projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add ${acl {name}{arg}} expansion item.
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL, BOOL);
17
18 #ifdef STAND_ALONE
19 #ifndef SUPPORT_CRYPTEQ
20 #define SUPPORT_CRYPTEQ
21 #endif
22 #endif
23
24 #ifdef LOOKUP_LDAP
25 #include "lookups/ldap.h"
26 #endif
27
28 #ifdef SUPPORT_CRYPTEQ
29 #ifdef CRYPT_H
30 #include <crypt.h>
31 #endif
32 #ifndef HAVE_CRYPT16
33 extern char* crypt16(char*, char*);
34 #endif
35 #endif
36
37 /* The handling of crypt16() is a mess. I will record below the analysis of the
38 mess that was sent to me. We decided, however, to make changing this very low
39 priority, because in practice people are moving away from the crypt()
40 algorithms nowadays, so it doesn't seem worth it.
41
42 <quote>
43 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44 the first 8 characters of the password using a 20-round version of crypt
45 (standard crypt does 25 rounds). It then crypts the next 8 characters,
46 or an empty block if the password is less than 9 characters, using a
47 20-round version of crypt and the same salt as was used for the first
48 block. Charaters after the first 16 are ignored. It always generates
49 a 16-byte hash, which is expressed together with the salt as a string
50 of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56 and OSF/1. This is the same as the standard crypt if given a password
57 of 8 characters or less. If given more, it first does the same as crypt
58 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59 using as salt the first two base 64 digits from the first hash block.
60 If the password is more than 16 characters then it crypts the 17th to 24th
61 characters using as salt the first two base 64 digits from the second hash
62 block. And so on: I've seen references to it cutting off the password at
63 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70 Exim has something it calls "crypt16". It will either use a native
71 crypt16 or its own implementation. A native crypt16 will presumably
72 be the one that I called "crypt16" above. The internal "crypt16"
73 function, however, is a two-block-maximum implementation of what I called
74 "bigcrypt". The documentation matches the internal code.
75
76 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77 that crypt16 and bigcrypt were different things.
78
79 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80 to whatever it is using under that name. This unfortunately sets a
81 precedent for using "{crypt16}" to identify two incompatible algorithms
82 whose output can't be distinguished. With "{crypt16}" thus rendered
83 ambiguous, I suggest you deprecate it and invent two new identifiers
84 for the two algorithms.
85
86 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87 of the password separately means they can be cracked separately, so
88 the double-length hash only doubles the cracking effort instead of
89 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90 bcrypt ({CRYPT}$2a$).
91 </quote>
92 */
93
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"dlfunc",
107 US"extract",
108 US"filter",
109 US"hash",
110 US"hmac",
111 US"if",
112 US"length",
113 US"lookup",
114 US"map",
115 US"nhash",
116 US"perl",
117 US"prvs",
118 US"prvscheck",
119 US"readfile",
120 US"readsocket",
121 US"reduce",
122 US"run",
123 US"sg",
124 US"substr",
125 US"tr" };
126
127 enum {
128 EITEM_ACL,
129 EITEM_DLFUNC,
130 EITEM_EXTRACT,
131 EITEM_FILTER,
132 EITEM_HASH,
133 EITEM_HMAC,
134 EITEM_IF,
135 EITEM_LENGTH,
136 EITEM_LOOKUP,
137 EITEM_MAP,
138 EITEM_NHASH,
139 EITEM_PERL,
140 EITEM_PRVS,
141 EITEM_PRVSCHECK,
142 EITEM_READFILE,
143 EITEM_READSOCK,
144 EITEM_REDUCE,
145 EITEM_RUN,
146 EITEM_SG,
147 EITEM_SUBSTR,
148 EITEM_TR };
149
150 /* Tables of operator names, and corresponding switch numbers. The names must be
151 in alphabetical order. There are two tables, because underscore is used in some
152 cases to introduce arguments, whereas for other it is part of the name. This is
153 an historical mis-design. */
154
155 static uschar *op_table_underscore[] = {
156 US"from_utf8",
157 US"local_part",
158 US"quote_local_part",
159 US"reverse_ip",
160 US"time_eval",
161 US"time_interval"};
162
163 enum {
164 EOP_FROM_UTF8,
165 EOP_LOCAL_PART,
166 EOP_QUOTE_LOCAL_PART,
167 EOP_REVERSE_IP,
168 EOP_TIME_EVAL,
169 EOP_TIME_INTERVAL };
170
171 static uschar *op_table_main[] = {
172 US"address",
173 US"addresses",
174 US"base62",
175 US"base62d",
176 US"domain",
177 US"escape",
178 US"eval",
179 US"eval10",
180 US"expand",
181 US"h",
182 US"hash",
183 US"hex2b64",
184 US"l",
185 US"lc",
186 US"length",
187 US"listcount",
188 US"listnamed",
189 US"mask",
190 US"md5",
191 US"nh",
192 US"nhash",
193 US"quote",
194 US"randint",
195 US"rfc2047",
196 US"rfc2047d",
197 US"rxquote",
198 US"s",
199 US"sha1",
200 US"stat",
201 US"str2b64",
202 US"strlen",
203 US"substr",
204 US"uc" };
205
206 enum {
207 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
208 EOP_ADDRESSES,
209 EOP_BASE62,
210 EOP_BASE62D,
211 EOP_DOMAIN,
212 EOP_ESCAPE,
213 EOP_EVAL,
214 EOP_EVAL10,
215 EOP_EXPAND,
216 EOP_H,
217 EOP_HASH,
218 EOP_HEX2B64,
219 EOP_L,
220 EOP_LC,
221 EOP_LENGTH,
222 EOP_LISTCOUNT,
223 EOP_LISTNAMED,
224 EOP_MASK,
225 EOP_MD5,
226 EOP_NH,
227 EOP_NHASH,
228 EOP_QUOTE,
229 EOP_RANDINT,
230 EOP_RFC2047,
231 EOP_RFC2047D,
232 EOP_RXQUOTE,
233 EOP_S,
234 EOP_SHA1,
235 EOP_STAT,
236 EOP_STR2B64,
237 EOP_STRLEN,
238 EOP_SUBSTR,
239 EOP_UC };
240
241
242 /* Table of condition names, and corresponding switch numbers. The names must
243 be in alphabetical order. */
244
245 static uschar *cond_table[] = {
246 US"<",
247 US"<=",
248 US"=",
249 US"==", /* Backward compatibility */
250 US">",
251 US">=",
252 US"and",
253 US"bool",
254 US"bool_lax",
255 US"crypteq",
256 US"def",
257 US"eq",
258 US"eqi",
259 US"exists",
260 US"first_delivery",
261 US"forall",
262 US"forany",
263 US"ge",
264 US"gei",
265 US"gt",
266 US"gti",
267 US"inlist",
268 US"inlisti",
269 US"isip",
270 US"isip4",
271 US"isip6",
272 US"ldapauth",
273 US"le",
274 US"lei",
275 US"lt",
276 US"lti",
277 US"match",
278 US"match_address",
279 US"match_domain",
280 US"match_ip",
281 US"match_local_part",
282 US"or",
283 US"pam",
284 US"pwcheck",
285 US"queue_running",
286 US"radius",
287 US"saslauthd"
288 };
289
290 enum {
291 ECOND_NUM_L,
292 ECOND_NUM_LE,
293 ECOND_NUM_E,
294 ECOND_NUM_EE,
295 ECOND_NUM_G,
296 ECOND_NUM_GE,
297 ECOND_AND,
298 ECOND_BOOL,
299 ECOND_BOOL_LAX,
300 ECOND_CRYPTEQ,
301 ECOND_DEF,
302 ECOND_STR_EQ,
303 ECOND_STR_EQI,
304 ECOND_EXISTS,
305 ECOND_FIRST_DELIVERY,
306 ECOND_FORALL,
307 ECOND_FORANY,
308 ECOND_STR_GE,
309 ECOND_STR_GEI,
310 ECOND_STR_GT,
311 ECOND_STR_GTI,
312 ECOND_INLIST,
313 ECOND_INLISTI,
314 ECOND_ISIP,
315 ECOND_ISIP4,
316 ECOND_ISIP6,
317 ECOND_LDAPAUTH,
318 ECOND_STR_LE,
319 ECOND_STR_LEI,
320 ECOND_STR_LT,
321 ECOND_STR_LTI,
322 ECOND_MATCH,
323 ECOND_MATCH_ADDRESS,
324 ECOND_MATCH_DOMAIN,
325 ECOND_MATCH_IP,
326 ECOND_MATCH_LOCAL_PART,
327 ECOND_OR,
328 ECOND_PAM,
329 ECOND_PWCHECK,
330 ECOND_QUEUE_RUNNING,
331 ECOND_RADIUS,
332 ECOND_SASLAUTHD
333 };
334
335
336 /* Type for main variable table */
337
338 typedef struct {
339 const char *name;
340 int type;
341 void *value;
342 } var_entry;
343
344 /* Type for entries pointing to address/length pairs. Not currently
345 in use. */
346
347 typedef struct {
348 uschar **address;
349 int *length;
350 } alblock;
351
352 /* Types of table entry */
353
354 enum {
355 vtype_int, /* value is address of int */
356 vtype_filter_int, /* ditto, but recognized only when filtering */
357 vtype_ino, /* value is address of ino_t (not always an int) */
358 vtype_uid, /* value is address of uid_t (not always an int) */
359 vtype_gid, /* value is address of gid_t (not always an int) */
360 vtype_bool, /* value is address of bool */
361 vtype_stringptr, /* value is address of pointer to string */
362 vtype_msgbody, /* as stringptr, but read when first required */
363 vtype_msgbody_end, /* ditto, the end of the message */
364 vtype_msgheaders, /* the message's headers, processed */
365 vtype_msgheaders_raw, /* the message's headers, unprocessed */
366 vtype_localpart, /* extract local part from string */
367 vtype_domain, /* extract domain from string */
368 vtype_recipients, /* extract recipients from recipients list */
369 /* (available only in system filters, ACLs, and */
370 /* local_scan()) */
371 vtype_todbsdin, /* value not used; generate BSD inbox tod */
372 vtype_tode, /* value not used; generate tod in epoch format */
373 vtype_todel, /* value not used; generate tod in epoch/usec format */
374 vtype_todf, /* value not used; generate full tod */
375 vtype_todl, /* value not used; generate log tod */
376 vtype_todlf, /* value not used; generate log file datestamp tod */
377 vtype_todzone, /* value not used; generate time zone only */
378 vtype_todzulu, /* value not used; generate zulu tod */
379 vtype_reply, /* value not used; get reply from headers */
380 vtype_pid, /* value not used; result is pid */
381 vtype_host_lookup, /* value not used; get host name */
382 vtype_load_avg, /* value not used; result is int from os_getloadavg */
383 vtype_pspace, /* partition space; value is T/F for spool/log */
384 vtype_pinodes /* partition inodes; value is T/F for spool/log */
385 #ifndef DISABLE_DKIM
386 ,vtype_dkim /* Lookup of value in DKIM signature */
387 #endif
388 };
389
390 /* This table must be kept in alphabetical order. */
391
392 static var_entry var_table[] = {
393 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
394 they will be confused with user-creatable ACL variables. */
395 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
396 { "address_data", vtype_stringptr, &deliver_address_data },
397 { "address_file", vtype_stringptr, &address_file },
398 { "address_pipe", vtype_stringptr, &address_pipe },
399 { "authenticated_id", vtype_stringptr, &authenticated_id },
400 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
401 { "authentication_failed",vtype_int, &authentication_failed },
402 #ifdef WITH_CONTENT_SCAN
403 { "av_failed", vtype_int, &av_failed },
404 #endif
405 #ifdef EXPERIMENTAL_BRIGHTMAIL
406 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
407 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
408 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
409 { "bmi_deliver", vtype_int, &bmi_deliver },
410 #endif
411 { "body_linecount", vtype_int, &body_linecount },
412 { "body_zerocount", vtype_int, &body_zerocount },
413 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
414 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
415 { "caller_gid", vtype_gid, &real_gid },
416 { "caller_uid", vtype_uid, &real_uid },
417 { "compile_date", vtype_stringptr, &version_date },
418 { "compile_number", vtype_stringptr, &version_cnumber },
419 { "csa_status", vtype_stringptr, &csa_status },
420 #ifdef EXPERIMENTAL_DCC
421 { "dcc_header", vtype_stringptr, &dcc_header },
422 { "dcc_result", vtype_stringptr, &dcc_result },
423 #endif
424 #ifdef WITH_OLD_DEMIME
425 { "demime_errorlevel", vtype_int, &demime_errorlevel },
426 { "demime_reason", vtype_stringptr, &demime_reason },
427 #endif
428 #ifndef DISABLE_DKIM
429 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
430 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
431 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
432 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
433 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
434 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
435 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
436 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
437 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
438 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
439 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
440 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
441 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
442 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
443 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
444 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
445 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
446 { "dkim_signers", vtype_stringptr, &dkim_signers },
447 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
448 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
449 #endif
450 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
451 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
452 { "dnslist_text", vtype_stringptr, &dnslist_text },
453 { "dnslist_value", vtype_stringptr, &dnslist_value },
454 { "domain", vtype_stringptr, &deliver_domain },
455 { "domain_data", vtype_stringptr, &deliver_domain_data },
456 { "exim_gid", vtype_gid, &exim_gid },
457 { "exim_path", vtype_stringptr, &exim_path },
458 { "exim_uid", vtype_uid, &exim_uid },
459 #ifdef WITH_OLD_DEMIME
460 { "found_extension", vtype_stringptr, &found_extension },
461 #endif
462 { "home", vtype_stringptr, &deliver_home },
463 { "host", vtype_stringptr, &deliver_host },
464 { "host_address", vtype_stringptr, &deliver_host_address },
465 { "host_data", vtype_stringptr, &host_data },
466 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
467 { "host_lookup_failed", vtype_int, &host_lookup_failed },
468 { "inode", vtype_ino, &deliver_inode },
469 { "interface_address", vtype_stringptr, &interface_address },
470 { "interface_port", vtype_int, &interface_port },
471 { "item", vtype_stringptr, &iterate_item },
472 #ifdef LOOKUP_LDAP
473 { "ldap_dn", vtype_stringptr, &eldap_dn },
474 #endif
475 { "load_average", vtype_load_avg, NULL },
476 { "local_part", vtype_stringptr, &deliver_localpart },
477 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
478 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
479 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
480 { "local_scan_data", vtype_stringptr, &local_scan_data },
481 { "local_user_gid", vtype_gid, &local_user_gid },
482 { "local_user_uid", vtype_uid, &local_user_uid },
483 { "localhost_number", vtype_int, &host_number },
484 { "log_inodes", vtype_pinodes, (void *)FALSE },
485 { "log_space", vtype_pspace, (void *)FALSE },
486 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
487 #ifdef WITH_CONTENT_SCAN
488 { "malware_name", vtype_stringptr, &malware_name },
489 #endif
490 { "max_received_linelength", vtype_int, &max_received_linelength },
491 { "message_age", vtype_int, &message_age },
492 { "message_body", vtype_msgbody, &message_body },
493 { "message_body_end", vtype_msgbody_end, &message_body_end },
494 { "message_body_size", vtype_int, &message_body_size },
495 { "message_exim_id", vtype_stringptr, &message_id },
496 { "message_headers", vtype_msgheaders, NULL },
497 { "message_headers_raw", vtype_msgheaders_raw, NULL },
498 { "message_id", vtype_stringptr, &message_id },
499 { "message_linecount", vtype_int, &message_linecount },
500 { "message_size", vtype_int, &message_size },
501 #ifdef WITH_CONTENT_SCAN
502 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
503 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
504 { "mime_boundary", vtype_stringptr, &mime_boundary },
505 { "mime_charset", vtype_stringptr, &mime_charset },
506 { "mime_content_description", vtype_stringptr, &mime_content_description },
507 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
508 { "mime_content_id", vtype_stringptr, &mime_content_id },
509 { "mime_content_size", vtype_int, &mime_content_size },
510 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
511 { "mime_content_type", vtype_stringptr, &mime_content_type },
512 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
513 { "mime_filename", vtype_stringptr, &mime_filename },
514 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
515 { "mime_is_multipart", vtype_int, &mime_is_multipart },
516 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
517 { "mime_part_count", vtype_int, &mime_part_count },
518 #endif
519 { "n0", vtype_filter_int, &filter_n[0] },
520 { "n1", vtype_filter_int, &filter_n[1] },
521 { "n2", vtype_filter_int, &filter_n[2] },
522 { "n3", vtype_filter_int, &filter_n[3] },
523 { "n4", vtype_filter_int, &filter_n[4] },
524 { "n5", vtype_filter_int, &filter_n[5] },
525 { "n6", vtype_filter_int, &filter_n[6] },
526 { "n7", vtype_filter_int, &filter_n[7] },
527 { "n8", vtype_filter_int, &filter_n[8] },
528 { "n9", vtype_filter_int, &filter_n[9] },
529 { "original_domain", vtype_stringptr, &deliver_domain_orig },
530 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
531 { "originator_gid", vtype_gid, &originator_gid },
532 { "originator_uid", vtype_uid, &originator_uid },
533 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
534 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
535 { "pid", vtype_pid, NULL },
536 { "primary_hostname", vtype_stringptr, &primary_hostname },
537 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
538 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
539 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
540 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
541 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
542 { "rcpt_count", vtype_int, &rcpt_count },
543 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
544 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
545 { "received_count", vtype_int, &received_count },
546 { "received_for", vtype_stringptr, &received_for },
547 { "received_ip_address", vtype_stringptr, &interface_address },
548 { "received_port", vtype_int, &interface_port },
549 { "received_protocol", vtype_stringptr, &received_protocol },
550 { "received_time", vtype_int, &received_time },
551 { "recipient_data", vtype_stringptr, &recipient_data },
552 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
553 { "recipients", vtype_recipients, NULL },
554 { "recipients_count", vtype_int, &recipients_count },
555 #ifdef WITH_CONTENT_SCAN
556 { "regex_match_string", vtype_stringptr, &regex_match_string },
557 #endif
558 { "reply_address", vtype_reply, NULL },
559 { "return_path", vtype_stringptr, &return_path },
560 { "return_size_limit", vtype_int, &bounce_return_size_limit },
561 { "runrc", vtype_int, &runrc },
562 { "self_hostname", vtype_stringptr, &self_hostname },
563 { "sender_address", vtype_stringptr, &sender_address },
564 { "sender_address_data", vtype_stringptr, &sender_address_data },
565 { "sender_address_domain", vtype_domain, &sender_address },
566 { "sender_address_local_part", vtype_localpart, &sender_address },
567 { "sender_data", vtype_stringptr, &sender_data },
568 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
569 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
570 { "sender_host_address", vtype_stringptr, &sender_host_address },
571 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
572 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
573 { "sender_host_name", vtype_host_lookup, NULL },
574 { "sender_host_port", vtype_int, &sender_host_port },
575 { "sender_ident", vtype_stringptr, &sender_ident },
576 { "sender_rate", vtype_stringptr, &sender_rate },
577 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
578 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
579 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
580 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
581 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
582 { "sending_port", vtype_int, &sending_port },
583 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
584 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
585 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
586 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
587 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
588 { "sn0", vtype_filter_int, &filter_sn[0] },
589 { "sn1", vtype_filter_int, &filter_sn[1] },
590 { "sn2", vtype_filter_int, &filter_sn[2] },
591 { "sn3", vtype_filter_int, &filter_sn[3] },
592 { "sn4", vtype_filter_int, &filter_sn[4] },
593 { "sn5", vtype_filter_int, &filter_sn[5] },
594 { "sn6", vtype_filter_int, &filter_sn[6] },
595 { "sn7", vtype_filter_int, &filter_sn[7] },
596 { "sn8", vtype_filter_int, &filter_sn[8] },
597 { "sn9", vtype_filter_int, &filter_sn[9] },
598 #ifdef WITH_CONTENT_SCAN
599 { "spam_bar", vtype_stringptr, &spam_bar },
600 { "spam_report", vtype_stringptr, &spam_report },
601 { "spam_score", vtype_stringptr, &spam_score },
602 { "spam_score_int", vtype_stringptr, &spam_score_int },
603 #endif
604 #ifdef EXPERIMENTAL_SPF
605 { "spf_guess", vtype_stringptr, &spf_guess },
606 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
607 { "spf_received", vtype_stringptr, &spf_received },
608 { "spf_result", vtype_stringptr, &spf_result },
609 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
610 #endif
611 { "spool_directory", vtype_stringptr, &spool_directory },
612 { "spool_inodes", vtype_pinodes, (void *)TRUE },
613 { "spool_space", vtype_pspace, (void *)TRUE },
614 #ifdef EXPERIMENTAL_SRS
615 { "srs_db_address", vtype_stringptr, &srs_db_address },
616 { "srs_db_key", vtype_stringptr, &srs_db_key },
617 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
618 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
619 { "srs_recipient", vtype_stringptr, &srs_recipient },
620 { "srs_status", vtype_stringptr, &srs_status },
621 #endif
622 { "thisaddress", vtype_stringptr, &filter_thisaddress },
623
624 /* The non-(in,out) variables are now deprecated */
625 { "tls_bits", vtype_int, &tls_in.bits },
626 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
627 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
628
629 { "tls_in_bits", vtype_int, &tls_in.bits },
630 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
631 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
632 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
633 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
634 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
635 #endif
636 { "tls_out_bits", vtype_int, &tls_out.bits },
637 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
638 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
639 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
640 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
641 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
642 #endif
643
644 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
645 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
646 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
647 #endif
648
649 { "tod_bsdinbox", vtype_todbsdin, NULL },
650 { "tod_epoch", vtype_tode, NULL },
651 { "tod_epoch_l", vtype_todel, NULL },
652 { "tod_full", vtype_todf, NULL },
653 { "tod_log", vtype_todl, NULL },
654 { "tod_logfile", vtype_todlf, NULL },
655 { "tod_zone", vtype_todzone, NULL },
656 { "tod_zulu", vtype_todzulu, NULL },
657 { "value", vtype_stringptr, &lookup_value },
658 { "version_number", vtype_stringptr, &version_string },
659 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
660 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
661 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
662 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
663 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
664 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
665 };
666
667 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
668 static uschar var_buffer[256];
669 static BOOL malformed_header;
670
671 /* For textual hashes */
672
673 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
674 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
675 "0123456789";
676
677 enum { HMAC_MD5, HMAC_SHA1 };
678
679 /* For numeric hashes */
680
681 static unsigned int prime[] = {
682 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
683 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
684 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
685
686 /* For printing modes in symbolic form */
687
688 static uschar *mtable_normal[] =
689 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
690
691 static uschar *mtable_setid[] =
692 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
693
694 static uschar *mtable_sticky[] =
695 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
696
697
698
699 /*************************************************
700 * Tables for UTF-8 support *
701 *************************************************/
702
703 /* Table of the number of extra characters, indexed by the first character
704 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
705 0x3d. */
706
707 static uschar utf8_table1[] = {
708 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
709 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
710 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
711 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
712
713 /* These are the masks for the data bits in the first byte of a character,
714 indexed by the number of additional bytes. */
715
716 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
717
718 /* Get the next UTF-8 character, advancing the pointer. */
719
720 #define GETUTF8INC(c, ptr) \
721 c = *ptr++; \
722 if ((c & 0xc0) == 0xc0) \
723 { \
724 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
725 int s = 6*a; \
726 c = (c & utf8_table2[a]) << s; \
727 while (a-- > 0) \
728 { \
729 s -= 6; \
730 c |= (*ptr++ & 0x3f) << s; \
731 } \
732 }
733
734
735 /*************************************************
736 * Binary chop search on a table *
737 *************************************************/
738
739 /* This is used for matching expansion items and operators.
740
741 Arguments:
742 name the name that is being sought
743 table the table to search
744 table_size the number of items in the table
745
746 Returns: the offset in the table, or -1
747 */
748
749 static int
750 chop_match(uschar *name, uschar **table, int table_size)
751 {
752 uschar **bot = table;
753 uschar **top = table + table_size;
754
755 while (top > bot)
756 {
757 uschar **mid = bot + (top - bot)/2;
758 int c = Ustrcmp(name, *mid);
759 if (c == 0) return mid - table;
760 if (c > 0) bot = mid + 1; else top = mid;
761 }
762
763 return -1;
764 }
765
766
767
768 /*************************************************
769 * Check a condition string *
770 *************************************************/
771
772 /* This function is called to expand a string, and test the result for a "true"
773 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
774 forced fail or lookup defer. All store used by the function can be released on
775 exit.
776
777 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
778
779 Arguments:
780 condition the condition string
781 m1 text to be incorporated in panic error
782 m2 ditto
783
784 Returns: TRUE if condition is met, FALSE if not
785 */
786
787 BOOL
788 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
789 {
790 int rc;
791 void *reset_point = store_get(0);
792 uschar *ss = expand_string(condition);
793 if (ss == NULL)
794 {
795 if (!expand_string_forcedfail && !search_find_defer)
796 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
797 "for %s %s: %s", condition, m1, m2, expand_string_message);
798 return FALSE;
799 }
800 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
801 strcmpic(ss, US"false") != 0;
802 store_reset(reset_point);
803 return rc;
804 }
805
806
807
808
809 /*************************************************
810 * Pseudo-random number generation *
811 *************************************************/
812
813 /* Pseudo-random number generation. The result is not "expected" to be
814 cryptographically strong but not so weak that someone will shoot themselves
815 in the foot using it as a nonce in some email header scheme or whatever
816 weirdness they'll twist this into. The result should ideally handle fork().
817
818 However, if we're stuck unable to provide this, then we'll fall back to
819 appallingly bad randomness.
820
821 If SUPPORT_TLS is defined then this will not be used except as an emergency
822 fallback.
823
824 Arguments:
825 max range maximum
826 Returns a random number in range [0, max-1]
827 */
828
829 #ifdef SUPPORT_TLS
830 # define vaguely_random_number vaguely_random_number_fallback
831 #endif
832 int
833 vaguely_random_number(int max)
834 {
835 #ifdef SUPPORT_TLS
836 # undef vaguely_random_number
837 #endif
838 static pid_t pid = 0;
839 pid_t p2;
840 #if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
841 struct timeval tv;
842 #endif
843
844 p2 = getpid();
845 if (p2 != pid)
846 {
847 if (pid != 0)
848 {
849
850 #ifdef HAVE_ARC4RANDOM
851 /* cryptographically strong randomness, common on *BSD platforms, not
852 so much elsewhere. Alas. */
853 arc4random_stir();
854 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
855 #ifdef HAVE_SRANDOMDEV
856 /* uses random(4) for seeding */
857 srandomdev();
858 #else
859 gettimeofday(&tv, NULL);
860 srandom(tv.tv_sec | tv.tv_usec | getpid());
861 #endif
862 #else
863 /* Poor randomness and no seeding here */
864 #endif
865
866 }
867 pid = p2;
868 }
869
870 #ifdef HAVE_ARC4RANDOM
871 return arc4random() % max;
872 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
873 return random() % max;
874 #else
875 /* This one returns a 16-bit number, definitely not crypto-strong */
876 return random_number(max);
877 #endif
878 }
879
880
881
882
883 /*************************************************
884 * Pick out a name from a string *
885 *************************************************/
886
887 /* If the name is too long, it is silently truncated.
888
889 Arguments:
890 name points to a buffer into which to put the name
891 max is the length of the buffer
892 s points to the first alphabetic character of the name
893 extras chars other than alphanumerics to permit
894
895 Returns: pointer to the first character after the name
896
897 Note: The test for *s != 0 in the while loop is necessary because
898 Ustrchr() yields non-NULL if the character is zero (which is not something
899 I expected). */
900
901 static uschar *
902 read_name(uschar *name, int max, uschar *s, uschar *extras)
903 {
904 int ptr = 0;
905 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
906 {
907 if (ptr < max-1) name[ptr++] = *s;
908 s++;
909 }
910 name[ptr] = 0;
911 return s;
912 }
913
914
915
916 /*************************************************
917 * Pick out the rest of a header name *
918 *************************************************/
919
920 /* A variable name starting $header_ (or just $h_ for those who like
921 abbreviations) might not be the complete header name because headers can
922 contain any printing characters in their names, except ':'. This function is
923 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
924 on the end, if the name was terminated by white space.
925
926 Arguments:
927 name points to a buffer in which the name read so far exists
928 max is the length of the buffer
929 s points to the first character after the name so far, i.e. the
930 first non-alphameric character after $header_xxxxx
931
932 Returns: a pointer to the first character after the header name
933 */
934
935 static uschar *
936 read_header_name(uschar *name, int max, uschar *s)
937 {
938 int prelen = Ustrchr(name, '_') - name + 1;
939 int ptr = Ustrlen(name) - prelen;
940 if (ptr > 0) memmove(name, name+prelen, ptr);
941 while (mac_isgraph(*s) && *s != ':')
942 {
943 if (ptr < max-1) name[ptr++] = *s;
944 s++;
945 }
946 if (*s == ':') s++;
947 name[ptr++] = ':';
948 name[ptr] = 0;
949 return s;
950 }
951
952
953
954 /*************************************************
955 * Pick out a number from a string *
956 *************************************************/
957
958 /* Arguments:
959 n points to an integer into which to put the number
960 s points to the first digit of the number
961
962 Returns: a pointer to the character after the last digit
963 */
964
965 static uschar *
966 read_number(int *n, uschar *s)
967 {
968 *n = 0;
969 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
970 return s;
971 }
972
973
974
975 /*************************************************
976 * Extract keyed subfield from a string *
977 *************************************************/
978
979 /* The yield is in dynamic store; NULL means that the key was not found.
980
981 Arguments:
982 key points to the name of the key
983 s points to the string from which to extract the subfield
984
985 Returns: NULL if the subfield was not found, or
986 a pointer to the subfield's data
987 */
988
989 static uschar *
990 expand_getkeyed(uschar *key, uschar *s)
991 {
992 int length = Ustrlen(key);
993 while (isspace(*s)) s++;
994
995 /* Loop to search for the key */
996
997 while (*s != 0)
998 {
999 int dkeylength;
1000 uschar *data;
1001 uschar *dkey = s;
1002
1003 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1004 dkeylength = s - dkey;
1005 while (isspace(*s)) s++;
1006 if (*s == '=') while (isspace((*(++s))));
1007
1008 data = string_dequote(&s);
1009 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1010 return data;
1011
1012 while (isspace(*s)) s++;
1013 }
1014
1015 return NULL;
1016 }
1017
1018
1019
1020
1021 /*************************************************
1022 * Extract numbered subfield from string *
1023 *************************************************/
1024
1025 /* Extracts a numbered field from a string that is divided by tokens - for
1026 example a line from /etc/passwd is divided by colon characters. First field is
1027 numbered one. Negative arguments count from the right. Zero returns the whole
1028 string. Returns NULL if there are insufficient tokens in the string
1029
1030 ***WARNING***
1031 Modifies final argument - this is a dynamically generated string, so that's OK.
1032
1033 Arguments:
1034 field number of field to be extracted,
1035 first field = 1, whole string = 0, last field = -1
1036 separators characters that are used to break string into tokens
1037 s points to the string from which to extract the subfield
1038
1039 Returns: NULL if the field was not found,
1040 a pointer to the field's data inside s (modified to add 0)
1041 */
1042
1043 static uschar *
1044 expand_gettokened (int field, uschar *separators, uschar *s)
1045 {
1046 int sep = 1;
1047 int count;
1048 uschar *ss = s;
1049 uschar *fieldtext = NULL;
1050
1051 if (field == 0) return s;
1052
1053 /* Break the line up into fields in place; for field > 0 we stop when we have
1054 done the number of fields we want. For field < 0 we continue till the end of
1055 the string, counting the number of fields. */
1056
1057 count = (field > 0)? field : INT_MAX;
1058
1059 while (count-- > 0)
1060 {
1061 size_t len;
1062
1063 /* Previous field was the last one in the string. For a positive field
1064 number, this means there are not enough fields. For a negative field number,
1065 check that there are enough, and scan back to find the one that is wanted. */
1066
1067 if (sep == 0)
1068 {
1069 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1070 if ((-field) == (INT_MAX - count - 1)) return s;
1071 while (field++ < 0)
1072 {
1073 ss--;
1074 while (ss[-1] != 0) ss--;
1075 }
1076 fieldtext = ss;
1077 break;
1078 }
1079
1080 /* Previous field was not last in the string; save its start and put a
1081 zero at its end. */
1082
1083 fieldtext = ss;
1084 len = Ustrcspn(ss, separators);
1085 sep = ss[len];
1086 ss[len] = 0;
1087 ss += len + 1;
1088 }
1089
1090 return fieldtext;
1091 }
1092
1093
1094
1095 /*************************************************
1096 * Extract a substring from a string *
1097 *************************************************/
1098
1099 /* Perform the ${substr or ${length expansion operations.
1100
1101 Arguments:
1102 subject the input string
1103 value1 the offset from the start of the input string to the start of
1104 the output string; if negative, count from the right.
1105 value2 the length of the output string, or negative (-1) for unset
1106 if value1 is positive, unset means "all after"
1107 if value1 is negative, unset means "all before"
1108 len set to the length of the returned string
1109
1110 Returns: pointer to the output string, or NULL if there is an error
1111 */
1112
1113 static uschar *
1114 extract_substr(uschar *subject, int value1, int value2, int *len)
1115 {
1116 int sublen = Ustrlen(subject);
1117
1118 if (value1 < 0) /* count from right */
1119 {
1120 value1 += sublen;
1121
1122 /* If the position is before the start, skip to the start, and adjust the
1123 length. If the length ends up negative, the substring is null because nothing
1124 can precede. This falls out naturally when the length is unset, meaning "all
1125 to the left". */
1126
1127 if (value1 < 0)
1128 {
1129 value2 += value1;
1130 if (value2 < 0) value2 = 0;
1131 value1 = 0;
1132 }
1133
1134 /* Otherwise an unset length => characters before value1 */
1135
1136 else if (value2 < 0)
1137 {
1138 value2 = value1;
1139 value1 = 0;
1140 }
1141 }
1142
1143 /* For a non-negative offset, if the starting position is past the end of the
1144 string, the result will be the null string. Otherwise, an unset length means
1145 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1146
1147 else
1148 {
1149 if (value1 > sublen)
1150 {
1151 value1 = sublen;
1152 value2 = 0;
1153 }
1154 else if (value2 < 0) value2 = sublen;
1155 }
1156
1157 /* Cut the length down to the maximum possible for the offset value, and get
1158 the required characters. */
1159
1160 if (value1 + value2 > sublen) value2 = sublen - value1;
1161 *len = value2;
1162 return subject + value1;
1163 }
1164
1165
1166
1167
1168 /*************************************************
1169 * Old-style hash of a string *
1170 *************************************************/
1171
1172 /* Perform the ${hash expansion operation.
1173
1174 Arguments:
1175 subject the input string (an expanded substring)
1176 value1 the length of the output string; if greater or equal to the
1177 length of the input string, the input string is returned
1178 value2 the number of hash characters to use, or 26 if negative
1179 len set to the length of the returned string
1180
1181 Returns: pointer to the output string, or NULL if there is an error
1182 */
1183
1184 static uschar *
1185 compute_hash(uschar *subject, int value1, int value2, int *len)
1186 {
1187 int sublen = Ustrlen(subject);
1188
1189 if (value2 < 0) value2 = 26;
1190 else if (value2 > Ustrlen(hashcodes))
1191 {
1192 expand_string_message =
1193 string_sprintf("hash count \"%d\" too big", value2);
1194 return NULL;
1195 }
1196
1197 /* Calculate the hash text. We know it is shorter than the original string, so
1198 can safely place it in subject[] (we know that subject is always itself an
1199 expanded substring). */
1200
1201 if (value1 < sublen)
1202 {
1203 int c;
1204 int i = 0;
1205 int j = value1;
1206 while ((c = (subject[j])) != 0)
1207 {
1208 int shift = (c + j++) & 7;
1209 subject[i] ^= (c << shift) | (c >> (8-shift));
1210 if (++i >= value1) i = 0;
1211 }
1212 for (i = 0; i < value1; i++)
1213 subject[i] = hashcodes[(subject[i]) % value2];
1214 }
1215 else value1 = sublen;
1216
1217 *len = value1;
1218 return subject;
1219 }
1220
1221
1222
1223
1224 /*************************************************
1225 * Numeric hash of a string *
1226 *************************************************/
1227
1228 /* Perform the ${nhash expansion operation. The first characters of the
1229 string are treated as most important, and get the highest prime numbers.
1230
1231 Arguments:
1232 subject the input string
1233 value1 the maximum value of the first part of the result
1234 value2 the maximum value of the second part of the result,
1235 or negative to produce only a one-part result
1236 len set to the length of the returned string
1237
1238 Returns: pointer to the output string, or NULL if there is an error.
1239 */
1240
1241 static uschar *
1242 compute_nhash (uschar *subject, int value1, int value2, int *len)
1243 {
1244 uschar *s = subject;
1245 int i = 0;
1246 unsigned long int total = 0; /* no overflow */
1247
1248 while (*s != 0)
1249 {
1250 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1251 total += prime[i--] * (unsigned int)(*s++);
1252 }
1253
1254 /* If value2 is unset, just compute one number */
1255
1256 if (value2 < 0)
1257 {
1258 s = string_sprintf("%d", total % value1);
1259 }
1260
1261 /* Otherwise do a div/mod hash */
1262
1263 else
1264 {
1265 total = total % (value1 * value2);
1266 s = string_sprintf("%d/%d", total/value2, total % value2);
1267 }
1268
1269 *len = Ustrlen(s);
1270 return s;
1271 }
1272
1273
1274
1275
1276
1277 /*************************************************
1278 * Find the value of a header or headers *
1279 *************************************************/
1280
1281 /* Multiple instances of the same header get concatenated, and this function
1282 can also return a concatenation of all the header lines. When concatenating
1283 specific headers that contain lists of addresses, a comma is inserted between
1284 them. Otherwise we use a straight concatenation. Because some messages can have
1285 pathologically large number of lines, there is a limit on the length that is
1286 returned. Also, to avoid massive store use which would result from using
1287 string_cat() as it copies and extends strings, we do a preliminary pass to find
1288 out exactly how much store will be needed. On "normal" messages this will be
1289 pretty trivial.
1290
1291 Arguments:
1292 name the name of the header, without the leading $header_ or $h_,
1293 or NULL if a concatenation of all headers is required
1294 exists_only TRUE if called from a def: test; don't need to build a string;
1295 just return a string that is not "" and not "0" if the header
1296 exists
1297 newsize return the size of memory block that was obtained; may be NULL
1298 if exists_only is TRUE
1299 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1300 other than concatenating, will be done on the header. Also used
1301 for $message_headers_raw.
1302 charset name of charset to translate MIME words to; used only if
1303 want_raw is false; if NULL, no translation is done (this is
1304 used for $bh_ and $bheader_)
1305
1306 Returns: NULL if the header does not exist, else a pointer to a new
1307 store block
1308 */
1309
1310 static uschar *
1311 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1312 uschar *charset)
1313 {
1314 BOOL found = name == NULL;
1315 int comma = 0;
1316 int len = found? 0 : Ustrlen(name);
1317 int i;
1318 uschar *yield = NULL;
1319 uschar *ptr = NULL;
1320
1321 /* Loop for two passes - saves code repetition */
1322
1323 for (i = 0; i < 2; i++)
1324 {
1325 int size = 0;
1326 header_line *h;
1327
1328 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1329 {
1330 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1331 {
1332 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1333 {
1334 int ilen;
1335 uschar *t;
1336
1337 if (exists_only) return US"1"; /* don't need actual string */
1338 found = TRUE;
1339 t = h->text + len; /* text to insert */
1340 if (!want_raw) /* unless wanted raw, */
1341 while (isspace(*t)) t++; /* remove leading white space */
1342 ilen = h->slen - (t - h->text); /* length to insert */
1343
1344 /* Unless wanted raw, remove trailing whitespace, including the
1345 newline. */
1346
1347 if (!want_raw)
1348 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1349
1350 /* Set comma = 1 if handling a single header and it's one of those
1351 that contains an address list, except when asked for raw headers. Only
1352 need to do this once. */
1353
1354 if (!want_raw && name != NULL && comma == 0 &&
1355 Ustrchr("BCFRST", h->type) != NULL)
1356 comma = 1;
1357
1358 /* First pass - compute total store needed; second pass - compute
1359 total store used, including this header. */
1360
1361 size += ilen + comma + 1; /* +1 for the newline */
1362
1363 /* Second pass - concatentate the data, up to a maximum. Note that
1364 the loop stops when size hits the limit. */
1365
1366 if (i != 0)
1367 {
1368 if (size > header_insert_maxlen)
1369 {
1370 ilen -= size - header_insert_maxlen - 1;
1371 comma = 0;
1372 }
1373 Ustrncpy(ptr, t, ilen);
1374 ptr += ilen;
1375
1376 /* For a non-raw header, put in the comma if needed, then add
1377 back the newline we removed above, provided there was some text in
1378 the header. */
1379
1380 if (!want_raw && ilen > 0)
1381 {
1382 if (comma != 0) *ptr++ = ',';
1383 *ptr++ = '\n';
1384 }
1385 }
1386 }
1387 }
1388 }
1389
1390 /* At end of first pass, return NULL if no header found. Then truncate size
1391 if necessary, and get the buffer to hold the data, returning the buffer size.
1392 */
1393
1394 if (i == 0)
1395 {
1396 if (!found) return NULL;
1397 if (size > header_insert_maxlen) size = header_insert_maxlen;
1398 *newsize = size + 1;
1399 ptr = yield = store_get(*newsize);
1400 }
1401 }
1402
1403 /* That's all we do for raw header expansion. */
1404
1405 if (want_raw)
1406 {
1407 *ptr = 0;
1408 }
1409
1410 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1411 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1412 function can return an error with decoded data if the charset translation
1413 fails. If decoding fails, it returns NULL. */
1414
1415 else
1416 {
1417 uschar *decoded, *error;
1418 if (ptr > yield && ptr[-1] == '\n') ptr--;
1419 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1420 *ptr = 0;
1421 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1422 newsize, &error);
1423 if (error != NULL)
1424 {
1425 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1426 " input was: %s\n", error, yield);
1427 }
1428 if (decoded != NULL) yield = decoded;
1429 }
1430
1431 return yield;
1432 }
1433
1434
1435
1436
1437 /*************************************************
1438 * Find value of a variable *
1439 *************************************************/
1440
1441 /* The table of variables is kept in alphabetic order, so we can search it
1442 using a binary chop. The "choplen" variable is nothing to do with the binary
1443 chop.
1444
1445 Arguments:
1446 name the name of the variable being sought
1447 exists_only TRUE if this is a def: test; passed on to find_header()
1448 skipping TRUE => skip any processing evaluation; this is not the same as
1449 exists_only because def: may test for values that are first
1450 evaluated here
1451 newsize pointer to an int which is initially zero; if the answer is in
1452 a new memory buffer, *newsize is set to its size
1453
1454 Returns: NULL if the variable does not exist, or
1455 a pointer to the variable's contents, or
1456 something non-NULL if exists_only is TRUE
1457 */
1458
1459 static uschar *
1460 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1461 {
1462 int first = 0;
1463 int last = var_table_size;
1464
1465 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1466 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1467 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1468 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1469 (this gave backwards compatibility at the changeover). There may be built-in
1470 variables whose names start acl_ but they should never start in this way. This
1471 slightly messy specification is a consequence of the history, needless to say.
1472
1473 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1474 set, in which case give an error. */
1475
1476 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1477 !isalpha(name[5]))
1478 {
1479 tree_node *node =
1480 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1481 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1482 }
1483
1484 /* Handle $auth<n> variables. */
1485
1486 if (Ustrncmp(name, "auth", 4) == 0)
1487 {
1488 uschar *endptr;
1489 int n = Ustrtoul(name + 4, &endptr, 10);
1490 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1491 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1492 }
1493
1494 /* For all other variables, search the table */
1495
1496 while (last > first)
1497 {
1498 uschar *s, *domain;
1499 uschar **ss;
1500 int middle = (first + last)/2;
1501 int c = Ustrcmp(name, var_table[middle].name);
1502
1503 if (c > 0) { first = middle + 1; continue; }
1504 if (c < 0) { last = middle; continue; }
1505
1506 /* Found an existing variable. If in skipping state, the value isn't needed,
1507 and we want to avoid processing (such as looking up the host name). */
1508
1509 if (skipping) return US"";
1510
1511 switch (var_table[middle].type)
1512 {
1513 case vtype_filter_int:
1514 if (!filter_running) return NULL;
1515 /* Fall through */
1516 /* VVVVVVVVVVVV */
1517 case vtype_int:
1518 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1519 return var_buffer;
1520
1521 case vtype_ino:
1522 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1523 return var_buffer;
1524
1525 case vtype_gid:
1526 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1527 return var_buffer;
1528
1529 case vtype_uid:
1530 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1531 return var_buffer;
1532
1533 case vtype_bool:
1534 sprintf(CS var_buffer, "%s", *(BOOL *)(var_table[middle].value) ? "yes" : "no"); /* bool */
1535 return var_buffer;
1536
1537 case vtype_stringptr: /* Pointer to string */
1538 s = *((uschar **)(var_table[middle].value));
1539 return (s == NULL)? US"" : s;
1540
1541 case vtype_pid:
1542 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1543 return var_buffer;
1544
1545 case vtype_load_avg:
1546 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1547 return var_buffer;
1548
1549 case vtype_host_lookup: /* Lookup if not done so */
1550 if (sender_host_name == NULL && sender_host_address != NULL &&
1551 !host_lookup_failed && host_name_lookup() == OK)
1552 host_build_sender_fullhost();
1553 return (sender_host_name == NULL)? US"" : sender_host_name;
1554
1555 case vtype_localpart: /* Get local part from address */
1556 s = *((uschar **)(var_table[middle].value));
1557 if (s == NULL) return US"";
1558 domain = Ustrrchr(s, '@');
1559 if (domain == NULL) return s;
1560 if (domain - s > sizeof(var_buffer) - 1)
1561 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1562 " in string expansion", sizeof(var_buffer));
1563 Ustrncpy(var_buffer, s, domain - s);
1564 var_buffer[domain - s] = 0;
1565 return var_buffer;
1566
1567 case vtype_domain: /* Get domain from address */
1568 s = *((uschar **)(var_table[middle].value));
1569 if (s == NULL) return US"";
1570 domain = Ustrrchr(s, '@');
1571 return (domain == NULL)? US"" : domain + 1;
1572
1573 case vtype_msgheaders:
1574 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1575
1576 case vtype_msgheaders_raw:
1577 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1578
1579 case vtype_msgbody: /* Pointer to msgbody string */
1580 case vtype_msgbody_end: /* Ditto, the end of the msg */
1581 ss = (uschar **)(var_table[middle].value);
1582 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1583 {
1584 uschar *body;
1585 off_t start_offset = SPOOL_DATA_START_OFFSET;
1586 int len = message_body_visible;
1587 if (len > message_size) len = message_size;
1588 *ss = body = store_malloc(len+1);
1589 body[0] = 0;
1590 if (var_table[middle].type == vtype_msgbody_end)
1591 {
1592 struct stat statbuf;
1593 if (fstat(deliver_datafile, &statbuf) == 0)
1594 {
1595 start_offset = statbuf.st_size - len;
1596 if (start_offset < SPOOL_DATA_START_OFFSET)
1597 start_offset = SPOOL_DATA_START_OFFSET;
1598 }
1599 }
1600 lseek(deliver_datafile, start_offset, SEEK_SET);
1601 len = read(deliver_datafile, body, len);
1602 if (len > 0)
1603 {
1604 body[len] = 0;
1605 if (message_body_newlines) /* Separate loops for efficiency */
1606 {
1607 while (len > 0)
1608 { if (body[--len] == 0) body[len] = ' '; }
1609 }
1610 else
1611 {
1612 while (len > 0)
1613 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1614 }
1615 }
1616 }
1617 return (*ss == NULL)? US"" : *ss;
1618
1619 case vtype_todbsdin: /* BSD inbox time of day */
1620 return tod_stamp(tod_bsdin);
1621
1622 case vtype_tode: /* Unix epoch time of day */
1623 return tod_stamp(tod_epoch);
1624
1625 case vtype_todel: /* Unix epoch/usec time of day */
1626 return tod_stamp(tod_epoch_l);
1627
1628 case vtype_todf: /* Full time of day */
1629 return tod_stamp(tod_full);
1630
1631 case vtype_todl: /* Log format time of day */
1632 return tod_stamp(tod_log_bare); /* (without timezone) */
1633
1634 case vtype_todzone: /* Time zone offset only */
1635 return tod_stamp(tod_zone);
1636
1637 case vtype_todzulu: /* Zulu time */
1638 return tod_stamp(tod_zulu);
1639
1640 case vtype_todlf: /* Log file datestamp tod */
1641 return tod_stamp(tod_log_datestamp_daily);
1642
1643 case vtype_reply: /* Get reply address */
1644 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1645 headers_charset);
1646 if (s != NULL) while (isspace(*s)) s++;
1647 if (s == NULL || *s == 0)
1648 {
1649 *newsize = 0; /* For the *s==0 case */
1650 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1651 }
1652 if (s != NULL)
1653 {
1654 uschar *t;
1655 while (isspace(*s)) s++;
1656 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1657 while (t > s && isspace(t[-1])) t--;
1658 *t = 0;
1659 }
1660 return (s == NULL)? US"" : s;
1661
1662 /* A recipients list is available only during system message filtering,
1663 during ACL processing after DATA, and while expanding pipe commands
1664 generated from a system filter, but not elsewhere. */
1665
1666 case vtype_recipients:
1667 if (!enable_dollar_recipients) return NULL; else
1668 {
1669 int size = 128;
1670 int ptr = 0;
1671 int i;
1672 s = store_get(size);
1673 for (i = 0; i < recipients_count; i++)
1674 {
1675 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1676 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1677 Ustrlen(recipients_list[i].address));
1678 }
1679 s[ptr] = 0; /* string_cat() leaves room */
1680 }
1681 return s;
1682
1683 case vtype_pspace:
1684 {
1685 int inodes;
1686 sprintf(CS var_buffer, "%d",
1687 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1688 }
1689 return var_buffer;
1690
1691 case vtype_pinodes:
1692 {
1693 int inodes;
1694 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1695 sprintf(CS var_buffer, "%d", inodes);
1696 }
1697 return var_buffer;
1698
1699 #ifndef DISABLE_DKIM
1700 case vtype_dkim:
1701 return dkim_exim_expand_query((int)(long)var_table[middle].value);
1702 #endif
1703
1704 }
1705 }
1706
1707 return NULL; /* Unknown variable name */
1708 }
1709
1710
1711
1712
1713 void
1714 modify_variable(uschar *name, void * value)
1715 {
1716 int first = 0;
1717 int last = var_table_size;
1718
1719 while (last > first)
1720 {
1721 int middle = (first + last)/2;
1722 int c = Ustrcmp(name, var_table[middle].name);
1723
1724 if (c > 0) { first = middle + 1; continue; }
1725 if (c < 0) { last = middle; continue; }
1726
1727 /* Found an existing variable; change the item it refers to */
1728 var_table[middle].value = value;
1729 return;
1730 }
1731 return; /* Unknown variable name, fail silently */
1732 }
1733
1734
1735
1736
1737
1738 /*************************************************
1739 * Read and expand substrings *
1740 *************************************************/
1741
1742 /* This function is called to read and expand argument substrings for various
1743 expansion items. Some have a minimum requirement that is less than the maximum;
1744 in these cases, the first non-present one is set to NULL.
1745
1746 Arguments:
1747 sub points to vector of pointers to set
1748 n maximum number of substrings
1749 m minimum required
1750 sptr points to current string pointer
1751 skipping the skipping flag
1752 check_end if TRUE, check for final '}'
1753 name name of item, for error message
1754
1755 Returns: 0 OK; string pointer updated
1756 1 curly bracketing error (too few arguments)
1757 2 too many arguments (only if check_end is set); message set
1758 3 other error (expansion failure)
1759 */
1760
1761 static int
1762 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1763 BOOL check_end, uschar *name)
1764 {
1765 int i;
1766 uschar *s = *sptr;
1767
1768 while (isspace(*s)) s++;
1769 for (i = 0; i < n; i++)
1770 {
1771 if (*s != '{')
1772 {
1773 if (i < m) return 1;
1774 sub[i] = NULL;
1775 break;
1776 }
1777 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
1778 if (sub[i] == NULL) return 3;
1779 if (*s++ != '}') return 1;
1780 while (isspace(*s)) s++;
1781 }
1782 if (check_end && *s++ != '}')
1783 {
1784 if (s[-1] == '{')
1785 {
1786 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1787 "(max is %d)", name, n);
1788 return 2;
1789 }
1790 return 1;
1791 }
1792
1793 *sptr = s;
1794 return 0;
1795 }
1796
1797
1798
1799
1800 /*************************************************
1801 * Elaborate message for bad variable *
1802 *************************************************/
1803
1804 /* For the "unknown variable" message, take a look at the variable's name, and
1805 give additional information about possible ACL variables. The extra information
1806 is added on to expand_string_message.
1807
1808 Argument: the name of the variable
1809 Returns: nothing
1810 */
1811
1812 static void
1813 check_variable_error_message(uschar *name)
1814 {
1815 if (Ustrncmp(name, "acl_", 4) == 0)
1816 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1817 (name[4] == 'c' || name[4] == 'm')?
1818 (isalpha(name[5])?
1819 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1820 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1821 ) :
1822 US"user-defined ACL variables must start acl_c or acl_m");
1823 }
1824
1825
1826
1827 /*************************************************
1828 * Read and evaluate a condition *
1829 *************************************************/
1830
1831 /*
1832 Arguments:
1833 s points to the start of the condition text
1834 yield points to a BOOL to hold the result of the condition test;
1835 if NULL, we are just reading through a condition that is
1836 part of an "or" combination to check syntax, or in a state
1837 where the answer isn't required
1838
1839 Returns: a pointer to the first character after the condition, or
1840 NULL after an error
1841 */
1842
1843 static uschar *
1844 eval_condition(uschar *s, BOOL *yield)
1845 {
1846 BOOL testfor = TRUE;
1847 BOOL tempcond, combined_cond;
1848 BOOL *subcondptr;
1849 BOOL sub2_honour_dollar = TRUE;
1850 int i, rc, cond_type, roffset;
1851 int_eximarith_t num[2];
1852 struct stat statbuf;
1853 uschar name[256];
1854 uschar *sub[4];
1855
1856 const pcre *re;
1857 const uschar *rerror;
1858
1859 for (;;)
1860 {
1861 while (isspace(*s)) s++;
1862 if (*s == '!') { testfor = !testfor; s++; } else break;
1863 }
1864
1865 /* Numeric comparisons are symbolic */
1866
1867 if (*s == '=' || *s == '>' || *s == '<')
1868 {
1869 int p = 0;
1870 name[p++] = *s++;
1871 if (*s == '=')
1872 {
1873 name[p++] = '=';
1874 s++;
1875 }
1876 name[p] = 0;
1877 }
1878
1879 /* All other conditions are named */
1880
1881 else s = read_name(name, 256, s, US"_");
1882
1883 /* If we haven't read a name, it means some non-alpha character is first. */
1884
1885 if (name[0] == 0)
1886 {
1887 expand_string_message = string_sprintf("condition name expected, "
1888 "but found \"%.16s\"", s);
1889 return NULL;
1890 }
1891
1892 /* Find which condition we are dealing with, and switch on it */
1893
1894 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1895 switch(cond_type)
1896 {
1897 /* def: tests for a non-empty variable, or for the existence of a header. If
1898 yield == NULL we are in a skipping state, and don't care about the answer. */
1899
1900 case ECOND_DEF:
1901 if (*s != ':')
1902 {
1903 expand_string_message = US"\":\" expected after \"def\"";
1904 return NULL;
1905 }
1906
1907 s = read_name(name, 256, s+1, US"_");
1908
1909 /* Test for a header's existence. If the name contains a closing brace
1910 character, this may be a user error where the terminating colon has been
1911 omitted. Set a flag to adjust a subsequent error message in this case. */
1912
1913 if (Ustrncmp(name, "h_", 2) == 0 ||
1914 Ustrncmp(name, "rh_", 3) == 0 ||
1915 Ustrncmp(name, "bh_", 3) == 0 ||
1916 Ustrncmp(name, "header_", 7) == 0 ||
1917 Ustrncmp(name, "rheader_", 8) == 0 ||
1918 Ustrncmp(name, "bheader_", 8) == 0)
1919 {
1920 s = read_header_name(name, 256, s);
1921 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
1922 if (yield != NULL) *yield =
1923 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1924 }
1925
1926 /* Test for a variable's having a non-empty value. A non-existent variable
1927 causes an expansion failure. */
1928
1929 else
1930 {
1931 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1932 if (value == NULL)
1933 {
1934 expand_string_message = (name[0] == 0)?
1935 string_sprintf("variable name omitted after \"def:\"") :
1936 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1937 check_variable_error_message(name);
1938 return NULL;
1939 }
1940 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1941 }
1942
1943 return s;
1944
1945
1946 /* first_delivery tests for first delivery attempt */
1947
1948 case ECOND_FIRST_DELIVERY:
1949 if (yield != NULL) *yield = deliver_firsttime == testfor;
1950 return s;
1951
1952
1953 /* queue_running tests for any process started by a queue runner */
1954
1955 case ECOND_QUEUE_RUNNING:
1956 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1957 return s;
1958
1959
1960 /* exists: tests for file existence
1961 isip: tests for any IP address
1962 isip4: tests for an IPv4 address
1963 isip6: tests for an IPv6 address
1964 pam: does PAM authentication
1965 radius: does RADIUS authentication
1966 ldapauth: does LDAP authentication
1967 pwcheck: does Cyrus SASL pwcheck authentication
1968 */
1969
1970 case ECOND_EXISTS:
1971 case ECOND_ISIP:
1972 case ECOND_ISIP4:
1973 case ECOND_ISIP6:
1974 case ECOND_PAM:
1975 case ECOND_RADIUS:
1976 case ECOND_LDAPAUTH:
1977 case ECOND_PWCHECK:
1978
1979 while (isspace(*s)) s++;
1980 if (*s != '{') goto COND_FAILED_CURLY_START;
1981
1982 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE);
1983 if (sub[0] == NULL) return NULL;
1984 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1985
1986 if (yield == NULL) return s; /* No need to run the test if skipping */
1987
1988 switch(cond_type)
1989 {
1990 case ECOND_EXISTS:
1991 if ((expand_forbid & RDO_EXISTS) != 0)
1992 {
1993 expand_string_message = US"File existence tests are not permitted";
1994 return NULL;
1995 }
1996 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1997 break;
1998
1999 case ECOND_ISIP:
2000 case ECOND_ISIP4:
2001 case ECOND_ISIP6:
2002 rc = string_is_ip_address(sub[0], NULL);
2003 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2004 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2005 break;
2006
2007 /* Various authentication tests - all optionally compiled */
2008
2009 case ECOND_PAM:
2010 #ifdef SUPPORT_PAM
2011 rc = auth_call_pam(sub[0], &expand_string_message);
2012 goto END_AUTH;
2013 #else
2014 goto COND_FAILED_NOT_COMPILED;
2015 #endif /* SUPPORT_PAM */
2016
2017 case ECOND_RADIUS:
2018 #ifdef RADIUS_CONFIG_FILE
2019 rc = auth_call_radius(sub[0], &expand_string_message);
2020 goto END_AUTH;
2021 #else
2022 goto COND_FAILED_NOT_COMPILED;
2023 #endif /* RADIUS_CONFIG_FILE */
2024
2025 case ECOND_LDAPAUTH:
2026 #ifdef LOOKUP_LDAP
2027 {
2028 /* Just to keep the interface the same */
2029 BOOL do_cache;
2030 int old_pool = store_pool;
2031 store_pool = POOL_SEARCH;
2032 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2033 &expand_string_message, &do_cache);
2034 store_pool = old_pool;
2035 }
2036 goto END_AUTH;
2037 #else
2038 goto COND_FAILED_NOT_COMPILED;
2039 #endif /* LOOKUP_LDAP */
2040
2041 case ECOND_PWCHECK:
2042 #ifdef CYRUS_PWCHECK_SOCKET
2043 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2044 goto END_AUTH;
2045 #else
2046 goto COND_FAILED_NOT_COMPILED;
2047 #endif /* CYRUS_PWCHECK_SOCKET */
2048
2049 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2050 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2051 END_AUTH:
2052 if (rc == ERROR || rc == DEFER) return NULL;
2053 *yield = (rc == OK) == testfor;
2054 #endif
2055 }
2056 return s;
2057
2058
2059 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2060
2061 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
2062
2063 However, the last two are optional. That is why the whole set is enclosed
2064 in their own set or braces. */
2065
2066 case ECOND_SASLAUTHD:
2067 #ifndef CYRUS_SASLAUTHD_SOCKET
2068 goto COND_FAILED_NOT_COMPILED;
2069 #else
2070 while (isspace(*s)) s++;
2071 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2072 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
2073 {
2074 case 1: expand_string_message = US"too few arguments or bracketing "
2075 "error for saslauthd";
2076 case 2:
2077 case 3: return NULL;
2078 }
2079 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2080 if (yield != NULL)
2081 {
2082 int rc;
2083 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2084 &expand_string_message);
2085 if (rc == ERROR || rc == DEFER) return NULL;
2086 *yield = (rc == OK) == testfor;
2087 }
2088 return s;
2089 #endif /* CYRUS_SASLAUTHD_SOCKET */
2090
2091
2092 /* symbolic operators for numeric and string comparison, and a number of
2093 other operators, all requiring two arguments.
2094
2095 crypteq: encrypts plaintext and compares against an encrypted text,
2096 using crypt(), crypt16(), MD5 or SHA-1
2097 inlist/inlisti: checks if first argument is in the list of the second
2098 match: does a regular expression match and sets up the numerical
2099 variables if it succeeds
2100 match_address: matches in an address list
2101 match_domain: matches in a domain list
2102 match_ip: matches a host list that is restricted to IP addresses
2103 match_local_part: matches in a local part list
2104 */
2105
2106 case ECOND_MATCH_ADDRESS:
2107 case ECOND_MATCH_DOMAIN:
2108 case ECOND_MATCH_IP:
2109 case ECOND_MATCH_LOCAL_PART:
2110 #ifndef EXPAND_LISTMATCH_RHS
2111 sub2_honour_dollar = FALSE;
2112 #endif
2113 /* FALLTHROUGH */
2114
2115 case ECOND_CRYPTEQ:
2116 case ECOND_INLIST:
2117 case ECOND_INLISTI:
2118 case ECOND_MATCH:
2119
2120 case ECOND_NUM_L: /* Numerical comparisons */
2121 case ECOND_NUM_LE:
2122 case ECOND_NUM_E:
2123 case ECOND_NUM_EE:
2124 case ECOND_NUM_G:
2125 case ECOND_NUM_GE:
2126
2127 case ECOND_STR_LT: /* String comparisons */
2128 case ECOND_STR_LTI:
2129 case ECOND_STR_LE:
2130 case ECOND_STR_LEI:
2131 case ECOND_STR_EQ:
2132 case ECOND_STR_EQI:
2133 case ECOND_STR_GT:
2134 case ECOND_STR_GTI:
2135 case ECOND_STR_GE:
2136 case ECOND_STR_GEI:
2137
2138 for (i = 0; i < 2; i++)
2139 {
2140 /* Sometimes, we don't expand substrings; too many insecure configurations
2141 created using match_address{}{} and friends, where the second param
2142 includes information from untrustworthy sources. */
2143 BOOL honour_dollar = TRUE;
2144 if ((i > 0) && !sub2_honour_dollar)
2145 honour_dollar = FALSE;
2146
2147 while (isspace(*s)) s++;
2148 if (*s != '{')
2149 {
2150 if (i == 0) goto COND_FAILED_CURLY_START;
2151 expand_string_message = string_sprintf("missing 2nd string in {} "
2152 "after \"%s\"", name);
2153 return NULL;
2154 }
2155 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2156 honour_dollar);
2157 if (sub[i] == NULL) return NULL;
2158 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2159
2160 /* Convert to numerical if required; we know that the names of all the
2161 conditions that compare numbers do not start with a letter. This just saves
2162 checking for them individually. */
2163
2164 if (!isalpha(name[0]) && yield != NULL)
2165 {
2166 if (sub[i][0] == 0)
2167 {
2168 num[i] = 0;
2169 DEBUG(D_expand)
2170 debug_printf("empty string cast to zero for numerical comparison\n");
2171 }
2172 else
2173 {
2174 num[i] = expand_string_integer(sub[i], FALSE);
2175 if (expand_string_message != NULL) return NULL;
2176 }
2177 }
2178 }
2179
2180 /* Result not required */
2181
2182 if (yield == NULL) return s;
2183
2184 /* Do an appropriate comparison */
2185
2186 switch(cond_type)
2187 {
2188 case ECOND_NUM_E:
2189 case ECOND_NUM_EE:
2190 *yield = (num[0] == num[1]) == testfor;
2191 break;
2192
2193 case ECOND_NUM_G:
2194 *yield = (num[0] > num[1]) == testfor;
2195 break;
2196
2197 case ECOND_NUM_GE:
2198 *yield = (num[0] >= num[1]) == testfor;
2199 break;
2200
2201 case ECOND_NUM_L:
2202 *yield = (num[0] < num[1]) == testfor;
2203 break;
2204
2205 case ECOND_NUM_LE:
2206 *yield = (num[0] <= num[1]) == testfor;
2207 break;
2208
2209 case ECOND_STR_LT:
2210 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
2211 break;
2212
2213 case ECOND_STR_LTI:
2214 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
2215 break;
2216
2217 case ECOND_STR_LE:
2218 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
2219 break;
2220
2221 case ECOND_STR_LEI:
2222 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
2223 break;
2224
2225 case ECOND_STR_EQ:
2226 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
2227 break;
2228
2229 case ECOND_STR_EQI:
2230 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
2231 break;
2232
2233 case ECOND_STR_GT:
2234 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
2235 break;
2236
2237 case ECOND_STR_GTI:
2238 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
2239 break;
2240
2241 case ECOND_STR_GE:
2242 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2243 break;
2244
2245 case ECOND_STR_GEI:
2246 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2247 break;
2248
2249 case ECOND_MATCH: /* Regular expression match */
2250 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2251 NULL);
2252 if (re == NULL)
2253 {
2254 expand_string_message = string_sprintf("regular expression error in "
2255 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2256 return NULL;
2257 }
2258 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2259 break;
2260
2261 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2262 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2263 goto MATCHED_SOMETHING;
2264
2265 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2266 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2267 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2268 goto MATCHED_SOMETHING;
2269
2270 case ECOND_MATCH_IP: /* Match IP address in a host list */
2271 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2272 {
2273 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2274 sub[0]);
2275 return NULL;
2276 }
2277 else
2278 {
2279 unsigned int *nullcache = NULL;
2280 check_host_block cb;
2281
2282 cb.host_name = US"";
2283 cb.host_address = sub[0];
2284
2285 /* If the host address starts off ::ffff: it is an IPv6 address in
2286 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2287 addresses. */
2288
2289 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2290 cb.host_address + 7 : cb.host_address;
2291
2292 rc = match_check_list(
2293 &sub[1], /* the list */
2294 0, /* separator character */
2295 &hostlist_anchor, /* anchor pointer */
2296 &nullcache, /* cache pointer */
2297 check_host, /* function for testing */
2298 &cb, /* argument for function */
2299 MCL_HOST, /* type of check */
2300 sub[0], /* text for debugging */
2301 NULL); /* where to pass back data */
2302 }
2303 goto MATCHED_SOMETHING;
2304
2305 case ECOND_MATCH_LOCAL_PART:
2306 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2307 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2308 /* Fall through */
2309 /* VVVVVVVVVVVV */
2310 MATCHED_SOMETHING:
2311 switch(rc)
2312 {
2313 case OK:
2314 *yield = testfor;
2315 break;
2316
2317 case FAIL:
2318 *yield = !testfor;
2319 break;
2320
2321 case DEFER:
2322 expand_string_message = string_sprintf("unable to complete match "
2323 "against \"%s\": %s", sub[1], search_error_message);
2324 return NULL;
2325 }
2326
2327 break;
2328
2329 /* Various "encrypted" comparisons. If the second string starts with
2330 "{" then an encryption type is given. Default to crypt() or crypt16()
2331 (build-time choice). */
2332
2333 case ECOND_CRYPTEQ:
2334 #ifndef SUPPORT_CRYPTEQ
2335 goto COND_FAILED_NOT_COMPILED;
2336 #else
2337 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2338 {
2339 int sublen = Ustrlen(sub[1]+5);
2340 md5 base;
2341 uschar digest[16];
2342
2343 md5_start(&base);
2344 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2345
2346 /* If the length that we are comparing against is 24, the MD5 digest
2347 is expressed as a base64 string. This is the way LDAP does it. However,
2348 some other software uses a straightforward hex representation. We assume
2349 this if the length is 32. Other lengths fail. */
2350
2351 if (sublen == 24)
2352 {
2353 uschar *coded = auth_b64encode((uschar *)digest, 16);
2354 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2355 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2356 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2357 }
2358 else if (sublen == 32)
2359 {
2360 int i;
2361 uschar coded[36];
2362 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2363 coded[32] = 0;
2364 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2365 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2366 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2367 }
2368 else
2369 {
2370 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2371 "fail\n crypted=%s\n", sub[1]+5);
2372 *yield = !testfor;
2373 }
2374 }
2375
2376 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2377 {
2378 int sublen = Ustrlen(sub[1]+6);
2379 sha1 base;
2380 uschar digest[20];
2381
2382 sha1_start(&base);
2383 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2384
2385 /* If the length that we are comparing against is 28, assume the SHA1
2386 digest is expressed as a base64 string. If the length is 40, assume a
2387 straightforward hex representation. Other lengths fail. */
2388
2389 if (sublen == 28)
2390 {
2391 uschar *coded = auth_b64encode((uschar *)digest, 20);
2392 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2393 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2394 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2395 }
2396 else if (sublen == 40)
2397 {
2398 int i;
2399 uschar coded[44];
2400 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2401 coded[40] = 0;
2402 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2403 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2404 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2405 }
2406 else
2407 {
2408 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2409 "fail\n crypted=%s\n", sub[1]+6);
2410 *yield = !testfor;
2411 }
2412 }
2413
2414 else /* {crypt} or {crypt16} and non-{ at start */
2415 /* }-for-text-editors */
2416 {
2417 int which = 0;
2418 uschar *coded;
2419
2420 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2421 {
2422 sub[1] += 7;
2423 which = 1;
2424 }
2425 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2426 {
2427 sub[1] += 9;
2428 which = 2;
2429 }
2430 else if (sub[1][0] == '{')
2431 {
2432 expand_string_message = string_sprintf("unknown encryption mechanism "
2433 "in \"%s\"", sub[1]);
2434 return NULL;
2435 }
2436
2437 switch(which)
2438 {
2439 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2440 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2441 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2442 }
2443
2444 #define STR(s) # s
2445 #define XSTR(s) STR(s)
2446 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2447 " subject=%s\n crypted=%s\n",
2448 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2449 coded, sub[1]);
2450 #undef STR
2451 #undef XSTR
2452
2453 /* If the encrypted string contains fewer than two characters (for the
2454 salt), force failure. Otherwise we get false positives: with an empty
2455 string the yield of crypt() is an empty string! */
2456
2457 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2458 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2459 }
2460 break;
2461 #endif /* SUPPORT_CRYPTEQ */
2462
2463 case ECOND_INLIST:
2464 case ECOND_INLISTI:
2465 {
2466 int sep = 0;
2467 BOOL found = FALSE;
2468 uschar *save_iterate_item = iterate_item;
2469 int (*compare)(const uschar *, const uschar *);
2470
2471 if (cond_type == ECOND_INLISTI)
2472 compare = strcmpic;
2473 else
2474 compare = (int (*)(const uschar *, const uschar *)) strcmp;
2475
2476 while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
2477 if (compare(sub[0], iterate_item) == 0)
2478 {
2479 found = TRUE;
2480 break;
2481 }
2482 iterate_item = save_iterate_item;
2483 *yield = found;
2484 }
2485
2486 } /* Switch for comparison conditions */
2487
2488 return s; /* End of comparison conditions */
2489
2490
2491 /* and/or: computes logical and/or of several conditions */
2492
2493 case ECOND_AND:
2494 case ECOND_OR:
2495 subcondptr = (yield == NULL)? NULL : &tempcond;
2496 combined_cond = (cond_type == ECOND_AND);
2497
2498 while (isspace(*s)) s++;
2499 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2500
2501 for (;;)
2502 {
2503 while (isspace(*s)) s++;
2504 if (*s == '}') break;
2505 if (*s != '{')
2506 {
2507 expand_string_message = string_sprintf("each subcondition "
2508 "inside an \"%s{...}\" condition must be in its own {}", name);
2509 return NULL;
2510 }
2511
2512 s = eval_condition(s+1, subcondptr);
2513 if (s == NULL)
2514 {
2515 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2516 expand_string_message, name);
2517 return NULL;
2518 }
2519 while (isspace(*s)) s++;
2520
2521 if (*s++ != '}')
2522 {
2523 expand_string_message = string_sprintf("missing } at end of condition "
2524 "inside \"%s\" group", name);
2525 return NULL;
2526 }
2527
2528 if (yield != NULL)
2529 {
2530 if (cond_type == ECOND_AND)
2531 {
2532 combined_cond &= tempcond;
2533 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2534 } /* evaluate any more */
2535 else
2536 {
2537 combined_cond |= tempcond;
2538 if (combined_cond) subcondptr = NULL; /* once true, don't */
2539 } /* evaluate any more */
2540 }
2541 }
2542
2543 if (yield != NULL) *yield = (combined_cond == testfor);
2544 return ++s;
2545
2546
2547 /* forall/forany: iterates a condition with different values */
2548
2549 case ECOND_FORALL:
2550 case ECOND_FORANY:
2551 {
2552 int sep = 0;
2553 uschar *save_iterate_item = iterate_item;
2554
2555 while (isspace(*s)) s++;
2556 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2557 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE);
2558 if (sub[0] == NULL) return NULL;
2559 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2560
2561 while (isspace(*s)) s++;
2562 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2563
2564 sub[1] = s;
2565
2566 /* Call eval_condition once, with result discarded (as if scanning a
2567 "false" part). This allows us to find the end of the condition, because if
2568 the list it empty, we won't actually evaluate the condition for real. */
2569
2570 s = eval_condition(sub[1], NULL);
2571 if (s == NULL)
2572 {
2573 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2574 expand_string_message, name);
2575 return NULL;
2576 }
2577 while (isspace(*s)) s++;
2578
2579 if (*s++ != '}')
2580 {
2581 expand_string_message = string_sprintf("missing } at end of condition "
2582 "inside \"%s\"", name);
2583 return NULL;
2584 }
2585
2586 if (yield != NULL) *yield = !testfor;
2587 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2588 {
2589 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2590 if (eval_condition(sub[1], &tempcond) == NULL)
2591 {
2592 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2593 expand_string_message, name);
2594 iterate_item = save_iterate_item;
2595 return NULL;
2596 }
2597 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2598 tempcond? "true":"false");
2599
2600 if (yield != NULL) *yield = (tempcond == testfor);
2601 if (tempcond == (cond_type == ECOND_FORANY)) break;
2602 }
2603
2604 iterate_item = save_iterate_item;
2605 return s;
2606 }
2607
2608
2609 /* The bool{} expansion condition maps a string to boolean.
2610 The values supported should match those supported by the ACL condition
2611 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2612 of true/false. Note that Router "condition" rules have a different
2613 interpretation, where general data can be used and only a few values
2614 map to FALSE.
2615 Note that readconf.c boolean matching, for boolean configuration options,
2616 only matches true/yes/false/no.
2617 The bool_lax{} condition matches the Router logic, which is much more
2618 liberal. */
2619 case ECOND_BOOL:
2620 case ECOND_BOOL_LAX:
2621 {
2622 uschar *sub_arg[1];
2623 uschar *t, *t2;
2624 uschar *ourname;
2625 size_t len;
2626 BOOL boolvalue = FALSE;
2627 while (isspace(*s)) s++;
2628 if (*s != '{') goto COND_FAILED_CURLY_START;
2629 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
2630 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname))
2631 {
2632 case 1: expand_string_message = string_sprintf(
2633 "too few arguments or bracketing error for %s",
2634 ourname);
2635 /*FALLTHROUGH*/
2636 case 2:
2637 case 3: return NULL;
2638 }
2639 t = sub_arg[0];
2640 while (isspace(*t)) t++;
2641 len = Ustrlen(t);
2642 if (len)
2643 {
2644 /* trailing whitespace: seems like a good idea to ignore it too */
2645 t2 = t + len - 1;
2646 while (isspace(*t2)) t2--;
2647 if (t2 != (t + len))
2648 {
2649 *++t2 = '\0';
2650 len = t2 - t;
2651 }
2652 }
2653 DEBUG(D_expand)
2654 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2655 /* logic for the lax case from expand_check_condition(), which also does
2656 expands, and the logic is both short and stable enough that there should
2657 be no maintenance burden from replicating it. */
2658 if (len == 0)
2659 boolvalue = FALSE;
2660 else if (Ustrspn(t, "0123456789") == len)
2661 {
2662 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
2663 /* expand_check_condition only does a literal string "0" check */
2664 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2665 boolvalue = TRUE;
2666 }
2667 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2668 boolvalue = TRUE;
2669 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2670 boolvalue = FALSE;
2671 else if (cond_type == ECOND_BOOL_LAX)
2672 boolvalue = TRUE;
2673 else
2674 {
2675 expand_string_message = string_sprintf("unrecognised boolean "
2676 "value \"%s\"", t);
2677 return NULL;
2678 }
2679 if (yield != NULL) *yield = (boolvalue == testfor);
2680 return s;
2681 }
2682
2683 /* Unknown condition */
2684
2685 default:
2686 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2687 return NULL;
2688 } /* End switch on condition type */
2689
2690 /* Missing braces at start and end of data */
2691
2692 COND_FAILED_CURLY_START:
2693 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2694 return NULL;
2695
2696 COND_FAILED_CURLY_END:
2697 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2698 name);
2699 return NULL;
2700
2701 /* A condition requires code that is not compiled */
2702
2703 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2704 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2705 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2706 COND_FAILED_NOT_COMPILED:
2707 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2708 name);
2709 return NULL;
2710 #endif
2711 }
2712
2713
2714
2715
2716 /*************************************************
2717 * Save numerical variables *
2718 *************************************************/
2719
2720 /* This function is called from items such as "if" that want to preserve and
2721 restore the numbered variables.
2722
2723 Arguments:
2724 save_expand_string points to an array of pointers to set
2725 save_expand_nlength points to an array of ints for the lengths
2726
2727 Returns: the value of expand max to save
2728 */
2729
2730 static int
2731 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2732 {
2733 int i;
2734 for (i = 0; i <= expand_nmax; i++)
2735 {
2736 save_expand_nstring[i] = expand_nstring[i];
2737 save_expand_nlength[i] = expand_nlength[i];
2738 }
2739 return expand_nmax;
2740 }
2741
2742
2743
2744 /*************************************************
2745 * Restore numerical variables *
2746 *************************************************/
2747
2748 /* This function restored saved values of numerical strings.
2749
2750 Arguments:
2751 save_expand_nmax the number of strings to restore
2752 save_expand_string points to an array of pointers
2753 save_expand_nlength points to an array of ints
2754
2755 Returns: nothing
2756 */
2757
2758 static void
2759 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2760 int *save_expand_nlength)
2761 {
2762 int i;
2763 expand_nmax = save_expand_nmax;
2764 for (i = 0; i <= expand_nmax; i++)
2765 {
2766 expand_nstring[i] = save_expand_nstring[i];
2767 expand_nlength[i] = save_expand_nlength[i];
2768 }
2769 }
2770
2771
2772
2773
2774
2775 /*************************************************
2776 * Handle yes/no substrings *
2777 *************************************************/
2778
2779 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2780 alternative substrings that depend on whether or not the condition was true,
2781 or the lookup or extraction succeeded. The substrings always have to be
2782 expanded, to check their syntax, but "skipping" is set when the result is not
2783 needed - this avoids unnecessary nested lookups.
2784
2785 Arguments:
2786 skipping TRUE if we were skipping when this item was reached
2787 yes TRUE if the first string is to be used, else use the second
2788 save_lookup a value to put back into lookup_value before the 2nd expansion
2789 sptr points to the input string pointer
2790 yieldptr points to the output string pointer
2791 sizeptr points to the output string size
2792 ptrptr points to the output string pointer
2793 type "lookup" or "if" or "extract" or "run", for error message
2794
2795 Returns: 0 OK; lookup_value has been reset to save_lookup
2796 1 expansion failed
2797 2 expansion failed because of bracketing error
2798 */
2799
2800 static int
2801 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2802 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2803 {
2804 int rc = 0;
2805 uschar *s = *sptr; /* Local value */
2806 uschar *sub1, *sub2;
2807
2808 /* If there are no following strings, we substitute the contents of $value for
2809 lookups and for extractions in the success case. For the ${if item, the string
2810 "true" is substituted. In the fail case, nothing is substituted for all three
2811 items. */
2812
2813 while (isspace(*s)) s++;
2814 if (*s == '}')
2815 {
2816 if (type[0] == 'i')
2817 {
2818 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2819 }
2820 else
2821 {
2822 if (yes && lookup_value != NULL)
2823 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2824 Ustrlen(lookup_value));
2825 lookup_value = save_lookup;
2826 }
2827 s++;
2828 goto RETURN;
2829 }
2830
2831 /* The first following string must be braced. */
2832
2833 if (*s++ != '{') goto FAILED_CURLY;
2834
2835 /* Expand the first substring. Forced failures are noticed only if we actually
2836 want this string. Set skipping in the call in the fail case (this will always
2837 be the case if we were already skipping). */
2838
2839 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE);
2840 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2841 expand_string_forcedfail = FALSE;
2842 if (*s++ != '}') goto FAILED_CURLY;
2843
2844 /* If we want the first string, add it to the output */
2845
2846 if (yes)
2847 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2848
2849 /* If this is called from a lookup or an extract, we want to restore $value to
2850 what it was at the start of the item, so that it has this value during the
2851 second string expansion. For the call from "if" or "run" to this function,
2852 save_lookup is set to lookup_value, so that this statement does nothing. */
2853
2854 lookup_value = save_lookup;
2855
2856 /* There now follows either another substring, or "fail", or nothing. This
2857 time, forced failures are noticed only if we want the second string. We must
2858 set skipping in the nested call if we don't want this string, or if we were
2859 already skipping. */
2860
2861 while (isspace(*s)) s++;
2862 if (*s == '{')
2863 {
2864 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE);
2865 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2866 expand_string_forcedfail = FALSE;
2867 if (*s++ != '}') goto FAILED_CURLY;
2868
2869 /* If we want the second string, add it to the output */
2870
2871 if (!yes)
2872 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2873 }
2874
2875 /* If there is no second string, but the word "fail" is present when the use of
2876 the second string is wanted, set a flag indicating it was a forced failure
2877 rather than a syntactic error. Swallow the terminating } in case this is nested
2878 inside another lookup or if or extract. */
2879
2880 else if (*s != '}')
2881 {
2882 uschar name[256];
2883 s = read_name(name, sizeof(name), s, US"_");
2884 if (Ustrcmp(name, "fail") == 0)
2885 {
2886 if (!yes && !skipping)
2887 {
2888 while (isspace(*s)) s++;
2889 if (*s++ != '}') goto FAILED_CURLY;
2890 expand_string_message =
2891 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2892 expand_string_forcedfail = TRUE;
2893 goto FAILED;
2894 }
2895 }
2896 else
2897 {
2898 expand_string_message =
2899 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2900 goto FAILED;
2901 }
2902 }
2903
2904 /* All we have to do now is to check on the final closing brace. */
2905
2906 while (isspace(*s)) s++;
2907 if (*s++ == '}') goto RETURN;
2908
2909 /* Get here if there is a bracketing failure */
2910
2911 FAILED_CURLY:
2912 rc++;
2913
2914 /* Get here for other failures */
2915
2916 FAILED:
2917 rc++;
2918
2919 /* Update the input pointer value before returning */
2920
2921 RETURN:
2922 *sptr = s;
2923 return rc;
2924 }
2925
2926
2927
2928
2929 /*************************************************
2930 * Handle MD5 or SHA-1 computation for HMAC *
2931 *************************************************/
2932
2933 /* These are some wrapping functions that enable the HMAC code to be a bit
2934 cleaner. A good compiler will spot the tail recursion.
2935
2936 Arguments:
2937 type HMAC_MD5 or HMAC_SHA1
2938 remaining are as for the cryptographic hash functions
2939
2940 Returns: nothing
2941 */
2942
2943 static void
2944 chash_start(int type, void *base)
2945 {
2946 if (type == HMAC_MD5)
2947 md5_start((md5 *)base);
2948 else
2949 sha1_start((sha1 *)base);
2950 }
2951
2952 static void
2953 chash_mid(int type, void *base, uschar *string)
2954 {
2955 if (type == HMAC_MD5)
2956 md5_mid((md5 *)base, string);
2957 else
2958 sha1_mid((sha1 *)base, string);
2959 }
2960
2961 static void
2962 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2963 {
2964 if (type == HMAC_MD5)
2965 md5_end((md5 *)base, string, length, digest);
2966 else
2967 sha1_end((sha1 *)base, string, length, digest);
2968 }
2969
2970
2971
2972
2973
2974 /********************************************************
2975 * prvs: Get last three digits of days since Jan 1, 1970 *
2976 ********************************************************/
2977
2978 /* This is needed to implement the "prvs" BATV reverse
2979 path signing scheme
2980
2981 Argument: integer "days" offset to add or substract to
2982 or from the current number of days.
2983
2984 Returns: pointer to string containing the last three
2985 digits of the number of days since Jan 1, 1970,
2986 modified by the offset argument, NULL if there
2987 was an error in the conversion.
2988
2989 */
2990
2991 static uschar *
2992 prvs_daystamp(int day_offset)
2993 {
2994 uschar *days = store_get(32); /* Need at least 24 for cases */
2995 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
2996 (time(NULL) + day_offset*86400)/86400);
2997 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
2998 }
2999
3000
3001
3002 /********************************************************
3003 * prvs: perform HMAC-SHA1 computation of prvs bits *
3004 ********************************************************/
3005
3006 /* This is needed to implement the "prvs" BATV reverse
3007 path signing scheme
3008
3009 Arguments:
3010 address RFC2821 Address to use
3011 key The key to use (must be less than 64 characters
3012 in size)
3013 key_num Single-digit key number to use. Defaults to
3014 '0' when NULL.
3015
3016 Returns: pointer to string containing the first three
3017 bytes of the final hash in hex format, NULL if
3018 there was an error in the process.
3019 */
3020
3021 static uschar *
3022 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3023 {
3024 uschar *hash_source, *p;
3025 int size = 0,offset = 0,i;
3026 sha1 sha1_base;
3027 void *use_base = &sha1_base;
3028 uschar innerhash[20];
3029 uschar finalhash[20];
3030 uschar innerkey[64];
3031 uschar outerkey[64];
3032 uschar *finalhash_hex = store_get(40);
3033
3034 if (key_num == NULL)
3035 key_num = US"0";
3036
3037 if (Ustrlen(key) > 64)
3038 return NULL;
3039
3040 hash_source = string_cat(NULL,&size,&offset,key_num,1);
3041 string_cat(hash_source,&size,&offset,daystamp,3);
3042 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3043 hash_source[offset] = '\0';
3044
3045 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3046
3047 memset(innerkey, 0x36, 64);
3048 memset(outerkey, 0x5c, 64);
3049
3050 for (i = 0; i < Ustrlen(key); i++)
3051 {
3052 innerkey[i] ^= key[i];
3053 outerkey[i] ^= key[i];
3054 }
3055
3056 chash_start(HMAC_SHA1, use_base);
3057 chash_mid(HMAC_SHA1, use_base, innerkey);
3058 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3059
3060 chash_start(HMAC_SHA1, use_base);
3061 chash_mid(HMAC_SHA1, use_base, outerkey);
3062 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3063
3064 p = finalhash_hex;
3065 for (i = 0; i < 3; i++)
3066 {
3067 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3068 *p++ = hex_digits[finalhash[i] & 0x0f];
3069 }
3070 *p = '\0';
3071
3072 return finalhash_hex;
3073 }
3074
3075
3076
3077
3078 /*************************************************
3079 * Join a file onto the output string *
3080 *************************************************/
3081
3082 /* This is used for readfile and after a run expansion. It joins the contents
3083 of a file onto the output string, globally replacing newlines with a given
3084 string (optionally). The file is closed at the end.
3085
3086 Arguments:
3087 f the FILE
3088 yield pointer to the expandable string
3089 sizep pointer to the current size
3090 ptrp pointer to the current position
3091 eol newline replacement string, or NULL
3092
3093 Returns: new value of string pointer
3094 */
3095
3096 static uschar *
3097 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
3098 {
3099 int eollen;
3100 uschar buffer[1024];
3101
3102 eollen = (eol == NULL)? 0 : Ustrlen(eol);
3103
3104 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
3105 {
3106 int len = Ustrlen(buffer);
3107 if (eol != NULL && buffer[len-1] == '\n') len--;
3108 yield = string_cat(yield, sizep, ptrp, buffer, len);
3109 if (buffer[len] != 0)
3110 yield = string_cat(yield, sizep, ptrp, eol, eollen);
3111 }
3112
3113 if (yield != NULL) yield[*ptrp] = 0;
3114
3115 return yield;
3116 }
3117
3118
3119
3120
3121 /*************************************************
3122 * Evaluate numeric expression *
3123 *************************************************/
3124
3125 /* This is a set of mutually recursive functions that evaluate an arithmetic
3126 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3127 these functions that is called from elsewhere is eval_expr, whose interface is:
3128
3129 Arguments:
3130 sptr pointer to the pointer to the string - gets updated
3131 decimal TRUE if numbers are to be assumed decimal
3132 error pointer to where to put an error message - must be NULL on input
3133 endket TRUE if ')' must terminate - FALSE for external call
3134
3135 Returns: on success: the value of the expression, with *error still NULL
3136 on failure: an undefined value, with *error = a message
3137 */
3138
3139 static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
3140
3141
3142 static int_eximarith_t
3143 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3144 {
3145 uschar *s = *sptr;
3146 int_eximarith_t x = eval_op_or(&s, decimal, error);
3147 if (*error == NULL)
3148 {
3149 if (endket)
3150 {
3151 if (*s != ')')
3152 *error = US"expecting closing parenthesis";
3153 else
3154 while (isspace(*(++s)));
3155 }
3156 else if (*s != 0) *error = US"expecting operator";
3157 }
3158 *sptr = s;
3159 return x;
3160 }
3161
3162
3163 static int_eximarith_t
3164 eval_number(uschar **sptr, BOOL decimal, uschar **error)
3165 {
3166 register int c;
3167 int_eximarith_t n;
3168 uschar *s = *sptr;
3169 while (isspace(*s)) s++;
3170 c = *s;
3171 if (isdigit(c))
3172 {
3173 int count;
3174 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
3175 s += count;
3176 switch (tolower(*s))
3177 {
3178 default: break;
3179 case 'k': n *= 1024; s++; break;
3180 case 'm': n *= 1024*1024; s++; break;
3181 case 'g': n *= 1024*1024*1024; s++; break;
3182 }
3183 while (isspace (*s)) s++;
3184 }
3185 else if (c == '(')
3186 {
3187 s++;
3188 n = eval_expr(&s, decimal, error, 1);
3189 }
3190 else
3191 {
3192 *error = US"expecting number or opening parenthesis";
3193 n = 0;
3194 }
3195 *sptr = s;
3196 return n;
3197 }
3198
3199
3200 static int_eximarith_t
3201 eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3202 {
3203 uschar *s = *sptr;
3204 int_eximarith_t x;
3205 while (isspace(*s)) s++;
3206 if (*s == '+' || *s == '-' || *s == '~')
3207 {
3208 int op = *s++;
3209 x = eval_op_unary(&s, decimal, error);
3210 if (op == '-') x = -x;
3211 else if (op == '~') x = ~x;
3212 }
3213 else
3214 {
3215 x = eval_number(&s, decimal, error);
3216 }
3217 *sptr = s;
3218 return x;
3219 }
3220
3221
3222 static int_eximarith_t
3223 eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
3224 {
3225 uschar *s = *sptr;
3226 int_eximarith_t x = eval_op_unary(&s, decimal, error);
3227 if (*error == NULL)
3228 {
3229 while (*s == '*' || *s == '/' || *s == '%')
3230 {
3231 int op = *s++;
3232 int_eximarith_t y = eval_op_unary(&s, decimal, error);
3233 if (*error != NULL) break;
3234 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3235 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3236 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3237 * -N*M is INT_MIN will yielf INT_MIN.
3238 * Since we don't support floating point, this is somewhat simpler.
3239 * Ideally, we'd return an error, but since we overflow for all other
3240 * arithmetic, consistency suggests otherwise, but what's the correct value
3241 * to use? There is none.
3242 * The C standard guarantees overflow for unsigned arithmetic but signed
3243 * overflow invokes undefined behaviour; in practice, this is overflow
3244 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3245 * that long/longlong larger than int are available, or we could just work
3246 * with larger types. We should consider whether to guarantee 32bit eval
3247 * and 64-bit working variables, with errors returned. For now ...
3248 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3249 * can just let the other invalid results occur otherwise, as they have
3250 * until now. For this one case, we can coerce.
3251 */
3252 if (y == -1 && x == LLONG_MIN && op != '*')
3253 {
3254 DEBUG(D_expand)
3255 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
3256 LLONG_MIN, op, LLONG_MAX);
3257 x = LLONG_MAX;
3258 continue;
3259 }
3260 if (op == '*')
3261 x *= y;
3262 else
3263 {
3264 if (y == 0)
3265 {
3266 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3267 x = 0;
3268 break;
3269 }
3270 if (op == '/')
3271 x /= y;
3272 else
3273 x %= y;
3274 }
3275 }
3276 }
3277 *sptr = s;
3278 return x;
3279 }
3280
3281
3282 static int_eximarith_t
3283 eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3284 {
3285 uschar *s = *sptr;
3286 int_eximarith_t x = eval_op_mult(&s, decimal, error);
3287 if (*error == NULL)
3288 {
3289 while (*s == '+' || *s == '-')
3290 {
3291 int op = *s++;
3292 int_eximarith_t y = eval_op_mult(&s, decimal, error);
3293 if (*error != NULL) break;
3294 if (op == '+') x += y; else x -= y;
3295 }
3296 }
3297 *sptr = s;
3298 return x;
3299 }
3300
3301
3302 static int_eximarith_t
3303 eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3304 {
3305 uschar *s = *sptr;
3306 int_eximarith_t x = eval_op_sum(&s, decimal, error);
3307 if (*error == NULL)
3308 {
3309 while ((*s == '<' || *s == '>') && s[1] == s[0])
3310 {
3311 int_eximarith_t y;
3312 int op = *s++;
3313 s++;
3314 y = eval_op_sum(&s, decimal, error);
3315 if (*error != NULL) break;
3316 if (op == '<') x <<= y; else x >>= y;
3317 }
3318 }
3319 *sptr = s;
3320 return x;
3321 }
3322
3323
3324 static int_eximarith_t
3325 eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3326 {
3327 uschar *s = *sptr;
3328 int_eximarith_t x = eval_op_shift(&s, decimal, error);
3329 if (*error == NULL)
3330 {
3331 while (*s == '&')
3332 {
3333 int_eximarith_t y;
3334 s++;
3335 y = eval_op_shift(&s, decimal, error);
3336 if (*error != NULL) break;
3337 x &= y;
3338 }
3339 }
3340 *sptr = s;
3341 return x;
3342 }
3343
3344
3345 static int_eximarith_t
3346 eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3347 {
3348 uschar *s = *sptr;
3349 int_eximarith_t x = eval_op_and(&s, decimal, error);
3350 if (*error == NULL)
3351 {
3352 while (*s == '^')
3353 {
3354 int_eximarith_t y;
3355 s++;
3356 y = eval_op_and(&s, decimal, error);
3357 if (*error != NULL) break;
3358 x ^= y;
3359 }
3360 }
3361 *sptr = s;
3362 return x;
3363 }
3364
3365
3366 static int_eximarith_t
3367 eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3368 {
3369 uschar *s = *sptr;
3370 int_eximarith_t x = eval_op_xor(&s, decimal, error);
3371 if (*error == NULL)
3372 {
3373 while (*s == '|')
3374 {
3375 int_eximarith_t y;
3376 s++;
3377 y = eval_op_xor(&s, decimal, error);
3378 if (*error != NULL) break;
3379 x |= y;
3380 }
3381 }
3382 *sptr = s;
3383 return x;
3384 }
3385
3386
3387
3388 /*************************************************
3389 * Expand string *
3390 *************************************************/
3391
3392 /* Returns either an unchanged string, or the expanded string in stacking pool
3393 store. Interpreted sequences are:
3394
3395 \... normal escaping rules
3396 $name substitutes the variable
3397 ${name} ditto
3398 ${op:string} operates on the expanded string value
3399 ${item{arg1}{arg2}...} expands the args and then does the business
3400 some literal args are not enclosed in {}
3401
3402 There are now far too many operators and item types to make it worth listing
3403 them here in detail any more.
3404
3405 We use an internal routine recursively to handle embedded substrings. The
3406 external function follows. The yield is NULL if the expansion failed, and there
3407 are two cases: if something collapsed syntactically, or if "fail" was given
3408 as the action on a lookup failure. These can be distinguised by looking at the
3409 variable expand_string_forcedfail, which is TRUE in the latter case.
3410
3411 The skipping flag is set true when expanding a substring that isn't actually
3412 going to be used (after "if" or "lookup") and it prevents lookups from
3413 happening lower down.
3414
3415 Store usage: At start, a store block of the length of the input plus 64
3416 is obtained. This is expanded as necessary by string_cat(), which might have to
3417 get a new block, or might be able to expand the original. At the end of the
3418 function we can release any store above that portion of the yield block that
3419 was actually used. In many cases this will be optimal.
3420
3421 However: if the first item in the expansion is a variable name or header name,
3422 we reset the store before processing it; if the result is in fresh store, we
3423 use that without copying. This is helpful for expanding strings like
3424 $message_headers which can get very long.
3425
3426 There's a problem if a ${dlfunc item has side-effects that cause allocation,
3427 since resetting the store at the end of the expansion will free store that was
3428 allocated by the plugin code as well as the slop after the expanded string. So
3429 we skip any resets if ${dlfunc has been used. This is an unfortunate
3430 consequence of string expansion becoming too powerful.
3431
3432 Arguments:
3433 string the string to be expanded
3434 ket_ends true if expansion is to stop at }
3435 left if not NULL, a pointer to the first character after the
3436 expansion is placed here (typically used with ket_ends)
3437 skipping TRUE for recursive calls when the value isn't actually going
3438 to be used (to allow for optimisation)
3439 honour_dollar TRUE if $ is to be expanded,
3440 FALSE if it's just another character
3441
3442 Returns: NULL if expansion fails:
3443 expand_string_forcedfail is set TRUE if failure was forced
3444 expand_string_message contains a textual error message
3445 a pointer to the expanded string on success
3446 */
3447
3448 static uschar *
3449 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
3450 BOOL skipping, BOOL honour_dollar)
3451 {
3452 int ptr = 0;
3453 int size = Ustrlen(string)+ 64;
3454 int item_type;
3455 uschar *yield = store_get(size);
3456 uschar *s = string;
3457 uschar *save_expand_nstring[EXPAND_MAXN+1];
3458 int save_expand_nlength[EXPAND_MAXN+1];
3459 BOOL resetok = TRUE;
3460
3461 expand_string_forcedfail = FALSE;
3462 expand_string_message = US"";
3463
3464 while (*s != 0)
3465 {
3466 uschar *value;
3467 uschar name[256];
3468
3469 /* \ escapes the next character, which must exist, or else
3470 the expansion fails. There's a special escape, \N, which causes
3471 copying of the subject verbatim up to the next \N. Otherwise,
3472 the escapes are the standard set. */
3473
3474 if (*s == '\\')
3475 {
3476 if (s[1] == 0)
3477 {
3478 expand_string_message = US"\\ at end of string";
3479 goto EXPAND_FAILED;
3480 }
3481
3482 if (s[1] == 'N')
3483 {
3484 uschar *t = s + 2;
3485 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3486 yield = string_cat(yield, &size, &ptr, t, s - t);
3487 if (*s != 0) s += 2;
3488 }
3489
3490 else
3491 {
3492 uschar ch[1];
3493 ch[0] = string_interpret_escape(&s);
3494 s++;
3495 yield = string_cat(yield, &size, &ptr, ch, 1);
3496 }
3497
3498 continue;
3499 }
3500
3501 /* Anything other than $ is just copied verbatim, unless we are
3502 looking for a terminating } character. */
3503
3504 if (ket_ends && *s == '}') break;
3505
3506 if (*s != '$' || !honour_dollar)
3507 {
3508 yield = string_cat(yield, &size, &ptr, s++, 1);
3509 continue;
3510 }
3511
3512 /* No { after the $ - must be a plain name or a number for string
3513 match variable. There has to be a fudge for variables that are the
3514 names of header fields preceded by "$header_" because header field
3515 names can contain any printing characters except space and colon.
3516 For those that don't like typing this much, "$h_" is a synonym for
3517 "$header_". A non-existent header yields a NULL value; nothing is
3518 inserted. */
3519
3520 if (isalpha((*(++s))))
3521 {
3522 int len;
3523 int newsize = 0;
3524
3525 s = read_name(name, sizeof(name), s, US"_");
3526
3527 /* If this is the first thing to be expanded, release the pre-allocated
3528 buffer. */
3529
3530 if (ptr == 0 && yield != NULL)
3531 {
3532 if (resetok) store_reset(yield);
3533 yield = NULL;
3534 size = 0;
3535 }
3536
3537 /* Header */
3538
3539 if (Ustrncmp(name, "h_", 2) == 0 ||
3540 Ustrncmp(name, "rh_", 3) == 0 ||
3541 Ustrncmp(name, "bh_", 3) == 0 ||
3542 Ustrncmp(name, "header_", 7) == 0 ||
3543 Ustrncmp(name, "rheader_", 8) == 0 ||
3544 Ustrncmp(name, "bheader_", 8) == 0)
3545 {
3546 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3547 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3548 s = read_header_name(name, sizeof(name), s);
3549 value = find_header(name, FALSE, &newsize, want_raw, charset);
3550
3551 /* If we didn't find the header, and the header contains a closing brace
3552 character, this may be a user error where the terminating colon
3553 has been omitted. Set a flag to adjust the error message in this case.
3554 But there is no error here - nothing gets inserted. */
3555
3556 if (value == NULL)
3557 {
3558 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3559 continue;
3560 }
3561 }
3562
3563 /* Variable */
3564
3565 else
3566 {
3567 value = find_variable(name, FALSE, skipping, &newsize);
3568 if (value == NULL)
3569 {
3570 expand_string_message =
3571 string_sprintf("unknown variable name \"%s\"", name);
3572 check_variable_error_message(name);
3573 goto EXPAND_FAILED;
3574 }
3575 }
3576
3577 /* If the data is known to be in a new buffer, newsize will be set to the
3578 size of that buffer. If this is the first thing in an expansion string,
3579 yield will be NULL; just point it at the new store instead of copying. Many
3580 expansion strings contain just one reference, so this is a useful
3581 optimization, especially for humungous headers. */
3582
3583 len = Ustrlen(value);
3584 if (yield == NULL && newsize != 0)
3585 {
3586 yield = value;
3587 size = newsize;
3588 ptr = len;
3589 }
3590 else yield = string_cat(yield, &size, &ptr, value, len);
3591
3592 continue;
3593 }
3594
3595 if (isdigit(*s))
3596 {
3597 int n;
3598 s = read_number(&n, s);
3599 if (n >= 0 && n <= expand_nmax)
3600 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3601 expand_nlength[n]);
3602 continue;
3603 }
3604
3605 /* Otherwise, if there's no '{' after $ it's an error. */
3606
3607 if (*s != '{')
3608 {
3609 expand_string_message = US"$ not followed by letter, digit, or {";
3610 goto EXPAND_FAILED;
3611 }
3612
3613 /* After { there can be various things, but they all start with
3614 an initial word, except for a number for a string match variable. */
3615
3616 if (isdigit((*(++s))))
3617 {
3618 int n;
3619 s = read_number(&n, s);
3620 if (*s++ != '}')
3621 {
3622 expand_string_message = US"} expected after number";
3623 goto EXPAND_FAILED;
3624 }
3625 if (n >= 0 && n <= expand_nmax)
3626 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3627 expand_nlength[n]);
3628 continue;
3629 }
3630
3631 if (!isalpha(*s))
3632 {
3633 expand_string_message = US"letter or digit expected after ${";
3634 goto EXPAND_FAILED;
3635 }
3636
3637 /* Allow "-" in names to cater for substrings with negative
3638 arguments. Since we are checking for known names after { this is
3639 OK. */
3640
3641 s = read_name(name, sizeof(name), s, US"_-");
3642 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3643
3644 switch(item_type)
3645 {
3646 /* Call an ACL from an expansion. We feed data in via $address_data.
3647 If the ACL returns acceptance we return content set by "message ="
3648 There is currently no limit on recursion; this would have us call
3649 acl_check_internal() directly and get a current level from somewhere.
3650 */
3651
3652 case EITEM_ACL:
3653 {
3654 int rc;
3655 uschar *sub[2];
3656 uschar *new_yield;
3657 uschar *user_msg;
3658 uschar *log_msg;
3659 switch(read_subs(sub, 2, 1, &s, skipping, TRUE, US"acl"))
3660 {
3661 case 1: goto EXPAND_FAILED_CURLY;
3662 case 2:
3663 case 3: goto EXPAND_FAILED;
3664 }
3665 if (skipping) continue;
3666
3667 DEBUG(D_expand)
3668 debug_printf("expanding: acl: %s arg: %s\n", sub[0], sub[1]?sub[1]:US"<none>");
3669
3670 deliver_address_data = sub[1];
3671 switch(rc = acl_check(ACL_WHERE_EXPANSION, NULL, sub[0], &user_msg, &log_msg))
3672 {
3673 case OK:
3674 if (user_msg)
3675 yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
3676 continue;
3677 case DEFER:
3678 continue;
3679 default:
3680 expand_string_message = string_sprintf("acl \"%s\" did not accept", sub[0]);
3681 goto EXPAND_FAILED;
3682 }
3683 }
3684
3685 /* Handle conditionals - preserve the values of the numerical expansion
3686 variables in case they get changed by a regular expression match in the
3687 condition. If not, they retain their external settings. At the end
3688 of this "if" section, they get restored to their previous values. */
3689
3690 case EITEM_IF:
3691 {
3692 BOOL cond = FALSE;
3693 uschar *next_s;
3694 int save_expand_nmax =
3695 save_expand_strings(save_expand_nstring, save_expand_nlength);
3696
3697 while (isspace(*s)) s++;
3698 next_s = eval_condition(s, skipping? NULL : &cond);
3699 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3700
3701 DEBUG(D_expand)
3702 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3703 cond? "true" : "false");
3704
3705 s = next_s;
3706
3707 /* The handling of "yes" and "no" result strings is now in a separate
3708 function that is also used by ${lookup} and ${extract} and ${run}. */
3709
3710 switch(process_yesno(
3711 skipping, /* were previously skipping */
3712 cond, /* success/failure indicator */
3713 lookup_value, /* value to reset for string2 */
3714 &s, /* input pointer */
3715 &yield, /* output pointer */
3716 &size, /* output size */
3717 &ptr, /* output current point */
3718 US"if")) /* condition type */
3719 {
3720 case 1: goto EXPAND_FAILED; /* when all is well, the */
3721 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3722 }
3723
3724 /* Restore external setting of expansion variables for continuation
3725 at this level. */
3726
3727 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3728 save_expand_nlength);
3729 continue;
3730 }
3731
3732 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3733 expanding an internal string that isn't actually going to be used. All we
3734 need to do is check the syntax, so don't do a lookup at all. Preserve the
3735 values of the numerical expansion variables in case they get changed by a
3736 partial lookup. If not, they retain their external settings. At the end
3737 of this "lookup" section, they get restored to their previous values. */
3738
3739 case EITEM_LOOKUP:
3740 {
3741 int stype, partial, affixlen, starflags;
3742 int expand_setup = 0;
3743 int nameptr = 0;
3744 uschar *key, *filename, *affix;
3745 uschar *save_lookup_value = lookup_value;
3746 int save_expand_nmax =
3747 save_expand_strings(save_expand_nstring, save_expand_nlength);
3748
3749 if ((expand_forbid & RDO_LOOKUP) != 0)
3750 {
3751 expand_string_message = US"lookup expansions are not permitted";
3752 goto EXPAND_FAILED;
3753 }
3754
3755 /* Get the key we are to look up for single-key+file style lookups.
3756 Otherwise set the key NULL pro-tem. */
3757
3758 while (isspace(*s)) s++;
3759 if (*s == '{')
3760 {
3761 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
3762 if (key == NULL) goto EXPAND_FAILED;
3763 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3764 while (isspace(*s)) s++;
3765 }
3766 else key = NULL;
3767
3768 /* Find out the type of database */
3769
3770 if (!isalpha(*s))
3771 {
3772 expand_string_message = US"missing lookup type";
3773 goto EXPAND_FAILED;
3774 }
3775
3776 /* The type is a string that may contain special characters of various
3777 kinds. Allow everything except space or { to appear; the actual content
3778 is checked by search_findtype_partial. */
3779
3780 while (*s != 0 && *s != '{' && !isspace(*s))
3781 {
3782 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3783 s++;
3784 }
3785 name[nameptr] = 0;
3786 while (isspace(*s)) s++;
3787
3788 /* Now check for the individual search type and any partial or default
3789 options. Only those types that are actually in the binary are valid. */
3790
3791 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3792 &starflags);
3793 if (stype < 0)
3794 {
3795 expand_string_message = search_error_message;
3796 goto EXPAND_FAILED;
3797 }
3798
3799 /* Check that a key was provided for those lookup types that need it,
3800 and was not supplied for those that use the query style. */
3801
3802 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
3803 {
3804 if (key == NULL)
3805 {
3806 expand_string_message = string_sprintf("missing {key} for single-"
3807 "key \"%s\" lookup", name);
3808 goto EXPAND_FAILED;
3809 }
3810 }
3811 else
3812 {
3813 if (key != NULL)
3814 {
3815 expand_string_message = string_sprintf("a single key was given for "
3816 "lookup type \"%s\", which is not a single-key lookup type", name);
3817 goto EXPAND_FAILED;
3818 }
3819 }
3820
3821 /* Get the next string in brackets and expand it. It is the file name for
3822 single-key+file lookups, and the whole query otherwise. In the case of
3823 queries that also require a file name (e.g. sqlite), the file name comes
3824 first. */
3825
3826 if (*s != '{') goto EXPAND_FAILED_CURLY;
3827 filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
3828 if (filename == NULL) goto EXPAND_FAILED;
3829 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3830 while (isspace(*s)) s++;
3831
3832 /* If this isn't a single-key+file lookup, re-arrange the variables
3833 to be appropriate for the search_ functions. For query-style lookups,
3834 there is just a "key", and no file name. For the special query-style +
3835 file types, the query (i.e. "key") starts with a file name. */
3836
3837 if (key == NULL)
3838 {
3839 while (isspace(*filename)) filename++;
3840 key = filename;
3841
3842 if (mac_islookup(stype, lookup_querystyle))
3843 {
3844 filename = NULL;
3845 }
3846 else
3847 {
3848 if (*filename != '/')
3849 {
3850 expand_string_message = string_sprintf(
3851 "absolute file name expected for \"%s\" lookup", name);
3852 goto EXPAND_FAILED;
3853 }
3854 while (*key != 0 && !isspace(*key)) key++;
3855 if (*key != 0) *key++ = 0;
3856 }
3857 }
3858
3859 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3860 the entry was not found. Note that there is no search_close() function.
3861 Files are left open in case of re-use. At suitable places in higher logic,
3862 search_tidyup() is called to tidy all open files. This can save opening
3863 the same file several times. However, files may also get closed when
3864 others are opened, if too many are open at once. The rule is that a
3865 handle should not be used after a second search_open().
3866
3867 Request that a partial search sets up $1 and maybe $2 by passing
3868 expand_setup containing zero. If its value changes, reset expand_nmax,
3869 since new variables will have been set. Note that at the end of this
3870 "lookup" section, the old numeric variables are restored. */
3871
3872 if (skipping)
3873 lookup_value = NULL;
3874 else
3875 {
3876 void *handle = search_open(filename, stype, 0, NULL, NULL);
3877 if (handle == NULL)
3878 {
3879 expand_string_message = search_error_message;
3880 goto EXPAND_FAILED;
3881 }
3882 lookup_value = search_find(handle, filename, key, partial, affix,
3883 affixlen, starflags, &expand_setup);
3884 if (search_find_defer)
3885 {
3886 expand_string_message =
3887 string_sprintf("lookup of \"%s\" gave DEFER: %s",
3888 string_printing2(key, FALSE), search_error_message);
3889 goto EXPAND_FAILED;
3890 }
3891 if (expand_setup > 0) expand_nmax = expand_setup;
3892 }
3893
3894 /* The handling of "yes" and "no" result strings is now in a separate
3895 function that is also used by ${if} and ${extract}. */
3896
3897 switch(process_yesno(
3898 skipping, /* were previously skipping */
3899 lookup_value != NULL, /* success/failure indicator */
3900 save_lookup_value, /* value to reset for string2 */
3901 &s, /* input pointer */
3902 &yield, /* output pointer */
3903 &size, /* output size */
3904 &ptr, /* output current point */
3905 US"lookup")) /* condition type */
3906 {
3907 case 1: goto EXPAND_FAILED; /* when all is well, the */
3908 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3909 }
3910
3911 /* Restore external setting of expansion variables for carrying on
3912 at this level, and continue. */
3913
3914 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3915 save_expand_nlength);
3916 continue;
3917 }
3918
3919 /* If Perl support is configured, handle calling embedded perl subroutines,
3920 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3921 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3922 arguments (defined below). */
3923
3924 #define EXIM_PERL_MAX_ARGS 8
3925
3926 case EITEM_PERL:
3927 #ifndef EXIM_PERL
3928 expand_string_message = US"\"${perl\" encountered, but this facility "
3929 "is not included in this binary";
3930 goto EXPAND_FAILED;
3931
3932 #else /* EXIM_PERL */
3933 {
3934 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3935 uschar *new_yield;
3936
3937 if ((expand_forbid & RDO_PERL) != 0)
3938 {
3939 expand_string_message = US"Perl calls are not permitted";
3940 goto EXPAND_FAILED;
3941 }
3942
3943 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3944 US"perl"))
3945 {
3946 case 1: goto EXPAND_FAILED_CURLY;
3947 case 2:
3948 case 3: goto EXPAND_FAILED;
3949 }
3950
3951 /* If skipping, we don't actually do anything */
3952
3953 if (skipping) continue;
3954
3955 /* Start the interpreter if necessary */
3956
3957 if (!opt_perl_started)
3958 {
3959 uschar *initerror;
3960 if (opt_perl_startup == NULL)
3961 {
3962 expand_string_message = US"A setting of perl_startup is needed when "
3963 "using the Perl interpreter";
3964 goto EXPAND_FAILED;
3965 }
3966 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3967 initerror = init_perl(opt_perl_startup);
3968 if (initerror != NULL)
3969 {
3970 expand_string_message =
3971 string_sprintf("error in perl_startup code: %s\n", initerror);
3972 goto EXPAND_FAILED;
3973 }
3974 opt_perl_started = TRUE;
3975 }
3976
3977 /* Call the function */
3978
3979 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3980 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3981 sub_arg[0], sub_arg + 1);
3982
3983 /* NULL yield indicates failure; if the message pointer has been set to
3984 NULL, the yield was undef, indicating a forced failure. Otherwise the
3985 message will indicate some kind of Perl error. */
3986
3987 if (new_yield == NULL)
3988 {
3989 if (expand_string_message == NULL)
3990 {
3991 expand_string_message =
3992 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3993 "failure", sub_arg[0]);
3994 expand_string_forcedfail = TRUE;
3995 }
3996 goto EXPAND_FAILED;
3997 }
3998
3999 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
4000 set during a callback from Perl. */
4001
4002 expand_string_forcedfail = FALSE;
4003 yield = new_yield;
4004 continue;
4005 }
4006 #endif /* EXIM_PERL */
4007
4008 /* Transform email address to "prvs" scheme to use
4009 as BATV-signed return path */
4010
4011 case EITEM_PRVS:
4012 {
4013 uschar *sub_arg[3];
4014 uschar *p,*domain;
4015
4016 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
4017 {
4018 case 1: goto EXPAND_FAILED_CURLY;
4019 case 2:
4020 case 3: goto EXPAND_FAILED;
4021 }
4022
4023 /* If skipping, we don't actually do anything */
4024 if (skipping) continue;
4025
4026 /* sub_arg[0] is the address */
4027 domain = Ustrrchr(sub_arg[0],'@');
4028 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
4029 {
4030 expand_string_message = US"prvs first argument must be a qualified email address";
4031 goto EXPAND_FAILED;
4032 }
4033
4034 /* Calculate the hash. The second argument must be a single-digit
4035 key number, or unset. */
4036
4037 if (sub_arg[2] != NULL &&
4038 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
4039 {
4040 expand_string_message = US"prvs second argument must be a single digit";
4041 goto EXPAND_FAILED;
4042 }
4043
4044 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
4045 if (p == NULL)
4046 {
4047 expand_string_message = US"prvs hmac-sha1 conversion failed";
4048 goto EXPAND_FAILED;
4049 }
4050
4051 /* Now separate the domain from the local part */
4052 *domain++ = '\0';
4053
4054 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
4055 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
4056 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
4057 string_cat(yield,&size,&ptr,p,6);
4058 string_cat(yield,&size,&ptr,US"=",1);
4059 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4060 string_cat(yield,&size,&ptr,US"@",1);
4061 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
4062
4063 continue;
4064 }
4065
4066 /* Check a prvs-encoded address for validity */
4067
4068 case EITEM_PRVSCHECK:
4069 {
4070 uschar *sub_arg[3];
4071 int mysize = 0, myptr = 0;
4072 const pcre *re;
4073 uschar *p;
4074
4075 /* TF: Ugliness: We want to expand parameter 1 first, then set
4076 up expansion variables that are used in the expansion of
4077 parameter 2. So we clone the string for the first
4078 expansion, where we only expand parameter 1.
4079
4080 PH: Actually, that isn't necessary. The read_subs() function is
4081 designed to work this way for the ${if and ${lookup expansions. I've
4082 tidied the code.
4083 */
4084
4085 /* Reset expansion variables */
4086 prvscheck_result = NULL;
4087 prvscheck_address = NULL;
4088 prvscheck_keynum = NULL;
4089
4090 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
4091 {
4092 case 1: goto EXPAND_FAILED_CURLY;
4093 case 2:
4094 case 3: goto EXPAND_FAILED;
4095 }
4096
4097 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
4098 TRUE,FALSE);
4099
4100 if (regex_match_and_setup(re,sub_arg[0],0,-1))
4101 {
4102 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
4103 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
4104 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
4105 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
4106 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
4107
4108 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
4109 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
4110 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
4111 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
4112 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
4113
4114 /* Set up expansion variables */
4115 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
4116 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
4117 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
4118 prvscheck_address[myptr] = '\0';
4119 prvscheck_keynum = string_copy(key_num);
4120
4121 /* Now expand the second argument */
4122 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
4123 {
4124 case 1: goto EXPAND_FAILED_CURLY;
4125 case 2:
4126 case 3: goto EXPAND_FAILED;
4127 }
4128
4129 /* Now we have the key and can check the address. */
4130
4131 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
4132 daystamp);
4133
4134 if (p == NULL)
4135 {
4136 expand_string_message = US"hmac-sha1 conversion failed";
4137 goto EXPAND_FAILED;
4138 }
4139
4140 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
4141 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
4142
4143 if (Ustrcmp(p,hash) == 0)
4144 {
4145 /* Success, valid BATV address. Now check the expiry date. */
4146 uschar *now = prvs_daystamp(0);
4147 unsigned int inow = 0,iexpire = 1;
4148
4149 (void)sscanf(CS now,"%u",&inow);
4150 (void)sscanf(CS daystamp,"%u",&iexpire);
4151
4152 /* When "iexpire" is < 7, a "flip" has occured.
4153 Adjust "inow" accordingly. */
4154 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
4155
4156 if (iexpire >= inow)
4157 {
4158 prvscheck_result = US"1";
4159 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
4160 }
4161 else
4162 {
4163 prvscheck_result = NULL;
4164 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
4165 }
4166 }
4167 else
4168 {
4169 prvscheck_result = NULL;
4170 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
4171 }
4172
4173 /* Now expand the final argument. We leave this till now so that
4174 it can include $prvscheck_result. */
4175
4176 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
4177 {
4178 case 1: goto EXPAND_FAILED_CURLY;
4179 case 2:
4180 case 3: goto EXPAND_FAILED;
4181 }
4182
4183 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
4184 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
4185 else
4186 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4187
4188 /* Reset the "internal" variables afterwards, because they are in
4189 dynamic store that will be reclaimed if the expansion succeeded. */
4190
4191 prvscheck_address = NULL;
4192 prvscheck_keynum = NULL;
4193 }
4194 else
4195 {
4196 /* Does not look like a prvs encoded address, return the empty string.
4197 We need to make sure all subs are expanded first, so as to skip over
4198 the entire item. */
4199
4200 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
4201 {
4202 case 1: goto EXPAND_FAILED_CURLY;
4203 case 2:
4204 case 3: goto EXPAND_FAILED;
4205 }
4206 }
4207
4208 continue;
4209 }
4210
4211 /* Handle "readfile" to insert an entire file */
4212
4213 case EITEM_READFILE:
4214 {
4215 FILE *f;
4216 uschar *sub_arg[2];
4217
4218 if ((expand_forbid & RDO_READFILE) != 0)
4219 {
4220 expand_string_message = US"file insertions are not permitted";
4221 goto EXPAND_FAILED;
4222 }
4223
4224 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
4225 {
4226 case 1: goto EXPAND_FAILED_CURLY;
4227 case 2:
4228 case 3: goto EXPAND_FAILED;
4229 }
4230
4231 /* If skipping, we don't actually do anything */
4232
4233 if (skipping) continue;
4234
4235 /* Open the file and read it */
4236
4237 f = Ufopen(sub_arg[0], "rb");
4238 if (f == NULL)
4239 {
4240 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4241 goto EXPAND_FAILED;
4242 }
4243
4244 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
4245 (void)fclose(f);
4246 continue;
4247 }
4248
4249 /* Handle "readsocket" to insert data from a Unix domain socket */
4250
4251 case EITEM_READSOCK:
4252 {
4253 int fd;
4254 int timeout = 5;
4255 int save_ptr = ptr;
4256 FILE *f;
4257 struct sockaddr_un sockun; /* don't call this "sun" ! */
4258 uschar *arg;
4259 uschar *sub_arg[4];
4260
4261 if ((expand_forbid & RDO_READSOCK) != 0)
4262 {
4263 expand_string_message = US"socket insertions are not permitted";
4264 goto EXPAND_FAILED;
4265 }
4266
4267 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4268 because there may be a string for expansion on failure. */
4269
4270 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
4271 {
4272 case 1: goto EXPAND_FAILED_CURLY;
4273 case 2: /* Won't occur: no end check */
4274 case 3: goto EXPAND_FAILED;
4275 }
4276
4277 /* Sort out timeout, if given */
4278
4279 if (sub_arg[2] != NULL)
4280 {
4281 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
4282 if (timeout < 0)
4283 {
4284 expand_string_message = string_sprintf("bad time value %s",
4285 sub_arg[2]);
4286 goto EXPAND_FAILED;
4287 }
4288 }
4289 else sub_arg[3] = NULL; /* No eol if no timeout */
4290
4291 /* If skipping, we don't actually do anything. Otherwise, arrange to
4292 connect to either an IP or a Unix socket. */
4293
4294 if (!skipping)
4295 {
4296 /* Handle an IP (internet) domain */
4297
4298 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
4299 {
4300 BOOL connected = FALSE;
4301 int namelen, port;
4302 host_item shost;
4303 host_item *h;
4304 uschar *server_name = sub_arg[0] + 5;
4305 uschar *port_name = Ustrrchr(server_name, ':');
4306
4307 /* Sort out the port */
4308
4309 if (port_name == NULL)
4310 {
4311 expand_string_message =
4312 string_sprintf("missing port for readsocket %s", sub_arg[0]);
4313 goto EXPAND_FAILED;
4314 }
4315 *port_name++ = 0; /* Terminate server name */
4316
4317 if (isdigit(*port_name))
4318 {
4319 uschar *end;
4320 port = Ustrtol(port_name, &end, 0);
4321 if (end != port_name + Ustrlen(port_name))
4322 {
4323 expand_string_message =
4324 string_sprintf("invalid port number %s", port_name);
4325 goto EXPAND_FAILED;
4326 }
4327 }
4328 else
4329 {
4330 struct servent *service_info = getservbyname(CS port_name, "tcp");
4331 if (service_info == NULL)
4332 {
4333 expand_string_message = string_sprintf("unknown port \"%s\"",
4334 port_name);
4335 goto EXPAND_FAILED;
4336 }
4337 port = ntohs(service_info->s_port);
4338 }
4339
4340 /* Sort out the server. */
4341
4342 shost.next = NULL;
4343 shost.address = NULL;
4344 shost.port = port;
4345 shost.mx = -1;
4346
4347 namelen = Ustrlen(server_name);
4348
4349 /* Anything enclosed in [] must be an IP address. */
4350
4351 if (server_name[0] == '[' &&
4352 server_name[namelen - 1] == ']')
4353 {
4354 server_name[namelen - 1] = 0;
4355 server_name++;
4356 if (string_is_ip_address(server_name, NULL) == 0)
4357 {
4358 expand_string_message =
4359 string_sprintf("malformed IP address \"%s\"", server_name);
4360 goto EXPAND_FAILED;
4361 }
4362 shost.name = shost.address = server_name;
4363 }
4364
4365 /* Otherwise check for an unadorned IP address */
4366
4367 else if (string_is_ip_address(server_name, NULL) != 0)
4368 shost.name = shost.address = server_name;
4369
4370 /* Otherwise lookup IP address(es) from the name */
4371
4372 else
4373 {
4374 shost.name = server_name;
4375 if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
4376 FALSE) != HOST_FOUND)
4377 {
4378 expand_string_message =
4379 string_sprintf("no IP address found for host %s", shost.name);
4380 goto EXPAND_FAILED;
4381 }
4382 }
4383
4384 /* Try to connect to the server - test each IP till one works */
4385
4386 for (h = &shost; h != NULL; h = h->next)
4387 {
4388 int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
4389 if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
4390 {
4391 expand_string_message = string_sprintf("failed to create socket: "
4392 "%s", strerror(errno));
4393 goto SOCK_FAIL;
4394 }
4395
4396 if (ip_connect(fd, af, h->address, port, timeout) == 0)
4397 {
4398 connected = TRUE;
4399 break;
4400 }
4401 }
4402
4403 if (!connected)
4404 {
4405 expand_string_message = string_sprintf("failed to connect to "
4406 "socket %s: couldn't connect to any host", sub_arg[0],
4407 strerror(errno));
4408 goto SOCK_FAIL;
4409 }
4410 }
4411
4412 /* Handle a Unix domain socket */
4413
4414 else
4415 {
4416 int rc;
4417 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4418 {
4419 expand_string_message = string_sprintf("failed to create socket: %s",
4420 strerror(errno));
4421 goto SOCK_FAIL;
4422 }
4423
4424 sockun.sun_family = AF_UNIX;
4425 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4426 sub_arg[0]);
4427
4428 sigalrm_seen = FALSE;
4429 alarm(timeout);
4430 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4431 alarm(0);
4432 if (sigalrm_seen)
4433 {
4434 expand_string_message = US "socket connect timed out";
4435 goto SOCK_FAIL;
4436 }
4437 if (rc < 0)
4438 {
4439 expand_string_message = string_sprintf("failed to connect to socket "
4440 "%s: %s", sub_arg[0], strerror(errno));
4441 goto SOCK_FAIL;
4442 }
4443 }
4444
4445 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4446
4447 /* Write the request string, if not empty */
4448
4449 if (sub_arg[1][0] != 0)
4450 {
4451 int len = Ustrlen(sub_arg[1]);
4452 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4453 sub_arg[1]);
4454 if (write(fd, sub_arg[1], len) != len)
4455 {
4456 expand_string_message = string_sprintf("request write to socket "
4457 "failed: %s", strerror(errno));
4458 goto SOCK_FAIL;
4459 }
4460 }
4461
4462 /* Shut down the sending side of the socket. This helps some servers to
4463 recognise that it is their turn to do some work. Just in case some
4464 system doesn't have this function, make it conditional. */
4465
4466 #ifdef SHUT_WR
4467 shutdown(fd, SHUT_WR);
4468 #endif
4469
4470 /* Now we need to read from the socket, under a timeout. The function
4471 that reads a file can be used. */
4472
4473 f = fdopen(fd, "rb");
4474 sigalrm_seen = FALSE;
4475 alarm(timeout);
4476 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4477 alarm(0);
4478 (void)fclose(f);
4479
4480 /* After a timeout, we restore the pointer in the result, that is,
4481 make sure we add nothing from the socket. */
4482
4483 if (sigalrm_seen)
4484 {
4485 ptr = save_ptr;
4486 expand_string_message = US "socket read timed out";
4487 goto SOCK_FAIL;
4488 }
4489 }
4490
4491 /* The whole thing has worked (or we were skipping). If there is a
4492 failure string following, we need to skip it. */
4493
4494 if (*s == '{')
4495 {
4496 if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE) == NULL)
4497 goto EXPAND_FAILED;
4498 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4499 while (isspace(*s)) s++;
4500 }
4501 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4502 continue;
4503
4504 /* Come here on failure to create socket, connect socket, write to the
4505 socket, or timeout on reading. If another substring follows, expand and
4506 use it. Otherwise, those conditions give expand errors. */
4507
4508 SOCK_FAIL:
4509 if (*s != '{') goto EXPAND_FAILED;
4510 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
4511 arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE);
4512 if (arg == NULL) goto EXPAND_FAILED;
4513 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4514 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4515 while (isspace(*s)) s++;
4516 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4517 continue;
4518 }
4519
4520 /* Handle "run" to execute a program. */
4521
4522 case EITEM_RUN:
4523 {
4524 FILE *f;
4525 uschar *arg;
4526 uschar **argv;
4527 pid_t pid;
4528 int fd_in, fd_out;
4529 int lsize = 0;
4530 int lptr = 0;
4531
4532 if ((expand_forbid & RDO_RUN) != 0)
4533 {
4534 expand_string_message = US"running a command is not permitted";
4535 goto EXPAND_FAILED;
4536 }
4537
4538 while (isspace(*s)) s++;
4539 if (*s != '{') goto EXPAND_FAILED_CURLY;
4540 arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
4541 if (arg == NULL) goto EXPAND_FAILED;
4542 while (isspace(*s)) s++;
4543 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4544
4545 if (skipping) /* Just pretend it worked when we're skipping */
4546 {
4547 runrc = 0;
4548 }
4549 else
4550 {
4551 if (!transport_set_up_command(&argv, /* anchor for arg list */
4552 arg, /* raw command */
4553 FALSE, /* don't expand the arguments */
4554 0, /* not relevant when... */
4555 NULL, /* no transporting address */
4556 US"${run} expansion", /* for error messages */
4557 &expand_string_message)) /* where to put error message */
4558 {
4559 goto EXPAND_FAILED;
4560 }
4561
4562 /* Create the child process, making it a group leader. */
4563
4564 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
4565
4566 if (pid < 0)
4567 {
4568 expand_string_message =
4569 string_sprintf("couldn't create child process: %s", strerror(errno));
4570 goto EXPAND_FAILED;
4571 }
4572
4573 /* Nothing is written to the standard input. */
4574
4575 (void)close(fd_in);
4576
4577 /* Read the pipe to get the command's output into $value (which is kept
4578 in lookup_value). Read during execution, so that if the output exceeds
4579 the OS pipe buffer limit, we don't block forever. */
4580
4581 f = fdopen(fd_out, "rb");
4582 sigalrm_seen = FALSE;
4583 alarm(60);
4584 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4585 alarm(0);
4586 (void)fclose(f);
4587
4588 /* Wait for the process to finish, applying the timeout, and inspect its
4589 return code for serious disasters. Simple non-zero returns are passed on.
4590 */
4591
4592 if (sigalrm_seen == TRUE || (runrc = child_close(pid, 30)) < 0)
4593 {
4594 if (sigalrm_seen == TRUE || runrc == -256)
4595 {
4596 expand_string_message = string_sprintf("command timed out");
4597 killpg(pid, SIGKILL); /* Kill the whole process group */
4598 }
4599
4600 else if (runrc == -257)
4601 expand_string_message = string_sprintf("wait() failed: %s",
4602 strerror(errno));
4603
4604 else
4605 expand_string_message = string_sprintf("command killed by signal %d",
4606 -runrc);
4607
4608 goto EXPAND_FAILED;
4609 }
4610 }
4611
4612 /* Process the yes/no strings; $value may be useful in both cases */
4613
4614 switch(process_yesno(
4615 skipping, /* were previously skipping */
4616 runrc == 0, /* success/failure indicator */
4617 lookup_value, /* value to reset for string2 */
4618 &s, /* input pointer */
4619 &yield, /* output pointer */
4620 &size, /* output size */
4621 &ptr, /* output current point */
4622 US"run")) /* condition type */
4623 {
4624 case 1: goto EXPAND_FAILED; /* when all is well, the */
4625 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4626 }
4627
4628 continue;
4629 }
4630
4631 /* Handle character translation for "tr" */
4632
4633 case EITEM_TR:
4634 {
4635 int oldptr = ptr;
4636 int o2m;
4637 uschar *sub[3];
4638
4639 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
4640 {
4641 case 1: goto EXPAND_FAILED_CURLY;
4642 case 2:
4643 case 3: goto EXPAND_FAILED;
4644 }
4645
4646 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4647 o2m = Ustrlen(sub[2]) - 1;
4648
4649 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4650 {
4651 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4652 if (m != NULL)
4653 {
4654 int o = m - sub[1];
4655 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4656 }
4657 }
4658
4659 continue;
4660 }
4661
4662 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4663 expanded arguments. */
4664
4665 case EITEM_HASH:
4666 case EITEM_LENGTH:
4667 case EITEM_NHASH:
4668 case EITEM_SUBSTR:
4669 {
4670 int i;
4671 int len;
4672 uschar *ret;
4673 int val[2] = { 0, -1 };
4674 uschar *sub[3];
4675
4676 /* "length" takes only 2 arguments whereas the others take 2 or 3.
4677 Ensure that sub[2] is set in the ${length case. */
4678
4679 sub[2] = NULL;
4680 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
4681 TRUE, name))
4682 {
4683 case 1: goto EXPAND_FAILED_CURLY;
4684 case 2:
4685 case 3: goto EXPAND_FAILED;
4686 }
4687
4688 /* Juggle the arguments if there are only two of them: always move the
4689 string to the last position and make ${length{n}{str}} equivalent to
4690 ${substr{0}{n}{str}}. See the defaults for val[] above. */
4691
4692 if (sub[2] == NULL)
4693 {
4694 sub[2] = sub[1];
4695 sub[1] = NULL;
4696 if (item_type == EITEM_LENGTH)
4697 {
4698 sub[1] = sub[0];
4699 sub[0] = NULL;
4700 }
4701 }
4702
4703 for (i = 0; i < 2; i++)
4704 {
4705 if (sub[i] == NULL) continue;
4706 val[i] = (int)Ustrtol(sub[i], &ret, 10);
4707 if (*ret != 0 || (i != 0 && val[i] < 0))
4708 {
4709 expand_string_message = string_sprintf("\"%s\" is not a%s number "
4710 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
4711 goto EXPAND_FAILED;
4712 }
4713 }
4714
4715 ret =
4716 (item_type == EITEM_HASH)?
4717 compute_hash(sub[2], val[0], val[1], &len) :
4718 (item_type == EITEM_NHASH)?
4719 compute_nhash(sub[2], val[0], val[1], &len) :
4720 extract_substr(sub[2], val[0], val[1], &len);
4721
4722 if (ret == NULL) goto EXPAND_FAILED;
4723 yield = string_cat(yield, &size, &ptr, ret, len);
4724 continue;
4725 }
4726
4727 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
4728 This code originally contributed by Steve Haslam. It currently supports
4729 the use of MD5 and SHA-1 hashes.
4730
4731 We need some workspace that is large enough to handle all the supported
4732 hash types. Use macros to set the sizes rather than be too elaborate. */
4733
4734 #define MAX_HASHLEN 20
4735 #define MAX_HASHBLOCKLEN 64
4736
4737 case EITEM_HMAC:
4738 {
4739 uschar *sub[3];
4740 md5 md5_base;
4741 sha1 sha1_base;
4742 void *use_base;
4743 int type, i;
4744 int hashlen; /* Number of octets for the hash algorithm's output */
4745 int hashblocklen; /* Number of octets the hash algorithm processes */
4746 uschar *keyptr, *p;
4747 unsigned int keylen;
4748
4749 uschar keyhash[MAX_HASHLEN];
4750 uschar innerhash[MAX_HASHLEN];
4751 uschar finalhash[MAX_HASHLEN];
4752 uschar finalhash_hex[2*MAX_HASHLEN];
4753 uschar innerkey[MAX_HASHBLOCKLEN];
4754 uschar outerkey[MAX_HASHBLOCKLEN];
4755
4756 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
4757 {
4758 case 1: goto EXPAND_FAILED_CURLY;
4759 case 2:
4760 case 3: goto EXPAND_FAILED;
4761 }
4762
4763 if (Ustrcmp(sub[0], "md5") == 0)
4764 {
4765 type = HMAC_MD5;
4766 use_base = &md5_base;
4767 hashlen = 16;
4768 hashblocklen = 64;
4769 }
4770 else if (Ustrcmp(sub[0], "sha1") == 0)
4771 {
4772 type = HMAC_SHA1;
4773 use_base = &sha1_base;
4774 hashlen = 20;
4775 hashblocklen = 64;
4776 }
4777 else
4778 {
4779 expand_string_message =
4780 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
4781 goto EXPAND_FAILED;
4782 }
4783
4784 keyptr = sub[1];
4785 keylen = Ustrlen(keyptr);
4786
4787 /* If the key is longer than the hash block length, then hash the key
4788 first */
4789
4790 if (keylen > hashblocklen)
4791 {
4792 chash_start(type, use_base);
4793 chash_end(type, use_base, keyptr, keylen, keyhash);
4794 keyptr = keyhash;
4795 keylen = hashlen;
4796 }
4797
4798 /* Now make the inner and outer key values */
4799
4800 memset(innerkey, 0x36, hashblocklen);
4801 memset(outerkey, 0x5c, hashblocklen);
4802
4803 for (i = 0; i < keylen; i++)
4804 {
4805 innerkey[i] ^= keyptr[i];
4806 outerkey[i] ^= keyptr[i];
4807 }
4808
4809 /* Now do the hashes */
4810
4811 chash_start(type, use_base);
4812 chash_mid(type, use_base, innerkey);
4813 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
4814
4815 chash_start(type, use_base);
4816 chash_mid(type, use_base, outerkey);
4817 chash_end(type, use_base, innerhash, hashlen, finalhash);
4818
4819 /* Encode the final hash as a hex string */
4820
4821 p = finalhash_hex;
4822 for (i = 0; i < hashlen; i++)
4823 {
4824 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
4825 *p++ = hex_digits[finalhash[i] & 0x0f];
4826 }
4827
4828 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
4829 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
4830
4831 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
4832 }
4833
4834 continue;
4835
4836 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
4837 We have to save the numerical variables and restore them afterwards. */
4838
4839 case EITEM_SG:
4840 {
4841 const pcre *re;
4842 int moffset, moffsetextra, slen;
4843 int roffset;
4844 int emptyopt;
4845 const uschar *rerror;
4846 uschar *subject;
4847 uschar *sub[3];
4848 int save_expand_nmax =
4849 save_expand_strings(save_expand_nstring, save_expand_nlength);
4850
4851 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
4852 {
4853 case 1: goto EXPAND_FAILED_CURLY;
4854 case 2:
4855 case 3: goto EXPAND_FAILED;
4856 }
4857
4858 /* Compile the regular expression */
4859
4860 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
4861 NULL);
4862
4863 if (re == NULL)
4864 {
4865 expand_string_message = string_sprintf("regular expression error in "
4866 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
4867 goto EXPAND_FAILED;
4868 }
4869
4870 /* Now run a loop to do the substitutions as often as necessary. It ends
4871 when there are no more matches. Take care over matches of the null string;
4872 do the same thing as Perl does. */
4873
4874 subject = sub[0];
4875 slen = Ustrlen(sub[0]);
4876 moffset = moffsetextra = 0;
4877 emptyopt = 0;
4878
4879 for (;;)
4880 {
4881 int ovector[3*(EXPAND_MAXN+1)];
4882 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
4883 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
4884 int nn;
4885 uschar *insert;
4886
4887 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
4888 is not necessarily the end. We want to repeat the match from one
4889 character further along, but leaving the basic offset the same (for
4890 copying below). We can't be at the end of the string - that was checked
4891 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
4892 finished; copy the remaining string and end the loop. */
4893
4894 if (n < 0)
4895 {
4896 if (emptyopt != 0)
4897 {
4898 moffsetextra = 1;
4899 emptyopt = 0;
4900 continue;
4901 }
4902 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
4903 break;
4904 }
4905
4906 /* Match - set up for expanding the replacement. */
4907
4908 if (n == 0) n = EXPAND_MAXN + 1;
4909 expand_nmax = 0;
4910 for (nn = 0; nn < n*2; nn += 2)
4911 {
4912 expand_nstring[expand_nmax] = subject + ovector[nn];
4913 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4914 }
4915 expand_nmax--;
4916
4917 /* Copy the characters before the match, plus the expanded insertion. */
4918
4919 yield = string_cat(yield, &size, &ptr, subject + moffset,
4920 ovector[0] - moffset);
4921 insert = expand_string(sub[2]);
4922 if (insert == NULL) goto EXPAND_FAILED;
4923 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
4924
4925 moffset = ovector[1];
4926 moffsetextra = 0;
4927 emptyopt = 0;
4928
4929 /* If we have matched an empty string, first check to see if we are at
4930 the end of the subject. If so, the loop is over. Otherwise, mimic
4931 what Perl's /g options does. This turns out to be rather cunning. First
4932 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
4933 string at the same point. If this fails (picked up above) we advance to
4934 the next character. */
4935
4936 if (ovector[0] == ovector[1])
4937 {
4938 if (ovector[0] == slen) break;
4939 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
4940 }
4941 }
4942
4943 /* All done - restore numerical variables. */
4944
4945 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4946 save_expand_nlength);
4947 continue;
4948 }
4949
4950 /* Handle keyed and numbered substring extraction. If the first argument
4951 consists entirely of digits, then a numerical extraction is assumed. */
4952
4953 case EITEM_EXTRACT:
4954 {
4955 int i;
4956 int j = 2;
4957 int field_number = 1;
4958 BOOL field_number_set = FALSE;
4959 uschar *save_lookup_value = lookup_value;
4960 uschar *sub[3];
4961 int save_expand_nmax =
4962 save_expand_strings(save_expand_nstring, save_expand_nlength);
4963
4964 /* Read the arguments */
4965
4966 for (i = 0; i < j; i++)
4967 {
4968 while (isspace(*s)) s++;
4969 if (*s == '{')
4970 {
4971 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
4972 if (sub[i] == NULL) goto EXPAND_FAILED;
4973 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4974
4975 /* After removal of leading and trailing white space, the first
4976 argument must not be empty; if it consists entirely of digits
4977 (optionally preceded by a minus sign), this is a numerical
4978 extraction, and we expect 3 arguments. */
4979
4980 if (i == 0)
4981 {
4982 int len;
4983 int x = 0;
4984 uschar *p = sub[0];
4985
4986 while (isspace(*p)) p++;
4987 sub[0] = p;
4988
4989 len = Ustrlen(p);
4990 while (len > 0 && isspace(p[len-1])) len--;
4991 p[len] = 0;
4992
4993 if (*p == 0 && !skipping)
4994 {
4995 expand_string_message = US"first argument of \"extract\" must "
4996 "not be empty";
4997 goto EXPAND_FAILED;
4998 }
4999
5000 if (*p == '-')
5001 {
5002 field_number = -1;
5003 p++;
5004 }
5005 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
5006 if (*p == 0)
5007 {
5008 field_number *= x;
5009 j = 3; /* Need 3 args */
5010 field_number_set = TRUE;
5011 }
5012 }
5013 }
5014 else goto EXPAND_FAILED_CURLY;
5015 }
5016
5017 /* Extract either the numbered or the keyed substring into $value. If
5018 skipping, just pretend the extraction failed. */
5019
5020 lookup_value = skipping? NULL : field_number_set?
5021 expand_gettokened(field_number, sub[1], sub[2]) :
5022 expand_getkeyed(sub[0], sub[1]);
5023
5024 /* If no string follows, $value gets substituted; otherwise there can
5025 be yes/no strings, as for lookup or if. */
5026
5027 switch(process_yesno(
5028 skipping, /* were previously skipping */
5029 lookup_value != NULL, /* success/failure indicator */
5030 save_lookup_value, /* value to reset for string2 */
5031 &s, /* input pointer */
5032 &yield, /* output pointer */
5033 &size, /* output size */
5034 &ptr, /* output current point */
5035 US"extract")) /* condition type */
5036 {
5037 case 1: goto EXPAND_FAILED; /* when all is well, the */
5038 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5039 }
5040
5041 /* All done - restore numerical variables. */
5042
5043 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5044 save_expand_nlength);
5045
5046 continue;
5047 }
5048
5049
5050 /* Handle list operations */
5051
5052 case EITEM_FILTER:
5053 case EITEM_MAP:
5054 case EITEM_REDUCE:
5055 {
5056 int sep = 0;
5057 int save_ptr = ptr;
5058 uschar outsep[2] = { '\0', '\0' };
5059 uschar *list, *expr, *temp;
5060 uschar *save_iterate_item = iterate_item;
5061 uschar *save_lookup_value = lookup_value;
5062
5063 while (isspace(*s)) s++;
5064 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5065
5066 list = expand_string_internal(s, TRUE, &s, skipping, TRUE);
5067 if (list == NULL) goto EXPAND_FAILED;
5068 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5069
5070 if (item_type == EITEM_REDUCE)
5071 {
5072 while (isspace(*s)) s++;
5073 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5074 temp = expand_string_internal(s, TRUE, &s, skipping, TRUE);
5075 if (temp == NULL) goto EXPAND_FAILED;
5076 lookup_value = temp;
5077 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5078 }
5079
5080 while (isspace(*s)) s++;
5081 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5082
5083 expr = s;
5084
5085 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
5086 if scanning a "false" part). This allows us to find the end of the
5087 condition, because if the list is empty, we won't actually evaluate the
5088 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
5089 the normal internal expansion function. */
5090
5091 if (item_type == EITEM_FILTER)
5092 {
5093 temp = eval_condition(expr, NULL);
5094 if (temp != NULL) s = temp;
5095 }
5096 else
5097 {
5098 temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE);
5099 }
5100
5101 if (temp == NULL)
5102 {
5103 expand_string_message = string_sprintf("%s inside \"%s\" item",
5104 expand_string_message, name);
5105 goto EXPAND_FAILED;
5106 }
5107
5108 while (isspace(*s)) s++;
5109 if (*s++ != '}')
5110 {
5111 expand_string_message = string_sprintf("missing } at end of condition "
5112 "or expression inside \"%s\"", name);
5113 goto EXPAND_FAILED;
5114 }
5115
5116 while (isspace(*s)) s++;
5117 if (*s++ != '}')
5118 {
5119 expand_string_message = string_sprintf("missing } at end of \"%s\"",
5120 name);
5121 goto EXPAND_FAILED;
5122 }
5123
5124 /* If we are skipping, we can now just move on to the next item. When
5125 processing for real, we perform the iteration. */
5126
5127 if (skipping) continue;
5128 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
5129 {
5130 *outsep = (uschar)sep; /* Separator as a string */
5131
5132 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
5133
5134 if (item_type == EITEM_FILTER)
5135 {
5136 BOOL condresult;
5137 if (eval_condition(expr, &condresult) == NULL)
5138 {
5139 iterate_item = save_iterate_item;
5140 lookup_value = save_lookup_value;
5141 expand_string_message = string_sprintf("%s inside \"%s\" condition",
5142 expand_string_message, name);
5143 goto EXPAND_FAILED;
5144 }
5145 DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
5146 condresult? "true":"false");
5147 if (condresult)
5148 temp = iterate_item; /* TRUE => include this item */
5149 else
5150 continue; /* FALSE => skip this item */
5151 }
5152
5153 /* EITEM_MAP and EITEM_REDUCE */
5154
5155 else
5156 {
5157 temp = expand_string_internal(expr, TRUE, NULL, skipping, TRUE);
5158 if (temp == NULL)
5159 {
5160 iterate_item = save_iterate_item;
5161 expand_string_message = string_sprintf("%s inside \"%s\" item",
5162 expand_string_message, name);
5163 goto EXPAND_FAILED;
5164 }
5165 if (item_type == EITEM_REDUCE)
5166 {
5167 lookup_value = temp; /* Update the value of $value */
5168 continue; /* and continue the iteration */
5169 }
5170 }
5171
5172 /* We reach here for FILTER if the condition is true, always for MAP,
5173 and never for REDUCE. The value in "temp" is to be added to the output
5174 list that is being created, ensuring that any occurrences of the
5175 separator character are doubled. Unless we are dealing with the first
5176 item of the output list, add in a space if the new item begins with the
5177 separator character, or is an empty string. */
5178
5179 if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
5180 yield = string_cat(yield, &size, &ptr, US" ", 1);
5181
5182 /* Add the string in "temp" to the output list that we are building,
5183 This is done in chunks by searching for the separator character. */
5184
5185 for (;;)
5186 {
5187 size_t seglen = Ustrcspn(temp, outsep);
5188 yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
5189
5190 /* If we got to the end of the string we output one character
5191 too many; backup and end the loop. Otherwise arrange to double the
5192 separator. */
5193
5194 if (temp[seglen] == '\0') { ptr--; break; }
5195 yield = string_cat(yield, &size, &ptr, outsep, 1);
5196 temp += seglen + 1;
5197 }
5198
5199 /* Output a separator after the string: we will remove the redundant
5200 final one at the end. */
5201
5202 yield = string_cat(yield, &size, &ptr, outsep, 1);
5203 } /* End of iteration over the list loop */
5204
5205 /* REDUCE has generated no output above: output the final value of
5206 $value. */
5207
5208 if (item_type == EITEM_REDUCE)
5209 {
5210 yield = string_cat(yield, &size, &ptr, lookup_value,
5211 Ustrlen(lookup_value));
5212 lookup_value = save_lookup_value; /* Restore $value */
5213 }
5214
5215 /* FILTER and MAP generate lists: if they have generated anything, remove
5216 the redundant final separator. Even though an empty item at the end of a
5217 list does not count, this is tidier. */
5218
5219 else if (ptr != save_ptr) ptr--;
5220
5221 /* Restore preserved $item */
5222
5223 iterate_item = save_iterate_item;
5224 continue;
5225 }
5226
5227
5228 /* If ${dlfunc support is configured, handle calling dynamically-loaded
5229 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
5230 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
5231 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
5232
5233 #define EXPAND_DLFUNC_MAX_ARGS 8
5234
5235 case EITEM_DLFUNC:
5236 #ifndef EXPAND_DLFUNC
5237 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
5238 "is not included in this binary";
5239 goto EXPAND_FAILED;
5240
5241 #else /* EXPAND_DLFUNC */
5242 {
5243 tree_node *t;
5244 exim_dlfunc_t *func;
5245 uschar *result;
5246 int status, argc;
5247 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
5248
5249 if ((expand_forbid & RDO_DLFUNC) != 0)
5250 {
5251 expand_string_message =
5252 US"dynamically-loaded functions are not permitted";
5253 goto EXPAND_FAILED;
5254 }
5255
5256 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
5257 TRUE, US"dlfunc"))
5258 {
5259 case 1: goto EXPAND_FAILED_CURLY;
5260 case 2:
5261 case 3: goto EXPAND_FAILED;
5262 }
5263
5264 /* If skipping, we don't actually do anything */
5265
5266 if (skipping) continue;
5267
5268 /* Look up the dynamically loaded object handle in the tree. If it isn't
5269 found, dlopen() the file and put the handle in the tree for next time. */
5270
5271 t = tree_search(dlobj_anchor, argv[0]);
5272 if (t == NULL)
5273 {
5274 void *handle = dlopen(CS argv[0], RTLD_LAZY);
5275 if (handle == NULL)
5276 {
5277 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
5278 argv[0], dlerror());
5279 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5280 goto EXPAND_FAILED;
5281 }
5282 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
5283 Ustrcpy(t->name, argv[0]);
5284 t->data.ptr = handle;
5285 (void)tree_insertnode(&dlobj_anchor, t);
5286 }
5287
5288 /* Having obtained the dynamically loaded object handle, look up the
5289 function pointer. */
5290
5291 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
5292 if (func == NULL)
5293 {
5294 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
5295 "%s", argv[1], argv[0], dlerror());
5296 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5297 goto EXPAND_FAILED;
5298 }
5299
5300 /* Call the function and work out what to do with the result. If it
5301 returns OK, we have a replacement string; if it returns DEFER then
5302 expansion has failed in a non-forced manner; if it returns FAIL then
5303 failure was forced; if it returns ERROR or any other value there's a
5304 problem, so panic slightly. In any case, assume that the function has
5305 side-effects on the store that must be preserved. */
5306
5307 resetok = FALSE;
5308 result = NULL;
5309 for (argc = 0; argv[argc] != NULL; argc++);
5310 status = func(&result, argc - 2, &argv[2]);
5311 if(status == OK)
5312 {
5313 if (result == NULL) result = US"";
5314 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
5315 continue;
5316 }
5317 else
5318 {
5319 expand_string_message = result == NULL ? US"(no message)" : result;
5320 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
5321 else if(status != FAIL)
5322 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
5323 argv[0], argv[1], status, expand_string_message);
5324 goto EXPAND_FAILED;
5325 }
5326 }
5327 #endif /* EXPAND_DLFUNC */
5328 }
5329
5330 /* Control reaches here if the name is not recognized as one of the more
5331 complicated expansion items. Check for the "operator" syntax (name terminated
5332 by a colon). Some of the operators have arguments, separated by _ from the
5333 name. */
5334
5335 if (*s == ':')
5336 {
5337 int c;
5338 uschar *arg = NULL;
5339 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
5340 if (sub == NULL) goto EXPAND_FAILED;
5341 s++;
5342
5343 /* Owing to an historical mis-design, an underscore may be part of the
5344 operator name, or it may introduce arguments. We therefore first scan the
5345 table of names that contain underscores. If there is no match, we cut off
5346 the arguments and then scan the main table. */
5347
5348 c = chop_match(name, op_table_underscore,
5349 sizeof(op_table_underscore)/sizeof(uschar *));
5350
5351 if (c < 0)
5352 {
5353 arg = Ustrchr(name, '_');
5354 if (arg != NULL) *arg = 0;
5355 c = chop_match(name, op_table_main,
5356 sizeof(op_table_main)/sizeof(uschar *));
5357 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
5358 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
5359 }
5360
5361 /* If we are skipping, we don't need to perform the operation at all.
5362 This matters for operations like "mask", because the data may not be
5363 in the correct format when skipping. For example, the expression may test
5364 for the existence of $sender_host_address before trying to mask it. For
5365 other operations, doing them may not fail, but it is a waste of time. */
5366
5367 if (skipping && c >= 0) continue;
5368
5369 /* Otherwise, switch on the operator type */
5370
5371 switch(c)
5372 {
5373 case EOP_BASE62:
5374 {
5375 uschar *t;
5376 unsigned long int n = Ustrtoul(sub, &t, 10);
5377 if (*t != 0)
5378 {
5379 expand_string_message = string_sprintf("argument for base62 "
5380 "operator is \"%s\", which is not a decimal number", sub);
5381 goto EXPAND_FAILED;
5382 }
5383 t = string_base62(n);
5384 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5385 continue;
5386 }
5387
5388 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
5389
5390 case EOP_BASE62D:
5391 {
5392 uschar buf[16];
5393 uschar *tt = sub;
5394 unsigned long int n = 0;
5395 while (*tt != 0)
5396 {
5397 uschar *t = Ustrchr(base62_chars, *tt++);
5398 if (t == NULL)
5399 {
5400 expand_string_message = string_sprintf("argument for base62d "
5401 "operator is \"%s\", which is not a base %d number", sub,
5402 BASE_62);
5403 goto EXPAND_FAILED;
5404 }
5405 n = n * BASE_62 + (t - base62_chars);
5406 }
5407 (void)sprintf(CS buf, "%ld", n);
5408 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
5409 continue;
5410 }
5411
5412 case EOP_EXPAND:
5413 {
5414 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE);
5415 if (expanded == NULL)
5416 {
5417 expand_string_message =
5418 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
5419 expand_string_message);
5420 goto EXPAND_FAILED;
5421 }
5422 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
5423 continue;
5424 }
5425
5426 case EOP_LC:
5427 {
5428 int count = 0;
5429 uschar *t = sub - 1;
5430 while (*(++t) != 0) { *t = tolower(*t); count++; }
5431 yield = string_cat(yield, &size, &ptr, sub, count);
5432 continue;
5433 }
5434
5435 case EOP_UC:
5436 {
5437 int count = 0;
5438 uschar *t = sub - 1;
5439 while (*(++t) != 0) { *t = toupper(*t); count++; }
5440 yield = string_cat(yield, &size, &ptr, sub, count);
5441 continue;
5442 }
5443
5444 case EOP_MD5:
5445 {
5446 md5 base;
5447 uschar digest[16];
5448 int j;
5449 char st[33];
5450 md5_start(&base);
5451 md5_end(&base, sub, Ustrlen(sub), digest);
5452 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
5453 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5454 continue;
5455 }
5456
5457 case EOP_SHA1:
5458 {
5459 sha1 base;
5460 uschar digest[20];
5461 int j;
5462 char st[41];
5463 sha1_start(&base);
5464 sha1_end(&base, sub, Ustrlen(sub), digest);
5465 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
5466 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5467 continue;
5468 }
5469
5470 /* Convert hex encoding to base64 encoding */
5471
5472 case EOP_HEX2B64:
5473 {
5474 int c = 0;
5475 int b = -1;
5476 uschar *in = sub;
5477 uschar *out = sub;
5478 uschar *enc;
5479
5480 for (enc = sub; *enc != 0; enc++)
5481 {
5482 if (!isxdigit(*enc))
5483 {
5484 expand_string_message = string_sprintf("\"%s\" is not a hex "
5485 "string", sub);
5486 goto EXPAND_FAILED;
5487 }
5488 c++;
5489 }
5490
5491 if ((c & 1) != 0)
5492 {
5493 expand_string_message = string_sprintf("\"%s\" contains an odd "
5494 "number of characters", sub);
5495 goto EXPAND_FAILED;
5496 }
5497
5498 while ((c = *in++) != 0)
5499 {
5500 if (isdigit(c)) c -= '0';
5501 else c = toupper(c) - 'A' + 10;
5502 if (b == -1)
5503 {
5504 b = c << 4;
5505 }
5506 else
5507 {
5508 *out++ = b | c;
5509 b = -1;
5510 }
5511 }
5512
5513 enc = auth_b64encode(sub, out - sub);
5514 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
5515 continue;
5516 }
5517
5518 /* count the number of list elements */
5519
5520 case EOP_LISTCOUNT:
5521 {
5522 int cnt = 0;
5523 int sep = 0;
5524 uschar * cp;
5525 uschar buffer[256];
5526
5527 while (string_nextinlist(&sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
5528 cp = string_sprintf("%d", cnt);
5529 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
5530 continue;
5531 }
5532
5533 /* expand a named list given the name */
5534 /* handles nested named lists; requotes as colon-sep list */
5535
5536 case EOP_LISTNAMED:
5537 {
5538 tree_node *t = NULL;
5539 uschar * list;
5540 int sep = 0;
5541 uschar * item;
5542 uschar * suffix = "";
5543 BOOL needsep = FALSE;
5544 uschar buffer[256];
5545
5546 if (*sub == '+') sub++;
5547 if (arg == NULL) /* no-argument version */
5548 {
5549 if (!(t = tree_search(addresslist_anchor, sub)) &&
5550 !(t = tree_search(domainlist_anchor, sub)) &&
5551 !(t = tree_search(hostlist_anchor, sub)))
5552 t = tree_search(localpartlist_anchor, sub);
5553 }
5554 else switch(*arg) /* specific list-type version */
5555 {
5556 case 'a': t = tree_search(addresslist_anchor, sub); suffix = "_a"; break;
5557 case 'd': t = tree_search(domainlist_anchor, sub); suffix = "_d"; break;
5558 case 'h': t = tree_search(hostlist_anchor, sub); suffix = "_h"; break;
5559 case 'l': t = tree_search(localpartlist_anchor, sub); suffix = "_l"; break;
5560 default:
5561 expand_string_message = string_sprintf("bad suffix on \"list\" operator");
5562 goto EXPAND_FAILED;
5563 }
5564
5565 if(!t)
5566 {
5567 expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
5568 sub, !arg?""
5569 : *arg=='a'?"address "
5570 : *arg=='d'?"domain "
5571 : *arg=='h'?"host "
5572 : *arg=='l'?"localpart "
5573 : 0);
5574 goto EXPAND_FAILED;
5575 }
5576
5577 list = ((namedlist_block *)(t->data.ptr))->string;
5578
5579 while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
5580 {
5581 uschar * buf = US" : ";
5582 if (needsep)
5583 yield = string_cat(yield, &size, &ptr, buf, 3);
5584 else
5585 needsep = TRUE;
5586
5587 if (*item == '+') /* list item is itself a named list */
5588 {
5589 uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
5590 item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE);
5591 }
5592 else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
5593 {
5594 char * cp;
5595 char tok[3];
5596 tok[0] = sep; tok[1] = ':'; tok[2] = 0;
5597 while ((cp= strpbrk((const char *)item, tok)))
5598 {
5599 yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
5600 if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
5601 {
5602 yield = string_cat(yield, &size, &ptr, US"::", 2);
5603 item = cp;
5604 }
5605 else /* sep in item; should already be doubled; emit once */
5606 {
5607 yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
5608 if (*cp == sep) cp++;
5609 item = cp;
5610 }
5611 }
5612 }
5613 yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
5614 }
5615 continue;
5616 }
5617
5618 /* mask applies a mask to an IP address; for example the result of
5619 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
5620
5621 case EOP_MASK:
5622 {
5623 int count;
5624 uschar *endptr;
5625 int binary[4];
5626 int mask, maskoffset;
5627 int type = string_is_ip_address(sub, &maskoffset);
5628 uschar buffer[64];
5629
5630 if (type == 0)
5631 {
5632 expand_string_message = string_sprintf("\"%s\" is not an IP address",
5633 sub);
5634 goto EXPAND_FAILED;
5635 }
5636
5637 if (maskoffset == 0)
5638 {
5639 expand_string_message = string_sprintf("missing mask value in \"%s\"",
5640 sub);
5641 goto EXPAND_FAILED;
5642 }
5643
5644 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
5645
5646 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
5647 {
5648 expand_string_message = string_sprintf("mask value too big in \"%s\"",
5649 sub);
5650 goto EXPAND_FAILED;
5651 }
5652
5653 /* Convert the address to binary integer(s) and apply the mask */
5654
5655 sub[maskoffset] = 0;
5656 count = host_aton(sub, binary);
5657 host_mask(count, binary, mask);
5658
5659 /* Convert to masked textual format and add to output. */
5660
5661 yield = string_cat(yield, &size, &ptr, buffer,
5662 host_nmtoa(count, binary, mask, buffer, '.'));
5663 continue;
5664 }
5665
5666 case EOP_ADDRESS:
5667 case EOP_LOCAL_PART:
5668 case EOP_DOMAIN:
5669 {
5670 uschar *error;
5671 int start, end, domain;
5672 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
5673 FALSE);
5674 if (t != NULL)
5675 {
5676 if (c != EOP_DOMAIN)
5677 {
5678 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
5679 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
5680 }
5681 else if (domain != 0)
5682 {
5683 domain += start;
5684 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
5685 }
5686 }
5687 continue;
5688 }
5689
5690 case EOP_ADDRESSES:
5691 {
5692 uschar outsep[2] = { ':', '\0' };
5693 uschar *address, *error;
5694 int save_ptr = ptr;
5695 int start, end, domain; /* Not really used */
5696
5697 while (isspace(*sub)) sub++;
5698 if (*sub == '>') { *outsep = *++sub; ++sub; }
5699 parse_allow_group = TRUE;
5700
5701 for (;;)
5702 {
5703 uschar *p = parse_find_address_end(sub, FALSE);
5704 uschar saveend = *p;
5705 *p = '\0';
5706 address = parse_extract_address(sub, &error, &start, &end, &domain,
5707 FALSE);
5708 *p = saveend;
5709
5710 /* Add the address to the output list that we are building. This is
5711 done in chunks by searching for the separator character. At the
5712 start, unless we are dealing with the first address of the output
5713 list, add in a space if the new address begins with the separator
5714 character, or is an empty string. */
5715
5716 if (address != NULL)
5717 {
5718 if (ptr != save_ptr && address[0] == *outsep)
5719 yield = string_cat(yield, &size, &ptr, US" ", 1);
5720
5721 for (;;)
5722 {
5723 size_t seglen = Ustrcspn(address, outsep);
5724 yield = string_cat(yield, &size, &ptr, address, seglen + 1);
5725
5726 /* If we got to the end of the string we output one character
5727 too many. */
5728
5729 if (address[seglen] == '\0') { ptr--; break; }
5730 yield = string_cat(yield, &size, &ptr, outsep, 1);
5731 address += seglen + 1;
5732 }
5733
5734 /* Output a separator after the string: we will remove the
5735 redundant final one at the end. */
5736
5737 yield = string_cat(yield, &size, &ptr, outsep, 1);
5738 }
5739
5740 if (saveend == '\0') break;
5741 sub = p + 1;
5742 }
5743
5744 /* If we have generated anything, remove the redundant final
5745 separator. */
5746
5747 if (ptr != save_ptr) ptr--;
5748 parse_allow_group = FALSE;
5749 continue;
5750 }
5751
5752
5753 /* quote puts a string in quotes if it is empty or contains anything
5754 other than alphamerics, underscore, dot, or hyphen.
5755
5756 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
5757 be quoted in order to be a valid local part.
5758
5759 In both cases, newlines and carriage returns are converted into \n and \r
5760 respectively */
5761
5762 case EOP_QUOTE:
5763 case EOP_QUOTE_LOCAL_PART:
5764 if (arg == NULL)
5765 {
5766 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
5767 uschar *t = sub - 1;
5768
5769 if (c == EOP_QUOTE)
5770 {
5771 while (!needs_quote && *(++t) != 0)
5772 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
5773 }
5774 else /* EOP_QUOTE_LOCAL_PART */
5775 {
5776 while (!needs_quote && *(++t) != 0)
5777 needs_quote = !isalnum(*t) &&
5778 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
5779 (*t != '.' || t == sub || t[1] == 0);
5780 }
5781
5782 if (needs_quote)
5783 {
5784 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5785 t = sub - 1;
5786 while (*(++t) != 0)
5787 {
5788 if (*t == '\n')
5789 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
5790 else if (*t == '\r')
5791 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
5792 else
5793 {
5794 if (*t == '\\' || *t == '"')
5795 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5796 yield = string_cat(yield, &size, &ptr, t, 1);
5797 }
5798 }
5799 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5800 }
5801 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5802 continue;
5803 }
5804
5805 /* quote_lookuptype does lookup-specific quoting */
5806
5807 else
5808 {
5809 int n;
5810 uschar *opt = Ustrchr(arg, '_');
5811
5812 if (opt != NULL) *opt++ = 0;
5813
5814 n = search_findtype(arg, Ustrlen(arg));
5815 if (n < 0)
5816 {
5817 expand_string_message = search_error_message;
5818 goto EXPAND_FAILED;
5819 }
5820
5821 if (lookup_list[n]->quote != NULL)
5822 sub = (lookup_list[n]->quote)(sub, opt);
5823 else if (opt != NULL) sub = NULL;
5824
5825 if (sub == NULL)
5826 {
5827 expand_string_message = string_sprintf(
5828 "\"%s\" unrecognized after \"${quote_%s\"",
5829 opt, arg);
5830 goto EXPAND_FAILED;
5831 }
5832
5833 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5834 continue;
5835 }
5836
5837 /* rx quote sticks in \ before any non-alphameric character so that
5838 the insertion works in a regular expression. */
5839
5840 case EOP_RXQUOTE:
5841 {
5842 uschar *t = sub - 1;
5843 while (*(++t) != 0)
5844 {
5845 if (!isalnum(*t))
5846 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5847 yield = string_cat(yield, &size, &ptr, t, 1);
5848 }
5849 continue;
5850 }
5851
5852 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
5853 prescribed by the RFC, if there are characters that need to be encoded */
5854
5855 case EOP_RFC2047:
5856 {
5857 uschar buffer[2048];
5858 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
5859 buffer, sizeof(buffer), FALSE);
5860 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
5861 continue;
5862 }
5863
5864 /* RFC 2047 decode */
5865
5866 case EOP_RFC2047D:
5867 {
5868 int len;
5869 uschar *error;
5870 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
5871 headers_charset, '?', &len, &error);
5872 if (error != NULL)
5873 {
5874 expand_string_message = error;
5875 goto EXPAND_FAILED;
5876 }
5877 yield = string_cat(yield, &size, &ptr, decoded, len);
5878 continue;
5879 }
5880
5881 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
5882 underscores */
5883
5884 case EOP_FROM_UTF8:
5885 {
5886 while (*sub != 0)
5887 {
5888 int c;
5889 uschar buff[4];
5890 GETUTF8INC(c, sub);
5891 if (c > 255) c = '_';
5892 buff[0] = c;
5893 yield = string_cat(yield, &size, &ptr, buff, 1);
5894 }
5895 continue;
5896 }
5897
5898 /* escape turns all non-printing characters into escape sequences. */
5899
5900 case EOP_ESCAPE:
5901 {
5902 uschar *t = string_printing(sub);
5903 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5904 continue;
5905 }
5906
5907 /* Handle numeric expression evaluation */
5908
5909 case EOP_EVAL:
5910 case EOP_EVAL10:
5911 {
5912 uschar *save_sub = sub;
5913 uschar *error = NULL;
5914 int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
5915 if (error != NULL)
5916 {
5917 expand_string_message = string_sprintf("error in expression "
5918 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
5919 save_sub);
5920 goto EXPAND_FAILED;
5921 }
5922 sprintf(CS var_buffer, PR_EXIM_ARITH, n);
5923 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5924 continue;
5925 }
5926
5927 /* Handle time period formating */
5928
5929 case EOP_TIME_EVAL:
5930 {
5931 int n = readconf_readtime(sub, 0, FALSE);
5932 if (n < 0)
5933 {
5934 expand_string_message = string_sprintf("string \"%s\" is not an "
5935 "Exim time interval in \"%s\" operator", sub, name);
5936 goto EXPAND_FAILED;
5937 }
5938 sprintf(CS var_buffer, "%d", n);
5939 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5940 continue;
5941 }
5942
5943 case EOP_TIME_INTERVAL:
5944 {
5945 int n;
5946 uschar *t = read_number(&n, sub);
5947 if (*t != 0) /* Not A Number*/
5948 {
5949 expand_string_message = string_sprintf("string \"%s\" is not a "
5950 "positive number in \"%s\" operator", sub, name);
5951 goto EXPAND_FAILED;
5952 }
5953 t = readconf_printtime(n);
5954 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5955 continue;
5956 }
5957
5958 /* Convert string to base64 encoding */
5959
5960 case EOP_STR2B64:
5961 {
5962 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
5963 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
5964 continue;
5965 }
5966
5967 /* strlen returns the length of the string */
5968
5969 case EOP_STRLEN:
5970 {
5971 uschar buff[24];
5972 (void)sprintf(CS buff, "%d", Ustrlen(sub));
5973 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
5974 continue;
5975 }
5976
5977 /* length_n or l_n takes just the first n characters or the whole string,
5978 whichever is the shorter;
5979
5980 substr_m_n, and s_m_n take n characters from offset m; negative m take
5981 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
5982 takes the rest, either to the right or to the left.
5983
5984 hash_n or h_n makes a hash of length n from the string, yielding n
5985 characters from the set a-z; hash_n_m makes a hash of length n, but
5986 uses m characters from the set a-zA-Z0-9.
5987
5988 nhash_n returns a single number between 0 and n-1 (in text form), while
5989 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
5990 between 0 and n-1 and the second between 0 and m-1. */
5991
5992 case EOP_LENGTH:
5993 case EOP_L:
5994 case EOP_SUBSTR:
5995 case EOP_S:
5996 case EOP_HASH:
5997 case EOP_H:
5998 case EOP_NHASH:
5999 case EOP_NH:
6000 {
6001 int sign = 1;
6002 int value1 = 0;
6003 int value2 = -1;
6004 int *pn;
6005 int len;
6006 uschar *ret;
6007
6008 if (arg == NULL)
6009 {
6010 expand_string_message = string_sprintf("missing values after %s",
6011 name);
6012 goto EXPAND_FAILED;
6013 }
6014
6015 /* "length" has only one argument, effectively being synonymous with
6016 substr_0_n. */
6017
6018 if (c == EOP_LENGTH || c == EOP_L)
6019 {
6020 pn = &value2;
6021 value2 = 0;
6022 }
6023
6024 /* The others have one or two arguments; for "substr" the first may be
6025 negative. The second being negative means "not supplied". */
6026
6027 else
6028 {
6029 pn = &value1;
6030 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
6031 }
6032
6033 /* Read up to two numbers, separated by underscores */
6034
6035 ret = arg;
6036 while (*arg != 0)
6037 {
6038 if (arg != ret && *arg == '_' && pn == &value1)
6039 {
6040 pn = &value2;
6041 value2 = 0;
6042 if (arg[1] != 0) arg++;
6043 }
6044 else if (!isdigit(*arg))
6045 {
6046 expand_string_message =
6047 string_sprintf("non-digit after underscore in \"%s\"", name);
6048 goto EXPAND_FAILED;
6049 }
6050 else *pn = (*pn)*10 + *arg++ - '0';
6051 }
6052 value1 *= sign;
6053
6054 /* Perform the required operation */
6055
6056 ret =
6057 (c == EOP_HASH || c == EOP_H)?
6058 compute_hash(sub, value1, value2, &len) :
6059 (c == EOP_NHASH || c == EOP_NH)?
6060 compute_nhash(sub, value1, value2, &len) :
6061 extract_substr(sub, value1, value2, &len);
6062
6063 if (ret == NULL) goto EXPAND_FAILED;
6064 yield = string_cat(yield, &size, &ptr, ret, len);
6065 continue;
6066 }
6067
6068 /* Stat a path */
6069
6070 case EOP_STAT:
6071 {
6072 uschar *s;
6073 uschar smode[12];
6074 uschar **modetable[3];
6075 int i;
6076 mode_t mode;
6077 struct stat st;
6078
6079 if ((expand_forbid & RDO_EXISTS) != 0)
6080 {
6081 expand_string_message = US"Use of the stat() expansion is not permitted";
6082 goto EXPAND_FAILED;
6083 }
6084
6085 if (stat(CS sub, &st) < 0)
6086 {
6087 expand_string_message = string_sprintf("stat(%s) failed: %s",
6088 sub, strerror(errno));
6089 goto EXPAND_FAILED;
6090 }
6091 mode = st.st_mode;
6092 switch (mode & S_IFMT)
6093 {
6094 case S_IFIFO: smode[0] = 'p'; break;
6095 case S_IFCHR: smode[0] = 'c'; break;
6096 case S_IFDIR: smode[0] = 'd'; break;
6097 case S_IFBLK: smode[0] = 'b'; break;
6098 case S_IFREG: smode[0] = '-'; break;
6099 default: smode[0] = '?'; break;
6100 }
6101
6102 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
6103 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
6104 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
6105
6106 for (i = 0; i < 3; i++)
6107 {
6108 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
6109 mode >>= 3;
6110 }
6111
6112 smode[10] = 0;
6113 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
6114 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
6115 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
6116 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
6117 (long)st.st_gid, st.st_size, (long)st.st_atime,
6118 (long)st.st_mtime, (long)st.st_ctime);
6119 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6120 continue;
6121 }
6122
6123 /* vaguely random number less than N */
6124
6125 case EOP_RANDINT:
6126 {
6127 int_eximarith_t max;
6128 uschar *s;
6129
6130 max = expand_string_integer(sub, TRUE);
6131 if (expand_string_message != NULL)
6132 goto EXPAND_FAILED;
6133 s = string_sprintf("%d", vaguely_random_number((int)max));
6134 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6135 continue;
6136 }
6137
6138 /* Reverse IP, including IPv6 to dotted-nibble */
6139
6140 case EOP_REVERSE_IP:
6141 {
6142 int family, maskptr;
6143 uschar reversed[128];
6144
6145 family = string_is_ip_address(sub, &maskptr);
6146 if (family == 0)
6147 {
6148 expand_string_message = string_sprintf(
6149 "reverse_ip() not given an IP address [%s]", sub);
6150 goto EXPAND_FAILED;
6151 }
6152 invert_address(reversed, sub);
6153 yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed));
6154 continue;
6155 }
6156
6157 /* Unknown operator */
6158
6159 default:
6160 expand_string_message =
6161 string_sprintf("unknown expansion operator \"%s\"", name);
6162 goto EXPAND_FAILED;
6163 }
6164 }
6165
6166 /* Handle a plain name. If this is the first thing in the expansion, release
6167 the pre-allocated buffer. If the result data is known to be in a new buffer,
6168 newsize will be set to the size of that buffer, and we can just point at that
6169 store instead of copying. Many expansion strings contain just one reference,
6170 so this is a useful optimization, especially for humungous headers
6171 ($message_headers). */
6172
6173 if (*s++ == '}')
6174 {
6175 int len;
6176 int newsize = 0;
6177 if (ptr == 0)
6178 {
6179 if (resetok) store_reset(yield);
6180 yield = NULL;
6181 size = 0;
6182 }
6183 value = find_variable(name, FALSE, skipping, &newsize);
6184 if (value == NULL)
6185 {
6186 expand_string_message =
6187 string_sprintf("unknown variable in \"${%s}\"", name);
6188 check_variable_error_message(name);
6189 goto EXPAND_FAILED;
6190 }
6191 len = Ustrlen(value);
6192 if (yield == NULL && newsize != 0)
6193 {
6194 yield = value;
6195 size = newsize;
6196 ptr = len;
6197 }
6198 else yield = string_cat(yield, &size, &ptr, value, len);
6199 continue;
6200 }
6201
6202 /* Else there's something wrong */
6203
6204 expand_string_message =
6205 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
6206 "in a variable reference)", name);
6207 goto EXPAND_FAILED;
6208 }
6209
6210 /* If we hit the end of the string when ket_ends is set, there is a missing
6211 terminating brace. */
6212
6213 if (ket_ends && *s == 0)
6214 {
6215 expand_string_message = malformed_header?
6216 US"missing } at end of string - could be header name not terminated by colon"
6217 :
6218 US"missing } at end of string";
6219 goto EXPAND_FAILED;
6220 }
6221
6222 /* Expansion succeeded; yield may still be NULL here if nothing was actually
6223 added to the string. If so, set up an empty string. Add a terminating zero. If
6224 left != NULL, return a pointer to the terminator. */
6225
6226 if (yield == NULL) yield = store_get(1);
6227 yield[ptr] = 0;
6228 if (left != NULL) *left = s;
6229
6230 /* Any stacking store that was used above the final string is no longer needed.
6231 In many cases the final string will be the first one that was got and so there
6232 will be optimal store usage. */
6233
6234 if (resetok) store_reset(yield + ptr + 1);
6235 DEBUG(D_expand)
6236 {
6237 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
6238 yield);
6239 if (skipping) debug_printf("skipping: result is not used\n");
6240 }
6241 return yield;
6242
6243 /* This is the failure exit: easiest to program with a goto. We still need
6244 to update the pointer to the terminator, for cases of nested calls with "fail".
6245 */
6246
6247 EXPAND_FAILED_CURLY:
6248 expand_string_message = malformed_header?
6249 US"missing or misplaced { or } - could be header name not terminated by colon"
6250 :
6251 US"missing or misplaced { or }";
6252
6253 /* At one point, Exim reset the store to yield (if yield was not NULL), but
6254 that is a bad idea, because expand_string_message is in dynamic store. */
6255
6256 EXPAND_FAILED:
6257 if (left != NULL) *left = s;
6258 DEBUG(D_expand)
6259 {
6260 debug_printf("failed to expand: %s\n", string);
6261 debug_printf(" error message: %s\n", expand_string_message);
6262 if (expand_string_forcedfail) debug_printf("failure was forced\n");
6263 }
6264 return NULL;
6265 }
6266
6267
6268 /* This is the external function call. Do a quick check for any expansion
6269 metacharacters, and if there are none, just return the input string.
6270
6271 Argument: the string to be expanded
6272 Returns: the expanded string, or NULL if expansion failed; if failure was
6273 due to a lookup deferring, search_find_defer will be TRUE
6274 */
6275
6276 uschar *
6277 expand_string(uschar *string)
6278 {
6279 search_find_defer = FALSE;
6280 malformed_header = FALSE;
6281 return (Ustrpbrk(string, "$\\") == NULL)? string :
6282 expand_string_internal(string, FALSE, NULL, FALSE, TRUE);
6283 }
6284
6285
6286
6287 /*************************************************
6288 * Expand and copy *
6289 *************************************************/
6290
6291 /* Now and again we want to expand a string and be sure that the result is in a
6292 new bit of store. This function does that.
6293
6294 Argument: the string to be expanded
6295 Returns: the expanded string, always in a new bit of store, or NULL
6296 */
6297
6298 uschar *
6299 expand_string_copy(uschar *string)
6300 {
6301 uschar *yield = expand_string(string);
6302 if (yield == string) yield = string_copy(string);
6303 return yield;
6304 }
6305
6306
6307
6308 /*************************************************
6309 * Expand and interpret as an integer *
6310 *************************************************/
6311
6312 /* Expand a string, and convert the result into an integer.
6313
6314 Arguments:
6315 string the string to be expanded
6316 isplus TRUE if a non-negative number is expected
6317
6318 Returns: the integer value, or
6319 -1 for an expansion error ) in both cases, message in
6320 -2 for an integer interpretation error ) expand_string_message
6321 expand_string_message is set NULL for an OK integer
6322 */
6323
6324 int_eximarith_t
6325 expand_string_integer(uschar *string, BOOL isplus)
6326 {
6327 int_eximarith_t value;
6328 uschar *s = expand_string(string);
6329 uschar *msg = US"invalid integer \"%s\"";
6330 uschar *endptr;
6331
6332 /* If expansion failed, expand_string_message will be set. */
6333
6334 if (s == NULL) return -1;
6335
6336 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
6337 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
6338 systems, so we set it zero ourselves. */
6339
6340 errno = 0;
6341 expand_string_message = NULL; /* Indicates no error */
6342
6343 /* Before Exim 4.64, strings consisting entirely of whitespace compared
6344 equal to 0. Unfortunately, people actually relied upon that, so preserve
6345 the behaviour explicitly. Stripping leading whitespace is a harmless
6346 noop change since strtol skips it anyway (provided that there is a number
6347 to find at all). */
6348 if (isspace(*s))
6349 {
6350 while (isspace(*s)) ++s;
6351 if (*s == '\0')
6352 {
6353 DEBUG(D_expand)
6354 debug_printf("treating blank string as number 0\n");
6355 return 0;
6356 }
6357 }
6358
6359 value = strtoll(CS s, CSS &endptr, 10);
6360
6361 if (endptr == s)
6362 {
6363 msg = US"integer expected but \"%s\" found";
6364 }
6365 else if (value < 0 && isplus)
6366 {
6367 msg = US"non-negative integer expected but \"%s\" found";
6368 }
6369 else
6370 {
6371 switch (tolower(*endptr))
6372 {
6373 default:
6374 break;
6375 case 'k':
6376 if (value > LLONG_MAX/1024 || value < LLONG_MIN/1024) errno = ERANGE;
6377 else value *= 1024;
6378 endptr++;
6379 break;
6380 case 'm':
6381 if (value > LLONG_MAX/(1024*1024) || value < LLONG_MIN/(1024*1024)) errno = ERANGE;
6382 else value *= 1024*1024;
6383 endptr++;
6384 break;
6385 case 'g':
6386 if (value > LLONG_MAX/(1024*1024*1024) || value < LLONG_MIN/(1024*1024*1024)) errno = ERANGE;
6387 else value *= 1024*1024*1024;
6388 endptr++;
6389 break;
6390 }
6391 if (errno == ERANGE)
6392 msg = US"absolute value of integer \"%s\" is too large (overflow)";
6393 else
6394 {
6395 while (isspace(*endptr)) endptr++;
6396 if (*endptr == 0) return (int)value;
6397 }
6398 }
6399
6400 expand_string_message = string_sprintf(CS msg, s);
6401 return -2;
6402 }
6403
6404
6405 /*************************************************
6406 **************************************************
6407 * Stand-alone test program *
6408 **************************************************
6409 *************************************************/
6410
6411 #ifdef STAND_ALONE
6412
6413
6414 BOOL
6415 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
6416 {
6417 int ovector[3*(EXPAND_MAXN+1)];
6418 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
6419 ovector, sizeof(ovector)/sizeof(int));
6420 BOOL yield = n >= 0;
6421 if (n == 0) n = EXPAND_MAXN + 1;
6422 if (yield)
6423 {
6424 int nn;
6425 expand_nmax = (setup < 0)? 0 : setup + 1;
6426 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
6427 {
6428 expand_nstring[expand_nmax] = subject + ovector[nn];
6429 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
6430 }
6431 expand_nmax--;
6432 }
6433 return yield;
6434 }
6435
6436
6437 int main(int argc, uschar **argv)
6438 {
6439 int i;
6440 uschar buffer[1024];
6441
6442 debug_selector = D_v;
6443 debug_file = stderr;
6444 debug_fd = fileno(debug_file);
6445 big_buffer = malloc(big_buffer_size);
6446
6447 for (i = 1; i < argc; i++)
6448 {
6449 if (argv[i][0] == '+')
6450 {
6451 debug_trace_memory = 2;
6452 argv[i]++;
6453 }
6454 if (isdigit(argv[i][0]))
6455 debug_selector = Ustrtol(argv[i], NULL, 0);
6456 else
6457 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
6458 Ustrlen(argv[i]))
6459 {
6460 #ifdef LOOKUP_LDAP
6461 eldap_default_servers = argv[i];
6462 #endif
6463 #ifdef LOOKUP_MYSQL
6464 mysql_servers = argv[i];
6465 #endif
6466 #ifdef LOOKUP_PGSQL
6467 pgsql_servers = argv[i];
6468 #endif
6469 }
6470 #ifdef EXIM_PERL
6471 else opt_perl_startup = argv[i];
6472 #endif
6473 }
6474
6475 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
6476
6477 expand_nstring[1] = US"string 1....";
6478 expand_nlength[1] = 8;
6479 expand_nmax = 1;
6480
6481 #ifdef EXIM_PERL
6482 if (opt_perl_startup != NULL)
6483 {
6484 uschar *errstr;
6485 printf("Starting Perl interpreter\n");
6486 errstr = init_perl(opt_perl_startup);
6487 if (errstr != NULL)
6488 {
6489 printf("** error in perl_startup code: %s\n", errstr);
6490 return EXIT_FAILURE;
6491 }
6492 }
6493 #endif /* EXIM_PERL */
6494
6495 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
6496 {
6497 void *reset_point = store_get(0);
6498 uschar *yield = expand_string(buffer);
6499 if (yield != NULL)
6500 {
6501 printf("%s\n", yield);
6502 store_reset(reset_point);
6503 }
6504 else
6505 {
6506 if (search_find_defer) printf("search_find deferred\n");
6507 printf("Failed: %s\n", expand_string_message);
6508 if (expand_string_forcedfail) printf("Forced failure\n");
6509 printf("\n");
6510 }
6511 }
6512
6513 search_tidyup();
6514
6515 return 0;
6516 }
6517
6518 #endif
6519
6520 /* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.