projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
I18N: new ${imapfolder_<sep>:<string>} expansion item. Bug 420
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2014 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 #ifndef SUPPORT_CRYPTEQ
21 #define SUPPORT_CRYPTEQ
22 #endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 #include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 #ifdef CRYPT_H
31 #include <crypt.h>
32 #endif
33 #ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 #endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Charaters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 #ifndef nelements
98 # define nelements(arr) (sizeof(arr) / sizeof(*arr))
99 #endif
100
101 /*************************************************
102 * Local statics and tables *
103 *************************************************/
104
105 /* Table of item names, and corresponding switch numbers. The names must be in
106 alphabetical order. */
107
108 static uschar *item_table[] = {
109 US"acl",
110 US"certextract",
111 US"dlfunc",
112 US"extract",
113 US"filter",
114 US"hash",
115 US"hmac",
116 US"if",
117 #ifdef EXPERIMENTAL_INTERNATIONAL
118 US"imapfolder",
119 #endif
120 US"length",
121 US"listextract",
122 US"lookup",
123 US"map",
124 US"nhash",
125 US"perl",
126 US"prvs",
127 US"prvscheck",
128 US"readfile",
129 US"readsocket",
130 US"reduce",
131 US"run",
132 US"sg",
133 US"sort",
134 US"substr",
135 US"tr" };
136
137 enum {
138 EITEM_ACL,
139 EITEM_CERTEXTRACT,
140 EITEM_DLFUNC,
141 EITEM_EXTRACT,
142 EITEM_FILTER,
143 EITEM_HASH,
144 EITEM_HMAC,
145 EITEM_IF,
146 #ifdef EXPERIMENTAL_INTERNATIONAL
147 EITEM_IMAPFOLDER,
148 #endif
149 EITEM_LENGTH,
150 EITEM_LISTEXTRACT,
151 EITEM_LOOKUP,
152 EITEM_MAP,
153 EITEM_NHASH,
154 EITEM_PERL,
155 EITEM_PRVS,
156 EITEM_PRVSCHECK,
157 EITEM_READFILE,
158 EITEM_READSOCK,
159 EITEM_REDUCE,
160 EITEM_RUN,
161 EITEM_SG,
162 EITEM_SORT,
163 EITEM_SUBSTR,
164 EITEM_TR };
165
166 /* Tables of operator names, and corresponding switch numbers. The names must be
167 in alphabetical order. There are two tables, because underscore is used in some
168 cases to introduce arguments, whereas for other it is part of the name. This is
169 an historical mis-design. */
170
171 static uschar *op_table_underscore[] = {
172 US"from_utf8",
173 US"local_part",
174 US"quote_local_part",
175 US"reverse_ip",
176 US"time_eval",
177 US"time_interval"
178 #ifdef EXPERIMENTAL_INTERNATIONAL
179 ,US"utf8_domain_from_alabel",
180 US"utf8_domain_to_alabel",
181 US"utf8_localpart_from_alabel",
182 US"utf8_localpart_to_alabel"
183 #endif
184 };
185
186 enum {
187 EOP_FROM_UTF8,
188 EOP_LOCAL_PART,
189 EOP_QUOTE_LOCAL_PART,
190 EOP_REVERSE_IP,
191 EOP_TIME_EVAL,
192 EOP_TIME_INTERVAL
193 #ifdef EXPERIMENTAL_INTERNATIONAL
194 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
195 EOP_UTF8_DOMAIN_TO_ALABEL,
196 EOP_UTF8_LOCALPART_FROM_ALABEL,
197 EOP_UTF8_LOCALPART_TO_ALABEL
198 #endif
199 };
200
201 static uschar *op_table_main[] = {
202 US"address",
203 US"addresses",
204 US"base62",
205 US"base62d",
206 US"domain",
207 US"escape",
208 US"eval",
209 US"eval10",
210 US"expand",
211 US"h",
212 US"hash",
213 US"hex2b64",
214 US"hexquote",
215 US"l",
216 US"lc",
217 US"length",
218 US"listcount",
219 US"listnamed",
220 US"mask",
221 US"md5",
222 US"nh",
223 US"nhash",
224 US"quote",
225 US"randint",
226 US"rfc2047",
227 US"rfc2047d",
228 US"rxquote",
229 US"s",
230 US"sha1",
231 US"sha256",
232 US"stat",
233 US"str2b64",
234 US"strlen",
235 US"substr",
236 US"uc",
237 US"utf8clean" };
238
239 enum {
240 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
241 EOP_ADDRESSES,
242 EOP_BASE62,
243 EOP_BASE62D,
244 EOP_DOMAIN,
245 EOP_ESCAPE,
246 EOP_EVAL,
247 EOP_EVAL10,
248 EOP_EXPAND,
249 EOP_H,
250 EOP_HASH,
251 EOP_HEX2B64,
252 EOP_HEXQUOTE,
253 EOP_L,
254 EOP_LC,
255 EOP_LENGTH,
256 EOP_LISTCOUNT,
257 EOP_LISTNAMED,
258 EOP_MASK,
259 EOP_MD5,
260 EOP_NH,
261 EOP_NHASH,
262 EOP_QUOTE,
263 EOP_RANDINT,
264 EOP_RFC2047,
265 EOP_RFC2047D,
266 EOP_RXQUOTE,
267 EOP_S,
268 EOP_SHA1,
269 EOP_SHA256,
270 EOP_STAT,
271 EOP_STR2B64,
272 EOP_STRLEN,
273 EOP_SUBSTR,
274 EOP_UC,
275 EOP_UTF8CLEAN };
276
277
278 /* Table of condition names, and corresponding switch numbers. The names must
279 be in alphabetical order. */
280
281 static uschar *cond_table[] = {
282 US"<",
283 US"<=",
284 US"=",
285 US"==", /* Backward compatibility */
286 US">",
287 US">=",
288 US"acl",
289 US"and",
290 US"bool",
291 US"bool_lax",
292 US"crypteq",
293 US"def",
294 US"eq",
295 US"eqi",
296 US"exists",
297 US"first_delivery",
298 US"forall",
299 US"forany",
300 US"ge",
301 US"gei",
302 US"gt",
303 US"gti",
304 US"inlist",
305 US"inlisti",
306 US"isip",
307 US"isip4",
308 US"isip6",
309 US"ldapauth",
310 US"le",
311 US"lei",
312 US"lt",
313 US"lti",
314 US"match",
315 US"match_address",
316 US"match_domain",
317 US"match_ip",
318 US"match_local_part",
319 US"or",
320 US"pam",
321 US"pwcheck",
322 US"queue_running",
323 US"radius",
324 US"saslauthd"
325 };
326
327 enum {
328 ECOND_NUM_L,
329 ECOND_NUM_LE,
330 ECOND_NUM_E,
331 ECOND_NUM_EE,
332 ECOND_NUM_G,
333 ECOND_NUM_GE,
334 ECOND_ACL,
335 ECOND_AND,
336 ECOND_BOOL,
337 ECOND_BOOL_LAX,
338 ECOND_CRYPTEQ,
339 ECOND_DEF,
340 ECOND_STR_EQ,
341 ECOND_STR_EQI,
342 ECOND_EXISTS,
343 ECOND_FIRST_DELIVERY,
344 ECOND_FORALL,
345 ECOND_FORANY,
346 ECOND_STR_GE,
347 ECOND_STR_GEI,
348 ECOND_STR_GT,
349 ECOND_STR_GTI,
350 ECOND_INLIST,
351 ECOND_INLISTI,
352 ECOND_ISIP,
353 ECOND_ISIP4,
354 ECOND_ISIP6,
355 ECOND_LDAPAUTH,
356 ECOND_STR_LE,
357 ECOND_STR_LEI,
358 ECOND_STR_LT,
359 ECOND_STR_LTI,
360 ECOND_MATCH,
361 ECOND_MATCH_ADDRESS,
362 ECOND_MATCH_DOMAIN,
363 ECOND_MATCH_IP,
364 ECOND_MATCH_LOCAL_PART,
365 ECOND_OR,
366 ECOND_PAM,
367 ECOND_PWCHECK,
368 ECOND_QUEUE_RUNNING,
369 ECOND_RADIUS,
370 ECOND_SASLAUTHD
371 };
372
373
374 /* Types of table entry */
375
376 enum vtypes {
377 vtype_int, /* value is address of int */
378 vtype_filter_int, /* ditto, but recognized only when filtering */
379 vtype_ino, /* value is address of ino_t (not always an int) */
380 vtype_uid, /* value is address of uid_t (not always an int) */
381 vtype_gid, /* value is address of gid_t (not always an int) */
382 vtype_bool, /* value is address of bool */
383 vtype_stringptr, /* value is address of pointer to string */
384 vtype_msgbody, /* as stringptr, but read when first required */
385 vtype_msgbody_end, /* ditto, the end of the message */
386 vtype_msgheaders, /* the message's headers, processed */
387 vtype_msgheaders_raw, /* the message's headers, unprocessed */
388 vtype_localpart, /* extract local part from string */
389 vtype_domain, /* extract domain from string */
390 vtype_string_func, /* value is string returned by given function */
391 vtype_todbsdin, /* value not used; generate BSD inbox tod */
392 vtype_tode, /* value not used; generate tod in epoch format */
393 vtype_todel, /* value not used; generate tod in epoch/usec format */
394 vtype_todf, /* value not used; generate full tod */
395 vtype_todl, /* value not used; generate log tod */
396 vtype_todlf, /* value not used; generate log file datestamp tod */
397 vtype_todzone, /* value not used; generate time zone only */
398 vtype_todzulu, /* value not used; generate zulu tod */
399 vtype_reply, /* value not used; get reply from headers */
400 vtype_pid, /* value not used; result is pid */
401 vtype_host_lookup, /* value not used; get host name */
402 vtype_load_avg, /* value not used; result is int from os_getloadavg */
403 vtype_pspace, /* partition space; value is T/F for spool/log */
404 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
405 vtype_cert /* SSL certificate */
406 #ifndef DISABLE_DKIM
407 ,vtype_dkim /* Lookup of value in DKIM signature */
408 #endif
409 };
410
411 /* Type for main variable table */
412
413 typedef struct {
414 const char *name;
415 enum vtypes type;
416 void *value;
417 } var_entry;
418
419 /* Type for entries pointing to address/length pairs. Not currently
420 in use. */
421
422 typedef struct {
423 uschar **address;
424 int *length;
425 } alblock;
426
427 static uschar * fn_recipients(void);
428
429 /* This table must be kept in alphabetical order. */
430
431 static var_entry var_table[] = {
432 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
433 they will be confused with user-creatable ACL variables. */
434 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
435 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
436 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
437 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
438 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
439 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
440 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
441 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
442 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
443 { "acl_narg", vtype_int, &acl_narg },
444 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
445 { "address_data", vtype_stringptr, &deliver_address_data },
446 { "address_file", vtype_stringptr, &address_file },
447 { "address_pipe", vtype_stringptr, &address_pipe },
448 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
449 { "authenticated_id", vtype_stringptr, &authenticated_id },
450 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
451 { "authentication_failed",vtype_int, &authentication_failed },
452 #ifdef WITH_CONTENT_SCAN
453 { "av_failed", vtype_int, &av_failed },
454 #endif
455 #ifdef EXPERIMENTAL_BRIGHTMAIL
456 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
457 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
458 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
459 { "bmi_deliver", vtype_int, &bmi_deliver },
460 #endif
461 { "body_linecount", vtype_int, &body_linecount },
462 { "body_zerocount", vtype_int, &body_zerocount },
463 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
464 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
465 { "caller_gid", vtype_gid, &real_gid },
466 { "caller_uid", vtype_uid, &real_uid },
467 { "compile_date", vtype_stringptr, &version_date },
468 { "compile_number", vtype_stringptr, &version_cnumber },
469 { "config_dir", vtype_stringptr, &config_main_directory },
470 { "config_file", vtype_stringptr, &config_main_filename },
471 { "csa_status", vtype_stringptr, &csa_status },
472 #ifdef EXPERIMENTAL_DCC
473 { "dcc_header", vtype_stringptr, &dcc_header },
474 { "dcc_result", vtype_stringptr, &dcc_result },
475 #endif
476 #ifdef WITH_OLD_DEMIME
477 { "demime_errorlevel", vtype_int, &demime_errorlevel },
478 { "demime_reason", vtype_stringptr, &demime_reason },
479 #endif
480 #ifndef DISABLE_DKIM
481 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
482 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
483 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
484 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
485 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
486 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
487 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
488 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
489 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
490 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
491 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
492 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
493 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
494 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
495 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
496 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
497 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
498 { "dkim_signers", vtype_stringptr, &dkim_signers },
499 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
500 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
501 #endif
502 #ifdef EXPERIMENTAL_DMARC
503 { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
504 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
505 { "dmarc_status", vtype_stringptr, &dmarc_status },
506 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
507 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
508 #endif
509 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
510 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
511 { "dnslist_text", vtype_stringptr, &dnslist_text },
512 { "dnslist_value", vtype_stringptr, &dnslist_value },
513 { "domain", vtype_stringptr, &deliver_domain },
514 { "domain_data", vtype_stringptr, &deliver_domain_data },
515 #ifdef EXPERIMENTAL_EVENT
516 { "event_data", vtype_stringptr, &event_data },
517
518 /*XXX want to use generic vars for as many of these as possible*/
519 { "event_defer_errno", vtype_int, &event_defer_errno },
520
521 { "event_name", vtype_stringptr, &event_name },
522 #endif
523 { "exim_gid", vtype_gid, &exim_gid },
524 { "exim_path", vtype_stringptr, &exim_path },
525 { "exim_uid", vtype_uid, &exim_uid },
526 { "exim_version", vtype_stringptr, &version_string },
527 #ifdef WITH_OLD_DEMIME
528 { "found_extension", vtype_stringptr, &found_extension },
529 #endif
530 { "headers_added", vtype_string_func, &fn_hdrs_added },
531 { "home", vtype_stringptr, &deliver_home },
532 { "host", vtype_stringptr, &deliver_host },
533 { "host_address", vtype_stringptr, &deliver_host_address },
534 { "host_data", vtype_stringptr, &host_data },
535 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
536 { "host_lookup_failed", vtype_int, &host_lookup_failed },
537 { "host_port", vtype_int, &deliver_host_port },
538 { "inode", vtype_ino, &deliver_inode },
539 { "interface_address", vtype_stringptr, &interface_address },
540 { "interface_port", vtype_int, &interface_port },
541 { "item", vtype_stringptr, &iterate_item },
542 #ifdef LOOKUP_LDAP
543 { "ldap_dn", vtype_stringptr, &eldap_dn },
544 #endif
545 { "load_average", vtype_load_avg, NULL },
546 { "local_part", vtype_stringptr, &deliver_localpart },
547 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
548 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
549 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
550 { "local_scan_data", vtype_stringptr, &local_scan_data },
551 { "local_user_gid", vtype_gid, &local_user_gid },
552 { "local_user_uid", vtype_uid, &local_user_uid },
553 { "localhost_number", vtype_int, &host_number },
554 { "log_inodes", vtype_pinodes, (void *)FALSE },
555 { "log_space", vtype_pspace, (void *)FALSE },
556 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
557 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
558 #ifdef WITH_CONTENT_SCAN
559 { "malware_name", vtype_stringptr, &malware_name },
560 #endif
561 { "max_received_linelength", vtype_int, &max_received_linelength },
562 { "message_age", vtype_int, &message_age },
563 { "message_body", vtype_msgbody, &message_body },
564 { "message_body_end", vtype_msgbody_end, &message_body_end },
565 { "message_body_size", vtype_int, &message_body_size },
566 { "message_exim_id", vtype_stringptr, &message_id },
567 { "message_headers", vtype_msgheaders, NULL },
568 { "message_headers_raw", vtype_msgheaders_raw, NULL },
569 { "message_id", vtype_stringptr, &message_id },
570 { "message_linecount", vtype_int, &message_linecount },
571 { "message_size", vtype_int, &message_size },
572 #ifdef EXPERIMENTAL_INTERNATIONAL
573 { "message_smtputf8", vtype_bool, &message_smtputf8 },
574 #endif
575 #ifdef WITH_CONTENT_SCAN
576 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
577 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
578 { "mime_boundary", vtype_stringptr, &mime_boundary },
579 { "mime_charset", vtype_stringptr, &mime_charset },
580 { "mime_content_description", vtype_stringptr, &mime_content_description },
581 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
582 { "mime_content_id", vtype_stringptr, &mime_content_id },
583 { "mime_content_size", vtype_int, &mime_content_size },
584 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
585 { "mime_content_type", vtype_stringptr, &mime_content_type },
586 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
587 { "mime_filename", vtype_stringptr, &mime_filename },
588 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
589 { "mime_is_multipart", vtype_int, &mime_is_multipart },
590 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
591 { "mime_part_count", vtype_int, &mime_part_count },
592 #endif
593 { "n0", vtype_filter_int, &filter_n[0] },
594 { "n1", vtype_filter_int, &filter_n[1] },
595 { "n2", vtype_filter_int, &filter_n[2] },
596 { "n3", vtype_filter_int, &filter_n[3] },
597 { "n4", vtype_filter_int, &filter_n[4] },
598 { "n5", vtype_filter_int, &filter_n[5] },
599 { "n6", vtype_filter_int, &filter_n[6] },
600 { "n7", vtype_filter_int, &filter_n[7] },
601 { "n8", vtype_filter_int, &filter_n[8] },
602 { "n9", vtype_filter_int, &filter_n[9] },
603 { "original_domain", vtype_stringptr, &deliver_domain_orig },
604 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
605 { "originator_gid", vtype_gid, &originator_gid },
606 { "originator_uid", vtype_uid, &originator_uid },
607 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
608 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
609 { "pid", vtype_pid, NULL },
610 { "primary_hostname", vtype_stringptr, &primary_hostname },
611 #ifdef EXPERIMENTAL_PROXY
612 { "proxy_host_address", vtype_stringptr, &proxy_host_address },
613 { "proxy_host_port", vtype_int, &proxy_host_port },
614 { "proxy_session", vtype_bool, &proxy_session },
615 { "proxy_target_address",vtype_stringptr, &proxy_target_address },
616 { "proxy_target_port", vtype_int, &proxy_target_port },
617 #endif
618 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
619 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
620 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
621 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
622 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
623 { "rcpt_count", vtype_int, &rcpt_count },
624 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
625 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
626 { "received_count", vtype_int, &received_count },
627 { "received_for", vtype_stringptr, &received_for },
628 { "received_ip_address", vtype_stringptr, &interface_address },
629 { "received_port", vtype_int, &interface_port },
630 { "received_protocol", vtype_stringptr, &received_protocol },
631 { "received_time", vtype_int, &received_time },
632 { "recipient_data", vtype_stringptr, &recipient_data },
633 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
634 { "recipients", vtype_string_func, &fn_recipients },
635 { "recipients_count", vtype_int, &recipients_count },
636 #ifdef WITH_CONTENT_SCAN
637 { "regex_match_string", vtype_stringptr, &regex_match_string },
638 #endif
639 { "reply_address", vtype_reply, NULL },
640 { "return_path", vtype_stringptr, &return_path },
641 { "return_size_limit", vtype_int, &bounce_return_size_limit },
642 { "router_name", vtype_stringptr, &router_name },
643 { "runrc", vtype_int, &runrc },
644 { "self_hostname", vtype_stringptr, &self_hostname },
645 { "sender_address", vtype_stringptr, &sender_address },
646 { "sender_address_data", vtype_stringptr, &sender_address_data },
647 { "sender_address_domain", vtype_domain, &sender_address },
648 { "sender_address_local_part", vtype_localpart, &sender_address },
649 { "sender_data", vtype_stringptr, &sender_data },
650 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
651 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
652 { "sender_host_address", vtype_stringptr, &sender_host_address },
653 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
654 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
655 { "sender_host_name", vtype_host_lookup, NULL },
656 { "sender_host_port", vtype_int, &sender_host_port },
657 { "sender_ident", vtype_stringptr, &sender_ident },
658 { "sender_rate", vtype_stringptr, &sender_rate },
659 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
660 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
661 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
662 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
663 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
664 { "sending_port", vtype_int, &sending_port },
665 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
666 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
667 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
668 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
669 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
670 { "sn0", vtype_filter_int, &filter_sn[0] },
671 { "sn1", vtype_filter_int, &filter_sn[1] },
672 { "sn2", vtype_filter_int, &filter_sn[2] },
673 { "sn3", vtype_filter_int, &filter_sn[3] },
674 { "sn4", vtype_filter_int, &filter_sn[4] },
675 { "sn5", vtype_filter_int, &filter_sn[5] },
676 { "sn6", vtype_filter_int, &filter_sn[6] },
677 { "sn7", vtype_filter_int, &filter_sn[7] },
678 { "sn8", vtype_filter_int, &filter_sn[8] },
679 { "sn9", vtype_filter_int, &filter_sn[9] },
680 #ifdef WITH_CONTENT_SCAN
681 { "spam_action", vtype_stringptr, &spam_action },
682 { "spam_bar", vtype_stringptr, &spam_bar },
683 { "spam_report", vtype_stringptr, &spam_report },
684 { "spam_score", vtype_stringptr, &spam_score },
685 { "spam_score_int", vtype_stringptr, &spam_score_int },
686 #endif
687 #ifdef EXPERIMENTAL_SPF
688 { "spf_guess", vtype_stringptr, &spf_guess },
689 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
690 { "spf_received", vtype_stringptr, &spf_received },
691 { "spf_result", vtype_stringptr, &spf_result },
692 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
693 #endif
694 { "spool_directory", vtype_stringptr, &spool_directory },
695 { "spool_inodes", vtype_pinodes, (void *)TRUE },
696 { "spool_space", vtype_pspace, (void *)TRUE },
697 #ifdef EXPERIMENTAL_SRS
698 { "srs_db_address", vtype_stringptr, &srs_db_address },
699 { "srs_db_key", vtype_stringptr, &srs_db_key },
700 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
701 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
702 { "srs_recipient", vtype_stringptr, &srs_recipient },
703 { "srs_status", vtype_stringptr, &srs_status },
704 #endif
705 { "thisaddress", vtype_stringptr, &filter_thisaddress },
706
707 /* The non-(in,out) variables are now deprecated */
708 { "tls_bits", vtype_int, &tls_in.bits },
709 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
710 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
711
712 { "tls_in_bits", vtype_int, &tls_in.bits },
713 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
714 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
715 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
716 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
717 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
718 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
719 #if defined(SUPPORT_TLS)
720 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
721 #endif
722 { "tls_out_bits", vtype_int, &tls_out.bits },
723 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
724 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
725 #ifdef EXPERIMENTAL_DANE
726 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
727 #endif
728 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
729 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
730 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
731 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
732 #if defined(SUPPORT_TLS)
733 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
734 #endif
735 #ifdef EXPERIMENTAL_DANE
736 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
737 #endif
738
739 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
740 #if defined(SUPPORT_TLS)
741 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
742 #endif
743
744 { "tod_bsdinbox", vtype_todbsdin, NULL },
745 { "tod_epoch", vtype_tode, NULL },
746 { "tod_epoch_l", vtype_todel, NULL },
747 { "tod_full", vtype_todf, NULL },
748 { "tod_log", vtype_todl, NULL },
749 { "tod_logfile", vtype_todlf, NULL },
750 { "tod_zone", vtype_todzone, NULL },
751 { "tod_zulu", vtype_todzulu, NULL },
752 { "transport_name", vtype_stringptr, &transport_name },
753 { "value", vtype_stringptr, &lookup_value },
754 { "verify_mode", vtype_stringptr, &verify_mode },
755 { "version_number", vtype_stringptr, &version_string },
756 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
757 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
758 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
759 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
760 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
761 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
762 };
763
764 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
765 static uschar var_buffer[256];
766 static BOOL malformed_header;
767
768 /* For textual hashes */
769
770 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
771 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
772 "0123456789";
773
774 enum { HMAC_MD5, HMAC_SHA1 };
775
776 /* For numeric hashes */
777
778 static unsigned int prime[] = {
779 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
780 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
781 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
782
783 /* For printing modes in symbolic form */
784
785 static uschar *mtable_normal[] =
786 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
787
788 static uschar *mtable_setid[] =
789 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
790
791 static uschar *mtable_sticky[] =
792 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
793
794
795
796 /*************************************************
797 * Tables for UTF-8 support *
798 *************************************************/
799
800 /* Table of the number of extra characters, indexed by the first character
801 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
802 0x3d. */
803
804 static uschar utf8_table1[] = {
805 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
806 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
807 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
808 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
809
810 /* These are the masks for the data bits in the first byte of a character,
811 indexed by the number of additional bytes. */
812
813 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
814
815 /* Get the next UTF-8 character, advancing the pointer. */
816
817 #define GETUTF8INC(c, ptr) \
818 c = *ptr++; \
819 if ((c & 0xc0) == 0xc0) \
820 { \
821 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
822 int s = 6*a; \
823 c = (c & utf8_table2[a]) << s; \
824 while (a-- > 0) \
825 { \
826 s -= 6; \
827 c |= (*ptr++ & 0x3f) << s; \
828 } \
829 }
830
831
832 /*************************************************
833 * Binary chop search on a table *
834 *************************************************/
835
836 /* This is used for matching expansion items and operators.
837
838 Arguments:
839 name the name that is being sought
840 table the table to search
841 table_size the number of items in the table
842
843 Returns: the offset in the table, or -1
844 */
845
846 static int
847 chop_match(uschar *name, uschar **table, int table_size)
848 {
849 uschar **bot = table;
850 uschar **top = table + table_size;
851
852 while (top > bot)
853 {
854 uschar **mid = bot + (top - bot)/2;
855 int c = Ustrcmp(name, *mid);
856 if (c == 0) return mid - table;
857 if (c > 0) bot = mid + 1; else top = mid;
858 }
859
860 return -1;
861 }
862
863
864
865 /*************************************************
866 * Check a condition string *
867 *************************************************/
868
869 /* This function is called to expand a string, and test the result for a "true"
870 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
871 forced fail or lookup defer.
872
873 We used to release all store used, but this is not not safe due
874 to ${dlfunc } and ${acl }. In any case expand_string_internal()
875 is reasonably careful to release what it can.
876
877 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
878
879 Arguments:
880 condition the condition string
881 m1 text to be incorporated in panic error
882 m2 ditto
883
884 Returns: TRUE if condition is met, FALSE if not
885 */
886
887 BOOL
888 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
889 {
890 int rc;
891 uschar *ss = expand_string(condition);
892 if (ss == NULL)
893 {
894 if (!expand_string_forcedfail && !search_find_defer)
895 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
896 "for %s %s: %s", condition, m1, m2, expand_string_message);
897 return FALSE;
898 }
899 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
900 strcmpic(ss, US"false") != 0;
901 return rc;
902 }
903
904
905
906
907 /*************************************************
908 * Pseudo-random number generation *
909 *************************************************/
910
911 /* Pseudo-random number generation. The result is not "expected" to be
912 cryptographically strong but not so weak that someone will shoot themselves
913 in the foot using it as a nonce in some email header scheme or whatever
914 weirdness they'll twist this into. The result should ideally handle fork().
915
916 However, if we're stuck unable to provide this, then we'll fall back to
917 appallingly bad randomness.
918
919 If SUPPORT_TLS is defined then this will not be used except as an emergency
920 fallback.
921
922 Arguments:
923 max range maximum
924 Returns a random number in range [0, max-1]
925 */
926
927 #ifdef SUPPORT_TLS
928 # define vaguely_random_number vaguely_random_number_fallback
929 #endif
930 int
931 vaguely_random_number(int max)
932 {
933 #ifdef SUPPORT_TLS
934 # undef vaguely_random_number
935 #endif
936 static pid_t pid = 0;
937 pid_t p2;
938 #if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
939 struct timeval tv;
940 #endif
941
942 p2 = getpid();
943 if (p2 != pid)
944 {
945 if (pid != 0)
946 {
947
948 #ifdef HAVE_ARC4RANDOM
949 /* cryptographically strong randomness, common on *BSD platforms, not
950 so much elsewhere. Alas. */
951 #ifndef NOT_HAVE_ARC4RANDOM_STIR
952 arc4random_stir();
953 #endif
954 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
955 #ifdef HAVE_SRANDOMDEV
956 /* uses random(4) for seeding */
957 srandomdev();
958 #else
959 gettimeofday(&tv, NULL);
960 srandom(tv.tv_sec | tv.tv_usec | getpid());
961 #endif
962 #else
963 /* Poor randomness and no seeding here */
964 #endif
965
966 }
967 pid = p2;
968 }
969
970 #ifdef HAVE_ARC4RANDOM
971 return arc4random() % max;
972 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
973 return random() % max;
974 #else
975 /* This one returns a 16-bit number, definitely not crypto-strong */
976 return random_number(max);
977 #endif
978 }
979
980
981
982
983 /*************************************************
984 * Pick out a name from a string *
985 *************************************************/
986
987 /* If the name is too long, it is silently truncated.
988
989 Arguments:
990 name points to a buffer into which to put the name
991 max is the length of the buffer
992 s points to the first alphabetic character of the name
993 extras chars other than alphanumerics to permit
994
995 Returns: pointer to the first character after the name
996
997 Note: The test for *s != 0 in the while loop is necessary because
998 Ustrchr() yields non-NULL if the character is zero (which is not something
999 I expected). */
1000
1001 static const uschar *
1002 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1003 {
1004 int ptr = 0;
1005 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1006 {
1007 if (ptr < max-1) name[ptr++] = *s;
1008 s++;
1009 }
1010 name[ptr] = 0;
1011 return s;
1012 }
1013
1014
1015
1016 /*************************************************
1017 * Pick out the rest of a header name *
1018 *************************************************/
1019
1020 /* A variable name starting $header_ (or just $h_ for those who like
1021 abbreviations) might not be the complete header name because headers can
1022 contain any printing characters in their names, except ':'. This function is
1023 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1024 on the end, if the name was terminated by white space.
1025
1026 Arguments:
1027 name points to a buffer in which the name read so far exists
1028 max is the length of the buffer
1029 s points to the first character after the name so far, i.e. the
1030 first non-alphameric character after $header_xxxxx
1031
1032 Returns: a pointer to the first character after the header name
1033 */
1034
1035 static const uschar *
1036 read_header_name(uschar *name, int max, const uschar *s)
1037 {
1038 int prelen = Ustrchr(name, '_') - name + 1;
1039 int ptr = Ustrlen(name) - prelen;
1040 if (ptr > 0) memmove(name, name+prelen, ptr);
1041 while (mac_isgraph(*s) && *s != ':')
1042 {
1043 if (ptr < max-1) name[ptr++] = *s;
1044 s++;
1045 }
1046 if (*s == ':') s++;
1047 name[ptr++] = ':';
1048 name[ptr] = 0;
1049 return s;
1050 }
1051
1052
1053
1054 /*************************************************
1055 * Pick out a number from a string *
1056 *************************************************/
1057
1058 /* Arguments:
1059 n points to an integer into which to put the number
1060 s points to the first digit of the number
1061
1062 Returns: a pointer to the character after the last digit
1063 */
1064
1065 static uschar *
1066 read_number(int *n, uschar *s)
1067 {
1068 *n = 0;
1069 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1070 return s;
1071 }
1072
1073 static const uschar *
1074 read_cnumber(int *n, const uschar *s)
1075 {
1076 *n = 0;
1077 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1078 return s;
1079 }
1080
1081
1082
1083 /*************************************************
1084 * Extract keyed subfield from a string *
1085 *************************************************/
1086
1087 /* The yield is in dynamic store; NULL means that the key was not found.
1088
1089 Arguments:
1090 key points to the name of the key
1091 s points to the string from which to extract the subfield
1092
1093 Returns: NULL if the subfield was not found, or
1094 a pointer to the subfield's data
1095 */
1096
1097 static uschar *
1098 expand_getkeyed(uschar *key, const uschar *s)
1099 {
1100 int length = Ustrlen(key);
1101 while (isspace(*s)) s++;
1102
1103 /* Loop to search for the key */
1104
1105 while (*s != 0)
1106 {
1107 int dkeylength;
1108 uschar *data;
1109 const uschar *dkey = s;
1110
1111 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1112 dkeylength = s - dkey;
1113 while (isspace(*s)) s++;
1114 if (*s == '=') while (isspace((*(++s))));
1115
1116 data = string_dequote(&s);
1117 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1118 return data;
1119
1120 while (isspace(*s)) s++;
1121 }
1122
1123 return NULL;
1124 }
1125
1126
1127
1128 static var_entry *
1129 find_var_ent(uschar * name)
1130 {
1131 int first = 0;
1132 int last = var_table_size;
1133
1134 while (last > first)
1135 {
1136 int middle = (first + last)/2;
1137 int c = Ustrcmp(name, var_table[middle].name);
1138
1139 if (c > 0) { first = middle + 1; continue; }
1140 if (c < 0) { last = middle; continue; }
1141 return &var_table[middle];
1142 }
1143 return NULL;
1144 }
1145
1146 /*************************************************
1147 * Extract numbered subfield from string *
1148 *************************************************/
1149
1150 /* Extracts a numbered field from a string that is divided by tokens - for
1151 example a line from /etc/passwd is divided by colon characters. First field is
1152 numbered one. Negative arguments count from the right. Zero returns the whole
1153 string. Returns NULL if there are insufficient tokens in the string
1154
1155 ***WARNING***
1156 Modifies final argument - this is a dynamically generated string, so that's OK.
1157
1158 Arguments:
1159 field number of field to be extracted,
1160 first field = 1, whole string = 0, last field = -1
1161 separators characters that are used to break string into tokens
1162 s points to the string from which to extract the subfield
1163
1164 Returns: NULL if the field was not found,
1165 a pointer to the field's data inside s (modified to add 0)
1166 */
1167
1168 static uschar *
1169 expand_gettokened (int field, uschar *separators, uschar *s)
1170 {
1171 int sep = 1;
1172 int count;
1173 uschar *ss = s;
1174 uschar *fieldtext = NULL;
1175
1176 if (field == 0) return s;
1177
1178 /* Break the line up into fields in place; for field > 0 we stop when we have
1179 done the number of fields we want. For field < 0 we continue till the end of
1180 the string, counting the number of fields. */
1181
1182 count = (field > 0)? field : INT_MAX;
1183
1184 while (count-- > 0)
1185 {
1186 size_t len;
1187
1188 /* Previous field was the last one in the string. For a positive field
1189 number, this means there are not enough fields. For a negative field number,
1190 check that there are enough, and scan back to find the one that is wanted. */
1191
1192 if (sep == 0)
1193 {
1194 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1195 if ((-field) == (INT_MAX - count - 1)) return s;
1196 while (field++ < 0)
1197 {
1198 ss--;
1199 while (ss[-1] != 0) ss--;
1200 }
1201 fieldtext = ss;
1202 break;
1203 }
1204
1205 /* Previous field was not last in the string; save its start and put a
1206 zero at its end. */
1207
1208 fieldtext = ss;
1209 len = Ustrcspn(ss, separators);
1210 sep = ss[len];
1211 ss[len] = 0;
1212 ss += len + 1;
1213 }
1214
1215 return fieldtext;
1216 }
1217
1218
1219 static uschar *
1220 expand_getlistele(int field, const uschar * list)
1221 {
1222 const uschar * tlist= list;
1223 int sep= 0;
1224 uschar dummy;
1225
1226 if(field<0)
1227 {
1228 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1229 sep= 0;
1230 }
1231 if(field==0) return NULL;
1232 while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1233 return string_nextinlist(&list, &sep, NULL, 0);
1234 }
1235
1236
1237 /* Certificate fields, by name. Worry about by-OID later */
1238 /* Names are chosen to not have common prefixes */
1239
1240 #ifdef SUPPORT_TLS
1241 typedef struct
1242 {
1243 uschar * name;
1244 int namelen;
1245 uschar * (*getfn)(void * cert, uschar * mod);
1246 } certfield;
1247 static certfield certfields[] =
1248 { /* linear search; no special order */
1249 { US"version", 7, &tls_cert_version },
1250 { US"serial_number", 13, &tls_cert_serial_number },
1251 { US"subject", 7, &tls_cert_subject },
1252 { US"notbefore", 9, &tls_cert_not_before },
1253 { US"notafter", 8, &tls_cert_not_after },
1254 { US"issuer", 6, &tls_cert_issuer },
1255 { US"signature", 9, &tls_cert_signature },
1256 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1257 { US"subj_altname", 12, &tls_cert_subject_altname },
1258 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1259 { US"crl_uri", 7, &tls_cert_crl_uri },
1260 };
1261
1262 static uschar *
1263 expand_getcertele(uschar * field, uschar * certvar)
1264 {
1265 var_entry * vp;
1266 certfield * cp;
1267
1268 if (!(vp = find_var_ent(certvar)))
1269 {
1270 expand_string_message =
1271 string_sprintf("no variable named \"%s\"", certvar);
1272 return NULL; /* Unknown variable name */
1273 }
1274 /* NB this stops us passing certs around in variable. Might
1275 want to do that in future */
1276 if (vp->type != vtype_cert)
1277 {
1278 expand_string_message =
1279 string_sprintf("\"%s\" is not a certificate", certvar);
1280 return NULL; /* Unknown variable name */
1281 }
1282 if (!*(void **)vp->value)
1283 return NULL;
1284
1285 if (*field >= '0' && *field <= '9')
1286 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1287
1288 for(cp = certfields;
1289 cp < certfields + nelements(certfields);
1290 cp++)
1291 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1292 {
1293 uschar * modifier = *(field += cp->namelen) == ','
1294 ? ++field : NULL;
1295 return (*cp->getfn)( *(void **)vp->value, modifier );
1296 }
1297
1298 expand_string_message =
1299 string_sprintf("bad field selector \"%s\" for certextract", field);
1300 return NULL;
1301 }
1302 #endif /*SUPPORT_TLS*/
1303
1304 /*************************************************
1305 * Extract a substring from a string *
1306 *************************************************/
1307
1308 /* Perform the ${substr or ${length expansion operations.
1309
1310 Arguments:
1311 subject the input string
1312 value1 the offset from the start of the input string to the start of
1313 the output string; if negative, count from the right.
1314 value2 the length of the output string, or negative (-1) for unset
1315 if value1 is positive, unset means "all after"
1316 if value1 is negative, unset means "all before"
1317 len set to the length of the returned string
1318
1319 Returns: pointer to the output string, or NULL if there is an error
1320 */
1321
1322 static uschar *
1323 extract_substr(uschar *subject, int value1, int value2, int *len)
1324 {
1325 int sublen = Ustrlen(subject);
1326
1327 if (value1 < 0) /* count from right */
1328 {
1329 value1 += sublen;
1330
1331 /* If the position is before the start, skip to the start, and adjust the
1332 length. If the length ends up negative, the substring is null because nothing
1333 can precede. This falls out naturally when the length is unset, meaning "all
1334 to the left". */
1335
1336 if (value1 < 0)
1337 {
1338 value2 += value1;
1339 if (value2 < 0) value2 = 0;
1340 value1 = 0;
1341 }
1342
1343 /* Otherwise an unset length => characters before value1 */
1344
1345 else if (value2 < 0)
1346 {
1347 value2 = value1;
1348 value1 = 0;
1349 }
1350 }
1351
1352 /* For a non-negative offset, if the starting position is past the end of the
1353 string, the result will be the null string. Otherwise, an unset length means
1354 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1355
1356 else
1357 {
1358 if (value1 > sublen)
1359 {
1360 value1 = sublen;
1361 value2 = 0;
1362 }
1363 else if (value2 < 0) value2 = sublen;
1364 }
1365
1366 /* Cut the length down to the maximum possible for the offset value, and get
1367 the required characters. */
1368
1369 if (value1 + value2 > sublen) value2 = sublen - value1;
1370 *len = value2;
1371 return subject + value1;
1372 }
1373
1374
1375
1376
1377 /*************************************************
1378 * Old-style hash of a string *
1379 *************************************************/
1380
1381 /* Perform the ${hash expansion operation.
1382
1383 Arguments:
1384 subject the input string (an expanded substring)
1385 value1 the length of the output string; if greater or equal to the
1386 length of the input string, the input string is returned
1387 value2 the number of hash characters to use, or 26 if negative
1388 len set to the length of the returned string
1389
1390 Returns: pointer to the output string, or NULL if there is an error
1391 */
1392
1393 static uschar *
1394 compute_hash(uschar *subject, int value1, int value2, int *len)
1395 {
1396 int sublen = Ustrlen(subject);
1397
1398 if (value2 < 0) value2 = 26;
1399 else if (value2 > Ustrlen(hashcodes))
1400 {
1401 expand_string_message =
1402 string_sprintf("hash count \"%d\" too big", value2);
1403 return NULL;
1404 }
1405
1406 /* Calculate the hash text. We know it is shorter than the original string, so
1407 can safely place it in subject[] (we know that subject is always itself an
1408 expanded substring). */
1409
1410 if (value1 < sublen)
1411 {
1412 int c;
1413 int i = 0;
1414 int j = value1;
1415 while ((c = (subject[j])) != 0)
1416 {
1417 int shift = (c + j++) & 7;
1418 subject[i] ^= (c << shift) | (c >> (8-shift));
1419 if (++i >= value1) i = 0;
1420 }
1421 for (i = 0; i < value1; i++)
1422 subject[i] = hashcodes[(subject[i]) % value2];
1423 }
1424 else value1 = sublen;
1425
1426 *len = value1;
1427 return subject;
1428 }
1429
1430
1431
1432
1433 /*************************************************
1434 * Numeric hash of a string *
1435 *************************************************/
1436
1437 /* Perform the ${nhash expansion operation. The first characters of the
1438 string are treated as most important, and get the highest prime numbers.
1439
1440 Arguments:
1441 subject the input string
1442 value1 the maximum value of the first part of the result
1443 value2 the maximum value of the second part of the result,
1444 or negative to produce only a one-part result
1445 len set to the length of the returned string
1446
1447 Returns: pointer to the output string, or NULL if there is an error.
1448 */
1449
1450 static uschar *
1451 compute_nhash (uschar *subject, int value1, int value2, int *len)
1452 {
1453 uschar *s = subject;
1454 int i = 0;
1455 unsigned long int total = 0; /* no overflow */
1456
1457 while (*s != 0)
1458 {
1459 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1460 total += prime[i--] * (unsigned int)(*s++);
1461 }
1462
1463 /* If value2 is unset, just compute one number */
1464
1465 if (value2 < 0)
1466 {
1467 s = string_sprintf("%d", total % value1);
1468 }
1469
1470 /* Otherwise do a div/mod hash */
1471
1472 else
1473 {
1474 total = total % (value1 * value2);
1475 s = string_sprintf("%d/%d", total/value2, total % value2);
1476 }
1477
1478 *len = Ustrlen(s);
1479 return s;
1480 }
1481
1482
1483
1484
1485
1486 /*************************************************
1487 * Find the value of a header or headers *
1488 *************************************************/
1489
1490 /* Multiple instances of the same header get concatenated, and this function
1491 can also return a concatenation of all the header lines. When concatenating
1492 specific headers that contain lists of addresses, a comma is inserted between
1493 them. Otherwise we use a straight concatenation. Because some messages can have
1494 pathologically large number of lines, there is a limit on the length that is
1495 returned. Also, to avoid massive store use which would result from using
1496 string_cat() as it copies and extends strings, we do a preliminary pass to find
1497 out exactly how much store will be needed. On "normal" messages this will be
1498 pretty trivial.
1499
1500 Arguments:
1501 name the name of the header, without the leading $header_ or $h_,
1502 or NULL if a concatenation of all headers is required
1503 exists_only TRUE if called from a def: test; don't need to build a string;
1504 just return a string that is not "" and not "0" if the header
1505 exists
1506 newsize return the size of memory block that was obtained; may be NULL
1507 if exists_only is TRUE
1508 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1509 other than concatenating, will be done on the header. Also used
1510 for $message_headers_raw.
1511 charset name of charset to translate MIME words to; used only if
1512 want_raw is false; if NULL, no translation is done (this is
1513 used for $bh_ and $bheader_)
1514
1515 Returns: NULL if the header does not exist, else a pointer to a new
1516 store block
1517 */
1518
1519 static uschar *
1520 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1521 uschar *charset)
1522 {
1523 BOOL found = name == NULL;
1524 int comma = 0;
1525 int len = found? 0 : Ustrlen(name);
1526 int i;
1527 uschar *yield = NULL;
1528 uschar *ptr = NULL;
1529
1530 /* Loop for two passes - saves code repetition */
1531
1532 for (i = 0; i < 2; i++)
1533 {
1534 int size = 0;
1535 header_line *h;
1536
1537 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1538 {
1539 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1540 {
1541 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1542 {
1543 int ilen;
1544 uschar *t;
1545
1546 if (exists_only) return US"1"; /* don't need actual string */
1547 found = TRUE;
1548 t = h->text + len; /* text to insert */
1549 if (!want_raw) /* unless wanted raw, */
1550 while (isspace(*t)) t++; /* remove leading white space */
1551 ilen = h->slen - (t - h->text); /* length to insert */
1552
1553 /* Unless wanted raw, remove trailing whitespace, including the
1554 newline. */
1555
1556 if (!want_raw)
1557 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1558
1559 /* Set comma = 1 if handling a single header and it's one of those
1560 that contains an address list, except when asked for raw headers. Only
1561 need to do this once. */
1562
1563 if (!want_raw && name != NULL && comma == 0 &&
1564 Ustrchr("BCFRST", h->type) != NULL)
1565 comma = 1;
1566
1567 /* First pass - compute total store needed; second pass - compute
1568 total store used, including this header. */
1569
1570 size += ilen + comma + 1; /* +1 for the newline */
1571
1572 /* Second pass - concatentate the data, up to a maximum. Note that
1573 the loop stops when size hits the limit. */
1574
1575 if (i != 0)
1576 {
1577 if (size > header_insert_maxlen)
1578 {
1579 ilen -= size - header_insert_maxlen - 1;
1580 comma = 0;
1581 }
1582 Ustrncpy(ptr, t, ilen);
1583 ptr += ilen;
1584
1585 /* For a non-raw header, put in the comma if needed, then add
1586 back the newline we removed above, provided there was some text in
1587 the header. */
1588
1589 if (!want_raw && ilen > 0)
1590 {
1591 if (comma != 0) *ptr++ = ',';
1592 *ptr++ = '\n';
1593 }
1594 }
1595 }
1596 }
1597 }
1598
1599 /* At end of first pass, return NULL if no header found. Then truncate size
1600 if necessary, and get the buffer to hold the data, returning the buffer size.
1601 */
1602
1603 if (i == 0)
1604 {
1605 if (!found) return NULL;
1606 if (size > header_insert_maxlen) size = header_insert_maxlen;
1607 *newsize = size + 1;
1608 ptr = yield = store_get(*newsize);
1609 }
1610 }
1611
1612 /* That's all we do for raw header expansion. */
1613
1614 if (want_raw)
1615 {
1616 *ptr = 0;
1617 }
1618
1619 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1620 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1621 function can return an error with decoded data if the charset translation
1622 fails. If decoding fails, it returns NULL. */
1623
1624 else
1625 {
1626 uschar *decoded, *error;
1627 if (ptr > yield && ptr[-1] == '\n') ptr--;
1628 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1629 *ptr = 0;
1630 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1631 newsize, &error);
1632 if (error != NULL)
1633 {
1634 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1635 " input was: %s\n", error, yield);
1636 }
1637 if (decoded != NULL) yield = decoded;
1638 }
1639
1640 return yield;
1641 }
1642
1643
1644
1645
1646 /*************************************************
1647 * Return list of recipients *
1648 *************************************************/
1649 /* A recipients list is available only during system message filtering,
1650 during ACL processing after DATA, and while expanding pipe commands
1651 generated from a system filter, but not elsewhere. */
1652
1653 static uschar *
1654 fn_recipients(void)
1655 {
1656 if (!enable_dollar_recipients) return NULL; else
1657 {
1658 int size = 128;
1659 int ptr = 0;
1660 int i;
1661 uschar * s = store_get(size);
1662 for (i = 0; i < recipients_count; i++)
1663 {
1664 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1665 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1666 Ustrlen(recipients_list[i].address));
1667 }
1668 s[ptr] = 0; /* string_cat() leaves room */
1669 return s;
1670 }
1671 }
1672
1673
1674 /*************************************************
1675 * Find value of a variable *
1676 *************************************************/
1677
1678 /* The table of variables is kept in alphabetic order, so we can search it
1679 using a binary chop. The "choplen" variable is nothing to do with the binary
1680 chop.
1681
1682 Arguments:
1683 name the name of the variable being sought
1684 exists_only TRUE if this is a def: test; passed on to find_header()
1685 skipping TRUE => skip any processing evaluation; this is not the same as
1686 exists_only because def: may test for values that are first
1687 evaluated here
1688 newsize pointer to an int which is initially zero; if the answer is in
1689 a new memory buffer, *newsize is set to its size
1690
1691 Returns: NULL if the variable does not exist, or
1692 a pointer to the variable's contents, or
1693 something non-NULL if exists_only is TRUE
1694 */
1695
1696 static uschar *
1697 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1698 {
1699 var_entry * vp;
1700 uschar *s, *domain;
1701 uschar **ss;
1702 void * val;
1703
1704 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1705 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1706 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1707 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1708 (this gave backwards compatibility at the changeover). There may be built-in
1709 variables whose names start acl_ but they should never start in this way. This
1710 slightly messy specification is a consequence of the history, needless to say.
1711
1712 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1713 set, in which case give an error. */
1714
1715 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1716 !isalpha(name[5]))
1717 {
1718 tree_node *node =
1719 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1720 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1721 }
1722
1723 /* Handle $auth<n> variables. */
1724
1725 if (Ustrncmp(name, "auth", 4) == 0)
1726 {
1727 uschar *endptr;
1728 int n = Ustrtoul(name + 4, &endptr, 10);
1729 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1730 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1731 }
1732
1733 /* For all other variables, search the table */
1734
1735 if (!(vp = find_var_ent(name)))
1736 return NULL; /* Unknown variable name */
1737
1738 /* Found an existing variable. If in skipping state, the value isn't needed,
1739 and we want to avoid processing (such as looking up the host name). */
1740
1741 if (skipping)
1742 return US"";
1743
1744 val = vp->value;
1745 switch (vp->type)
1746 {
1747 case vtype_filter_int:
1748 if (!filter_running) return NULL;
1749 /* Fall through */
1750 /* VVVVVVVVVVVV */
1751 case vtype_int:
1752 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1753 return var_buffer;
1754
1755 case vtype_ino:
1756 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1757 return var_buffer;
1758
1759 case vtype_gid:
1760 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1761 return var_buffer;
1762
1763 case vtype_uid:
1764 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1765 return var_buffer;
1766
1767 case vtype_bool:
1768 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1769 return var_buffer;
1770
1771 case vtype_stringptr: /* Pointer to string */
1772 s = *((uschar **)(val));
1773 return (s == NULL)? US"" : s;
1774
1775 case vtype_pid:
1776 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1777 return var_buffer;
1778
1779 case vtype_load_avg:
1780 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1781 return var_buffer;
1782
1783 case vtype_host_lookup: /* Lookup if not done so */
1784 if (sender_host_name == NULL && sender_host_address != NULL &&
1785 !host_lookup_failed && host_name_lookup() == OK)
1786 host_build_sender_fullhost();
1787 return (sender_host_name == NULL)? US"" : sender_host_name;
1788
1789 case vtype_localpart: /* Get local part from address */
1790 s = *((uschar **)(val));
1791 if (s == NULL) return US"";
1792 domain = Ustrrchr(s, '@');
1793 if (domain == NULL) return s;
1794 if (domain - s > sizeof(var_buffer) - 1)
1795 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1796 " in string expansion", sizeof(var_buffer));
1797 Ustrncpy(var_buffer, s, domain - s);
1798 var_buffer[domain - s] = 0;
1799 return var_buffer;
1800
1801 case vtype_domain: /* Get domain from address */
1802 s = *((uschar **)(val));
1803 if (s == NULL) return US"";
1804 domain = Ustrrchr(s, '@');
1805 return (domain == NULL)? US"" : domain + 1;
1806
1807 case vtype_msgheaders:
1808 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1809
1810 case vtype_msgheaders_raw:
1811 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1812
1813 case vtype_msgbody: /* Pointer to msgbody string */
1814 case vtype_msgbody_end: /* Ditto, the end of the msg */
1815 ss = (uschar **)(val);
1816 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1817 {
1818 uschar *body;
1819 off_t start_offset = SPOOL_DATA_START_OFFSET;
1820 int len = message_body_visible;
1821 if (len > message_size) len = message_size;
1822 *ss = body = store_malloc(len+1);
1823 body[0] = 0;
1824 if (vp->type == vtype_msgbody_end)
1825 {
1826 struct stat statbuf;
1827 if (fstat(deliver_datafile, &statbuf) == 0)
1828 {
1829 start_offset = statbuf.st_size - len;
1830 if (start_offset < SPOOL_DATA_START_OFFSET)
1831 start_offset = SPOOL_DATA_START_OFFSET;
1832 }
1833 }
1834 lseek(deliver_datafile, start_offset, SEEK_SET);
1835 len = read(deliver_datafile, body, len);
1836 if (len > 0)
1837 {
1838 body[len] = 0;
1839 if (message_body_newlines) /* Separate loops for efficiency */
1840 {
1841 while (len > 0)
1842 { if (body[--len] == 0) body[len] = ' '; }
1843 }
1844 else
1845 {
1846 while (len > 0)
1847 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1848 }
1849 }
1850 }
1851 return (*ss == NULL)? US"" : *ss;
1852
1853 case vtype_todbsdin: /* BSD inbox time of day */
1854 return tod_stamp(tod_bsdin);
1855
1856 case vtype_tode: /* Unix epoch time of day */
1857 return tod_stamp(tod_epoch);
1858
1859 case vtype_todel: /* Unix epoch/usec time of day */
1860 return tod_stamp(tod_epoch_l);
1861
1862 case vtype_todf: /* Full time of day */
1863 return tod_stamp(tod_full);
1864
1865 case vtype_todl: /* Log format time of day */
1866 return tod_stamp(tod_log_bare); /* (without timezone) */
1867
1868 case vtype_todzone: /* Time zone offset only */
1869 return tod_stamp(tod_zone);
1870
1871 case vtype_todzulu: /* Zulu time */
1872 return tod_stamp(tod_zulu);
1873
1874 case vtype_todlf: /* Log file datestamp tod */
1875 return tod_stamp(tod_log_datestamp_daily);
1876
1877 case vtype_reply: /* Get reply address */
1878 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1879 headers_charset);
1880 if (s != NULL) while (isspace(*s)) s++;
1881 if (s == NULL || *s == 0)
1882 {
1883 *newsize = 0; /* For the *s==0 case */
1884 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1885 }
1886 if (s != NULL)
1887 {
1888 uschar *t;
1889 while (isspace(*s)) s++;
1890 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1891 while (t > s && isspace(t[-1])) t--;
1892 *t = 0;
1893 }
1894 return (s == NULL)? US"" : s;
1895
1896 case vtype_string_func:
1897 {
1898 uschar * (*fn)() = val;
1899 return fn();
1900 }
1901
1902 case vtype_pspace:
1903 {
1904 int inodes;
1905 sprintf(CS var_buffer, "%d",
1906 receive_statvfs(val == (void *)TRUE, &inodes));
1907 }
1908 return var_buffer;
1909
1910 case vtype_pinodes:
1911 {
1912 int inodes;
1913 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1914 sprintf(CS var_buffer, "%d", inodes);
1915 }
1916 return var_buffer;
1917
1918 case vtype_cert:
1919 return *(void **)val ? US"<cert>" : US"";
1920
1921 #ifndef DISABLE_DKIM
1922 case vtype_dkim:
1923 return dkim_exim_expand_query((int)(long)val);
1924 #endif
1925
1926 }
1927
1928 return NULL; /* Unknown variable. Silences static checkers. */
1929 }
1930
1931
1932
1933
1934 void
1935 modify_variable(uschar *name, void * value)
1936 {
1937 var_entry * vp;
1938 if ((vp = find_var_ent(name))) vp->value = value;
1939 return; /* Unknown variable name, fail silently */
1940 }
1941
1942
1943
1944
1945
1946 /*************************************************
1947 * Read and expand substrings *
1948 *************************************************/
1949
1950 /* This function is called to read and expand argument substrings for various
1951 expansion items. Some have a minimum requirement that is less than the maximum;
1952 in these cases, the first non-present one is set to NULL.
1953
1954 Arguments:
1955 sub points to vector of pointers to set
1956 n maximum number of substrings
1957 m minimum required
1958 sptr points to current string pointer
1959 skipping the skipping flag
1960 check_end if TRUE, check for final '}'
1961 name name of item, for error message
1962 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
1963 the store.
1964
1965 Returns: 0 OK; string pointer updated
1966 1 curly bracketing error (too few arguments)
1967 2 too many arguments (only if check_end is set); message set
1968 3 other error (expansion failure)
1969 */
1970
1971 static int
1972 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
1973 BOOL check_end, uschar *name, BOOL *resetok)
1974 {
1975 int i;
1976 const uschar *s = *sptr;
1977
1978 while (isspace(*s)) s++;
1979 for (i = 0; i < n; i++)
1980 {
1981 if (*s != '{')
1982 {
1983 if (i < m) return 1;
1984 sub[i] = NULL;
1985 break;
1986 }
1987 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
1988 if (sub[i] == NULL) return 3;
1989 if (*s++ != '}') return 1;
1990 while (isspace(*s)) s++;
1991 }
1992 if (check_end && *s++ != '}')
1993 {
1994 if (s[-1] == '{')
1995 {
1996 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1997 "(max is %d)", name, n);
1998 return 2;
1999 }
2000 return 1;
2001 }
2002
2003 *sptr = s;
2004 return 0;
2005 }
2006
2007
2008
2009
2010 /*************************************************
2011 * Elaborate message for bad variable *
2012 *************************************************/
2013
2014 /* For the "unknown variable" message, take a look at the variable's name, and
2015 give additional information about possible ACL variables. The extra information
2016 is added on to expand_string_message.
2017
2018 Argument: the name of the variable
2019 Returns: nothing
2020 */
2021
2022 static void
2023 check_variable_error_message(uschar *name)
2024 {
2025 if (Ustrncmp(name, "acl_", 4) == 0)
2026 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2027 (name[4] == 'c' || name[4] == 'm')?
2028 (isalpha(name[5])?
2029 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2030 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2031 ) :
2032 US"user-defined ACL variables must start acl_c or acl_m");
2033 }
2034
2035
2036
2037 /*
2038 Load args from sub array to globals, and call acl_check().
2039 Sub array will be corrupted on return.
2040
2041 Returns: OK access is granted by an ACCEPT verb
2042 DISCARD access is granted by a DISCARD verb
2043 FAIL access is denied
2044 FAIL_DROP access is denied; drop the connection
2045 DEFER can't tell at the moment
2046 ERROR disaster
2047 */
2048 static int
2049 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2050 {
2051 int i;
2052 int sav_narg = acl_narg;
2053 int ret;
2054 uschar * dummy_logmsg;
2055 extern int acl_where;
2056
2057 if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg);
2058 for (i = 0; i < nsub && sub[i+1]; i++)
2059 {
2060 uschar * tmp = acl_arg[i];
2061 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2062 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2063 }
2064 acl_narg = i;
2065 while (i < nsub)
2066 {
2067 sub[i+1] = acl_arg[i];
2068 acl_arg[i++] = NULL;
2069 }
2070
2071 DEBUG(D_expand)
2072 debug_printf("expanding: acl: %s arg: %s%s\n",
2073 sub[0],
2074 acl_narg>0 ? acl_arg[0] : US"<none>",
2075 acl_narg>1 ? " +more" : "");
2076
2077 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2078
2079 for (i = 0; i < nsub; i++)
2080 acl_arg[i] = sub[i+1]; /* restore old args */
2081 acl_narg = sav_narg;
2082
2083 return ret;
2084 }
2085
2086
2087
2088
2089 /*************************************************
2090 * Read and evaluate a condition *
2091 *************************************************/
2092
2093 /*
2094 Arguments:
2095 s points to the start of the condition text
2096 resetok points to a BOOL which is written false if it is unsafe to
2097 free memory. Certain condition types (acl) may have side-effect
2098 allocation which must be preserved.
2099 yield points to a BOOL to hold the result of the condition test;
2100 if NULL, we are just reading through a condition that is
2101 part of an "or" combination to check syntax, or in a state
2102 where the answer isn't required
2103
2104 Returns: a pointer to the first character after the condition, or
2105 NULL after an error
2106 */
2107
2108 static const uschar *
2109 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2110 {
2111 BOOL testfor = TRUE;
2112 BOOL tempcond, combined_cond;
2113 BOOL *subcondptr;
2114 BOOL sub2_honour_dollar = TRUE;
2115 int i, rc, cond_type, roffset;
2116 int_eximarith_t num[2];
2117 struct stat statbuf;
2118 uschar name[256];
2119 const uschar *sub[10];
2120
2121 const pcre *re;
2122 const uschar *rerror;
2123
2124 for (;;)
2125 {
2126 while (isspace(*s)) s++;
2127 if (*s == '!') { testfor = !testfor; s++; } else break;
2128 }
2129
2130 /* Numeric comparisons are symbolic */
2131
2132 if (*s == '=' || *s == '>' || *s == '<')
2133 {
2134 int p = 0;
2135 name[p++] = *s++;
2136 if (*s == '=')
2137 {
2138 name[p++] = '=';
2139 s++;
2140 }
2141 name[p] = 0;
2142 }
2143
2144 /* All other conditions are named */
2145
2146 else s = read_name(name, 256, s, US"_");
2147
2148 /* If we haven't read a name, it means some non-alpha character is first. */
2149
2150 if (name[0] == 0)
2151 {
2152 expand_string_message = string_sprintf("condition name expected, "
2153 "but found \"%.16s\"", s);
2154 return NULL;
2155 }
2156
2157 /* Find which condition we are dealing with, and switch on it */
2158
2159 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
2160 switch(cond_type)
2161 {
2162 /* def: tests for a non-empty variable, or for the existence of a header. If
2163 yield == NULL we are in a skipping state, and don't care about the answer. */
2164
2165 case ECOND_DEF:
2166 if (*s != ':')
2167 {
2168 expand_string_message = US"\":\" expected after \"def\"";
2169 return NULL;
2170 }
2171
2172 s = read_name(name, 256, s+1, US"_");
2173
2174 /* Test for a header's existence. If the name contains a closing brace
2175 character, this may be a user error where the terminating colon has been
2176 omitted. Set a flag to adjust a subsequent error message in this case. */
2177
2178 if (Ustrncmp(name, "h_", 2) == 0 ||
2179 Ustrncmp(name, "rh_", 3) == 0 ||
2180 Ustrncmp(name, "bh_", 3) == 0 ||
2181 Ustrncmp(name, "header_", 7) == 0 ||
2182 Ustrncmp(name, "rheader_", 8) == 0 ||
2183 Ustrncmp(name, "bheader_", 8) == 0)
2184 {
2185 s = read_header_name(name, 256, s);
2186 /* {-for-text-editors */
2187 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2188 if (yield != NULL) *yield =
2189 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2190 }
2191
2192 /* Test for a variable's having a non-empty value. A non-existent variable
2193 causes an expansion failure. */
2194
2195 else
2196 {
2197 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2198 if (value == NULL)
2199 {
2200 expand_string_message = (name[0] == 0)?
2201 string_sprintf("variable name omitted after \"def:\"") :
2202 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
2203 check_variable_error_message(name);
2204 return NULL;
2205 }
2206 if (yield != NULL) *yield = (value[0] != 0) == testfor;
2207 }
2208
2209 return s;
2210
2211
2212 /* first_delivery tests for first delivery attempt */
2213
2214 case ECOND_FIRST_DELIVERY:
2215 if (yield != NULL) *yield = deliver_firsttime == testfor;
2216 return s;
2217
2218
2219 /* queue_running tests for any process started by a queue runner */
2220
2221 case ECOND_QUEUE_RUNNING:
2222 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2223 return s;
2224
2225
2226 /* exists: tests for file existence
2227 isip: tests for any IP address
2228 isip4: tests for an IPv4 address
2229 isip6: tests for an IPv6 address
2230 pam: does PAM authentication
2231 radius: does RADIUS authentication
2232 ldapauth: does LDAP authentication
2233 pwcheck: does Cyrus SASL pwcheck authentication
2234 */
2235
2236 case ECOND_EXISTS:
2237 case ECOND_ISIP:
2238 case ECOND_ISIP4:
2239 case ECOND_ISIP6:
2240 case ECOND_PAM:
2241 case ECOND_RADIUS:
2242 case ECOND_LDAPAUTH:
2243 case ECOND_PWCHECK:
2244
2245 while (isspace(*s)) s++;
2246 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2247
2248 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2249 if (sub[0] == NULL) return NULL;
2250 /* {-for-text-editors */
2251 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2252
2253 if (yield == NULL) return s; /* No need to run the test if skipping */
2254
2255 switch(cond_type)
2256 {
2257 case ECOND_EXISTS:
2258 if ((expand_forbid & RDO_EXISTS) != 0)
2259 {
2260 expand_string_message = US"File existence tests are not permitted";
2261 return NULL;
2262 }
2263 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2264 break;
2265
2266 case ECOND_ISIP:
2267 case ECOND_ISIP4:
2268 case ECOND_ISIP6:
2269 rc = string_is_ip_address(sub[0], NULL);
2270 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2271 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2272 break;
2273
2274 /* Various authentication tests - all optionally compiled */
2275
2276 case ECOND_PAM:
2277 #ifdef SUPPORT_PAM
2278 rc = auth_call_pam(sub[0], &expand_string_message);
2279 goto END_AUTH;
2280 #else
2281 goto COND_FAILED_NOT_COMPILED;
2282 #endif /* SUPPORT_PAM */
2283
2284 case ECOND_RADIUS:
2285 #ifdef RADIUS_CONFIG_FILE
2286 rc = auth_call_radius(sub[0], &expand_string_message);
2287 goto END_AUTH;
2288 #else
2289 goto COND_FAILED_NOT_COMPILED;
2290 #endif /* RADIUS_CONFIG_FILE */
2291
2292 case ECOND_LDAPAUTH:
2293 #ifdef LOOKUP_LDAP
2294 {
2295 /* Just to keep the interface the same */
2296 BOOL do_cache;
2297 int old_pool = store_pool;
2298 store_pool = POOL_SEARCH;
2299 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2300 &expand_string_message, &do_cache);
2301 store_pool = old_pool;
2302 }
2303 goto END_AUTH;
2304 #else
2305 goto COND_FAILED_NOT_COMPILED;
2306 #endif /* LOOKUP_LDAP */
2307
2308 case ECOND_PWCHECK:
2309 #ifdef CYRUS_PWCHECK_SOCKET
2310 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2311 goto END_AUTH;
2312 #else
2313 goto COND_FAILED_NOT_COMPILED;
2314 #endif /* CYRUS_PWCHECK_SOCKET */
2315
2316 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2317 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2318 END_AUTH:
2319 if (rc == ERROR || rc == DEFER) return NULL;
2320 *yield = (rc == OK) == testfor;
2321 #endif
2322 }
2323 return s;
2324
2325
2326 /* call ACL (in a conditional context). Accept true, deny false.
2327 Defer is a forced-fail. Anything set by message= goes to $value.
2328 Up to ten parameters are used; we use the braces round the name+args
2329 like the saslauthd condition does, to permit a variable number of args.
2330 See also the expansion-item version EITEM_ACL and the traditional
2331 acl modifier ACLC_ACL.
2332 Since the ACL may allocate new global variables, tell our caller to not
2333 reclaim memory.
2334 */
2335
2336 case ECOND_ACL:
2337 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2338 {
2339 uschar *sub[10];
2340 uschar *user_msg;
2341 BOOL cond = FALSE;
2342 int size = 0;
2343 int ptr = 0;
2344
2345 while (isspace(*s)) s++;
2346 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2347
2348 switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1,
2349 &s, yield == NULL, TRUE, US"acl", resetok))
2350 {
2351 case 1: expand_string_message = US"too few arguments or bracketing "
2352 "error for acl";
2353 case 2:
2354 case 3: return NULL;
2355 }
2356
2357 *resetok = FALSE;
2358 if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
2359 {
2360 case OK:
2361 cond = TRUE;
2362 case FAIL:
2363 lookup_value = NULL;
2364 if (user_msg)
2365 {
2366 lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
2367 lookup_value[ptr] = '\0';
2368 }
2369 *yield = cond == testfor;
2370 break;
2371
2372 case DEFER:
2373 expand_string_forcedfail = TRUE;
2374 default:
2375 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2376 return NULL;
2377 }
2378 return s;
2379 }
2380
2381
2382 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2383
2384 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2385
2386 However, the last two are optional. That is why the whole set is enclosed
2387 in their own set of braces. */
2388
2389 case ECOND_SASLAUTHD:
2390 #ifndef CYRUS_SASLAUTHD_SOCKET
2391 goto COND_FAILED_NOT_COMPILED;
2392 #else
2393 while (isspace(*s)) s++;
2394 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2395 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd", resetok))
2396 {
2397 case 1: expand_string_message = US"too few arguments or bracketing "
2398 "error for saslauthd";
2399 case 2:
2400 case 3: return NULL;
2401 }
2402 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2403 if (yield != NULL)
2404 {
2405 int rc;
2406 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2407 &expand_string_message);
2408 if (rc == ERROR || rc == DEFER) return NULL;
2409 *yield = (rc == OK) == testfor;
2410 }
2411 return s;
2412 #endif /* CYRUS_SASLAUTHD_SOCKET */
2413
2414
2415 /* symbolic operators for numeric and string comparison, and a number of
2416 other operators, all requiring two arguments.
2417
2418 crypteq: encrypts plaintext and compares against an encrypted text,
2419 using crypt(), crypt16(), MD5 or SHA-1
2420 inlist/inlisti: checks if first argument is in the list of the second
2421 match: does a regular expression match and sets up the numerical
2422 variables if it succeeds
2423 match_address: matches in an address list
2424 match_domain: matches in a domain list
2425 match_ip: matches a host list that is restricted to IP addresses
2426 match_local_part: matches in a local part list
2427 */
2428
2429 case ECOND_MATCH_ADDRESS:
2430 case ECOND_MATCH_DOMAIN:
2431 case ECOND_MATCH_IP:
2432 case ECOND_MATCH_LOCAL_PART:
2433 #ifndef EXPAND_LISTMATCH_RHS
2434 sub2_honour_dollar = FALSE;
2435 #endif
2436 /* FALLTHROUGH */
2437
2438 case ECOND_CRYPTEQ:
2439 case ECOND_INLIST:
2440 case ECOND_INLISTI:
2441 case ECOND_MATCH:
2442
2443 case ECOND_NUM_L: /* Numerical comparisons */
2444 case ECOND_NUM_LE:
2445 case ECOND_NUM_E:
2446 case ECOND_NUM_EE:
2447 case ECOND_NUM_G:
2448 case ECOND_NUM_GE:
2449
2450 case ECOND_STR_LT: /* String comparisons */
2451 case ECOND_STR_LTI:
2452 case ECOND_STR_LE:
2453 case ECOND_STR_LEI:
2454 case ECOND_STR_EQ:
2455 case ECOND_STR_EQI:
2456 case ECOND_STR_GT:
2457 case ECOND_STR_GTI:
2458 case ECOND_STR_GE:
2459 case ECOND_STR_GEI:
2460
2461 for (i = 0; i < 2; i++)
2462 {
2463 /* Sometimes, we don't expand substrings; too many insecure configurations
2464 created using match_address{}{} and friends, where the second param
2465 includes information from untrustworthy sources. */
2466 BOOL honour_dollar = TRUE;
2467 if ((i > 0) && !sub2_honour_dollar)
2468 honour_dollar = FALSE;
2469
2470 while (isspace(*s)) s++;
2471 if (*s != '{')
2472 {
2473 if (i == 0) goto COND_FAILED_CURLY_START;
2474 expand_string_message = string_sprintf("missing 2nd string in {} "
2475 "after \"%s\"", name);
2476 return NULL;
2477 }
2478 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2479 honour_dollar, resetok);
2480 if (sub[i] == NULL) return NULL;
2481 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2482
2483 /* Convert to numerical if required; we know that the names of all the
2484 conditions that compare numbers do not start with a letter. This just saves
2485 checking for them individually. */
2486
2487 if (!isalpha(name[0]) && yield != NULL)
2488 {
2489 if (sub[i][0] == 0)
2490 {
2491 num[i] = 0;
2492 DEBUG(D_expand)
2493 debug_printf("empty string cast to zero for numerical comparison\n");
2494 }
2495 else
2496 {
2497 num[i] = expanded_string_integer(sub[i], FALSE);
2498 if (expand_string_message != NULL) return NULL;
2499 }
2500 }
2501 }
2502
2503 /* Result not required */
2504
2505 if (yield == NULL) return s;
2506
2507 /* Do an appropriate comparison */
2508
2509 switch(cond_type)
2510 {
2511 case ECOND_NUM_E:
2512 case ECOND_NUM_EE:
2513 tempcond = (num[0] == num[1]);
2514 break;
2515
2516 case ECOND_NUM_G:
2517 tempcond = (num[0] > num[1]);
2518 break;
2519
2520 case ECOND_NUM_GE:
2521 tempcond = (num[0] >= num[1]);
2522 break;
2523
2524 case ECOND_NUM_L:
2525 tempcond = (num[0] < num[1]);
2526 break;
2527
2528 case ECOND_NUM_LE:
2529 tempcond = (num[0] <= num[1]);
2530 break;
2531
2532 case ECOND_STR_LT:
2533 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2534 break;
2535
2536 case ECOND_STR_LTI:
2537 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2538 break;
2539
2540 case ECOND_STR_LE:
2541 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2542 break;
2543
2544 case ECOND_STR_LEI:
2545 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2546 break;
2547
2548 case ECOND_STR_EQ:
2549 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2550 break;
2551
2552 case ECOND_STR_EQI:
2553 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2554 break;
2555
2556 case ECOND_STR_GT:
2557 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2558 break;
2559
2560 case ECOND_STR_GTI:
2561 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2562 break;
2563
2564 case ECOND_STR_GE:
2565 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2566 break;
2567
2568 case ECOND_STR_GEI:
2569 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2570 break;
2571
2572 case ECOND_MATCH: /* Regular expression match */
2573 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2574 NULL);
2575 if (re == NULL)
2576 {
2577 expand_string_message = string_sprintf("regular expression error in "
2578 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2579 return NULL;
2580 }
2581 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2582 break;
2583
2584 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2585 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2586 goto MATCHED_SOMETHING;
2587
2588 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2589 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2590 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2591 goto MATCHED_SOMETHING;
2592
2593 case ECOND_MATCH_IP: /* Match IP address in a host list */
2594 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2595 {
2596 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2597 sub[0]);
2598 return NULL;
2599 }
2600 else
2601 {
2602 unsigned int *nullcache = NULL;
2603 check_host_block cb;
2604
2605 cb.host_name = US"";
2606 cb.host_address = sub[0];
2607
2608 /* If the host address starts off ::ffff: it is an IPv6 address in
2609 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2610 addresses. */
2611
2612 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2613 cb.host_address + 7 : cb.host_address;
2614
2615 rc = match_check_list(
2616 &sub[1], /* the list */
2617 0, /* separator character */
2618 &hostlist_anchor, /* anchor pointer */
2619 &nullcache, /* cache pointer */
2620 check_host, /* function for testing */
2621 &cb, /* argument for function */
2622 MCL_HOST, /* type of check */
2623 sub[0], /* text for debugging */
2624 NULL); /* where to pass back data */
2625 }
2626 goto MATCHED_SOMETHING;
2627
2628 case ECOND_MATCH_LOCAL_PART:
2629 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2630 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2631 /* Fall through */
2632 /* VVVVVVVVVVVV */
2633 MATCHED_SOMETHING:
2634 switch(rc)
2635 {
2636 case OK:
2637 tempcond = TRUE;
2638 break;
2639
2640 case FAIL:
2641 tempcond = FALSE;
2642 break;
2643
2644 case DEFER:
2645 expand_string_message = string_sprintf("unable to complete match "
2646 "against \"%s\": %s", sub[1], search_error_message);
2647 return NULL;
2648 }
2649
2650 break;
2651
2652 /* Various "encrypted" comparisons. If the second string starts with
2653 "{" then an encryption type is given. Default to crypt() or crypt16()
2654 (build-time choice). */
2655 /* }-for-text-editors */
2656
2657 case ECOND_CRYPTEQ:
2658 #ifndef SUPPORT_CRYPTEQ
2659 goto COND_FAILED_NOT_COMPILED;
2660 #else
2661 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2662 {
2663 int sublen = Ustrlen(sub[1]+5);
2664 md5 base;
2665 uschar digest[16];
2666
2667 md5_start(&base);
2668 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2669
2670 /* If the length that we are comparing against is 24, the MD5 digest
2671 is expressed as a base64 string. This is the way LDAP does it. However,
2672 some other software uses a straightforward hex representation. We assume
2673 this if the length is 32. Other lengths fail. */
2674
2675 if (sublen == 24)
2676 {
2677 uschar *coded = auth_b64encode((uschar *)digest, 16);
2678 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2679 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2680 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
2681 }
2682 else if (sublen == 32)
2683 {
2684 int i;
2685 uschar coded[36];
2686 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2687 coded[32] = 0;
2688 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2689 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2690 tempcond = (strcmpic(coded, sub[1]+5) == 0);
2691 }
2692 else
2693 {
2694 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2695 "fail\n crypted=%s\n", sub[1]+5);
2696 tempcond = FALSE;
2697 }
2698 }
2699
2700 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2701 {
2702 int sublen = Ustrlen(sub[1]+6);
2703 sha1 base;
2704 uschar digest[20];
2705
2706 sha1_start(&base);
2707 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2708
2709 /* If the length that we are comparing against is 28, assume the SHA1
2710 digest is expressed as a base64 string. If the length is 40, assume a
2711 straightforward hex representation. Other lengths fail. */
2712
2713 if (sublen == 28)
2714 {
2715 uschar *coded = auth_b64encode((uschar *)digest, 20);
2716 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2717 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2718 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
2719 }
2720 else if (sublen == 40)
2721 {
2722 int i;
2723 uschar coded[44];
2724 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2725 coded[40] = 0;
2726 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2727 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2728 tempcond = (strcmpic(coded, sub[1]+6) == 0);
2729 }
2730 else
2731 {
2732 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2733 "fail\n crypted=%s\n", sub[1]+6);
2734 tempcond = FALSE;
2735 }
2736 }
2737
2738 else /* {crypt} or {crypt16} and non-{ at start */
2739 /* }-for-text-editors */
2740 {
2741 int which = 0;
2742 uschar *coded;
2743
2744 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2745 {
2746 sub[1] += 7;
2747 which = 1;
2748 }
2749 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2750 {
2751 sub[1] += 9;
2752 which = 2;
2753 }
2754 else if (sub[1][0] == '{') /* }-for-text-editors */
2755 {
2756 expand_string_message = string_sprintf("unknown encryption mechanism "
2757 "in \"%s\"", sub[1]);
2758 return NULL;
2759 }
2760
2761 switch(which)
2762 {
2763 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2764 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2765 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2766 }
2767
2768 #define STR(s) # s
2769 #define XSTR(s) STR(s)
2770 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2771 " subject=%s\n crypted=%s\n",
2772 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2773 coded, sub[1]);
2774 #undef STR
2775 #undef XSTR
2776
2777 /* If the encrypted string contains fewer than two characters (for the
2778 salt), force failure. Otherwise we get false positives: with an empty
2779 string the yield of crypt() is an empty string! */
2780
2781 tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
2782 (Ustrcmp(coded, sub[1]) == 0);
2783 }
2784 break;
2785 #endif /* SUPPORT_CRYPTEQ */
2786
2787 case ECOND_INLIST:
2788 case ECOND_INLISTI:
2789 {
2790 const uschar * list = sub[1];
2791 int sep = 0;
2792 uschar *save_iterate_item = iterate_item;
2793 int (*compare)(const uschar *, const uschar *);
2794
2795 DEBUG(D_expand) debug_printf("condition: %s\n", name);
2796
2797 tempcond = FALSE;
2798 compare = cond_type == ECOND_INLISTI
2799 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
2800
2801 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
2802 if (compare(sub[0], iterate_item) == 0)
2803 {
2804 tempcond = TRUE;
2805 break;
2806 }
2807 iterate_item = save_iterate_item;
2808 }
2809
2810 } /* Switch for comparison conditions */
2811
2812 *yield = tempcond == testfor;
2813 return s; /* End of comparison conditions */
2814
2815
2816 /* and/or: computes logical and/or of several conditions */
2817
2818 case ECOND_AND:
2819 case ECOND_OR:
2820 subcondptr = (yield == NULL)? NULL : &tempcond;
2821 combined_cond = (cond_type == ECOND_AND);
2822
2823 while (isspace(*s)) s++;
2824 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2825
2826 for (;;)
2827 {
2828 while (isspace(*s)) s++;
2829 /* {-for-text-editors */
2830 if (*s == '}') break;
2831 if (*s != '{') /* }-for-text-editors */
2832 {
2833 expand_string_message = string_sprintf("each subcondition "
2834 "inside an \"%s{...}\" condition must be in its own {}", name);
2835 return NULL;
2836 }
2837
2838 if (!(s = eval_condition(s+1, resetok, subcondptr)))
2839 {
2840 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2841 expand_string_message, name);
2842 return NULL;
2843 }
2844 while (isspace(*s)) s++;
2845
2846 /* {-for-text-editors */
2847 if (*s++ != '}')
2848 {
2849 /* {-for-text-editors */
2850 expand_string_message = string_sprintf("missing } at end of condition "
2851 "inside \"%s\" group", name);
2852 return NULL;
2853 }
2854
2855 if (yield != NULL)
2856 {
2857 if (cond_type == ECOND_AND)
2858 {
2859 combined_cond &= tempcond;
2860 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2861 } /* evaluate any more */
2862 else
2863 {
2864 combined_cond |= tempcond;
2865 if (combined_cond) subcondptr = NULL; /* once true, don't */
2866 } /* evaluate any more */
2867 }
2868 }
2869
2870 if (yield != NULL) *yield = (combined_cond == testfor);
2871 return ++s;
2872
2873
2874 /* forall/forany: iterates a condition with different values */
2875
2876 case ECOND_FORALL:
2877 case ECOND_FORANY:
2878 {
2879 const uschar * list;
2880 int sep = 0;
2881 uschar *save_iterate_item = iterate_item;
2882
2883 DEBUG(D_expand) debug_printf("condition: %s\n", name);
2884
2885 while (isspace(*s)) s++;
2886 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2887 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
2888 if (sub[0] == NULL) return NULL;
2889 /* {-for-text-editors */
2890 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2891
2892 while (isspace(*s)) s++;
2893 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2894
2895 sub[1] = s;
2896
2897 /* Call eval_condition once, with result discarded (as if scanning a
2898 "false" part). This allows us to find the end of the condition, because if
2899 the list it empty, we won't actually evaluate the condition for real. */
2900
2901 if (!(s = eval_condition(sub[1], resetok, NULL)))
2902 {
2903 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2904 expand_string_message, name);
2905 return NULL;
2906 }
2907 while (isspace(*s)) s++;
2908
2909 /* {-for-text-editors */
2910 if (*s++ != '}')
2911 {
2912 /* {-for-text-editors */
2913 expand_string_message = string_sprintf("missing } at end of condition "
2914 "inside \"%s\"", name);
2915 return NULL;
2916 }
2917
2918 if (yield != NULL) *yield = !testfor;
2919 list = sub[0];
2920 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
2921 {
2922 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2923 if (!eval_condition(sub[1], resetok, &tempcond))
2924 {
2925 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2926 expand_string_message, name);
2927 iterate_item = save_iterate_item;
2928 return NULL;
2929 }
2930 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2931 tempcond? "true":"false");
2932
2933 if (yield != NULL) *yield = (tempcond == testfor);
2934 if (tempcond == (cond_type == ECOND_FORANY)) break;
2935 }
2936
2937 iterate_item = save_iterate_item;
2938 return s;
2939 }
2940
2941
2942 /* The bool{} expansion condition maps a string to boolean.
2943 The values supported should match those supported by the ACL condition
2944 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2945 of true/false. Note that Router "condition" rules have a different
2946 interpretation, where general data can be used and only a few values
2947 map to FALSE.
2948 Note that readconf.c boolean matching, for boolean configuration options,
2949 only matches true/yes/false/no.
2950 The bool_lax{} condition matches the Router logic, which is much more
2951 liberal. */
2952 case ECOND_BOOL:
2953 case ECOND_BOOL_LAX:
2954 {
2955 uschar *sub_arg[1];
2956 uschar *t, *t2;
2957 uschar *ourname;
2958 size_t len;
2959 BOOL boolvalue = FALSE;
2960 while (isspace(*s)) s++;
2961 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2962 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
2963 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
2964 {
2965 case 1: expand_string_message = string_sprintf(
2966 "too few arguments or bracketing error for %s",
2967 ourname);
2968 /*FALLTHROUGH*/
2969 case 2:
2970 case 3: return NULL;
2971 }
2972 t = sub_arg[0];
2973 while (isspace(*t)) t++;
2974 len = Ustrlen(t);
2975 if (len)
2976 {
2977 /* trailing whitespace: seems like a good idea to ignore it too */
2978 t2 = t + len - 1;
2979 while (isspace(*t2)) t2--;
2980 if (t2 != (t + len))
2981 {
2982 *++t2 = '\0';
2983 len = t2 - t;
2984 }
2985 }
2986 DEBUG(D_expand)
2987 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2988 /* logic for the lax case from expand_check_condition(), which also does
2989 expands, and the logic is both short and stable enough that there should
2990 be no maintenance burden from replicating it. */
2991 if (len == 0)
2992 boolvalue = FALSE;
2993 else if (*t == '-'
2994 ? Ustrspn(t+1, "0123456789") == len-1
2995 : Ustrspn(t, "0123456789") == len)
2996 {
2997 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
2998 /* expand_check_condition only does a literal string "0" check */
2999 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3000 boolvalue = TRUE;
3001 }
3002 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3003 boolvalue = TRUE;
3004 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3005 boolvalue = FALSE;
3006 else if (cond_type == ECOND_BOOL_LAX)
3007 boolvalue = TRUE;
3008 else
3009 {
3010 expand_string_message = string_sprintf("unrecognised boolean "
3011 "value \"%s\"", t);
3012 return NULL;
3013 }
3014 if (yield != NULL) *yield = (boolvalue == testfor);
3015 return s;
3016 }
3017
3018 /* Unknown condition */
3019
3020 default:
3021 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
3022 return NULL;
3023 } /* End switch on condition type */
3024
3025 /* Missing braces at start and end of data */
3026
3027 COND_FAILED_CURLY_START:
3028 expand_string_message = string_sprintf("missing { after \"%s\"", name);
3029 return NULL;
3030
3031 COND_FAILED_CURLY_END:
3032 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3033 name);
3034 return NULL;
3035
3036 /* A condition requires code that is not compiled */
3037
3038 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3039 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3040 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3041 COND_FAILED_NOT_COMPILED:
3042 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3043 name);
3044 return NULL;
3045 #endif
3046 }
3047
3048
3049
3050
3051 /*************************************************
3052 * Save numerical variables *
3053 *************************************************/
3054
3055 /* This function is called from items such as "if" that want to preserve and
3056 restore the numbered variables.
3057
3058 Arguments:
3059 save_expand_string points to an array of pointers to set
3060 save_expand_nlength points to an array of ints for the lengths
3061
3062 Returns: the value of expand max to save
3063 */
3064
3065 static int
3066 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3067 {
3068 int i;
3069 for (i = 0; i <= expand_nmax; i++)
3070 {
3071 save_expand_nstring[i] = expand_nstring[i];
3072 save_expand_nlength[i] = expand_nlength[i];
3073 }
3074 return expand_nmax;
3075 }
3076
3077
3078
3079 /*************************************************
3080 * Restore numerical variables *
3081 *************************************************/
3082
3083 /* This function restored saved values of numerical strings.
3084
3085 Arguments:
3086 save_expand_nmax the number of strings to restore
3087 save_expand_string points to an array of pointers
3088 save_expand_nlength points to an array of ints
3089
3090 Returns: nothing
3091 */
3092
3093 static void
3094 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3095 int *save_expand_nlength)
3096 {
3097 int i;
3098 expand_nmax = save_expand_nmax;
3099 for (i = 0; i <= expand_nmax; i++)
3100 {
3101 expand_nstring[i] = save_expand_nstring[i];
3102 expand_nlength[i] = save_expand_nlength[i];
3103 }
3104 }
3105
3106
3107
3108
3109
3110 /*************************************************
3111 * Handle yes/no substrings *
3112 *************************************************/
3113
3114 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3115 alternative substrings that depend on whether or not the condition was true,
3116 or the lookup or extraction succeeded. The substrings always have to be
3117 expanded, to check their syntax, but "skipping" is set when the result is not
3118 needed - this avoids unnecessary nested lookups.
3119
3120 Arguments:
3121 skipping TRUE if we were skipping when this item was reached
3122 yes TRUE if the first string is to be used, else use the second
3123 save_lookup a value to put back into lookup_value before the 2nd expansion
3124 sptr points to the input string pointer
3125 yieldptr points to the output string pointer
3126 sizeptr points to the output string size
3127 ptrptr points to the output string pointer
3128 type "lookup" or "if" or "extract" or "run", for error message
3129 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3130 the store.
3131
3132 Returns: 0 OK; lookup_value has been reset to save_lookup
3133 1 expansion failed
3134 2 expansion failed because of bracketing error
3135 */
3136
3137 static int
3138 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3139 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type, BOOL *resetok)
3140 {
3141 int rc = 0;
3142 const uschar *s = *sptr; /* Local value */
3143 uschar *sub1, *sub2;
3144
3145 /* If there are no following strings, we substitute the contents of $value for
3146 lookups and for extractions in the success case. For the ${if item, the string
3147 "true" is substituted. In the fail case, nothing is substituted for all three
3148 items. */
3149
3150 while (isspace(*s)) s++;
3151 if (*s == '}')
3152 {
3153 if (type[0] == 'i')
3154 {
3155 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
3156 }
3157 else
3158 {
3159 if (yes && lookup_value != NULL)
3160 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
3161 Ustrlen(lookup_value));
3162 lookup_value = save_lookup;
3163 }
3164 s++;
3165 goto RETURN;
3166 }
3167
3168 /* The first following string must be braced. */
3169
3170 if (*s++ != '{') goto FAILED_CURLY;
3171
3172 /* Expand the first substring. Forced failures are noticed only if we actually
3173 want this string. Set skipping in the call in the fail case (this will always
3174 be the case if we were already skipping). */
3175
3176 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
3177 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3178 expand_string_forcedfail = FALSE;
3179 if (*s++ != '}') goto FAILED_CURLY;
3180
3181 /* If we want the first string, add it to the output */
3182
3183 if (yes)
3184 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
3185
3186 /* If this is called from a lookup or an extract, we want to restore $value to
3187 what it was at the start of the item, so that it has this value during the
3188 second string expansion. For the call from "if" or "run" to this function,
3189 save_lookup is set to lookup_value, so that this statement does nothing. */
3190
3191 lookup_value = save_lookup;
3192
3193 /* There now follows either another substring, or "fail", or nothing. This
3194 time, forced failures are noticed only if we want the second string. We must
3195 set skipping in the nested call if we don't want this string, or if we were
3196 already skipping. */
3197
3198 while (isspace(*s)) s++;
3199 if (*s == '{')
3200 {
3201 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
3202 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3203 expand_string_forcedfail = FALSE;
3204 if (*s++ != '}') goto FAILED_CURLY;
3205
3206 /* If we want the second string, add it to the output */
3207
3208 if (!yes)
3209 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
3210 }
3211
3212 /* If there is no second string, but the word "fail" is present when the use of
3213 the second string is wanted, set a flag indicating it was a forced failure
3214 rather than a syntactic error. Swallow the terminating } in case this is nested
3215 inside another lookup or if or extract. */
3216
3217 else if (*s != '}')
3218 {
3219 uschar name[256];
3220 /* deconst cast ok here as source is s anyway */
3221 s = US read_name(name, sizeof(name), s, US"_");
3222 if (Ustrcmp(name, "fail") == 0)
3223 {
3224 if (!yes && !skipping)
3225 {
3226 while (isspace(*s)) s++;
3227 if (*s++ != '}') goto FAILED_CURLY;
3228 expand_string_message =
3229 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3230 expand_string_forcedfail = TRUE;
3231 goto FAILED;
3232 }
3233 }
3234 else
3235 {
3236 expand_string_message =
3237 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3238 goto FAILED;
3239 }
3240 }
3241
3242 /* All we have to do now is to check on the final closing brace. */
3243
3244 while (isspace(*s)) s++;
3245 if (*s++ == '}') goto RETURN;
3246
3247 /* Get here if there is a bracketing failure */
3248
3249 FAILED_CURLY:
3250 rc++;
3251
3252 /* Get here for other failures */
3253
3254 FAILED:
3255 rc++;
3256
3257 /* Update the input pointer value before returning */
3258
3259 RETURN:
3260 *sptr = s;
3261 return rc;
3262 }
3263
3264
3265
3266
3267 /*************************************************
3268 * Handle MD5 or SHA-1 computation for HMAC *
3269 *************************************************/
3270
3271 /* These are some wrapping functions that enable the HMAC code to be a bit
3272 cleaner. A good compiler will spot the tail recursion.
3273
3274 Arguments:
3275 type HMAC_MD5 or HMAC_SHA1
3276 remaining are as for the cryptographic hash functions
3277
3278 Returns: nothing
3279 */
3280
3281 static void
3282 chash_start(int type, void *base)
3283 {
3284 if (type == HMAC_MD5)
3285 md5_start((md5 *)base);
3286 else
3287 sha1_start((sha1 *)base);
3288 }
3289
3290 static void
3291 chash_mid(int type, void *base, uschar *string)
3292 {
3293 if (type == HMAC_MD5)
3294 md5_mid((md5 *)base, string);
3295 else
3296 sha1_mid((sha1 *)base, string);
3297 }
3298
3299 static void
3300 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3301 {
3302 if (type == HMAC_MD5)
3303 md5_end((md5 *)base, string, length, digest);
3304 else
3305 sha1_end((sha1 *)base, string, length, digest);
3306 }
3307
3308
3309
3310
3311
3312 /********************************************************
3313 * prvs: Get last three digits of days since Jan 1, 1970 *
3314 ********************************************************/
3315
3316 /* This is needed to implement the "prvs" BATV reverse
3317 path signing scheme
3318
3319 Argument: integer "days" offset to add or substract to
3320 or from the current number of days.
3321
3322 Returns: pointer to string containing the last three
3323 digits of the number of days since Jan 1, 1970,
3324 modified by the offset argument, NULL if there
3325 was an error in the conversion.
3326
3327 */
3328
3329 static uschar *
3330 prvs_daystamp(int day_offset)
3331 {
3332 uschar *days = store_get(32); /* Need at least 24 for cases */
3333 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3334 (time(NULL) + day_offset*86400)/86400);
3335 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3336 }
3337
3338
3339
3340 /********************************************************
3341 * prvs: perform HMAC-SHA1 computation of prvs bits *
3342 ********************************************************/
3343
3344 /* This is needed to implement the "prvs" BATV reverse
3345 path signing scheme
3346
3347 Arguments:
3348 address RFC2821 Address to use
3349 key The key to use (must be less than 64 characters
3350 in size)
3351 key_num Single-digit key number to use. Defaults to
3352 '0' when NULL.
3353
3354 Returns: pointer to string containing the first three
3355 bytes of the final hash in hex format, NULL if
3356 there was an error in the process.
3357 */
3358
3359 static uschar *
3360 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3361 {
3362 uschar *hash_source, *p;
3363 int size = 0,offset = 0,i;
3364 sha1 sha1_base;
3365 void *use_base = &sha1_base;
3366 uschar innerhash[20];
3367 uschar finalhash[20<