projects / exim.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Return "100" instead of NULL from prvs function if system clock is way
[exim.git] / src / src / expand.c
... / ...
CommitLineData
1/* $Cambridge: exim/src/src/expand.c,v 1.31 2005/06/20 10:28:33 ph10 Exp $ */
2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
7/* Copyright (c) University of Cambridge 1995 - 2005 */
8/* See the file NOTICE for conditions of use and distribution. */
9
10
11/* Functions for handling string expansion. */
12
13
14#include "exim.h"
15
16#ifdef STAND_ALONE
17#ifndef SUPPORT_CRYPTEQ
18#define SUPPORT_CRYPTEQ
19#endif
20#endif
21
22#ifdef SUPPORT_CRYPTEQ
23#ifdef CRYPT_H
24#include <crypt.h>
25#endif
26#ifndef HAVE_CRYPT16
27extern char* crypt16(char*, char*);
28#endif
29#endif
30
31#ifdef LOOKUP_LDAP
32#include "lookups/ldap.h"
33#endif
34
35
36
37/* Recursively called function */
38
39static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43/*************************************************
44* Local statics and tables *
45*************************************************/
46
47/* Table of item names, and corresponding switch numbers. The names must be in
48alphabetical order. */
49
50static uschar *item_table[] = {
51 US"dlfunc",
52 US"extract",
53 US"hash",
54 US"hmac",
55 US"if",
56 US"length",
57 US"lookup",
58 US"nhash",
59 US"perl",
60 US"prvs",
61 US"prvscheck",
62 US"readfile",
63 US"readsocket",
64 US"run",
65 US"sg",
66 US"substr",
67 US"tr" };
68
69enum {
70 EITEM_DLFUNC,
71 EITEM_EXTRACT,
72 EITEM_HASH,
73 EITEM_HMAC,
74 EITEM_IF,
75 EITEM_LENGTH,
76 EITEM_LOOKUP,
77 EITEM_NHASH,
78 EITEM_PERL,
79 EITEM_PRVS,
80 EITEM_PRVSCHECK,
81 EITEM_READFILE,
82 EITEM_READSOCK,
83 EITEM_RUN,
84 EITEM_SG,
85 EITEM_SUBSTR,
86 EITEM_TR };
87
88/* Tables of operator names, and corresponding switch numbers. The names must be
89in alphabetical order. There are two tables, because underscore is used in some
90cases to introduce arguments, whereas for other it is part of the name. This is
91an historical mis-design. */
92
93static uschar *op_table_underscore[] = {
94 US"from_utf8",
95 US"local_part",
96 US"quote_local_part",
97 US"time_interval"};
98
99enum {
100 EOP_FROM_UTF8,
101 EOP_LOCAL_PART,
102 EOP_QUOTE_LOCAL_PART,
103 EOP_TIME_INTERVAL };
104
105static uschar *op_table_main[] = {
106 US"address",
107 US"base62",
108 US"base62d",
109 US"domain",
110 US"escape",
111 US"eval",
112 US"eval10",
113 US"expand",
114 US"h",
115 US"hash",
116 US"hex2b64",
117 US"l",
118 US"lc",
119 US"length",
120 US"mask",
121 US"md5",
122 US"nh",
123 US"nhash",
124 US"quote",
125 US"rfc2047",
126 US"rxquote",
127 US"s",
128 US"sha1",
129 US"stat",
130 US"str2b64",
131 US"strlen",
132 US"substr",
133 US"uc" };
134
135enum {
136 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
137 EOP_BASE62,
138 EOP_BASE62D,
139 EOP_DOMAIN,
140 EOP_ESCAPE,
141 EOP_EVAL,
142 EOP_EVAL10,
143 EOP_EXPAND,
144 EOP_H,
145 EOP_HASH,
146 EOP_HEX2B64,
147 EOP_L,
148 EOP_LC,
149 EOP_LENGTH,
150 EOP_MASK,
151 EOP_MD5,
152 EOP_NH,
153 EOP_NHASH,
154 EOP_QUOTE,
155 EOP_RFC2047,
156 EOP_RXQUOTE,
157 EOP_S,
158 EOP_SHA1,
159 EOP_STAT,
160 EOP_STR2B64,
161 EOP_STRLEN,
162 EOP_SUBSTR,
163 EOP_UC };
164
165
166/* Table of condition names, and corresponding switch numbers. The names must
167be in alphabetical order. */
168
169static uschar *cond_table[] = {
170 US"<",
171 US"<=",
172 US"=",
173 US"==", /* Backward compatibility */
174 US">",
175 US">=",
176 US"and",
177 US"crypteq",
178 US"def",
179 US"eq",
180 US"eqi",
181 US"exists",
182 US"first_delivery",
183 US"ge",
184 US"gei",
185 US"gt",
186 US"gti",
187 US"isip",
188 US"isip4",
189 US"isip6",
190 US"ldapauth",
191 US"le",
192 US"lei",
193 US"lt",
194 US"lti",
195 US"match",
196 US"match_address",
197 US"match_domain",
198 US"match_local_part",
199 US"or",
200 US"pam",
201 US"pwcheck",
202 US"queue_running",
203 US"radius",
204 US"saslauthd"
205};
206
207enum {
208 ECOND_NUM_L,
209 ECOND_NUM_LE,
210 ECOND_NUM_E,
211 ECOND_NUM_EE,
212 ECOND_NUM_G,
213 ECOND_NUM_GE,
214 ECOND_AND,
215 ECOND_CRYPTEQ,
216 ECOND_DEF,
217 ECOND_STR_EQ,
218 ECOND_STR_EQI,
219 ECOND_EXISTS,
220 ECOND_FIRST_DELIVERY,
221 ECOND_STR_GE,
222 ECOND_STR_GEI,
223 ECOND_STR_GT,
224 ECOND_STR_GTI,
225 ECOND_ISIP,
226 ECOND_ISIP4,
227 ECOND_ISIP6,
228 ECOND_LDAPAUTH,
229 ECOND_STR_LE,
230 ECOND_STR_LEI,
231 ECOND_STR_LT,
232 ECOND_STR_LTI,
233 ECOND_MATCH,
234 ECOND_MATCH_ADDRESS,
235 ECOND_MATCH_DOMAIN,
236 ECOND_MATCH_LOCAL_PART,
237 ECOND_OR,
238 ECOND_PAM,
239 ECOND_PWCHECK,
240 ECOND_QUEUE_RUNNING,
241 ECOND_RADIUS,
242 ECOND_SASLAUTHD
243};
244
245
246/* Type for main variable table */
247
248typedef struct {
249 char *name;
250 int type;
251 void *value;
252} var_entry;
253
254/* Type for entries pointing to address/length pairs. Not currently
255in use. */
256
257typedef struct {
258 uschar **address;
259 int *length;
260} alblock;
261
262/* Types of table entry */
263
264enum {
265 vtype_int, /* value is address of int */
266 vtype_filter_int, /* ditto, but recognized only when filtering */
267 vtype_ino, /* value is address of ino_t (not always an int) */
268 vtype_uid, /* value is address of uid_t (not always an int) */
269 vtype_gid, /* value is address of gid_t (not always an int) */
270 vtype_stringptr, /* value is address of pointer to string */
271 vtype_msgbody, /* as stringptr, but read when first required */
272 vtype_msgbody_end, /* ditto, the end of the message */
273 vtype_msgheaders, /* the message's headers */
274 vtype_localpart, /* extract local part from string */
275 vtype_domain, /* extract domain from string */
276 vtype_recipients, /* extract recipients from recipients list */
277 /* (enabled only during system filtering */
278 vtype_todbsdin, /* value not used; generate BSD inbox tod */
279 vtype_tode, /* value not used; generate tod in epoch format */
280 vtype_todf, /* value not used; generate full tod */
281 vtype_todl, /* value not used; generate log tod */
282 vtype_todlf, /* value not used; generate log file datestamp tod */
283 vtype_todzone, /* value not used; generate time zone only */
284 vtype_todzulu, /* value not used; generate zulu tod */
285 vtype_reply, /* value not used; get reply from headers */
286 vtype_pid, /* value not used; result is pid */
287 vtype_host_lookup, /* value not used; get host name */
288 vtype_load_avg, /* value not used; result is int from os_getloadavg */
289 vtype_pspace, /* partition space; value is T/F for spool/log */
290 vtype_pinodes /* partition inodes; value is T/F for spool/log */
291#ifdef EXPERIMENTAL_DOMAINKEYS
292 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
293#endif
294 };
295
296/* This table must be kept in alphabetical order. */
297
298static var_entry var_table[] = {
299 { "acl_c0", vtype_stringptr, &acl_var[0] },
300 { "acl_c1", vtype_stringptr, &acl_var[1] },
301 { "acl_c2", vtype_stringptr, &acl_var[2] },
302 { "acl_c3", vtype_stringptr, &acl_var[3] },
303 { "acl_c4", vtype_stringptr, &acl_var[4] },
304 { "acl_c5", vtype_stringptr, &acl_var[5] },
305 { "acl_c6", vtype_stringptr, &acl_var[6] },
306 { "acl_c7", vtype_stringptr, &acl_var[7] },
307 { "acl_c8", vtype_stringptr, &acl_var[8] },
308 { "acl_c9", vtype_stringptr, &acl_var[9] },
309 { "acl_m0", vtype_stringptr, &acl_var[10] },
310 { "acl_m1", vtype_stringptr, &acl_var[11] },
311 { "acl_m2", vtype_stringptr, &acl_var[12] },
312 { "acl_m3", vtype_stringptr, &acl_var[13] },
313 { "acl_m4", vtype_stringptr, &acl_var[14] },
314 { "acl_m5", vtype_stringptr, &acl_var[15] },
315 { "acl_m6", vtype_stringptr, &acl_var[16] },
316 { "acl_m7", vtype_stringptr, &acl_var[17] },
317 { "acl_m8", vtype_stringptr, &acl_var[18] },
318 { "acl_m9", vtype_stringptr, &acl_var[19] },
319 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
320 { "address_data", vtype_stringptr, &deliver_address_data },
321 { "address_file", vtype_stringptr, &address_file },
322 { "address_pipe", vtype_stringptr, &address_pipe },
323 { "authenticated_id", vtype_stringptr, &authenticated_id },
324 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
325 { "authentication_failed",vtype_int, &authentication_failed },
326#ifdef EXPERIMENTAL_BRIGHTMAIL
327 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
328 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
329 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
330 { "bmi_deliver", vtype_int, &bmi_deliver },
331#endif
332 { "body_linecount", vtype_int, &body_linecount },
333 { "body_zerocount", vtype_int, &body_zerocount },
334 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
335 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
336 { "caller_gid", vtype_gid, &real_gid },
337 { "caller_uid", vtype_uid, &real_uid },
338 { "compile_date", vtype_stringptr, &version_date },
339 { "compile_number", vtype_stringptr, &version_cnumber },
340 { "csa_status", vtype_stringptr, &csa_status },
341#ifdef WITH_OLD_DEMIME
342 { "demime_errorlevel", vtype_int, &demime_errorlevel },
343 { "demime_reason", vtype_stringptr, &demime_reason },
344#endif
345#ifdef EXPERIMENTAL_DOMAINKEYS
346 { "dk_domain", vtype_stringptr, &dk_signing_domain },
347 { "dk_is_signed", vtype_dk_verify, NULL },
348 { "dk_result", vtype_dk_verify, NULL },
349 { "dk_selector", vtype_stringptr, &dk_signing_selector },
350 { "dk_sender", vtype_dk_verify, NULL },
351 { "dk_sender_domain", vtype_dk_verify, NULL },
352 { "dk_sender_local_part",vtype_dk_verify, NULL },
353 { "dk_sender_source", vtype_dk_verify, NULL },
354 { "dk_signsall", vtype_dk_verify, NULL },
355 { "dk_status", vtype_dk_verify, NULL },
356 { "dk_testing", vtype_dk_verify, NULL },
357#endif
358 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
359 { "dnslist_text", vtype_stringptr, &dnslist_text },
360 { "dnslist_value", vtype_stringptr, &dnslist_value },
361 { "domain", vtype_stringptr, &deliver_domain },
362 { "domain_data", vtype_stringptr, &deliver_domain_data },
363 { "exim_gid", vtype_gid, &exim_gid },
364 { "exim_path", vtype_stringptr, &exim_path },
365 { "exim_uid", vtype_uid, &exim_uid },
366#ifdef WITH_OLD_DEMIME
367 { "found_extension", vtype_stringptr, &found_extension },
368#endif
369 { "home", vtype_stringptr, &deliver_home },
370 { "host", vtype_stringptr, &deliver_host },
371 { "host_address", vtype_stringptr, &deliver_host_address },
372 { "host_data", vtype_stringptr, &host_data },
373 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
374 { "host_lookup_failed", vtype_int, &host_lookup_failed },
375 { "inode", vtype_ino, &deliver_inode },
376 { "interface_address", vtype_stringptr, &interface_address },
377 { "interface_port", vtype_int, &interface_port },
378 #ifdef LOOKUP_LDAP
379 { "ldap_dn", vtype_stringptr, &eldap_dn },
380 #endif
381 { "load_average", vtype_load_avg, NULL },
382 { "local_part", vtype_stringptr, &deliver_localpart },
383 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
384 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
385 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
386 { "local_scan_data", vtype_stringptr, &local_scan_data },
387 { "local_user_gid", vtype_gid, &local_user_gid },
388 { "local_user_uid", vtype_uid, &local_user_uid },
389 { "localhost_number", vtype_int, &host_number },
390 { "log_inodes", vtype_pinodes, (void *)FALSE },
391 { "log_space", vtype_pspace, (void *)FALSE },
392 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
393#ifdef WITH_CONTENT_SCAN
394 { "malware_name", vtype_stringptr, &malware_name },
395#endif
396 { "message_age", vtype_int, &message_age },
397 { "message_body", vtype_msgbody, &message_body },
398 { "message_body_end", vtype_msgbody_end, &message_body_end },
399 { "message_body_size", vtype_int, &message_body_size },
400 { "message_headers", vtype_msgheaders, NULL },
401 { "message_id", vtype_stringptr, &message_id },
402 { "message_linecount", vtype_int, &message_linecount },
403 { "message_size", vtype_int, &message_size },
404#ifdef WITH_CONTENT_SCAN
405 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
406 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
407 { "mime_boundary", vtype_stringptr, &mime_boundary },
408 { "mime_charset", vtype_stringptr, &mime_charset },
409 { "mime_content_description", vtype_stringptr, &mime_content_description },
410 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
411 { "mime_content_id", vtype_stringptr, &mime_content_id },
412 { "mime_content_size", vtype_int, &mime_content_size },
413 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
414 { "mime_content_type", vtype_stringptr, &mime_content_type },
415 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
416 { "mime_filename", vtype_stringptr, &mime_filename },
417 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
418 { "mime_is_multipart", vtype_int, &mime_is_multipart },
419 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
420 { "mime_part_count", vtype_int, &mime_part_count },
421#endif
422 { "n0", vtype_filter_int, &filter_n[0] },
423 { "n1", vtype_filter_int, &filter_n[1] },
424 { "n2", vtype_filter_int, &filter_n[2] },
425 { "n3", vtype_filter_int, &filter_n[3] },
426 { "n4", vtype_filter_int, &filter_n[4] },
427 { "n5", vtype_filter_int, &filter_n[5] },
428 { "n6", vtype_filter_int, &filter_n[6] },
429 { "n7", vtype_filter_int, &filter_n[7] },
430 { "n8", vtype_filter_int, &filter_n[8] },
431 { "n9", vtype_filter_int, &filter_n[9] },
432 { "original_domain", vtype_stringptr, &deliver_domain_orig },
433 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
434 { "originator_gid", vtype_gid, &originator_gid },
435 { "originator_uid", vtype_uid, &originator_uid },
436 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
437 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
438 { "pid", vtype_pid, NULL },
439 { "primary_hostname", vtype_stringptr, &primary_hostname },
440 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
441 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
442 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
443 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
444 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
445 { "rcpt_count", vtype_int, &rcpt_count },
446 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
447 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
448 { "received_count", vtype_int, &received_count },
449 { "received_for", vtype_stringptr, &received_for },
450 { "received_protocol", vtype_stringptr, &received_protocol },
451 { "received_time", vtype_int, &received_time },
452 { "recipient_data", vtype_stringptr, &recipient_data },
453 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
454 { "recipients", vtype_recipients, NULL },
455 { "recipients_count", vtype_int, &recipients_count },
456#ifdef WITH_CONTENT_SCAN
457 { "regex_match_string", vtype_stringptr, &regex_match_string },
458#endif
459 { "reply_address", vtype_reply, NULL },
460 { "return_path", vtype_stringptr, &return_path },
461 { "return_size_limit", vtype_int, &bounce_return_size_limit },
462 { "runrc", vtype_int, &runrc },
463 { "self_hostname", vtype_stringptr, &self_hostname },
464 { "sender_address", vtype_stringptr, &sender_address },
465 { "sender_address_data", vtype_stringptr, &sender_address_data },
466 { "sender_address_domain", vtype_domain, &sender_address },
467 { "sender_address_local_part", vtype_localpart, &sender_address },
468 { "sender_data", vtype_stringptr, &sender_data },
469 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
470 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
471 { "sender_host_address", vtype_stringptr, &sender_host_address },
472 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
473 { "sender_host_name", vtype_host_lookup, NULL },
474 { "sender_host_port", vtype_int, &sender_host_port },
475 { "sender_ident", vtype_stringptr, &sender_ident },
476 { "sender_rate", vtype_stringptr, &sender_rate },
477 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
478 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
479 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
480 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
481 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
482 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
483 { "sn0", vtype_filter_int, &filter_sn[0] },
484 { "sn1", vtype_filter_int, &filter_sn[1] },
485 { "sn2", vtype_filter_int, &filter_sn[2] },
486 { "sn3", vtype_filter_int, &filter_sn[3] },
487 { "sn4", vtype_filter_int, &filter_sn[4] },
488 { "sn5", vtype_filter_int, &filter_sn[5] },
489 { "sn6", vtype_filter_int, &filter_sn[6] },
490 { "sn7", vtype_filter_int, &filter_sn[7] },
491 { "sn8", vtype_filter_int, &filter_sn[8] },
492 { "sn9", vtype_filter_int, &filter_sn[9] },
493#ifdef WITH_CONTENT_SCAN
494 { "spam_bar", vtype_stringptr, &spam_bar },
495 { "spam_report", vtype_stringptr, &spam_report },
496 { "spam_score", vtype_stringptr, &spam_score },
497 { "spam_score_int", vtype_stringptr, &spam_score_int },
498#endif
499#ifdef EXPERIMENTAL_SPF
500 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
501 { "spf_received", vtype_stringptr, &spf_received },
502 { "spf_result", vtype_stringptr, &spf_result },
503 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
504#endif
505 { "spool_directory", vtype_stringptr, &spool_directory },
506 { "spool_inodes", vtype_pinodes, (void *)TRUE },
507 { "spool_space", vtype_pspace, (void *)TRUE },
508#ifdef EXPERIMENTAL_SRS
509 { "srs_db_address", vtype_stringptr, &srs_db_address },
510 { "srs_db_key", vtype_stringptr, &srs_db_key },
511 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
512 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
513 { "srs_recipient", vtype_stringptr, &srs_recipient },
514 { "srs_status", vtype_stringptr, &srs_status },
515#endif
516 { "thisaddress", vtype_stringptr, &filter_thisaddress },
517 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
518 { "tls_cipher", vtype_stringptr, &tls_cipher },
519 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
520 { "tod_bsdinbox", vtype_todbsdin, NULL },
521 { "tod_epoch", vtype_tode, NULL },
522 { "tod_full", vtype_todf, NULL },
523 { "tod_log", vtype_todl, NULL },
524 { "tod_logfile", vtype_todlf, NULL },
525 { "tod_zone", vtype_todzone, NULL },
526 { "tod_zulu", vtype_todzulu, NULL },
527 { "value", vtype_stringptr, &lookup_value },
528 { "version_number", vtype_stringptr, &version_string },
529 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
530 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
531 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
532 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
533 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
534 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
535};
536
537static int var_table_size = sizeof(var_table)/sizeof(var_entry);
538static uschar var_buffer[256];
539static BOOL malformed_header;
540
541/* For textual hashes */
542
543static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
544 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
545 "0123456789";
546
547enum { HMAC_MD5, HMAC_SHA1 };
548
549/* For numeric hashes */
550
551static unsigned int prime[] = {
552 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
553 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
554 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
555
556/* For printing modes in symbolic form */
557
558static uschar *mtable_normal[] =
559 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
560
561static uschar *mtable_setid[] =
562 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
563
564static uschar *mtable_sticky[] =
565 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
566
567
568
569/*************************************************
570* Tables for UTF-8 support *
571*************************************************/
572
573/* Table of the number of extra characters, indexed by the first character
574masked with 0x3f. The highest number for a valid UTF-8 character is in fact
5750x3d. */
576
577static uschar utf8_table1[] = {
578 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
579 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
580 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
581 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
582
583/* These are the masks for the data bits in the first byte of a character,
584indexed by the number of additional bytes. */
585
586static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
587
588/* Get the next UTF-8 character, advancing the pointer. */
589
590#define GETUTF8INC(c, ptr) \
591 c = *ptr++; \
592 if ((c & 0xc0) == 0xc0) \
593 { \
594 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
595 int s = 6*a; \
596 c = (c & utf8_table2[a]) << s; \
597 while (a-- > 0) \
598 { \
599 s -= 6; \
600 c |= (*ptr++ & 0x3f) << s; \
601 } \
602 }
603
604
605/*************************************************
606* Binary chop search on a table *
607*************************************************/
608
609/* This is used for matching expansion items and operators.
610
611Arguments:
612 name the name that is being sought
613 table the table to search
614 table_size the number of items in the table
615
616Returns: the offset in the table, or -1
617*/
618
619static int
620chop_match(uschar *name, uschar **table, int table_size)
621{
622uschar **bot = table;
623uschar **top = table + table_size;
624
625while (top > bot)
626 {
627 uschar **mid = bot + (top - bot)/2;
628 int c = Ustrcmp(name, *mid);
629 if (c == 0) return mid - table;
630 if (c > 0) bot = mid + 1; else top = mid;
631 }
632
633return -1;
634}
635
636
637
638/*************************************************
639* Check a condition string *
640*************************************************/
641
642/* This function is called to expand a string, and test the result for a "true"
643or "false" value. Failure of the expansion yields FALSE; logged unless it was a
644forced fail or lookup defer. All store used by the function can be released on
645exit.
646
647Arguments:
648 condition the condition string
649 m1 text to be incorporated in panic error
650 m2 ditto
651
652Returns: TRUE if condition is met, FALSE if not
653*/
654
655BOOL
656expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
657{
658int rc;
659void *reset_point = store_get(0);
660uschar *ss = expand_string(condition);
661if (ss == NULL)
662 {
663 if (!expand_string_forcedfail && !search_find_defer)
664 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
665 "for %s %s: %s", condition, m1, m2, expand_string_message);
666 return FALSE;
667 }
668rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
669 strcmpic(ss, US"false") != 0;
670store_reset(reset_point);
671return rc;
672}
673
674
675
676/*************************************************
677* Pick out a name from a string *
678*************************************************/
679
680/* If the name is too long, it is silently truncated.
681
682Arguments:
683 name points to a buffer into which to put the name
684 max is the length of the buffer
685 s points to the first alphabetic character of the name
686 extras chars other than alphanumerics to permit
687
688Returns: pointer to the first character after the name
689
690Note: The test for *s != 0 in the while loop is necessary because
691Ustrchr() yields non-NULL if the character is zero (which is not something
692I expected). */
693
694static uschar *
695read_name(uschar *name, int max, uschar *s, uschar *extras)
696{
697int ptr = 0;
698while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
699 {
700 if (ptr < max-1) name[ptr++] = *s;
701 s++;
702 }
703name[ptr] = 0;
704return s;
705}
706
707
708
709/*************************************************
710* Pick out the rest of a header name *
711*************************************************/
712
713/* A variable name starting $header_ (or just $h_ for those who like
714abbreviations) might not be the complete header name because headers can
715contain any printing characters in their names, except ':'. This function is
716called to read the rest of the name, chop h[eader]_ off the front, and put ':'
717on the end, if the name was terminated by white space.
718
719Arguments:
720 name points to a buffer in which the name read so far exists
721 max is the length of the buffer
722 s points to the first character after the name so far, i.e. the
723 first non-alphameric character after $header_xxxxx
724
725Returns: a pointer to the first character after the header name
726*/
727
728static uschar *
729read_header_name(uschar *name, int max, uschar *s)
730{
731int prelen = Ustrchr(name, '_') - name + 1;
732int ptr = Ustrlen(name) - prelen;
733if (ptr > 0) memmove(name, name+prelen, ptr);
734while (mac_isgraph(*s) && *s != ':')
735 {
736 if (ptr < max-1) name[ptr++] = *s;
737 s++;
738 }
739if (*s == ':') s++;
740name[ptr++] = ':';
741name[ptr] = 0;
742return s;
743}
744
745
746
747/*************************************************
748* Pick out a number from a string *
749*************************************************/
750
751/* Arguments:
752 n points to an integer into which to put the number
753 s points to the first digit of the number
754
755Returns: a pointer to the character after the last digit
756*/
757
758static uschar *
759read_number(int *n, uschar *s)
760{
761*n = 0;
762while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
763return s;
764}
765
766
767
768/*************************************************
769* Extract keyed subfield from a string *
770*************************************************/
771
772/* The yield is in dynamic store; NULL means that the key was not found.
773
774Arguments:
775 key points to the name of the key
776 s points to the string from which to extract the subfield
777
778Returns: NULL if the subfield was not found, or
779 a pointer to the subfield's data
780*/
781
782static uschar *
783expand_getkeyed(uschar *key, uschar *s)
784{
785int length = Ustrlen(key);
786while (isspace(*s)) s++;
787
788/* Loop to search for the key */
789
790while (*s != 0)
791 {
792 int dkeylength;
793 uschar *data;
794 uschar *dkey = s;
795
796 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
797 dkeylength = s - dkey;
798 while (isspace(*s)) s++;
799 if (*s == '=') while (isspace((*(++s))));
800
801 data = string_dequote(&s);
802 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
803 return data;
804
805 while (isspace(*s)) s++;
806 }
807
808return NULL;
809}
810
811
812
813
814/*************************************************
815* Extract numbered subfield from string *
816*************************************************/
817
818/* Extracts a numbered field from a string that is divided by tokens - for
819example a line from /etc/passwd is divided by colon characters. First field is
820numbered one. Negative arguments count from the right. Zero returns the whole
821string. Returns NULL if there are insufficient tokens in the string
822
823***WARNING***
824Modifies final argument - this is a dynamically generated string, so that's OK.
825
826Arguments:
827 field number of field to be extracted,
828 first field = 1, whole string = 0, last field = -1
829 separators characters that are used to break string into tokens
830 s points to the string from which to extract the subfield
831
832Returns: NULL if the field was not found,
833 a pointer to the field's data inside s (modified to add 0)
834*/
835
836static uschar *
837expand_gettokened (int field, uschar *separators, uschar *s)
838{
839int sep = 1;
840int count;
841uschar *ss = s;
842uschar *fieldtext = NULL;
843
844if (field == 0) return s;
845
846/* Break the line up into fields in place; for field > 0 we stop when we have
847done the number of fields we want. For field < 0 we continue till the end of
848the string, counting the number of fields. */
849
850count = (field > 0)? field : INT_MAX;
851
852while (count-- > 0)
853 {
854 size_t len;
855
856 /* Previous field was the last one in the string. For a positive field
857 number, this means there are not enough fields. For a negative field number,
858 check that there are enough, and scan back to find the one that is wanted. */
859
860 if (sep == 0)
861 {
862 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
863 if ((-field) == (INT_MAX - count - 1)) return s;
864 while (field++ < 0)
865 {
866 ss--;
867 while (ss[-1] != 0) ss--;
868 }
869 fieldtext = ss;
870 break;
871 }
872
873 /* Previous field was not last in the string; save its start and put a
874 zero at its end. */
875
876 fieldtext = ss;
877 len = Ustrcspn(ss, separators);
878 sep = ss[len];
879 ss[len] = 0;
880 ss += len + 1;
881 }
882
883return fieldtext;
884}
885
886
887
888/*************************************************
889* Extract a substring from a string *
890*************************************************/
891
892/* Perform the ${substr or ${length expansion operations.
893
894Arguments:
895 subject the input string
896 value1 the offset from the start of the input string to the start of
897 the output string; if negative, count from the right.
898 value2 the length of the output string, or negative (-1) for unset
899 if value1 is positive, unset means "all after"
900 if value1 is negative, unset means "all before"
901 len set to the length of the returned string
902
903Returns: pointer to the output string, or NULL if there is an error
904*/
905
906static uschar *
907extract_substr(uschar *subject, int value1, int value2, int *len)
908{
909int sublen = Ustrlen(subject);
910
911if (value1 < 0) /* count from right */
912 {
913 value1 += sublen;
914
915 /* If the position is before the start, skip to the start, and adjust the
916 length. If the length ends up negative, the substring is null because nothing
917 can precede. This falls out naturally when the length is unset, meaning "all
918 to the left". */
919
920 if (value1 < 0)
921 {
922 value2 += value1;
923 if (value2 < 0) value2 = 0;
924 value1 = 0;
925 }
926
927 /* Otherwise an unset length => characters before value1 */
928
929 else if (value2 < 0)
930 {
931 value2 = value1;
932 value1 = 0;
933 }
934 }
935
936/* For a non-negative offset, if the starting position is past the end of the
937string, the result will be the null string. Otherwise, an unset length means
938"rest"; just set it to the maximum - it will be cut down below if necessary. */
939
940else
941 {
942 if (value1 > sublen)
943 {
944 value1 = sublen;
945 value2 = 0;
946 }
947 else if (value2 < 0) value2 = sublen;
948 }
949
950/* Cut the length down to the maximum possible for the offset value, and get
951the required characters. */
952
953if (value1 + value2 > sublen) value2 = sublen - value1;
954*len = value2;
955return subject + value1;
956}
957
958
959
960
961/*************************************************
962* Old-style hash of a string *
963*************************************************/
964
965/* Perform the ${hash expansion operation.
966
967Arguments:
968 subject the input string (an expanded substring)
969 value1 the length of the output string; if greater or equal to the
970 length of the input string, the input string is returned
971 value2 the number of hash characters to use, or 26 if negative
972 len set to the length of the returned string
973
974Returns: pointer to the output string, or NULL if there is an error
975*/
976
977static uschar *
978compute_hash(uschar *subject, int value1, int value2, int *len)
979{
980int sublen = Ustrlen(subject);
981
982if (value2 < 0) value2 = 26;
983else if (value2 > Ustrlen(hashcodes))
984 {
985 expand_string_message =
986 string_sprintf("hash count \"%d\" too big", value2);
987 return NULL;
988 }
989
990/* Calculate the hash text. We know it is shorter than the original string, so
991can safely place it in subject[] (we know that subject is always itself an
992expanded substring). */
993
994if (value1 < sublen)
995 {
996 int c;
997 int i = 0;
998 int j = value1;
999 while ((c = (subject[j])) != 0)
1000 {
1001 int shift = (c + j++) & 7;
1002 subject[i] ^= (c << shift) | (c >> (8-shift));
1003 if (++i >= value1) i = 0;
1004 }
1005 for (i = 0; i < value1; i++)
1006 subject[i] = hashcodes[(subject[i]) % value2];
1007 }
1008else value1 = sublen;
1009
1010*len = value1;
1011return subject;
1012}
1013
1014
1015
1016
1017/*************************************************
1018* Numeric hash of a string *
1019*************************************************/
1020
1021/* Perform the ${nhash expansion operation. The first characters of the
1022string are treated as most important, and get the highest prime numbers.
1023
1024Arguments:
1025 subject the input string
1026 value1 the maximum value of the first part of the result
1027 value2 the maximum value of the second part of the result,
1028 or negative to produce only a one-part result
1029 len set to the length of the returned string
1030
1031Returns: pointer to the output string, or NULL if there is an error.
1032*/
1033
1034static uschar *
1035compute_nhash (uschar *subject, int value1, int value2, int *len)
1036{
1037uschar *s = subject;
1038int i = 0;
1039unsigned long int total = 0; /* no overflow */
1040
1041while (*s != 0)
1042 {
1043 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1044 total += prime[i--] * (unsigned int)(*s++);
1045 }
1046
1047/* If value2 is unset, just compute one number */
1048
1049if (value2 < 0)
1050 {
1051 s = string_sprintf("%d", total % value1);
1052 }
1053
1054/* Otherwise do a div/mod hash */
1055
1056else
1057 {
1058 total = total % (value1 * value2);
1059 s = string_sprintf("%d/%d", total/value2, total % value2);
1060 }
1061
1062*len = Ustrlen(s);
1063return s;
1064}
1065
1066
1067
1068
1069
1070/*************************************************
1071* Find the value of a header or headers *
1072*************************************************/
1073
1074/* Multiple instances of the same header get concatenated, and this function
1075can also return a concatenation of all the header lines. When concatenating
1076specific headers that contain lists of addresses, a comma is inserted between
1077them. Otherwise we use a straight concatenation. Because some messages can have
1078pathologically large number of lines, there is a limit on the length that is
1079returned. Also, to avoid massive store use which would result from using
1080string_cat() as it copies and extends strings, we do a preliminary pass to find
1081out exactly how much store will be needed. On "normal" messages this will be
1082pretty trivial.
1083
1084Arguments:
1085 name the name of the header, without the leading $header_ or $h_,
1086 or NULL if a concatenation of all headers is required
1087 exists_only TRUE if called from a def: test; don't need to build a string;
1088 just return a string that is not "" and not "0" if the header
1089 exists
1090 newsize return the size of memory block that was obtained; may be NULL
1091 if exists_only is TRUE
1092 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1093 other than concatenating, will be done on the header
1094 charset name of charset to translate MIME words to; used only if
1095 want_raw is false; if NULL, no translation is done (this is
1096 used for $bh_ and $bheader_)
1097
1098Returns: NULL if the header does not exist, else a pointer to a new
1099 store block
1100*/
1101
1102static uschar *
1103find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1104 uschar *charset)
1105{
1106BOOL found = name == NULL;
1107int comma = 0;
1108int len = found? 0 : Ustrlen(name);
1109int i;
1110uschar *yield = NULL;
1111uschar *ptr = NULL;
1112
1113/* Loop for two passes - saves code repetition */
1114
1115for (i = 0; i < 2; i++)
1116 {
1117 int size = 0;
1118 header_line *h;
1119
1120 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1121 {
1122 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1123 {
1124 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1125 {
1126 int ilen;
1127 uschar *t;
1128
1129 if (exists_only) return US"1"; /* don't need actual string */
1130 found = TRUE;
1131 t = h->text + len; /* text to insert */
1132 if (!want_raw) /* unless wanted raw, */
1133 while (isspace(*t)) t++; /* remove leading white space */
1134 ilen = h->slen - (t - h->text); /* length to insert */
1135
1136 /* Set comma = 1 if handling a single header and it's one of those
1137 that contains an address list, except when asked for raw headers. Only
1138 need to do this once. */
1139
1140 if (!want_raw && name != NULL && comma == 0 &&
1141 Ustrchr("BCFRST", h->type) != NULL)
1142 comma = 1;
1143
1144 /* First pass - compute total store needed; second pass - compute
1145 total store used, including this header. */
1146
1147 size += ilen + comma;
1148
1149 /* Second pass - concatentate the data, up to a maximum. Note that
1150 the loop stops when size hits the limit. */
1151
1152 if (i != 0)
1153 {
1154 if (size > header_insert_maxlen)
1155 {
1156 ilen -= size - header_insert_maxlen;
1157 comma = 0;
1158 }
1159 Ustrncpy(ptr, t, ilen);
1160 ptr += ilen;
1161 if (comma != 0 && ilen > 0)
1162 {
1163 ptr[-1] = ',';
1164 *ptr++ = '\n';
1165 }
1166 }
1167 }
1168 }
1169 }
1170
1171 /* At end of first pass, truncate size if necessary, and get the buffer
1172 to hold the data, returning the buffer size. */
1173
1174 if (i == 0)
1175 {
1176 if (!found) return NULL;
1177 if (size > header_insert_maxlen) size = header_insert_maxlen;
1178 *newsize = size + 1;
1179 ptr = yield = store_get(*newsize);
1180 }
1181 }
1182
1183/* Remove a redundant added comma if present */
1184
1185if (comma != 0 && ptr > yield) ptr -= 2;
1186
1187/* That's all we do for raw header expansion. */
1188
1189if (want_raw)
1190 {
1191 *ptr = 0;
1192 }
1193
1194/* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
11952047 decoding, translating the charset if requested. The rfc2047_decode2()
1196function can return an error with decoded data if the charset translation
1197fails. If decoding fails, it returns NULL. */
1198
1199else
1200 {
1201 uschar *decoded, *error;
1202 while (ptr > yield && isspace(ptr[-1])) ptr--;
1203 *ptr = 0;
1204 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1205 if (error != NULL)
1206 {
1207 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1208 " input was: %s\n", error, yield);
1209 }
1210 if (decoded != NULL) yield = decoded;
1211 }
1212
1213return yield;
1214}
1215
1216
1217
1218
1219/*************************************************
1220* Find value of a variable *
1221*************************************************/
1222
1223/* The table of variables is kept in alphabetic order, so we can search it
1224using a binary chop. The "choplen" variable is nothing to do with the binary
1225chop.
1226
1227Arguments:
1228 name the name of the variable being sought
1229 exists_only TRUE if this is a def: test; passed on to find_header()
1230 skipping TRUE => skip any processing evaluation; this is not the same as
1231 exists_only because def: may test for values that are first
1232 evaluated here
1233 newsize pointer to an int which is initially zero; if the answer is in
1234 a new memory buffer, *newsize is set to its size
1235
1236Returns: NULL if the variable does not exist, or
1237 a pointer to the variable's contents, or
1238 something non-NULL if exists_only is TRUE
1239*/
1240
1241static uschar *
1242find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1243{
1244int first = 0;
1245int last = var_table_size;
1246
1247while (last > first)
1248 {
1249 uschar *s, *domain;
1250 uschar **ss;
1251 int middle = (first + last)/2;
1252 int c = Ustrcmp(name, var_table[middle].name);
1253
1254 if (c > 0) { first = middle + 1; continue; }
1255 if (c < 0) { last = middle; continue; }
1256
1257 /* Found an existing variable. If in skipping state, the value isn't needed,
1258 and we want to avoid processing (such as looking up up the host name). */
1259
1260 if (skipping) return US"";
1261
1262 switch (var_table[middle].type)
1263 {
1264 case vtype_filter_int:
1265 if (!filter_running) return NULL;
1266 /* Fall through */
1267
1268#ifdef EXPERIMENTAL_DOMAINKEYS
1269
1270 case vtype_dk_verify:
1271 if (dk_verify_block == NULL) return US"";
1272 s = NULL;
1273 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1274 s = dk_verify_block->result_string;
1275 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1276 s = dk_verify_block->address;
1277 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1278 s = dk_verify_block->domain;
1279 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1280 s = dk_verify_block->local_part;
1281
1282 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1283 switch(dk_verify_block->address_source) {
1284 case DK_EXIM_ADDRESS_NONE: s = "0"; break;
1285 case DK_EXIM_ADDRESS_FROM_FROM: s = "from"; break;
1286 case DK_EXIM_ADDRESS_FROM_SENDER: s = "sender"; break;
1287 }
1288
1289 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1290 switch(dk_verify_block->result) {
1291 case DK_EXIM_RESULT_ERR: s = "error"; break;
1292 case DK_EXIM_RESULT_BAD_FORMAT: s = "bad format"; break;
1293 case DK_EXIM_RESULT_NO_KEY: s = "no key"; break;
1294 case DK_EXIM_RESULT_NO_SIGNATURE: s = "no signature"; break;
1295 case DK_EXIM_RESULT_REVOKED: s = "revoked"; break;
1296 case DK_EXIM_RESULT_NON_PARTICIPANT: s = "non-participant"; break;
1297 case DK_EXIM_RESULT_GOOD: s = "good"; break;
1298 case DK_EXIM_RESULT_BAD: s = "bad"; break;
1299 }
1300
1301 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
1302 s = (dk_verify_block->signsall)? "1" : "0";
1303
1304 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
1305 s = (dk_verify_block->testing)? "1" : "0";
1306
1307 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
1308 s = (dk_verify_block->is_signed)? "1" : "0";
1309
1310 return (s == NULL)? US"" : s;
1311#endif
1312
1313 case vtype_int:
1314 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1315 return var_buffer;
1316
1317 case vtype_ino:
1318 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1319 return var_buffer;
1320
1321 case vtype_gid:
1322 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1323 return var_buffer;
1324
1325 case vtype_uid:
1326 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1327 return var_buffer;
1328
1329 case vtype_stringptr: /* Pointer to string */
1330 s = *((uschar **)(var_table[middle].value));
1331 return (s == NULL)? US"" : s;
1332
1333 case vtype_pid:
1334 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1335 return var_buffer;
1336
1337 case vtype_load_avg:
1338 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1339 return var_buffer;
1340
1341 case vtype_host_lookup: /* Lookup if not done so */
1342 if (sender_host_name == NULL && sender_host_address != NULL &&
1343 !host_lookup_failed && host_name_lookup() == OK)
1344 host_build_sender_fullhost();
1345 return (sender_host_name == NULL)? US"" : sender_host_name;
1346
1347 case vtype_localpart: /* Get local part from address */
1348 s = *((uschar **)(var_table[middle].value));
1349 if (s == NULL) return US"";
1350 domain = Ustrrchr(s, '@');
1351 if (domain == NULL) return s;
1352 if (domain - s > sizeof(var_buffer) - 1)
1353 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1354 "string expansion", sizeof(var_buffer));
1355 Ustrncpy(var_buffer, s, domain - s);
1356 var_buffer[domain - s] = 0;
1357 return var_buffer;
1358
1359 case vtype_domain: /* Get domain from address */
1360 s = *((uschar **)(var_table[middle].value));
1361 if (s == NULL) return US"";
1362 domain = Ustrrchr(s, '@');
1363 return (domain == NULL)? US"" : domain + 1;
1364
1365 case vtype_msgheaders:
1366 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1367
1368 case vtype_msgbody: /* Pointer to msgbody string */
1369 case vtype_msgbody_end: /* Ditto, the end of the msg */
1370 ss = (uschar **)(var_table[middle].value);
1371 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1372 {
1373 uschar *body;
1374 off_t start_offset = SPOOL_DATA_START_OFFSET;
1375 int len = message_body_visible;
1376 if (len > message_size) len = message_size;
1377 *ss = body = store_malloc(len+1);
1378 body[0] = 0;
1379 if (var_table[middle].type == vtype_msgbody_end)
1380 {
1381 struct stat statbuf;
1382 if (fstat(deliver_datafile, &statbuf) == 0)
1383 {
1384 start_offset = statbuf.st_size - len;
1385 if (start_offset < SPOOL_DATA_START_OFFSET)
1386 start_offset = SPOOL_DATA_START_OFFSET;
1387 }
1388 }
1389 lseek(deliver_datafile, start_offset, SEEK_SET);
1390 len = read(deliver_datafile, body, len);
1391 if (len > 0)
1392 {
1393 body[len] = 0;
1394 while (len > 0)
1395 {
1396 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1397 }
1398 }
1399 }
1400 return (*ss == NULL)? US"" : *ss;
1401
1402 case vtype_todbsdin: /* BSD inbox time of day */
1403 return tod_stamp(tod_bsdin);
1404
1405 case vtype_tode: /* Unix epoch time of day */
1406 return tod_stamp(tod_epoch);
1407
1408 case vtype_todf: /* Full time of day */
1409 return tod_stamp(tod_full);
1410
1411 case vtype_todl: /* Log format time of day */
1412 return tod_stamp(tod_log_bare); /* (without timezone) */
1413
1414 case vtype_todzone: /* Time zone offset only */
1415 return tod_stamp(tod_zone);
1416
1417 case vtype_todzulu: /* Zulu time */
1418 return tod_stamp(tod_zulu);
1419
1420 case vtype_todlf: /* Log file datestamp tod */
1421 return tod_stamp(tod_log_datestamp);
1422
1423 case vtype_reply: /* Get reply address */
1424 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1425 headers_charset);
1426 if (s == NULL || *s == 0)
1427 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1428 return (s == NULL)? US"" : s;
1429
1430 /* A recipients list is available only during system message filtering,
1431 during ACL processing after DATA, and while expanding pipe commands
1432 generated from a system filter, but not elsewhere. */
1433
1434 case vtype_recipients:
1435 if (!enable_dollar_recipients) return NULL; else
1436 {
1437 int size = 128;
1438 int ptr = 0;
1439 int i;
1440 s = store_get(size);
1441 for (i = 0; i < recipients_count; i++)
1442 {
1443 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1444 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1445 Ustrlen(recipients_list[i].address));
1446 }
1447 s[ptr] = 0; /* string_cat() leaves room */
1448 }
1449 return s;
1450
1451 case vtype_pspace:
1452 {
1453 int inodes;
1454 sprintf(CS var_buffer, "%d",
1455 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1456 }
1457 return var_buffer;
1458
1459 case vtype_pinodes:
1460 {
1461 int inodes;
1462 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1463 sprintf(CS var_buffer, "%d", inodes);
1464 }
1465 return var_buffer;
1466 }
1467 }
1468
1469return NULL; /* Unknown variable name */
1470}
1471
1472
1473
1474
1475/*************************************************
1476* Read and expand substrings *
1477*************************************************/
1478
1479/* This function is called to read and expand argument substrings for various
1480expansion items. Some have a minimum requirement that is less than the maximum;
1481in these cases, the first non-present one is set to NULL.
1482
1483Arguments:
1484 sub points to vector of pointers to set
1485 n maximum number of substrings
1486 m minimum required
1487 sptr points to current string pointer
1488 skipping the skipping flag
1489 check_end if TRUE, check for final '}'
1490 name name of item, for error message
1491
1492Returns: 0 OK; string pointer updated
1493 1 curly bracketing error (too few arguments)
1494 2 too many arguments (only if check_end is set); message set
1495 3 other error (expansion failure)
1496*/
1497
1498static int
1499read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1500 BOOL check_end, uschar *name)
1501{
1502int i;
1503uschar *s = *sptr;
1504
1505while (isspace(*s)) s++;
1506for (i = 0; i < n; i++)
1507 {
1508 if (*s != '{')
1509 {
1510 if (i < m) return 1;
1511 sub[i] = NULL;
1512 break;
1513 }
1514 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1515 if (sub[i] == NULL) return 3;
1516 if (*s++ != '}') return 1;
1517 while (isspace(*s)) s++;
1518 }
1519if (check_end && *s++ != '}')
1520 {
1521 if (s[-1] == '{')
1522 {
1523 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1524 "(max is %d)", name, n);
1525 return 2;
1526 }
1527 return 1;
1528 }
1529
1530*sptr = s;
1531return 0;
1532}
1533
1534
1535
1536
1537/*************************************************
1538* Read and evaluate a condition *
1539*************************************************/
1540
1541/*
1542Arguments:
1543 s points to the start of the condition text
1544 yield points to a BOOL to hold the result of the condition test;
1545 if NULL, we are just reading through a condition that is
1546 part of an "or" combination to check syntax, or in a state
1547 where the answer isn't required
1548
1549Returns: a pointer to the first character after the condition, or
1550 NULL after an error
1551*/
1552
1553static uschar *
1554eval_condition(uschar *s, BOOL *yield)
1555{
1556BOOL testfor = TRUE;
1557BOOL tempcond, combined_cond;
1558BOOL *subcondptr;
1559int i, rc, cond_type, roffset;
1560int num[2];
1561struct stat statbuf;
1562uschar name[256];
1563uschar *sub[4];
1564
1565const pcre *re;
1566const uschar *rerror;
1567
1568for (;;)
1569 {
1570 while (isspace(*s)) s++;
1571 if (*s == '!') { testfor = !testfor; s++; } else break;
1572 }
1573
1574/* Numeric comparisons are symbolic */
1575
1576if (*s == '=' || *s == '>' || *s == '<')
1577 {
1578 int p = 0;
1579 name[p++] = *s++;
1580 if (*s == '=')
1581 {
1582 name[p++] = '=';
1583 s++;
1584 }
1585 name[p] = 0;
1586 }
1587
1588/* All other conditions are named */
1589
1590else s = read_name(name, 256, s, US"_");
1591
1592/* If we haven't read a name, it means some non-alpha character is first. */
1593
1594if (name[0] == 0)
1595 {
1596 expand_string_message = string_sprintf("condition name expected, "
1597 "but found \"%.16s\"", s);
1598 return NULL;
1599 }
1600
1601/* Find which condition we are dealing with, and switch on it */
1602
1603cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1604switch(cond_type)
1605 {
1606 /* def: tests for a non-empty variable, or for the existence of a header. If
1607 yield == NULL we are in a skipping state, and don't care about the answer. */
1608
1609 case ECOND_DEF:
1610 if (*s != ':')
1611 {
1612 expand_string_message = US"\":\" expected after \"def\"";
1613 return NULL;
1614 }
1615
1616 s = read_name(name, 256, s+1, US"_");
1617
1618 /* Test for a header's existence */
1619
1620 if (Ustrncmp(name, "h_", 2) == 0 ||
1621 Ustrncmp(name, "rh_", 3) == 0 ||
1622 Ustrncmp(name, "bh_", 3) == 0 ||
1623 Ustrncmp(name, "header_", 7) == 0 ||
1624 Ustrncmp(name, "rheader_", 8) == 0 ||
1625 Ustrncmp(name, "bheader_", 8) == 0)
1626 {
1627 s = read_header_name(name, 256, s);
1628 if (yield != NULL) *yield =
1629 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1630 }
1631
1632 /* Test for a variable's having a non-empty value. A non-existent variable
1633 causes an expansion failure. */
1634
1635 else
1636 {
1637 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1638 if (value == NULL)
1639 {
1640 expand_string_message = (name[0] == 0)?
1641 string_sprintf("variable name omitted after \"def:\"") :
1642 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1643 return NULL;
1644 }
1645 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1646 }
1647
1648 return s;
1649
1650
1651 /* first_delivery tests for first delivery attempt */
1652
1653 case ECOND_FIRST_DELIVERY:
1654 if (yield != NULL) *yield = deliver_firsttime == testfor;
1655 return s;
1656
1657
1658 /* queue_running tests for any process started by a queue runner */
1659
1660 case ECOND_QUEUE_RUNNING:
1661 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1662 return s;
1663
1664
1665 /* exists: tests for file existence
1666 isip: tests for any IP address
1667 isip4: tests for an IPv4 address
1668 isip6: tests for an IPv6 address
1669 pam: does PAM authentication
1670 radius: does RADIUS authentication
1671 ldapauth: does LDAP authentication
1672 pwcheck: does Cyrus SASL pwcheck authentication
1673 */
1674
1675 case ECOND_EXISTS:
1676 case ECOND_ISIP:
1677 case ECOND_ISIP4:
1678 case ECOND_ISIP6:
1679 case ECOND_PAM:
1680 case ECOND_RADIUS:
1681 case ECOND_LDAPAUTH:
1682 case ECOND_PWCHECK:
1683
1684 while (isspace(*s)) s++;
1685 if (*s != '{') goto COND_FAILED_CURLY_START;
1686
1687 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1688 if (sub[0] == NULL) return NULL;
1689 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1690
1691 if (yield == NULL) return s; /* No need to run the test if skipping */
1692
1693 switch(cond_type)
1694 {
1695 case ECOND_EXISTS:
1696 if ((expand_forbid & RDO_EXISTS) != 0)
1697 {
1698 expand_string_message = US"File existence tests are not permitted";
1699 return NULL;
1700 }
1701 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1702 break;
1703
1704 case ECOND_ISIP:
1705 case ECOND_ISIP4:
1706 case ECOND_ISIP6:
1707 rc = string_is_ip_address(sub[0], NULL);
1708 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1709 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1710 break;
1711
1712 /* Various authentication tests - all optionally compiled */
1713
1714 case ECOND_PAM:
1715 #ifdef SUPPORT_PAM
1716 rc = auth_call_pam(sub[0], &expand_string_message);
1717 goto END_AUTH;
1718 #else
1719 goto COND_FAILED_NOT_COMPILED;
1720 #endif /* SUPPORT_PAM */
1721
1722 case ECOND_RADIUS:
1723 #ifdef RADIUS_CONFIG_FILE
1724 rc = auth_call_radius(sub[0], &expand_string_message);
1725 goto END_AUTH;
1726 #else
1727 goto COND_FAILED_NOT_COMPILED;
1728 #endif /* RADIUS_CONFIG_FILE */
1729
1730 case ECOND_LDAPAUTH:
1731 #ifdef LOOKUP_LDAP
1732 {
1733 /* Just to keep the interface the same */
1734 BOOL do_cache;
1735 int old_pool = store_pool;
1736 store_pool = POOL_SEARCH;
1737 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1738 &expand_string_message, &do_cache);
1739 store_pool = old_pool;
1740 }
1741 goto END_AUTH;
1742 #else
1743 goto COND_FAILED_NOT_COMPILED;
1744 #endif /* LOOKUP_LDAP */
1745
1746 case ECOND_PWCHECK:
1747 #ifdef CYRUS_PWCHECK_SOCKET
1748 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1749 goto END_AUTH;
1750 #else
1751 goto COND_FAILED_NOT_COMPILED;
1752 #endif /* CYRUS_PWCHECK_SOCKET */
1753
1754 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1755 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1756 END_AUTH:
1757 if (rc == ERROR || rc == DEFER) return NULL;
1758 *yield = (rc == OK) == testfor;
1759 #endif
1760 }
1761 return s;
1762
1763
1764 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1765
1766 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1767
1768 However, the last two are optional. That is why the whole set is enclosed
1769 in their own set or braces. */
1770
1771 case ECOND_SASLAUTHD:
1772 #ifndef CYRUS_SASLAUTHD_SOCKET
1773 goto COND_FAILED_NOT_COMPILED;
1774 #else
1775 while (isspace(*s)) s++;
1776 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1777 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1778 {
1779 case 1: expand_string_message = US"too few arguments or bracketing "
1780 "error for saslauthd";
1781 case 2:
1782 case 3: return NULL;
1783 }
1784 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1785 if (yield != NULL)
1786 {
1787 int rc;
1788 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1789 &expand_string_message);
1790 if (rc == ERROR || rc == DEFER) return NULL;
1791 *yield = (rc == OK) == testfor;
1792 }
1793 return s;
1794 #endif /* CYRUS_SASLAUTHD_SOCKET */
1795
1796
1797 /* symbolic operators for numeric and string comparison, and a number of
1798 other operators, all requiring two arguments.
1799
1800 match: does a regular expression match and sets up the numerical
1801 variables if it succeeds
1802 match_address: matches in an address list
1803 match_domain: matches in a domain list
1804 match_local_part: matches in a local part list
1805 crypteq: encrypts plaintext and compares against an encrypted text,
1806 using crypt(), crypt16(), MD5 or SHA-1
1807 */
1808
1809 case ECOND_MATCH:
1810 case ECOND_MATCH_ADDRESS:
1811 case ECOND_MATCH_DOMAIN:
1812 case ECOND_MATCH_LOCAL_PART:
1813 case ECOND_CRYPTEQ:
1814
1815 case ECOND_NUM_L: /* Numerical comparisons */
1816 case ECOND_NUM_LE:
1817 case ECOND_NUM_E:
1818 case ECOND_NUM_EE:
1819 case ECOND_NUM_G:
1820 case ECOND_NUM_GE:
1821
1822 case ECOND_STR_LT: /* String comparisons */
1823 case ECOND_STR_LTI:
1824 case ECOND_STR_LE:
1825 case ECOND_STR_LEI:
1826 case ECOND_STR_EQ:
1827 case ECOND_STR_EQI:
1828 case ECOND_STR_GT:
1829 case ECOND_STR_GTI:
1830 case ECOND_STR_GE:
1831 case ECOND_STR_GEI:
1832
1833 for (i = 0; i < 2; i++)
1834 {
1835 while (isspace(*s)) s++;
1836 if (*s != '{')
1837 {
1838 if (i == 0) goto COND_FAILED_CURLY_START;
1839 expand_string_message = string_sprintf("missing 2nd string in {} "
1840 "after \"%s\"", name);
1841 return NULL;
1842 }
1843 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1844 if (sub[i] == NULL) return NULL;
1845 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1846
1847 /* Convert to numerical if required; we know that the names of all the
1848 conditions that compare numbers do not start with a letter. This just saves
1849 checking for them individually. */
1850
1851 if (!isalpha(name[0]))
1852 {
1853 uschar *endptr;
1854 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1855 if (tolower(*endptr) == 'k')
1856 {
1857 num[i] *= 1024;
1858 endptr++;
1859 }
1860 else if (tolower(*endptr) == 'm')
1861 {
1862 num[i] *= 1024*1024;
1863 endptr++;
1864 }
1865 while (isspace(*endptr)) endptr++;
1866 if (*endptr != 0)
1867 {
1868 expand_string_message = string_sprintf("\"%s\" is not a number",
1869 sub[i]);
1870 return NULL;
1871 }
1872 }
1873 }
1874
1875 /* Result not required */
1876
1877 if (yield == NULL) return s;
1878
1879 /* Do an appropriate comparison */
1880
1881 switch(cond_type)
1882 {
1883 case ECOND_NUM_E:
1884 case ECOND_NUM_EE:
1885 *yield = (num[0] == num[1]) == testfor;
1886 break;
1887
1888 case ECOND_NUM_G:
1889 *yield = (num[0] > num[1]) == testfor;
1890 break;
1891
1892 case ECOND_NUM_GE:
1893 *yield = (num[0] >= num[1]) == testfor;
1894 break;
1895
1896 case ECOND_NUM_L:
1897 *yield = (num[0] < num[1]) == testfor;
1898 break;
1899
1900 case ECOND_NUM_LE:
1901 *yield = (num[0] <= num[1]) == testfor;
1902 break;
1903
1904 case ECOND_STR_LT:
1905 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1906 break;
1907
1908 case ECOND_STR_LTI:
1909 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1910 break;
1911
1912 case ECOND_STR_LE:
1913 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1914 break;
1915
1916 case ECOND_STR_LEI:
1917 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1918 break;
1919
1920 case ECOND_STR_EQ:
1921 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1922 break;
1923
1924 case ECOND_STR_EQI:
1925 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1926 break;
1927
1928 case ECOND_STR_GT:
1929 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1930 break;
1931
1932 case ECOND_STR_GTI:
1933 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1934 break;
1935
1936 case ECOND_STR_GE:
1937 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1938 break;
1939
1940 case ECOND_STR_GEI:
1941 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1942 break;
1943
1944 case ECOND_MATCH: /* Regular expression match */
1945 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1946 NULL);
1947 if (re == NULL)
1948 {
1949 expand_string_message = string_sprintf("regular expression error in "
1950 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1951 return NULL;
1952 }
1953 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1954 break;
1955
1956 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1957 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1958 goto MATCHED_SOMETHING;
1959
1960 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1961 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1962 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1963 goto MATCHED_SOMETHING;
1964
1965 case ECOND_MATCH_LOCAL_PART:
1966 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1967 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1968 /* Fall through */
1969
1970 MATCHED_SOMETHING:
1971 switch(rc)
1972 {
1973 case OK:
1974 *yield = testfor;
1975 break;
1976
1977 case FAIL:
1978 *yield = !testfor;
1979 break;
1980
1981 case DEFER:
1982 expand_string_message = string_sprintf("unable to complete match "
1983 "against \"%s\": %s", sub[1], search_error_message);
1984 return NULL;
1985 }
1986
1987 break;
1988
1989 /* Various "encrypted" comparisons. If the second string starts with
1990 "{" then an encryption type is given. Default to crypt() or crypt16()
1991 (build-time choice). */
1992
1993 case ECOND_CRYPTEQ:
1994 #ifndef SUPPORT_CRYPTEQ
1995 goto COND_FAILED_NOT_COMPILED;
1996 #else
1997 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1998 {
1999 int sublen = Ustrlen(sub[1]+5);
2000 md5 base;
2001 uschar digest[16];
2002
2003 md5_start(&base);
2004 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2005
2006 /* If the length that we are comparing against is 24, the MD5 digest
2007 is expressed as a base64 string. This is the way LDAP does it. However,
2008 some other software uses a straightforward hex representation. We assume
2009 this if the length is 32. Other lengths fail. */
2010
2011 if (sublen == 24)
2012 {
2013 uschar *coded = auth_b64encode((uschar *)digest, 16);
2014 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2015 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2016 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2017 }
2018 else if (sublen == 32)
2019 {
2020 int i;
2021 uschar coded[36];
2022 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2023 coded[32] = 0;
2024 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2025 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2026 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2027 }
2028 else
2029 {
2030 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2031 "fail\n crypted=%s\n", sub[1]+5);
2032 *yield = !testfor;
2033 }
2034 }
2035
2036 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2037 {
2038 int sublen = Ustrlen(sub[1]+6);
2039 sha1 base;
2040 uschar digest[20];
2041
2042 sha1_start(&base);
2043 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2044
2045 /* If the length that we are comparing against is 28, assume the SHA1
2046 digest is expressed as a base64 string. If the length is 40, assume a
2047 straightforward hex representation. Other lengths fail. */
2048
2049 if (sublen == 28)
2050 {
2051 uschar *coded = auth_b64encode((uschar *)digest, 20);
2052 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2053 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2054 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2055 }
2056 else if (sublen == 40)
2057 {
2058 int i;
2059 uschar coded[44];
2060 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2061 coded[40] = 0;
2062 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2063 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2064 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2065 }
2066 else
2067 {
2068 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2069 "fail\n crypted=%s\n", sub[1]+6);
2070 *yield = !testfor;
2071 }
2072 }
2073
2074 else /* {crypt} or {crypt16} and non-{ at start */
2075 {
2076 int which = 0;
2077 uschar *coded;
2078
2079 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2080 {
2081 sub[1] += 7;
2082 which = 1;
2083 }
2084 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2085 {
2086 sub[1] += 9;
2087 which = 2;
2088 }
2089 else if (sub[1][0] == '{')
2090 {
2091 expand_string_message = string_sprintf("unknown encryption mechanism "
2092 "in \"%s\"", sub[1]);
2093 return NULL;
2094 }
2095
2096 switch(which)
2097 {
2098 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2099 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2100 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2101 }
2102
2103 #define STR(s) # s
2104 #define XSTR(s) STR(s)
2105 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2106 " subject=%s\n crypted=%s\n",
2107 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2108 coded, sub[1]);
2109 #undef STR
2110 #undef XSTR
2111
2112 /* If the encrypted string contains fewer than two characters (for the
2113 salt), force failure. Otherwise we get false positives: with an empty
2114 string the yield of crypt() is an empty string! */
2115
2116 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2117 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2118 }
2119 break;
2120 #endif /* SUPPORT_CRYPTEQ */
2121 } /* Switch for comparison conditions */
2122
2123 return s; /* End of comparison conditions */
2124
2125
2126 /* and/or: computes logical and/or of several conditions */
2127
2128 case ECOND_AND:
2129 case ECOND_OR:
2130 subcondptr = (yield == NULL)? NULL : &tempcond;
2131 combined_cond = (cond_type == ECOND_AND);
2132
2133 while (isspace(*s)) s++;
2134 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2135
2136 for (;;)
2137 {
2138 while (isspace(*s)) s++;
2139 if (*s == '}') break;
2140 if (*s != '{')
2141 {
2142 expand_string_message = string_sprintf("each subcondition "
2143 "inside an \"%s{...}\" condition must be in its own {}", name);
2144 return NULL;
2145 }
2146
2147 s = eval_condition(s+1, subcondptr);
2148 if (s == NULL)
2149 {
2150 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2151 expand_string_message, name);
2152 return NULL;
2153 }
2154 while (isspace(*s)) s++;
2155
2156 if (*s++ != '}')
2157 {
2158 expand_string_message = string_sprintf("missing } at end of condition "
2159 "inside \"%s\" group", name);
2160 return NULL;
2161 }
2162
2163 if (yield != NULL)
2164 {
2165 if (cond_type == ECOND_AND)
2166 {
2167 combined_cond &= tempcond;
2168 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2169 } /* evaluate any more */
2170 else
2171 {
2172 combined_cond |= tempcond;
2173 if (combined_cond) subcondptr = NULL; /* once true, don't */
2174 } /* evaluate any more */
2175 }
2176 }
2177
2178 if (yield != NULL) *yield = (combined_cond == testfor);
2179 return ++s;
2180
2181
2182 /* Unknown condition */
2183
2184 default:
2185 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2186 return NULL;
2187 } /* End switch on condition type */
2188
2189/* Missing braces at start and end of data */
2190
2191COND_FAILED_CURLY_START:
2192expand_string_message = string_sprintf("missing { after \"%s\"", name);
2193return NULL;
2194
2195COND_FAILED_CURLY_END:
2196expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2197 name);
2198return NULL;
2199
2200/* A condition requires code that is not compiled */
2201
2202#if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2203 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2204 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2205COND_FAILED_NOT_COMPILED:
2206expand_string_message = string_sprintf("support for \"%s\" not compiled",
2207 name);
2208return NULL;
2209#endif
2210}
2211
2212
2213
2214
2215/*************************************************
2216* Save numerical variables *
2217*************************************************/
2218
2219/* This function is called from items such as "if" that want to preserve and
2220restore the numbered variables.
2221
2222Arguments:
2223 save_expand_string points to an array of pointers to set
2224 save_expand_nlength points to an array of ints for the lengths
2225
2226Returns: the value of expand max to save
2227*/
2228
2229static int
2230save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2231{
2232int i;
2233for (i = 0; i <= expand_nmax; i++)
2234 {
2235 save_expand_nstring[i] = expand_nstring[i];
2236 save_expand_nlength[i] = expand_nlength[i];
2237 }
2238return expand_nmax;
2239}
2240
2241
2242
2243/*************************************************
2244* Restore numerical variables *
2245*************************************************/
2246
2247/* This function restored saved values of numerical strings.
2248
2249Arguments:
2250 save_expand_nmax the number of strings to restore
2251 save_expand_string points to an array of pointers
2252 save_expand_nlength points to an array of ints
2253
2254Returns: nothing
2255*/
2256
2257static void
2258restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2259 int *save_expand_nlength)
2260{
2261int i;
2262expand_nmax = save_expand_nmax;
2263for (i = 0; i <= expand_nmax; i++)
2264 {
2265 expand_nstring[i] = save_expand_nstring[i];
2266 expand_nlength[i] = save_expand_nlength[i];
2267 }
2268}
2269
2270
2271
2272
2273
2274/*************************************************
2275* Handle yes/no substrings *
2276*************************************************/
2277
2278/* This function is used by ${if}, ${lookup} and ${extract} to handle the
2279alternative substrings that depend on whether or not the condition was true,
2280or the lookup or extraction succeeded. The substrings always have to be
2281expanded, to check their syntax, but "skipping" is set when the result is not
2282needed - this avoids unnecessary nested lookups.
2283
2284Arguments:
2285 skipping TRUE if we were skipping when this item was reached
2286 yes TRUE if the first string is to be used, else use the second
2287 save_lookup a value to put back into lookup_value before the 2nd expansion
2288 sptr points to the input string pointer
2289 yieldptr points to the output string pointer
2290 sizeptr points to the output string size
2291 ptrptr points to the output string pointer
2292 type "lookup" or "if" or "extract" or "run", for error message
2293
2294Returns: 0 OK; lookup_value has been reset to save_lookup
2295 1 expansion failed
2296 2 expansion failed because of bracketing error
2297*/
2298
2299static int
2300process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2301 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2302{
2303int rc = 0;
2304uschar *s = *sptr; /* Local value */
2305uschar *sub1, *sub2;
2306
2307/* If there are no following strings, we substitute the contents of $value for
2308lookups and for extractions in the success case. For the ${if item, the string
2309"true" is substituted. In the fail case, nothing is substituted for all three
2310items. */
2311
2312while (isspace(*s)) s++;
2313if (*s == '}')
2314 {
2315 if (type[0] == 'i')
2316 {
2317 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2318 }
2319 else
2320 {
2321 if (yes && lookup_value != NULL)
2322 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2323 Ustrlen(lookup_value));
2324 lookup_value = save_lookup;
2325 }
2326 s++;
2327 goto RETURN;
2328 }
2329
2330/* The first following string must be braced. */
2331
2332if (*s++ != '{') goto FAILED_CURLY;
2333
2334/* Expand the first substring. Forced failures are noticed only if we actually
2335want this string. Set skipping in the call in the fail case (this will always
2336be the case if we were already skipping). */
2337
2338sub1 = expand_string_internal(s, TRUE, &s, !yes);
2339if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2340expand_string_forcedfail = FALSE;
2341if (*s++ != '}') goto FAILED_CURLY;
2342
2343/* If we want the first string, add it to the output */
2344
2345if (yes)
2346 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2347
2348/* If this is called from a lookup or an extract, we want to restore $value to
2349what it was at the start of the item, so that it has this value during the
2350second string expansion. For the call from "if" or "run" to this function,
2351save_lookup is set to lookup_value, so that this statement does nothing. */
2352
2353lookup_value = save_lookup;
2354
2355/* There now follows either another substring, or "fail", or nothing. This
2356time, forced failures are noticed only if we want the second string. We must
2357set skipping in the nested call if we don't want this string, or if we were
2358already skipping. */
2359
2360while (isspace(*s)) s++;
2361if (*s == '{')
2362 {
2363 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2364 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2365 expand_string_forcedfail = FALSE;
2366 if (*s++ != '}') goto FAILED_CURLY;
2367
2368 /* If we want the second string, add it to the output */
2369
2370 if (!yes)
2371 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2372 }
2373
2374/* If there is no second string, but the word "fail" is present when the use of
2375the second string is wanted, set a flag indicating it was a forced failure
2376rather than a syntactic error. Swallow the terminating } in case this is nested
2377inside another lookup or if or extract. */
2378
2379else if (*s != '}')
2380 {
2381 uschar name[256];
2382 s = read_name(name, sizeof(name), s, US"_");
2383 if (Ustrcmp(name, "fail") == 0)
2384 {
2385 if (!yes && !skipping)
2386 {
2387 while (isspace(*s)) s++;
2388 if (*s++ != '}') goto FAILED_CURLY;
2389 expand_string_message =
2390 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2391 expand_string_forcedfail = TRUE;
2392 goto FAILED;
2393 }
2394 }
2395 else
2396 {
2397 expand_string_message =
2398 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2399 goto FAILED;
2400 }
2401 }
2402
2403/* All we have to do now is to check on the final closing brace. */
2404
2405while (isspace(*s)) s++;
2406if (*s++ == '}') goto RETURN;
2407
2408/* Get here if there is a bracketing failure */
2409
2410FAILED_CURLY:
2411rc++;
2412
2413/* Get here for other failures */
2414
2415FAILED:
2416rc++;
2417
2418/* Update the input pointer value before returning */
2419
2420RETURN:
2421*sptr = s;
2422return rc;
2423}
2424
2425
2426
2427
2428/*************************************************
2429* Handle MD5 or SHA-1 computation for HMAC *
2430*************************************************/
2431
2432/* These are some wrapping functions that enable the HMAC code to be a bit
2433cleaner. A good compiler will spot the tail recursion.
2434
2435Arguments:
2436 type HMAC_MD5 or HMAC_SHA1
2437 remaining are as for the cryptographic hash functions
2438
2439Returns: nothing
2440*/
2441
2442static void
2443chash_start(int type, void *base)
2444{
2445if (type == HMAC_MD5)
2446 md5_start((md5 *)base);
2447else
2448 sha1_start((sha1 *)base);
2449}
2450
2451static void
2452chash_mid(int type, void *base, uschar *string)
2453{
2454if (type == HMAC_MD5)
2455 md5_mid((md5 *)base, string);
2456else
2457 sha1_mid((sha1 *)base, string);
2458}
2459
2460static void
2461chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2462{
2463if (type == HMAC_MD5)
2464 md5_end((md5 *)base, string, length, digest);
2465else
2466 sha1_end((sha1 *)base, string, length, digest);
2467}
2468
2469
2470
2471
2472
2473/********************************************************
2474* prvs: Get last three digits of days since Jan 1, 1970 *
2475********************************************************/
2476
2477/* This is needed to implement the "prvs" BATV reverse
2478 path signing scheme
2479
2480Argument: integer "days" offset to add or substract to
2481 or from the current number of days.
2482
2483Returns: pointer to string containing the last three
2484 digits of the number of days since Jan 1, 1970,
2485 modified by the offset argument, NULL if there
2486 was an error in the conversion.
2487
2488*/
2489
2490static uschar *
2491prvs_daystamp(int day_offset)
2492{
2493uschar *days = store_get(16);
2494(void)string_format(days, 16, TIME_T_FMT,
2495 (time(NULL) + day_offset*86400)/86400);
2496return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
2497}
2498
2499
2500
2501/********************************************************
2502* prvs: perform HMAC-SHA1 computation of prvs bits *
2503********************************************************/
2504
2505/* This is needed to implement the "prvs" BATV reverse
2506 path signing scheme
2507
2508Arguments:
2509 address RFC2821 Address to use
2510 key The key to use (must be less than 64 characters
2511 in size)
2512 key_num Single-digit key number to use. Defaults to
2513 '0' when NULL.
2514
2515Returns: pointer to string containing the first three
2516 bytes of the final hash in hex format, NULL if
2517 there was an error in the process.
2518*/
2519
2520static uschar *
2521prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2522{
2523uschar *hash_source, *p;
2524int size = 0,offset = 0,i;
2525sha1 sha1_base;
2526void *use_base = &sha1_base;
2527uschar innerhash[20];
2528uschar finalhash[20];
2529uschar innerkey[64];
2530uschar outerkey[64];
2531uschar *finalhash_hex = store_get(40);
2532
2533if (key_num == NULL)
2534 key_num = US"0";
2535
2536if (Ustrlen(key) > 64)
2537 return NULL;
2538
2539hash_source = string_cat(NULL,&size,&offset,key_num,1);
2540string_cat(hash_source,&size,&offset,daystamp,3);
2541string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2542hash_source[offset] = '\0';
2543
2544DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2545
2546memset(innerkey, 0x36, 64);
2547memset(outerkey, 0x5c, 64);
2548
2549for (i = 0; i < Ustrlen(key); i++)
2550 {
2551 innerkey[i] ^= key[i];
2552 outerkey[i] ^= key[i];
2553 }
2554
2555chash_start(HMAC_SHA1, use_base);
2556chash_mid(HMAC_SHA1, use_base, innerkey);
2557chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2558
2559chash_start(HMAC_SHA1, use_base);
2560chash_mid(HMAC_SHA1, use_base, outerkey);
2561chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2562
2563p = finalhash_hex;
2564for (i = 0; i < 3; i++)
2565 {
2566 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2567 *p++ = hex_digits[finalhash[i] & 0x0f];
2568 }
2569*p = '\0';
2570
2571return finalhash_hex;
2572}
2573
2574
2575
2576
2577/*************************************************
2578* Join a file onto the output string *
2579*************************************************/
2580
2581/* This is used for readfile and after a run expansion. It joins the contents
2582of a file onto the output string, globally replacing newlines with a given
2583string (optionally). The file is closed at the end.
2584
2585Arguments:
2586 f the FILE
2587 yield pointer to the expandable string
2588 sizep pointer to the current size
2589 ptrp pointer to the current position
2590 eol newline replacement string, or NULL
2591
2592Returns: new value of string pointer
2593*/
2594
2595static uschar *
2596cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2597{
2598int eollen;
2599uschar buffer[1024];
2600
2601eollen = (eol == NULL)? 0 : Ustrlen(eol);
2602
2603while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2604 {
2605 int len = Ustrlen(buffer);
2606 if (eol != NULL && buffer[len-1] == '\n') len--;
2607 yield = string_cat(yield, sizep, ptrp, buffer, len);
2608 if (buffer[len] != 0)
2609 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2610 }
2611
2612if (yield != NULL) yield[*ptrp] = 0;
2613
2614return yield;
2615}
2616
2617
2618
2619
2620/*************************************************
2621* Evaluate numeric expression *
2622*************************************************/
2623
2624/* This is a set of mutually recursive functions that evaluate a simple
2625arithmetic expression involving only + - * / and parentheses. The only one that
2626is called from elsewhere is eval_expr, whose interface is:
2627
2628Arguments:
2629 sptr pointer to the pointer to the string - gets updated
2630 decimal TRUE if numbers are to be assumed decimal
2631 error pointer to where to put an error message - must be NULL on input
2632 endket TRUE if ')' must terminate - FALSE for external call
2633
2634
2635Returns: on success: the value of the expression, with *error still NULL
2636 on failure: an undefined value, with *error = a message
2637*/
2638
2639static int eval_sumterm(uschar **, BOOL, uschar **);
2640
2641static int
2642eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2643{
2644uschar *s = *sptr;
2645int x = eval_sumterm(&s, decimal, error);
2646if (*error == NULL)
2647 {
2648 while (*s == '+' || *s == '-')
2649 {
2650 int op = *s++;
2651 int y = eval_sumterm(&s, decimal, error);
2652 if (*error != NULL) break;
2653 if (op == '+') x += y; else x -= y;
2654 }
2655 if (*error == NULL)
2656 {
2657 if (endket)
2658 {
2659 if (*s != ')')
2660 *error = US"expecting closing parenthesis";
2661 else
2662 while (isspace(*(++s)));
2663 }
2664 else if (*s != 0) *error = US"expecting + or -";
2665 }
2666 }
2667
2668*sptr = s;
2669return x;
2670}
2671
2672static int
2673eval_term(uschar **sptr, BOOL decimal, uschar **error)
2674{
2675register int c;
2676int n;
2677uschar *s = *sptr;
2678while (isspace(*s)) s++;
2679c = *s;
2680if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2681 {
2682 int count;
2683 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2684 s += count;
2685 if (tolower(*s) == 'k') { n *= 1024; s++; }
2686 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2687 while (isspace (*s)) s++;
2688 }
2689else if (c == '(')
2690 {
2691 s++;
2692 n = eval_expr(&s, decimal, error, 1);
2693 }
2694else
2695 {
2696 *error = US"expecting number or opening parenthesis";
2697 n = 0;
2698 }
2699*sptr = s;
2700return n;
2701}
2702
2703static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2704{
2705uschar *s = *sptr;
2706int x = eval_term(&s, decimal, error);
2707if (*error == NULL)
2708 {
2709 while (*s == '*' || *s == '/')
2710 {
2711 int op = *s++;
2712 int y = eval_term(&s, decimal, error);
2713 if (*error != NULL) break;
2714 if (op == '*') x *= y; else x /= y;
2715 }
2716 }
2717*sptr = s;
2718return x;
2719}
2720
2721
2722
2723
2724/*************************************************
2725* Expand string *
2726*************************************************/
2727
2728/* Returns either an unchanged string, or the expanded string in stacking pool
2729store. Interpreted sequences are:
2730
2731 \... normal escaping rules
2732 $name substitutes the variable
2733 ${name} ditto
2734 ${op:string} operates on the expanded string value
2735 ${item{arg1}{arg2}...} expands the args and then does the business
2736 some literal args are not enclosed in {}
2737
2738There are now far too many operators and item types to make it worth listing
2739them here in detail any more.
2740
2741We use an internal routine recursively to handle embedded substrings. The
2742external function follows. The yield is NULL if the expansion failed, and there
2743are two cases: if something collapsed syntactically, or if "fail" was given
2744as the action on a lookup failure. These can be distinguised by looking at the
2745variable expand_string_forcedfail, which is TRUE in the latter case.
2746
2747The skipping flag is set true when expanding a substring that isn't actually
2748going to be used (after "if" or "lookup") and it prevents lookups from
2749happening lower down.
2750
2751Store usage: At start, a store block of the length of the input plus 64
2752is obtained. This is expanded as necessary by string_cat(), which might have to
2753get a new block, or might be able to expand the original. At the end of the
2754function we can release any store above that portion of the yield block that
2755was actually used. In many cases this will be optimal.
2756
2757However: if the first item in the expansion is a variable name or header name,
2758we reset the store before processing it; if the result is in fresh store, we
2759use that without copying. This is helpful for expanding strings like
2760$message_headers which can get very long.
2761
2762Arguments:
2763 string the string to be expanded
2764 ket_ends true if expansion is to stop at }
2765 left if not NULL, a pointer to the first character after the
2766 expansion is placed here (typically used with ket_ends)
2767 skipping TRUE for recursive calls when the value isn't actually going
2768 to be used (to allow for optimisation)
2769
2770Returns: NULL if expansion fails:
2771 expand_string_forcedfail is set TRUE if failure was forced
2772 expand_string_message contains a textual error message
2773 a pointer to the expanded string on success
2774*/
2775
2776static uschar *
2777expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2778 BOOL skipping)
2779{
2780int ptr = 0;
2781int size = Ustrlen(string)+ 64;
2782int item_type;
2783uschar *yield = store_get(size);
2784uschar *s = string;
2785uschar *save_expand_nstring[EXPAND_MAXN+1];
2786int save_expand_nlength[EXPAND_MAXN+1];
2787
2788expand_string_forcedfail = FALSE;
2789expand_string_message = US"";
2790
2791while (*s != 0)
2792 {
2793 uschar *value;
2794 uschar name[256];
2795
2796 /* \ escapes the next character, which must exist, or else
2797 the expansion fails. There's a special escape, \N, which causes
2798 copying of the subject verbatim up to the next \N. Otherwise,
2799 the escapes are the standard set. */
2800
2801 if (*s == '\\')
2802 {
2803 if (s[1] == 0)
2804 {
2805 expand_string_message = US"\\ at end of string";
2806 goto EXPAND_FAILED;
2807 }
2808
2809 if (s[1] == 'N')
2810 {
2811 uschar *t = s + 2;
2812 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2813 yield = string_cat(yield, &size, &ptr, t, s - t);
2814 if (*s != 0) s += 2;
2815 }
2816
2817 else
2818 {
2819 uschar ch[1];
2820 ch[0] = string_interpret_escape(&s);
2821 s++;
2822 yield = string_cat(yield, &size, &ptr, ch, 1);
2823 }
2824
2825 continue;
2826 }
2827
2828 /* Anything other than $ is just copied verbatim, unless we are
2829 looking for a terminating } character. */
2830
2831 if (ket_ends && *s == '}') break;
2832
2833 if (*s != '$')
2834 {
2835 yield = string_cat(yield, &size, &ptr, s++, 1);
2836 continue;
2837 }
2838
2839 /* No { after the $ - must be a plain name or a number for string
2840 match variable. There has to be a fudge for variables that are the
2841 names of header fields preceded by "$header_" because header field
2842 names can contain any printing characters except space and colon.
2843 For those that don't like typing this much, "$h_" is a synonym for
2844 "$header_". A non-existent header yields a NULL value; nothing is
2845 inserted. */
2846
2847 if (isalpha((*(++s))))
2848 {
2849 int len;
2850 int newsize = 0;
2851
2852 s = read_name(name, sizeof(name), s, US"_");
2853
2854 /* If this is the first thing to be expanded, release the pre-allocated
2855 buffer. */
2856
2857 if (ptr == 0 && yield != NULL)
2858 {
2859 store_reset(yield);
2860 yield = NULL;
2861 size = 0;
2862 }
2863
2864 /* Header */
2865
2866 if (Ustrncmp(name, "h_", 2) == 0 ||
2867 Ustrncmp(name, "rh_", 3) == 0 ||
2868 Ustrncmp(name, "bh_", 3) == 0 ||
2869 Ustrncmp(name, "header_", 7) == 0 ||
2870 Ustrncmp(name, "rheader_", 8) == 0 ||
2871 Ustrncmp(name, "bheader_", 8) == 0)
2872 {
2873 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2874 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2875 s = read_header_name(name, sizeof(name), s);
2876 value = find_header(name, FALSE, &newsize, want_raw, charset);
2877
2878 /* If we didn't find the header, and the header contains a closing brace
2879 characters, this may be a user error where the terminating colon
2880 has been omitted. Set a flag to adjust the error message in this case.
2881 But there is no error here - nothing gets inserted. */
2882
2883 if (value == NULL)
2884 {
2885 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2886 continue;
2887 }
2888 }
2889
2890 /* Variable */
2891
2892 else
2893 {
2894 value = find_variable(name, FALSE, skipping, &newsize);
2895 if (value == NULL)
2896 {
2897 expand_string_message =
2898 string_sprintf("unknown variable name \"%s\"", name);
2899 goto EXPAND_FAILED;
2900 }
2901 }
2902
2903 /* If the data is known to be in a new buffer, newsize will be set to the
2904 size of that buffer. If this is the first thing in an expansion string,
2905 yield will be NULL; just point it at the new store instead of copying. Many
2906 expansion strings contain just one reference, so this is a useful
2907 optimization, especially for humungous headers. */
2908
2909 len = Ustrlen(value);
2910 if (yield == NULL && newsize != 0)
2911 {
2912 yield = value;
2913 size = newsize;
2914 ptr = len;
2915 }
2916 else yield = string_cat(yield, &size, &ptr, value, len);
2917
2918 continue;
2919 }
2920
2921 if (isdigit(*s))
2922 {
2923 int n;
2924 s = read_number(&n, s);
2925 if (n >= 0 && n <= expand_nmax)
2926 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2927 expand_nlength[n]);
2928 continue;
2929 }
2930
2931 /* Otherwise, if there's no '{' after $ it's an error. */
2932
2933 if (*s != '{')
2934 {
2935 expand_string_message = US"$ not followed by letter, digit, or {";
2936 goto EXPAND_FAILED;
2937 }
2938
2939 /* After { there can be various things, but they all start with
2940 an initial word, except for a number for a string match variable. */
2941
2942 if (isdigit((*(++s))))
2943 {
2944 int n;
2945 s = read_number(&n, s);
2946 if (*s++ != '}')
2947 {
2948 expand_string_message = US"} expected after number";
2949 goto EXPAND_FAILED;
2950 }
2951 if (n >= 0 && n <= expand_nmax)
2952 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2953 expand_nlength[n]);
2954 continue;
2955 }
2956
2957 if (!isalpha(*s))
2958 {
2959 expand_string_message = US"letter or digit expected after ${";
2960 goto EXPAND_FAILED;
2961 }
2962
2963 /* Allow "-" in names to cater for substrings with negative
2964 arguments. Since we are checking for known names after { this is
2965 OK. */
2966
2967 s = read_name(name, sizeof(name), s, US"_-");
2968 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2969
2970 switch(item_type)
2971 {
2972 /* Handle conditionals - preserve the values of the numerical expansion
2973 variables in case they get changed by a regular expression match in the
2974 condition. If not, they retain their external settings. At the end
2975 of this "if" section, they get restored to their previous values. */
2976
2977 case EITEM_IF:
2978 {
2979 BOOL cond = FALSE;
2980 uschar *next_s;
2981 int save_expand_nmax =
2982 save_expand_strings(save_expand_nstring, save_expand_nlength);
2983
2984 while (isspace(*s)) s++;
2985 next_s = eval_condition(s, skipping? NULL : &cond);
2986 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2987
2988 DEBUG(D_expand)
2989 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2990 cond? "true" : "false");
2991
2992 s = next_s;
2993
2994 /* The handling of "yes" and "no" result strings is now in a separate
2995 function that is also used by ${lookup} and ${extract} and ${run}. */
2996
2997 switch(process_yesno(
2998 skipping, /* were previously skipping */
2999 cond, /* success/failure indicator */
3000 lookup_value, /* value to reset for string2 */
3001 &s, /* input pointer */
3002 &yield, /* output pointer */
3003 &size, /* output size */
3004 &ptr, /* output current point */
3005 US"if")) /* condition type */
3006 {
3007 case 1: goto EXPAND_FAILED; /* when all is well, the */
3008 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3009 }
3010
3011 /* Restore external setting of expansion variables for continuation
3012 at this level. */
3013
3014 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3015 save_expand_nlength);
3016 continue;
3017 }
3018
3019 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3020 expanding an internal string that isn't actually going to be used. All we
3021 need to do is check the syntax, so don't do a lookup at all. Preserve the
3022 values of the numerical expansion variables in case they get changed by a
3023 partial lookup. If not, they retain their external settings. At the end
3024 of this "lookup" section, they get restored to their previous values. */
3025
3026 case EITEM_LOOKUP:
3027 {
3028 int stype, partial, affixlen, starflags;
3029 int expand_setup = 0;
3030 int nameptr = 0;
3031 uschar *key, *filename, *affix;
3032 uschar *save_lookup_value = lookup_value;
3033 int save_expand_nmax =
3034 save_expand_strings(save_expand_nstring, save_expand_nlength);
3035
3036 if ((expand_forbid & RDO_LOOKUP) != 0)
3037 {
3038 expand_string_message = US"lookup expansions are not permitted";
3039 goto EXPAND_FAILED;
3040 }
3041
3042 /* Get the key we are to look up for single-key+file style lookups.
3043 Otherwise set the key NULL pro-tem. */
3044
3045 while (isspace(*s)) s++;
3046 if (*s == '{')
3047 {
3048 key = expand_string_internal(s+1, TRUE, &s, skipping);
3049 if (key == NULL) goto EXPAND_FAILED;
3050 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3051 while (isspace(*s)) s++;
3052 }
3053 else key = NULL;
3054
3055 /* Find out the type of database */
3056
3057 if (!isalpha(*s))
3058 {
3059 expand_string_message = US"missing lookup type";
3060 goto EXPAND_FAILED;
3061 }
3062
3063 /* The type is a string that may contain special characters of various
3064 kinds. Allow everything except space or { to appear; the actual content
3065 is checked by search_findtype_partial. */
3066
3067 while (*s != 0 && *s != '{' && !isspace(*s))
3068 {
3069 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3070 s++;
3071 }
3072 name[nameptr] = 0;
3073 while (isspace(*s)) s++;
3074
3075 /* Now check for the individual search type and any partial or default
3076 options. Only those types that are actually in the binary are valid. */
3077
3078 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3079 &starflags);
3080 if (stype < 0)
3081 {
3082 expand_string_message = search_error_message;
3083 goto EXPAND_FAILED;
3084 }
3085
3086 /* Check that a key was provided for those lookup types that need it,
3087 and was not supplied for those that use the query style. */
3088
3089 if (!mac_islookup(stype, lookup_querystyle))
3090 {
3091 if (key == NULL)
3092 {
3093 expand_string_message = string_sprintf("missing {key} for single-"
3094 "key \"%s\" lookup", name);
3095 goto EXPAND_FAILED;
3096 }
3097 }
3098 else
3099 {
3100 if (key != NULL)
3101 {
3102 expand_string_message = string_sprintf("a single key was given for "
3103 "lookup type \"%s\", which is not a single-key lookup type", name);
3104 goto EXPAND_FAILED;
3105 }
3106 }
3107
3108 /* Get the next string in brackets and expand it. It is the file name for
3109 single-key+file lookups, and the whole query otherwise. */
3110
3111 if (*s != '{') goto EXPAND_FAILED_CURLY;
3112 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3113 if (filename == NULL) goto EXPAND_FAILED;
3114 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3115 while (isspace(*s)) s++;
3116
3117 /* If this isn't a single-key+file lookup, re-arrange the variables
3118 to be appropriate for the search_ functions. */
3119
3120 if (key == NULL)
3121 {
3122 key = filename;
3123 filename = NULL;
3124 }
3125
3126 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3127 the entry was not found. Note that there is no search_close() function.
3128 Files are left open in case of re-use. At suitable places in higher logic,
3129 search_tidyup() is called to tidy all open files. This can save opening
3130 the same file several times. However, files may also get closed when
3131 others are opened, if too many are open at once. The rule is that a
3132 handle should not be used after a second search_open().
3133
3134 Request that a partial search sets up $1 and maybe $2 by passing
3135 expand_setup containing zero. If its value changes, reset expand_nmax,
3136 since new variables will have been set. Note that at the end of this
3137 "lookup" section, the old numeric variables are restored. */
3138
3139 if (skipping)
3140 lookup_value = NULL;
3141 else
3142 {
3143 void *handle = search_open(filename, stype, 0, NULL, NULL);
3144 if (handle == NULL)
3145 {
3146 expand_string_message = search_error_message;
3147 goto EXPAND_FAILED;
3148 }
3149 lookup_value = search_find(handle, filename, key, partial, affix,
3150 affixlen, starflags, &expand_setup);
3151 if (search_find_defer)
3152 {
3153 expand_string_message =
3154 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3155 search_error_message);
3156 goto EXPAND_FAILED;
3157 }
3158 if (expand_setup > 0) expand_nmax = expand_setup;
3159 }
3160
3161 /* The handling of "yes" and "no" result strings is now in a separate
3162 function that is also used by ${if} and ${extract}. */
3163
3164 switch(process_yesno(
3165 skipping, /* were previously skipping */
3166 lookup_value != NULL, /* success/failure indicator */
3167 save_lookup_value, /* value to reset for string2 */
3168 &s, /* input pointer */
3169 &yield, /* output pointer */
3170 &size, /* output size */
3171 &ptr, /* output current point */
3172 US"lookup")) /* condition type */
3173 {
3174 case 1: goto EXPAND_FAILED; /* when all is well, the */
3175 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3176 }
3177
3178 /* Restore external setting of expansion variables for carrying on
3179 at this level, and continue. */
3180
3181 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3182 save_expand_nlength);
3183 continue;
3184 }
3185
3186 /* If Perl support is configured, handle calling embedded perl subroutines,
3187 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3188 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3189 arguments (defined below). */
3190
3191 #define EXIM_PERL_MAX_ARGS 8
3192
3193 case EITEM_PERL:
3194 #ifndef EXIM_PERL
3195 expand_string_message = US"\"${perl\" encountered, but this facility "
3196 "is not included in this binary";
3197 goto EXPAND_FAILED;
3198
3199 #else /* EXIM_PERL */
3200 {
3201 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3202 uschar *new_yield;
3203
3204 if ((expand_forbid & RDO_PERL) != 0)
3205 {
3206 expand_string_message = US"Perl calls are not permitted";
3207 goto EXPAND_FAILED;
3208 }
3209
3210 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3211 US"perl"))
3212 {
3213 case 1: goto EXPAND_FAILED_CURLY;
3214 case 2:
3215 case 3: goto EXPAND_FAILED;
3216 }
3217
3218 /* If skipping, we don't actually do anything */
3219
3220 if (skipping) continue;
3221
3222 /* Start the interpreter if necessary */
3223
3224 if (!opt_perl_started)
3225 {
3226 uschar *initerror;
3227 if (opt_perl_startup == NULL)
3228 {
3229 expand_string_message = US"A setting of perl_startup is needed when "
3230 "using the Perl interpreter";
3231 goto EXPAND_FAILED;
3232 }
3233 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3234 initerror = init_perl(opt_perl_startup);
3235 if (initerror != NULL)
3236 {
3237 expand_string_message =
3238 string_sprintf("error in perl_startup code: %s\n", initerror);
3239 goto EXPAND_FAILED;
3240 }
3241 opt_perl_started = TRUE;
3242 }
3243
3244 /* Call the function */
3245
3246 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3247 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3248 sub_arg[0], sub_arg + 1);
3249
3250 /* NULL yield indicates failure; if the message pointer has been set to
3251 NULL, the yield was undef, indicating a forced failure. Otherwise the
3252 message will indicate some kind of Perl error. */
3253
3254 if (new_yield == NULL)
3255 {
3256 if (expand_string_message == NULL)
3257 {
3258 expand_string_message =
3259 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3260 "failure", sub_arg[0]);
3261 expand_string_forcedfail = TRUE;
3262 }
3263 goto EXPAND_FAILED;
3264 }
3265
3266 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3267 set during a callback from Perl. */
3268
3269 expand_string_forcedfail = FALSE;
3270 yield = new_yield;
3271 continue;
3272 }
3273 #endif /* EXIM_PERL */
3274
3275 /* Transform email address to "prvs" scheme to use
3276 as BATV-signed return path */
3277
3278 case EITEM_PRVS:
3279 {
3280 uschar *sub_arg[3];
3281 uschar *p,*domain;
3282
3283 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3284 {
3285 case 1: goto EXPAND_FAILED_CURLY;
3286 case 2:
3287 case 3: goto EXPAND_FAILED;
3288 }
3289
3290 /* If skipping, we don't actually do anything */
3291 if (skipping) continue;
3292
3293 /* sub_arg[0] is the address */
3294 domain = Ustrrchr(sub_arg[0],'@');
3295 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3296 {
3297 expand_string_message = US"first parameter must be a qualified email address";
3298 goto EXPAND_FAILED;
3299 }
3300
3301 /* Calculate the hash */
3302 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3303 if (p == NULL)
3304 {
3305 expand_string_message = US"hmac-sha1 conversion failed";
3306 goto EXPAND_FAILED;
3307 }
3308
3309 /* Now separate the domain from the local part */
3310 *domain++ = '\0';
3311
3312 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3313 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3314 string_cat(yield,&size,&ptr,US"/",1);
3315 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3316 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3317 string_cat(yield,&size,&ptr,p,6);
3318 string_cat(yield,&size,&ptr,US"@",1);
3319 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3320
3321 continue;
3322 }
3323
3324 /* Check a prvs-encoded address for validity */
3325
3326 case EITEM_PRVSCHECK:
3327 {
3328 uschar *sub_arg[3];
3329 int mysize = 0, myptr = 0;
3330 const pcre *re;
3331 uschar *p;
3332 /* Ugliness: We want to expand parameter 1 first, then set
3333 up expansion variables that are used in the expansion of
3334 parameter 2. So we clone the string for the first
3335 expansion, where we only expand paramter 1. */
3336 uschar *s_backup = string_copy(s);
3337
3338 /* Reset expansion variables */
3339 prvscheck_result = NULL;
3340 prvscheck_address = NULL;
3341 prvscheck_keynum = NULL;
3342
3343 switch(read_subs(sub_arg, 1, 1, &s_backup, skipping, FALSE, US"prvs"))
3344 {
3345 case 1: goto EXPAND_FAILED_CURLY;
3346 case 2:
3347 case 3: goto EXPAND_FAILED;
3348 }
3349
3350 re = regex_must_compile(US"^prvs\\=(.+)\\/([0-9])([0-9]{3})([A-F0-9]{6})\\@(.+)$",
3351 TRUE,FALSE);
3352
3353 if (regex_match_and_setup(re,sub_arg[0],0,-1)) {
3354 uschar *local_part = string_copyn(expand_nstring[1],expand_nlength[1]);
3355 uschar *key_num = string_copyn(expand_nstring[2],expand_nlength[2]);
3356 uschar *daystamp = string_copyn(expand_nstring[3],expand_nlength[3]);
3357 uschar *hash = string_copyn(expand_nstring[4],expand_nlength[4]);
3358 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3359
3360 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3361 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3362 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3363 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3364 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3365
3366 /* Set up expansion variables */
3367 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
3368 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
3369 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3370 prvscheck_address[myptr] = '\0';
3371 prvscheck_keynum = string_copy(key_num);
3372
3373 /* Now re-expand all arguments in the usual manner */
3374 switch(read_subs(sub_arg, 3, 3, &s, skipping, TRUE, US"prvs"))
3375 {
3376 case 1: goto EXPAND_FAILED_CURLY;
3377 case 2:
3378 case 3: goto EXPAND_FAILED;
3379 }
3380
3381 if (*sub_arg[2] == '\0')
3382 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
3383 else
3384 yield = string_cat(yield,&size,&ptr,sub_arg[2],Ustrlen(sub_arg[2]));
3385
3386 /* Now we have the key and can check the address. */
3387 p = prvs_hmac_sha1(prvscheck_address, sub_arg[1], prvscheck_keynum, daystamp);
3388 if (p == NULL)
3389 {
3390 expand_string_message = US"hmac-sha1 conversion failed";
3391 goto EXPAND_FAILED;
3392 }
3393
3394 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
3395 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
3396 if (Ustrcmp(p,hash) == 0)
3397 {
3398 /* Success, valid BATV address. Now check the expiry date. */
3399 uschar *now = prvs_daystamp(0);
3400 unsigned int inow = 0,iexpire = 1;
3401
3402 sscanf(CS now,"%u",&inow);
3403 sscanf(CS daystamp,"%u",&iexpire);
3404
3405 /* When "iexpire" is < 7, a "flip" has occured.
3406 Adjust "inow" accordingly. */
3407 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
3408
3409 if (iexpire > inow)
3410 {
3411 prvscheck_result = US"1";
3412 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
3413 }
3414 else
3415 {
3416 prvscheck_result = NULL;
3417 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
3418 }
3419 }
3420 else
3421 {
3422 prvscheck_result = NULL;
3423 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
3424 }
3425 }
3426 else
3427 {
3428 /* Does not look like a prvs encoded address, return the empty string.
3429 We need to make sure all subs are expanded first. */
3430 switch(read_subs(sub_arg, 3, 3, &s, skipping, TRUE, US"prvs"))
3431 {
3432 case 1: goto EXPAND_FAILED_CURLY;
3433 case 2:
3434 case 3: goto EXPAND_FAILED;
3435 }
3436 }
3437
3438 continue;
3439 }
3440
3441 /* Handle "readfile" to insert an entire file */
3442
3443 case EITEM_READFILE:
3444 {
3445 FILE *f;
3446 uschar *sub_arg[2];
3447
3448 if ((expand_forbid & RDO_READFILE) != 0)
3449 {
3450 expand_string_message = US"file insertions are not permitted";
3451 goto EXPAND_FAILED;
3452 }
3453
3454 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3455 {
3456 case 1: goto EXPAND_FAILED_CURLY;
3457 case 2:
3458 case 3: goto EXPAND_FAILED;
3459 }
3460
3461 /* If skipping, we don't actually do anything */
3462
3463 if (skipping) continue;
3464
3465 /* Open the file and read it */
3466
3467 f = Ufopen(sub_arg[0], "rb");
3468 if (f == NULL)
3469 {
3470 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3471 goto EXPAND_FAILED;
3472 }
3473
3474 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3475 fclose(f);
3476 continue;
3477 }
3478
3479 /* Handle "readsocket" to insert data from a Unix domain socket */
3480
3481 case EITEM_READSOCK:
3482 {
3483 int fd;
3484 int timeout = 5;
3485 int save_ptr = ptr;
3486 FILE *f;
3487 struct sockaddr_un sockun; /* don't call this "sun" ! */
3488 uschar *arg;
3489 uschar *sub_arg[4];
3490
3491 if ((expand_forbid & RDO_READSOCK) != 0)
3492 {
3493 expand_string_message = US"socket insertions are not permitted";
3494 goto EXPAND_FAILED;
3495 }
3496
3497 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3498 because there may be a string for expansion on failure. */
3499
3500 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3501 {
3502 case 1: goto EXPAND_FAILED_CURLY;
3503 case 2: /* Won't occur: no end check */
3504 case 3: goto EXPAND_FAILED;
3505 }
3506
3507 /* Sort out timeout, if given */
3508
3509 if (sub_arg[2] != NULL)
3510 {
3511 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3512 if (timeout < 0)
3513 {
3514 expand_string_message = string_sprintf("bad time value %s",
3515 sub_arg[2]);
3516 goto EXPAND_FAILED;
3517 }
3518 }
3519 else sub_arg[3] = NULL; /* No eol if no timeout */
3520
3521 /* If skipping, we don't actually do anything */
3522
3523 if (!skipping)
3524 {
3525 /* Make a connection to the socket */
3526
3527 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3528 {
3529 expand_string_message = string_sprintf("failed to create socket: %s",
3530 strerror(errno));
3531 goto SOCK_FAIL;
3532 }
3533
3534 sockun.sun_family = AF_UNIX;
3535 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3536 sub_arg[0]);
3537 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3538 {
3539 expand_string_message = string_sprintf("failed to connect to socket "
3540 "%s: %s", sub_arg[0], strerror(errno));
3541 goto SOCK_FAIL;
3542 }
3543 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3544
3545 /* Write the request string, if not empty */
3546
3547 if (sub_arg[1][0] != 0)
3548 {
3549 int len = Ustrlen(sub_arg[1]);
3550 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3551 sub_arg[1]);
3552 if (write(fd, sub_arg[1], len) != len)
3553 {
3554 expand_string_message = string_sprintf("request write to socket "
3555 "failed: %s", strerror(errno));
3556 goto SOCK_FAIL;
3557 }
3558 }
3559
3560 /* Now we need to read from the socket, under a timeout. The function
3561 that reads a file can be used. */
3562
3563 f = fdopen(fd, "rb");
3564 sigalrm_seen = FALSE;
3565 alarm(timeout);
3566 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3567 alarm(0);
3568 fclose(f);
3569
3570 /* After a timeout, we restore the pointer in the result, that is,
3571 make sure we add nothing from the socket. */
3572
3573 if (sigalrm_seen)
3574 {
3575 ptr = save_ptr;
3576 expand_string_message = US"socket read timed out";
3577 goto SOCK_FAIL;
3578 }
3579 }
3580
3581 /* The whole thing has worked (or we were skipping). If there is a
3582 failure string following, we need to skip it. */
3583
3584 if (*s == '{')
3585 {
3586 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3587 goto EXPAND_FAILED;
3588 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3589 while (isspace(*s)) s++;
3590 }
3591 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3592 continue;
3593
3594 /* Come here on failure to create socket, connect socket, write to the
3595 socket, or timeout on reading. If another substring follows, expand and
3596 use it. Otherwise, those conditions give expand errors. */
3597
3598 SOCK_FAIL:
3599 if (*s != '{') goto EXPAND_FAILED;
3600 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3601 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3602 if (arg == NULL) goto EXPAND_FAILED;
3603 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3604 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3605 while (isspace(*s)) s++;
3606 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3607 continue;
3608 }
3609
3610 /* Handle "run" to execute a program. */
3611
3612 case EITEM_RUN:
3613 {
3614 FILE *f;
3615 uschar *arg;
3616 uschar **argv;
3617 pid_t pid;
3618 int fd_in, fd_out;
3619 int lsize = 0;
3620 int lptr = 0;
3621
3622 if ((expand_forbid & RDO_RUN) != 0)
3623 {
3624 expand_string_message = US"running a command is not permitted";
3625 goto EXPAND_FAILED;
3626 }
3627
3628 while (isspace(*s)) s++;
3629 if (*s != '{') goto EXPAND_FAILED_CURLY;
3630 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3631 if (arg == NULL) goto EXPAND_FAILED;
3632 while (isspace(*s)) s++;
3633 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3634
3635 if (skipping) /* Just pretend it worked when we're skipping */
3636 {
3637 runrc = 0;
3638 }
3639 else
3640 {
3641 if (!transport_set_up_command(&argv, /* anchor for arg list */
3642 arg, /* raw command */
3643 FALSE, /* don't expand the arguments */
3644 0, /* not relevant when... */
3645 NULL, /* no transporting address */
3646 US"${run} expansion", /* for error messages */
3647 &expand_string_message)) /* where to put error message */
3648 {
3649 goto EXPAND_FAILED;
3650 }
3651
3652 /* Create the child process, making it a group leader. */
3653
3654 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3655
3656 if (pid < 0)
3657 {
3658 expand_string_message =
3659 string_sprintf("couldn't create child process: %s", strerror(errno));
3660 goto EXPAND_FAILED;
3661 }
3662
3663 /* Nothing is written to the standard input. */
3664
3665 close(fd_in);
3666
3667 /* Wait for the process to finish, applying the timeout, and inspect its
3668 return code for serious disasters. Simple non-zero returns are passed on.
3669 */
3670
3671 if ((runrc = child_close(pid, 60)) < 0)
3672 {
3673 if (runrc == -256)
3674 {
3675 expand_string_message = string_sprintf("command timed out");
3676 killpg(pid, SIGKILL); /* Kill the whole process group */
3677 }
3678
3679 else if (runrc == -257)
3680 expand_string_message = string_sprintf("wait() failed: %s",
3681 strerror(errno));
3682
3683 else
3684 expand_string_message = string_sprintf("command killed by signal %d",
3685 -runrc);
3686
3687 goto EXPAND_FAILED;
3688 }
3689
3690 /* Read the pipe to get the command's output into $value (which is kept
3691 in lookup_value). */
3692
3693 f = fdopen(fd_out, "rb");
3694 lookup_value = NULL;
3695 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
3696 fclose(f);
3697 }
3698
3699 /* Process the yes/no strings; $value may be useful in both cases */
3700
3701 switch(process_yesno(
3702 skipping, /* were previously skipping */
3703 runrc == 0, /* success/failure indicator */
3704 lookup_value, /* value to reset for string2 */
3705 &s, /* input pointer */
3706 &yield, /* output pointer */
3707 &size, /* output size */
3708 &ptr, /* output current point */
3709 US"run")) /* condition type */
3710 {
3711 case 1: goto EXPAND_FAILED; /* when all is well, the */
3712 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3713 }
3714
3715 continue;
3716 }
3717
3718 /* Handle character translation for "tr" */
3719
3720 case EITEM_TR:
3721 {
3722 int oldptr = ptr;
3723 int o2m;
3724 uschar *sub[3];
3725
3726 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
3727 {
3728 case 1: goto EXPAND_FAILED_CURLY;
3729 case 2:
3730 case 3: goto EXPAND_FAILED;
3731 }
3732
3733 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
3734 o2m = Ustrlen(sub[2]) - 1;
3735
3736 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
3737 {
3738 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
3739 if (m != NULL)
3740 {
3741 int o = m - sub[1];
3742 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
3743 }
3744 }
3745
3746 continue;
3747 }
3748
3749 /* Handle "hash", "length", "nhash", and "substr" when they are given with
3750 expanded arguments. */
3751
3752 case EITEM_HASH:
3753 case EITEM_LENGTH:
3754 case EITEM_NHASH:
3755 case EITEM_SUBSTR:
3756 {
3757 int i;
3758 int len;
3759 uschar *ret;
3760 int val[2] = { 0, -1 };
3761 uschar *sub[3];
3762
3763 /* "length" takes only 2 arguments whereas the others take 2 or 3.
3764 Ensure that sub[2] is set in the ${length case. */
3765
3766 sub[2] = NULL;
3767 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
3768 TRUE, name))
3769 {
3770 case 1: goto EXPAND_FAILED_CURLY;
3771 case 2:
3772 case 3: goto EXPAND_FAILED;
3773 }
3774
3775 /* Juggle the arguments if there are only two of them: always move the
3776 string to the last position and make ${length{n}{str}} equivalent to
3777 ${substr{0}{n}{str}}. See the defaults for val[] above. */
3778
3779 if (sub[2] == NULL)
3780 {
3781 sub[2] = sub[1];
3782 sub[1] = NULL;
3783 if (item_type == EITEM_LENGTH)
3784 {
3785 sub[1] = sub[0];
3786 sub[0] = NULL;
3787 }
3788 }
3789
3790 for (i = 0; i < 2; i++)
3791 {
3792 if (sub[i] == NULL) continue;
3793 val[i] = (int)Ustrtol(sub[i], &ret, 10);
3794 if (*ret != 0 || (i != 0 && val[i] < 0))
3795 {
3796 expand_string_message = string_sprintf("\"%s\" is not a%s number "
3797 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
3798 goto EXPAND_FAILED;
3799 }
3800 }
3801
3802 ret =
3803 (item_type == EITEM_HASH)?
3804 compute_hash(sub[2], val[0], val[1], &len) :
3805 (item_type == EITEM_NHASH)?
3806 compute_nhash(sub[2], val[0], val[1], &len) :
3807 extract_substr(sub[2], val[0], val[1], &len);
3808
3809 if (ret == NULL) goto EXPAND_FAILED;
3810 yield = string_cat(yield, &size, &ptr, ret, len);
3811 continue;
3812 }
3813
3814 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
3815 This code originally contributed by Steve Haslam. It currently supports
3816 the use of MD5 and SHA-1 hashes.
3817
3818 We need some workspace that is large enough to handle all the supported
3819 hash types. Use macros to set the sizes rather than be too elaborate. */
3820
3821 #define MAX_HASHLEN 20
3822 #define MAX_HASHBLOCKLEN 64
3823
3824 case EITEM_HMAC:
3825 {
3826 uschar *sub[3];
3827 md5 md5_base;
3828 sha1 sha1_base;
3829 void *use_base;
3830 int type, i;
3831 int hashlen; /* Number of octets for the hash algorithm's output */
3832 int hashblocklen; /* Number of octets the hash algorithm processes */
3833 uschar *keyptr, *p;
3834 unsigned int keylen;
3835
3836 uschar keyhash[MAX_HASHLEN];
3837 uschar innerhash[MAX_HASHLEN];
3838 uschar finalhash[MAX_HASHLEN];
3839 uschar finalhash_hex[2*MAX_HASHLEN];
3840 uschar innerkey[MAX_HASHBLOCKLEN];
3841 uschar outerkey[MAX_HASHBLOCKLEN];
3842
3843 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
3844 {
3845 case 1: goto EXPAND_FAILED_CURLY;
3846 case 2:
3847 case 3: goto EXPAND_FAILED;
3848 }
3849
3850 if (Ustrcmp(sub[0], "md5") == 0)
3851 {
3852 type = HMAC_MD5;
3853 use_base = &md5_base;
3854 hashlen = 16;
3855 hashblocklen = 64;
3856 }
3857 else if (Ustrcmp(sub[0], "sha1") == 0)
3858 {
3859 type = HMAC_SHA1;
3860 use_base = &sha1_base;
3861 hashlen = 20;
3862 hashblocklen = 64;
3863 }
3864 else
3865 {
3866 expand_string_message =
3867 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
3868 goto EXPAND_FAILED;
3869 }
3870
3871 keyptr = sub[1];
3872 keylen = Ustrlen(keyptr);
3873
3874 /* If the key is longer than the hash block length, then hash the key
3875 first */
3876
3877 if (keylen > hashblocklen)
3878 {
3879 chash_start(type, use_base);
3880 chash_end(type, use_base, keyptr, keylen, keyhash);
3881 keyptr = keyhash;
3882 keylen = hashlen;
3883 }
3884
3885 /* Now make the inner and outer key values */
3886
3887 memset(innerkey, 0x36, hashblocklen);
3888 memset(outerkey, 0x5c, hashblocklen);
3889
3890 for (i = 0; i < keylen; i++)
3891 {
3892 innerkey[i] ^= keyptr[i];
3893 outerkey[i] ^= keyptr[i];
3894 }
3895
3896 /* Now do the hashes */
3897
3898 chash_start(type, use_base);
3899 chash_mid(type, use_base, innerkey);
3900 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
3901
3902 chash_start(type, use_base);
3903 chash_mid(type, use_base, outerkey);
3904 chash_end(type, use_base, innerhash, hashlen, finalhash);
3905
3906 /* Encode the final hash as a hex string */
3907
3908 p = finalhash_hex;
3909 for (i = 0; i < hashlen; i++)
3910 {
3911 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3912 *p++ = hex_digits[finalhash[i] & 0x0f];
3913 }
3914
3915 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
3916 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
3917
3918 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
3919 }
3920
3921 continue;
3922
3923 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
3924 We have to save the numerical variables and restore them afterwards. */
3925
3926 case EITEM_SG:
3927 {
3928 const pcre *re;
3929 int moffset, moffsetextra, slen;
3930 int roffset;
3931 int emptyopt;
3932 const uschar *rerror;
3933 uschar *subject;
3934 uschar *sub[3];
3935 int save_expand_nmax =
3936 save_expand_strings(save_expand_nstring, save_expand_nlength);
3937
3938 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
3939 {
3940 case 1: goto EXPAND_FAILED_CURLY;
3941 case 2:
3942 case 3: goto EXPAND_FAILED;
3943 }
3944
3945 /* Compile the regular expression */
3946
3947 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
3948 NULL);
3949
3950 if (re == NULL)
3951 {
3952 expand_string_message = string_sprintf("regular expression error in "
3953 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
3954 goto EXPAND_FAILED;
3955 }
3956
3957 /* Now run a loop to do the substitutions as often as necessary. It ends
3958 when there are no more matches. Take care over matches of the null string;
3959 do the same thing as Perl does. */
3960
3961 subject = sub[0];
3962 slen = Ustrlen(sub[0]);
3963 moffset = moffsetextra = 0;
3964 emptyopt = 0;
3965
3966 for (;;)
3967 {
3968 int ovector[3*(EXPAND_MAXN+1)];
3969 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
3970 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
3971 int nn;
3972 uschar *insert;
3973
3974 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
3975 is not necessarily the end. We want to repeat the match from one
3976 character further along, but leaving the basic offset the same (for
3977 copying below). We can't be at the end of the string - that was checked
3978 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
3979 finished; copy the remaining string and end the loop. */
3980
3981 if (n < 0)
3982 {
3983 if (emptyopt != 0)
3984 {
3985 moffsetextra = 1;
3986 emptyopt = 0;
3987 continue;
3988 }
3989 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
3990 break;
3991 }
3992
3993 /* Match - set up for expanding the replacement. */
3994
3995 if (n == 0) n = EXPAND_MAXN + 1;
3996 expand_nmax = 0;
3997 for (nn = 0; nn < n*2; nn += 2)
3998 {
3999 expand_nstring[expand_nmax] = subject + ovector[nn];
4000 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4001 }
4002 expand_nmax--;
4003
4004 /* Copy the characters before the match, plus the expanded insertion. */
4005
4006 yield = string_cat(yield, &size, &ptr, subject + moffset,
4007 ovector[0] - moffset);
4008 insert = expand_string(sub[2]);
4009 if (insert == NULL) goto EXPAND_FAILED;
4010 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
4011
4012 moffset = ovector[1];
4013 moffsetextra = 0;
4014 emptyopt = 0;
4015
4016 /* If we have matched an empty string, first check to see if we are at
4017 the end of the subject. If so, the loop is over. Otherwise, mimic
4018 what Perl's /g options does. This turns out to be rather cunning. First
4019 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
4020 string at the same point. If this fails (picked up above) we advance to
4021 the next character. */
4022
4023 if (ovector[0] == ovector[1])
4024 {
4025 if (ovector[0] == slen) break;
4026 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
4027 }
4028 }
4029
4030 /* All done - restore numerical variables. */
4031
4032 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4033 save_expand_nlength);
4034 continue;
4035 }
4036
4037 /* Handle keyed and numbered substring extraction. If the first argument
4038 consists entirely of digits, then a numerical extraction is assumed. */
4039
4040 case EITEM_EXTRACT:
4041 {
4042 int i;
4043 int j = 2;
4044 int field_number = 1;
4045 BOOL field_number_set = FALSE;
4046 uschar *save_lookup_value = lookup_value;
4047 uschar *sub[3];
4048 int save_expand_nmax =
4049 save_expand_strings(save_expand_nstring, save_expand_nlength);
4050
4051 /* Read the arguments */
4052
4053 for (i = 0; i < j; i++)
4054 {
4055 while (isspace(*s)) s++;
4056 if (*s == '{')
4057 {
4058 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
4059 if (sub[i] == NULL) goto EXPAND_FAILED;
4060 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4061
4062 /* After removal of leading and trailing white space, the first
4063 argument must not be empty; if it consists entirely of digits
4064 (optionally preceded by a minus sign), this is a numerical
4065 extraction, and we expect 3 arguments. */
4066
4067 if (i == 0)
4068 {
4069 int len;
4070 int x = 0;
4071 uschar *p = sub[0];
4072
4073 while (isspace(*p)) p++;
4074 sub[0] = p;
4075
4076 len = Ustrlen(p);
4077 while (len > 0 && isspace(p[len-1])) len--;
4078 p[len] = 0;
4079
4080 if (*p == 0)
4081 {
4082 expand_string_message = US"first argument of \"extract\" must "
4083 "not be empty";
4084 goto EXPAND_FAILED;
4085 }
4086
4087 if (*p == '-')
4088 {
4089 field_number = -1;
4090 p++;
4091 }
4092 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
4093 if (*p == 0)
4094 {
4095 field_number *= x;
4096 j = 3; /* Need 3 args */
4097 field_number_set = TRUE;
4098 }
4099 }
4100 }
4101 else goto EXPAND_FAILED_CURLY;
4102 }
4103
4104 /* Extract either the numbered or the keyed substring into $value. If
4105 skipping, just pretend the extraction failed. */
4106
4107 lookup_value = skipping? NULL : field_number_set?
4108 expand_gettokened(field_number, sub[1], sub[2]) :
4109 expand_getkeyed(sub[0], sub[1]);
4110
4111 /* If no string follows, $value gets substituted; otherwise there can
4112 be yes/no strings, as for lookup or if. */
4113
4114 switch(process_yesno(
4115 skipping, /* were previously skipping */
4116 lookup_value != NULL, /* success/failure indicator */
4117 save_lookup_value, /* value to reset for string2 */
4118 &s, /* input pointer */
4119 &yield, /* output pointer */
4120 &size, /* output size */
4121 &ptr, /* output current point */
4122 US"extract")) /* condition type */
4123 {
4124 case 1: goto EXPAND_FAILED; /* when all is well, the */
4125 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4126 }
4127
4128 /* All done - restore numerical variables. */
4129
4130 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4131 save_expand_nlength);
4132
4133 continue;
4134 }
4135
4136
4137 /* If ${dlfunc support is configured, handle calling dynamically-loaded
4138 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
4139 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
4140 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
4141
4142 #define EXPAND_DLFUNC_MAX_ARGS 8
4143
4144 case EITEM_DLFUNC:
4145 #ifndef EXPAND_DLFUNC
4146 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
4147 "is not included in this binary";
4148 goto EXPAND_FAILED;
4149
4150 #else /* EXPAND_DLFUNC */
4151 {
4152 tree_node *t;
4153 exim_dlfunc_t *func;
4154 uschar *result;
4155 int status, argc;
4156 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
4157
4158 if ((expand_forbid & RDO_DLFUNC) != 0)
4159 {
4160 expand_string_message =
4161 US"dynamically-loaded functions are not permitted";
4162 goto EXPAND_FAILED;
4163 }
4164
4165 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
4166 TRUE, US"dlfunc"))
4167 {
4168 case 1: goto EXPAND_FAILED_CURLY;
4169 case 2:
4170 case 3: goto EXPAND_FAILED;
4171 }
4172
4173 /* If skipping, we don't actually do anything */
4174
4175 if (skipping) continue;
4176
4177 /* Look up the dynamically loaded object handle in the tree. If it isn't
4178 found, dlopen() the file and put the handle in the tree for next time. */
4179
4180 t = tree_search(dlobj_anchor, argv[0]);
4181 if (t == NULL)
4182 {
4183 void *handle = dlopen(CS argv[0], RTLD_LAZY);
4184 if (handle == NULL)
4185 {
4186 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
4187 argv[0], dlerror());
4188 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4189 goto EXPAND_FAILED;
4190 }
4191 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
4192 Ustrcpy(t->name, argv[0]);
4193 t->data.ptr = handle;
4194 (void)tree_insertnode(&dlobj_anchor, t);
4195 }
4196
4197 /* Having obtained the dynamically loaded object handle, look up the
4198 function pointer. */
4199
4200 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
4201 if (func == NULL)
4202 {
4203 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
4204 "%s", argv[1], argv[0], dlerror());
4205 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4206 goto EXPAND_FAILED;
4207 }
4208
4209 /* Call the function and work out what to do with the result. If it
4210 returns OK, we have a replacement string; if it returns DEFER then
4211 expansion has failed in a non-forced manner; if it returns FAIL then
4212 failure was forced; if it returns ERROR or any other value there's a
4213 problem, so panic slightly. */
4214
4215 result = NULL;
4216 for (argc = 0; argv[argc] != NULL; argc++);
4217 status = func(&result, argc - 2, &argv[2]);
4218 if(status == OK)
4219 {
4220 if (result == NULL) result = US"";
4221 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
4222 continue;
4223 }
4224 else
4225 {
4226 expand_string_message = result == NULL ? US"(no message)" : result;
4227 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
4228 else if(status != FAIL)
4229 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
4230 argv[0], argv[1], status, expand_string_message);
4231 goto EXPAND_FAILED;
4232 }
4233 }
4234 #endif /* EXPAND_DLFUNC */
4235 }
4236
4237 /* Control reaches here if the name is not recognized as one of the more
4238 complicated expansion items. Check for the "operator" syntax (name terminated
4239 by a colon). Some of the operators have arguments, separated by _ from the
4240 name. */
4241
4242 if (*s == ':')
4243 {
4244 int c;
4245 uschar *arg = NULL;
4246 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
4247 if (sub == NULL) goto EXPAND_FAILED;
4248 s++;
4249
4250 /* Owing to an historical mis-design, an underscore may be part of the
4251 operator name, or it may introduce arguments. We therefore first scan the
4252 table of names that contain underscores. If there is no match, we cut off
4253 the arguments and then scan the main table. */
4254
4255 c = chop_match(name, op_table_underscore,
4256 sizeof(op_table_underscore)/sizeof(uschar *));
4257
4258 if (c < 0)
4259 {
4260 arg = Ustrchr(name, '_');
4261 if (arg != NULL) *arg = 0;
4262 c = chop_match(name, op_table_main,
4263 sizeof(op_table_main)/sizeof(uschar *));
4264 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
4265 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
4266 }
4267
4268 /* If we are skipping, we don't need to perform the operation at all.
4269 This matters for operations like "mask", because the data may not be
4270 in the correct format when skipping. For example, the expression may test
4271 for the existence of $sender_host_address before trying to mask it. For
4272 other operations, doing them may not fail, but it is a waste of time. */
4273
4274 if (skipping && c >= 0) continue;
4275
4276 /* Otherwise, switch on the operator type */
4277
4278 switch(c)
4279 {
4280 case EOP_BASE62:
4281 {
4282 uschar *t;
4283 unsigned long int n = Ustrtoul(sub, &t, 10);
4284 if (*t != 0)
4285 {
4286 expand_string_message = string_sprintf("argument for base62 "
4287 "operator is \"%s\", which is not a decimal number", sub);
4288 goto EXPAND_FAILED;
4289 }
4290 t = string_base62(n);
4291 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4292 continue;
4293 }
4294
4295 case EOP_BASE62D:
4296 {
4297 uschar buf[16];
4298 uschar *tt = sub;
4299 unsigned long int n = 0;
4300 while (*tt != 0)
4301 {
4302 uschar *t = Ustrchr(base62_chars, *tt++);
4303 if (t == NULL)
4304 {
4305 expand_string_message = string_sprintf("argument for base62d "
4306 "operator is \"%s\", which is not a base 62 number", sub);
4307 goto EXPAND_FAILED;
4308 }
4309 n = n * 62 + (t - base62_chars);
4310 }
4311 (void)sprintf(CS buf, "%ld", n);
4312 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
4313 continue;
4314 }
4315
4316 case EOP_EXPAND:
4317 {
4318 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
4319 if (expanded == NULL)
4320 {
4321 expand_string_message =
4322 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
4323 expand_string_message);
4324 goto EXPAND_FAILED;
4325 }
4326 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
4327 continue;
4328 }
4329
4330 case EOP_LC:
4331 {
4332 int count = 0;
4333 uschar *t = sub - 1;
4334 while (*(++t) != 0) { *t = tolower(*t); count++; }
4335 yield = string_cat(yield, &size, &ptr, sub, count);
4336 continue;
4337 }
4338
4339 case EOP_UC:
4340 {
4341 int count = 0;
4342 uschar *t = sub - 1;
4343 while (*(++t) != 0) { *t = toupper(*t); count++; }
4344 yield = string_cat(yield, &size, &ptr, sub, count);
4345 continue;
4346 }
4347
4348 case EOP_MD5:
4349 {
4350 md5 base;
4351 uschar digest[16];
4352 int j;
4353 char st[33];
4354 md5_start(&base);
4355 md5_end(&base, sub, Ustrlen(sub), digest);
4356 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
4357 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
4358 continue;
4359 }
4360
4361 case EOP_SHA1:
4362 {
4363 sha1 base;
4364 uschar digest[20];
4365 int j;
4366 char st[41];
4367 sha1_start(&base);
4368 sha1_end(&base, sub, Ustrlen(sub), digest);
4369 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
4370 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
4371 continue;
4372 }
4373
4374 /* Convert hex encoding to base64 encoding */
4375
4376 case EOP_HEX2B64:
4377 {
4378 int c = 0;
4379 int b = -1;
4380 uschar *in = sub;
4381 uschar *out = sub;
4382 uschar *enc;
4383
4384 for (enc = sub; *enc != 0; enc++)
4385 {
4386 if (!isxdigit(*enc))
4387 {
4388 expand_string_message = string_sprintf("\"%s\" is not a hex "
4389 "string", sub);
4390 goto EXPAND_FAILED;
4391 }
4392 c++;
4393 }
4394
4395 if ((c & 1) != 0)
4396 {
4397 expand_string_message = string_sprintf("\"%s\" contains an odd "
4398 "number of characters", sub);
4399 goto EXPAND_FAILED;
4400 }
4401
4402 while ((c = *in++) != 0)
4403 {
4404 if (isdigit(c)) c -= '0';
4405 else c = toupper(c) - 'A' + 10;
4406 if (b == -1)
4407 {
4408 b = c << 4;
4409 }
4410 else
4411 {
4412 *out++ = b | c;
4413 b = -1;
4414 }
4415 }
4416
4417 enc = auth_b64encode(sub, out - sub);
4418 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
4419 continue;
4420 }
4421
4422 /* mask applies a mask to an IP address; for example the result of
4423 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
4424
4425 case EOP_MASK:
4426 {
4427 int count;
4428 uschar *endptr;
4429 int binary[4];
4430 int mask, maskoffset;
4431 int type = string_is_ip_address(sub, &maskoffset);
4432 uschar buffer[64];
4433
4434 if (type == 0)
4435 {
4436 expand_string_message = string_sprintf("\"%s\" is not an IP address",
4437 sub);
4438 goto EXPAND_FAILED;
4439 }
4440
4441 if (maskoffset == 0)
4442 {
4443 expand_string_message = string_sprintf("missing mask value in \"%s\"",
4444 sub);
4445 goto EXPAND_FAILED;
4446 }
4447
4448 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
4449
4450 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
4451 {
4452 expand_string_message = string_sprintf("mask value too big in \"%s\"",
4453 sub);
4454 goto EXPAND_FAILED;
4455 }
4456
4457 /* Convert the address to binary integer(s) and apply the mask */
4458
4459 sub[maskoffset] = 0;
4460 count = host_aton(sub, binary);
4461 host_mask(count, binary, mask);
4462
4463 /* Convert to masked textual format and add to output. */
4464
4465 yield = string_cat(yield, &size, &ptr, buffer,
4466 host_nmtoa(count, binary, mask, buffer, '.'));
4467 continue;
4468 }
4469
4470 case EOP_ADDRESS:
4471 case EOP_LOCAL_PART:
4472 case EOP_DOMAIN:
4473 {
4474 uschar *error;
4475 int start, end, domain;
4476 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
4477 FALSE);
4478 if (t != NULL)
4479 {
4480 if (c != EOP_DOMAIN)
4481 {
4482 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
4483 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
4484 }
4485 else if (domain != 0)
4486 {
4487 domain += start;
4488 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
4489 }
4490 }
4491 continue;
4492 }
4493
4494 /* quote puts a string in quotes if it is empty or contains anything
4495 other than alphamerics, underscore, dot, or hyphen.
4496
4497 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
4498 be quoted in order to be a valid local part.
4499
4500 In both cases, newlines and carriage returns are converted into \n and \r
4501 respectively */
4502
4503 case EOP_QUOTE:
4504 case EOP_QUOTE_LOCAL_PART:
4505 if (arg == NULL)
4506 {
4507 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
4508 uschar *t = sub - 1;
4509
4510 if (c == EOP_QUOTE)
4511 {
4512 while (!needs_quote && *(++t) != 0)
4513 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
4514 }
4515 else /* EOP_QUOTE_LOCAL_PART */
4516 {
4517 while (!needs_quote && *(++t) != 0)
4518 needs_quote = !isalnum(*t) &&
4519 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
4520 (*t != '.' || t == sub || t[1] == 0);
4521 }
4522
4523 if (needs_quote)
4524 {
4525 yield = string_cat(yield, &size, &ptr, US"\"", 1);
4526 t = sub - 1;
4527 while (*(++t) != 0)
4528 {
4529 if (*t == '\n')
4530 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
4531 else if (*t == '\r')
4532 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
4533 else
4534 {
4535 if (*t == '\\' || *t == '"')
4536 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4537 yield = string_cat(yield, &size, &ptr, t, 1);
4538 }
4539 }
4540 yield = string_cat(yield, &size, &ptr, US"\"", 1);
4541 }
4542 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4543 continue;
4544 }
4545
4546 /* quote_lookuptype does lookup-specific quoting */
4547
4548 else
4549 {
4550 int n;
4551 uschar *opt = Ustrchr(arg, '_');
4552
4553 if (opt != NULL) *opt++ = 0;
4554
4555 n = search_findtype(arg, Ustrlen(arg));
4556 if (n < 0)
4557 {
4558 expand_string_message = search_error_message;
4559 goto EXPAND_FAILED;
4560 }
4561
4562 if (lookup_list[n].quote != NULL)
4563 sub = (lookup_list[n].quote)(sub, opt);
4564 else if (opt != NULL) sub = NULL;
4565
4566 if (sub == NULL)
4567 {
4568 expand_string_message = string_sprintf(
4569 "\"%s\" unrecognized after \"${quote_%s\"",
4570 opt, arg);
4571 goto EXPAND_FAILED;
4572 }
4573
4574 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4575 continue;
4576 }
4577
4578 /* rx quote sticks in \ before any non-alphameric character so that
4579 the insertion works in a regular expression. */
4580
4581 case EOP_RXQUOTE:
4582 {
4583 uschar *t = sub - 1;
4584 while (*(++t) != 0)
4585 {
4586 if (!isalnum(*t))
4587 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4588 yield = string_cat(yield, &size, &ptr, t, 1);
4589 }
4590 continue;
4591 }
4592
4593 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
4594 prescribed by the RFC, if there are characters that need to be encoded */
4595
4596 case EOP_RFC2047:
4597 {
4598 uschar buffer[2048];
4599 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
4600 buffer, sizeof(buffer));
4601 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
4602 continue;
4603 }
4604
4605 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
4606 underscores */
4607
4608 case EOP_FROM_UTF8:
4609 {
4610 while (*sub != 0)
4611 {
4612 int c;
4613 uschar buff[4];
4614 GETUTF8INC(c, sub);
4615 if (c > 255) c = '_';
4616 buff[0] = c;
4617 yield = string_cat(yield, &size, &ptr, buff, 1);
4618 }
4619 continue;
4620 }
4621
4622 /* escape turns all non-printing characters into escape sequences. */
4623
4624 case EOP_ESCAPE:
4625 {
4626 uschar *t = string_printing(sub);
4627 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4628 continue;
4629 }
4630
4631 /* Handle numeric expression evaluation */
4632
4633 case EOP_EVAL:
4634 case EOP_EVAL10:
4635 {
4636 uschar *save_sub = sub;
4637 uschar *error = NULL;
4638 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
4639 if (error != NULL)
4640 {
4641 expand_string_message = string_sprintf("error in expression "
4642 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
4643 save_sub);
4644 goto EXPAND_FAILED;
4645 }
4646 sprintf(CS var_buffer, "%d", n);
4647 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
4648 continue;
4649 }
4650
4651 /* Handle time period formating */
4652
4653 case EOP_TIME_INTERVAL:
4654 {
4655 int n;
4656 uschar *t = read_number(&n, sub);
4657 if (*t != 0) /* Not A Number*/
4658 {
4659 expand_string_message = string_sprintf("string \"%s\" is not a "
4660 "positive number in \"%s\" operator", sub, name);
4661 goto EXPAND_FAILED;
4662 }
4663 t = readconf_printtime(n);
4664 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4665 continue;
4666 }
4667
4668 /* Convert string to base64 encoding */
4669
4670 case EOP_STR2B64:
4671 {
4672 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
4673 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
4674 continue;
4675 }
4676
4677 /* strlen returns the length of the string */
4678
4679 case EOP_STRLEN:
4680 {
4681 uschar buff[24];
4682 (void)sprintf(CS buff, "%d", Ustrlen(sub));
4683 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
4684 continue;
4685 }
4686
4687 /* length_n or l_n takes just the first n characters or the whole string,
4688 whichever is the shorter;
4689
4690 substr_m_n, and s_m_n take n characters from offset m; negative m take
4691 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
4692 takes the rest, either to the right or to the left.
4693
4694 hash_n or h_n makes a hash of length n from the string, yielding n
4695 characters from the set a-z; hash_n_m makes a hash of length n, but
4696 uses m characters from the set a-zA-Z0-9.
4697
4698 nhash_n returns a single number between 0 and n-1 (in text form), while
4699 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
4700 between 0 and n-1 and the second between 0 and m-1. */
4701
4702 case EOP_LENGTH:
4703 case EOP_L:
4704 case EOP_SUBSTR:
4705 case EOP_S:
4706 case EOP_HASH:
4707 case EOP_H:
4708 case EOP_NHASH:
4709 case EOP_NH:
4710 {
4711 int sign = 1;
4712 int value1 = 0;
4713 int value2 = -1;
4714 int *pn;
4715 int len;
4716 uschar *ret;
4717
4718 if (arg == NULL)
4719 {
4720 expand_string_message = string_sprintf("missing values after %s",
4721 name);
4722 goto EXPAND_FAILED;
4723 }
4724
4725 /* "length" has only one argument, effectively being synonymous with
4726 substr_0_n. */
4727
4728 if (c == EOP_LENGTH || c == EOP_L)
4729 {
4730 pn = &value2;
4731 value2 = 0;
4732 }
4733
4734 /* The others have one or two arguments; for "substr" the first may be
4735 negative. The second being negative means "not supplied". */
4736
4737 else
4738 {
4739 pn = &value1;
4740 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
4741 }
4742
4743 /* Read up to two numbers, separated by underscores */
4744
4745 ret = arg;
4746 while (*arg != 0)
4747 {
4748 if (arg != ret && *arg == '_' && pn == &value1)
4749 {
4750 pn = &value2;
4751 value2 = 0;
4752 if (arg[1] != 0) arg++;
4753 }
4754 else if (!isdigit(*arg))
4755 {
4756 expand_string_message =
4757 string_sprintf("non-digit after underscore in \"%s\"", name);
4758 goto EXPAND_FAILED;
4759 }
4760 else *pn = (*pn)*10 + *arg++ - '0';
4761 }
4762 value1 *= sign;
4763
4764 /* Perform the required operation */
4765
4766 ret =
4767 (c == EOP_HASH || c == EOP_H)?
4768 compute_hash(sub, value1, value2, &len) :
4769 (c == EOP_NHASH || c == EOP_NH)?
4770 compute_nhash(sub, value1, value2, &len) :
4771 extract_substr(sub, value1, value2, &len);
4772
4773 if (ret == NULL) goto EXPAND_FAILED;
4774 yield = string_cat(yield, &size, &ptr, ret, len);
4775 continue;
4776 }
4777
4778 /* Stat a path */
4779
4780 case EOP_STAT:
4781 {
4782 uschar *s;
4783 uschar smode[12];
4784 uschar **modetable[3];
4785 int i;
4786 mode_t mode;
4787 struct stat st;
4788
4789 if (stat(CS sub, &st) < 0)
4790 {
4791 expand_string_message = string_sprintf("stat(%s) failed: %s",
4792 sub, strerror(errno));
4793 goto EXPAND_FAILED;
4794 }
4795 mode = st.st_mode;
4796 switch (mode & S_IFMT)
4797 {
4798 case S_IFIFO: smode[0] = 'p'; break;
4799 case S_IFCHR: smode[0] = 'c'; break;
4800 case S_IFDIR: smode[0] = 'd'; break;
4801 case S_IFBLK: smode[0] = 'b'; break;
4802 case S_IFREG: smode[0] = '-'; break;
4803 default: smode[0] = '?'; break;
4804 }
4805
4806 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
4807 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
4808 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
4809
4810 for (i = 0; i < 3; i++)
4811 {
4812 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
4813 mode >>= 3;
4814 }
4815
4816 smode[10] = 0;
4817 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
4818 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
4819 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
4820 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
4821 (long)st.st_gid, st.st_size, (long)st.st_atime,
4822 (long)st.st_mtime, (long)st.st_ctime);
4823 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
4824 continue;
4825 }
4826
4827 /* Unknown operator */
4828
4829 default:
4830 expand_string_message =
4831 string_sprintf("unknown expansion operator \"%s\"", name);
4832 goto EXPAND_FAILED;
4833 }
4834 }
4835
4836 /* Handle a plain name. If this is the first thing in the expansion, release
4837 the pre-allocated buffer. If the result data is known to be in a new buffer,
4838 newsize will be set to the size of that buffer, and we can just point at that
4839 store instead of copying. Many expansion strings contain just one reference,
4840 so this is a useful optimization, especially for humungous headers
4841 ($message_headers). */
4842
4843 if (*s++ == '}')
4844 {
4845 int len;
4846 int newsize = 0;
4847 if (ptr == 0)
4848 {
4849 store_reset(yield);
4850 yield = NULL;
4851 size = 0;
4852 }
4853 value = find_variable(name, FALSE, skipping, &newsize);
4854 if (value == NULL)
4855 {
4856 expand_string_message =
4857 string_sprintf("unknown variable in \"${%s}\"", name);
4858 goto EXPAND_FAILED;
4859 }
4860 len = Ustrlen(value);
4861 if (yield == NULL && newsize != 0)
4862 {
4863 yield = value;
4864 size = newsize;
4865 ptr = len;
4866 }
4867 else yield = string_cat(yield, &size, &ptr, value, len);
4868 continue;
4869 }
4870
4871 /* Else there's something wrong */
4872
4873 expand_string_message =
4874 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
4875 "in a variable reference)", name);
4876 goto EXPAND_FAILED;
4877 }
4878
4879/* If we hit the end of the string when ket_ends is set, there is a missing
4880terminating brace. */
4881
4882if (ket_ends && *s == 0)
4883 {
4884 expand_string_message = malformed_header?
4885 US"missing } at end of string - could be header name not terminated by colon"
4886 :
4887 US"missing } at end of string";
4888 goto EXPAND_FAILED;
4889 }
4890
4891/* Expansion succeeded; yield may still be NULL here if nothing was actually
4892added to the string. If so, set up an empty string. Add a terminating zero. If
4893left != NULL, return a pointer to the terminator. */
4894
4895if (yield == NULL) yield = store_get(1);
4896yield[ptr] = 0;
4897if (left != NULL) *left = s;
4898
4899/* Any stacking store that was used above the final string is no longer needed.
4900In many cases the final string will be the first one that was got and so there
4901will be optimal store usage. */
4902
4903store_reset(yield + ptr + 1);
4904DEBUG(D_expand)
4905 {
4906 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
4907 yield);
4908 if (skipping) debug_printf("skipping: result is not used\n");
4909 }
4910return yield;
4911
4912/* This is the failure exit: easiest to program with a goto. We still need
4913to update the pointer to the terminator, for cases of nested calls with "fail".
4914*/
4915
4916EXPAND_FAILED_CURLY:
4917expand_string_message = malformed_header?
4918 US"missing or misplaced { or } - could be header name not terminated by colon"
4919 :
4920 US"missing or misplaced { or }";
4921
4922/* At one point, Exim reset the store to yield (if yield was not NULL), but
4923that is a bad idea, because expand_string_message is in dynamic store. */
4924
4925EXPAND_FAILED:
4926if (left != NULL) *left = s;
4927DEBUG(D_expand)
4928 {
4929 debug_printf("failed to expand: %s\n", string);
4930 debug_printf(" error message: %s\n", expand_string_message);
4931 if (expand_string_forcedfail) debug_printf("failure was forced\n");
4932 }
4933return NULL;
4934}
4935
4936
4937/* This is the external function call. Do a quick check for any expansion
4938metacharacters, and if there are none, just return the input string.
4939
4940Argument: the string to be expanded
4941Returns: the expanded string, or NULL if expansion failed; if failure was
4942 due to a lookup deferring, search_find_defer will be TRUE
4943*/
4944
4945uschar *
4946expand_string(uschar *string)
4947{
4948search_find_defer = FALSE;
4949malformed_header = FALSE;
4950return (Ustrpbrk(string, "$\\") == NULL)? string :
4951 expand_string_internal(string, FALSE, NULL, FALSE);
4952}
4953
4954
4955
4956/*************************************************
4957* Expand and copy *
4958*************************************************/
4959
4960/* Now and again we want to expand a string and be sure that the result is in a
4961new bit of store. This function does that.
4962
4963Argument: the string to be expanded
4964Returns: the expanded string, always in a new bit of store, or NULL
4965*/
4966
4967uschar *
4968expand_string_copy(uschar *string)
4969{
4970uschar *yield = expand_string(string);
4971if (yield == string) yield = string_copy(string);
4972return yield;
4973}
4974
4975
4976
4977/*************************************************
4978* Expand and interpret as an integer *
4979*************************************************/
4980
4981/* Expand a string, and convert the result into an integer.
4982
4983Argument: the string to be expanded
4984
4985Returns: the integer value, or
4986 -1 for an expansion error ) in both cases, message in
4987 -2 for an integer interpretation error ) expand_string_message
4988
4989*/
4990
4991int
4992expand_string_integer(uschar *string)
4993{
4994long int value;
4995uschar *s = expand_string(string);
4996uschar *msg = US"invalid integer \"%s\"";
4997uschar *endptr;
4998
4999if (s == NULL) return -1;
5000
5001/* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
5002to ERANGE. When there isn't an overflow, errno is not changed, at least on some
5003systems, so we set it zero ourselves. */
5004
5005errno = 0;
5006value = strtol(CS s, CSS &endptr, 0);
5007
5008if (endptr == s)
5009 {
5010 msg = US"integer expected but \"%s\" found";
5011 }
5012else
5013 {
5014 /* Ensure we can cast this down to an int */
5015 if (value > INT_MAX || value < INT_MIN) errno = ERANGE;
5016
5017 if (errno != ERANGE)
5018 {
5019 if (tolower(*endptr) == 'k')
5020 {
5021 if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE;
5022 else value *= 1024;
5023 endptr++;
5024 }
5025 else if (tolower(*endptr) == 'm')
5026 {
5027 if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024))
5028 errno = ERANGE;
5029 else value *= 1024*1024;
5030 endptr++;
5031 }
5032 }
5033 if (errno == ERANGE)
5034 msg = US"absolute value of integer \"%s\" is too large (overflow)";
5035 else
5036 {
5037 while (isspace(*endptr)) endptr++;
5038 if (*endptr == 0) return (int)value;
5039 }
5040 }
5041
5042expand_string_message = string_sprintf(CS msg, s);
5043return -2;
5044}
5045
5046
5047/*************************************************
5048**************************************************
5049* Stand-alone test program *
5050**************************************************
5051*************************************************/
5052
5053#ifdef STAND_ALONE
5054
5055
5056BOOL
5057regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
5058{
5059int ovector[3*(EXPAND_MAXN+1)];
5060int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
5061 ovector, sizeof(ovector)/sizeof(int));
5062BOOL yield = n >= 0;
5063if (n == 0) n = EXPAND_MAXN + 1;
5064if (yield)
5065 {
5066 int nn;
5067 expand_nmax = (setup < 0)? 0 : setup + 1;
5068 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
5069 {
5070 expand_nstring[expand_nmax] = subject + ovector[nn];
5071 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5072 }
5073 expand_nmax--;
5074 }
5075return yield;
5076}
5077
5078
5079int main(int argc, uschar **argv)
5080{
5081int i;
5082uschar buffer[1024];
5083
5084debug_selector = D_v;
5085debug_file = stderr;
5086debug_fd = fileno(debug_file);
5087big_buffer = malloc(big_buffer_size);
5088
5089for (i = 1; i < argc; i++)
5090 {
5091 if (argv[i][0] == '+')
5092 {
5093 debug_trace_memory = 2;
5094 argv[i]++;
5095 }
5096 if (isdigit(argv[i][0]))
5097 debug_selector = Ustrtol(argv[i], NULL, 0);
5098 else
5099 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
5100 Ustrlen(argv[i]))
5101 {
5102 #ifdef LOOKUP_LDAP
5103 eldap_default_servers = argv[i];
5104 #endif
5105 #ifdef LOOKUP_MYSQL
5106 mysql_servers = argv[i];
5107 #endif
5108 #ifdef LOOKUP_PGSQL
5109 pgsql_servers = argv[i];
5110 #endif
5111 }
5112 #ifdef EXIM_PERL
5113 else opt_perl_startup = argv[i];
5114 #endif
5115 }
5116
5117printf("Testing string expansion: debug_level = %d\n\n", debug_level);
5118
5119expand_nstring[1] = US"string 1....";
5120expand_nlength[1] = 8;
5121expand_nmax = 1;
5122
5123#ifdef EXIM_PERL
5124if (opt_perl_startup != NULL)
5125 {
5126 uschar *errstr;
5127 printf("Starting Perl interpreter\n");
5128 errstr = init_perl(opt_perl_startup);
5129 if (errstr != NULL)
5130 {
5131 printf("** error in perl_startup code: %s\n", errstr);
5132 return EXIT_FAILURE;
5133 }
5134 }
5135#endif /* EXIM_PERL */
5136
5137while (fgets(buffer, sizeof(buffer), stdin) != NULL)
5138 {
5139 void *reset_point = store_get(0);
5140 uschar *yield = expand_string(buffer);
5141 if (yield != NULL)
5142 {
5143 printf("%s\n", yield);
5144 store_reset(reset_point);
5145 }
5146 else
5147 {
5148 if (search_find_defer) printf("search_find deferred\n");
5149 printf("Failed: %s\n", expand_string_message);
5150 if (expand_string_forcedfail) printf("Forced failure\n");
5151 printf("\n");
5152 }
5153 }
5154
5155search_tidyup();
5156
5157return 0;
5158}
5159
5160#endif
5161
5162/* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.