Added $sender_verify_failure and $recipient_verify_failure to
[exim.git] / src / src / expand.c
1 /* $Cambridge: exim/src/src/expand.c,v 1.3 2004/11/05 16:53:28 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10
11 /* Functions for handling string expansion. */
12
13
14 #include "exim.h"
15
16 #ifdef STAND_ALONE
17 #ifndef SUPPORT_CRYPTEQ
18 #define SUPPORT_CRYPTEQ
19 #endif
20 #endif
21
22 #ifdef SUPPORT_CRYPTEQ
23 #ifdef CRYPT_H
24 #include <crypt.h>
25 #endif
26 #ifndef HAVE_CRYPT16
27 extern char* crypt16(char*, char*);
28 #endif
29 #endif
30
31 #ifdef LOOKUP_LDAP
32 #include "lookups/ldap.h"
33 #endif
34
35
36
37 /* Recursively called function */
38
39 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43 /*************************************************
44 * Local statics and tables *
45 *************************************************/
46
47 /* Table of item names, and corresponding switch numbers. The names must be in
48 alphabetical order. */
49
50 static uschar *item_table[] = {
51 US"extract",
52 US"hash",
53 US"hmac",
54 US"if",
55 US"length",
56 US"lookup",
57 US"nhash",
58 #ifdef EXIM_PERL
59 US"perl",
60 #endif
61 US"readfile",
62 US"readsocket",
63 US"run",
64 US"sg",
65 US"substr",
66 US"tr" };
67
68 enum {
69 EITEM_EXTRACT,
70 EITEM_HASH,
71 EITEM_HMAC,
72 EITEM_IF,
73 EITEM_LENGTH,
74 EITEM_LOOKUP,
75 EITEM_NHASH,
76 #ifdef EXIM_PERL
77 EITEM_PERL,
78 #endif
79 EITEM_READFILE,
80 EITEM_READSOCK,
81 EITEM_RUN,
82 EITEM_SG,
83 EITEM_SUBSTR,
84 EITEM_TR };
85
86 /* Tables of operator names, and corresponding switch numbers. The names must be
87 in alphabetical order. There are two tables, because underscore is used in some
88 cases to introduce arguments, whereas for other it is part of the name. This is
89 an historical mis-design. */
90
91 static uschar *op_table_underscore[] = {
92 US"from_utf8",
93 US"local_part",
94 US"quote_local_part",
95 US"time_interval"};
96
97 enum {
98 EOP_FROM_UTF8,
99 EOP_LOCAL_PART,
100 EOP_QUOTE_LOCAL_PART,
101 EOP_TIME_INTERVAL };
102
103 static uschar *op_table_main[] = {
104 US"address",
105 US"base62",
106 US"base62d",
107 US"domain",
108 US"escape",
109 US"eval",
110 US"eval10",
111 US"expand",
112 US"h",
113 US"hash",
114 US"hex2b64",
115 US"l",
116 US"lc",
117 US"length",
118 US"mask",
119 US"md5",
120 US"nh",
121 US"nhash",
122 US"quote",
123 US"rfc2047",
124 US"rxquote",
125 US"s",
126 US"sha1",
127 US"stat",
128 US"str2b64",
129 US"strlen",
130 US"substr",
131 US"uc" };
132
133 enum {
134 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
135 EOP_BASE62,
136 EOP_BASE62D,
137 EOP_DOMAIN,
138 EOP_ESCAPE,
139 EOP_EVAL,
140 EOP_EVAL10,
141 EOP_EXPAND,
142 EOP_H,
143 EOP_HASH,
144 EOP_HEX2B64,
145 EOP_L,
146 EOP_LC,
147 EOP_LENGTH,
148 EOP_MASK,
149 EOP_MD5,
150 EOP_NH,
151 EOP_NHASH,
152 EOP_QUOTE,
153 EOP_RFC2047,
154 EOP_RXQUOTE,
155 EOP_S,
156 EOP_SHA1,
157 EOP_STAT,
158 EOP_STR2B64,
159 EOP_STRLEN,
160 EOP_SUBSTR,
161 EOP_UC };
162
163
164 /* Table of condition names, and corresponding switch numbers. The names must
165 be in alphabetical order. */
166
167 static uschar *cond_table[] = {
168 US"<",
169 US"<=",
170 US"=",
171 US"==", /* Backward compatibility */
172 US">",
173 US">=",
174 US"and",
175 US"crypteq",
176 US"def",
177 US"eq",
178 US"eqi",
179 US"exists",
180 US"first_delivery",
181 US"ge",
182 US"gei",
183 US"gt",
184 US"gti",
185 US"isip",
186 US"isip4",
187 US"isip6",
188 US"ldapauth",
189 US"le",
190 US"lei",
191 US"lt",
192 US"lti",
193 US"match",
194 US"match_address",
195 US"match_domain",
196 US"match_local_part",
197 US"or",
198 US"pam",
199 US"pwcheck",
200 US"queue_running",
201 US"radius",
202 US"saslauthd"
203 };
204
205 enum {
206 ECOND_NUM_L,
207 ECOND_NUM_LE,
208 ECOND_NUM_E,
209 ECOND_NUM_EE,
210 ECOND_NUM_G,
211 ECOND_NUM_GE,
212 ECOND_AND,
213 ECOND_CRYPTEQ,
214 ECOND_DEF,
215 ECOND_STR_EQ,
216 ECOND_STR_EQI,
217 ECOND_EXISTS,
218 ECOND_FIRST_DELIVERY,
219 ECOND_STR_GE,
220 ECOND_STR_GEI,
221 ECOND_STR_GT,
222 ECOND_STR_GTI,
223 ECOND_ISIP,
224 ECOND_ISIP4,
225 ECOND_ISIP6,
226 ECOND_LDAPAUTH,
227 ECOND_STR_LE,
228 ECOND_STR_LEI,
229 ECOND_STR_LT,
230 ECOND_STR_LTI,
231 ECOND_MATCH,
232 ECOND_MATCH_ADDRESS,
233 ECOND_MATCH_DOMAIN,
234 ECOND_MATCH_LOCAL_PART,
235 ECOND_OR,
236 ECOND_PAM,
237 ECOND_PWCHECK,
238 ECOND_QUEUE_RUNNING,
239 ECOND_RADIUS,
240 ECOND_SASLAUTHD
241 };
242
243
244 /* Type for main variable table */
245
246 typedef struct {
247 char *name;
248 int type;
249 void *value;
250 } var_entry;
251
252 /* Type for entries pointing to address/length pairs. Not currently
253 in use. */
254
255 typedef struct {
256 uschar **address;
257 int *length;
258 } alblock;
259
260 /* Types of table entry */
261
262 enum {
263 vtype_int, /* value is address of int */
264 vtype_filter_int, /* ditto, but recognized only when filtering */
265 vtype_ino, /* value is address of ino_t (not always an int) */
266 vtype_uid, /* value is address of uid_t (not always an int) */
267 vtype_gid, /* value is address of gid_t (not always an int) */
268 vtype_stringptr, /* value is address of pointer to string */
269 vtype_msgbody, /* as stringptr, but read when first required */
270 vtype_msgbody_end, /* ditto, the end of the message */
271 vtype_msgheaders, /* the message's headers */
272 vtype_localpart, /* extract local part from string */
273 vtype_domain, /* extract domain from string */
274 vtype_recipients, /* extract recipients from recipients list */
275 /* (enabled only during system filtering */
276 vtype_todbsdin, /* value not used; generate BSD inbox tod */
277 vtype_tode, /* value not used; generate tod in epoch format */
278 vtype_todf, /* value not used; generate full tod */
279 vtype_todl, /* value not used; generate log tod */
280 vtype_todlf, /* value not used; generate log file datestamp tod */
281 vtype_todzone, /* value not used; generate time zone only */
282 vtype_todzulu, /* value not used; generate zulu tod */
283 vtype_reply, /* value not used; get reply from headers */
284 vtype_pid, /* value not used; result is pid */
285 vtype_host_lookup, /* value not used; get host name */
286 vtype_load_avg /* value not used; result is int from os_getloadavg */
287 };
288
289 /* This table must be kept in alphabetical order. */
290
291 static var_entry var_table[] = {
292 { "acl_c0", vtype_stringptr, &acl_var[0] },
293 { "acl_c1", vtype_stringptr, &acl_var[1] },
294 { "acl_c2", vtype_stringptr, &acl_var[2] },
295 { "acl_c3", vtype_stringptr, &acl_var[3] },
296 { "acl_c4", vtype_stringptr, &acl_var[4] },
297 { "acl_c5", vtype_stringptr, &acl_var[5] },
298 { "acl_c6", vtype_stringptr, &acl_var[6] },
299 { "acl_c7", vtype_stringptr, &acl_var[7] },
300 { "acl_c8", vtype_stringptr, &acl_var[8] },
301 { "acl_c9", vtype_stringptr, &acl_var[9] },
302 { "acl_m0", vtype_stringptr, &acl_var[10] },
303 { "acl_m1", vtype_stringptr, &acl_var[11] },
304 { "acl_m2", vtype_stringptr, &acl_var[12] },
305 { "acl_m3", vtype_stringptr, &acl_var[13] },
306 { "acl_m4", vtype_stringptr, &acl_var[14] },
307 { "acl_m5", vtype_stringptr, &acl_var[15] },
308 { "acl_m6", vtype_stringptr, &acl_var[16] },
309 { "acl_m7", vtype_stringptr, &acl_var[17] },
310 { "acl_m8", vtype_stringptr, &acl_var[18] },
311 { "acl_m9", vtype_stringptr, &acl_var[19] },
312 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
313 { "address_data", vtype_stringptr, &deliver_address_data },
314 { "address_file", vtype_stringptr, &address_file },
315 { "address_pipe", vtype_stringptr, &address_pipe },
316 { "authenticated_id", vtype_stringptr, &authenticated_id },
317 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
318 { "authentication_failed",vtype_int, &authentication_failed },
319 { "body_linecount", vtype_int, &body_linecount },
320 { "body_zerocount", vtype_int, &body_zerocount },
321 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
322 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
323 { "caller_gid", vtype_gid, &real_gid },
324 { "caller_uid", vtype_uid, &real_uid },
325 { "compile_date", vtype_stringptr, &version_date },
326 { "compile_number", vtype_stringptr, &version_cnumber },
327 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
328 { "dnslist_text", vtype_stringptr, &dnslist_text },
329 { "dnslist_value", vtype_stringptr, &dnslist_value },
330 { "domain", vtype_stringptr, &deliver_domain },
331 { "domain_data", vtype_stringptr, &deliver_domain_data },
332 { "exim_gid", vtype_gid, &exim_gid },
333 { "exim_path", vtype_stringptr, &exim_path },
334 { "exim_uid", vtype_uid, &exim_uid },
335 { "home", vtype_stringptr, &deliver_home },
336 { "host", vtype_stringptr, &deliver_host },
337 { "host_address", vtype_stringptr, &deliver_host_address },
338 { "host_data", vtype_stringptr, &host_data },
339 { "host_lookup_failed", vtype_int, &host_lookup_failed },
340 { "inode", vtype_ino, &deliver_inode },
341 { "interface_address", vtype_stringptr, &interface_address },
342 { "interface_port", vtype_int, &interface_port },
343 #ifdef LOOKUP_LDAP
344 { "ldap_dn", vtype_stringptr, &eldap_dn },
345 #endif
346 { "load_average", vtype_load_avg, NULL },
347 { "local_part", vtype_stringptr, &deliver_localpart },
348 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
349 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
350 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
351 { "local_scan_data", vtype_stringptr, &local_scan_data },
352 { "local_user_gid", vtype_gid, &local_user_gid },
353 { "local_user_uid", vtype_uid, &local_user_uid },
354 { "localhost_number", vtype_int, &host_number },
355 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
356 { "message_age", vtype_int, &message_age },
357 { "message_body", vtype_msgbody, &message_body },
358 { "message_body_end", vtype_msgbody_end, &message_body_end },
359 { "message_body_size", vtype_int, &message_body_size },
360 { "message_headers", vtype_msgheaders, NULL },
361 { "message_id", vtype_stringptr, &message_id },
362 { "message_size", vtype_int, &message_size },
363 { "n0", vtype_filter_int, &filter_n[0] },
364 { "n1", vtype_filter_int, &filter_n[1] },
365 { "n2", vtype_filter_int, &filter_n[2] },
366 { "n3", vtype_filter_int, &filter_n[3] },
367 { "n4", vtype_filter_int, &filter_n[4] },
368 { "n5", vtype_filter_int, &filter_n[5] },
369 { "n6", vtype_filter_int, &filter_n[6] },
370 { "n7", vtype_filter_int, &filter_n[7] },
371 { "n8", vtype_filter_int, &filter_n[8] },
372 { "n9", vtype_filter_int, &filter_n[9] },
373 { "original_domain", vtype_stringptr, &deliver_domain_orig },
374 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
375 { "originator_gid", vtype_gid, &originator_gid },
376 { "originator_uid", vtype_uid, &originator_uid },
377 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
378 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
379 { "pid", vtype_pid, NULL },
380 { "primary_hostname", vtype_stringptr, &primary_hostname },
381 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
382 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
383 { "rcpt_count", vtype_int, &rcpt_count },
384 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
385 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
386 { "received_count", vtype_int, &received_count },
387 { "received_for", vtype_stringptr, &received_for },
388 { "received_protocol", vtype_stringptr, &received_protocol },
389 { "recipient_data", vtype_stringptr, &recipient_data },
390 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
391 { "recipients", vtype_recipients, NULL },
392 { "recipients_count", vtype_int, &recipients_count },
393 { "reply_address", vtype_reply, NULL },
394 { "return_path", vtype_stringptr, &return_path },
395 { "return_size_limit", vtype_int, &bounce_return_size_limit },
396 { "runrc", vtype_int, &runrc },
397 { "self_hostname", vtype_stringptr, &self_hostname },
398 { "sender_address", vtype_stringptr, &sender_address },
399 { "sender_address_data", vtype_stringptr, &sender_address_data },
400 { "sender_address_domain", vtype_domain, &sender_address },
401 { "sender_address_local_part", vtype_localpart, &sender_address },
402 { "sender_data", vtype_stringptr, &sender_data },
403 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
404 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
405 { "sender_host_address", vtype_stringptr, &sender_host_address },
406 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
407 { "sender_host_name", vtype_host_lookup, NULL },
408 { "sender_host_port", vtype_int, &sender_host_port },
409 { "sender_ident", vtype_stringptr, &sender_ident },
410 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
411 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
412 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
413 { "sn0", vtype_filter_int, &filter_sn[0] },
414 { "sn1", vtype_filter_int, &filter_sn[1] },
415 { "sn2", vtype_filter_int, &filter_sn[2] },
416 { "sn3", vtype_filter_int, &filter_sn[3] },
417 { "sn4", vtype_filter_int, &filter_sn[4] },
418 { "sn5", vtype_filter_int, &filter_sn[5] },
419 { "sn6", vtype_filter_int, &filter_sn[6] },
420 { "sn7", vtype_filter_int, &filter_sn[7] },
421 { "sn8", vtype_filter_int, &filter_sn[8] },
422 { "sn9", vtype_filter_int, &filter_sn[9] },
423 { "spool_directory", vtype_stringptr, &spool_directory },
424 { "thisaddress", vtype_stringptr, &filter_thisaddress },
425 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
426 { "tls_cipher", vtype_stringptr, &tls_cipher },
427 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
428 { "tod_bsdinbox", vtype_todbsdin, NULL },
429 { "tod_epoch", vtype_tode, NULL },
430 { "tod_full", vtype_todf, NULL },
431 { "tod_log", vtype_todl, NULL },
432 { "tod_logfile", vtype_todlf, NULL },
433 { "tod_zone", vtype_todzone, NULL },
434 { "tod_zulu", vtype_todzulu, NULL },
435 { "value", vtype_stringptr, &lookup_value },
436 { "version_number", vtype_stringptr, &version_string },
437 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
438 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
439 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
440 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
441 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
442 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
443 };
444
445 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
446 static uschar var_buffer[256];
447 static BOOL malformed_header;
448
449 /* For textual hashes */
450
451 static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
452 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
453 "0123456789";
454
455 enum { HMAC_MD5, HMAC_SHA1 };
456
457 /* For numeric hashes */
458
459 static unsigned int prime[] = {
460 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
461 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
462 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
463
464 /* For printing modes in symbolic form */
465
466 static uschar *mtable_normal[] =
467 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
468
469 static uschar *mtable_setid[] =
470 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
471
472 static uschar *mtable_sticky[] =
473 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
474
475
476
477 /*************************************************
478 * Tables for UTF-8 support *
479 *************************************************/
480
481 /* Table of the number of extra characters, indexed by the first character
482 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
483 0x3d. */
484
485 static uschar utf8_table1[] = {
486 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
487 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
488 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
489 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
490
491 /* These are the masks for the data bits in the first byte of a character,
492 indexed by the number of additional bytes. */
493
494 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
495
496 /* Get the next UTF-8 character, advancing the pointer. */
497
498 #define GETUTF8INC(c, ptr) \
499 c = *ptr++; \
500 if ((c & 0xc0) == 0xc0) \
501 { \
502 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
503 int s = 6*a; \
504 c = (c & utf8_table2[a]) << s; \
505 while (a-- > 0) \
506 { \
507 s -= 6; \
508 c |= (*ptr++ & 0x3f) << s; \
509 } \
510 }
511
512
513 /*************************************************
514 * Binary chop search on a table *
515 *************************************************/
516
517 /* This is used for matching expansion items and operators.
518
519 Arguments:
520 name the name that is being sought
521 table the table to search
522 table_size the number of items in the table
523
524 Returns: the offset in the table, or -1
525 */
526
527 static int
528 chop_match(uschar *name, uschar **table, int table_size)
529 {
530 uschar **bot = table;
531 uschar **top = table + table_size;
532
533 while (top > bot)
534 {
535 uschar **mid = bot + (top - bot)/2;
536 int c = Ustrcmp(name, *mid);
537 if (c == 0) return mid - table;
538 if (c > 0) bot = mid + 1; else top = mid;
539 }
540
541 return -1;
542 }
543
544
545
546 /*************************************************
547 * Check a condition string *
548 *************************************************/
549
550 /* This function is called to expand a string, and test the result for a "true"
551 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
552 forced fail or lookup defer. All store used by the function can be released on
553 exit.
554
555 Arguments:
556 condition the condition string
557 m1 text to be incorporated in panic error
558 m2 ditto
559
560 Returns: TRUE if condition is met, FALSE if not
561 */
562
563 BOOL
564 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
565 {
566 int rc;
567 void *reset_point = store_get(0);
568 uschar *ss = expand_string(condition);
569 if (ss == NULL)
570 {
571 if (!expand_string_forcedfail && !search_find_defer)
572 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
573 "for %s %s: %s", condition, m1, m2, expand_string_message);
574 return FALSE;
575 }
576 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
577 strcmpic(ss, US"false") != 0;
578 store_reset(reset_point);
579 return rc;
580 }
581
582
583
584 /*************************************************
585 * Pick out a name from a string *
586 *************************************************/
587
588 /* If the name is too long, it is silently truncated.
589
590 Arguments:
591 name points to a buffer into which to put the name
592 max is the length of the buffer
593 s points to the first alphabetic character of the name
594 extras chars other than alphanumerics to permit
595
596 Returns: pointer to the first character after the name
597
598 Note: The test for *s != 0 in the while loop is necessary because
599 Ustrchr() yields non-NULL if the character is zero (which is not something
600 I expected). */
601
602 static uschar *
603 read_name(uschar *name, int max, uschar *s, uschar *extras)
604 {
605 int ptr = 0;
606 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
607 {
608 if (ptr < max-1) name[ptr++] = *s;
609 s++;
610 }
611 name[ptr] = 0;
612 return s;
613 }
614
615
616
617 /*************************************************
618 * Pick out the rest of a header name *
619 *************************************************/
620
621 /* A variable name starting $header_ (or just $h_ for those who like
622 abbreviations) might not be the complete header name because headers can
623 contain any printing characters in their names, except ':'. This function is
624 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
625 on the end, if the name was terminated by white space.
626
627 Arguments:
628 name points to a buffer in which the name read so far exists
629 max is the length of the buffer
630 s points to the first character after the name so far, i.e. the
631 first non-alphameric character after $header_xxxxx
632
633 Returns: a pointer to the first character after the header name
634 */
635
636 static uschar *
637 read_header_name(uschar *name, int max, uschar *s)
638 {
639 int prelen = Ustrchr(name, '_') - name + 1;
640 int ptr = Ustrlen(name) - prelen;
641 if (ptr > 0) memmove(name, name+prelen, ptr);
642 while (mac_isgraph(*s) && *s != ':')
643 {
644 if (ptr < max-1) name[ptr++] = *s;
645 s++;
646 }
647 if (*s == ':') s++;
648 name[ptr++] = ':';
649 name[ptr] = 0;
650 return s;
651 }
652
653
654
655 /*************************************************
656 * Pick out a number from a string *
657 *************************************************/
658
659 /* Arguments:
660 n points to an integer into which to put the number
661 s points to the first digit of the number
662
663 Returns: a pointer to the character after the last digit
664 */
665
666 static uschar *
667 read_number(int *n, uschar *s)
668 {
669 *n = 0;
670 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
671 return s;
672 }
673
674
675
676 /*************************************************
677 * Extract keyed subfield from a string *
678 *************************************************/
679
680 /* The yield is in dynamic store; NULL means that the key was not found.
681
682 Arguments:
683 key points to the name of the key
684 s points to the string from which to extract the subfield
685
686 Returns: NULL if the subfield was not found, or
687 a pointer to the subfield's data
688 */
689
690 static uschar *
691 expand_getkeyed(uschar *key, uschar *s)
692 {
693 int length = Ustrlen(key);
694 while (isspace(*s)) s++;
695
696 /* Loop to search for the key */
697
698 while (*s != 0)
699 {
700 int dkeylength;
701 uschar *data;
702 uschar *dkey = s;
703
704 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
705 dkeylength = s - dkey;
706 while (isspace(*s)) s++;
707 if (*s == '=') while (isspace((*(++s))));
708
709 data = string_dequote(&s);
710 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
711 return data;
712
713 while (isspace(*s)) s++;
714 }
715
716 return NULL;
717 }
718
719
720
721
722 /*************************************************
723 * Extract numbered subfield from string *
724 *************************************************/
725
726 /* Extracts a numbered field from a string that is divided by tokens - for
727 example a line from /etc/passwd is divided by colon characters. First field is
728 numbered one. Negative arguments count from the right. Zero returns the whole
729 string. Returns NULL if there are insufficient tokens in the string
730
731 ***WARNING***
732 Modifies final argument - this is a dynamically generated string, so that's OK.
733
734 Arguments:
735 field number of field to be extracted,
736 first field = 1, whole string = 0, last field = -1
737 separators characters that are used to break string into tokens
738 s points to the string from which to extract the subfield
739
740 Returns: NULL if the field was not found,
741 a pointer to the field's data inside s (modified to add 0)
742 */
743
744 static uschar *
745 expand_gettokened (int field, uschar *separators, uschar *s)
746 {
747 int sep = 1;
748 int count;
749 uschar *ss = s;
750 uschar *fieldtext = NULL;
751
752 if (field == 0) return s;
753
754 /* Break the line up into fields in place; for field > 0 we stop when we have
755 done the number of fields we want. For field < 0 we continue till the end of
756 the string, counting the number of fields. */
757
758 count = (field > 0)? field : INT_MAX;
759
760 while (count-- > 0)
761 {
762 size_t len;
763
764 /* Previous field was the last one in the string. For a positive field
765 number, this means there are not enough fields. For a negative field number,
766 check that there are enough, and scan back to find the one that is wanted. */
767
768 if (sep == 0)
769 {
770 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
771 if ((-field) == (INT_MAX - count - 1)) return s;
772 while (field++ < 0)
773 {
774 ss--;
775 while (ss[-1] != 0) ss--;
776 }
777 fieldtext = ss;
778 break;
779 }
780
781 /* Previous field was not last in the string; save its start and put a
782 zero at its end. */
783
784 fieldtext = ss;
785 len = Ustrcspn(ss, separators);
786 sep = ss[len];
787 ss[len] = 0;
788 ss += len + 1;
789 }
790
791 return fieldtext;
792 }
793
794
795
796 /*************************************************
797 * Extract a substring from a string *
798 *************************************************/
799
800 /* Perform the ${substr or ${length expansion operations.
801
802 Arguments:
803 subject the input string
804 value1 the offset from the start of the input string to the start of
805 the output string; if negative, count from the right.
806 value2 the length of the output string, or negative (-1) for unset
807 if value1 is positive, unset means "all after"
808 if value1 is negative, unset means "all before"
809 len set to the length of the returned string
810
811 Returns: pointer to the output string, or NULL if there is an error
812 */
813
814 static uschar *
815 extract_substr(uschar *subject, int value1, int value2, int *len)
816 {
817 int sublen = Ustrlen(subject);
818
819 if (value1 < 0) /* count from right */
820 {
821 value1 += sublen;
822
823 /* If the position is before the start, skip to the start, and adjust the
824 length. If the length ends up negative, the substring is null because nothing
825 can precede. This falls out naturally when the length is unset, meaning "all
826 to the left". */
827
828 if (value1 < 0)
829 {
830 value2 += value1;
831 if (value2 < 0) value2 = 0;
832 value1 = 0;
833 }
834
835 /* Otherwise an unset length => characters before value1 */
836
837 else if (value2 < 0)
838 {
839 value2 = value1;
840 value1 = 0;
841 }
842 }
843
844 /* For a non-negative offset, if the starting position is past the end of the
845 string, the result will be the null string. Otherwise, an unset length means
846 "rest"; just set it to the maximum - it will be cut down below if necessary. */
847
848 else
849 {
850 if (value1 > sublen)
851 {
852 value1 = sublen;
853 value2 = 0;
854 }
855 else if (value2 < 0) value2 = sublen;
856 }
857
858 /* Cut the length down to the maximum possible for the offset value, and get
859 the required characters. */
860
861 if (value1 + value2 > sublen) value2 = sublen - value1;
862 *len = value2;
863 return subject + value1;
864 }
865
866
867
868
869 /*************************************************
870 * Old-style hash of a string *
871 *************************************************/
872
873 /* Perform the ${hash expansion operation.
874
875 Arguments:
876 subject the input string (an expanded substring)
877 value1 the length of the output string; if greater or equal to the
878 length of the input string, the input string is returned
879 value2 the number of hash characters to use, or 26 if negative
880 len set to the length of the returned string
881
882 Returns: pointer to the output string, or NULL if there is an error
883 */
884
885 static uschar *
886 compute_hash(uschar *subject, int value1, int value2, int *len)
887 {
888 int sublen = Ustrlen(subject);
889
890 if (value2 < 0) value2 = 26;
891 else if (value2 > Ustrlen(hashcodes))
892 {
893 expand_string_message =
894 string_sprintf("hash count \"%d\" too big", value2);
895 return NULL;
896 }
897
898 /* Calculate the hash text. We know it is shorter than the original string, so
899 can safely place it in subject[] (we know that subject is always itself an
900 expanded substring). */
901
902 if (value1 < sublen)
903 {
904 int c;
905 int i = 0;
906 int j = value1;
907 while ((c = (subject[j])) != 0)
908 {
909 int shift = (c + j++) & 7;
910 subject[i] ^= (c << shift) | (c >> (8-shift));
911 if (++i >= value1) i = 0;
912 }
913 for (i = 0; i < value1; i++)
914 subject[i] = hashcodes[(subject[i]) % value2];
915 }
916 else value1 = sublen;
917
918 *len = value1;
919 return subject;
920 }
921
922
923
924
925 /*************************************************
926 * Numeric hash of a string *
927 *************************************************/
928
929 /* Perform the ${nhash expansion operation. The first characters of the
930 string are treated as most important, and get the highest prime numbers.
931
932 Arguments:
933 subject the input string
934 value1 the maximum value of the first part of the result
935 value2 the maximum value of the second part of the result,
936 or negative to produce only a one-part result
937 len set to the length of the returned string
938
939 Returns: pointer to the output string, or NULL if there is an error.
940 */
941
942 static uschar *
943 compute_nhash (uschar *subject, int value1, int value2, int *len)
944 {
945 uschar *s = subject;
946 int i = 0;
947 unsigned long int total = 0; /* no overflow */
948
949 while (*s != 0)
950 {
951 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
952 total += prime[i--] * (unsigned int)(*s++);
953 }
954
955 /* If value2 is unset, just compute one number */
956
957 if (value2 < 0)
958 {
959 s = string_sprintf("%d", total % value1);
960 }
961
962 /* Otherwise do a div/mod hash */
963
964 else
965 {
966 total = total % (value1 * value2);
967 s = string_sprintf("%d/%d", total/value2, total % value2);
968 }
969
970 *len = Ustrlen(s);
971 return s;
972 }
973
974
975
976
977
978 /*************************************************
979 * Find the value of a header or headers *
980 *************************************************/
981
982 /* Multiple instances of the same header get concatenated, and this function
983 can also return a concatenation of all the header lines. When concatenating
984 specific headers that contain lists of addresses, a comma is inserted between
985 them. Otherwise we use a straight concatenation. Because some messages can have
986 pathologically large number of lines, there is a limit on the length that is
987 returned. Also, to avoid massive store use which would result from using
988 string_cat() as it copies and extends strings, we do a preliminary pass to find
989 out exactly how much store will be needed. On "normal" messages this will be
990 pretty trivial.
991
992 Arguments:
993 name the name of the header, without the leading $header_ or $h_,
994 or NULL if a concatenation of all headers is required
995 exists_only TRUE if called from a def: test; don't need to build a string;
996 just return a string that is not "" and not "0" if the header
997 exists
998 newsize return the size of memory block that was obtained; may be NULL
999 if exists_only is TRUE
1000 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1001 other than concatenating, will be done on the header
1002 charset name of charset to translate MIME words to; used only if
1003 want_raw is false; if NULL, no translation is done (this is
1004 used for $bh_ and $bheader_)
1005
1006 Returns: NULL if the header does not exist, else a pointer to a new
1007 store block
1008 */
1009
1010 static uschar *
1011 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1012 uschar *charset)
1013 {
1014 BOOL found = name == NULL;
1015 int comma = 0;
1016 int len = found? 0 : Ustrlen(name);
1017 int i;
1018 uschar *yield = NULL;
1019 uschar *ptr = NULL;
1020
1021 /* Loop for two passes - saves code repetition */
1022
1023 for (i = 0; i < 2; i++)
1024 {
1025 int size = 0;
1026 header_line *h;
1027
1028 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1029 {
1030 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1031 {
1032 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1033 {
1034 int ilen;
1035 uschar *t;
1036
1037 if (exists_only) return US"1"; /* don't need actual string */
1038 found = TRUE;
1039 t = h->text + len; /* text to insert */
1040 if (!want_raw) /* unless wanted raw, */
1041 while (isspace(*t)) t++; /* remove leading white space */
1042 ilen = h->slen - (t - h->text); /* length to insert */
1043
1044 /* Set comma = 1 if handling a single header and it's one of those
1045 that contains an address list, except when asked for raw headers. Only
1046 need to do this once. */
1047
1048 if (!want_raw && name != NULL && comma == 0 &&
1049 Ustrchr("BCFRST", h->type) != NULL)
1050 comma = 1;
1051
1052 /* First pass - compute total store needed; second pass - compute
1053 total store used, including this header. */
1054
1055 size += ilen + comma;
1056
1057 /* Second pass - concatentate the data, up to a maximum. Note that
1058 the loop stops when size hits the limit. */
1059
1060 if (i != 0)
1061 {
1062 if (size > header_insert_maxlen)
1063 {
1064 ilen -= size - header_insert_maxlen;
1065 comma = 0;
1066 }
1067 Ustrncpy(ptr, t, ilen);
1068 ptr += ilen;
1069 if (comma != 0 && ilen > 0)
1070 {
1071 ptr[-1] = ',';
1072 *ptr++ = '\n';
1073 }
1074 }
1075 }
1076 }
1077 }
1078
1079 /* At end of first pass, truncate size if necessary, and get the buffer
1080 to hold the data, returning the buffer size. */
1081
1082 if (i == 0)
1083 {
1084 if (!found) return NULL;
1085 if (size > header_insert_maxlen) size = header_insert_maxlen;
1086 *newsize = size + 1;
1087 ptr = yield = store_get(*newsize);
1088 }
1089 }
1090
1091 /* Remove a redundant added comma if present */
1092
1093 if (comma != 0 && ptr > yield) ptr -= 2;
1094
1095 /* That's all we do for raw header expansion. */
1096
1097 if (want_raw)
1098 {
1099 *ptr = 0;
1100 }
1101
1102 /* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
1103 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1104 function can return an error with decoded data if the charset translation
1105 fails. If decoding fails, it returns NULL. */
1106
1107 else
1108 {
1109 uschar *decoded, *error;
1110 while (ptr > yield && isspace(ptr[-1])) ptr--;
1111 *ptr = 0;
1112 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1113 if (error != NULL)
1114 {
1115 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1116 " input was: %s\n", error, yield);
1117 }
1118 if (decoded != NULL) yield = decoded;
1119 }
1120
1121 return yield;
1122 }
1123
1124
1125
1126
1127 /*************************************************
1128 * Find value of a variable *
1129 *************************************************/
1130
1131 /* The table of variables is kept in alphabetic order, so we can search it
1132 using a binary chop. The "choplen" variable is nothing to do with the binary
1133 chop.
1134
1135 Arguments:
1136 name the name of the variable being sought
1137 exists_only TRUE if this is a def: test; passed on to find_header()
1138 skipping TRUE => skip any processing evaluation; this is not the same as
1139 exists_only because def: may test for values that are first
1140 evaluated here
1141 newsize pointer to an int which is initially zero; if the answer is in
1142 a new memory buffer, *newsize is set to its size
1143
1144 Returns: NULL if the variable does not exist, or
1145 a pointer to the variable's contents, or
1146 something non-NULL if exists_only is TRUE
1147 */
1148
1149 static uschar *
1150 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1151 {
1152 int first = 0;
1153 int last = var_table_size;
1154
1155 while (last > first)
1156 {
1157 uschar *s, *domain;
1158 uschar **ss;
1159 int middle = (first + last)/2;
1160 int c = Ustrcmp(name, var_table[middle].name);
1161
1162 if (c > 0) { first = middle + 1; continue; }
1163 if (c < 0) { last = middle; continue; }
1164
1165 /* Found an existing variable. If in skipping state, the value isn't needed,
1166 and we want to avoid processing (such as looking up up the host name). */
1167
1168 if (skipping) return US"";
1169
1170 switch (var_table[middle].type)
1171 {
1172 case vtype_filter_int:
1173 if (!filter_running) return NULL;
1174 /* Fall through */
1175
1176 case vtype_int:
1177 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1178 return var_buffer;
1179
1180 case vtype_ino:
1181 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1182 return var_buffer;
1183
1184 case vtype_gid:
1185 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1186 return var_buffer;
1187
1188 case vtype_uid:
1189 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1190 return var_buffer;
1191
1192 case vtype_stringptr: /* Pointer to string */
1193 s = *((uschar **)(var_table[middle].value));
1194 return (s == NULL)? US"" : s;
1195
1196 case vtype_pid:
1197 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1198 return var_buffer;
1199
1200 case vtype_load_avg:
1201 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1202 return var_buffer;
1203
1204 case vtype_host_lookup: /* Lookup if not done so */
1205 if (sender_host_name == NULL && sender_host_address != NULL &&
1206 !host_lookup_failed && host_name_lookup() == OK)
1207 host_build_sender_fullhost();
1208 return (sender_host_name == NULL)? US"" : sender_host_name;
1209
1210 case vtype_localpart: /* Get local part from address */
1211 s = *((uschar **)(var_table[middle].value));
1212 if (s == NULL) return US"";
1213 domain = Ustrrchr(s, '@');
1214 if (domain == NULL) return s;
1215 if (domain - s > sizeof(var_buffer) - 1)
1216 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1217 "string expansion", sizeof(var_buffer));
1218 Ustrncpy(var_buffer, s, domain - s);
1219 var_buffer[domain - s] = 0;
1220 return var_buffer;
1221
1222 case vtype_domain: /* Get domain from address */
1223 s = *((uschar **)(var_table[middle].value));
1224 if (s == NULL) return US"";
1225 domain = Ustrrchr(s, '@');
1226 return (domain == NULL)? US"" : domain + 1;
1227
1228 case vtype_msgheaders:
1229 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1230
1231 case vtype_msgbody: /* Pointer to msgbody string */
1232 case vtype_msgbody_end: /* Ditto, the end of the msg */
1233 ss = (uschar **)(var_table[middle].value);
1234 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1235 {
1236 uschar *body;
1237 int start_offset = SPOOL_DATA_START_OFFSET;
1238 int len = message_body_visible;
1239 if (len > message_size) len = message_size;
1240 *ss = body = store_malloc(len+1);
1241 body[0] = 0;
1242 if (var_table[middle].type == vtype_msgbody_end)
1243 {
1244 struct stat statbuf;
1245 if (fstat(deliver_datafile, &statbuf) == 0)
1246 {
1247 start_offset = statbuf.st_size - len;
1248 if (start_offset < SPOOL_DATA_START_OFFSET)
1249 start_offset = SPOOL_DATA_START_OFFSET;
1250 }
1251 }
1252 lseek(deliver_datafile, start_offset, SEEK_SET);
1253 len = read(deliver_datafile, body, len);
1254 if (len > 0)
1255 {
1256 body[len] = 0;
1257 while (len > 0)
1258 {
1259 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1260 }
1261 }
1262 }
1263 return (*ss == NULL)? US"" : *ss;
1264
1265 case vtype_todbsdin: /* BSD inbox time of day */
1266 return tod_stamp(tod_bsdin);
1267
1268 case vtype_tode: /* Unix epoch time of day */
1269 return tod_stamp(tod_epoch);
1270
1271 case vtype_todf: /* Full time of day */
1272 return tod_stamp(tod_full);
1273
1274 case vtype_todl: /* Log format time of day */
1275 return tod_stamp(tod_log_bare); /* (without timezone) */
1276
1277 case vtype_todzone: /* Time zone offset only */
1278 return tod_stamp(tod_zone);
1279
1280 case vtype_todzulu: /* Zulu time */
1281 return tod_stamp(tod_zulu);
1282
1283 case vtype_todlf: /* Log file datestamp tod */
1284 return tod_stamp(tod_log_datestamp);
1285
1286 case vtype_reply: /* Get reply address */
1287 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1288 headers_charset);
1289 if (s == NULL || *s == 0)
1290 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1291 return (s == NULL)? US"" : s;
1292
1293 /* A recipients list is available only during system message filtering,
1294 during ACL processing after DATA, and while expanding pipe commands
1295 generated from a system filter, but not elsewhere. */
1296
1297 case vtype_recipients:
1298 if (!enable_dollar_recipients) return NULL; else
1299 {
1300 int size = 128;
1301 int ptr = 0;
1302 int i;
1303 s = store_get(size);
1304 for (i = 0; i < recipients_count; i++)
1305 {
1306 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1307 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1308 Ustrlen(recipients_list[i].address));
1309 }
1310 s[ptr] = 0; /* string_cat() leaves room */
1311 }
1312 return s;
1313 }
1314 }
1315
1316 return NULL; /* Unknown variable name */
1317 }
1318
1319
1320
1321
1322 /*************************************************
1323 * Read and expand substrings *
1324 *************************************************/
1325
1326 /* This function is called to read and expand argument substrings for various
1327 expansion items. Some have a minimum requirement that is less than the maximum;
1328 in these cases, the first non-present one is set to NULL.
1329
1330 Arguments:
1331 sub points to vector of pointers to set
1332 n maximum number of substrings
1333 m minimum required
1334 sptr points to current string pointer
1335 skipping the skipping flag
1336 check_end if TRUE, check for final '}'
1337 name name of item, for error message
1338
1339 Returns: 0 OK; string pointer updated
1340 1 curly bracketing error (too few arguments)
1341 2 too many arguments (only if check_end is set); message set
1342 3 other error (expansion failure)
1343 */
1344
1345 static int
1346 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1347 BOOL check_end, uschar *name)
1348 {
1349 int i;
1350 uschar *s = *sptr;
1351
1352 while (isspace(*s)) s++;
1353 for (i = 0; i < n; i++)
1354 {
1355 if (*s != '{')
1356 {
1357 if (i < m) return 1;
1358 sub[i] = NULL;
1359 break;
1360 }
1361 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1362 if (sub[i] == NULL) return 3;
1363 if (*s++ != '}') return 1;
1364 while (isspace(*s)) s++;
1365 }
1366 if (check_end && *s++ != '}')
1367 {
1368 if (s[-1] == '{')
1369 {
1370 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1371 "(max is %d)", name, n);
1372 return 2;
1373 }
1374 return 1;
1375 }
1376
1377 *sptr = s;
1378 return 0;
1379 }
1380
1381
1382
1383
1384 /*************************************************
1385 * Read and evaluate a condition *
1386 *************************************************/
1387
1388 /*
1389 Arguments:
1390 s points to the start of the condition text
1391 yield points to a BOOL to hold the result of the condition test;
1392 if NULL, we are just reading through a condition that is
1393 part of an "or" combination to check syntax, or in a state
1394 where the answer isn't required
1395
1396 Returns: a pointer to the first character after the condition, or
1397 NULL after an error
1398 */
1399
1400 static uschar *
1401 eval_condition(uschar *s, BOOL *yield)
1402 {
1403 BOOL testfor = TRUE;
1404 BOOL tempcond, combined_cond;
1405 BOOL *subcondptr;
1406 int i, rc, cond_type, roffset;
1407 int num[2];
1408 struct stat statbuf;
1409 uschar name[256];
1410 uschar *sub[4];
1411
1412 const pcre *re;
1413 const uschar *rerror;
1414
1415 for (;;)
1416 {
1417 while (isspace(*s)) s++;
1418 if (*s == '!') { testfor = !testfor; s++; } else break;
1419 }
1420
1421 /* Numeric comparisons are symbolic */
1422
1423 if (*s == '=' || *s == '>' || *s == '<')
1424 {
1425 int p = 0;
1426 name[p++] = *s++;
1427 if (*s == '=')
1428 {
1429 name[p++] = '=';
1430 s++;
1431 }
1432 name[p] = 0;
1433 }
1434
1435 /* All other conditions are named */
1436
1437 else s = read_name(name, 256, s, US"_");
1438
1439 /* If we haven't read a name, it means some non-alpha character is first. */
1440
1441 if (name[0] == 0)
1442 {
1443 expand_string_message = string_sprintf("condition name expected, "
1444 "but found \"%.16s\"", s);
1445 return NULL;
1446 }
1447
1448 /* Find which condition we are dealing with, and switch on it */
1449
1450 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1451 switch(cond_type)
1452 {
1453 /* def: tests for a non-zero or non-NULL variable, or for an existing
1454 header */
1455
1456 case ECOND_DEF:
1457 if (*s != ':')
1458 {
1459 expand_string_message = US"\":\" expected after \"def\"";
1460 return NULL;
1461 }
1462
1463 s = read_name(name, 256, s+1, US"_");
1464
1465 /* Test for a header's existence */
1466
1467 if (Ustrncmp(name, "h_", 2) == 0 ||
1468 Ustrncmp(name, "rh_", 3) == 0 ||
1469 Ustrncmp(name, "bh_", 3) == 0 ||
1470 Ustrncmp(name, "header_", 7) == 0 ||
1471 Ustrncmp(name, "rheader_", 8) == 0 ||
1472 Ustrncmp(name, "bheader_", 8) == 0)
1473 {
1474 s = read_header_name(name, 256, s);
1475 if (yield != NULL) *yield =
1476 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1477 }
1478
1479 /* Test for a variable's having a non-empty value. If yield == NULL we
1480 are in a skipping state, and don't care about the answer. */
1481
1482 else
1483 {
1484 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1485 if (value == NULL)
1486 {
1487 expand_string_message = (name[0] == 0)?
1488 string_sprintf("variable name omitted after \"def:\"") :
1489 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1490 return NULL;
1491 }
1492 if (yield != NULL)
1493 *yield = (value[0] != 0 && Ustrcmp(value, "0") != 0) == testfor;
1494 }
1495
1496 return s;
1497
1498
1499 /* first_delivery tests for first delivery attempt */
1500
1501 case ECOND_FIRST_DELIVERY:
1502 if (yield != NULL) *yield = deliver_firsttime == testfor;
1503 return s;
1504
1505
1506 /* queue_running tests for any process started by a queue runner */
1507
1508 case ECOND_QUEUE_RUNNING:
1509 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1510 return s;
1511
1512
1513 /* exists: tests for file existence
1514 isip: tests for any IP address
1515 isip4: tests for an IPv4 address
1516 isip6: tests for an IPv6 address
1517 pam: does PAM authentication
1518 radius: does RADIUS authentication
1519 ldapauth: does LDAP authentication
1520 pwcheck: does Cyrus SASL pwcheck authentication
1521 */
1522
1523 case ECOND_EXISTS:
1524 case ECOND_ISIP:
1525 case ECOND_ISIP4:
1526 case ECOND_ISIP6:
1527 case ECOND_PAM:
1528 case ECOND_RADIUS:
1529 case ECOND_LDAPAUTH:
1530 case ECOND_PWCHECK:
1531
1532 while (isspace(*s)) s++;
1533 if (*s != '{') goto COND_FAILED_CURLY_START;
1534
1535 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1536 if (sub[0] == NULL) return NULL;
1537 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1538
1539 if (yield == NULL) return s; /* No need to run the test if skipping */
1540
1541 switch(cond_type)
1542 {
1543 case ECOND_EXISTS:
1544 if ((expand_forbid & RDO_EXISTS) != 0)
1545 {
1546 expand_string_message = US"File existence tests are not permitted";
1547 return NULL;
1548 }
1549 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1550 break;
1551
1552 case ECOND_ISIP:
1553 case ECOND_ISIP4:
1554 case ECOND_ISIP6:
1555 rc = string_is_ip_address(sub[0], NULL);
1556 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1557 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1558 break;
1559
1560 /* Various authentication tests - all optionally compiled */
1561
1562 case ECOND_PAM:
1563 #ifdef SUPPORT_PAM
1564 rc = auth_call_pam(sub[0], &expand_string_message);
1565 goto END_AUTH;
1566 #else
1567 goto COND_FAILED_NOT_COMPILED;
1568 #endif /* SUPPORT_PAM */
1569
1570 case ECOND_RADIUS:
1571 #ifdef RADIUS_CONFIG_FILE
1572 rc = auth_call_radius(sub[0], &expand_string_message);
1573 goto END_AUTH;
1574 #else
1575 goto COND_FAILED_NOT_COMPILED;
1576 #endif /* RADIUS_CONFIG_FILE */
1577
1578 case ECOND_LDAPAUTH:
1579 #ifdef LOOKUP_LDAP
1580 {
1581 /* Just to keep the interface the same */
1582 BOOL do_cache;
1583 int old_pool = store_pool;
1584 store_pool = POOL_SEARCH;
1585 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1586 &expand_string_message, &do_cache);
1587 store_pool = old_pool;
1588 }
1589 goto END_AUTH;
1590 #else
1591 goto COND_FAILED_NOT_COMPILED;
1592 #endif /* LOOKUP_LDAP */
1593
1594 case ECOND_PWCHECK:
1595 #ifdef CYRUS_PWCHECK_SOCKET
1596 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1597 goto END_AUTH;
1598 #else
1599 goto COND_FAILED_NOT_COMPILED;
1600 #endif /* CYRUS_PWCHECK_SOCKET */
1601
1602 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1603 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1604 END_AUTH:
1605 if (rc == ERROR || rc == DEFER) return NULL;
1606 *yield = (rc == OK) == testfor;
1607 #endif
1608 }
1609 return s;
1610
1611
1612 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1613
1614 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1615
1616 However, the last two are optional. That is why the whole set is enclosed
1617 in their own set or braces. */
1618
1619 case ECOND_SASLAUTHD:
1620 #ifndef CYRUS_SASLAUTHD_SOCKET
1621 goto COND_FAILED_NOT_COMPILED;
1622 #else
1623 while (isspace(*s)) s++;
1624 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1625 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1626 {
1627 case 1: expand_string_message = US"too few arguments or bracketing "
1628 "error for saslauthd";
1629 case 2:
1630 case 3: return NULL;
1631 }
1632 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1633 if (yield != NULL)
1634 {
1635 int rc;
1636 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1637 &expand_string_message);
1638 if (rc == ERROR || rc == DEFER) return NULL;
1639 *yield = (rc == OK) == testfor;
1640 }
1641 return s;
1642 #endif /* CYRUS_SASLAUTHD_SOCKET */
1643
1644
1645 /* symbolic operators for numeric and string comparison, and a number of
1646 other operators, all requiring two arguments.
1647
1648 match: does a regular expression match and sets up the numerical
1649 variables if it succeeds
1650 match_address: matches in an address list
1651 match_domain: matches in a domain list
1652 match_local_part: matches in a local part list
1653 crypteq: encrypts plaintext and compares against an encrypted text,
1654 using crypt(), crypt16(), MD5 or SHA-1
1655 */
1656
1657 case ECOND_MATCH:
1658 case ECOND_MATCH_ADDRESS:
1659 case ECOND_MATCH_DOMAIN:
1660 case ECOND_MATCH_LOCAL_PART:
1661 case ECOND_CRYPTEQ:
1662
1663 case ECOND_NUM_L: /* Numerical comparisons */
1664 case ECOND_NUM_LE:
1665 case ECOND_NUM_E:
1666 case ECOND_NUM_EE:
1667 case ECOND_NUM_G:
1668 case ECOND_NUM_GE:
1669
1670 case ECOND_STR_LT: /* String comparisons */
1671 case ECOND_STR_LTI:
1672 case ECOND_STR_LE:
1673 case ECOND_STR_LEI:
1674 case ECOND_STR_EQ:
1675 case ECOND_STR_EQI:
1676 case ECOND_STR_GT:
1677 case ECOND_STR_GTI:
1678 case ECOND_STR_GE:
1679 case ECOND_STR_GEI:
1680
1681 for (i = 0; i < 2; i++)
1682 {
1683 while (isspace(*s)) s++;
1684 if (*s != '{')
1685 {
1686 if (i == 0) goto COND_FAILED_CURLY_START;
1687 expand_string_message = string_sprintf("missing 2nd string in {} "
1688 "after \"%s\"", name);
1689 return NULL;
1690 }
1691 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1692 if (sub[i] == NULL) return NULL;
1693 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1694
1695 /* Convert to numerical if required; we know that the names of all the
1696 conditions that compare numbers do not start with a letter. This just saves
1697 checking for them individually. */
1698
1699 if (!isalpha(name[0]))
1700 {
1701 uschar *endptr;
1702 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1703 if (tolower(*endptr) == 'k')
1704 {
1705 num[i] *= 1024;
1706 endptr++;
1707 }
1708 else if (tolower(*endptr) == 'm')
1709 {
1710 num[i] *= 1024*1024;
1711 endptr++;
1712 }
1713 while (isspace(*endptr)) endptr++;
1714 if (*endptr != 0)
1715 {
1716 expand_string_message = string_sprintf("\"%s\" is not a number",
1717 sub[i]);
1718 return NULL;
1719 }
1720 }
1721 }
1722
1723 /* Result not required */
1724
1725 if (yield == NULL) return s;
1726
1727 /* Do an appropriate comparison */
1728
1729 switch(cond_type)
1730 {
1731 case ECOND_NUM_E:
1732 case ECOND_NUM_EE:
1733 *yield = (num[0] == num[1]) == testfor;
1734 break;
1735
1736 case ECOND_NUM_G:
1737 *yield = (num[0] > num[1]) == testfor;
1738 break;
1739
1740 case ECOND_NUM_GE:
1741 *yield = (num[0] >= num[1]) == testfor;
1742 break;
1743
1744 case ECOND_NUM_L:
1745 *yield = (num[0] < num[1]) == testfor;
1746 break;
1747
1748 case ECOND_NUM_LE:
1749 *yield = (num[0] <= num[1]) == testfor;
1750 break;
1751
1752 case ECOND_STR_LT:
1753 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1754 break;
1755
1756 case ECOND_STR_LTI:
1757 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1758 break;
1759
1760 case ECOND_STR_LE:
1761 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1762 break;
1763
1764 case ECOND_STR_LEI:
1765 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1766 break;
1767
1768 case ECOND_STR_EQ:
1769 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1770 break;
1771
1772 case ECOND_STR_EQI:
1773 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1774 break;
1775
1776 case ECOND_STR_GT:
1777 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1778 break;
1779
1780 case ECOND_STR_GTI:
1781 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1782 break;
1783
1784 case ECOND_STR_GE:
1785 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1786 break;
1787
1788 case ECOND_STR_GEI:
1789 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1790 break;
1791
1792 case ECOND_MATCH: /* Regular expression match */
1793 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1794 NULL);
1795 if (re == NULL)
1796 {
1797 expand_string_message = string_sprintf("regular expression error in "
1798 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1799 return NULL;
1800 }
1801 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1802 break;
1803
1804 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1805 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1806 goto MATCHED_SOMETHING;
1807
1808 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1809 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1810 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1811 goto MATCHED_SOMETHING;
1812
1813 case ECOND_MATCH_LOCAL_PART:
1814 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1815 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1816 /* Fall through */
1817
1818 MATCHED_SOMETHING:
1819 switch(rc)
1820 {
1821 case OK:
1822 *yield = testfor;
1823 break;
1824
1825 case FAIL:
1826 *yield = !testfor;
1827 break;
1828
1829 case DEFER:
1830 expand_string_message = string_sprintf("unable to complete match "
1831 "against \"%s\": %s", sub[1], search_error_message);
1832 return NULL;
1833 }
1834
1835 break;
1836
1837 /* Various "encrypted" comparisons. If the second string starts with
1838 "{" then an encryption type is given. Default to crypt() or crypt16()
1839 (build-time choice). */
1840
1841 case ECOND_CRYPTEQ:
1842 #ifndef SUPPORT_CRYPTEQ
1843 goto COND_FAILED_NOT_COMPILED;
1844 #else
1845 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1846 {
1847 int sublen = Ustrlen(sub[1]+5);
1848 md5 base;
1849 uschar digest[16];
1850
1851 md5_start(&base);
1852 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1853
1854 /* If the length that we are comparing against is 24, the MD5 digest
1855 is expressed as a base64 string. This is the way LDAP does it. However,
1856 some other software uses a straightforward hex representation. We assume
1857 this if the length is 32. Other lengths fail. */
1858
1859 if (sublen == 24)
1860 {
1861 uschar *coded = auth_b64encode((uschar *)digest, 16);
1862 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
1863 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1864 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
1865 }
1866 else if (sublen == 32)
1867 {
1868 int i;
1869 uschar coded[36];
1870 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1871 coded[32] = 0;
1872 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
1873 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1874 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
1875 }
1876 else
1877 {
1878 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
1879 "fail\n crypted=%s\n", sub[1]+5);
1880 *yield = !testfor;
1881 }
1882 }
1883
1884 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
1885 {
1886 int sublen = Ustrlen(sub[1]+6);
1887 sha1 base;
1888 uschar digest[20];
1889
1890 sha1_start(&base);
1891 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1892
1893 /* If the length that we are comparing against is 28, assume the SHA1
1894 digest is expressed as a base64 string. If the length is 40, assume a
1895 straightforward hex representation. Other lengths fail. */
1896
1897 if (sublen == 28)
1898 {
1899 uschar *coded = auth_b64encode((uschar *)digest, 20);
1900 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
1901 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1902 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
1903 }
1904 else if (sublen == 40)
1905 {
1906 int i;
1907 uschar coded[44];
1908 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1909 coded[40] = 0;
1910 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
1911 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1912 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
1913 }
1914 else
1915 {
1916 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
1917 "fail\n crypted=%s\n", sub[1]+6);
1918 *yield = !testfor;
1919 }
1920 }
1921
1922 else /* {crypt} or {crypt16} and non-{ at start */
1923 {
1924 int which = 0;
1925 uschar *coded;
1926
1927 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
1928 {
1929 sub[1] += 7;
1930 which = 1;
1931 }
1932 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
1933 {
1934 sub[1] += 9;
1935 which = 2;
1936 }
1937 else if (sub[1][0] == '{')
1938 {
1939 expand_string_message = string_sprintf("unknown encryption mechanism "
1940 "in \"%s\"", sub[1]);
1941 return NULL;
1942 }
1943
1944 switch(which)
1945 {
1946 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
1947 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
1948 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
1949 }
1950
1951 #define STR(s) # s
1952 #define XSTR(s) STR(s)
1953 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
1954 " subject=%s\n crypted=%s\n",
1955 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
1956 coded, sub[1]);
1957 #undef STR
1958 #undef XSTR
1959
1960 /* If the encrypted string contains fewer than two characters (for the
1961 salt), force failure. Otherwise we get false positives: with an empty
1962 string the yield of crypt() is an empty string! */
1963
1964 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
1965 (Ustrcmp(coded, sub[1]) == 0) == testfor;
1966 }
1967 break;
1968 #endif /* SUPPORT_CRYPTEQ */
1969 } /* Switch for comparison conditions */
1970
1971 return s; /* End of comparison conditions */
1972
1973
1974 /* and/or: computes logical and/or of several conditions */
1975
1976 case ECOND_AND:
1977 case ECOND_OR:
1978 subcondptr = (yield == NULL)? NULL : &tempcond;
1979 combined_cond = (cond_type == ECOND_AND);
1980
1981 while (isspace(*s)) s++;
1982 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1983
1984 for (;;)
1985 {
1986 while (isspace(*s)) s++;
1987 if (*s == '}') break;
1988 if (*s != '{')
1989 {
1990 expand_string_message = string_sprintf("each subcondition "
1991 "inside an \"%s{...}\" condition must be in its own {}", name);
1992 return NULL;
1993 }
1994
1995 s = eval_condition(s+1, subcondptr);
1996 if (s == NULL)
1997 {
1998 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
1999 expand_string_message, name);
2000 return NULL;
2001 }
2002 while (isspace(*s)) s++;
2003
2004 if (*s++ != '}')
2005 {
2006 expand_string_message = string_sprintf("missing } at end of condition "
2007 "inside \"%s\" group", name);
2008 return NULL;
2009 }
2010
2011 if (yield != NULL)
2012 {
2013 if (cond_type == ECOND_AND)
2014 {
2015 combined_cond &= tempcond;
2016 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2017 } /* evaluate any more */
2018 else
2019 {
2020 combined_cond |= tempcond;
2021 if (combined_cond) subcondptr = NULL; /* once true, don't */
2022 } /* evaluate any more */
2023 }
2024 }
2025
2026 if (yield != NULL) *yield = (combined_cond == testfor);
2027 return ++s;
2028
2029
2030 /* Unknown condition */
2031
2032 default:
2033 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2034 return NULL;
2035 } /* End switch on condition type */
2036
2037 /* Missing braces at start and end of data */
2038
2039 COND_FAILED_CURLY_START:
2040 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2041 return NULL;
2042
2043 COND_FAILED_CURLY_END:
2044 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2045 name);
2046 return NULL;
2047
2048 /* A condition requires code that is not compiled */
2049
2050 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2051 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2052 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2053 COND_FAILED_NOT_COMPILED:
2054 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2055 name);
2056 return NULL;
2057 #endif
2058 }
2059
2060
2061
2062
2063 /*************************************************
2064 * Save numerical variables *
2065 *************************************************/
2066
2067 /* This function is called from items such as "if" that want to preserve and
2068 restore the numbered variables.
2069
2070 Arguments:
2071 save_expand_string points to an array of pointers to set
2072 save_expand_nlength points to an array of ints for the lengths
2073
2074 Returns: the value of expand max to save
2075 */
2076
2077 static int
2078 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2079 {
2080 int i;
2081 for (i = 0; i <= expand_nmax; i++)
2082 {
2083 save_expand_nstring[i] = expand_nstring[i];
2084 save_expand_nlength[i] = expand_nlength[i];
2085 }
2086 return expand_nmax;
2087 }
2088
2089
2090
2091 /*************************************************
2092 * Restore numerical variables *
2093 *************************************************/
2094
2095 /* This function restored saved values of numerical strings.
2096
2097 Arguments:
2098 save_expand_nmax the number of strings to restore
2099 save_expand_string points to an array of pointers
2100 save_expand_nlength points to an array of ints
2101
2102 Returns: nothing
2103 */
2104
2105 static void
2106 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2107 int *save_expand_nlength)
2108 {
2109 int i;
2110 expand_nmax = save_expand_nmax;
2111 for (i = 0; i <= expand_nmax; i++)
2112 {
2113 expand_nstring[i] = save_expand_nstring[i];
2114 expand_nlength[i] = save_expand_nlength[i];
2115 }
2116 }
2117
2118
2119
2120
2121
2122 /*************************************************
2123 * Handle yes/no substrings *
2124 *************************************************/
2125
2126 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2127 alternative substrings that depend on whether or not the condition was true,
2128 or the lookup or extraction succeeded. The substrings always have to be
2129 expanded, to check their syntax, but "skipping" is set when the result is not
2130 needed - this avoids unnecessary nested lookups.
2131
2132 Arguments:
2133 skipping TRUE if we were skipping when this item was reached
2134 yes TRUE if the first string is to be used, else use the second
2135 save_lookup a value to put back into lookup_value before the 2nd expansion
2136 sptr points to the input string pointer
2137 yieldptr points to the output string pointer
2138 sizeptr points to the output string size
2139 ptrptr points to the output string pointer
2140 type "lookup" or "if" or "extract" or "run", for error message
2141
2142 Returns: 0 OK; lookup_value has been reset to save_lookup
2143 1 expansion failed
2144 2 expansion failed because of bracketing error
2145 */
2146
2147 static int
2148 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2149 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2150 {
2151 int rc = 0;
2152 uschar *s = *sptr; /* Local value */
2153 uschar *sub1, *sub2;
2154
2155 /* If there are no following strings, we substitute the contents of $value for
2156 lookups and for extractions in the success case. In the fail case, nothing is
2157 substituted. In the case of "if", lack of following strings is an error. */
2158
2159 while (isspace(*s)) s++;
2160 if (*s == '}')
2161 {
2162 if (type[0] == 'i') goto FAILED_CURLY;
2163 if (yes && lookup_value != NULL)
2164 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2165 Ustrlen(lookup_value));
2166 lookup_value = save_lookup;
2167 s++;
2168 goto RETURN;
2169 }
2170
2171 /* Expand the first substring. Forced failures are noticed only if we actually
2172 want this string. Set skipping in the call in the fail case (this will always
2173 be the case if we were already skipping). */
2174
2175 sub1 = expand_string_internal(s+1, TRUE, &s, !yes);
2176 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2177 expand_string_forcedfail = FALSE;
2178 if (*s++ != '}') goto FAILED_CURLY;
2179
2180 /* If we want the first string, add it to the output */
2181
2182 if (yes)
2183 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2184
2185 /* If this is called from a lookup or an extract, we want to restore $value to
2186 what it was at the start of the item, so that it has this value during the
2187 second string expansion. For the call from "if" to this function, save_lookup
2188 is set to lookup_value, so that this statement does nothing. */
2189
2190 lookup_value = save_lookup;
2191
2192 /* There now follows either another substring, or "fail", or nothing. This
2193 time, forced failures are noticed only if we want the second string. We must
2194 set skipping in the nested call if we don't want this string, or if we were
2195 already skipping. */
2196
2197 while (isspace(*s)) s++;
2198 if (*s == '{')
2199 {
2200 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2201 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2202 expand_string_forcedfail = FALSE;
2203 if (*s++ != '}') goto FAILED_CURLY;
2204
2205 /* If we want the second string, add it to the output */
2206
2207 if (!yes)
2208 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2209 }
2210
2211 /* If there is no second string, but the word "fail" is present when the use of
2212 the second string is wanted, set a flag indicating it was a forced failure
2213 rather than a syntactic error. Swallow the terminating } in case this is nested
2214 inside another lookup or if or extract. */
2215
2216 else if (*s != '}')
2217 {
2218 uschar name[256];
2219 s = read_name(name, sizeof(name), s, US"_");
2220 if (Ustrcmp(name, "fail") == 0)
2221 {
2222 if (!yes && !skipping)
2223 {
2224 while (isspace(*s)) s++;
2225 if (*s++ != '}') goto FAILED_CURLY;
2226 expand_string_message =
2227 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2228 expand_string_forcedfail = TRUE;
2229 goto FAILED;
2230 }
2231 }
2232 else
2233 {
2234 expand_string_message =
2235 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2236 goto FAILED;
2237 }
2238 }
2239
2240 /* All we have to do now is to check on the final closing brace. */
2241
2242 while (isspace(*s)) s++;
2243 if (*s++ == '}') goto RETURN;
2244
2245 /* Get here if there is a bracketing failure */
2246
2247 FAILED_CURLY:
2248 rc++;
2249
2250 /* Get here for other failures */
2251
2252 FAILED:
2253 rc++;
2254
2255 /* Update the input pointer value before returning */
2256
2257 RETURN:
2258 *sptr = s;
2259 return rc;
2260 }
2261
2262
2263
2264
2265
2266
2267 /*************************************************
2268 * Handle MD5 or SHA-1 computation for HMAC *
2269 *************************************************/
2270
2271 /* These are some wrapping functions that enable the HMAC code to be a bit
2272 cleaner. A good compiler will spot the tail recursion.
2273
2274 Arguments:
2275 type HMAC_MD5 or HMAC_SHA1
2276 remaining are as for the cryptographic hash functions
2277
2278 Returns: nothing
2279 */
2280
2281 static void
2282 chash_start(int type, void *base)
2283 {
2284 if (type == HMAC_MD5)
2285 md5_start((md5 *)base);
2286 else
2287 sha1_start((sha1 *)base);
2288 }
2289
2290 static void
2291 chash_mid(int type, void *base, uschar *string)
2292 {
2293 if (type == HMAC_MD5)
2294 md5_mid((md5 *)base, string);
2295 else
2296 sha1_mid((sha1 *)base, string);
2297 }
2298
2299 static void
2300 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2301 {
2302 if (type == HMAC_MD5)
2303 md5_end((md5 *)base, string, length, digest);
2304 else
2305 sha1_end((sha1 *)base, string, length, digest);
2306 }
2307
2308
2309
2310
2311
2312 /*************************************************
2313 * Join a file onto the output string *
2314 *************************************************/
2315
2316 /* This is used for readfile and after a run expansion. It joins the contents
2317 of a file onto the output string, globally replacing newlines with a given
2318 string (optionally). The file is closed at the end.
2319
2320 Arguments:
2321 f the FILE
2322 yield pointer to the expandable string
2323 sizep pointer to the current size
2324 ptrp pointer to the current position
2325 eol newline replacement string, or NULL
2326
2327 Returns: new value of string pointer
2328 */
2329
2330 static uschar *
2331 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2332 {
2333 int eollen;
2334 uschar buffer[1024];
2335
2336 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2337
2338 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2339 {
2340 int len = Ustrlen(buffer);
2341 if (eol != NULL && buffer[len-1] == '\n') len--;
2342 yield = string_cat(yield, sizep, ptrp, buffer, len);
2343 if (buffer[len] != 0)
2344 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2345 }
2346
2347 if (yield != NULL) yield[*ptrp] = 0;
2348
2349 return yield;
2350 }
2351
2352
2353
2354
2355 /*************************************************
2356 * Evaluate numeric expression *
2357 *************************************************/
2358
2359 /* This is a set of mutually recursive functions that evaluate a simple
2360 arithmetic expression involving only + - * / and parentheses. The only one that
2361 is called from elsewhere is eval_expr, whose interface is:
2362
2363 Arguments:
2364 sptr pointer to the pointer to the string - gets updated
2365 decimal TRUE if numbers are to be assumed decimal
2366 error pointer to where to put an error message - must be NULL on input
2367 endket TRUE if ')' must terminate - FALSE for external call
2368
2369
2370 Returns: on success: the value of the expression, with *error still NULL
2371 on failure: an undefined value, with *error = a message
2372 */
2373
2374 static int eval_sumterm(uschar **, BOOL, uschar **);
2375
2376 static int
2377 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2378 {
2379 uschar *s = *sptr;
2380 int x = eval_sumterm(&s, decimal, error);
2381 if (*error == NULL)
2382 {
2383 while (*s == '+' || *s == '-')
2384 {
2385 int op = *s++;
2386 int y = eval_sumterm(&s, decimal, error);
2387 if (*error != NULL) break;
2388 if (op == '+') x += y; else x -= y;
2389 }
2390 if (*error == NULL)
2391 {
2392 if (endket)
2393 {
2394 if (*s != ')')
2395 *error = US"expecting closing parenthesis";
2396 else
2397 while (isspace(*(++s)));
2398 }
2399 else if (*s != 0) *error = US"expecting + or -";
2400 }
2401 }
2402
2403 *sptr = s;
2404 return x;
2405 }
2406
2407 static int
2408 eval_term(uschar **sptr, BOOL decimal, uschar **error)
2409 {
2410 register int c;
2411 int n;
2412 uschar *s = *sptr;
2413 while (isspace(*s)) s++;
2414 c = *s;
2415 if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2416 {
2417 int count;
2418 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2419 s += count;
2420 if (tolower(*s) == 'k') { n *= 1024; s++; }
2421 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2422 while (isspace (*s)) s++;
2423 }
2424 else if (c == '(')
2425 {
2426 s++;
2427 n = eval_expr(&s, decimal, error, 1);
2428 }
2429 else
2430 {
2431 *error = US"expecting number or opening parenthesis";
2432 n = 0;
2433 }
2434 *sptr = s;
2435 return n;
2436 }
2437
2438 static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2439 {
2440 uschar *s = *sptr;
2441 int x = eval_term(&s, decimal, error);
2442 if (*error == NULL)
2443 {
2444 while (*s == '*' || *s == '/')
2445 {
2446 int op = *s++;
2447 int y = eval_term(&s, decimal, error);
2448 if (*error != NULL) break;
2449 if (op == '*') x *= y; else x /= y;
2450 }
2451 }
2452 *sptr = s;
2453 return x;
2454 }
2455
2456
2457
2458
2459 /*************************************************
2460 * Expand string *
2461 *************************************************/
2462
2463 /* Returns either an unchanged string, or the expanded string in stacking pool
2464 store. Interpreted sequences are:
2465
2466 \... normal escaping rules
2467 $name substitutes the variable
2468 ${name} ditto
2469 ${op:string} operates on the expanded string value
2470 ${item{arg1}{arg2}...} expands the args and then does the business
2471 some literal args are not enclosed in {}
2472
2473 There are now far too many operators and item types to make it worth listing
2474 them here in detail any more.
2475
2476 We use an internal routine recursively to handle embedded substrings. The
2477 external function follows. The yield is NULL if the expansion failed, and there
2478 are two cases: if something collapsed syntactically, or if "fail" was given
2479 as the action on a lookup failure. These can be distinguised by looking at the
2480 variable expand_string_forcedfail, which is TRUE in the latter case.
2481
2482 The skipping flag is set true when expanding a substring that isn't actually
2483 going to be used (after "if" or "lookup") and it prevents lookups from
2484 happening lower down.
2485
2486 Store usage: At start, a store block of the length of the input plus 64
2487 is obtained. This is expanded as necessary by string_cat(), which might have to
2488 get a new block, or might be able to expand the original. At the end of the
2489 function we can release any store above that portion of the yield block that
2490 was actually used. In many cases this will be optimal.
2491
2492 However: if the first item in the expansion is a variable name or header name,
2493 we reset the store before processing it; if the result is in fresh store, we
2494 use that without copying. This is helpful for expanding strings like
2495 $message_headers which can get very long.
2496
2497 Arguments:
2498 string the string to be expanded
2499 ket_ends true if expansion is to stop at }
2500 left if not NULL, a pointer to the first character after the
2501 expansion is placed here (typically used with ket_ends)
2502 skipping TRUE for recursive calls when the value isn't actually going
2503 to be used (to allow for optimisation)
2504
2505 Returns: NULL if expansion fails:
2506 expand_string_forcedfail is set TRUE if failure was forced
2507 expand_string_message contains a textual error message
2508 a pointer to the expanded string on success
2509 */
2510
2511 static uschar *
2512 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2513 BOOL skipping)
2514 {
2515 int ptr = 0;
2516 int size = Ustrlen(string)+ 64;
2517 int item_type;
2518 uschar *yield = store_get(size);
2519 uschar *s = string;
2520 uschar *save_expand_nstring[EXPAND_MAXN+1];
2521 int save_expand_nlength[EXPAND_MAXN+1];
2522
2523 expand_string_forcedfail = FALSE;
2524 expand_string_message = US"";
2525
2526 while (*s != 0)
2527 {
2528 uschar *value;
2529 uschar name[256];
2530
2531 /* \ escapes the next character, which must exist, or else
2532 the expansion fails. There's a special escape, \N, which causes
2533 copying of the subject verbatim up to the next \N. Otherwise,
2534 the escapes are the standard set. */
2535
2536 if (*s == '\\')
2537 {
2538 if (s[1] == 0)
2539 {
2540 expand_string_message = US"\\ at end of string";
2541 goto EXPAND_FAILED;
2542 }
2543
2544 if (s[1] == 'N')
2545 {
2546 uschar *t = s + 2;
2547 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2548 yield = string_cat(yield, &size, &ptr, t, s - t);
2549 if (*s != 0) s += 2;
2550 }
2551
2552 else
2553 {
2554 uschar ch[1];
2555 ch[0] = string_interpret_escape(&s);
2556 s++;
2557 yield = string_cat(yield, &size, &ptr, ch, 1);
2558 }
2559
2560 continue;
2561 }
2562
2563 /* Anything other than $ is just copied verbatim, unless we are
2564 looking for a terminating } character. */
2565
2566 if (ket_ends && *s == '}') break;
2567
2568 if (*s != '$')
2569 {
2570 yield = string_cat(yield, &size, &ptr, s++, 1);
2571 continue;
2572 }
2573
2574 /* No { after the $ - must be a plain name or a number for string
2575 match variable. There has to be a fudge for variables that are the
2576 names of header fields preceded by "$header_" because header field
2577 names can contain any printing characters except space and colon.
2578 For those that don't like typing this much, "$h_" is a synonym for
2579 "$header_". A non-existent header yields a NULL value; nothing is
2580 inserted. */
2581
2582 if (isalpha((*(++s))))
2583 {
2584 int len;
2585 int newsize = 0;
2586
2587 s = read_name(name, sizeof(name), s, US"_");
2588
2589 /* If this is the first thing to be expanded, release the pre-allocated
2590 buffer. */
2591
2592 if (ptr == 0 && yield != NULL)
2593 {
2594 store_reset(yield);
2595 yield = NULL;
2596 size = 0;
2597 }
2598
2599 /* Header */
2600
2601 if (Ustrncmp(name, "h_", 2) == 0 ||
2602 Ustrncmp(name, "rh_", 3) == 0 ||
2603 Ustrncmp(name, "bh_", 3) == 0 ||
2604 Ustrncmp(name, "header_", 7) == 0 ||
2605 Ustrncmp(name, "rheader_", 8) == 0 ||
2606 Ustrncmp(name, "bheader_", 8) == 0)
2607 {
2608 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2609 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2610 s = read_header_name(name, sizeof(name), s);
2611 value = find_header(name, FALSE, &newsize, want_raw, charset);
2612
2613 /* If we didn't find the header, and the header contains a closing brace
2614 characters, this may be a user error where the terminating colon
2615 has been omitted. Set a flag to adjust the error message in this case.
2616 But there is no error here - nothing gets inserted. */
2617
2618 if (value == NULL)
2619 {
2620 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2621 continue;
2622 }
2623 }
2624
2625 /* Variable */
2626
2627 else
2628 {
2629 value = find_variable(name, FALSE, skipping, &newsize);
2630 if (value == NULL)
2631 {
2632 expand_string_message =
2633 string_sprintf("unknown variable name \"%s\"", name);
2634 goto EXPAND_FAILED;
2635 }
2636 }
2637
2638 /* If the data is known to be in a new buffer, newsize will be set to the
2639 size of that buffer. If this is the first thing in an expansion string,
2640 yield will be NULL; just point it at the new store instead of copying. Many
2641 expansion strings contain just one reference, so this is a useful
2642 optimization, especially for humungous headers. */
2643
2644 len = Ustrlen(value);
2645 if (yield == NULL && newsize != 0)
2646 {
2647 yield = value;
2648 size = newsize;
2649 ptr = len;
2650 }
2651 else yield = string_cat(yield, &size, &ptr, value, len);
2652
2653 continue;
2654 }
2655
2656 if (isdigit(*s))
2657 {
2658 int n;
2659 s = read_number(&n, s);
2660 if (n >= 0 && n <= expand_nmax)
2661 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2662 expand_nlength[n]);
2663 continue;
2664 }
2665
2666 /* Otherwise, if there's no '{' after $ it's an error. */
2667
2668 if (*s != '{')
2669 {
2670 expand_string_message = US"$ not followed by letter, digit, or {";
2671 goto EXPAND_FAILED;
2672 }
2673
2674 /* After { there can be various things, but they all start with
2675 an initial word, except for a number for a string match variable. */
2676
2677 if (isdigit((*(++s))))
2678 {
2679 int n;
2680 s = read_number(&n, s);
2681 if (*s++ != '}')
2682 {
2683 expand_string_message = US"} expected after number";
2684 goto EXPAND_FAILED;
2685 }
2686 if (n >= 0 && n <= expand_nmax)
2687 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2688 expand_nlength[n]);
2689 continue;
2690 }
2691
2692 if (!isalpha(*s))
2693 {
2694 expand_string_message = US"letter or digit expected after ${";
2695 goto EXPAND_FAILED;
2696 }
2697
2698 /* Allow "-" in names to cater for substrings with negative
2699 arguments. Since we are checking for known names after { this is
2700 OK. */
2701
2702 s = read_name(name, sizeof(name), s, US"_-");
2703 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2704
2705 switch(item_type)
2706 {
2707 /* Handle conditionals - preserve the values of the numerical expansion
2708 variables in case they get changed by a regular expression match in the
2709 condition. If not, they retain their external settings. At the end
2710 of this "if" section, they get restored to their previous values. */
2711
2712 case EITEM_IF:
2713 {
2714 BOOL cond = FALSE;
2715 uschar *next_s;
2716 int save_expand_nmax =
2717 save_expand_strings(save_expand_nstring, save_expand_nlength);
2718
2719 while (isspace(*s)) s++;
2720 next_s = eval_condition(s, skipping? NULL : &cond);
2721 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2722
2723 DEBUG(D_expand)
2724 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2725 cond? "true" : "false");
2726
2727 s = next_s;
2728
2729 /* The handling of "yes" and "no" result strings is now in a separate
2730 function that is also used by ${lookup} and ${extract} and ${run}. */
2731
2732 switch(process_yesno(
2733 skipping, /* were previously skipping */
2734 cond, /* success/failure indicator */
2735 lookup_value, /* value to reset for string2 */
2736 &s, /* input pointer */
2737 &yield, /* output pointer */
2738 &size, /* output size */
2739 &ptr, /* output current point */
2740 US"if")) /* condition type */
2741 {
2742 case 1: goto EXPAND_FAILED; /* when all is well, the */
2743 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2744 }
2745
2746 /* Restore external setting of expansion variables for continuation
2747 at this level. */
2748
2749 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2750 save_expand_nlength);
2751 continue;
2752 }
2753
2754 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
2755 expanding an internal string that isn't actually going to be used. All we
2756 need to do is check the syntax, so don't do a lookup at all. Preserve the
2757 values of the numerical expansion variables in case they get changed by a
2758 partial lookup. If not, they retain their external settings. At the end
2759 of this "lookup" section, they get restored to their previous values. */
2760
2761 case EITEM_LOOKUP:
2762 {
2763 int stype, partial, affixlen, starflags;
2764 int expand_setup = 0;
2765 int nameptr = 0;
2766 uschar *key, *filename, *affix;
2767 uschar *save_lookup_value = lookup_value;
2768 int save_expand_nmax =
2769 save_expand_strings(save_expand_nstring, save_expand_nlength);
2770
2771 if ((expand_forbid & RDO_LOOKUP) != 0)
2772 {
2773 expand_string_message = US"lookup expansions are not permitted";
2774 goto EXPAND_FAILED;
2775 }
2776
2777 /* Get the key we are to look up for single-key+file style lookups.
2778 Otherwise set the key NULL pro-tem. */
2779
2780 while (isspace(*s)) s++;
2781 if (*s == '{')
2782 {
2783 key = expand_string_internal(s+1, TRUE, &s, skipping);
2784 if (key == NULL) goto EXPAND_FAILED;
2785 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2786 while (isspace(*s)) s++;
2787 }
2788 else key = NULL;
2789
2790 /* Find out the type of database */
2791
2792 if (!isalpha(*s))
2793 {
2794 expand_string_message = US"missing lookup type";
2795 goto EXPAND_FAILED;
2796 }
2797
2798 /* The type is a string that may contain special characters of various
2799 kinds. Allow everything except space or { to appear; the actual content
2800 is checked by search_findtype_partial. */
2801
2802 while (*s != 0 && *s != '{' && !isspace(*s))
2803 {
2804 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
2805 s++;
2806 }
2807 name[nameptr] = 0;
2808 while (isspace(*s)) s++;
2809
2810 /* Now check for the individual search type and any partial or default
2811 options. Only those types that are actually in the binary are valid. */
2812
2813 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
2814 &starflags);
2815 if (stype < 0)
2816 {
2817 expand_string_message = search_error_message;
2818 goto EXPAND_FAILED;
2819 }
2820
2821 /* Check that a key was provided for those lookup types that need it,
2822 and was not supplied for those that use the query style. */
2823
2824 if (!mac_islookup(stype, lookup_querystyle))
2825 {
2826 if (key == NULL)
2827 {
2828 expand_string_message = string_sprintf("missing {key} for single-"
2829 "key \"%s\" lookup", name);
2830 goto EXPAND_FAILED;
2831 }
2832 }
2833 else
2834 {
2835 if (key != NULL)
2836 {
2837 expand_string_message = string_sprintf("a single key was given for "
2838 "lookup type \"%s\", which is not a single-key lookup type", name);
2839 goto EXPAND_FAILED;
2840 }
2841 }
2842
2843 /* Get the next string in brackets and expand it. It is the file name for
2844 single-key+file lookups, and the whole query otherwise. */
2845
2846 if (*s != '{') goto EXPAND_FAILED_CURLY;
2847 filename = expand_string_internal(s+1, TRUE, &s, skipping);
2848 if (filename == NULL) goto EXPAND_FAILED;
2849 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2850 while (isspace(*s)) s++;
2851
2852 /* If this isn't a single-key+file lookup, re-arrange the variables
2853 to be appropriate for the search_ functions. */
2854
2855 if (key == NULL)
2856 {
2857 key = filename;
2858 filename = NULL;
2859 }
2860
2861 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
2862 the entry was not found. Note that there is no search_close() function.
2863 Files are left open in case of re-use. At suitable places in higher logic,
2864 search_tidyup() is called to tidy all open files. This can save opening
2865 the same file several times. However, files may also get closed when
2866 others are opened, if too many are open at once. The rule is that a
2867 handle should not be used after a second search_open().
2868
2869 Request that a partial search sets up $1 and maybe $2 by passing
2870 expand_setup containing zero. If its value changes, reset expand_nmax,
2871 since new variables will have been set. Note that at the end of this
2872 "lookup" section, the old numeric variables are restored. */
2873
2874 if (skipping)
2875 lookup_value = NULL;
2876 else
2877 {
2878 void *handle = search_open(filename, stype, 0, NULL, NULL);
2879 if (handle == NULL)
2880 {
2881 expand_string_message = search_error_message;
2882 goto EXPAND_FAILED;
2883 }
2884 lookup_value = search_find(handle, filename, key, partial, affix,
2885 affixlen, starflags, &expand_setup);
2886 if (search_find_defer)
2887 {
2888 expand_string_message =
2889 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
2890 search_error_message);
2891 goto EXPAND_FAILED;
2892 }
2893 if (expand_setup > 0) expand_nmax = expand_setup;
2894 }
2895
2896 /* The handling of "yes" and "no" result strings is now in a separate
2897 function that is also used by ${if} and ${extract}. */
2898
2899 switch(process_yesno(
2900 skipping, /* were previously skipping */
2901 lookup_value != NULL, /* success/failure indicator */
2902 save_lookup_value, /* value to reset for string2 */
2903 &s, /* input pointer */
2904 &yield, /* output pointer */
2905 &size, /* output size */
2906 &ptr, /* output current point */
2907 US"lookup")) /* condition type */
2908 {
2909 case 1: goto EXPAND_FAILED; /* when all is well, the */
2910 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2911 }
2912
2913 /* Restore external setting of expansion variables for carrying on
2914 at this level, and continue. */
2915
2916 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2917 save_expand_nlength);
2918 continue;
2919 }
2920
2921 /* If Perl support is configured, handle calling embedded perl subroutines,
2922 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
2923 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
2924 arguments (defined below). */
2925
2926 #ifdef EXIM_PERL
2927 #define EXIM_PERL_MAX_ARGS 8
2928
2929 case EITEM_PERL:
2930 {
2931 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
2932 uschar *new_yield;
2933
2934 if ((expand_forbid & RDO_PERL) != 0)
2935 {
2936 expand_string_message = US"Perl calls are not permitted";
2937 goto EXPAND_FAILED;
2938 }
2939
2940 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
2941 US"perl"))
2942 {
2943 case 1: goto EXPAND_FAILED_CURLY;
2944 case 2:
2945 case 3: goto EXPAND_FAILED;
2946 }
2947
2948 /* If skipping, we don't actually do anything */
2949
2950 if (skipping) continue;
2951
2952 /* Start the interpreter if necessary */
2953
2954 if (!opt_perl_started)
2955 {
2956 uschar *initerror;
2957 if (opt_perl_startup == NULL)
2958 {
2959 expand_string_message = US"A setting of perl_startup is needed when "
2960 "using the Perl interpreter";
2961 goto EXPAND_FAILED;
2962 }
2963 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
2964 initerror = init_perl(opt_perl_startup);
2965 if (initerror != NULL)
2966 {
2967 expand_string_message =
2968 string_sprintf("error in perl_startup code: %s\n", initerror);
2969 goto EXPAND_FAILED;
2970 }
2971 opt_perl_started = TRUE;
2972 }
2973
2974 /* Call the function */
2975
2976 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
2977 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
2978 sub_arg[0], sub_arg + 1);
2979
2980 /* NULL yield indicates failure; if the message pointer has been set to
2981 NULL, the yield was undef, indicating a forced failure. Otherwise the
2982 message will indicate some kind of Perl error. */
2983
2984 if (new_yield == NULL)
2985 {
2986 if (expand_string_message == NULL)
2987 {
2988 expand_string_message =
2989 string_sprintf("Perl subroutine \"%s\" returned undef to force "
2990 "failure", sub_arg[0]);
2991 expand_string_forcedfail = TRUE;
2992 }
2993 goto EXPAND_FAILED;
2994 }
2995
2996 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
2997 set during a callback from Perl. */
2998
2999 expand_string_forcedfail = FALSE;
3000 yield = new_yield;
3001 continue;
3002 }
3003 #endif /* EXIM_PERL */
3004
3005 /* Handle "readfile" to insert an entire file */
3006
3007 case EITEM_READFILE:
3008 {
3009 FILE *f;
3010 uschar *sub_arg[2];
3011
3012 if ((expand_forbid & RDO_READFILE) != 0)
3013 {
3014 expand_string_message = US"file insertions are not permitted";
3015 goto EXPAND_FAILED;
3016 }
3017
3018 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3019 {
3020 case 1: goto EXPAND_FAILED_CURLY;
3021 case 2:
3022 case 3: goto EXPAND_FAILED;
3023 }
3024
3025 /* If skipping, we don't actually do anything */
3026
3027 if (skipping) continue;
3028
3029 /* Open the file and read it */
3030
3031 f = Ufopen(sub_arg[0], "rb");
3032 if (f == NULL)
3033 {
3034 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3035 goto EXPAND_FAILED;
3036 }
3037
3038 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3039 fclose(f);
3040 continue;
3041 }
3042
3043 /* Handle "readsocket" to insert data from a Unix domain socket */
3044
3045 case EITEM_READSOCK:
3046 {
3047 int fd;
3048 int timeout = 5;
3049 int save_ptr = ptr;
3050 FILE *f;
3051 struct sockaddr_un sockun; /* don't call this "sun" ! */
3052 uschar *arg;
3053 uschar *sub_arg[4];
3054
3055 if ((expand_forbid & RDO_READSOCK) != 0)
3056 {
3057 expand_string_message = US"socket insertions are not permitted";
3058 goto EXPAND_FAILED;
3059 }
3060
3061 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3062 because there may be a string for expansion on failure. */
3063
3064 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3065 {
3066 case 1: goto EXPAND_FAILED_CURLY;
3067 case 2: /* Won't occur: no end check */
3068 case 3: goto EXPAND_FAILED;
3069 }
3070
3071 /* Sort out timeout, if given */
3072
3073 if (sub_arg[2] != NULL)
3074 {
3075 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3076 if (timeout < 0)
3077 {
3078 expand_string_message = string_sprintf("bad time value %s",
3079 sub_arg[2]);
3080 goto EXPAND_FAILED;
3081 }
3082 }
3083 else sub_arg[3] = NULL; /* No eol if no timeout */
3084
3085 /* If skipping, we don't actually do anything */
3086
3087 if (!skipping)
3088 {
3089 /* Make a connection to the socket */
3090
3091 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3092 {
3093 expand_string_message = string_sprintf("failed to create socket: %s",
3094 strerror(errno));
3095 goto SOCK_FAIL;
3096 }
3097
3098 sockun.sun_family = AF_UNIX;
3099 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3100 sub_arg[0]);
3101 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3102 {
3103 expand_string_message = string_sprintf("failed to connect to socket "
3104 "%s: %s", sub_arg[0], strerror(errno));
3105 goto SOCK_FAIL;
3106 }
3107 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3108
3109 /* Write the request string, if not empty */
3110
3111 if (sub_arg[1][0] != 0)
3112 {
3113 int len = Ustrlen(sub_arg[1]);
3114 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3115 sub_arg[1]);
3116 if (write(fd, sub_arg[1], len) != len)
3117 {
3118 expand_string_message = string_sprintf("request write to socket "
3119 "failed: %s", strerror(errno));
3120 goto SOCK_FAIL;
3121 }
3122 }
3123
3124 /* Now we need to read from the socket, under a timeout. The function
3125 that reads a file can be used. */
3126
3127 f = fdopen(fd, "rb");
3128 sigalrm_seen = FALSE;
3129 alarm(timeout);
3130 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3131 alarm(0);
3132 fclose(f);
3133
3134 /* After a timeout, we restore the pointer in the result, that is,
3135 make sure we add nothing from the socket. */
3136
3137 if (sigalrm_seen)
3138 {
3139 ptr = save_ptr;
3140 expand_string_message = US"socket read timed out";
3141 goto SOCK_FAIL;
3142 }
3143 }
3144
3145 /* The whole thing has worked (or we were skipping). If there is a
3146 failure string following, we need to skip it. */
3147
3148 if (*s == '{')
3149 {
3150 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3151 goto EXPAND_FAILED;
3152 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3153 while (isspace(*s)) s++;
3154 }
3155 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3156 continue;
3157
3158 /* Come here on failure to create socket, connect socket, write to the
3159 socket, or timeout on reading. If another substring follows, expand and
3160 use it. Otherwise, those conditions give expand errors. */
3161
3162 SOCK_FAIL:
3163 if (*s != '{') goto EXPAND_FAILED;
3164 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3165 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3166 if (arg == NULL) goto EXPAND_FAILED;
3167 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3168 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3169 while (isspace(*s)) s++;
3170 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3171 continue;
3172 }
3173
3174 /* Handle "run" to execute a program. */
3175
3176 case EITEM_RUN:
3177 {
3178 FILE *f;
3179 uschar *old_lookup_value = NULL;
3180 uschar *arg;
3181 uschar **argv;
3182 pid_t pid;
3183 int fd_in, fd_out;
3184 int lsize = 0;
3185 int lptr = 0;
3186
3187 if ((expand_forbid & RDO_RUN) != 0)
3188 {
3189 expand_string_message = US"running a command is not permitted";
3190 goto EXPAND_FAILED;
3191 }
3192
3193 while (isspace(*s)) s++;
3194 if (*s != '{') goto EXPAND_FAILED_CURLY;
3195 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3196 if (arg == NULL) goto EXPAND_FAILED;
3197 while (isspace(*s)) s++;
3198 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3199
3200 if (skipping) /* Just pretend it worked when we're skipping */
3201 {
3202 runrc = 0;
3203 }
3204 else
3205 {
3206 if (!transport_set_up_command(&argv, /* anchor for arg list */
3207 arg, /* raw command */
3208 FALSE, /* don't expand the arguments */
3209 0, /* not relevant when... */
3210 NULL, /* no transporting address */
3211 US"${run} expansion", /* for error messages */
3212 &expand_string_message)) /* where to put error message */
3213 {
3214 goto EXPAND_FAILED;
3215 }
3216
3217 /* Create the child process, making it a group leader. */
3218
3219 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3220
3221 if (pid < 0)
3222 {
3223 expand_string_message =
3224 string_sprintf("couldn't create child process: %s", strerror(errno));
3225 goto EXPAND_FAILED;
3226 }
3227
3228 /* Nothing is written to the standard input. */
3229
3230 close(fd_in);
3231
3232 /* Wait for the process to finish, applying the timeout, and inspect its
3233 return code for serious disasters. Simple non-zero returns are passed on.
3234 */
3235
3236 if ((runrc = child_close(pid, 60)) < 0)
3237 {
3238 if (runrc == -256)
3239 {
3240 expand_string_message = string_sprintf("command timed out");
3241 killpg(pid, SIGKILL); /* Kill the whole process group */
3242 }
3243
3244 else if (runrc == -257)
3245 expand_string_message = string_sprintf("wait() failed: %s",
3246 strerror(errno));
3247
3248 else
3249 expand_string_message = string_sprintf("command killed by signal %d",
3250 -runrc);
3251
3252 goto EXPAND_FAILED;
3253 }
3254
3255 /* Read the pipe to get the command's output into $value (which is kept
3256 in lookup_value). */
3257
3258 f = fdopen(fd_out, "rb");
3259 old_lookup_value = lookup_value;
3260 lookup_value = NULL;
3261 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
3262 fclose(f);
3263 }
3264
3265 /* Process the yes/no strings */
3266
3267 switch(process_yesno(
3268 skipping, /* were previously skipping */
3269 runrc == 0, /* success/failure indicator */
3270 old_lookup_value, /* value to reset for string2 */
3271 &s, /* input pointer */
3272 &yield, /* output pointer */
3273 &size, /* output size */
3274 &ptr, /* output current point */
3275 US"run")) /* condition type */
3276 {
3277 case 1: goto EXPAND_FAILED; /* when all is well, the */
3278 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3279 }
3280
3281 continue;
3282 }
3283
3284 /* Handle character translation for "tr" */
3285
3286 case EITEM_TR:
3287 {
3288 int oldptr = ptr;
3289 int o2m;
3290 uschar *sub[3];
3291
3292 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
3293 {
3294 case 1: goto EXPAND_FAILED_CURLY;
3295 case 2:
3296 case 3: goto EXPAND_FAILED;
3297 }
3298
3299 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
3300 o2m = Ustrlen(sub[2]) - 1;
3301
3302 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
3303 {
3304 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
3305 if (m != NULL)
3306 {
3307 int o = m - sub[1];
3308 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
3309 }
3310 }
3311
3312 continue;
3313 }
3314
3315 /* Handle "hash", "length", "nhash", and "substr" when they are given with
3316 expanded arguments. */
3317
3318 case EITEM_HASH:
3319 case EITEM_LENGTH:
3320 case EITEM_NHASH:
3321 case EITEM_SUBSTR:
3322 {
3323 int i;
3324 int len;
3325 uschar *ret;
3326 int val[2] = { 0, -1 };
3327 uschar *sub[3];
3328
3329 /* "length" takes only 2 arguments whereas the others take 2 or 3.
3330 Ensure that sub[2] is set in the ${length case. */
3331
3332 sub[2] = NULL;
3333 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
3334 TRUE, name))
3335 {
3336 case 1: goto EXPAND_FAILED_CURLY;
3337 case 2:
3338 case 3: goto EXPAND_FAILED;
3339 }
3340
3341 /* Juggle the arguments if there are only two of them: always move the
3342 string to the last position and make ${length{n}{str}} equivalent to
3343 ${substr{0}{n}{str}}. See the defaults for val[] above. */
3344
3345 if (sub[2] == NULL)
3346 {
3347 sub[2] = sub[1];
3348 sub[1] = NULL;
3349 if (item_type == EITEM_LENGTH)
3350 {
3351 sub[1] = sub[0];
3352 sub[0] = NULL;
3353 }
3354 }
3355
3356 for (i = 0; i < 2; i++)
3357 {
3358 if (sub[i] == NULL) continue;
3359 val[i] = (int)Ustrtol(sub[i], &ret, 10);
3360 if (*ret != 0 || (i != 0 && val[i] < 0))
3361 {
3362 expand_string_message = string_sprintf("\"%s\" is not a%s number "
3363 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
3364 goto EXPAND_FAILED;
3365 }
3366 }
3367
3368 ret =
3369 (item_type == EITEM_HASH)?
3370 compute_hash(sub[2], val[0], val[1], &len) :
3371 (item_type == EITEM_NHASH)?
3372 compute_nhash(sub[2], val[0], val[1], &len) :
3373 extract_substr(sub[2], val[0], val[1], &len);
3374
3375 if (ret == NULL) goto EXPAND_FAILED;
3376 yield = string_cat(yield, &size, &ptr, ret, len);
3377 continue;
3378 }
3379
3380 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
3381 This code originally contributed by Steve Haslam. It currently supports
3382 the use of MD5 and SHA-1 hashes.
3383
3384 We need some workspace that is large enough to handle all the supported
3385 hash types. Use macros to set the sizes rather than be too elaborate. */
3386
3387 #define MAX_HASHLEN 20
3388 #define MAX_HASHBLOCKLEN 64
3389
3390 case EITEM_HMAC:
3391 {
3392 uschar *sub[3];
3393 md5 md5_base;
3394 sha1 sha1_base;
3395 void *use_base;
3396 int type, i;
3397 int hashlen;