binary chop. The "choplen" variable is nothing to do with the binary
1225chop.
1226
1227Arguments:
1228 name the name of the variable being sought
1229 exists_only TRUE if this is a def: test; passed on to find_header()
1230 skipping TRUE => skip any processing evaluation; this is not the same as
1231 exists_only because def: may test for values that are first
1232 evaluated here
1233 newsize pointer to an int which is initially zero; if the answer is in
1234 a new memory buffer, *newsize is set to its size
1235
1236Returns: NULL if the variable does not exist, or
1237 a pointer to the variable's contents, or
1238 something non-NULL if exists_only is TRUE
1239*/
1240
1241static uschar *
1242find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1243{
1244int first = 0;
1245int last = var_table_size;
1246
1247while (last > first)
1248 {
1249 uschar *s, *domain;
1250 uschar **ss;
1251 int middle = (first + last)/2;
1252 int c = Ustrcmp(name, var_table[middle].name);
1253
1254 if (c > 0) { first = middle + 1; continue; }
1255 if (c < 0) { last = middle; continue; }
1256
1257 /* Found an existing variable. If in skipping state, the value isn't needed,
1258 and we want to avoid processing (such as looking up up the host name). */
1259
1260 if (skipping) return US"";
1261
1262 switch (var_table[middle].type)
1263 {
1264 case vtype_filter_int:
1265 if (!filter_running) return NULL;
1266 /* Fall through */
1267
fb2274d4
TK
1268#ifdef EXPERIMENTAL_DOMAINKEYS
1269
1270 case vtype_dk_verify:
cacfbf29 1271 if (dk_verify_block == NULL) return US"";
fb2274d4
TK
1272 s = NULL;
1273 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1274 s = dk_verify_block->result_string;
1275 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1276 s = dk_verify_block->address;
1277 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1278 s = dk_verify_block->domain;
1279 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1280 s = dk_verify_block->local_part;
84330b7b 1281
fb2274d4
TK
1282 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1283 switch(dk_verify_block->address_source) {
1284 case DK_EXIM_ADDRESS_NONE: s = "0"; break;
1285 case DK_EXIM_ADDRESS_FROM_FROM: s = "from"; break;
1286 case DK_EXIM_ADDRESS_FROM_SENDER: s = "sender"; break;
1287 }
1288
1289 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1290 switch(dk_verify_block->result) {
1291 case DK_EXIM_RESULT_ERR: s = "error"; break;
1292 case DK_EXIM_RESULT_BAD_FORMAT: s = "bad format"; break;
1293 case DK_EXIM_RESULT_NO_KEY: s = "no key"; break;
1294 case DK_EXIM_RESULT_NO_SIGNATURE: s = "no signature"; break;
1295 case DK_EXIM_RESULT_REVOKED: s = "revoked"; break;
1296 case DK_EXIM_RESULT_NON_PARTICIPANT: s = "non-participant"; break;
1297 case DK_EXIM_RESULT_GOOD: s = "good"; break;
1298 case DK_EXIM_RESULT_BAD: s = "bad"; break;
1299 }
84330b7b 1300
fb2274d4
TK
1301 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
1302 s = (dk_verify_block->signsall)? "1" : "0";
84330b7b 1303
fb2274d4
TK
1304 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
1305 s = (dk_verify_block->testing)? "1" : "0";
84330b7b 1306
fb2274d4
TK
1307 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
1308 s = (dk_verify_block->is_signed)? "1" : "0";
84330b7b 1309
fb2274d4
TK
1310 return (s == NULL)? US"" : s;
1311#endif
1312
059ec3d9
PH
1313 case vtype_int:
1314 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1315 return var_buffer;
1316
1317 case vtype_ino:
1318 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1319 return var_buffer;
1320
1321 case vtype_gid:
1322 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1323 return var_buffer;
1324
1325 case vtype_uid:
1326 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1327 return var_buffer;
1328
1329 case vtype_stringptr: /* Pointer to string */
1330 s = *((uschar **)(var_table[middle].value));
1331 return (s == NULL)? US"" : s;
1332
1333 case vtype_pid:
1334 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1335 return var_buffer;
1336
1337 case vtype_load_avg:
1338 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1339 return var_buffer;
1340
1341 case vtype_host_lookup: /* Lookup if not done so */
1342 if (sender_host_name == NULL && sender_host_address != NULL &&
1343 !host_lookup_failed && host_name_lookup() == OK)
1344 host_build_sender_fullhost();
1345 return (sender_host_name == NULL)? US"" : sender_host_name;
1346
1347 case vtype_localpart: /* Get local part from address */
1348 s = *((uschar **)(var_table[middle].value));
1349 if (s == NULL) return US"";
1350 domain = Ustrrchr(s, '@');
1351 if (domain == NULL) return s;
1352 if (domain - s > sizeof(var_buffer) - 1)
1353 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1354 "string expansion", sizeof(var_buffer));
1355 Ustrncpy(var_buffer, s, domain - s);
1356 var_buffer[domain - s] = 0;
1357 return var_buffer;
1358
1359 case vtype_domain: /* Get domain from address */
1360 s = *((uschar **)(var_table[middle].value));
1361 if (s == NULL) return US"";
1362 domain = Ustrrchr(s, '@');
1363 return (domain == NULL)? US"" : domain + 1;
1364
1365 case vtype_msgheaders:
1366 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1367
1368 case vtype_msgbody: /* Pointer to msgbody string */
1369 case vtype_msgbody_end: /* Ditto, the end of the msg */
1370 ss = (uschar **)(var_table[middle].value);
1371 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1372 {
1373 uschar *body;
0d7eb84a 1374 off_t start_offset = SPOOL_DATA_START_OFFSET;
059ec3d9
PH
1375 int len = message_body_visible;
1376 if (len > message_size) len = message_size;
1377 *ss = body = store_malloc(len+1);
1378 body[0] = 0;
1379 if (var_table[middle].type == vtype_msgbody_end)
1380 {
1381 struct stat statbuf;
1382 if (fstat(deliver_datafile, &statbuf) == 0)
1383 {
1384 start_offset = statbuf.st_size - len;
1385 if (start_offset < SPOOL_DATA_START_OFFSET)
1386 start_offset = SPOOL_DATA_START_OFFSET;
1387 }
1388 }
1389 lseek(deliver_datafile, start_offset, SEEK_SET);
1390 len = read(deliver_datafile, body, len);
1391 if (len > 0)
1392 {
1393 body[len] = 0;
1394 while (len > 0)
1395 {
1396 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1397 }
1398 }
1399 }
1400 return (*ss == NULL)? US"" : *ss;
1401
1402 case vtype_todbsdin: /* BSD inbox time of day */
1403 return tod_stamp(tod_bsdin);
1404
1405 case vtype_tode: /* Unix epoch time of day */
1406 return tod_stamp(tod_epoch);
1407
1408 case vtype_todf: /* Full time of day */
1409 return tod_stamp(tod_full);
1410
1411 case vtype_todl: /* Log format time of day */
1412 return tod_stamp(tod_log_bare); /* (without timezone) */
1413
1414 case vtype_todzone: /* Time zone offset only */
1415 return tod_stamp(tod_zone);
1416
1417 case vtype_todzulu: /* Zulu time */
1418 return tod_stamp(tod_zulu);
1419
1420 case vtype_todlf: /* Log file datestamp tod */
1421 return tod_stamp(tod_log_datestamp);
1422
1423 case vtype_reply: /* Get reply address */
1424 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1425 headers_charset);
1426 if (s == NULL || *s == 0)
1427 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1428 return (s == NULL)? US"" : s;
1429
1430 /* A recipients list is available only during system message filtering,
1431 during ACL processing after DATA, and while expanding pipe commands
1432 generated from a system filter, but not elsewhere. */
1433
1434 case vtype_recipients:
1435 if (!enable_dollar_recipients) return NULL; else
1436 {
1437 int size = 128;
1438 int ptr = 0;
1439 int i;
1440 s = store_get(size);
1441 for (i = 0; i < recipients_count; i++)
1442 {
1443 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1444 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1445 Ustrlen(recipients_list[i].address));
1446 }
1447 s[ptr] = 0; /* string_cat() leaves room */
1448 }
1449 return s;
8e669ac1 1450
5cb8cbc6
PH
1451 case vtype_pspace:
1452 {
1453 int inodes;
8e669ac1
PH
1454 sprintf(CS var_buffer, "%d",
1455 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
5cb8cbc6
PH
1456 }
1457 return var_buffer;
8e669ac1 1458
5cb8cbc6
PH
1459 case vtype_pinodes:
1460 {
1461 int inodes;
8e669ac1 1462 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
5cb8cbc6
PH
1463 sprintf(CS var_buffer, "%d", inodes);
1464 }
1465 return var_buffer;
059ec3d9
PH
1466 }
1467 }
1468
1469return NULL; /* Unknown variable name */
1470}
1471
1472
1473
1474
1475/*************************************************
1476* Read and expand substrings *
1477*************************************************/
1478
1479/* This function is called to read and expand argument substrings for various
1480expansion items. Some have a minimum requirement that is less than the maximum;
1481in these cases, the first non-present one is set to NULL.
1482
1483Arguments:
1484 sub points to vector of pointers to set
1485 n maximum number of substrings
1486 m minimum required
1487 sptr points to current string pointer
1488 skipping the skipping flag
1489 check_end if TRUE, check for final '}'
1490 name name of item, for error message
1491
1492Returns: 0 OK; string pointer updated
1493 1 curly bracketing error (too few arguments)
1494 2 too many arguments (only if check_end is set); message set
1495 3 other error (expansion failure)
1496*/
1497
1498static int
1499read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1500 BOOL check_end, uschar *name)
1501{
1502int i;
1503uschar *s = *sptr;
1504
1505while (isspace(*s)) s++;
1506for (i = 0; i < n; i++)
1507 {
1508 if (*s != '{')
1509 {
1510 if (i < m) return 1;
1511 sub[i] = NULL;
1512 break;
1513 }
1514 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1515 if (sub[i] == NULL) return 3;
1516 if (*s++ != '}') return 1;
1517 while (isspace(*s)) s++;
1518 }
1519if (check_end && *s++ != '}')
1520 {
1521 if (s[-1] == '{')
1522 {
1523 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1524 "(max is %d)", name, n);
1525 return 2;
1526 }
1527 return 1;
1528 }
1529
1530*sptr = s;
1531return 0;
1532}
1533
1534
1535
1536
1537/*************************************************
1538* Read and evaluate a condition *
1539*************************************************/
1540
1541/*
1542Arguments:
1543 s points to the start of the condition text
1544 yield points to a BOOL to hold the result of the condition test;
1545 if NULL, we are just reading through a condition that is
1546 part of an "or" combination to check syntax, or in a state
1547 where the answer isn't required
1548
1549Returns: a pointer to the first character after the condition, or
1550 NULL after an error
1551*/
1552
1553static uschar *
1554eval_condition(uschar *s, BOOL *yield)
1555{
1556BOOL testfor = TRUE;
1557BOOL tempcond, combined_cond;
1558BOOL *subcondptr;
1559int i, rc, cond_type, roffset;
1560int num[2];
1561struct stat statbuf;
1562uschar name[256];
1563uschar *sub[4];
1564
1565const pcre *re;
1566const uschar *rerror;
1567
1568for (;;)
1569 {
1570 while (isspace(*s)) s++;
1571 if (*s == '!') { testfor = !testfor; s++; } else break;
1572 }
1573
1574/* Numeric comparisons are symbolic */
1575
1576if (*s == '=' || *s == '>' || *s == '<')
1577 {
1578 int p = 0;
1579 name[p++] = *s++;
1580 if (*s == '=')
1581 {
1582 name[p++] = '=';
1583 s++;
1584 }
1585 name[p] = 0;
1586 }
1587
1588/* All other conditions are named */
1589
1590else s = read_name(name, 256, s, US"_");
1591
1592/* If we haven't read a name, it means some non-alpha character is first. */
1593
1594if (name[0] == 0)
1595 {
1596 expand_string_message = string_sprintf("condition name expected, "
1597 "but found \"%.16s\"", s);
1598 return NULL;
1599 }
1600
1601/* Find which condition we are dealing with, and switch on it */
1602
1603cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1604switch(cond_type)
1605 {
9b4768fa
PH
1606 /* def: tests for a non-empty variable, or for the existence of a header. If
1607 yield == NULL we are in a skipping state, and don't care about the answer. */
059ec3d9
PH
1608
1609 case ECOND_DEF:
1610 if (*s != ':')
1611 {
1612 expand_string_message = US"\":\" expected after \"def\"";
1613 return NULL;
1614 }
1615
1616 s = read_name(name, 256, s+1, US"_");
1617
1618 /* Test for a header's existence */
1619
1620 if (Ustrncmp(name, "h_", 2) == 0 ||
1621 Ustrncmp(name, "rh_", 3) == 0 ||
1622 Ustrncmp(name, "bh_", 3) == 0 ||
1623 Ustrncmp(name, "header_", 7) == 0 ||
1624 Ustrncmp(name, "rheader_", 8) == 0 ||
1625 Ustrncmp(name, "bheader_", 8) == 0)
1626 {
1627 s = read_header_name(name, 256, s);
1628 if (yield != NULL) *yield =
1629 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1630 }
1631
9b4768fa
PH
1632 /* Test for a variable's having a non-empty value. A non-existent variable
1633 causes an expansion failure. */
059ec3d9
PH
1634
1635 else
1636 {
1637 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1638 if (value == NULL)
1639 {
1640 expand_string_message = (name[0] == 0)?
1641 string_sprintf("variable name omitted after \"def:\"") :
1642 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1643 return NULL;
1644 }
9b4768fa 1645 if (yield != NULL) *yield = (value[0] != 0) == testfor;
059ec3d9
PH
1646 }
1647
1648 return s;
1649
1650
1651 /* first_delivery tests for first delivery attempt */
1652
1653 case ECOND_FIRST_DELIVERY:
1654 if (yield != NULL) *yield = deliver_firsttime == testfor;
1655 return s;
1656
1657
1658 /* queue_running tests for any process started by a queue runner */
1659
1660 case ECOND_QUEUE_RUNNING:
1661 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1662 return s;
1663
1664
1665 /* exists: tests for file existence
1666 isip: tests for any IP address
1667 isip4: tests for an IPv4 address
1668 isip6: tests for an IPv6 address
1669 pam: does PAM authentication
1670 radius: does RADIUS authentication
1671 ldapauth: does LDAP authentication
1672 pwcheck: does Cyrus SASL pwcheck authentication
1673 */
1674
1675 case ECOND_EXISTS:
1676 case ECOND_ISIP:
1677 case ECOND_ISIP4:
1678 case ECOND_ISIP6:
1679 case ECOND_PAM:
1680 case ECOND_RADIUS:
1681 case ECOND_LDAPAUTH:
1682 case ECOND_PWCHECK:
1683
1684 while (isspace(*s)) s++;
1685 if (*s != '{') goto COND_FAILED_CURLY_START;
1686
1687 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1688 if (sub[0] == NULL) return NULL;
1689 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1690
1691 if (yield == NULL) return s; /* No need to run the test if skipping */
1692
1693 switch(cond_type)
1694 {
1695 case ECOND_EXISTS:
1696 if ((expand_forbid & RDO_EXISTS) != 0)
1697 {
1698 expand_string_message = US"File existence tests are not permitted";
1699 return NULL;
1700 }
1701 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1702 break;
1703
1704 case ECOND_ISIP:
1705 case ECOND_ISIP4:
1706 case ECOND_ISIP6:
1707 rc = string_is_ip_address(sub[0], NULL);
1708 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1709 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1710 break;
1711
1712 /* Various authentication tests - all optionally compiled */
1713
1714 case ECOND_PAM:
1715 #ifdef SUPPORT_PAM
1716 rc = auth_call_pam(sub[0], &expand_string_message);
1717 goto END_AUTH;
1718 #else
1719 goto COND_FAILED_NOT_COMPILED;
1720 #endif /* SUPPORT_PAM */
1721
1722 case ECOND_RADIUS:
1723 #ifdef RADIUS_CONFIG_FILE
1724 rc = auth_call_radius(sub[0], &expand_string_message);
1725 goto END_AUTH;
1726 #else
1727 goto COND_FAILED_NOT_COMPILED;
1728 #endif /* RADIUS_CONFIG_FILE */
1729
1730 case ECOND_LDAPAUTH:
1731 #ifdef LOOKUP_LDAP
1732 {
1733 /* Just to keep the interface the same */
1734 BOOL do_cache;
1735 int old_pool = store_pool;
1736 store_pool = POOL_SEARCH;
1737 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1738 &expand_string_message, &do_cache);
1739 store_pool = old_pool;
1740 }
1741 goto END_AUTH;
1742 #else
1743 goto COND_FAILED_NOT_COMPILED;
1744 #endif /* LOOKUP_LDAP */
1745
1746 case ECOND_PWCHECK:
1747 #ifdef CYRUS_PWCHECK_SOCKET
1748 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1749 goto END_AUTH;
1750 #else
1751 goto COND_FAILED_NOT_COMPILED;
1752 #endif /* CYRUS_PWCHECK_SOCKET */
1753
1754 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1755 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1756 END_AUTH:
1757 if (rc == ERROR || rc == DEFER) return NULL;
1758 *yield = (rc == OK) == testfor;
1759 #endif
1760 }
1761 return s;
1762
1763
1764 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1765
1766 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1767
1768 However, the last two are optional. That is why the whole set is enclosed
1769 in their own set or braces. */
1770
1771 case ECOND_SASLAUTHD:
1772 #ifndef CYRUS_SASLAUTHD_SOCKET
1773 goto COND_FAILED_NOT_COMPILED;
1774 #else
1775 while (isspace(*s)) s++;
1776 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1777 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1778 {
1779 case 1: expand_string_message = US"too few arguments or bracketing "
1780 "error for saslauthd";
1781 case 2:
1782 case 3: return NULL;
1783 }
1784 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1785 if (yield != NULL)
1786 {
1787 int rc;
1788 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1789 &expand_string_message);
1790 if (rc == ERROR || rc == DEFER) return NULL;
1791 *yield = (rc == OK) == testfor;
1792 }
1793 return s;
1794 #endif /* CYRUS_SASLAUTHD_SOCKET */
1795
1796
1797 /* symbolic operators for numeric and string comparison, and a number of
1798 other operators, all requiring two arguments.
1799
1800 match: does a regular expression match and sets up the numerical
1801 variables if it succeeds
1802 match_address: matches in an address list
1803 match_domain: matches in a domain list
1804 match_local_part: matches in a local part list
1805 crypteq: encrypts plaintext and compares against an encrypted text,
1806 using crypt(), crypt16(), MD5 or SHA-1
1807 */
1808
1809 case ECOND_MATCH:
1810 case ECOND_MATCH_ADDRESS:
1811 case ECOND_MATCH_DOMAIN:
1812 case ECOND_MATCH_LOCAL_PART:
1813 case ECOND_CRYPTEQ:
1814
1815 case ECOND_NUM_L: /* Numerical comparisons */
1816 case ECOND_NUM_LE:
1817 case ECOND_NUM_E:
1818 case ECOND_NUM_EE:
1819 case ECOND_NUM_G:
1820 case ECOND_NUM_GE:
1821
1822 case ECOND_STR_LT: /* String comparisons */
1823 case ECOND_STR_LTI:
1824 case ECOND_STR_LE:
1825 case ECOND_STR_LEI:
1826 case ECOND_STR_EQ:
1827 case ECOND_STR_EQI:
1828 case ECOND_STR_GT:
1829 case ECOND_STR_GTI:
1830 case ECOND_STR_GE:
1831 case ECOND_STR_GEI:
1832
1833 for (i = 0; i < 2; i++)
1834 {
1835 while (isspace(*s)) s++;
1836 if (*s != '{')
1837 {
1838 if (i == 0) goto COND_FAILED_CURLY_START;
1839 expand_string_message = string_sprintf("missing 2nd string in {} "
1840 "after \"%s\"", name);
1841 return NULL;
1842 }
1843 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1844 if (sub[i] == NULL) return NULL;
1845 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1846
1847 /* Convert to numerical if required; we know that the names of all the
1848 conditions that compare numbers do not start with a letter. This just saves
1849 checking for them individually. */
1850
1851 if (!isalpha(name[0]))
1852 {
1853 uschar *endptr;
1854 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1855 if (tolower(*endptr) == 'k')
1856 {
1857 num[i] *= 1024;
1858 endptr++;
1859 }
1860 else if (tolower(*endptr) == 'm')
1861 {
1862 num[i] *= 1024*1024;
1863 endptr++;
1864 }
1865 while (isspace(*endptr)) endptr++;
1866 if (*endptr != 0)
1867 {
1868 expand_string_message = string_sprintf("\"%s\" is not a number",
1869 sub[i]);
1870 return NULL;
1871 }
1872 }
1873 }
1874
1875 /* Result not required */
1876
1877 if (yield == NULL) return s;
1878
1879 /* Do an appropriate comparison */
1880
1881 switch(cond_type)
1882 {
1883 case ECOND_NUM_E:
1884 case ECOND_NUM_EE:
1885 *yield = (num[0] == num[1]) == testfor;
1886 break;
1887
1888 case ECOND_NUM_G:
1889 *yield = (num[0] > num[1]) == testfor;
1890 break;
1891
1892 case ECOND_NUM_GE:
1893 *yield = (num[0] >= num[1]) == testfor;
1894 break;
1895
1896 case ECOND_NUM_L:
1897 *yield = (num[0] < num[1]) == testfor;
1898 break;
1899
1900 case ECOND_NUM_LE:
1901 *yield = (num[0] <= num[1]) == testfor;
1902 break;
1903
1904 case ECOND_STR_LT:
1905 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1906 break;
1907
1908 case ECOND_STR_LTI:
1909 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1910 break;
1911
1912 case ECOND_STR_LE:
1913 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1914 break;
1915
1916 case ECOND_STR_LEI:
1917 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1918 break;
1919
1920 case ECOND_STR_EQ:
1921 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1922 break;
1923
1924 case ECOND_STR_EQI:
1925 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1926 break;
1927
1928 case ECOND_STR_GT:
1929 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1930 break;
1931
1932 case ECOND_STR_GTI:
1933 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1934 break;
1935
1936 case ECOND_STR_GE:
1937 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1938 break;
1939
1940 case ECOND_STR_GEI:
1941 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1942 break;
1943
1944 case ECOND_MATCH: /* Regular expression match */
1945 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1946 NULL);
1947 if (re == NULL)
1948 {
1949 expand_string_message = string_sprintf("regular expression error in "
1950 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1951 return NULL;
1952 }
1953 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1954 break;
1955
1956 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1957 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1958 goto MATCHED_SOMETHING;
1959
1960 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1961 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1962 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1963 goto MATCHED_SOMETHING;
1964
1965 case ECOND_MATCH_LOCAL_PART:
1966 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1967 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1968 /* Fall through */
1969
1970 MATCHED_SOMETHING:
1971 switch(rc)
1972 {
1973 case OK:
1974 *yield = testfor;
1975 break;
1976
1977 case FAIL:
1978 *yield = !testfor;
1979 break;
1980
1981 case DEFER:
1982 expand_string_message = string_sprintf("unable to complete match "
1983 "against \"%s\": %s", sub[1], search_error_message);
1984 return NULL;
1985 }
1986
1987 break;
1988
1989 /* Various "encrypted" comparisons. If the second string starts with
1990 "{" then an encryption type is given. Default to crypt() or crypt16()
1991 (build-time choice). */
1992
1993 case ECOND_CRYPTEQ:
1994 #ifndef SUPPORT_CRYPTEQ
1995 goto COND_FAILED_NOT_COMPILED;
1996 #else
1997 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1998 {
1999 int sublen = Ustrlen(sub[1]+5);
2000 md5 base;
2001 uschar digest[16];
2002
2003 md5_start(&base);
2004 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2005
2006 /* If the length that we are comparing against is 24, the MD5 digest
2007 is expressed as a base64 string. This is the way LDAP does it. However,
2008 some other software uses a straightforward hex representation. We assume
2009 this if the length is 32. Other lengths fail. */
2010
2011 if (sublen == 24)
2012 {
2013 uschar *coded = auth_b64encode((uschar *)digest, 16);
2014 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2015 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2016 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2017 }
2018 else if (sublen == 32)
2019 {
2020 int i;
2021 uschar coded[36];
2022 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2023 coded[32] = 0;
2024 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2025 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2026 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2027 }
2028 else
2029 {
2030 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2031 "fail\n crypted=%s\n", sub[1]+5);
2032 *yield = !testfor;
2033 }
2034 }
2035
2036 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2037 {
2038 int sublen = Ustrlen(sub[1]+6);
2039 sha1 base;
2040 uschar digest[20];
2041
2042 sha1_start(&base);
2043 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2044
2045 /* If the length that we are comparing against is 28, assume the SHA1
2046 digest is expressed as a base64 string. If the length is 40, assume a
2047 straightforward hex representation. Other lengths fail. */
2048
2049 if (sublen == 28)
2050 {
2051 uschar *coded = auth_b64encode((uschar *)digest, 20);
2052 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2053 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2054 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2055 }
2056 else if (sublen == 40)
2057 {
2058 int i;
2059 uschar coded[44];
2060 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2061 coded[40] = 0;
2062 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2063 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2064 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2065 }
2066 else
2067 {
2068 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2069 "fail\n crypted=%s\n", sub[1]+6);
2070 *yield = !testfor;
2071 }
2072 }
2073
2074 else /* {crypt} or {crypt16} and non-{ at start */
2075 {
2076 int which = 0;
2077 uschar *coded;
2078
2079 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2080 {
2081 sub[1] += 7;
2082 which = 1;
2083 }
2084 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2085 {
2086 sub[1] += 9;
2087 which = 2;
2088 }
2089 else if (sub[1][0] == '{')
2090 {
2091 expand_string_message = string_sprintf("unknown encryption mechanism "
2092 "in \"%s\"", sub[1]);
2093 return NULL;
2094 }
2095
2096 switch(which)
2097 {
2098 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2099 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2100 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2101 }
2102
2103 #define STR(s) # s
2104 #define XSTR(s) STR(s)
2105 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2106 " subject=%s\n crypted=%s\n",
2107 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2108 coded, sub[1]);
2109 #undef STR
2110 #undef XSTR
2111
2112 /* If the encrypted string contains fewer than two characters (for the
2113 salt), force failure. Otherwise we get false positives: with an empty
2114 string the yield of crypt() is an empty string! */
2115
2116 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2117 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2118 }
2119 break;
2120 #endif /* SUPPORT_CRYPTEQ */
2121 } /* Switch for comparison conditions */
2122
2123 return s; /* End of comparison conditions */
2124
2125
2126 /* and/or: computes logical and/or of several conditions */
2127
2128 case ECOND_AND:
2129 case ECOND_OR:
2130 subcondptr = (yield == NULL)? NULL : &tempcond;
2131 combined_cond = (cond_type == ECOND_AND);
2132
2133 while (isspace(*s)) s++;
2134 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2135
2136 for (;;)
2137 {
2138 while (isspace(*s)) s++;
2139 if (*s == '}') break;
2140 if (*s != '{')
2141 {
2142 expand_string_message = string_sprintf("each subcondition "
2143 "inside an \"%s{...}\" condition must be in its own {}", name);
2144 return NULL;
2145 }
2146
2147 s = eval_condition(s+1, subcondptr);
2148 if (s == NULL)
2149 {
2150 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2151 expand_string_message, name);
2152 return NULL;
2153 }
2154 while (isspace(*s)) s++;
2155
2156 if (*s++ != '}')
2157 {
2158 expand_string_message = string_sprintf("missing } at end of condition "
2159 "inside \"%s\" group", name);
2160 return NULL;
2161 }
2162
2163 if (yield != NULL)
2164 {
2165 if (cond_type == ECOND_AND)
2166 {
2167 combined_cond &= tempcond;
2168 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2169 } /* evaluate any more */
2170 else
2171 {
2172 combined_cond |= tempcond;
2173 if (combined_cond) subcondptr = NULL; /* once true, don't */
2174 } /* evaluate any more */
2175 }
2176 }
2177
2178 if (yield != NULL) *yield = (combined_cond == testfor);
2179 return ++s;
2180
2181
2182 /* Unknown condition */
2183
2184 default:
2185 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2186 return NULL;
2187 } /* End switch on condition type */
2188
2189/* Missing braces at start and end of data */
2190
2191COND_FAILED_CURLY_START:
2192expand_string_message = string_sprintf("missing { after \"%s\"", name);
2193return NULL;
2194
2195COND_FAILED_CURLY_END:
2196expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2197 name);
2198return NULL;
2199
2200/* A condition requires code that is not compiled */
2201
2202#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2203 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2204 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2205COND_FAILED_NOT_COMPILED:
2206expand_string_message = string_sprintf("support for \"%s\" not compiled",
2207 name);
2208return NULL;
2209#endif
2210}
2211
2212
2213
2214
2215/*************************************************
2216* Save numerical variables *
2217*************************************************/
2218
2219/* This function is called from items such as "if" that want to preserve and
2220restore the numbered variables.
2221
2222Arguments:
2223 save_expand_string points to an array of pointers to set
2224 save_expand_nlength points to an array of ints for the lengths
2225
2226Returns: the value of expand max to save
2227*/
2228
2229static int
2230save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2231{
2232int i;
2233for (i = 0; i <= expand_nmax; i++)
2234 {
2235 save_expand_nstring[i] = expand_nstring[i];
2236 save_expand_nlength[i] = expand_nlength[i];
2237 }
2238return expand_nmax;
2239}
2240
2241
2242
2243/*************************************************
2244* Restore numerical variables *
2245*************************************************/
2246
2247/* This function restored saved values of numerical strings.
2248
2249Arguments:
2250 save_expand_nmax the number of strings to restore
2251 save_expand_string points to an array of pointers
2252 save_expand_nlength points to an array of ints
2253
2254Returns: nothing
2255*/
2256
2257static void
2258restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2259 int *save_expand_nlength)
2260{
2261int i;
2262expand_nmax = save_expand_nmax;
2263for (i = 0; i <= expand_nmax; i++)
2264 {
2265 expand_nstring[i] = save_expand_nstring[i];
2266 expand_nlength[i] = save_expand_nlength[i];
2267 }
2268}
2269
2270
2271
2272
2273
2274/*************************************************
2275* Handle yes/no substrings *
2276*************************************************/
2277
2278/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2279alternative substrings that depend on whether or not the condition was true,
2280or the lookup or extraction succeeded. The substrings always have to be
2281expanded, to check their syntax, but "skipping" is set when the result is not
2282needed - this avoids unnecessary nested lookups.
2283
2284Arguments:
2285 skipping TRUE if we were skipping when this item was reached
2286 yes TRUE if the first string is to be used, else use the second
2287 save_lookup a value to put back into lookup_value before the 2nd expansion
2288 sptr points to the input string pointer
2289 yieldptr points to the output string pointer
2290 sizeptr points to the output string size
2291 ptrptr points to the output string pointer
2292 type "lookup" or "if" or "extract" or "run", for error message
2293
2294Returns: 0 OK; lookup_value has been reset to save_lookup
2295 1 expansion failed
2296 2 expansion failed because of bracketing error
2297*/
2298
2299static int
2300process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2301 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2302{
2303int rc = 0;
2304uschar *s = *sptr; /* Local value */
2305uschar *sub1, *sub2;
2306
2307/* If there are no following strings, we substitute the contents of $value for
063b1e99 2308lookups and for extractions in the success case. For the ${if item, the string
8e669ac1 2309"true" is substituted. In the fail case, nothing is substituted for all three
063b1e99 2310items. */
059ec3d9
PH
2311
2312while (isspace(*s)) s++;
2313if (*s == '}')
2314 {
063b1e99
PH
2315 if (type[0] == 'i')
2316 {
8e669ac1 2317 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
063b1e99
PH
2318 }
2319 else
8e669ac1 2320 {
063b1e99
PH
2321 if (yes && lookup_value != NULL)
2322 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2323 Ustrlen(lookup_value));
2324 lookup_value = save_lookup;
2325 }
059ec3d9
PH
2326 s++;
2327 goto RETURN;
2328 }
2329
9b4768fa
PH
2330/* The first following string must be braced. */
2331
2332if (*s++ != '{') goto FAILED_CURLY;
2333
059ec3d9
PH
2334/* Expand the first substring. Forced failures are noticed only if we actually
2335want this string. Set skipping in the call in the fail case (this will always
2336be the case if we were already skipping). */
2337
9b4768fa 2338sub1 = expand_string_internal(s, TRUE, &s, !yes);
059ec3d9
PH
2339if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2340expand_string_forcedfail = FALSE;
2341if (*s++ != '}') goto FAILED_CURLY;
2342
2343/* If we want the first string, add it to the output */
2344
2345if (yes)
2346 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2347
2348/* If this is called from a lookup or an extract, we want to restore $value to
2349what it was at the start of the item, so that it has this value during the
d20976dc
PH
2350second string expansion. For the call from "if" or "run" to this function,
2351save_lookup is set to lookup_value, so that this statement does nothing. */
059ec3d9
PH
2352
2353lookup_value = save_lookup;
2354
2355/* There now follows either another substring, or "fail", or nothing. This
2356time, forced failures are noticed only if we want the second string. We must
2357set skipping in the nested call if we don't want this string, or if we were
2358already skipping. */
2359
2360while (isspace(*s)) s++;
2361if (*s == '{')
2362 {
2363 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2364 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2365 expand_string_forcedfail = FALSE;
2366 if (*s++ != '}') goto FAILED_CURLY;
2367
2368 /* If we want the second string, add it to the output */
2369
2370 if (!yes)
2371 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2372 }
2373
2374/* If there is no second string, but the word "fail" is present when the use of
2375the second string is wanted, set a flag indicating it was a forced failure
2376rather than a syntactic error. Swallow the terminating } in case this is nested
2377inside another lookup or if or extract. */
2378
2379else if (*s != '}')
2380 {
2381 uschar name[256];
2382 s = read_name(name, sizeof(name), s, US"_");
2383 if (Ustrcmp(name, "fail") == 0)
2384 {
2385 if (!yes && !skipping)
2386 {
2387 while (isspace(*s)) s++;
2388 if (*s++ != '}') goto FAILED_CURLY;
2389 expand_string_message =
2390 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2391 expand_string_forcedfail = TRUE;
2392 goto FAILED;
2393 }
2394 }
2395 else
2396 {
2397 expand_string_message =
2398 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2399 goto FAILED;
2400 }
2401 }
2402
2403/* All we have to do now is to check on the final closing brace. */
2404
2405while (isspace(*s)) s++;
2406if (*s++ == '}') goto RETURN;
2407
2408/* Get here if there is a bracketing failure */
2409
2410FAILED_CURLY:
2411rc++;
2412
2413/* Get here for other failures */
2414
2415FAILED:
2416rc++;
2417
2418/* Update the input pointer value before returning */
2419
2420RETURN:
2421*sptr = s;
2422return rc;
2423}
2424
2425
2426
2427
2428
2429
2430/*************************************************
2431* Handle MD5 or SHA-1 computation for HMAC *
2432*************************************************/
2433
2434/* These are some wrapping functions that enable the HMAC code to be a bit
2435cleaner. A good compiler will spot the tail recursion.
2436
2437Arguments:
2438 type HMAC_MD5 or HMAC_SHA1
2439 remaining are as for the cryptographic hash functions
2440
2441Returns: nothing
2442*/
2443
2444static void
2445chash_start(int type, void *base)
2446{
2447if (type == HMAC_MD5)
2448 md5_start((md5 *)base);
2449else
2450 sha1_start((sha1 *)base);
2451}
2452
2453static void
2454chash_mid(int type, void *base, uschar *string)
2455{
2456if (type == HMAC_MD5)
2457 md5_mid((md5 *)base, string);
2458else
2459 sha1_mid((sha1 *)base, string);
2460}
2461
2462static void
2463chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2464{
2465if (type == HMAC_MD5)
2466 md5_end((md5 *)base, string, length, digest);
2467else
2468 sha1_end((sha1 *)base, string, length, digest);
2469}
2470
2471
2472
2473
2474
2475/*************************************************
2476* Join a file onto the output string *
2477*************************************************/
2478
2479/* This is used for readfile and after a run expansion. It joins the contents
2480of a file onto the output string, globally replacing newlines with a given
2481string (optionally). The file is closed at the end.
2482
2483Arguments:
2484 f the FILE
2485 yield pointer to the expandable string
2486 sizep pointer to the current size
2487 ptrp pointer to the current position
2488 eol newline replacement string, or NULL
2489
2490Returns: new value of string pointer
2491*/
2492
2493static uschar *
2494cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2495{
2496int eollen;
2497uschar buffer[1024];
2498
2499eollen = (eol == NULL)? 0 : Ustrlen(eol);
2500
2501while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2502 {
2503 int len = Ustrlen(buffer);
2504 if (eol != NULL && buffer[len-1] == '\n') len--;
2505 yield = string_cat(yield, sizep, ptrp, buffer, len);
2506 if (buffer[len] != 0)
2507 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2508 }
2509
2510if (yield != NULL) yield[*ptrp] = 0;
2511
2512return yield;
2513}
2514
2515
2516
2517
2518/*************************************************
2519* Evaluate numeric expression *
2520*************************************************/
2521
2522/* This is a set of mutually recursive functions that evaluate a simple
2523arithmetic expression involving only + - * / and parentheses. The only one that
2524is called from elsewhere is eval_expr, whose interface is:
2525
2526Arguments:
2527 sptr pointer to the pointer to the string - gets updated
2528 decimal TRUE if numbers are to be assumed decimal
2529 error pointer to where to put an error message - must be NULL on input
2530 endket TRUE if ')' must terminate - FALSE for external call
2531
2532
2533Returns: on success: the value of the expression, with *error still NULL
2534 on failure: an undefined value, with *error = a message
2535*/
2536
2537static int eval_sumterm(uschar **, BOOL, uschar **);
2538
2539static int
2540eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2541{
2542uschar *s = *sptr;
2543int x = eval_sumterm(&s, decimal, error);
2544if (*error == NULL)
2545 {
2546 while (*s == '+' || *s == '-')
2547 {
2548 int op = *s++;
2549 int y = eval_sumterm(&s, decimal, error);
2550 if (*error != NULL) break;
2551 if (op == '+') x += y; else x -= y;
2552 }
2553 if (*error == NULL)
2554 {
2555 if (endket)
2556 {
2557 if (*s != ')')
2558 *error = US"expecting closing parenthesis";
2559 else
2560 while (isspace(*(++s)));
2561 }
2562 else if (*s != 0) *error = US"expecting + or -";
2563 }
2564 }
2565
2566*sptr = s;
2567return x;
2568}
2569
2570static int
2571eval_term(uschar **sptr, BOOL decimal, uschar **error)
2572{
2573register int c;
2574int n;
2575uschar *s = *sptr;
2576while (isspace(*s)) s++;
2577c = *s;
2578if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2579 {
2580 int count;
2581 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2582 s += count;
2583 if (tolower(*s) == 'k') { n *= 1024; s++; }
2584 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2585 while (isspace (*s)) s++;
2586 }
2587else if (c == '(')
2588 {
2589 s++;
2590 n = eval_expr(&s, decimal, error, 1);
2591 }
2592else
2593 {
2594 *error = US"expecting number or opening parenthesis";
2595 n = 0;
2596 }
2597*sptr = s;
2598return n;
2599}
2600
2601static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2602{
2603uschar *s = *sptr;
2604int x = eval_term(&s, decimal, error);
2605if (*error == NULL)
2606 {
2607 while (*s == '*' || *s == '/')
2608 {
2609 int op = *s++;
2610 int y = eval_term(&s, decimal, error);
2611 if (*error != NULL) break;
2612 if (op == '*') x *= y; else x /= y;
2613 }
2614 }
2615*sptr = s;
2616return x;
2617}
2618
2619
2620
2621
2622/*************************************************
2623* Expand string *
2624*************************************************/
2625
2626/* Returns either an unchanged string, or the expanded string in stacking pool
2627store. Interpreted sequences are:
2628
2629 \... normal escaping rules
2630 $name substitutes the variable
2631 ${name} ditto
2632 ${op:string} operates on the expanded string value
2633 ${item{arg1}{arg2}...} expands the args and then does the business
2634 some literal args are not enclosed in {}
2635
2636There are now far too many operators and item types to make it worth listing
2637them here in detail any more.
2638
2639We use an internal routine recursively to handle embedded substrings. The
2640external function follows. The yield is NULL if the expansion failed, and there
2641are two cases: if something collapsed syntactically, or if "fail" was given
2642as the action on a lookup failure. These can be distinguised by looking at the
2643variable expand_string_forcedfail, which is TRUE in the latter case.
2644
2645The skipping flag is set true when expanding a substring that isn't actually
2646going to be used (after "if" or "lookup") and it prevents lookups from
2647happening lower down.
2648
2649Store usage: At start, a store block of the length of the input plus 64
2650is obtained. This is expanded as necessary by string_cat(), which might have to
2651get a new block, or might be able to expand the original. At the end of the
2652function we can release any store above that portion of the yield block that
2653was actually used. In many cases this will be optimal.
2654
2655However: if the first item in the expansion is a variable name or header name,
2656we reset the store before processing it; if the result is in fresh store, we
2657use that without copying. This is helpful for expanding strings like
2658$message_headers which can get very long.
2659
2660Arguments:
2661 string the string to be expanded
2662 ket_ends true if expansion is to stop at }
2663 left if not NULL, a pointer to the first character after the
2664 expansion is placed here (typically used with ket_ends)
2665 skipping TRUE for recursive calls when the value isn't actually going
2666 to be used (to allow for optimisation)
2667
2668Returns: NULL if expansion fails:
2669 expand_string_forcedfail is set TRUE if failure was forced
2670 expand_string_message contains a textual error message
2671 a pointer to the expanded string on success
2672*/
2673
2674static uschar *
2675expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2676 BOOL skipping)
2677{
2678int ptr = 0;
2679int size = Ustrlen(string)+ 64;
2680int item_type;
2681uschar *yield = store_get(size);
2682uschar *s = string;
2683uschar *save_expand_nstring[EXPAND_MAXN+1];
2684int save_expand_nlength[EXPAND_MAXN+1];
2685
2686expand_string_forcedfail = FALSE;
2687expand_string_message = US"";
2688
2689while (*s != 0)
2690 {
2691 uschar *value;
2692 uschar name[256];
2693
2694 /* \ escapes the next character, which must exist, or else
2695 the expansion fails. There's a special escape, \N, which causes
2696 copying of the subject verbatim up to the next \N. Otherwise,
2697 the escapes are the standard set. */
2698
2699 if (*s == '\\')
2700 {
2701 if (s[1] == 0)
2702 {
2703 expand_string_message = US"\\ at end of string";
2704 goto EXPAND_FAILED;
2705 }
2706
2707 if (s[1] == 'N')
2708 {
2709 uschar *t = s + 2;
2710 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2711 yield = string_cat(yield, &size, &ptr, t, s - t);
2712 if (*s != 0) s += 2;
2713 }
2714
2715 else
2716 {
2717 uschar ch[1];
2718 ch[0] = string_interpret_escape(&s);
2719 s++;
2720 yield = string_cat(yield, &size, &ptr, ch, 1);
2721 }
2722
2723 continue;
2724 }
2725
2726 /* Anything other than $ is just copied verbatim, unless we are
2727 looking for a terminating } character. */
2728
2729 if (ket_ends && *s == '}') break;
2730
2731 if (*s != '$')
2732 {
2733 yield = string_cat(yield, &size, &ptr, s++, 1);
2734 continue;
2735 }
2736
2737 /* No { after the $ - must be a plain name or a number for string
2738 match variable. There has to be a fudge for variables that are the
2739 names of header fields preceded by "$header_" because header field
2740 names can contain any printing characters except space and colon.
2741 For those that don't like typing this much, "$h_" is a synonym for
2742 "$header_". A non-existent header yields a NULL value; nothing is
2743 inserted. */
2744
2745 if (isalpha((*(++s))))
2746 {
2747 int len;
2748 int newsize = 0;
2749
2750 s = read_name(name, sizeof(name), s, US"_");
2751
2752 /* If this is the first thing to be expanded, release the pre-allocated
2753 buffer. */
2754
2755 if (ptr == 0 && yield != NULL)
2756 {
2757 store_reset(yield);
2758 yield = NULL;
2759 size = 0;
2760 }
2761
2762 /* Header */
2763
2764 if (Ustrncmp(name, "h_", 2) == 0 ||
2765 Ustrncmp(name, "rh_", 3) == 0 ||
2766 Ustrncmp(name, "bh_", 3) == 0 ||
2767 Ustrncmp(name, "header_", 7) == 0 ||
2768 Ustrncmp(name, "rheader_", 8) == 0 ||
2769 Ustrncmp(name, "bheader_", 8) == 0)
2770 {
2771 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2772 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2773 s = read_header_name(name, sizeof(name), s);
2774 value = find_header(name, FALSE, &newsize, want_raw, charset);
2775
2776 /* If we didn't find the header, and the header contains a closing brace
2777 characters, this may be a user error where the terminating colon
2778 has been omitted. Set a flag to adjust the error message in this case.
2779 But there is no error here - nothing gets inserted. */
2780
2781 if (value == NULL)
2782 {
2783 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2784 continue;
2785 }
2786 }
2787
2788 /* Variable */
2789
2790 else
2791 {
2792 value = find_variable(name, FALSE, skipping, &newsize);
2793 if (value == NULL)
2794 {
2795 expand_string_message =
2796 string_sprintf("unknown variable name \"%s\"", name);
2797 goto EXPAND_FAILED;
2798 }
2799 }
2800
2801 /* If the data is known to be in a new buffer, newsize will be set to the
2802 size of that buffer. If this is the first thing in an expansion string,
2803 yield will be NULL; just point it at the new store instead of copying. Many
2804 expansion strings contain just one reference, so this is a useful
2805 optimization, especially for humungous headers. */
2806
2807 len = Ustrlen(value);
2808 if (yield == NULL && newsize != 0)
2809 {
2810 yield = value;
2811 size = newsize;
2812 ptr = len;
2813 }
2814 else yield = string_cat(yield, &size, &ptr, value, len);
2815
2816 continue;
2817 }
2818
2819 if (isdigit(*s))
2820 {
2821 int n;
2822 s = read_number(&n, s);
2823 if (n >= 0 && n <= expand_nmax)
2824 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2825 expand_nlength[n]);
2826 continue;
2827 }
2828
2829 /* Otherwise, if there's no '{' after $ it's an error. */
2830
2831 if (*s != '{')
2832 {
2833 expand_string_message = US"$ not followed by letter, digit, or {";
2834 goto EXPAND_FAILED;
2835 }
2836
2837 /* After { there can be various things, but they all start with
2838 an initial word, except for a number for a string match variable. */
2839
2840 if (isdigit((*(++s))))
2841 {
2842 int n;
2843 s = read_number(&n, s);
2844 if (*s++ != '}')
2845 {
2846 expand_string_message = US"} expected after number";
2847 goto EXPAND_FAILED;
2848 }
2849 if (n >= 0 && n <= expand_nmax)
2850 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2851 expand_nlength[n]);
2852 continue;
2853 }
2854
2855 if (!isalpha(*s))
2856 {
2857 expand_string_message = US"letter or digit expected after ${";
2858 goto EXPAND_FAILED;
2859 }
2860
2861 /* Allow "-" in names to cater for substrings with negative
2862 arguments. Since we are checking for known names after { this is
2863 OK. */
2864
2865 s = read_name(name, sizeof(name), s, US"_-");
2866 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2867
2868 switch(item_type)
2869 {
2870 /* Handle conditionals - preserve the values of the numerical expansion
2871 variables in case they get changed by a regular expression match in the
2872 condition. If not, they retain their external settings. At the end
2873 of this "if" section, they get restored to their previous values. */
2874
2875 case EITEM_IF:
2876 {
2877 BOOL cond = FALSE;
2878 uschar *next_s;
2879 int save_expand_nmax =
2880 save_expand_strings(save_expand_nstring, save_expand_nlength);
2881
2882 while (isspace(*s)) s++;
2883 next_s = eval_condition(s, skipping? NULL : &cond);
2884 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2885
2886 DEBUG(D_expand)
2887 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2888 cond? "true" : "false");
2889
2890 s = next_s;
2891
2892 /* The handling of "yes" and "no" result strings is now in a separate
2893 function that is also used by ${lookup} and ${extract} and ${run}. */
2894
2895 switch(process_yesno(
2896 skipping, /* were previously skipping */
2897 cond, /* success/failure indicator */
2898 lookup_value, /* value to reset for string2 */
2899 &s, /* input pointer */
2900 &yield, /* output pointer */
2901 &size, /* output size */
2902 &ptr, /* output current point */
2903 US"if")) /* condition type */
2904 {
2905 case 1: goto EXPAND_FAILED; /* when all is well, the */
2906 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2907 }
2908
2909 /* Restore external setting of expansion variables for continuation
2910 at this level. */
2911
2912 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2913 save_expand_nlength);
2914 continue;
2915 }
2916
2917 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
2918 expanding an internal string that isn't actually going to be used. All we
2919 need to do is check the syntax, so don't do a lookup at all. Preserve the
2920 values of the numerical expansion variables in case they get changed by a
2921 partial lookup. If not, they retain their external settings. At the end
2922 of this "lookup" section, they get restored to their previous values. */
2923
2924 case EITEM_LOOKUP:
2925 {
2926 int stype, partial, affixlen, starflags;
2927 int expand_setup = 0;
2928 int nameptr = 0;
2929 uschar *key, *filename, *affix;
2930 uschar *save_lookup_value = lookup_value;
2931 int save_expand_nmax =
2932 save_expand_strings(save_expand_nstring, save_expand_nlength);
2933
2934 if ((expand_forbid & RDO_LOOKUP) != 0)
2935 {
2936 expand_string_message = US"lookup expansions are not permitted";
2937 goto EXPAND_FAILED;
2938 }
2939
2940 /* Get the key we are to look up for single-key+file style lookups.
2941 Otherwise set the key NULL pro-tem. */
2942
2943 while (isspace(*s)) s++;
2944 if (*s == '{')
2945 {
2946 key = expand_string_internal(s+1, TRUE, &s, skipping);
2947 if (key == NULL) goto EXPAND_FAILED;
2948 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2949 while (isspace(*s)) s++;
2950 }
2951 else key = NULL;
2952
2953 /* Find out the type of database */
2954
2955 if (!isalpha(*s))
2956 {
2957 expand_string_message = US"missing lookup type";
2958 goto EXPAND_FAILED;
2959 }
2960
2961 /* The type is a string that may contain special characters of various
2962 kinds. Allow everything except space or { to appear; the actual content
2963 is checked by search_findtype_partial. */
2964
2965 while (*s != 0 && *s != '{' && !isspace(*s))
2966 {
2967 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
2968 s++;
2969 }
2970 name[nameptr] = 0;
2971 while (isspace(*s)) s++;
2972
2973 /* Now check for the individual search type and any partial or default
2974 options. Only those types that are actually in the binary are valid. */
2975
2976 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
2977 &starflags);
2978 if (stype < 0)
2979 {
2980 expand_string_message = search_error_message;
2981 goto EXPAND_FAILED;
2982 }
2983
2984 /* Check that a key was provided for those lookup types that need it,
2985 and was not supplied for those that use the query style. */
2986
2987 if (!mac_islookup(stype, lookup_querystyle))
2988 {
2989 if (key == NULL)
2990 {
2991 expand_string_message = string_sprintf("missing {key} for single-"
2992 "key \"%s\" lookup", name);
2993 goto EXPAND_FAILED;
2994 }
2995 }
2996 else
2997 {
2998 if (key != NULL)
2999 {
3000 expand_string_message = string_sprintf("a single key was given for "
3001 "lookup type \"%s\", which is not a single-key lookup type", name);
3002 goto EXPAND_FAILED;
3003 }
3004 }
3005
3006 /* Get the next string in brackets and expand it. It is the file name for
3007 single-key+file lookups, and the whole query otherwise. */
3008
3009 if (*s != '{') goto EXPAND_FAILED_CURLY;
3010 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3011 if (filename == NULL) goto EXPAND_FAILED;
3012 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3013 while (isspace(*s)) s++;
3014
3015 /* If this isn't a single-key+file lookup, re-arrange the variables
3016 to be appropriate for the search_ functions. */
3017
3018 if (key == NULL)
3019 {
3020 key = filename;
3021 filename = NULL;
3022 }
3023
3024 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3025 the entry was not found. Note that there is no search_close() function.
3026 Files are left open in case of re-use. At suitable places in higher logic,
3027 search_tidyup() is called to tidy all open files. This can save opening
3028 the same file several times. However, files may also get closed when
3029 others are opened, if too many are open at once. The rule is that a
3030 handle should not be used after a second search_open().
3031
3032 Request that a partial search sets up $1 and maybe $2 by passing
3033 expand_setup containing zero. If its value changes, reset expand_nmax,
3034 since new variables will have been set. Note that at the end of this
3035 "lookup" section, the old numeric variables are restored. */
3036
3037 if (skipping)
3038 lookup_value = NULL;
3039 else
3040 {
3041 void *handle = search_open(filename, stype, 0, NULL, NULL);
3042 if (handle == NULL)
3043 {
3044 expand_string_message = search_error_message;
3045 goto EXPAND_FAILED;
3046 }
3047 lookup_value = search_find(handle, filename, key, partial, affix,
3048 affixlen, starflags, &expand_setup);
3049 if (search_find_defer)
3050 {
3051 expand_string_message =
3052 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3053 search_error_message);
3054 goto EXPAND_FAILED;
3055 }
3056 if (expand_setup > 0) expand_nmax = expand_setup;
3057 }
3058
3059 /* The handling of "yes" and "no" result strings is now in a separate
3060 function that is also used by ${if} and ${extract}. */
3061
3062 switch(process_yesno(
3063 skipping, /* were previously skipping */
3064 lookup_value != NULL, /* success/failure indicator */
3065 save_lookup_value, /* value to reset for string2 */
3066 &s, /* input pointer */
3067 &yield, /* output pointer */
3068 &size, /* output size */
3069 &ptr, /* output current point */
3070 US"lookup")) /* condition type */
3071 {
3072 case 1: goto EXPAND_FAILED; /* when all is well, the */
3073 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3074 }
3075
3076 /* Restore external setting of expansion variables for carrying on
3077 at this level, and continue. */
3078
3079 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3080 save_expand_nlength);
3081 continue;
3082 }
3083
3084 /* If Perl support is configured, handle calling embedded perl subroutines,
3085 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3086 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3087 arguments (defined below). */
3088
059ec3d9
PH
3089 #define EXIM_PERL_MAX_ARGS 8
3090
3091 case EITEM_PERL:
1a46a8c5
PH
3092 #ifndef EXIM_PERL
3093 expand_string_message = US"\"${perl\" encountered, but this facility "
3094 "is not included in this binary";
3095 goto EXPAND_FAILED;
3096
3097 #else /* EXIM_PERL */
059ec3d9
PH
3098 {
3099 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3100 uschar *new_yield;
3101
3102 if ((expand_forbid & RDO_PERL) != 0)
3103 {
3104 expand_string_message = US"Perl calls are not permitted";
3105 goto EXPAND_FAILED;
3106 }
3107
3108 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3109 US"perl"))
3110 {
3111 case 1: goto EXPAND_FAILED_CURLY;
3112 case 2:
3113 case 3: goto EXPAND_FAILED;
3114 }
3115
3116 /* If skipping, we don't actually do anything */
3117
3118 if (skipping) continue;
3119
3120 /* Start the interpreter if necessary */
3121
3122 if (!opt_perl_started)
3123 {
3124 uschar *initerror;
3125 if (opt_perl_startup == NULL)
3126 {
3127 expand_string_message = US"A setting of perl_startup is needed when "
3128 "using the Perl interpreter";
3129 goto EXPAND_FAILED;
3130 }
3131 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3132 initerror = init_perl(opt_perl_startup);
3133 if (initerror != NULL)
3134 {
3135 expand_string_message =
3136 string_sprintf("error in perl_startup code: %s\n", initerror);
3137 goto EXPAND_FAILED;
3138 }
3139 opt_perl_started = TRUE;
3140 }
3141
3142 /* Call the function */
3143
3144 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3145 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3146 sub_arg[0], sub_arg + 1);
3147
3148 /* NULL yield indicates failure; if the message pointer has been set to
3149 NULL, the yield was undef, indicating a forced failure. Otherwise the
3150 message will indicate some kind of Perl error. */
3151
3152 if (new_yield == NULL)
3153 {
3154 if (expand_string_message == NULL)
3155 {
3156 expand_string_message =
3157 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3158 "failure", sub_arg[0]);
3159 expand_string_forcedfail = TRUE;
3160 }
3161 goto EXPAND_FAILED;
3162 }
3163
3164 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3165 set during a callback from Perl. */
3166
3167 expand_string_forcedfail = FALSE;
3168 yield = new_yield;
3169 continue;
3170 }
3171 #endif /* EXIM_PERL */
3172
fffda43a
TK
3173 /* Transform email address to "prvs" scheme to use
3174 as BATV-signed return path */
3175
3176 case EITEM_PRVS:
3177 {
3178 uschar *sub_arg[3];
3179 uschar *p,*domain;
3180
3181 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3182 {
3183 case 1: goto EXPAND_FAILED_CURLY;
3184 case 2:
3185 case 3: goto EXPAND_FAILED;
3186 }
3187
3188 /* If skipping, we don't actually do anything */
3189 if (skipping) continue;
3190
3191 /* sub_arg[0] is the address */
3192 domain = Ustrrchr(sub_arg[0],'@');
3193 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3194 {
3195 expand_string_message = US"first parameter must be a qualified email address";
3196 goto EXPAND_FAILED;
3197 }
3198
3199 /* Calculate the hash */
3200 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3201 if (p == NULL)
3202 {
3203 expand_string_message = US"hmac-sha1 conversion failed";
3204 goto EXPAND_FAILED;
3205 }
3206
3207 /* Now separate the domain from the local part */
3208 *domain++ = '\0';
3209
3210 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3211 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3212 string_cat(yield,&size,&ptr,US"/",1);
3213 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3214 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3215 string_cat(yield,&size,&ptr,p,6);
3216 string_cat(yield,&size,&ptr,US"@",1);
3217 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3218
3219 continue;
3220 }
3221
3222 /* Check a prvs-encoded address for validity */
3223
3224 case EITEM_PRVSCHECK:
3225 {
3226 uschar *sub_arg[3];
3227 int mysize = 0, myptr = 0;
3228 const pcre *re;
3229 uschar *p;
3230 /* Ugliness: We want to expand parameter 1 first, then set
3231 up expansion variables that are used in the expansion of
3232 parameter 2. So we clone the string for the first
3233 expansion, where we only expand paramter 1. */
3234 uschar *s_backup = string_copy(s);
3235
3236 /* Reset expansion variables */
3237 prvscheck_result = NULL;
3238 prvscheck_address = NULL;
3239 prvscheck_keynum = NULL;
3240
3241 switch(read_subs(sub_arg, 1, 1, &s_backup, skipping, FALSE, US"prvs"))
3242 {
3243 case 1: goto EXPAND_FAILED_CURLY;
3244 case 2:
3245 case 3: goto EXPAND_FAILED;
3246 }
3247
3248 re = regex_must_compile(US"^prvs\\=(.+)\\/([0-9])([0-9]{3})([A-F0-9]{6})\\@(.+)$",
3249 TRUE,FALSE);
3250
3251 if (regex_match_and_setup(re,sub_arg[0],0,-1)) {
3252 uschar *local_part = string_copyn(expand_nstring[1],expand_nlength[1]);
3253 uschar *key_num = string_copyn(expand_nstring[2],expand_nlength[2]);
3254 uschar *daystamp = string_copyn(expand_nstring[3],expand_nlength[3]);
3255 uschar *hash = string_copyn(expand_nstring[4],expand_nlength[4]);
3256 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3257
3258 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3259 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3260 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3261 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3262 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3263
3264 /* Set up expansion variables */
3265 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
3266 string_cat(prvscheck_address,&mysize,&myptr,"@",1);
3267 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3268 prvscheck_address[myptr] = '\0';
3269 prvscheck_keynum = string_copy(key_num);
3270
3271 /* Now re-expand all arguments in the usual manner */
3272 switch(read_subs(sub_arg, 3, 3, &s, skipping, TRUE, US"prvs"))
3273 {
3274 case 1: goto EXPAND_FAILED_CURLY;
3275 case 2:
3276 case 3: goto EXPAND_FAILED;
3277 }
3278
3279 if (*sub_arg[2] == '\0')
3280 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
3281 else
3282 yield = string_cat(yield,&size,&ptr,sub_arg[2],Ustrlen(sub_arg[2]));
3283
3284 /* Now we have the key and can check the address. */
3285 p = prvs_hmac_sha1(prvscheck_address, sub_arg[1], prvscheck_keynum, daystamp);
3286 if (p == NULL)
3287 {
3288 expand_string_message = US"hmac-sha1 conversion failed";
3289 goto EXPAND_FAILED;
3290 }
3291
3292 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
3293 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
3294 if (Ustrcmp(p,hash) == 0)
3295 {
3296 /* Success, valid BATV address. Now check the expiry date. */
3297 uschar *now = prvs_daystamp(0);
3298 unsigned int inow = 0,iexpire = 1;
3299
3300 sscanf(now,"%u",&inow);
3301 sscanf(daystamp,"%u",&iexpire);
3302
3303 /* When "iexpire" is < 7, a "flip" has occured.
3304 Adjust "inow" accordingly. */
3305 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
3306
3307 if (iexpire > inow)
3308 {
3309 prvscheck_result = US"1";
3310 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
3311 }
3312 else
3313 {
3314 prvscheck_result = NULL;
3315 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
3316 }
3317 }
3318 else
3319 {
3320 prvscheck_result = NULL;
3321 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
3322 }
3323 }
3324 else
3325 {
3326 /* Does not look like a prvs encoded address, return the empty string.
3327 We need to make sure all subs are expanded first. */
3328 switch(read_subs(sub_arg, 3, 3, &s, skipping, TRUE, US"prvs"))
3329 {
3330 case 1: goto EXPAND_FAILED_CURLY;
3331 case 2:
3332 case 3: goto EXPAND_FAILED;
3333 }
3334 }
3335
3336 continue;
3337 }
3338
059ec3d9
PH
3339 /* Handle "readfile" to insert an entire file */
3340
3341 case EITEM_READFILE:
3342 {
3343 FILE *f;
3344 uschar *sub_arg[2];
3345
3346 if ((expand_forbid & RDO_READFILE) != 0)
3347 {
3348 expand_string_message = US"file insertions are not permitted";
3349 goto EXPAND_FAILED;
3350 }
3351
3352 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3353 {
3354 case 1: goto EXPAND_FAILED_CURLY;
3355 case 2:
3356 case 3: goto EXPAND_FAILED;
3357 }
3358
3359 /* If skipping, we don't actually do anything */
3360
3361 if (skipping) continue;
3362
3363 /* Open the file and read it */
3364
3365 f = Ufopen(sub_arg[0], "rb");
3366 if (f == NULL)
3367 {
3368 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3369 goto EXPAND_FAILED;
3370 }
3371
3372 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3373 fclose(f);
3374 continue;
3375 }
3376
3377 /* Handle "readsocket" to insert data from a Unix domain socket */
3378
3379 case EITEM_READSOCK:
3380 {
3381 int fd;
3382 int timeout = 5;
3383 int save_ptr = ptr;
3384 FILE *f;
3385 struct sockaddr_un sockun; /* don't call this "sun" ! */
3386 uschar *arg;
3387 uschar *sub_arg[4];
3388
3389 if ((expand_forbid & RDO_READSOCK) != 0)
3390 {
3391 expand_string_message = US"socket insertions are not permitted";
3392 goto EXPAND_FAILED;
3393 }
3394
3395 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3396 because there may be a string for expansion on failure. */
3397
3398 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3399 {
3400 case 1: goto EXPAND_FAILED_CURLY;
3401 case 2: /* Won't occur: no end check */
3402 case 3: goto EXPAND_FAILED;
3403 }
3404
3405 /* Sort out timeout, if given */
3406
3407 if (sub_arg[2] != NULL)
3408 {
3409 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3410 if (timeout < 0)
3411 {
3412 expand_string_message = string_sprintf("bad time value %s",
3413 sub_arg[2]);
3414 goto EXPAND_FAILED;
3415 }
3416 }
3417 else sub_arg[3] = NULL; /* No eol if no timeout */
3418
3419 /* If skipping, we don't actually do anything */
3420
3421 if (!skipping)
3422 {
3423 /* Make a connection to the socket */
3424
3425 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3426 {
3427 expand_string_message = string_sprintf("failed to create socket: %s",
3428 strerror(errno));
3429 goto SOCK_FAIL;
3430 }
3431
3432 sockun.sun_family = AF_UNIX;
3433 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3434 sub_arg[0]);
3435 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3436 {
3437 expand_string_message = string_sprintf("failed to connect to socket "
3438 "%s: %s", sub_arg[0], strerror(errno));
3439 goto SOCK_FAIL;
3440 }
3441 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3442
3443 /* Write the request string, if not empty */
3444
3445 if (sub_arg[1][0] != 0)
3446 {
3447 int len = Ustrlen(sub_arg[1]);
3448 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3449 sub_arg[1]);
3450 if (write(fd, sub_arg[1], len) != len)
3451 {
3452 expand_string_message = string_sprintf("request write to socket "
3453 "failed: %s", strerror(errno));
3454 goto SOCK_FAIL;
3455 }
3456 }
3457
3458 /* Now we need to read from the socket, under a timeout. The function
3459 that reads a file can be used. */
3460
3461 f = fdopen(fd, "rb");
3462 sigalrm_seen = FALSE;
3463 alarm(timeout);
3464 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3465 alarm(0);
3466 fclose(f);
3467
3468 /* After a timeout, we restore the pointer in the result, that is,
3469 make sure we add nothing from the socket. */
3470
3471 if (sigalrm_seen)
3472 {
3473 ptr = save_ptr;
3474 expand_string_message = US"socket read timed out";
3475 goto SOCK_FAIL;
3476 }
3477 }
3478
3479 /* The whole thing has worked (or we were skipping). If there is a
3480 failure string following, we need to skip it. */
3481
3482 if (*s == '{')
3483 {
3484 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3485 goto EXPAND_FAILED;
3486 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3487 while (isspace(*s)) s++;
3488 }
3489 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3490 continue;
3491
3492 /* Come here on failure to create socket, connect socket, write to the
3493 socket, or timeout on reading. If another substring follows, expand and
3494 use it. Otherwise, those conditions give expand errors. */
3495
3496 SOCK_FAIL:
3497 if (*s != '{') goto EXPAND_FAILED;
3498 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3499 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3500 if (arg == NULL) goto EXPAND_FAILED;
3501 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3502 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3503 while (isspace(*s)) s++;
3504 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3505 continue;
3506 }
3507
3508 /* Handle "run" to execute a program. */
3509
3510 case EITEM_RUN:
3511 {
3512 FILE *f;
059ec3d9
PH
3513 uschar *arg;
3514 uschar **argv;
3515 pid_t pid;
3516 int fd_in, fd_out;
3517 int lsize = 0;
3518 int lptr = 0;
3519
3520 if ((expand_forbid & RDO_RUN) != 0)
3521 {
3522 expand_string_message = US"running a command is not permitted";
3523 goto EXPAND_FAILED;
3524 }
3525
3526 while (isspace(*s)) s++;
3527 if (*s != '{') goto EXPAND_FAILED_CURLY;
3528 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3529 if (arg == NULL) goto EXPAND_FAILED;
3530 while (isspace(*s)) s++;
3531 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3532
3533 if (skipping) /* Just pretend it worked when we're skipping */
3534 {
3535 runrc = 0;
3536 }
3537 else
3538 {
3539 if (!transport_set_up_command(&argv, /* anchor for arg list */
3540 arg, /* raw command */
3541 FALSE, /* don't expand the arguments */
3542 0, /* not relevant when... */
3543 NULL, /* no transporting address */
3544 US"${run} expansion", /* for error messages */
3545 &expand_string_message)) /* where to put error message */
3546 {
3547 goto EXPAND_FAILED;
3548 }
3549
3550 /* Create the child process, making it a group leader. */
3551
3552 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3553
3554 if (pid < 0)
3555 {
3556 expand_string_message =
3557 string_sprintf("couldn't create child process: %s", strerror(errno));
3558 goto EXPAND_FAILED;
3559 }
3560
3561 /* Nothing is written to the standard input. */
3562
3563 close(fd_in);
3564
3565 /* Wait for the process to finish, applying the timeout, and inspect its
3566 return code for serious disasters. Simple non-zero returns are passed on.
3567 */
3568
3569 if ((runrc = child_close(pid, 60)) < 0)
3570 {
3571 if (runrc == -256)
3572 {
3573 expand_string_message = string_sprintf("command timed out");
3574 killpg(pid, SIGKILL); /* Kill the whole process group */
3575 }
3576
3577 else if (runrc == -257)
3578 expand_string_message = string_sprintf("wait() failed: %s",
3579 strerror(errno));
3580
3581 else
3582 expand_string_message = string_sprintf("command killed by signal %d",
3583 -runrc);
3584
3585 goto EXPAND_FAILED;
3586 }
3587
3588 /* Read the pipe to get the command's output into $value (which is kept
3589 in lookup_value). */
3590
3591 f = fdopen(fd_out, "rb");
059ec3d9
PH
3592 lookup_value = NULL;
3593 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
3594 fclose(f);
3595 }
3596
d20976dc 3597 /* Process the yes/no strings; $value may be useful in both cases */
059ec3d9
PH
3598
3599 switch(process_yesno(
3600 skipping, /* were previously skipping */
3601 runrc == 0, /* success/failure indicator */
d20976dc 3602 lookup_value, /* value to reset for string2 */
059ec3d9
PH
3603 &s, /* input pointer */
3604 &yield, /* output pointer */
3605 &size, /* output size */
3606 &ptr, /* output current point */
3607 US"run")) /* condition type */
3608 {
3609 case 1: goto EXPAND_FAILED; /* when all is well, the */
3610 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3611 }
3612
3613 continue;
3614 }
3615
3616 /* Handle character translation for "tr" */
3617
3618 case EITEM_TR:
3619 {
3620 int oldptr = ptr;
3621 int o2m;
3622 uschar *sub[3];
3623
3624 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
3625 {
3626 case 1: goto EXPAND_FAILED_CURLY;
3627 case 2:
3628 case 3: goto EXPAND_FAILED;
3629 }
3630
3631 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
3632 o2m = Ustrlen(sub[2]) - 1;
3633
3634 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
3635 {
3636 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
3637 if (m != NULL)
3638 {
3639 int o = m - sub[1];
3640 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
3641 }
3642 }
3643
3644 continue;
3645 }
3646
3647 /* Handle "hash", "length", "nhash", and "substr" when they are given with
3648 expanded arguments. */
3649
3650 case EITEM_HASH:
3651 case EITEM_LENGTH:
3652 case EITEM_NHASH:
3653 case EITEM_SUBSTR:
3654 {
3655 int i;
3656 int len;
3657 uschar *ret;
3658 int val[2] = { 0, -1 };
3659 uschar *sub[3];
3660
3661 /* "length" takes only 2 arguments whereas the others take 2 or 3.
3662 Ensure that sub[2] is set in the ${length case. */
3663
3664 sub[2] = NULL;
3665 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
3666 TRUE, name))
3667 {
3668 case 1: goto EXPAND_FAILED_CURLY;
3669 case 2:
3670 case 3: goto EXPAND_FAILED;
3671 }
3672
3673 /* Juggle the arguments if there are only two of them: always move the
3674 string to the last position and make ${length{n}{str}} equivalent to
3675 ${substr{0}{n}{str}}. See the defaults for val[] above. */
3676
3677 if (sub[2] == NULL)
3678 {
3679 sub[2] = sub[1];
3680 sub[1] = NULL;
3681 if (item_type == EITEM_LENGTH)
3682 {
3683 sub[1] = sub[0];
3684 sub[0] = NULL;
3685 }
3686 }
3687
3688 for (i = 0; i < 2; i++)
3689 {
3690 if (sub[i] == NULL) continue;
3691 val[i] = (int)Ustrtol(sub[i], &ret, 10);
3692 if (*ret != 0 || (i != 0 && val[i] < 0))
3693 {
3694 expand_string_message = string_sprintf("\"%s\" is not a%s number "
3695 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
3696 goto EXPAND_FAILED;
3697 }
3698 }
3699
3700 ret =
3701 (item_type == EITEM_HASH)?
3702 compute_hash(sub[2], val[0], val[1], &len) :
3703 (item_type == EITEM_NHASH)?
3704 compute_nhash(sub[2], val[0], val[1], &len) :
3705 extract_substr(sub[2], val[0], val[1], &len);
3706
3707 if (ret == NULL) goto EXPAND_FAILED;
3708 yield = string_cat(yield, &size, &ptr, ret, len);
3709 continue;
3710 }
3711
3712 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
3713 This code originally contributed by Steve Haslam. It currently supports
3714 the use of MD5 and SHA-1 hashes.
3715
3716 We need some workspace that is large enough to handle all the supported
3717 hash types. Use macros to set the sizes rather than be too elaborate. */
3718
3719 #define MAX_HASHLEN 20
3720 #define MAX_HASHBLOCKLEN 64
3721
3722 case EITEM_HMAC:
3723 {
3724 uschar *sub[3];
3725 md5 md5_base;
3726 sha1 sha1_base;
3727 void *use_base;
3728 int type, i;
3729 int hashlen; /* Number of octets for the hash algorithm's output */
3730 int hashblocklen; /* Number of octets the hash algorithm processes */
3731 uschar *keyptr, *p;
3732 unsigned int keylen;
3733
3734 uschar keyhash[MAX_HASHLEN];
3735 uschar innerhash[MAX_HASHLEN];
3736 uschar finalhash[MAX_HASHLEN];
3737 uschar finalhash_hex[2*MAX_HASHLEN];
3738 uschar innerkey[MAX_HASHBLOCKLEN];
3739 uschar outerkey[MAX_HASHBLOCKLEN];
3740
3741 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
3742 {
3743 case 1: goto EXPAND_FAILED_CURLY;
3744 case 2:
3745 case 3: goto EXPAND_FAILED;
3746 }
3747
3748 if (Ustrcmp(sub[0], "md5") == 0)
3749 {
3750 type = HMAC_MD5;
3751 use_base = &md5_base;
3752 hashlen = 16;
3753 hashblocklen = 64;
3754 }
3755 else if (Ustrcmp(sub[0], "sha1") == 0)
3756 {
3757 type = HMAC_SHA1;
3758 use_base = &sha1_base;
3759 hashlen = 20;
3760 hashblocklen = 64;
3761 }
3762 else
3763 {
3764 expand_string_message =
3765 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
3766 goto EXPAND_FAILED;
3767 }
3768
3769 keyptr = sub[1];
3770 keylen = Ustrlen(keyptr);
3771
3772 /* If the key is longer than the hash block length, then hash the key
3773 first */
3774
3775 if (keylen > hashblocklen)
3776 {
3777 chash_start(type, use_base);
3778 chash_end(type, use_base, keyptr, keylen, keyhash);
3779 keyptr = keyhash;
3780 keylen = hashlen;
3781 }
3782
3783 /* Now make the inner and outer key values */
3784
3785 memset(innerkey, 0x36, hashblocklen);
3786 memset(outerkey, 0x5c, hashblocklen);
3787
3788 for (i = 0; i < keylen; i++)
3789 {
3790 innerkey[i] ^= keyptr[i];
3791 outerkey[i] ^= keyptr[i];
3792 }
3793
3794 /* Now do the hashes */
3795
3796 chash_start(type, use_base);
3797 chash_mid(type, use_base, innerkey);
3798 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
3799
3800 chash_start(type, use_base);
3801 chash_mid(type, use_base, outerkey);
3802 chash_end(type, use_base, innerhash, hashlen, finalhash);
3803
3804 /* Encode the final hash as a hex string */
3805
3806 p = finalhash_hex;
3807 for (i = 0; i < hashlen; i++)
3808 {
3809 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3810 *p++ = hex_digits[finalhash[i] & 0x0f];
3811 }
3812
3813 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
3814 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
3815
3816 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
3817 }
3818
3819 continue;
3820
3821 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
3822 We have to save the numerical variables and restore them afterwards. */
3823
3824 case EITEM_SG:
3825 {
3826 const pcre *re;
3827 int moffset, moffsetextra, slen;
3828 int roffset;
3829 int emptyopt;
3830 const uschar *rerror;
3831 uschar *subject;
3832 uschar *sub[3];
3833 int save_expand_nmax =
3834 save_expand_strings(save_expand_nstring, save_expand_nlength);
3835
3836 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
3837 {
3838 case 1: goto EXPAND_FAILED_CURLY;
3839 case 2:
3840 case 3: goto EXPAND_FAILED;
3841 }
3842
3843 /* Compile the regular expression */
3844
3845 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
3846 NULL);
3847
3848 if (re == NULL)
3849 {
3850 expand_string_message = string_sprintf("regular expression error in "
3851 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
3852 goto EXPAND_FAILED;
3853 }
3854
3855 /* Now run a loop to do the substitutions as often as necessary. It ends
3856 when there are no more matches. Take care over matches of the null string;
3857 do the same thing as Perl does. */
3858
3859 subject = sub[0];
3860 slen = Ustrlen(sub[0]);
3861 moffset = moffsetextra = 0;
3862 emptyopt = 0;
3863
3864 for (;;)
3865 {
3866 int ovector[3*(EXPAND_MAXN+1)];
3867 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
3868 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
3869 int nn;
3870 uschar *insert;
3871
3872 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
3873 is not necessarily the end. We want to repeat the match from one
3874 character further along, but leaving the basic offset the same (for
3875 copying below). We can't be at the end of the string - that was checked
3876 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
3877 finished; copy the remaining string and end the loop. */
3878
3879 if (n < 0)
3880 {
3881 if (emptyopt != 0)
3882 {
3883 moffsetextra = 1;
3884 emptyopt = 0;
3885 continue;
3886 }
3887 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
3888 break;
3889 }
3890
3891 /* Match - set up for expanding the replacement. */
3892
3893 if (n == 0) n = EXPAND_MAXN + 1;
3894 expand_nmax = 0;
3895 for (nn = 0; nn < n*2; nn += 2)
3896 {
3897 expand_nstring[expand_nmax] = subject + ovector[nn];
3898 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
3899 }
3900 expand_nmax--;
3901
3902 /* Copy the characters before the match, plus the expanded insertion. */
3903
3904 yield = string_cat(yield, &size, &ptr, subject + moffset,
3905 ovector[0] - moffset);
3906 insert = expand_string(sub[2]);
3907 if (insert == NULL) goto EXPAND_FAILED;
3908 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
3909
3910 moffset = ovector[1];
3911 moffsetextra = 0;
3912 emptyopt = 0;
3913
3914 /* If we have matched an empty string, first check to see if we are at
3915 the end of the subject. If so, the loop is over. Otherwise, mimic
3916 what Perl's /g options does. This turns out to be rather cunning. First
3917 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
3918 string at the same point. If this fails (picked up above) we advance to
3919 the next character. */
3920
3921 if (ovector[0] == ovector[1])
3922 {
3923 if (ovector[0] == slen) break;
3924 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
3925 }
3926 }
3927
3928 /* All done - restore numerical variables. */
3929
3930 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3931 save_expand_nlength);
3932 continue;
3933 }
3934
3935 /* Handle keyed and numbered substring extraction. If the first argument
3936 consists entirely of digits, then a numerical extraction is assumed. */
3937
3938 case EITEM_EXTRACT:
3939 {
3940 int i;
3941 int j = 2;
3942 int field_number = 1;
3943 BOOL field_number_set = FALSE;
3944 uschar *save_lookup_value = lookup_value;
3945 uschar *sub[3];
3946 int save_expand_nmax =
3947 save_expand_strings(save_expand_nstring, save_expand_nlength);
3948
3949 /* Read the arguments */
3950
3951 for (i = 0; i < j; i++)
3952 {
3953 while (isspace(*s)) s++;
3954 if (*s == '{')
3955 {
3956 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
3957 if (sub[i] == NULL) goto EXPAND_FAILED;
3958 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3959
3960 /* After removal of leading and trailing white space, the first
3961 argument must not be empty; if it consists entirely of digits
3962 (optionally preceded by a minus sign), this is a numerical
3963 extraction, and we expect 3 arguments. */
3964
3965 if (i == 0)
3966 {
3967 int len;
3968 int x = 0;
3969 uschar *p = sub[0];
3970
3971 while (isspace(*p)) p++;
3972 sub[0] = p;
3973
3974 len = Ustrlen(p);
3975 while (len > 0 && isspace(p[len-1])) len--;
3976 p[len] = 0;
3977
3978 if (*p == 0)
3979 {
554d2369
TF
3980 expand_string_message = US"first argument of \"extract\" must "
3981 "not be empty";
059ec3d9
PH
3982 goto EXPAND_FAILED;
3983 }
3984
3985 if (*p == '-')
3986 {
3987 field_number = -1;
3988 p++;
3989 }
3990 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
3991 if (*p == 0)
3992 {
3993 field_number *= x;
3994 j = 3; /* Need 3 args */
3995 field_number_set = TRUE;
3996 }
3997 }
3998 }
3999 else goto EXPAND_FAILED_CURLY;
4000 }
4001
4002 /* Extract either the numbered or the keyed substring into $value. If
4003 skipping, just pretend the extraction failed. */
4004
4005 lookup_value = skipping? NULL : field_number_set?
4006 expand_gettokened(field_number, sub[1], sub[2]) :
4007 expand_getkeyed(sub[0], sub[1]);
4008
4009 /* If no string follows, $value gets substituted; otherwise there can
4010 be yes/no strings, as for lookup or if. */
4011
4012 switch(process_yesno(
4013 skipping, /* were previously skipping */
4014 lookup_value != NULL, /* success/failure indicator */
4015 save_lookup_value, /* value to reset for string2 */
4016 &s, /* input pointer */
4017 &yield, /* output pointer */
4018 &size, /* output size */
4019 &ptr, /* output current point */
4020 US"extract")) /* condition type */
4021 {
4022 case 1: goto EXPAND_FAILED; /* when all is well, the */
4023 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4024 }
4025
4026 /* All done - restore numerical variables. */
4027
4028 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4029 save_expand_nlength);
4030
4031 continue;
4032 }
1a46a8c5
PH
4033
4034
4035 /* If ${dlfunc support is configured, handle calling dynamically-loaded
4036 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
4037 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
4038 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
4039
4040 #define EXPAND_DLFUNC_MAX_ARGS 8
4041
4042 case EITEM_DLFUNC:
4043 #ifndef EXPAND_DLFUNC
4044 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
4045 "is not included in this binary";
4046 goto EXPAND_FAILED;
4047
4048 #else /* EXPAND_DLFUNC */
4049 {
4050 tree_node *t;
4051 exim_dlfunc_t *func;
4052 uschar *result;
4053 int status, argc;
4054 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
4055
4056 if ((expand_forbid & RDO_DLFUNC) != 0)
4057 {
4058 expand_string_message =
4059 US"dynamically-loaded functions are not permitted";
4060 goto EXPAND_FAILED;
4061 }
4062
4063 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
4064 TRUE, US"dlfunc"))
4065 {
4066 case 1: goto EXPAND_FAILED_CURLY;
4067 case 2:
4068 case 3: goto EXPAND_FAILED;
4069 }
4070
4071 /* If skipping, we don't actually do anything */
4072
4073 if (skipping) continue;
4074
4075 /* Look up the dynamically loaded object handle in the tree. If it isn't
4076 found, dlopen() the file and put the handle in the tree for next time. */
4077
4078 t = tree_search(dlobj_anchor, argv[0]);
4079 if (t == NULL)
4080 {
4081 void *handle = dlopen(CS argv[0], RTLD_LAZY);
4082 if (handle == NULL)
4083 {
4084 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
4085 argv[0], dlerror());
4086 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4087 goto EXPAND_FAILED;
4088 }
4089 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
4090 Ustrcpy(t->name, argv[0]);
4091 t->data.ptr = handle;
4092 (void)tree_insertnode(&dlobj_anchor, t);
4093 }
4094
4095 /* Having obtained the dynamically loaded object handle, look up the
4096 function pointer. */
4097
4098 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
4099 if (func == NULL)
4100 {
4101 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
4102 "%s", argv[1], argv[0], dlerror());
7dbf77c9 4103 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
1a46a8c5
PH
4104 goto EXPAND_FAILED;
4105 }
4106
4107 /* Call the function and work out what to do with the result. If it
4108 returns OK, we have a replacement string; if it returns DEFER then
4109 expansion has failed in a non-forced manner; if it returns FAIL then
4110 failure was forced; if it returns ERROR or any other value there's a
4111 problem, so panic slightly. */
4112
4113 result = NULL;
4114 for (argc = 0; argv[argc] != NULL; argc++);
4115 status = func(&result, argc - 2, &argv[2]);
4116 if(status == OK)
4117 {
4118 if (result == NULL) result = US"";
4119 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
4120 continue;
4121 }
4122 else
4123 {
4124 expand_string_message = result == NULL ? US"(no message)" : result;
4125 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
4126 else if(status != FAIL)
4127 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
4128 argv[0], argv[1], status, expand_string_message);
4129 goto EXPAND_FAILED;
4130 }
4131 }
4132 #endif /* EXPAND_DLFUNC */
059ec3d9
PH
4133 }
4134
4135 /* Control reaches here if the name is not recognized as one of the more
4136 complicated expansion items. Check for the "operator" syntax (name terminated