projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added -dd for daemon debugging.
[exim.git] / src / src / expand.c
1 /* $Cambridge: exim/src/src/expand.c,v 1.3 2004/11/05 16:53:28 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10
11 /* Functions for handling string expansion. */
12
13
14 #include "exim.h"
15
16 #ifdef STAND_ALONE
17 #ifndef SUPPORT_CRYPTEQ
18 #define SUPPORT_CRYPTEQ
19 #endif
20 #endif
21
22 #ifdef SUPPORT_CRYPTEQ
23 #ifdef CRYPT_H
24 #include <crypt.h>
25 #endif
26 #ifndef HAVE_CRYPT16
27 extern char* crypt16(char*, char*);
28 #endif
29 #endif
30
31 #ifdef LOOKUP_LDAP
32 #include "lookups/ldap.h"
33 #endif
34
35
36
37 /* Recursively called function */
38
39 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43 /*************************************************
44 * Local statics and tables *
45 *************************************************/
46
47 /* Table of item names, and corresponding switch numbers. The names must be in
48 alphabetical order. */
49
50 static uschar *item_table[] = {
51 US"extract",
52 US"hash",
53 US"hmac",
54 US"if",
55 US"length",
56 US"lookup",
57 US"nhash",
58 #ifdef EXIM_PERL
59 US"perl",
60 #endif
61 US"readfile",
62 US"readsocket",
63 US"run",
64 US"sg",
65 US"substr",
66 US"tr" };
67
68 enum {
69 EITEM_EXTRACT,
70 EITEM_HASH,
71 EITEM_HMAC,
72 EITEM_IF,
73 EITEM_LENGTH,
74 EITEM_LOOKUP,
75 EITEM_NHASH,
76 #ifdef EXIM_PERL
77 EITEM_PERL,
78 #endif
79 EITEM_READFILE,
80 EITEM_READSOCK,
81 EITEM_RUN,
82 EITEM_SG,
83 EITEM_SUBSTR,
84 EITEM_TR };
85
86 /* Tables of operator names, and corresponding switch numbers. The names must be
87 in alphabetical order. There are two tables, because underscore is used in some
88 cases to introduce arguments, whereas for other it is part of the name. This is
89 an historical mis-design. */
90
91 static uschar *op_table_underscore[] = {
92 US"from_utf8",
93 US"local_part",
94 US"quote_local_part",
95 US"time_interval"};
96
97 enum {
98 EOP_FROM_UTF8,
99 EOP_LOCAL_PART,
100 EOP_QUOTE_LOCAL_PART,
101 EOP_TIME_INTERVAL };
102
103 static uschar *op_table_main[] = {
104 US"address",
105 US"base62",
106 US"base62d",
107 US"domain",
108 US"escape",
109 US"eval",
110 US"eval10",
111 US"expand",
112 US"h",
113 US"hash",
114 US"hex2b64",
115 US"l",
116 US"lc",
117 US"length",
118 US"mask",
119 US"md5",
120 US"nh",
121 US"nhash",
122 US"quote",
123 US"rfc2047",
124 US"rxquote",
125 US"s",
126 US"sha1",
127 US"stat",
128 US"str2b64",
129 US"strlen",
130 US"substr",
131 US"uc" };
132
133 enum {
134 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
135 EOP_BASE62,
136 EOP_BASE62D,
137 EOP_DOMAIN,
138 EOP_ESCAPE,
139 EOP_EVAL,
140 EOP_EVAL10,
141 EOP_EXPAND,
142 EOP_H,
143 EOP_HASH,
144 EOP_HEX2B64,
145 EOP_L,
146 EOP_LC,
147 EOP_LENGTH,
148 EOP_MASK,
149 EOP_MD5,
150 EOP_NH,
151 EOP_NHASH,
152 EOP_QUOTE,
153 EOP_RFC2047,
154 EOP_RXQUOTE,
155 EOP_S,
156 EOP_SHA1,
157 EOP_STAT,
158 EOP_STR2B64,
159 EOP_STRLEN,
160 EOP_SUBSTR,
161 EOP_UC };
162
163
164 /* Table of condition names, and corresponding switch numbers. The names must
165 be in alphabetical order. */
166
167 static uschar *cond_table[] = {
168 US"<",
169 US"<=",
170 US"=",
171 US"==", /* Backward compatibility */
172 US">",
173 US">=",
174 US"and",
175 US"crypteq",
176 US"def",
177 US"eq",
178 US"eqi",
179 US"exists",
180 US"first_delivery",
181 US"ge",
182 US"gei",
183 US"gt",
184 US"gti",
185 US"isip",
186 US"isip4",
187 US"isip6",
188 US"ldapauth",
189 US"le",
190 US"lei",
191 US"lt",
192 US"lti",
193 US"match",
194 US"match_address",
195 US"match_domain",
196 US"match_local_part",
197 US"or",
198 US"pam",
199 US"pwcheck",
200 US"queue_running",
201 US"radius",
202 US"saslauthd"
203 };
204
205 enum {
206 ECOND_NUM_L,
207 ECOND_NUM_LE,
208 ECOND_NUM_E,
209 ECOND_NUM_EE,
210 ECOND_NUM_G,
211 ECOND_NUM_GE,
212 ECOND_AND,
213 ECOND_CRYPTEQ,
214 ECOND_DEF,
215 ECOND_STR_EQ,
216 ECOND_STR_EQI,
217 ECOND_EXISTS,
218 ECOND_FIRST_DELIVERY,
219 ECOND_STR_GE,
220 ECOND_STR_GEI,
221 ECOND_STR_GT,
222 ECOND_STR_GTI,
223 ECOND_ISIP,
224 ECOND_ISIP4,
225 ECOND_ISIP6,
226 ECOND_LDAPAUTH,
227 ECOND_STR_LE,
228 ECOND_STR_LEI,
229 ECOND_STR_LT,
230 ECOND_STR_LTI,
231 ECOND_MATCH,
232 ECOND_MATCH_ADDRESS,
233 ECOND_MATCH_DOMAIN,
234 ECOND_MATCH_LOCAL_PART,
235 ECOND_OR,
236 ECOND_PAM,
237 ECOND_PWCHECK,
238 ECOND_QUEUE_RUNNING,
239 ECOND_RADIUS,
240 ECOND_SASLAUTHD
241 };
242
243
244 /* Type for main variable table */
245
246 typedef struct {
247 char *name;
248 int type;
249 void *value;
250 } var_entry;
251
252 /* Type for entries pointing to address/length pairs. Not currently
253 in use. */
254
255 typedef struct {
256 uschar **address;
257 int *length;
258 } alblock;
259
260 /* Types of table entry */
261
262 enum {
263 vtype_int, /* value is address of int */
264 vtype_filter_int, /* ditto, but recognized only when filtering */
265 vtype_ino, /* value is address of ino_t (not always an int) */
266 vtype_uid, /* value is address of uid_t (not always an int) */
267 vtype_gid, /* value is address of gid_t (not always an int) */
268 vtype_stringptr, /* value is address of pointer to string */
269 vtype_msgbody, /* as stringptr, but read when first required */
270 vtype_msgbody_end, /* ditto, the end of the message */
271 vtype_msgheaders, /* the message's headers */
272 vtype_localpart, /* extract local part from string */
273 vtype_domain, /* extract domain from string */
274 vtype_recipients, /* extract recipients from recipients list */
275 /* (enabled only during system filtering */
276 vtype_todbsdin, /* value not used; generate BSD inbox tod */
277 vtype_tode, /* value not used; generate tod in epoch format */
278 vtype_todf, /* value not used; generate full tod */
279 vtype_todl, /* value not used; generate log tod */
280 vtype_todlf, /* value not used; generate log file datestamp tod */
281 vtype_todzone, /* value not used; generate time zone only */
282 vtype_todzulu, /* value not used; generate zulu tod */
283 vtype_reply, /* value not used; get reply from headers */
284 vtype_pid, /* value not used; result is pid */
285 vtype_host_lookup, /* value not used; get host name */
286 vtype_load_avg /* value not used; result is int from os_getloadavg */
287 };
288
289 /* This table must be kept in alphabetical order. */
290
291 static var_entry var_table[] = {
292 { "acl_c0", vtype_stringptr, &acl_var[0] },
293 { "acl_c1", vtype_stringptr, &acl_var[1] },
294 { "acl_c2", vtype_stringptr, &acl_var[2] },
295 { "acl_c3", vtype_stringptr, &acl_var[3] },
296 { "acl_c4", vtype_stringptr, &acl_var[4] },
297 { "acl_c5", vtype_stringptr, &acl_var[5] },
298 { "acl_c6", vtype_stringptr, &acl_var[6] },
299 { "acl_c7", vtype_stringptr, &acl_var[7] },
300 { "acl_c8", vtype_stringptr, &acl_var[8] },
301 { "acl_c9", vtype_stringptr, &acl_var[9] },
302 { "acl_m0", vtype_stringptr, &acl_var[10] },
303 { "acl_m1", vtype_stringptr, &acl_var[11] },
304 { "acl_m2", vtype_stringptr, &acl_var[12] },
305 { "acl_m3", vtype_stringptr, &acl_var[13] },
306 { "acl_m4", vtype_stringptr, &acl_var[14] },
307 { "acl_m5", vtype_stringptr, &acl_var[15] },
308 { "acl_m6", vtype_stringptr, &acl_var[16] },
309 { "acl_m7", vtype_stringptr, &acl_var[17] },
310 { "acl_m8", vtype_stringptr, &acl_var[18] },
311 { "acl_m9", vtype_stringptr, &acl_var[19] },
312 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
313 { "address_data", vtype_stringptr, &deliver_address_data },
314 { "address_file", vtype_stringptr, &address_file },
315 { "address_pipe", vtype_stringptr, &address_pipe },
316 { "authenticated_id", vtype_stringptr, &authenticated_id },
317 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
318 { "authentication_failed",vtype_int, &authentication_failed },
319 { "body_linecount", vtype_int, &body_linecount },
320 { "body_zerocount", vtype_int, &body_zerocount },
321 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
322 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
323 { "caller_gid", vtype_gid, &real_gid },
324 { "caller_uid", vtype_uid, &real_uid },
325 { "compile_date", vtype_stringptr, &version_date },
326 { "compile_number", vtype_stringptr, &version_cnumber },
327 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
328 { "dnslist_text", vtype_stringptr, &dnslist_text },
329 { "dnslist_value", vtype_stringptr, &dnslist_value },
330 { "domain", vtype_stringptr, &deliver_domain },
331 { "domain_data", vtype_stringptr, &deliver_domain_data },
332 { "exim_gid", vtype_gid, &exim_gid },
333 { "exim_path", vtype_stringptr, &exim_path },
334 { "exim_uid", vtype_uid, &exim_uid },
335 { "home", vtype_stringptr, &deliver_home },
336 { "host", vtype_stringptr, &deliver_host },
337 { "host_address", vtype_stringptr, &deliver_host_address },
338 { "host_data", vtype_stringptr, &host_data },
339 { "host_lookup_failed", vtype_int, &host_lookup_failed },
340 { "inode", vtype_ino, &deliver_inode },
341 { "interface_address", vtype_stringptr, &interface_address },
342 { "interface_port", vtype_int, &interface_port },
343 #ifdef LOOKUP_LDAP
344 { "ldap_dn", vtype_stringptr, &eldap_dn },
345 #endif
346 { "load_average", vtype_load_avg, NULL },
347 { "local_part", vtype_stringptr, &deliver_localpart },
348 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
349 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
350 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
351 { "local_scan_data", vtype_stringptr, &local_scan_data },
352 { "local_user_gid", vtype_gid, &local_user_gid },
353 { "local_user_uid", vtype_uid, &local_user_uid },
354 { "localhost_number", vtype_int, &host_number },
355 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
356 { "message_age", vtype_int, &message_age },
357 { "message_body", vtype_msgbody, &message_body },
358 { "message_body_end", vtype_msgbody_end, &message_body_end },
359 { "message_body_size", vtype_int, &message_body_size },
360 { "message_headers", vtype_msgheaders, NULL },
361 { "message_id", vtype_stringptr, &message_id },
362 { "message_size", vtype_int, &message_size },
363 { "n0", vtype_filter_int, &filter_n[0] },
364 { "n1", vtype_filter_int, &filter_n[1] },
365 { "n2", vtype_filter_int, &filter_n[2] },
366 { "n3", vtype_filter_int, &filter_n[3] },
367 { "n4", vtype_filter_int, &filter_n[4] },
368 { "n5", vtype_filter_int, &filter_n[5] },
369 { "n6", vtype_filter_int, &filter_n[6] },
370 { "n7", vtype_filter_int, &filter_n[7] },
371 { "n8", vtype_filter_int, &filter_n[8] },
372 { "n9", vtype_filter_int, &filter_n[9] },
373 { "original_domain", vtype_stringptr, &deliver_domain_orig },
374 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
375 { "originator_gid", vtype_gid, &originator_gid },
376 { "originator_uid", vtype_uid, &originator_uid },
377 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
378 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
379 { "pid", vtype_pid, NULL },
380 { "primary_hostname", vtype_stringptr, &primary_hostname },
381 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
382 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
383 { "rcpt_count", vtype_int, &rcpt_count },
384 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
385 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
386 { "received_count", vtype_int, &received_count },
387 { "received_for", vtype_stringptr, &received_for },
388 { "received_protocol", vtype_stringptr, &received_protocol },
389 { "recipient_data", vtype_stringptr, &recipient_data },
390 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
391 { "recipients", vtype_recipients, NULL },
392 { "recipients_count", vtype_int, &recipients_count },
393 { "reply_address", vtype_reply, NULL },
394 { "return_path", vtype_stringptr, &return_path },
395 { "return_size_limit", vtype_int, &bounce_return_size_limit },
396 { "runrc", vtype_int, &runrc },
397 { "self_hostname", vtype_stringptr, &self_hostname },
398 { "sender_address", vtype_stringptr, &sender_address },
399 { "sender_address_data", vtype_stringptr, &sender_address_data },
400 { "sender_address_domain", vtype_domain, &sender_address },
401 { "sender_address_local_part", vtype_localpart, &sender_address },
402 { "sender_data", vtype_stringptr, &sender_data },
403 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
404 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
405 { "sender_host_address", vtype_stringptr, &sender_host_address },
406 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
407 { "sender_host_name", vtype_host_lookup, NULL },
408 { "sender_host_port", vtype_int, &sender_host_port },
409 { "sender_ident", vtype_stringptr, &sender_ident },
410 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
411 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
412 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
413 { "sn0", vtype_filter_int, &filter_sn[0] },
414 { "sn1", vtype_filter_int, &filter_sn[1] },
415 { "sn2", vtype_filter_int, &filter_sn[2] },
416 { "sn3", vtype_filter_int, &filter_sn[3] },
417 { "sn4", vtype_filter_int, &filter_sn[4] },
418 { "sn5", vtype_filter_int, &filter_sn[5] },
419 { "sn6", vtype_filter_int, &filter_sn[6] },
420 { "sn7", vtype_filter_int, &filter_sn[7] },
421 { "sn8", vtype_filter_int, &filter_sn[8] },
422 { "sn9", vtype_filter_int, &filter_sn[9] },
423 { "spool_directory", vtype_stringptr, &spool_directory },
424 { "thisaddress", vtype_stringptr, &filter_thisaddress },
425 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
426 { "tls_cipher", vtype_stringptr, &tls_cipher },
427 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
428 { "tod_bsdinbox", vtype_todbsdin, NULL },
429 { "tod_epoch", vtype_tode, NULL },
430 { "tod_full", vtype_todf, NULL },
431 { "tod_log", vtype_todl, NULL },
432 { "tod_logfile", vtype_todlf, NULL },
433 { "tod_zone", vtype_todzone, NULL },
434 { "tod_zulu", vtype_todzulu, NULL },
435 { "value", vtype_stringptr, &lookup_value },
436 { "version_number", vtype_stringptr, &version_string },
437 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
438 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
439 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
440 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
441 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
442 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
443 };
444
445 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
446 static uschar var_buffer[256];
447 static BOOL malformed_header;
448
449 /* For textual hashes */
450
451 static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
452 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
453 "0123456789";
454
455 enum { HMAC_MD5, HMAC_SHA1 };
456
457 /* For numeric hashes */
458
459 static unsigned int prime[] = {
460 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
461 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
462 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
463
464 /* For printing modes in symbolic form */
465
466 static uschar *mtable_normal[] =
467 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
468
469 static uschar *mtable_setid[] =
470 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
471
472 static uschar *mtable_sticky[] =
473 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
474
475
476
477 /*************************************************
478 * Tables for UTF-8 support *
479 *************************************************/
480
481 /* Table of the number of extra characters, indexed by the first character
482 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
483 0x3d. */
484
485 static uschar utf8_table1[] = {
486 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
487 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
488 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
489 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
490
491 /* These are the masks for the data bits in the first byte of a character,
492 indexed by the number of additional bytes. */
493
494 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
495
496 /* Get the next UTF-8 character, advancing the pointer. */
497
498 #define GETUTF8INC(c, ptr) \
499 c = *ptr++; \
500 if ((c & 0xc0) == 0xc0) \
501 { \
502 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
503 int s = 6*a; \
504 c = (c & utf8_table2[a]) << s; \
505 while (a-- > 0) \
506 { \
507 s -= 6; \
508 c |= (*ptr++ & 0x3f) << s; \
509 } \
510 }
511
512
513 /*************************************************
514 * Binary chop search on a table *
515 *************************************************/
516
517 /* This is used for matching expansion items and operators.
518
519 Arguments:
520 name the name that is being sought
521 table the table to search
522 table_size the number of items in the table
523
524 Returns: the offset in the table, or -1
525 */
526
527 static int
528 chop_match(uschar *name, uschar **table, int table_size)
529 {
530 uschar **bot = table;
531 uschar **top = table + table_size;
532
533 while (top > bot)
534 {
535 uschar **mid = bot + (top - bot)/2;
536 int c = Ustrcmp(name, *mid);
537 if (c == 0) return mid - table;
538 if (c > 0) bot = mid + 1; else top = mid;
539 }
540
541 return -1;
542 }
543
544
545
546 /*************************************************
547 * Check a condition string *
548 *************************************************/
549
550 /* This function is called to expand a string, and test the result for a "true"
551 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
552 forced fail or lookup defer. All store used by the function can be released on
553 exit.
554
555 Arguments:
556 condition the condition string
557 m1 text to be incorporated in panic error
558 m2 ditto
559
560 Returns: TRUE if condition is met, FALSE if not
561 */
562
563 BOOL
564 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
565 {
566 int rc;
567 void *reset_point = store_get(0);
568 uschar *ss = expand_string(condition);
569 if (ss == NULL)
570 {
571 if (!expand_string_forcedfail && !search_find_defer)
572 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
573 "for %s %s: %s", condition, m1, m2, expand_string_message);
574 return FALSE;
575 }
576 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
577 strcmpic(ss, US"false") != 0;
578 store_reset(reset_point);
579 return rc;
580 }
581
582
583
584 /*************************************************
585 * Pick out a name from a string *
586 *************************************************/
587
588 /* If the name is too long, it is silently truncated.
589
590 Arguments:
591 name points to a buffer into which to put the name
592 max is the length of the buffer
593 s points to the first alphabetic character of the name
594 extras chars other than alphanumerics to permit
595
596 Returns: pointer to the first character after the name
597
598 Note: The test for *s != 0 in the while loop is necessary because
599 Ustrchr() yields non-NULL if the character is zero (which is not something
600 I expected). */
601
602 static uschar *
603 read_name(uschar *name, int max, uschar *s, uschar *extras)
604 {
605 int ptr = 0;
606 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
607 {
608 if (ptr < max-1) name[ptr++] = *s;
609 s++;
610 }
611 name[ptr] = 0;
612 return s;
613 }
614
615
616
617 /*************************************************
618 * Pick out the rest of a header name *
619 *************************************************/
620
621 /* A variable name starting $header_ (or just $h_ for those who like
622 abbreviations) might not be the complete header name because headers can
623 contain any printing characters in their names, except ':'. This function is
624 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
625 on the end, if the name was terminated by white space.
626
627 Arguments:
628 name points to a buffer in which the name read so far exists
629 max is the length of the buffer
630 s points to the first character after the name so far, i.e. the
631 first non-alphameric character after $header_xxxxx
632
633 Returns: a pointer to the first character after the header name
634 */
635
636 static uschar *
637 read_header_name(uschar *name, int max, uschar *s)
638 {
639 int prelen = Ustrchr(name, '_') - name + 1;
640 int ptr = Ustrlen(name) - prelen;
641 if (ptr > 0) memmove(name, name+prelen, ptr);
642 while (mac_isgraph(*s) && *s != ':')
643 {
644 if (ptr < max-1) name[ptr++] = *s;
645 s++;
646 }
647 if (*s == ':') s++;
648 name[ptr++] = ':';
649 name[ptr] = 0;
650 return s;
651 }
652
653
654
655 /*************************************************
656 * Pick out a number from a string *
657 *************************************************/
658
659 /* Arguments:
660 n points to an integer into which to put the number
661 s points to the first digit of the number
662
663 Returns: a pointer to the character after the last digit
664 */
665
666 static uschar *
667 read_number(int *n, uschar *s)
668 {
669 *n = 0;
670 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
671 return s;
672 }
673
674
675
676 /*************************************************
677 * Extract keyed subfield from a string *
678 *************************************************/
679
680 /* The yield is in dynamic store; NULL means that the key was not found.
681
682 Arguments:
683 key points to the name of the key
684 s points to the string from which to extract the subfield
685
686 Returns: NULL if the subfield was not found, or
687 a pointer to the subfield's data
688 */
689
690 static uschar *
691 expand_getkeyed(uschar *key, uschar *s)
692 {
693 int length = Ustrlen(key);
694 while (isspace(*s)) s++;
695
696 /* Loop to search for the key */
697
698 while (*s != 0)
699 {
700 int dkeylength;
701 uschar *data;
702 uschar *dkey = s;
703
704 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
705 dkeylength = s - dkey;
706 while (isspace(*s)) s++;
707 if (*s == '=') while (isspace((*(++s))));
708
709 data = string_dequote(&s);
710 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
711 return data;
712
713 while (isspace(*s)) s++;
714 }
715
716 return NULL;
717 }
718
719
720
721
722 /*************************************************
723 * Extract numbered subfield from string *
724 *************************************************/
725
726 /* Extracts a numbered field from a string that is divided by tokens - for
727 example a line from /etc/passwd is divided by colon characters. First field is
728 numbered one. Negative arguments count from the right. Zero returns the whole
729 string. Returns NULL if there are insufficient tokens in the string
730
731 ***WARNING***
732 Modifies final argument - this is a dynamically generated string, so that's OK.
733
734 Arguments:
735 field number of field to be extracted,
736 first field = 1, whole string = 0, last field = -1
737 separators characters that are used to break string into tokens
738 s points to the string from which to extract the subfield
739
740 Returns: NULL if the field was not found,
741 a pointer to the field's data inside s (modified to add 0)
742 */
743
744 static uschar *
745 expand_gettokened (int field, uschar *separators, uschar *s)
746 {
747 int sep = 1;
748 int count;
749 uschar *ss = s;
750 uschar *fieldtext = NULL;
751
752 if (field == 0) return s;
753
754 /* Break the line up into fields in place; for field > 0 we stop when we have
755 done the number of fields we want. For field < 0 we continue till the end of
756 the string, counting the number of fields. */
757
758 count = (field > 0)? field : INT_MAX;
759
760 while (count-- > 0)
761 {
762 size_t len;
763
764 /* Previous field was the last one in the string. For a positive field
765 number, this means there are not enough fields. For a negative field number,
766 check that there are enough, and scan back to find the one that is wanted. */
767
768 if (sep == 0)
769 {
770 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
771 if ((-field) == (INT_MAX - count - 1)) return s;
772 while (field++ < 0)
773 {
774 ss--;
775 while (ss[-1] != 0) ss--;
776 }
777 fieldtext = ss;
778 break;
779 }
780
781 /* Previous field was not last in the string; save its start and put a
782 zero at its end. */
783
784 fieldtext = ss;
785 len = Ustrcspn(ss, separators);
786 sep = ss[len];
787 ss[len] = 0;
788 ss += len + 1;
789 }
790
791 return fieldtext;
792 }
793
794
795
796 /*************************************************
797 * Extract a substring from a string *
798 *************************************************/
799
800 /* Perform the ${substr or ${length expansion operations.
801
802 Arguments:
803 subject the input string
804 value1 the offset from the start of the input string to the start of
805 the output string; if negative, count from the right.
806 value2 the length of the output string, or negative (-1) for unset
807 if value1 is positive, unset means "all after"
808 if value1 is negative, unset means "all before"
809 len set to the length of the returned string
810
811 Returns: pointer to the output string, or NULL if there is an error
812 */
813
814 static uschar *
815 extract_substr(uschar *subject, int value1, int value2, int *len)
816 {
817 int sublen = Ustrlen(subject);
818
819 if (value1 < 0) /* count from right */
820 {
821 value1 += sublen;
822
823 /* If the position is before the start, skip to the start, and adjust the
824 length. If the length ends up negative, the substring is null because nothing
825 can precede. This falls out naturally when the length is unset, meaning "all
826 to the left". */
827
828 if (value1 < 0)
829 {
830 value2 += value1;
831 if (value2 < 0) value2 = 0;
832 value1 = 0;
833 }
834
835 /* Otherwise an unset length => characters before value1 */
836
837 else if (value2 < 0)
838 {
839 value2 = value1;
840 value1 = 0;
841 }
842 }
843
844 /* For a non-negative offset, if the starting position is past the end of the
845 string, the result will be the null string. Otherwise, an unset length means
846 "rest"; just set it to the maximum - it will be cut down below if necessary. */
847
848 else
849 {
850 if (value1 > sublen)
851 {
852 value1 = sublen;
853 value2 = 0;
854 }
855 else if (value2 < 0) value2 = sublen;
856 }
857
858 /* Cut the length down to the maximum possible for the offset value, and get
859 the required characters. */
860
861 if (value1 + value2 > sublen) value2 = sublen - value1;
862 *len = value2;
863 return subject + value1;
864 }
865
866
867
868
869 /*************************************************
870 * Old-style hash of a string *
871 *************************************************/
872
873 /* Perform the ${hash expansion operation.
874
875 Arguments:
876 subject the input string (an expanded substring)
877 value1 the length of the output string; if greater or equal to the
878 length of the input string, the input string is returned
879 value2 the number of hash characters to use, or 26 if negative
880 len set to the length of the returned string
881
882 Returns: pointer to the output string, or NULL if there is an error
883 */
884
885 static uschar *
886 compute_hash(uschar *subject, int value1, int value2, int *len)
887 {
888 int sublen = Ustrlen(subject);
889
890 if (value2 < 0) value2 = 26;
891 else if (value2 > Ustrlen(hashcodes))
892 {
893 expand_string_message =
894 string_sprintf("hash count \"%d\" too big", value2);
895 return NULL;
896 }
897
898 /* Calculate the hash text. We know it is shorter than the original string, so
899 can safely place it in subject[] (we know that subject is always itself an
900 expanded substring). */
901
902 if (value1 < sublen)
903 {
904 int c;
905 int i = 0;
906 int j = value1;
907 while ((c = (subject[j])) != 0)
908 {
909 int shift = (c + j++) & 7;
910 subject[i] ^= (c << shift) | (c >> (8-shift));
911 if (++i >= value1) i = 0;
912 }
913 for (i = 0; i < value1; i++)
914 subject[i] = hashcodes[(subject[i]) % value2];
915 }
916 else value1 = sublen;
917
918 *len = value1;
919 return subject;
920 }
921
922
923
924
925 /*************************************************
926 * Numeric hash of a string *
927 *************************************************/
928
929 /* Perform the ${nhash expansion operation. The first characters of the
930 string are treated as most important, and get the highest prime numbers.
931
932 Arguments:
933 subject the input string
934 value1 the maximum value of the first part of the result
935 value2 the maximum value of the second part of the result,
936 or negative to produce only a one-part result
937 len set to the length of the returned string
938
939 Returns: pointer to the output string, or NULL if there is an error.
940 */
941
942 static uschar *
943 compute_nhash (uschar *subject, int value1, int value2, int *len)
944 {
945 uschar *s = subject;
946 int i = 0;
947 unsigned long int total = 0; /* no overflow */
948
949 while (*s != 0)
950 {
951 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
952 total += prime[i--] * (unsigned int)(*s++);
953 }
954
955 /* If value2 is unset, just compute one number */
956
957 if (value2 < 0)
958 {
959 s = string_sprintf("%d", total % value1);
960 }
961
962 /* Otherwise do a div/mod hash */
963
964 else
965 {
966 total = total % (value1 * value2);
967 s = string_sprintf("%d/%d", total/value2, total % value2);
968 }
969
970 *len = Ustrlen(s);
971 return s;
972 }
973
974
975
976
977
978 /*************************************************
979 * Find the value of a header or headers *
980 *************************************************/
981
982 /* Multiple instances of the same header get concatenated, and this function
983 can also return a concatenation of all the header lines. When concatenating
984 specific headers that contain lists of addresses, a comma is inserted between
985 them. Otherwise we use a straight concatenation. Because some messages can have
986 pathologically large number of lines, there is a limit on the length that is
987 returned. Also, to avoid massive store use which would result from using
988 string_cat() as it copies and extends strings, we do a preliminary pass to find
989 out exactly how much store will be needed. On "normal" messages this will be
990 pretty trivial.
991
992 Arguments:
993 name the name of the header, without the leading $header_ or $h_,
994 or NULL if a concatenation of all headers is required
995 exists_only TRUE if called from a def: test; don't need to build a string;
996 just return a string that is not "" and not "0" if the header
997 exists
998 newsize return the size of memory block that was obtained; may be NULL
999 if exists_only is TRUE
1000 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1001 other than concatenating, will be done on the header
1002 charset name of charset to translate MIME words to; used only if
1003 want_raw is false; if NULL, no translation is done (this is
1004 used for $bh_ and $bheader_)
1005
1006 Returns: NULL if the header does not exist, else a pointer to a new
1007 store block
1008 */
1009
1010 static uschar *
1011 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1012 uschar *charset)
1013 {
1014 BOOL found = name == NULL;
1015 int comma = 0;
1016 int len = found? 0 : Ustrlen(name);
1017 int i;
1018 uschar *yield = NULL;
1019 uschar *ptr = NULL;
1020
1021 /* Loop for two passes - saves code repetition */
1022
1023 for (i = 0; i < 2; i++)
1024 {
1025 int size = 0;
1026 header_line *h;
1027
1028 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1029 {
1030 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1031 {
1032 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1033 {
1034 int ilen;
1035 uschar *t;
1036
1037 if (exists_only) return US"1"; /* don't need actual string */
1038 found = TRUE;
1039 t = h->text + len; /* text to insert */
1040 if (!want_raw) /* unless wanted raw, */
1041 while (isspace(*t)) t++; /* remove leading white space */
1042 ilen = h->slen - (t - h->text); /* length to insert */
1043
1044 /* Set comma = 1 if handling a single header and it's one of those
1045 that contains an address list, except when asked for raw headers. Only
1046 need to do this once. */
1047
1048 if (!want_raw && name != NULL && comma == 0 &&
1049 Ustrchr("BCFRST", h->type) != NULL)
1050 comma = 1;
1051
1052 /* First pass - compute total store needed; second pass - compute
1053 total store used, including this header. */
1054
1055 size += ilen + comma;
1056
1057 /* Second pass - concatentate the data, up to a maximum. Note that
1058 the loop stops when size hits the limit. */
1059
1060 if (i != 0)
1061 {
1062 if (size > header_insert_maxlen)
1063 {
1064 ilen -= size - header_insert_maxlen;
1065 comma = 0;
1066 }
1067 Ustrncpy(ptr, t, ilen);
1068 ptr += ilen;
1069 if (comma != 0 && ilen > 0)
1070 {
1071 ptr[-1] = ',';
1072 *ptr++ = '\n';
1073 }
1074 }
1075 }
1076 }
1077 }
1078
1079 /* At end of first pass, truncate size if necessary, and get the buffer
1080 to hold the data, returning the buffer size. */
1081
1082 if (i == 0)
1083 {
1084 if (!found) return NULL;
1085 if (size > header_insert_maxlen) size = header_insert_maxlen;
1086 *newsize = size + 1;
1087 ptr = yield = store_get(*newsize);
1088 }
1089 }
1090
1091 /* Remove a redundant added comma if present */
1092
1093 if (comma != 0 && ptr > yield) ptr -= 2;
1094
1095 /* That's all we do for raw header expansion. */
1096
1097 if (want_raw)
1098 {
1099 *ptr = 0;
1100 }
1101
1102 /* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
1103 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1104 function can return an error with decoded data if the charset translation
1105 fails. If decoding fails, it returns NULL. */
1106
1107 else
1108 {
1109 uschar *decoded, *error;
1110 while (ptr > yield && isspace(ptr[-1])) ptr--;
1111 *ptr = 0;
1112 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1113 if (error != NULL)
1114 {
1115 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1116 " input was: %s\n", error, yield);
1117 }
1118 if (decoded != NULL) yield = decoded;
1119 }
1120
1121 return yield;
1122 }
1123
1124
1125
1126
1127 /*************************************************
1128 * Find value of a variable *
1129 *************************************************/
1130
1131 /* The table of variables is kept in alphabetic order, so we can search it
1132 using a binary chop. The "choplen" variable is nothing to do with the binary
1133 chop.
1134
1135 Arguments:
1136 name the name of the variable being sought
1137 exists_only TRUE if this is a def: test; passed on to find_header()
1138 skipping TRUE => skip any processing evaluation; this is not the same as
1139 exists_only because def: may test for values that are first
1140 evaluated here
1141 newsize pointer to an int which is initially zero; if the answer is in
1142 a new memory buffer, *newsize is set to its size
1143
1144 Returns: NULL if the variable does not exist, or
1145 a pointer to the variable's contents, or
1146 something non-NULL if exists_only is TRUE
1147 */
1148
1149 static uschar *
1150 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1151 {
1152 int first = 0;
1153 int last = var_table_size;
1154
1155 while (last > first)
1156 {
1157 uschar *s, *domain;
1158 uschar **ss;
1159 int middle = (first + last)/2;
1160 int c = Ustrcmp(name, var_table[middle].name);
1161
1162 if (c > 0) { first = middle + 1; continue; }
1163 if (c < 0) { last = middle; continue; }
1164
1165 /* Found an existing variable. If in skipping state, the value isn't needed,
1166 and we want to avoid processing (such as looking up up the host name). */
1167
1168 if (skipping) return US"";
1169
1170 switch (var_table[middle].type)
1171 {
1172 case vtype_filter_int:
1173 if (!filter_running) return NULL;
1174 /* Fall through */
1175
1176 case vtype_int:
1177 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1178 return var_buffer;
1179
1180 case vtype_ino:
1181 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1182 return var_buffer;
1183
1184 case vtype_gid:
1185 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1186 return var_buffer;
1187
1188 case vtype_uid:
1189 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1190 return var_buffer;
1191
1192 case vtype_stringptr: /* Pointer to string */
1193 s = *((uschar **)(var_table[middle].value));
1194 return (s == NULL)? US"" : s;
1195
1196 case vtype_pid:
1197 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1198 return var_buffer;
1199
1200 case vtype_load_avg:
1201 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1202 return var_buffer;
1203
1204 case vtype_host_lookup: /* Lookup if not done so */
1205 if (sender_host_name == NULL && sender_host_address != NULL &&
1206 !host_lookup_failed && host_name_lookup() == OK)
1207 host_build_sender_fullhost();
1208 return (sender_host_name == NULL)? US"" : sender_host_name;
1209
1210 case vtype_localpart: /* Get local part from address */
1211 s = *((uschar **)(var_table[middle].value));
1212 if (s == NULL) return US"";
1213 domain = Ustrrchr(s, '@');
1214 if (domain == NULL) return s;
1215 if (domain - s > sizeof(var_buffer) - 1)
1216 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1217 "string expansion", sizeof(var_buffer));
1218 Ustrncpy(var_buffer, s, domain - s);
1219 var_buffer[domain - s] = 0;
1220 return var_buffer;
1221
1222 case vtype_domain: /* Get domain from address */
1223 s = *((uschar **)(var_table[middle].value));
1224 if (s == NULL) return US"";
1225 domain = Ustrrchr(s, '@');
1226 return (domain == NULL)? US"" : domain + 1;
1227
1228 case vtype_msgheaders:
1229 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1230
1231 case vtype_msgbody: /* Pointer to msgbody string */
1232 case vtype_msgbody_end: /* Ditto, the end of the msg */
1233 ss = (uschar **)(var_table[middle].value);
1234 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1235 {
1236 uschar *body;
1237 int start_offset = SPOOL_DATA_START_OFFSET;
1238 int len = message_body_visible;
1239 if (len > message_size) len = message_size;
1240 *ss = body = store_malloc(len+1);
1241 body[0] = 0;
1242 if (var_table[middle].type == vtype_msgbody_end)
1243 {
1244 struct stat statbuf;
1245 if (fstat(deliver_datafile, &statbuf) == 0)
1246 {
1247 start_offset = statbuf.st_size - len;
1248 if (start_offset < SPOOL_DATA_START_OFFSET)
1249 start_offset = SPOOL_DATA_START_OFFSET;
1250 }
1251 }
1252 lseek(deliver_datafile, start_offset, SEEK_SET);
1253 len = read(deliver_datafile, body, len);
1254 if (len > 0)
1255 {
1256 body[len] = 0;
1257 while (len > 0)
1258 {
1259 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1260 }
1261 }
1262 }
1263 return (*ss == NULL)? US"" : *ss;
1264
1265 case vtype_todbsdin: /* BSD inbox time of day */
1266 return tod_stamp(tod_bsdin);
1267
1268 case vtype_tode: /* Unix epoch time of day */
1269 return tod_stamp(tod_epoch);
1270
1271 case vtype_todf: /* Full time of day */
1272 return tod_stamp(tod_full);
1273
1274 case vtype_todl: /* Log format time of day */
1275 return tod_stamp(tod_log_bare); /* (without timezone) */
1276
1277 case vtype_todzone: /* Time zone offset only */
1278 return tod_stamp(tod_zone);
1279
1280 case vtype_todzulu: /* Zulu time */
1281 return tod_stamp(tod_zulu);
1282
1283 case vtype_todlf: /* Log file datestamp tod */
1284 return tod_stamp(tod_log_datestamp);
1285
1286 case vtype_reply: /* Get reply address */
1287 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1288 headers_charset);
1289 if (s == NULL || *s == 0)
1290 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1291 return (s == NULL)? US"" : s;
1292
1293 /* A recipients list is available only during system message filtering,
1294 during ACL processing after DATA, and while expanding pipe commands
1295 generated from a system filter, but not elsewhere. */
1296
1297 case vtype_recipients:
1298 if (!enable_dollar_recipients) return NULL; else
1299 {
1300 int size = 128;
1301 int ptr = 0;
1302 int i;
1303 s = store_get(size);
1304 for (i = 0; i < recipients_count; i++)
1305 {
1306 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1307 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1308 Ustrlen(recipients_list[i].address));
1309 }
1310 s[ptr] = 0; /* string_cat() leaves room */
1311 }
1312 return s;
1313 }
1314 }
1315
1316 return NULL; /* Unknown variable name */
1317 }
1318
1319
1320
1321
1322 /*************************************************
1323 * Read and expand substrings *
1324 *************************************************/
1325
1326 /* This function is called to read and expand argument substrings for various
1327 expansion items. Some have a minimum requirement that is less than the maximum;
1328 in these cases, the first non-present one is set to NULL.
1329
1330 Arguments:
1331 sub points to vector of pointers to set
1332 n maximum number of substrings
1333 m minimum required
1334 sptr points to current string pointer
1335 skipping the skipping flag
1336 check_end if TRUE, check for final '}'
1337 name name of item, for error message
1338
1339 Returns: 0 OK; string pointer updated
1340 1 curly bracketing error (too few arguments)
1341 2 too many arguments (only if check_end is set); message set
1342 3 other error (expansion failure)
1343 */
1344
1345 static int
1346 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1347 BOOL check_end, uschar *name)
1348 {
1349 int i;
1350 uschar *s = *sptr;
1351
1352 while (isspace(*s)) s++;
1353 for (i = 0; i < n; i++)
1354 {
1355 if (*s != '{')
1356 {
1357 if (i < m) return 1;
1358 sub[i] = NULL;
1359 break;
1360 }
1361 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1362 if (sub[i] == NULL) return 3;
1363 if (*s++ != '}') return 1;
1364 while (isspace(*s)) s++;
1365 }
1366 if (check_end && *s++ != '}')
1367 {
1368 if (s[-1] == '{')
1369 {
1370 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1371 "(max is %d)", name, n);
1372 return 2;
1373 }
1374 return 1;
1375 }
1376
1377 *sptr = s;
1378 return 0;
1379 }
1380
1381
1382
1383
1384 /*************************************************
1385 * Read and evaluate a condition *
1386 *************************************************/
1387
1388 /*
1389 Arguments:
1390 s points to the start of the condition text
1391 yield points to a BOOL to hold the result of the condition test;
1392 if NULL, we are just reading through a condition that is
1393 part of an "or" combination to check syntax, or in a state
1394 where the answer isn't required
1395
1396 Returns: a pointer to the first character after the condition, or
1397 NULL after an error
1398 */
1399
1400 static uschar *
1401 eval_condition(uschar *s, BOOL *yield)
1402 {
1403 BOOL testfor = TRUE;
1404 BOOL tempcond, combined_cond;
1405 BOOL *subcondptr;
1406 int i, rc, cond_type, roffset;
1407 int num[2];
1408 struct stat statbuf;
1409 uschar name[256];
1410 uschar *sub[4];
1411
1412 const pcre *re;
1413 const uschar *rerror;
1414
1415 for (;;)
1416 {
1417 while (isspace(*s)) s++;
1418 if (*s == '!') { testfor = !testfor; s++; } else break;
1419 }
1420
1421 /* Numeric comparisons are symbolic */
1422
1423 if (*s == '=' || *s == '>' || *s == '<')
1424 {
1425 int p = 0;
1426 name[p++] = *s++;
1427 if (*s == '=')
1428 {
1429 name[p++] = '=';
1430 s++;
1431 }
1432 name[p] = 0;
1433 }
1434
1435 /* All other conditions are named */
1436
1437 else s = read_name(name, 256, s, US"_");
1438
1439 /* If we haven't read a name, it means some non-alpha character is first. */
1440
1441 if (name[0] == 0)
1442 {
1443 expand_string_message = string_sprintf("condition name expected, "
1444 "but found \"%.16s\"", s);
1445 return NULL;
1446 }
1447
1448 /* Find which condition we are dealing with, and switch on it */
1449
1450 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1451 switch(cond_type)
1452 {
1453 /* def: tests for a non-zero or non-NULL variable, or for an existing
1454 header */
1455
1456 case ECOND_DEF:
1457 if (*s != ':')
1458 {
1459 expand_string_message = US"\":\" expected after \"def\"";
1460 return NULL;
1461 }
1462
1463 s = read_name(name, 256, s+1, US"_");
1464
1465 /* Test for a header's existence */
1466
1467 if (Ustrncmp(name, "h_", 2) == 0 ||
1468 Ustrncmp(name, "rh_", 3) == 0 ||
1469 Ustrncmp(name, "bh_", 3) == 0 ||
1470 Ustrncmp(name, "header_", 7) == 0 ||
1471 Ustrncmp(name, "rheader_", 8) == 0 ||
1472 Ustrncmp(name, "bheader_", 8) == 0)
1473 {
1474 s = read_header_name(name, 256, s);
1475 if (yield != NULL) *yield =
1476 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1477 }
1478
1479 /* Test for a variable's having a non-empty value. If yield == NULL we
1480 are in a skipping state, and don't care about the answer. */
1481
1482 else
1483 {
1484 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1485 if (value == NULL)
1486 {
1487 expand_string_message = (name[0] == 0)?
1488 string_sprintf("variable name omitted after \"def:\"") :
1489 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1490 return NULL;
1491 }
1492 if (yield != NULL)
1493 *yield = (value[0] != 0 && Ustrcmp(value, "0") != 0) == testfor;
1494 }
1495
1496 return s;
1497
1498
1499 /* first_delivery tests for first delivery attempt */
1500
1501 case ECOND_FIRST_DELIVERY:
1502 if (yield != NULL) *yield = deliver_firsttime == testfor;
1503 return s;
1504
1505
1506 /* queue_running tests for any process started by a queue runner */
1507
1508 case ECOND_QUEUE_RUNNING:
1509 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1510 return s;
1511
1512
1513 /* exists: tests for file existence
1514 isip: tests for any IP address
1515 isip4: tests for an IPv4 address
1516 isip6: tests for an IPv6 address
1517 pam: does PAM authentication
1518 radius: does RADIUS authentication
1519 ldapauth: does LDAP authentication
1520 pwcheck: does Cyrus SASL pwcheck authentication
1521 */
1522
1523 case ECOND_EXISTS:
1524 case ECOND_ISIP:
1525 case ECOND_ISIP4:
1526 case ECOND_ISIP6:
1527 case ECOND_PAM:
1528 case ECOND_RADIUS:
1529 case ECOND_LDAPAUTH:
1530 case ECOND_PWCHECK:
1531
1532 while (isspace(*s)) s++;
1533 if (*s != '{') goto COND_FAILED_CURLY_START;
1534
1535 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1536 if (sub[0] == NULL) return NULL;
1537 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1538
1539 if (yield == NULL) return s; /* No need to run the test if skipping */
1540
1541 switch(cond_type)
1542 {
1543 case ECOND_EXISTS:
1544 if ((expand_forbid & RDO_EXISTS) != 0)
1545 {
1546 expand_string_message = US"File existence tests are not permitted";
1547 return NULL;
1548 }
1549 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1550 break;
1551
1552 case ECOND_ISIP:
1553 case ECOND_ISIP4:
1554 case ECOND_ISIP6:
1555 rc = string_is_ip_address(sub[0], NULL);
1556 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1557 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1558 break;
1559
1560 /* Various authentication tests - all optionally compiled */
1561
1562 case ECOND_PAM:
1563 #ifdef SUPPORT_PAM
1564 rc = auth_call_pam(sub[0], &expand_string_message);
1565 goto END_AUTH;
1566 #else
1567 goto COND_FAILED_NOT_COMPILED;
1568 #endif /* SUPPORT_PAM */
1569
1570 case ECOND_RADIUS:
1571 #ifdef RADIUS_CONFIG_FILE
1572 rc = auth_call_radius(sub[0], &expand_string_message);
1573 goto END_AUTH;
1574 #else
1575 goto COND_FAILED_NOT_COMPILED;
1576 #endif /* RADIUS_CONFIG_FILE */
1577
1578 case ECOND_LDAPAUTH:
1579 #ifdef LOOKUP_LDAP
1580 {
1581 /* Just to keep the interface the same */
1582 BOOL do_cache;
1583 int old_pool = store_pool;
1584 store_pool = POOL_SEARCH;
1585 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1586 &expand_string_message, &do_cache);
1587 store_pool = old_pool;
1588 }
1589 goto END_AUTH;
1590 #else
1591 goto COND_FAILED_NOT_COMPILED;
1592 #endif /* LOOKUP_LDAP */
1593
1594 case ECOND_PWCHECK:
1595 #ifdef CYRUS_PWCHECK_SOCKET
1596 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1597 goto END_AUTH;
1598 #else
1599 goto COND_FAILED_NOT_COMPILED;
1600 #endif /* CYRUS_PWCHECK_SOCKET */
1601
1602 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1603 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1604 END_AUTH:
1605 if (rc == ERROR || rc == DEFER) return NULL;
1606 *yield = (rc == OK) == testfor;
1607 #endif
1608 }
1609 return s;
1610
1611
1612 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1613
1614 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1615
1616 However, the last two are optional. That is why the whole set is enclosed
1617 in their own set or braces. */
1618
1619 case ECOND_SASLAUTHD:
1620 #ifndef CYRUS_SASLAUTHD_SOCKET
1621 goto COND_FAILED_NOT_COMPILED;
1622 #else
1623 while (isspace(*s)) s++;
1624 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1625 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1626 {
1627 case 1: expand_string_message = US"too few arguments or bracketing "
1628 "error for saslauthd";
1629 case 2:
1630 case 3: return NULL;
1631 }
1632 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1633 if (yield != NULL)
1634 {
1635 int rc;
1636 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1637 &expand_string_message);
1638 if (rc == ERROR || rc == DEFER) return NULL;
1639 *yield = (rc == OK) == testfor;
1640 }
1641 return s;
1642 #endif /* CYRUS_SASLAUTHD_SOCKET */
1643
1644
1645 /* symbolic operators for numeric and string comparison, and a number of
1646 other operators, all requiring two arguments.
1647
1648 match: does a regular expression match and sets up the numerical
1649 variables if it succeeds
1650 match_address: matches in an address list
1651 match_domain: matches in a domain list
1652 match_local_part: matches in a local part list
1653 crypteq: encrypts plaintext and compares against an encrypted text,
1654 using crypt(), crypt16(), MD5 or SHA-1
1655 */
1656
1657 case ECOND_MATCH:
1658 case ECOND_MATCH_ADDRESS:
1659 case ECOND_MATCH_DOMAIN:
1660 case ECOND_MATCH_LOCAL_PART:
1661 case ECOND_CRYPTEQ:
1662
1663 case ECOND_NUM_L: /* Numerical comparisons */
1664 case ECOND_NUM_LE:
1665 case ECOND_NUM_E:
1666 case ECOND_NUM_EE:
1667 case ECOND_NUM_G:
1668 case ECOND_NUM_GE:
1669
1670 case ECOND_STR_LT: /* String comparisons */
1671 case ECOND_STR_LTI:
1672 case ECOND_STR_LE:
1673 case ECOND_STR_LEI:
1674 case ECOND_STR_EQ:
1675 case ECOND_STR_EQI:
1676 case ECOND_STR_GT:
1677 case ECOND_STR_GTI:
1678 case ECOND_STR_GE:
1679 case ECOND_STR_GEI:
1680
1681 for (i = 0; i < 2; i++)
1682 {
1683 while (isspace(*s)) s++;
1684 if (*s != '{')
1685 {
1686 if (i == 0) goto COND_FAILED_CURLY_START;
1687 expand_string_message = string_sprintf("missing 2nd string in {} "
1688 "after \"%s\"", name);
1689 return NULL;
1690 }
1691 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1692 if (sub[i] == NULL) return NULL;
1693 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1694
1695 /* Convert to numerical if required; we know that the names of all the
1696 conditions that compare numbers do not start with a letter. This just saves
1697 checking for them individually. */
1698
1699 if (!isalpha(name[0]))
1700 {
1701 uschar *endptr;
1702 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1703 if (tolower(*endptr) == 'k')
1704 {
1705 num[i] *= 1024;
1706 endptr++;
1707 }
1708 else if (tolower(*endptr) == 'm')
1709 {
1710 num[i] *= 1024*1024;
1711 endptr++;
1712 }
1713 while (isspace(*endptr)) endptr++;
1714 if (*endptr != 0)
1715 {
1716 expand_string_message = string_sprintf("\"%s\" is not a number",
1717 sub[i]);
1718 return NULL;
1719 }
1720 }
1721 }
1722
1723 /* Result not required */
1724
1725 if (yield == NULL) return s;
1726
1727 /* Do an appropriate comparison */
1728
1729 switch(cond_type)
1730 {
1731 case ECOND_NUM_E:
1732 case ECOND_NUM_EE:
1733 *yield = (num[0] == num[1]) == testfor;
1734 break;
1735
1736 case ECOND_NUM_G:
1737 *yield = (num[0] > num[1]) == testfor;
1738 break;
1739
1740 case ECOND_NUM_GE:
1741 *yield = (num[0] >= num[1]) == testfor;
1742 break;
1743
1744 case ECOND_NUM_L:
1745 *yield = (num[0] < num[1]) == testfor;
1746 break;
1747
1748 case ECOND_NUM_LE:
1749 *yield = (num[0] <= num[1]) == testfor;
1750 break;
1751
1752 case ECOND_STR_LT:
1753 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1754 break;
1755
1756 case ECOND_STR_LTI:
1757 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1758 break;
1759
1760 case ECOND_STR_LE:
1761 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1762 break;
1763
1764 case ECOND_STR_LEI:
1765 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1766 break;
1767
1768 case ECOND_STR_EQ:
1769 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1770 break;
1771
1772 case ECOND_STR_EQI:
1773 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1774 break;
1775
1776 case ECOND_STR_GT:
1777 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1778 break;
1779
1780 case ECOND_STR_GTI:
1781 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1782 break;
1783
1784 case ECOND_STR_GE:
1785 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1786 break;
1787
1788 case ECOND_STR_GEI:
1789 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1790 break;
1791
1792 case ECOND_MATCH: /* Regular expression match */
1793 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1794 NULL);
1795 if (re == NULL)
1796 {
1797 expand_string_message = string_sprintf("regular expression error in "
1798 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1799 return NULL;
1800 }
1801 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1802 break;
1803
1804 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1805 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1806 goto MATCHED_SOMETHING;
1807
1808 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1809 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1810 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1811 goto MATCHED_SOMETHING;
1812
1813 case ECOND_MATCH_LOCAL_PART:
1814 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1815 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1816 /* Fall through */
1817
1818 MATCHED_SOMETHING:
1819 switch(rc)
1820 {
1821 case OK:
1822 *yield = testfor;
1823 break;
1824
1825 case FAIL:
1826 *yield = !testfor;
1827 break;
1828
1829 case DEFER:
1830 expand_string_message = string_sprintf("unable to complete match "
1831 "against \"%s\": %s", sub[1], search_error_message);
1832 return NULL;
1833 }
1834
1835 break;
1836
1837 /* Various "encrypted" comparisons. If the second string starts with
1838 "{" then an encryption type is given. Default to crypt() or crypt16()
1839 (build-time choice). */
1840
1841 case ECOND_CRYPTEQ:
1842 #ifndef SUPPORT_CRYPTEQ
1843 goto COND_FAILED_NOT_COMPILED;
1844 #else
1845 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1846 {
1847 int sublen = Ustrlen(sub[1]+5);
1848 md5 base;
1849 uschar digest[16];
1850
1851 md5_start(&base);
1852 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1853
1854 /* If the length that we are comparing against is 24, the MD5 digest
1855 is expressed as a base64 string. This is the way LDAP does it. However,
1856 some other software uses a straightforward hex representation. We assume
1857 this if the length is 32. Other lengths fail. */
1858
1859 if (sublen == 24)
1860 {
1861 uschar *coded = auth_b64encode((uschar *)digest, 16);
1862 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
1863 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1864 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
1865 }
1866 else if (sublen == 32)
1867 {
1868 int i;
1869 uschar coded[36];
1870 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1871 coded[32] = 0;
1872 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
1873 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1874 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
1875 }
1876 else
1877 {
1878 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
1879 "fail\n crypted=%s\n", sub[1]+5);
1880 *yield = !testfor;
1881 }
1882 }
1883
1884 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
1885 {
1886 int sublen = Ustrlen(sub[1]+6);
1887 sha1 base;
1888 uschar digest[20];
1889
1890 sha1_start(&base);
1891 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1892
1893 /* If the length that we are comparing against is 28, assume the SHA1
1894 digest is expressed as a base64 string. If the length is 40, assume a
1895 straightforward hex representation. Other lengths fail. */
1896
1897 if (sublen == 28)
1898 {
1899 uschar *coded = auth_b64encode((uschar *)digest, 20);
1900 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
1901 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1902 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
1903 }
1904 else if (sublen == 40)
1905 {
1906 int i;
1907 uschar coded[44];
1908 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1909 coded[40] = 0;
1910 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
1911 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1912 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
1913 }
1914 else
1915 {
1916 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
1917 "fail\n crypted=%s\n", sub[1]+6);
1918 *yield = !testfor;
1919 }
1920 }
1921
1922 else /* {crypt} or {crypt16} and non-{ at start */
1923 {
1924 int which = 0;
1925 uschar *coded;
1926
1927 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
1928 {
1929 sub[1] += 7;
1930 which = 1;
1931 }
1932 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
1933 {
1934 sub[1] += 9;
1935 which = 2;
1936 }
1937 else if (sub[1][0] == '{')
1938 {
1939 expand_string_message = string_sprintf("unknown encryption mechanism "
1940 "in \"%s\"", sub[1]);
1941 return NULL;
1942 }
1943
1944 switch(which)
1945 {
1946 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
1947 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
1948 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
1949 }
1950
1951 #define STR(s) # s
1952 #define XSTR(s) STR(s)
1953 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
1954 " subject=%s\n crypted=%s\n",
1955 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
1956 coded, sub[1]);
1957 #undef STR
1958 #undef XSTR
1959
1960 /* If the encrypted string contains fewer than two characters (for the
1961 salt), force failure. Otherwise we get false positives: with an empty
1962 string the yield of crypt() is an empty string! */
1963
1964 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
1965 (Ustrcmp(coded, sub[1]) == 0) == testfor;
1966 }
1967 break;
1968 #endif /* SUPPORT_CRYPTEQ */
1969 } /* Switch for comparison conditions */
1970
1971 return s; /* End of comparison conditions */
1972
1973
1974 /* and/or: computes logical and/or of several conditions */
1975
1976 case ECOND_AND:
1977 case ECOND_OR:
1978 subcondptr = (yield == NULL)? NULL : &tempcond;
1979 combined_cond = (cond_type == ECOND_AND);
1980
1981 while (isspace(*s)) s++;
1982 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1983
1984 for (;;)
1985 {
1986 while (isspace(*s)) s++;
1987 if (*s == '}') break;
1988 if (*s != '{')
1989 {
1990 expand_string_message = string_sprintf("each subcondition "
1991 "inside an \"%s{...}\" condition must be in its own {}", name);
1992 return NULL;
1993 }
1994
1995 s = eval_condition(s+1, subcondptr);
1996 if (s == NULL)
1997 {
1998 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
1999 expand_string_message, name);
2000 return NULL;
2001 }
2002 while (isspace(*s)) s++;
2003
2004 if (*s++ != '}')
2005 {
2006 expand_string_message = string_sprintf("missing } at end of condition "
2007 "inside \"%s\" group", name);
2008 return NULL;
2009 }
2010
2011 if (yield != NULL)
2012 {
2013 if (cond_type == ECOND_AND)
2014 {
2015 combined_cond &= tempcond;
2016 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2017 } /* evaluate any more */
2018 else
2019 {
2020 combined_cond |= tempcond;
2021 if (combined_cond) subcondptr = NULL; /* once true, don't */
2022 } /* evaluate any more */
2023 }
2024 }
2025
2026 if (yield != NULL) *yield = (combined_cond == testfor);
2027 return ++s;
2028
2029
2030 /* Unknown condition */
2031
2032 default:
2033 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2034 return NULL;
2035 } /* End switch on condition type */
2036
2037 /* Missing braces at start and end of data */
2038
2039 COND_FAILED_CURLY_START:
2040 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2041 return NULL;
2042
2043 COND_FAILED_CURLY_END:
2044 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2045 name);
2046 return NULL;
2047
2048 /* A condition requires code that is not compiled */
2049
2050 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2051 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2052 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2053 COND_FAILED_NOT_COMPILED:
2054 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2055 name);
2056 return NULL;
2057 #endif
2058 }
2059
2060
2061
2062
2063 /*************************************************
2064 * Save numerical variables *
2065 *************************************************/
2066
2067 /* This function is called from items such as "if" that want to preserve and
2068 restore the numbered variables.
2069
2070 Arguments:
2071 save_expand_string points to an array of pointers to set
2072 save_expand_nlength points to an array of ints for the lengths
2073
2074 Returns: the value of expand max to save
2075 */
2076
2077 static int
2078 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2079 {
2080 int i;
2081 for (i = 0; i <= expand_nmax; i++)
2082 {
2083 save_expand_nstring[i] = expand_nstring[i];
2084 save_expand_nlength[i] = expand_nlength[i];
2085 }
2086 return expand_nmax;
2087 }
2088
2089
2090
2091 /*************************************************
2092 * Restore numerical variables *
2093 *************************************************/
2094
2095 /* This function restored saved values of numerical strings.
2096
2097 Arguments:
2098 save_expand_nmax the number of strings to restore
2099 save_expand_string points to an array of pointers
2100 save_expand_nlength points to an array of ints
2101
2102 Returns: nothing
2103 */
2104
2105 static void
2106 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2107 int *save_expand_nlength)
2108 {
2109 int i;
2110 expand_nmax = save_expand_nmax;
2111 for (i = 0; i <= expand_nmax; i++)
2112 {
2113 expand_nstring[i] = save_expand_nstring[i];
2114 expand_nlength[i] = save_expand_nlength[i];
2115 }
2116 }
2117
2118
2119
2120
2121
2122 /*************************************************
2123 * Handle yes/no substrings *
2124 *************************************************/
2125
2126 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2127 alternative substrings that depend on whether or not the condition was true,
2128 or the lookup or extraction succeeded. The substrings always have to be
2129 expanded, to check their syntax, but "skipping" is set when the result is not
2130 needed - this avoids unnecessary nested lookups.
2131
2132 Arguments:
2133 skipping TRUE if we were skipping when this item was reached
2134 yes TRUE if the first string is to be used, else use the second
2135 save_lookup a value to put back into lookup_value before the 2nd expansion
2136 sptr points to the input string pointer
2137 yieldptr points to the output string pointer
2138 sizeptr points to the output string size
2139 ptrptr points to the output string pointer
2140 type "lookup" or "if" or "extract" or "run", for error message
2141
2142 Returns: 0 OK; lookup_value has been reset to save_lookup
2143 1 expansion failed
2144 2 expansion failed because of bracketing error
2145 */
2146
2147 static int
2148 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2149 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2150 {
2151 int rc = 0;
2152 uschar *s = *sptr; /* Local value */
2153 uschar *sub1, *sub2;
2154
2155 /* If there are no following strings, we substitute the contents of $value for
2156 lookups and for extractions in the success case. In the fail case, nothing is
2157 substituted. In the case of "if", lack of following strings is an error. */
2158
2159 while (isspace(*s)) s++;
2160 if (*s == '}')
2161 {
2162 if (type[0] == 'i') goto FAILED_CURLY;
2163 if (yes && lookup_value != NULL)
2164 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2165 Ustrlen(lookup_value));
2166 lookup_value = save_lookup;
2167 s++;
2168 goto RETURN;
2169 }
2170
2171 /* Expand the first substring. Forced failures are noticed only if we actually
2172 want this string. Set skipping in the call in the fail case (this will always
2173 be the case if we were already skipping). */
2174
2175 sub1 = expand_string_internal(s+1, TRUE, &s, !yes);
2176 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2177 expand_string_forcedfail = FALSE;
2178 if (*s++ != '}') goto FAILED_CURLY;
2179
2180 /* If we want the first string, add it to the output */
2181
2182 if (yes)
2183 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2184
2185 /* If this is called from a lookup or an extract, we want to restore $value to
2186 what it was at the start of the item, so that it has this value during the
2187 second string expansion. For the call from "if" to this function, save_lookup
2188 is set to lookup_value, so that this statement does nothing. */
2189
2190 lookup_value = save_lookup;
2191
2192 /* There now follows either another substring, or "fail", or nothing. This
2193 time, forced failures are noticed only if we want the second string. We must
2194 set skipping in the nested call if we don't want this string, or if we were
2195 already skipping. */
2196
2197 while (isspace(*s)) s++;
2198 if (*s == '{')
2199 {
2200 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2201 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2202 expand_string_forcedfail = FALSE;
2203 if (*s++ != '}') goto FAILED_CURLY;
2204
2205 /* If we want the second string, add it to the output */
2206
2207 if (!yes)
2208 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2209 }
2210
2211 /* If there is no second string, but the word "fail" is present when the use of
2212 the second string is wanted, set a flag indicating it was a forced failure
2213 rather than a syntactic error. Swallow the terminating } in case this is nested
2214 inside another lookup or if or extract. */
2215
2216 else if (*s != '}')
2217 {
2218 uschar name[256];
2219 s = read_name(name, sizeof(name), s, US"_");
2220 if (Ustrcmp(name, "fail") == 0)
2221 {
2222 if (!yes && !skipping)
2223 {
2224 while (isspace(*s)) s++;
2225 if (*s++ != '}') goto FAILED_CURLY;
2226 expand_string_message =
2227 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2228 expand_string_forcedfail = TRUE;
2229 goto FAILED;
2230 }
2231 }
2232 else
2233 {
2234 expand_string_message =
2235 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2236 goto FAILED;
2237 }
2238 }
2239
2240 /* All we have to do now is to check on the final closing brace. */
2241
2242 while (isspace(*s)) s++;
2243 if (*s++ == '}') goto RETURN;
2244
2245 /* Get here if there is a bracketing failure */
2246
2247 FAILED_CURLY:
2248 rc++;
2249
2250 /* Get here for other failures */
2251
2252 FAILED:
2253 rc++;
2254
2255 /* Update the input pointer value before returning */
2256
2257 RETURN:
2258 *sptr = s;
2259 return rc;
2260 }
2261
2262
2263
2264
2265
2266
2267 /*************************************************
2268 * Handle MD5 or SHA-1 computation for HMAC *
2269 *************************************************/
2270
2271 /* These are some wrapping functions that enable the HMAC code to be a bit
2272 cleaner. A good compiler will spot the tail recursion.
2273
2274 Arguments:
2275 type HMAC_MD5 or HMAC_SHA1
2276 remaining are as for the cryptographic hash functions
2277
2278 Returns: nothing
2279 */
2280
2281 static void
2282 chash_start(int type, void *base)
2283 {
2284 if (type == HMAC_MD5)
2285 md5_start((md5 *)base);
2286 else
2287 sha1_start((sha1 *)base);
2288 }
2289
2290 static void
2291 chash_mid(int type, void *base, uschar *string)
2292 {
2293 if (type == HMAC_MD5)
2294 md5_mid((md5 *)base, string);
2295 else
2296 sha1_mid((sha1 *)base, string);
2297 }
2298
2299 static void
2300 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2301 {
2302 if (type == HMAC_MD5)
2303 md5_end((md5 *)base, string, length, digest);
2304 else
2305 sha1_end((sha1 *)base, string, length, digest);
2306 }
2307
2308
2309
2310
2311
2312 /*************************************************
2313 * Join a file onto the output string *
2314 *************************************************/
2315
2316 /* This is used for readfile and after a run expansion. It joins the contents
2317 of a file onto the output string, globally replacing newlines with a given
2318 string (optionally). The file is closed at the end.
2319
2320 Arguments:
2321 f the FILE
2322 yield pointer to the expandable string
2323 sizep pointer to the current size
2324 ptrp pointer to the current position
2325 eol newline replacement string, or NULL
2326
2327 Returns: new value of string pointer
2328 */
2329
2330 static uschar *
2331 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2332 {
2333 int eollen;
2334 uschar buffer[1024];
2335
2336 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2337
2338 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2339 {
2340 int len = Ustrlen(buffer);
2341 if (eol != NULL && buffer[len-1] == '\n') len--;
2342 yield = string_cat(yield, sizep, ptrp, buffer, len);
2343 if (buffer[len] != 0)
2344 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2345 }
2346
2347 if (yield != NULL) yield[*ptrp] = 0;
2348
2349 return yield;
2350 }
2351
2352
2353
2354
2355 /*************************************************
2356 * Evaluate numeric expression *
2357 *************************************************/
2358
2359 /* This is a set of mutually recursive functions that evaluate a simple
2360 arithmetic expression involving only + - * / and parentheses. The only one that
2361 is called from elsewhere is eval_expr, whose interface is:
2362
2363 Arguments:
2364 sptr pointer to the pointer to the string - gets updated
2365 decimal TRUE if numbers are to be assumed decimal
2366 error pointer to where to put an error message - must be NULL on input
2367 endket TRUE if ')' must terminate - FALSE for external call
2368
2369
2370 Returns: on success: the value of the expression, with *error still NULL
2371 on failure: an undefined value, with *error = a message
2372 */
2373
2374 static int eval_sumterm(uschar **, BOOL, uschar **);
2375
2376 static int
2377 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2378 {
2379 uschar *s = *sptr;
2380 int x = eval_sumterm(&s, decimal, error);
2381 if (*error == NULL)
2382 {
2383 while (*s == '+' || *s == '-')
2384 {
2385 int op = *s++;
2386 int y = eval_sumterm(&s, decimal, error);
2387 if (*error != NULL) break;
2388 if (op == '+') x += y; else x -= y;
2389 }
2390 if (*error == NULL)
2391 {
2392 if (endket)
2393 {
2394 if (*s != ')')
2395 *error = US"expecting closing parenthesis";
2396 else
2397 while (isspace(*(++s)));
2398 }
2399 else if (*s != 0) *error = US"expecting + or -";
2400 }
2401 }
2402
2403 *sptr = s;
2404 return x;
2405 }
2406
2407 static int
2408 eval_term(uschar **sptr, BOOL decimal, uschar **error)
2409 {
2410 register int c;
2411 int n;
2412 uschar *s = *sptr;
2413 while (isspace(*s)) s++;
2414 c = *s;
2415 if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2416 {
2417 int count;
2418 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2419 s += count;
2420 if (tolower(*s) == 'k') { n *= 1024; s++; }
2421 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2422 while (isspace (*s)) s++;
2423 }
2424 else if (c == '(')
2425 {
2426 s++;
2427 n = eval_expr(&s, decimal, error, 1);
2428 }
2429 else
2430 {
2431 *error = US"expecting number or opening parenthesis";
2432 n = 0;
2433 }
2434 *sptr = s;
2435 return n;
2436 }
2437
2438 static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2439 {
2440 uschar *s = *sptr;
2441 int x = eval_term(&s, decimal, error);
2442 if (*error == NULL)
2443 {
2444 while (*s == '*' || *s == '/')
2445 {
2446 int op = *s++;
2447 int y = eval_term(&s, decimal, error);
2448 if (*error != NULL) break;
2449 if (op == '*') x *= y; else x /= y;
2450 }
2451 }
2452 *sptr = s;
2453 return x;
2454 }
2455
2456
2457
2458
2459 /*************************************************
2460 * Expand string *
2461 *************************************************/
2462
2463 /* Returns either an unchanged string, or the expanded string in stacking pool
2464 store. Interpreted sequences are:
2465
2466 \... normal escaping rules
2467 $name substitutes the variable
2468 ${name} ditto
2469 ${op:string} operates on the expanded string value
2470 ${item{arg1}{arg2}...} expands the args and then does the business
2471 some literal args are not enclosed in {}
2472
2473 There are now far too many operators and item types to make it worth listing
2474 them here in detail any more.
2475
2476 We use an internal routine recursively to handle embedded substrings. The
2477 external function follows. The yield is NULL if the expansion failed, and there
2478 are two cases: if something collapsed syntactically, or if "fail" was given
2479 as the action on a lookup failure. These can be distinguised by looking at the
2480 variable expand_string_forcedfail, which is TRUE in the latter case.
2481
2482 The skipping flag is set true when expanding a substring that isn't actually
2483 going to be used (after "if" or "lookup") and it prevents lookups from
2484 happening lower down.
2485
2486 Store usage: At start, a store block of the length of the input plus 64
2487 is obtained. This is expanded as necessary by string_cat(), which might have to
2488 get a new block, or might be able to expand the original. At the end of the
2489 function we can release any store above that portion of the yield block that
2490 was actually used. In many cases this will be optimal.
2491
2492 However: if the first item in the expansion is a variable name or header name,
2493 we reset the store before processing it; if the result is in fresh store, we
2494 use that without copying. This is helpful for expanding strings like
2495 $message_headers which can get very long.
2496
2497 Arguments:
2498 string the string to be expanded
2499 ket_ends true if expansion is to stop at }
2500 left if not NULL, a pointer to the first character after the
2501 expansion is placed here (typically used with ket_ends)
2502 skipping TRUE for recursive calls when the value isn't actually going
2503 to be used (to allow for optimisation)
2504
2505 Returns: NULL if expansion fails:
2506 expand_string_forcedfail is set TRUE if failure was forced
2507 expand_string_message contains a textual error message
2508 a pointer to the expanded string on success
2509 */
2510
2511 static uschar *
2512 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2513 BOOL skipping)
2514 {
2515 int ptr = 0;
2516 int size = Ustrlen(string)+ 64;
2517 int item_type;
2518 uschar *yield = store_get(size);
2519 uschar *s = string;
2520 uschar *save_expand_nstring[EXPAND_MAXN+1];
2521 int save_expand_nlength[EXPAND_MAXN+1];
2522
2523 expand_string_forcedfail = FALSE;
2524 expand_string_message = US"";
2525
2526 while (*s != 0)
2527 {
2528 uschar *value;
2529 uschar name[256];
2530
2531 /* \ escapes the next character, which must exist, or else
2532 the expansion fails. There's a special escape, \N, which causes
2533 copying of the subject verbatim up to the next \N. Otherwise,
2534 the escapes are the standard set. */
2535
2536 if (*s == '\\')
2537 {
2538 if (s[1] == 0)
2539 {
2540 expand_string_message = US"\\ at end of string";
2541 goto EXPAND_FAILED;
2542 }
2543
2544 if (s[1] == 'N')
2545 {
2546 uschar *t = s + 2;
2547 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2548 yield = string_cat(yield, &size, &ptr, t, s - t);
2549 if (*s != 0) s += 2;
2550 }
2551
2552 else
2553 {
2554 uschar ch[1];
2555 ch[0] = string_interpret_escape(&s);
2556 s++;
2557 yield = string_cat(yield, &size, &ptr, ch, 1);
2558 }
2559
2560 continue;
2561 }
2562
2563 /* Anything other than $ is just copied verbatim, unless we are
2564 looking for a terminating } character. */
2565
2566 if (ket_ends && *s == '}') break;
2567
2568 if (*s != '$')
2569 {
2570 yield = string_cat(yield, &size, &ptr, s++, 1);
2571 continue;
2572 }
2573
2574 /* No { after the $ - must be a plain name or a number for string
2575 match variable. There has to be a fudge for variables that are the
2576 names of header fields preceded by "$header_" because header field
2577 names can contain any printing characters except space and colon.
2578 For those that don't like typing this much, "$h_" is a synonym for
2579 "$header_". A non-existent header yields a NULL value; nothing is
2580 inserted. */
2581
2582 if (isalpha((*(++s))))
2583 {
2584 int len;
2585 int newsize = 0;
2586
2587 s = read_name(name, sizeof(name), s, US"_");
2588
2589 /* If this is the first thing to be expanded, release the pre-allocated
2590 buffer. */
2591
2592 if (ptr == 0 && yield != NULL)
2593 {
2594 store_reset(yield);
2595 yield = NULL;
2596 size = 0;
2597 }
2598
2599 /* Header */
2600
2601 if (Ustrncmp(name, "h_", 2) == 0 ||
2602 Ustrncmp(name, "rh_", 3) == 0 ||
2603 Ustrncmp(name, "bh_", 3) == 0 ||
2604 Ustrncmp(name, "header_", 7) == 0 ||
2605 Ustrncmp(name, "rheader_", 8) == 0 ||
2606 Ustrncmp(name, "bheader_", 8) == 0)
2607 {
2608 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2609 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2610 s = read_header_name(name, sizeof(name), s);
2611 value = find_header(name, FALSE, &newsize, want_raw, charset);
2612
2613 /* If we didn't find the header, and the header contains a closing brace
2614 characters, this may be a user error where the terminating colon
2615 has been omitted. Set a flag to adjust the error message in this case.
2616 But there is no error here - nothing gets inserted. */
2617
2618 if (value == NULL)
2619 {
2620 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2621 continue;
2622 }
2623 }
2624
2625 /* Variable */
2626
2627 else
2628 {
2629 value = find_variable(name, FALSE, skipping, &newsize);
2630 if (value == NULL)
2631 {
2632 expand_string_message =
2633 string_sprintf("unknown variable name \"%s\"", name);
2634 goto EXPAND_FAILED;
2635 }
2636 }
2637
2638 /* If the data is known to be in a new buffer, newsize will be set to the
2639 size of that buffer. If this is the first thing in an expansion string,
2640 yield will be NULL; just point it at the new store instead of copying. Many
2641 expansion strings contain just one reference, so this is a useful
2642 optimization, especially for humungous headers. */
2643
2644 len = Ustrlen(value);
2645 if (yield == NULL && newsize != 0)
2646 {
2647 yield = value;
2648 size = newsize;
2649 ptr = len;
2650 }
2651 else yield = string_cat(yield, &size, &ptr, value, len);
2652
2653 continue;
2654 }
2655
2656 if (isdigit(*s))
2657 {
2658 int n;
2659 s = read_number(&n, s);
2660 if (n >= 0 && n <= expand_nmax)
2661 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2662 expand_nlength[n]);
2663 continue;
2664 }
2665
2666 /* Otherwise, if there's no '{' after $ it's an error. */
2667
2668 if (*s != '{')
2669 {
2670 expand_string_message = US"$ not followed by letter, digit, or {";
2671 goto EXPAND_FAILED;
2672 }
2673
2674 /* After { there can be various things, but they all start with
2675 an initial word, except for a number for a string match variable. */
2676
2677 if (isdigit((*(++s))))
2678 {
2679 int n;
2680 s = read_number(&n, s);
2681 if (*s++ != '}')
2682 {
2683 expand_string_message = US"} expected after number";
2684 goto EXPAND_FAILED;
2685 }
2686 if (n >= 0 && n <= expand_nmax)
2687 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2688 expand_nlength[n]);
2689 continue;
2690 }
2691
2692 if (!isalpha(*s))
2693 {
2694 expand_string_message = US"letter or digit expected after ${";
2695 goto EXPAND_FAILED;
2696 }
2697
2698 /* Allow "-" in names to cater for substrings with negative
2699 arguments. Since we are checking for known names after { this is
2700 OK. */
2701
2702 s = read_name(name, sizeof(name), s, US"_-");
2703 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2704
2705 switch(item_type)
2706 {
2707 /* Handle conditionals - preserve the values of the numerical expansion
2708 variables in case they get changed by a regular expression match in the
2709 condition. If not, they retain their external settings. At the end
2710 of this "if" section, they get restored to their previous values. */
2711
2712 case EITEM_IF:
2713 {
2714 BOOL cond = FALSE;
2715 uschar *next_s;
2716 int save_expand_nmax =
2717 save_expand_strings(save_expand_nstring, save_expand_nlength);
2718
2719 while (isspace(*s)) s++;
2720 next_s = eval_condition(s, skipping? NULL : &cond);
2721 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2722
2723 DEBUG(D_expand)
2724 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2725 cond? "true" : "false");
2726
2727 s = next_s;
2728
2729 /* The handling of "yes" and "no" result strings is now in a separate
2730 function that is also used by ${lookup} and ${extract} and ${run}. */
2731
2732 switch(process_yesno(
2733 skipping, /* were previously skipping */
2734 cond, /* success/failure indicator */
2735 lookup_value, /* value to reset for string2 */
2736 &s, /* input pointer */
2737 &yield, /* output pointer */
2738 &size, /* output size */
2739 &ptr, /* output current point */
2740 US"if")) /* condition type */
2741 {
2742 case 1: goto EXPAND_FAILED; /* when all is well, the */
2743 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2744 }
2745
2746 /* Restore external setting of expansion variables for continuation
2747 at this level. */
2748
2749 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2750 save_expand_nlength);
2751 continue;
2752 }
2753
2754 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
2755 expanding an internal string that isn't actually going to be used. All we
2756 need to do is check the syntax, so don't do a lookup at all. Preserve the
2757 values of the numerical expansion variables in case they get changed by a
2758 partial lookup. If not, they retain their external settings. At the end
2759 of this "lookup" section, they get restored to their previous values. */
2760
2761 case EITEM_LOOKUP:
2762 {
2763 int stype, partial, affixlen, starflags;
2764 int expand_setup = 0;
2765 int nameptr = 0;
2766 uschar *key, *filename, *affix;
2767 uschar *save_lookup_value = lookup_value;
2768 int save_expand_nmax =
2769 save_expand_strings(save_expand_nstring, save_expand_nlength);
2770
2771 if ((expand_forbid & RDO_LOOKUP) != 0)
2772 {
2773 expand_string_message = US"lookup expansions are not permitted";
2774 goto EXPAND_FAILED;
2775 }
2776
2777 /* Get the key we are to look up for single-key+file style lookups.
2778 Otherwise set the key NULL pro-tem. */
2779
2780 while (isspace(*s)) s++;
2781 if (*s == '{')
2782 {
2783 key = expand_string_internal(s+1, TRUE, &s, skipping);
2784 if (key == NULL) goto EXPAND_FAILED;
2785 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2786 while (isspace(*s)) s++;
2787 }
2788 else key = NULL;
2789
2790 /* Find out the type of database */
2791
2792 if (!isalpha(*s))
2793 {
2794 expand_string_message = US"missing lookup type";
2795 goto EXPAND_FAILED;
2796 }
2797
2798 /* The type is a string that may contain special characters of various
2799 kinds. Allow everything except space or { to appear; the actual content
2800 is checked by search_findtype_partial. */
2801
2802 while (*s != 0 && *s != '{' && !isspace(*s))
2803 {
2804 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
2805 s++;
2806 }
2807 name[nameptr] = 0;
2808 while (isspace(*s)) s++;
2809
2810 /* Now check for the individual search type and any partial or default
2811 options. Only those types that are actually in the binary are valid. */
2812
2813 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
2814 &starflags);
2815 if (stype < 0)
2816 {
2817 expand_string_message = search_error_message;
2818 goto EXPAND_FAILED;
2819 }
2820
2821 /* Check that a key was provided for those lookup types that need it,
2822 and was not supplied for those that use the query style. */
2823
2824 if (!mac_islookup(stype, lookup_querystyle))
2825 {
2826 if (key == NULL)
2827 {
2828 expand_string_message = string_sprintf("missing {key} for single-"
2829 "key \"%s\" lookup", name);
2830 goto EXPAND_FAILED;
2831 }
2832 }
2833 else
2834 {
2835 if (key != NULL)
2836 {
2837 expand_string_message = string_sprintf("a single key was given for "
2838 "lookup type \"%s\", which is not a single-key lookup type", name);
2839 goto EXPAND_FAILED;
2840 }
2841 }
2842
2843 /* Get the next string in brackets and expand it. It is the file name for
2844 single-key+file lookups, and the whole query otherwise. */
2845
2846 if (*s != '{') goto EXPAND_FAILED_CURLY;
2847 filename = expand_string_internal(s+1, TRUE, &s, skipping);
2848 if (filename == NULL) goto EXPAND_FAILED;
2849 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2850 while (isspace(*s)) s++;
2851
2852 /* If this isn't a single-key+file lookup, re-arrange the variables
2853 to be appropriate for the search_ functions. */
2854
2855 if (key == NULL)
2856 {
2857 key = filename;
2858 filename = NULL;
2859 }
2860
2861 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
2862 the entry was not found. Note that there is no search_close() function.
2863 Files are left open in case of re-use. At suitable places in higher logic,
2864 search_tidyup() is called to tidy all open files. This can save opening
2865 the same file several times. However, files may also get closed when
2866 others are opened, if too many are open at once. The rule is that a
2867 handle should not be used after a second search_open().
2868
2869 Request that a partial search sets up $1 and maybe $2 by passing
2870 expand_setup containing zero. If its value changes, reset expand_nmax,
2871 since new variables will have been set. Note that at the end of this
2872 "lookup" section, the old numeric variables are restored. */
2873
2874 if (skipping)
2875 lookup_value = NULL;
2876 else
2877 {
2878 void *handle = search_open(filename, stype, 0, NULL, NULL);
2879 if (handle == NULL)
2880 {
2881 expand_string_message = search_error_message;
2882 goto EXPAND_FAILED;
2883 }
2884 lookup_value = search_find(handle, filename, key, partial, affix,
2885 affixlen, starflags, &expand_setup);
2886 if (search_find_defer)
2887 {
2888 expand_string_message =
2889 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
2890 search_error_message);
2891 goto EXPAND_FAILED;
2892 }
2893 if (expand_setup > 0) expand_nmax = expand_setup;
2894 }
2895
2896 /* The handling of "yes" and "no" result strings is now in a separate
2897 function that is also used by ${if} and ${extract}. */
2898
2899 switch(process_yesno(
2900 skipping, /* were previously skipping */
2901 lookup_value != NULL, /* success/failure indicator */
2902 save_lookup_value, /* value to reset for string2 */
2903 &s, /* input pointer */
2904 &yield, /* output pointer */
2905 &size, /* output size */
2906 &ptr, /* output current point */
2907 US"lookup")) /* condition type */
2908 {
2909 case 1: goto EXPAND_FAILED; /* when all is well, the */
2910 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2911 }
2912
2913 /* Restore external setting of expansion variables for carrying on
2914 at this level, and continue. */
2915
2916 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2917 save_expand_nlength);
2918 continue;
2919 }
2920
2921 /* If Perl support is configured, handle calling embedded perl subroutines,
2922 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
2923 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
2924 arguments (defined below). */
2925
2926 #ifdef EXIM_PERL
2927 #define EXIM_PERL_MAX_ARGS 8
2928
2929 case EITEM_PERL:
2930 {
2931 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
2932 uschar *new_yield;
2933
2934 if ((expand_forbid & RDO_PERL) != 0)
2935 {
2936 expand_string_message = US"Perl calls are not permitted";
2937 goto EXPAND_FAILED;
2938 }
2939
2940 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
2941 US"perl"))
2942 {
2943 case 1: goto EXPAND_FAILED_CURLY;
2944 case 2:
2945 case 3: goto EXPAND_FAILED;
2946 }
2947
2948 /* If skipping, we don't actually do anything */
2949
2950 if (skipping) continue;
2951
2952 /* Start the interpreter if necessary */
2953
2954 if (!opt_perl_started)
2955 {
2956 uschar *initerror;
2957 if (opt_perl_startup == NULL)
2958 {
2959 expand_string_message = US"A setting of perl_startup is needed when "
2960 "using the Perl interpreter";
2961 goto EXPAND_FAILED;
2962 }
2963 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
2964 initerror = init_perl(opt_perl_startup);
2965 if (initerror != NULL)
2966 {
2967 expand_string_message =
2968 string_sprintf("error in perl_startup code: %s\n", initerror);
2969 goto EXPAND_FAILED;
2970 }
2971 opt_perl_started = TRUE;
2972 }
2973
2974 /* Call the function */
2975
2976 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
2977 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
2978 sub_arg[0], sub_arg + 1);
2979
2980 /* NULL yield indicates failure; if the message pointer has been set to
2981 NULL, the yield was undef, indicating a forced failure. Otherwise the
2982 message will indicate some kind of Perl error. */
2983
2984 if (new_yield == NULL)
2985 {
2986 if (expand_string_message == NULL)
2987 {
2988 expand_string_message =
2989 string_sprintf("Perl subroutine \"%s\" returned undef to force "
2990 "failure", sub_arg[0]);
2991 expand_string_forcedfail = TRUE;
2992 }
2993 goto EXPAND_FAILED;
2994 }
2995
2996 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
2997 set during a callback from Perl. */
2998
2999 expand_string_forcedfail = FALSE;
3000 yield = new_yield;
3001 continue;
3002 }
3003 #endif /* EXIM_PERL */
3004
3005 /* Handle "readfile" to insert an entire file */
3006
3007 case EITEM_READFILE:
3008 {
3009 FILE *f;
3010 uschar *sub_arg[2];
3011
3012 if ((expand_forbid & RDO_READFILE) != 0)
3013 {
3014 expand_string_message = US"file insertions are not permitted";
3015 goto EXPAND_FAILED;
3016 }
3017
3018 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3019 {
3020 case 1: goto EXPAND_FAILED_CURLY;
3021 case 2:
3022 case 3: goto EXPAND_FAILED;
3023 }
3024
3025 /* If skipping, we don't actually do anything */
3026
3027 if (skipping) continue;
3028
3029 /* Open the file and read it */
3030
3031 f = Ufopen(sub_arg[0], "rb");
3032 if (f == NULL)
3033 {
3034 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3035 goto EXPAND_FAILED;
3036 }
3037
3038 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3039 fclose(f);
3040 continue;
3041 }
3042
3043 /* Handle "readsocket" to insert data from a Unix domain socket */
3044
3045 case EITEM_READSOCK:
3046 {
3047 int fd;
3048 int timeout = 5;
3049 int save_ptr = ptr;
3050 FILE *f;
3051 struct sockaddr_un sockun; /* don't call this "sun" ! */
3052 uschar *arg;
3053 uschar *sub_arg[4];
3054
3055 if ((expand_forbid & RDO_READSOCK) != 0)
3056 {
3057 expand_string_message = US"socket insertions are not permitted";
3058 goto EXPAND_FAILED;
3059 }
3060
3061 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3062 because there may be a string for expansion on failure. */
3063
3064 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3065 {
3066 case 1: goto EXPAND_FAILED_CURLY;
3067 case 2: /* Won't occur: no end check */
3068 case 3: goto EXPAND_FAILED;
3069 }
3070
3071 /* Sort out timeout, if given */
3072
3073 if (sub_arg[2] != NULL)
3074 {
3075 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3076 if (timeout < 0)
3077 {
3078 expand_string_message = string_sprintf("bad time value %s",
3079 sub_arg[2]);
3080 goto EXPAND_FAILED;
3081 }
3082 }
3083 else sub_arg[3] = NULL; /* No eol if no timeout */
3084
3085 /* If skipping, we don't actually do anything */
3086
3087 if (!skipping)
3088 {
3089 /* Make a connection to the socket */
3090
3091 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3092 {
3093 expand_string_message = string_sprintf("failed to create socket: %s",
3094 strerror(errno));
3095 goto SOCK_FAIL;
3096 }
3097
3098 sockun.sun_family = AF_UNIX;
3099 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3100 sub_arg[0]);
3101 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3102 {
3103 expand_string_message = string_sprintf("failed to connect to socket "
3104 "%s: %s", sub_arg[0], strerror(errno));
3105 goto SOCK_FAIL;
3106 }
3107 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3108
3109 /* Write the request string, if not empty */
3110
3111 if (sub_arg[1][0] != 0)
3112 {
3113 int len = Ustrlen(sub_arg[1]);
3114 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3115 sub_arg[1]);
3116 if (write(fd, sub_arg[1], len) != len)
3117 {
3118 expand_string_message = string_sprintf("request write to socket "
3119 "failed: %s", strerror(errno));
3120 goto SOCK_FAIL;
3121 }
3122 }
3123
3124 /* Now we need to read from the socket, under a timeout. The function
3125 that reads a file can be used. */
3126
3127 f = fdopen(fd, "rb");
3128 sigalrm_seen = FALSE;
3129 alarm(timeout);
3130 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3131 alarm(0);
3132 fclose(f);
3133
3134 /* After a timeout, we restore the pointer in the result, that is,
3135 make sure we add nothing from the socket. */
3136
3137 if (sigalrm_seen)
3138 {
3139 ptr = save_ptr;
3140 expand_string_message = US"socket read timed out";
3141 goto SOCK_FAIL;
3142 }
3143 }
3144
3145 /* The whole thing has worked (or we were skipping). If there is a
3146 failure string following, we need to skip it. */
3147
3148 if (*s == '{')
3149 {
3150 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3151 goto EXPAND_FAILED;
3152 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3153 while (isspace(*s)) s++;
3154 }
3155 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3156 continue;
3157
3158 /* Come here on failure to create socket, connect socket, write to the
3159 socket, or timeout on reading. If another substring follows, expand and
3160 use it. Otherwise, those conditions give expand errors. */
3161
3162 SOCK_FAIL:
3163 if (*s != '{') goto EXPAND_FAILED;
3164 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3165 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3166 if (arg == NULL) goto EXPAND_FAILED;
3167 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3168 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3169 while (isspace(*s)) s++;
3170 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3171 continue;
3172 }
3173
3174 /* Handle "run" to execute a program. */
3175
3176 case EITEM_RUN:
3177 {
3178 FILE *f;
3179 uschar *old_lookup_value = NULL;
3180 uschar *arg;
3181 uschar **argv;
3182 pid_t pid;
3183 int fd_in, fd_out;
3184 int lsize = 0;
3185 int lptr = 0;
3186
3187 if ((expand_forbid & RDO_RUN) != 0)
3188 {
3189 expand_string_message = US"running a command is not permitted";
3190 goto EXPAND_FAILED;
3191 }
3192
3193 while (isspace(*s)) s++;
3194 if (*s != '{') goto EXPAND_FAILED_CURLY;
3195 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3196 if (arg == NULL) goto EXPAND_FAILED;
3197 while (isspace(*s)) s++;
3198 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3199
3200 if (skipping) /* Just pretend it worked when we're skipping */
3201 {
3202 runrc = 0;
3203 }
3204 else
3205 {
3206 if (!transport_set_up_command(&argv, /* anchor for arg list */
3207 arg, /* raw command */
3208 FALSE, /* don't expand the arguments */
3209 0, /* not relevant when... */
3210 NULL, /* no transporting address */
3211 US"${run} expansion", /* for error messages */
3212 &expand_string_message)) /* where to put error message */
3213 {
3214 goto EXPAND_FAILED;
3215 }
3216
3217 /* Create the child process, making it a group leader. */
3218
3219 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3220
3221 if (pid < 0)
3222 {
3223 expand_string_message =
3224 string_sprintf("couldn't create child process: %s", strerror(errno));
3225 goto EXPAND_FAILED;
3226 }
3227
3228 /* Nothing is written to the standard input. */
3229
3230 close(fd_in);
3231
3232 /* Wait for the process to finish, applying the timeout, and inspect its
3233 return code for serious disasters. Simple non-zero returns are passed on.
3234 */
3235
3236 if ((runrc = child_close(pid, 60)) < 0)
3237 {
3238 if (runrc == -256)
3239 {
3240 expand_string_message = string_sprintf("command timed out");
3241 killpg(pid, SIGKILL); /* Kill the whole process group */
3242 }
3243
3244 else if (runrc == -257)
3245 expand_string_message = string_sprintf("wait() failed: %s",
3246 strerror(errno));
3247
3248 else
3249 expand_string_message = string_sprintf("command killed by signal %d",
3250 -runrc);
3251
3252 goto EXPAND_FAILED;
3253 }
3254
3255 /* Read the pipe to get the command's output into $value (which is kept
3256 in lookup_value). */
3257
3258 f = fdopen(fd_out, "rb");
3259 old_lookup_value = lookup_value;
3260 lookup_value = NULL;
3261 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
3262 fclose(f);
3263 }
3264
3265 /* Process the yes/no strings */
3266
3267 switch(process_yesno(
3268 skipping, /* were previously skipping */
3269 runrc == 0, /* success/failure indicator */
3270 old_lookup_value, /* value to reset for string2 */
3271 &s, /* input pointer */
3272 &yield, /* output pointer */
3273 &size, /* output size */
3274 &ptr, /* output current point */
3275 US"run")) /* condition type */
3276 {
3277 case 1: goto EXPAND_FAILED; /* when all is well, the */
3278 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3279 }
3280
3281 continue;
3282 }
3283
3284 /* Handle character translation for "tr" */
3285
3286 case EITEM_TR:
3287 {
3288 int oldptr = ptr;
3289 int o2m;
3290 uschar *sub[3];
3291
3292 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
3293 {
3294 case 1: goto EXPAND_FAILED_CURLY;
3295 case 2:
3296 case 3: goto EXPAND_FAILED;
3297 }
3298
3299 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
3300 o2m = Ustrlen(sub[2]) - 1;
3301
3302 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
3303 {
3304 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
3305 if (m != NULL)
3306 {
3307 int o = m - sub[1];
3308 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
3309 }
3310 }
3311
3312 continue;
3313 }
3314
3315 /* Handle "hash", "length", "nhash", and "substr" when they are given with
3316 expanded arguments. */
3317
3318 case EITEM_HASH:
3319 case EITEM_LENGTH:
3320 case EITEM_NHASH:
3321 case EITEM_SUBSTR:
3322 {
3323 int i;
3324 int len;
3325 uschar *ret;
3326 int val[2] = { 0, -1 };
3327 uschar *sub[3];
3328
3329 /* "length" takes only 2 arguments whereas the others take 2 or 3.
3330 Ensure that sub[2] is set in the ${length case. */
3331
3332 sub[2] = NULL;
3333 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
3334 TRUE, name))
3335 {
3336 case 1: goto EXPAND_FAILED_CURLY;
3337 case 2:
3338 case 3: goto EXPAND_FAILED;
3339 }
3340
3341 /* Juggle the arguments if there are only two of them: always move the
3342 string to the last position and make ${length{n}{str}} equivalent to
3343 ${substr{0}{n}{str}}. See the defaults for val[] above. */
3344
3345 if (sub[2] == NULL)
3346 {
3347 sub[2] = sub[1];
3348 sub[1] = NULL;
3349 if (item_type == EITEM_LENGTH)
3350 {
3351 sub[1] = sub[0];
3352 sub[0] = NULL;
3353 }
3354 }
3355
3356 for (i = 0; i < 2; i++)
3357 {
3358 if (sub[i] == NULL) continue;
3359 val[i] = (int)Ustrtol(sub[i], &ret, 10);
3360 if (*ret != 0 || (i != 0 && val[i] < 0))
3361 {
3362 expand_string_message = string_sprintf("\"%s\" is not a%s number "
3363 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
3364 goto EXPAND_FAILED;
3365 }
3366 }
3367
3368 ret =
3369 (item_type == EITEM_HASH)?
3370 compute_hash(sub[2], val[0], val[1], &len) :
3371 (item_type == EITEM_NHASH)?
3372 compute_nhash(sub[2], val[0], val[1], &len) :
3373 extract_substr(sub[2], val[0], val[1], &len);
3374
3375 if (ret == NULL) goto EXPAND_FAILED;
3376 yield = string_cat(yield, &size, &ptr, ret, len);
3377 continue;
3378 }
3379
3380 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
3381 This code originally contributed by Steve Haslam. It currently supports
3382 the use of MD5 and SHA-1 hashes.
3383
3384 We need some workspace that is large enough to handle all the supported
3385 hash types. Use macros to set the sizes rather than be too elaborate. */
3386
3387 #define MAX_HASHLEN 20
3388 #define MAX_HASHBLOCKLEN 64
3389
3390 case EITEM_HMAC:
3391 {
3392 uschar *sub[3];
3393 md5 md5_base;
3394 sha1 sha1_base;
3395 void *use_base;
3396 int type, i;
3397 int hashlen; /* Number of octets for the hash algorithm's output */
3398 int hashblocklen; /* Number of octets the hash algorithm processes */
3399 uschar *keyptr, *p;
3400 unsigned int keylen;
3401
3402 uschar keyhash[MAX_HASHLEN];
3403 uschar innerhash[MAX_HASHLEN];
3404 uschar finalhash[MAX_HASHLEN];
3405 uschar finalhash_hex[2*MAX_HASHLEN];
3406 uschar innerkey[MAX_HASHBLOCKLEN];
3407 uschar outerkey[MAX_HASHBLOCKLEN];
3408
3409 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
3410 {
3411 case 1: goto EXPAND_FAILED_CURLY;
3412 case 2:
3413 case 3: goto EXPAND_FAILED;
3414 }
3415
3416 if (Ustrcmp(sub[0], "md5") == 0)
3417 {
3418 type = HMAC_MD5;
3419 use_base = &md5_base;
3420 hashlen = 16;
3421 hashblocklen = 64;
3422 }
3423 else if (Ustrcmp(sub[0], "sha1") == 0)
3424 {
3425 type = HMAC_SHA1;
3426 use_base = &sha1_base;
3427 hashlen = 20;
3428 hashblocklen = 64;
3429 }
3430 else
3431 {
3432 expand_string_message =
3433 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
3434 goto EXPAND_FAILED;
3435 }
3436
3437 keyptr = sub[1];
3438 keylen = Ustrlen(keyptr);
3439
3440 /* If the key is longer than the hash block length, then hash the key
3441 first */
3442
3443 if (keylen > hashblocklen)
3444 {
3445 chash_start(type, use_base);
3446 chash_end(type, use_base, keyptr, keylen, keyhash);
3447 keyptr = keyhash;
3448 keylen = hashlen;
3449 }
3450
3451 /* Now make the inner and outer key values */
3452
3453 memset(innerkey, 0x36, hashblocklen);
3454 memset(outerkey, 0x5c, hashblocklen);
3455
3456 for (i = 0; i < keylen; i++)
3457 {
3458 innerkey[i] ^= keyptr[i];
3459 outerkey[i] ^= keyptr[i];
3460 }
3461
3462 /* Now do the hashes */
3463
3464 chash_start(type, use_base);
3465 chash_mid(type, use_base, innerkey);
3466 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
3467
3468 chash_start(type, use_base);
3469 chash_mid(type, use_base, outerkey);
3470 chash_end(type, use_base, innerhash, hashlen, finalhash);
3471
3472 /* Encode the final hash as a hex string */
3473
3474 p = finalhash_hex;
3475 for (i = 0; i < hashlen; i++)
3476 {
3477 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3478 *p++ = hex_digits[finalhash[i] & 0x0f];
3479 }
3480
3481 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
3482 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
3483
3484 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
3485 }
3486
3487 continue;
3488
3489 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
3490 We have to save the numerical variables and restore them afterwards. */
3491
3492 case EITEM_SG:
3493 {
3494 const pcre *re;
3495 int moffset, moffsetextra, slen;
3496 int roffset;
3497 int emptyopt;
3498 const uschar *rerror;
3499 uschar *subject;
3500 uschar *sub[3];
3501 int save_expand_nmax =
3502 save_expand_strings(save_expand_nstring, save_expand_nlength);
3503
3504 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
3505 {
3506 case 1: goto EXPAND_FAILED_CURLY;
3507 case 2:
3508 case 3: goto EXPAND_FAILED;
3509 }
3510
3511 /* Compile the regular expression */
3512
3513 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
3514 NULL);
3515
3516 if (re == NULL)
3517 {
3518 expand_string_message = string_sprintf("regular expression error in "
3519 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
3520 goto EXPAND_FAILED;
3521 }
3522
3523 /* Now run a loop to do the substitutions as often as necessary. It ends
3524 when there are no more matches. Take care over matches of the null string;
3525 do the same thing as Perl does. */
3526
3527 subject = sub[0];
3528 slen = Ustrlen(sub[0]);
3529 moffset = moffsetextra = 0;
3530 emptyopt = 0;
3531
3532 for (;;)
3533 {
3534 int ovector[3*(EXPAND_MAXN+1)];
3535 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
3536 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
3537 int nn;
3538 uschar *insert;
3539
3540 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
3541 is not necessarily the end. We want to repeat the match from one
3542 character further along, but leaving the basic offset the same (for
3543 copying below). We can't be at the end of the string - that was checked
3544 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
3545 finished; copy the remaining string and end the loop. */
3546
3547 if (n < 0)
3548 {
3549 if (emptyopt != 0)
3550 {
3551 moffsetextra = 1;
3552 emptyopt = 0;
3553 continue;
3554 }
3555 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
3556 break;
3557 }
3558
3559 /* Match - set up for expanding the replacement. */
3560
3561 if (n == 0) n = EXPAND_MAXN + 1;
3562 expand_nmax = 0;
3563 for (nn = 0; nn < n*2; nn += 2)
3564 {
3565 expand_nstring[expand_nmax] = subject + ovector[nn];
3566 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
3567 }
3568 expand_nmax--;
3569
3570 /* Copy the characters before the match, plus the expanded insertion. */
3571
3572 yield = string_cat(yield, &size, &ptr, subject + moffset,
3573 ovector[0] - moffset);
3574 insert = expand_string(sub[2]);
3575 if (insert == NULL) goto EXPAND_FAILED;
3576 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
3577
3578 moffset = ovector[1];
3579 moffsetextra = 0;
3580 emptyopt = 0;
3581
3582 /* If we have matched an empty string, first check to see if we are at
3583 the end of the subject. If so, the loop is over. Otherwise, mimic
3584 what Perl's /g options does. This turns out to be rather cunning. First
3585 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
3586 string at the same point. If this fails (picked up above) we advance to
3587 the next character. */
3588
3589 if (ovector[0] == ovector[1])
3590 {
3591 if (ovector[0] == slen) break;
3592 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
3593 }
3594 }
3595
3596 /* All done - restore numerical variables. */
3597
3598 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3599 save_expand_nlength);
3600 continue;
3601 }
3602
3603 /* Handle keyed and numbered substring extraction. If the first argument
3604 consists entirely of digits, then a numerical extraction is assumed. */
3605
3606 case EITEM_EXTRACT:
3607 {
3608 int i;
3609 int j = 2;
3610 int field_number = 1;
3611 BOOL field_number_set = FALSE;
3612 uschar *save_lookup_value = lookup_value;
3613 uschar *sub[3];
3614 int save_expand_nmax =
3615 save_expand_strings(save_expand_nstring, save_expand_nlength);
3616
3617 /* Read the arguments */
3618
3619 for (i = 0; i < j; i++)
3620 {
3621 while (isspace(*s)) s++;
3622 if (*s == '{')
3623 {
3624 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
3625 if (sub[i] == NULL) goto EXPAND_FAILED;
3626 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3627
3628 /* After removal of leading and trailing white space, the first
3629 argument must not be empty; if it consists entirely of digits
3630 (optionally preceded by a minus sign), this is a numerical
3631 extraction, and we expect 3 arguments. */
3632
3633 if (i == 0)
3634 {
3635 int len;
3636 int x = 0;
3637 uschar *p = sub[0];
3638
3639 while (isspace(*p)) p++;
3640 sub[0] = p;
3641
3642 len = Ustrlen(p);
3643 while (len > 0 && isspace(p[len-1])) len--;
3644 p[len] = 0;
3645
3646 if (*p == 0)
3647 {
3648 expand_string_message = US"first argument of \"expand\" must not "
3649 "be empty";
3650 goto EXPAND_FAILED;
3651 }
3652
3653 if (*p == '-')
3654 {
3655 field_number = -1;
3656 p++;
3657 }
3658 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
3659 if (*p == 0)
3660 {
3661 field_number *= x;
3662 j = 3; /* Need 3 args */
3663 field_number_set = TRUE;
3664 }
3665 }
3666 }
3667 else goto EXPAND_FAILED_CURLY;
3668 }
3669
3670 /* Extract either the numbered or the keyed substring into $value. If
3671 skipping, just pretend the extraction failed. */
3672
3673 lookup_value = skipping? NULL : field_number_set?
3674 expand_gettokened(field_number, sub[1], sub[2]) :
3675 expand_getkeyed(sub[0], sub[1]);
3676
3677 /* If no string follows, $value gets substituted; otherwise there can
3678 be yes/no strings, as for lookup or if. */
3679
3680 switch(process_yesno(
3681 skipping, /* were previously skipping */
3682 lookup_value != NULL, /* success/failure indicator */
3683 save_lookup_value, /* value to reset for string2 */
3684 &s, /* input pointer */
3685 &yield, /* output pointer */
3686 &size, /* output size */
3687 &ptr, /* output current point */
3688 US"extract")) /* condition type */
3689 {
3690 case 1: goto EXPAND_FAILED; /* when all is well, the */
3691 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3692 }
3693
3694 /* All done - restore numerical variables. */
3695
3696 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3697 save_expand_nlength);
3698
3699 continue;
3700 }
3701 }
3702
3703 /* Control reaches here if the name is not recognized as one of the more
3704 complicated expansion items. Check for the "operator" syntax (name terminated
3705 by a colon). Some of the operators have arguments, separated by _ from the
3706 name. */
3707
3708 if (*s == ':')
3709 {
3710 int c;
3711 uschar *arg = NULL;
3712 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
3713 if (sub == NULL) goto EXPAND_FAILED;
3714 s++;
3715
3716 /* Owing to an historical mis-design, an underscore may be part of the
3717 operator name, or it may introduce arguments. We therefore first scan the
3718 table of names that contain underscores. If there is no match, we cut off
3719 the arguments and then scan the main table. */
3720
3721 c = chop_match(name, op_table_underscore,
3722 sizeof(op_table_underscore)/sizeof(uschar *));
3723
3724 if (c < 0)
3725 {
3726 arg = Ustrchr(name, '_');
3727 if (arg != NULL) *arg = 0;
3728 c = chop_match(name, op_table_main,
3729 sizeof(op_table_main)/sizeof(uschar *));
3730 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
3731 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
3732 }
3733
3734 /* If we are skipping, we don't need to perform the operation at all.
3735 This matters for operations like "mask", because the data may not be
3736 in the correct format when skipping. For example, the expression may test
3737 for the existence of $sender_host_address before trying to mask it. For
3738 other operations, doing them may not fail, but it is a waste of time. */
3739
3740 if (skipping && c >= 0) continue;
3741
3742 /* Otherwise, switch on the operator type */
3743
3744 switch(c)
3745 {
3746 case EOP_BASE62:
3747 {
3748 uschar *t;
3749 unsigned long int n = Ustrtoul(sub, &t, 10);
3750 if (*t != 0)
3751 {
3752 expand_string_message = string_sprintf("argument for base62 "
3753 "operator is \"%s\", which is not a decimal number", sub);
3754 goto EXPAND_FAILED;
3755 }
3756 t = string_base62(n);
3757 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
3758 continue;
3759 }
3760
3761 case EOP_BASE62D:
3762 {
3763 uschar buf[16];
3764 uschar *tt = sub;
3765 unsigned long int n = 0;
3766 while (*tt != 0)
3767 {
3768 uschar *t = Ustrchr(base62_chars, *tt++);
3769 if (t == NULL)
3770 {
3771 expand_string_message = string_sprintf("argument for base62d "
3772 "operator is \"%s\", which is not a base 62 number", sub);
3773 goto EXPAND_FAILED;
3774 }
3775 n = n * 62 + (t - base62_chars);
3776 }
3777 (void)sprintf(CS buf, "%ld", n);
3778 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
3779 continue;
3780 }
3781
3782 case EOP_EXPAND:
3783 {
3784 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
3785 if (expanded == NULL)
3786 {
3787 expand_string_message =
3788 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
3789 expand_string_message);
3790 goto EXPAND_FAILED;
3791 }
3792 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
3793 continue;
3794 }
3795
3796 case EOP_LC:
3797 {
3798 int count = 0;
3799 uschar *t = sub - 1;
3800 while (*(++t) != 0) { *t = tolower(*t); count++; }
3801 yield = string_cat(yield, &size, &ptr, sub, count);
3802 continue;
3803 }
3804
3805 case EOP_UC:
3806 {
3807 int count = 0;
3808 uschar *t = sub - 1;
3809 while (*(++t) != 0) { *t = toupper(*t); count++; }
3810 yield = string_cat(yield, &size, &ptr, sub, count);
3811 continue;
3812 }
3813
3814 case EOP_MD5:
3815 {
3816 md5 base;
3817 uschar digest[16];
3818 int j;
3819 char st[33];
3820 md5_start(&base);
3821 md5_end(&base, sub, Ustrlen(sub), digest);
3822 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
3823 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
3824 continue;
3825 }
3826
3827 case EOP_SHA1:
3828 {
3829 sha1 base;
3830 uschar digest[20];
3831 int j;
3832 char st[41];
3833 sha1_start(&base);
3834 sha1_end(&base, sub, Ustrlen(sub), digest);
3835 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
3836 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
3837 continue;
3838 }
3839
3840 /* Convert hex encoding to base64 encoding */
3841
3842 case EOP_HEX2B64:
3843 {
3844 int c = 0;
3845 int b = -1;
3846 uschar *in = sub;
3847 uschar *out = sub;
3848 uschar *enc;
3849
3850 for (enc = sub; *enc != 0; enc++)
3851 {
3852 if (!isxdigit(*enc))
3853 {
3854 expand_string_message = string_sprintf("\"%s\" is not a hex "
3855 "string", sub);
3856 goto EXPAND_FAILED;
3857 }
3858 c++;
3859 }
3860
3861 if ((c & 1) != 0)
3862 {
3863 expand_string_message = string_sprintf("\"%s\" contains an odd "
3864 "number of characters", sub);
3865 goto EXPAND_FAILED;
3866 }
3867
3868 while ((c = *in++) != 0)
3869 {
3870 if (isdigit(c)) c -= '0';
3871 else c = toupper(c) - 'A' + 10;
3872 if (b == -1)
3873 {
3874 b = c << 4;
3875 }
3876 else
3877 {
3878 *out++ = b | c;
3879 b = -1;
3880 }
3881 }
3882
3883 enc = auth_b64encode(sub, out - sub);
3884 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
3885 continue;
3886 }
3887
3888 /* mask applies a mask to an IP address; for example the result of
3889 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
3890
3891 case EOP_MASK:
3892 {
3893 int count;
3894 uschar *endptr;
3895 int binary[4];
3896 int mask, maskoffset;
3897 int type = string_is_ip_address(sub, &maskoffset);
3898 uschar buffer[64];
3899
3900 if (type == 0)
3901 {
3902 expand_string_message = string_sprintf("\"%s\" is not an IP address",
3903 sub);
3904 goto EXPAND_FAILED;
3905 }
3906
3907 if (maskoffset == 0)
3908 {
3909 expand_string_message = string_sprintf("missing mask value in \"%s\"",
3910 sub);
3911 goto EXPAND_FAILED;
3912 }
3913
3914 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
3915
3916 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
3917 {
3918 expand_string_message = string_sprintf("mask value too big in \"%s\"",
3919 sub);
3920 goto EXPAND_FAILED;
3921 }
3922
3923 /* Convert the address to binary integer(s) and apply the mask */
3924
3925 sub[maskoffset] = 0;
3926 count = host_aton(sub, binary);
3927 host_mask(count, binary, mask);
3928
3929 /* Convert to masked textual format and add to output. */
3930
3931 yield = string_cat(yield, &size, &ptr, buffer,
3932 host_nmtoa(count, binary, mask, buffer));
3933 continue;
3934 }
3935
3936 case EOP_ADDRESS:
3937 case EOP_LOCAL_PART:
3938 case EOP_DOMAIN:
3939 {
3940 uschar *error;
3941 int start, end, domain;
3942 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
3943 FALSE);
3944 if (t != NULL)
3945 {
3946 if (c != EOP_DOMAIN)
3947 {
3948 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
3949 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
3950 }
3951 else if (domain != 0)
3952 {
3953 domain += start;
3954 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
3955 }
3956 }
3957 continue;
3958 }
3959
3960 /* quote puts a string in quotes if it is empty or contains anything
3961 other than alphamerics, underscore, dot, or hyphen.
3962
3963 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
3964 be quoted in order to be a valid local part.
3965
3966 In both cases, newlines and carriage returns are converted into \n and \r
3967 respectively */
3968
3969 case EOP_QUOTE:
3970 case EOP_QUOTE_LOCAL_PART:
3971 if (arg == NULL)
3972 {
3973 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
3974 uschar *t = sub - 1;
3975
3976 if (c == EOP_QUOTE)
3977 {
3978 while (!needs_quote && *(++t) != 0)
3979 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
3980 }
3981 else /* EOP_QUOTE_LOCAL_PART */
3982 {
3983 while (!needs_quote && *(++t) != 0)
3984 needs_quote = !isalnum(*t) &&
3985 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
3986 (*t != '.' || t == sub || t[1] == 0);
3987 }
3988
3989 if (needs_quote)
3990 {
3991 yield = string_cat(yield, &size, &ptr, US"\"", 1);
3992 t = sub - 1;
3993 while (*(++t) != 0)
3994 {
3995 if (*t == '\n')
3996 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
3997 else if (*t == '\r')
3998 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
3999 else
4000 {
4001 if (*t == '\\' || *t == '"')
4002 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4003 yield = string_cat(yield, &size, &ptr, t, 1);
4004 }
4005 }
4006 yield = string_cat(yield, &size, &ptr, US"\"", 1);
4007 }
4008 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4009 continue;
4010 }
4011
4012 /* quote_lookuptype does lookup-specific quoting */
4013
4014 else
4015 {
4016 int n;
4017 uschar *opt = Ustrchr(arg, '_');
4018
4019 if (opt != NULL) *opt++ = 0;
4020
4021 n = search_findtype(arg, Ustrlen(arg));
4022 if (n < 0)
4023 {
4024 expand_string_message = search_error_message;
4025 goto EXPAND_FAILED;
4026 }
4027
4028 if (lookup_list[n].quote != NULL)
4029 sub = (lookup_list[n].quote)(sub, opt);
4030 else if (opt != NULL) sub = NULL;
4031
4032 if (sub == NULL)
4033 {
4034 expand_string_message = string_sprintf(
4035 "\"%s\" unrecognized after \"${quote_%s\"",
4036 opt, arg);
4037 goto EXPAND_FAILED;
4038 }
4039
4040 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4041 continue;
4042 }
4043
4044 /* rx quote sticks in \ before any non-alphameric character so that
4045 the insertion works in a regular expression. */
4046
4047 case EOP_RXQUOTE:
4048 {
4049 uschar *t = sub - 1;
4050 while (*(++t) != 0)
4051 {
4052 if (!isalnum(*t))
4053 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4054 yield = string_cat(yield, &size, &ptr, t, 1);
4055 }
4056 continue;
4057 }
4058
4059 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
4060 prescribed by the RFC, if there are characters that need to be encoded */
4061
4062 case EOP_RFC2047:
4063 {
4064 uschar buffer[1024];
4065 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
4066 buffer, sizeof(buffer));
4067 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
4068 continue;
4069 }
4070
4071 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
4072 underscores */
4073
4074 case EOP_FROM_UTF8:
4075 {
4076 while (*sub != 0)
4077 {
4078 int c;
4079 uschar buff[4];
4080 GETUTF8INC(c, sub);
4081 if (c > 255) c = '_';
4082 buff[0] = c;
4083 yield = string_cat(yield, &size, &ptr, buff, 1);
4084 }
4085 continue;
4086 }
4087
4088 /* escape turns all non-printing characters into escape sequences. */
4089
4090 case EOP_ESCAPE:
4091 {
4092 uschar *t = string_printing(sub);
4093 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4094 continue;
4095 }
4096
4097 /* Handle numeric expression evaluation */
4098
4099 case EOP_EVAL:
4100 case EOP_EVAL10:
4101 {
4102 uschar *save_sub = sub;
4103 uschar *error = NULL;
4104 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
4105 if (error != NULL)
4106 {
4107 expand_string_message = string_sprintf("error in expression "
4108 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
4109 save_sub);
4110 goto EXPAND_FAILED;
4111 }
4112 sprintf(CS var_buffer, "%d", n);
4113 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
4114 continue;
4115 }
4116
4117 /* Handle time period formating */
4118
4119 case EOP_TIME_INTERVAL:
4120 {
4121 int n;
4122 uschar *t = read_number(&n, sub);
4123 if (*t != 0) /* Not A Number*/
4124 {
4125 expand_string_message = string_sprintf("string \"%s\" is not a "
4126 "positive number in \"%s\" operator", sub, name);
4127 goto EXPAND_FAILED;
4128 }
4129 t = readconf_printtime(n);
4130 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4131 continue;
4132 }
4133
4134 /* Convert string to base64 encoding */
4135
4136 case EOP_STR2B64:
4137 {
4138 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
4139 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
4140 continue;
4141 }
4142
4143 /* strlen returns the length of the string */
4144
4145 case EOP_STRLEN:
4146 {
4147 uschar buff[24];
4148 (void)sprintf(CS buff, "%d", Ustrlen(sub));
4149 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
4150 continue;
4151 }
4152
4153 /* length_n or l_n takes just the first n characters or the whole string,
4154 whichever is the shorter;
4155
4156 substr_m_n, and s_m_n take n characters from offset m; negative m take
4157 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
4158 takes the rest, either to the right or to the left.
4159
4160 hash_n or h_n makes a hash of length n from the string, yielding n
4161 characters from the set a-z; hash_n_m makes a hash of length n, but
4162 uses m characters from the set a-zA-Z0-9.
4163
4164 nhash_n returns a single number between 0 and n-1 (in text form), while
4165 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
4166 between 0 and n-1 and the second between 0 and m-1. */
4167
4168 case EOP_LENGTH:
4169 case EOP_L:
4170 case EOP_SUBSTR:
4171 case EOP_S:
4172 case EOP_HASH:
4173 case EOP_H:
4174 case EOP_NHASH:
4175 case EOP_NH:
4176 {
4177 int sign = 1;
4178 int value1 = 0;
4179 int value2 = -1;
4180 int *pn;
4181 int len;
4182 uschar *ret;
4183
4184 if (arg == NULL)
4185 {
4186 expand_string_message = string_sprintf("missing values after %s",
4187 name);
4188 goto EXPAND_FAILED;
4189 }
4190
4191 /* "length" has only one argument, effectively being synonymous with
4192 substr_0_n. */
4193
4194 if (c == EOP_LENGTH || c == EOP_L)
4195 {
4196 pn = &value2;
4197 value2 = 0;
4198 }
4199
4200 /* The others have one or two arguments; for "substr" the first may be
4201 negative. The second being negative means "not supplied". */
4202
4203 else
4204 {
4205 pn = &value1;
4206 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
4207 }
4208
4209 /* Read up to two numbers, separated by underscores */
4210
4211 ret = arg;
4212 while (*arg != 0)
4213 {
4214 if (arg != ret && *arg == '_' && pn == &value1)
4215 {
4216 pn = &value2;
4217 value2 = 0;
4218 if (arg[1] != 0) arg++;
4219 }
4220 else if (!isdigit(*arg))
4221 {
4222 expand_string_message =
4223 string_sprintf("non-digit after underscore in \"%s\"", name);
4224 goto EXPAND_FAILED;
4225 }
4226 else *pn = (*pn)*10 + *arg++ - '0';
4227 }
4228 value1 *= sign;
4229
4230 /* Perform the required operation */
4231
4232 ret =
4233 (c == EOP_HASH || c == EOP_H)?
4234 compute_hash(sub, value1, value2, &len) :
4235 (c == EOP_NHASH || c == EOP_NH)?
4236 compute_nhash(sub, value1, value2, &len) :
4237 extract_substr(sub, value1, value2, &len);
4238
4239 if (ret == NULL) goto EXPAND_FAILED;
4240 yield = string_cat(yield, &size, &ptr, ret, len);
4241 continue;
4242 }
4243
4244 /* Stat a path */
4245
4246 case EOP_STAT:
4247 {
4248 uschar *s;
4249 uschar smode[12];
4250 uschar **modetable[3];
4251 int i;
4252 mode_t mode;
4253 struct stat st;
4254
4255 if (stat(CS sub, &st) < 0)
4256 {
4257 expand_string_message = string_sprintf("stat(%s) failed: %s",
4258 sub, strerror(errno));
4259 goto EXPAND_FAILED;
4260 }
4261 mode = st.st_mode;
4262 switch (mode & S_IFMT)
4263 {
4264 case S_IFIFO: smode[0] = 'p'; break;
4265 case S_IFCHR: smode[0] = 'c'; break;
4266 case S_IFDIR: smode[0] = 'd'; break;
4267 case S_IFBLK: smode[0] = 'b'; break;
4268 case S_IFREG: smode[0] = '-'; break;
4269 default: smode[0] = '?'; break;
4270 }
4271
4272 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
4273 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
4274 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
4275
4276 for (i = 0; i < 3; i++)
4277 {
4278 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
4279 mode >>= 3;
4280 }
4281
4282 smode[10] = 0;
4283 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
4284 "uid=%ld gid=%ld size=%ld atime=%ld mtime=%ld ctime=%ld",
4285 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
4286 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
4287 (long)st.st_gid, (long)st.st_size, (long)st.st_atime,
4288 (long)st.st_mtime, (long)st.st_ctime);
4289 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
4290 continue;
4291 }
4292
4293 /* Unknown operator */
4294
4295 default:
4296 expand_string_message =
4297 string_sprintf("unknown expansion operator \"%s\"", name);
4298 goto EXPAND_FAILED;
4299 }
4300 }
4301
4302 /* Handle a plain name. If this is the first thing in the expansion, release
4303 the pre-allocated buffer. If the result data is known to be in a new buffer,
4304 newsize will be set to the size of that buffer, and we can just point at that
4305 store instead of copying. Many expansion strings contain just one reference,
4306 so this is a useful optimization, especially for humungous headers
4307 ($message_headers). */
4308
4309 if (*s++ == '}')
4310 {
4311 int len;
4312 int newsize = 0;
4313 if (ptr == 0)
4314 {
4315 store_reset(yield);
4316 yield = NULL;
4317 size = 0;
4318 }
4319 value = find_variable(name, FALSE, skipping, &newsize);
4320 if (value == NULL)
4321 {
4322 expand_string_message =
4323 string_sprintf("unknown variable in \"${%s}\"", name);
4324 goto EXPAND_FAILED;
4325 }
4326 len = Ustrlen(value);
4327 if (yield == NULL && newsize != 0)
4328 {
4329 yield = value;
4330 size = newsize;
4331 ptr = len;
4332 }
4333 else yield = string_cat(yield, &size, &ptr, value, len);
4334 continue;
4335 }
4336
4337 /* Else there's something wrong */
4338
4339 expand_string_message =
4340 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
4341 "in a variable reference)", name);
4342 goto EXPAND_FAILED;
4343 }
4344
4345 /* If we hit the end of the string when ket_ends is set, there is a missing
4346 terminating brace. */
4347
4348 if (ket_ends && *s == 0)
4349 {
4350 expand_string_message = malformed_header?
4351 US"missing } at end of string - could be header name not terminated by colon"
4352 :
4353 US"missing } at end of string";
4354 goto EXPAND_FAILED;
4355 }
4356
4357 /* Expansion succeeded; yield may still be NULL here if nothing was actually
4358 added to the string. If so, set up an empty string. Add a terminating zero. If
4359 left != NULL, return a pointer to the terminator. */
4360
4361 if (yield == NULL) yield = store_get(1);
4362 yield[ptr] = 0;
4363 if (left != NULL) *left = s;
4364
4365 /* Any stacking store that was used above the final string is no longer needed.
4366 In many cases the final string will be the first one that was got and so there
4367 will be optimal store usage. */
4368
4369 store_reset(yield + ptr + 1);
4370 DEBUG(D_expand)
4371 {
4372 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
4373 yield);
4374 if (skipping) debug_printf("skipping: result is not used\n");
4375 }
4376 return yield;
4377
4378 /* This is the failure exit: easiest to program with a goto. We still need
4379 to update the pointer to the terminator, for cases of nested calls with "fail".
4380 */
4381
4382 EXPAND_FAILED_CURLY:
4383 expand_string_message = malformed_header?
4384 US"missing or misplaced { or } - could be header name not terminated by colon"
4385 :
4386 US"missing or misplaced { or }";
4387
4388 /* At one point, Exim reset the store to yield (if yield was not NULL), but
4389 that is a bad idea, because expand_string_message is in dynamic store. */
4390
4391 EXPAND_FAILED:
4392 if (left != NULL) *left = s;
4393 DEBUG(D_expand)
4394 {
4395 debug_printf("failed to expand: %s\n", string);
4396 debug_printf(" error message: %s\n", expand_string_message);
4397 if (expand_string_forcedfail) debug_printf("failure was forced\n");
4398 }
4399 return NULL;
4400 }
4401
4402
4403 /* This is the external function call. Do a quick check for any expansion
4404 metacharacters, and if there are none, just return the input string.
4405
4406 Argument: the string to be expanded
4407 Returns: the expanded string, or NULL if expansion failed; if failure was
4408 due to a lookup deferring, search_find_defer will be TRUE
4409 */
4410
4411 uschar *
4412 expand_string(uschar *string)
4413 {
4414 search_find_defer = FALSE;
4415 malformed_header = FALSE;
4416 return (Ustrpbrk(string, "$\\") == NULL)? string :
4417 expand_string_internal(string, FALSE, NULL, FALSE);
4418 }
4419
4420
4421
4422 /*************************************************
4423 * Expand and copy *
4424 *************************************************/
4425
4426 /* Now and again we want to expand a string and be sure that the result is in a
4427 new bit of store. This function does that.
4428
4429 Argument: the string to be expanded
4430 Returns: the expanded string, always in a new bit of store, or NULL
4431 */
4432
4433 uschar *
4434 expand_string_copy(uschar *string)
4435 {
4436 uschar *yield = expand_string(string);
4437 if (yield == string) yield = string_copy(string);
4438 return yield;
4439 }
4440
4441
4442
4443 /*************************************************
4444 * Expand and interpret as an integer *
4445 *************************************************/
4446
4447 /* Expand a string, and convert the result into an integer.
4448
4449 Argument: the string to be expanded
4450
4451 Returns: the integer value, or
4452 -1 for an expansion error ) in both cases, message in
4453 -2 for an integer interpretation error ) expand_string_message
4454
4455 */
4456
4457 int
4458 expand_string_integer(uschar *string)
4459 {
4460 long int value;
4461 uschar *s = expand_string(string);
4462 uschar *msg = US"invalid integer \"%s\"";
4463 uschar *endptr;
4464
4465 if (s == NULL) return -1;
4466
4467 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
4468 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
4469 systems, so we set it zero ourselves. */
4470
4471 errno = 0;
4472 value = strtol(CS s, CSS &endptr, 0);
4473
4474 if (endptr == s)
4475 {
4476 msg = US"integer expected but \"%s\" found";
4477 }
4478 else
4479 {
4480 /* Ensure we can cast this down to an int */
4481 if (value > INT_MAX || value < INT_MIN) errno = ERANGE;
4482
4483 if (errno != ERANGE)
4484 {
4485 if (tolower(*endptr) == 'k')
4486 {
4487 if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE;
4488 else value *= 1024;
4489 endptr++;
4490 }
4491 else if (tolower(*endptr) == 'm')
4492 {
4493 if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024))
4494 errno = ERANGE;
4495 else value *= 1024*1024;
4496 endptr++;
4497 }
4498 }
4499 if (errno == ERANGE)
4500 msg = US"absolute value of integer \"%s\" is too large (overflow)";
4501 else
4502 {
4503 while (isspace(*endptr)) endptr++;
4504 if (*endptr == 0) return (int)value;
4505 }
4506 }
4507
4508 expand_string_message = string_sprintf(CS msg, s);
4509 return -2;
4510 }
4511
4512
4513
4514 /*************************************************
4515 **************************************************
4516 * Stand-alone test program *
4517 **************************************************
4518 *************************************************/
4519
4520 #ifdef STAND_ALONE
4521
4522
4523 BOOL
4524 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
4525 {
4526 int ovector[3*(EXPAND_MAXN+1)];
4527 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
4528 ovector, sizeof(ovector)/sizeof(int));
4529 BOOL yield = n >= 0;
4530 if (n == 0) n = EXPAND_MAXN + 1;
4531 if (yield)
4532 {
4533 int nn;
4534 expand_nmax = (setup < 0)? 0 : setup + 1;
4535 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
4536 {
4537 expand_nstring[expand_nmax] = subject + ovector[nn];
4538 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4539 }
4540 expand_nmax--;
4541 }
4542 return yield;
4543 }
4544
4545
4546 int main(int argc, uschar **argv)
4547 {
4548 int i;
4549 uschar buffer[1024];
4550
4551 debug_selector = D_v;
4552 debug_file = stderr;
4553 debug_fd = fileno(debug_file);
4554 big_buffer = malloc(big_buffer_size);
4555
4556 for (i = 1; i < argc; i++)
4557 {
4558 if (argv[i][0] == '+')
4559 {
4560 debug_trace_memory = 2;
4561 argv[i]++;
4562 }
4563 if (isdigit(argv[i][0]))
4564 debug_selector = Ustrtol(argv[i], NULL, 0);
4565 else
4566 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
4567 Ustrlen(argv[i]))
4568 {
4569 #ifdef LOOKUP_LDAP
4570 eldap_default_servers = argv[i];
4571 #endif
4572 #ifdef LOOKUP_MYSQL
4573 mysql_servers = argv[i];
4574 #endif
4575 #ifdef LOOKUP_PGSQL
4576 pgsql_servers = argv[i];
4577 #endif
4578 }
4579 #ifdef EXIM_PERL
4580 else opt_perl_startup = argv[i];
4581 #endif
4582 }
4583
4584 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
4585
4586 expand_nstring[1] = US"string 1....";
4587 expand_nlength[1] = 8;
4588 expand_nmax = 1;
4589
4590 #ifdef EXIM_PERL
4591 if (opt_perl_startup != NULL)
4592 {
4593 uschar *errstr;
4594 printf("Starting Perl interpreter\n");
4595 errstr = init_perl(opt_perl_startup);
4596 if (errstr != NULL)
4597 {
4598 printf("** error in perl_startup code: %s\n", errstr);
4599 return EXIT_FAILURE;
4600 }
4601 }
4602 #endif /* EXIM_PERL */
4603
4604 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
4605 {
4606 void *reset_point = store_get(0);
4607 uschar *yield = expand_string(buffer);
4608 if (yield != NULL)
4609 {
4610 printf("%s\n", yield);
4611 store_reset(reset_point);
4612 }
4613 else
4614 {
4615 if (search_find_defer) printf("search_find deferred\n");
4616 printf("Failed: %s\n", expand_string_message);
4617 if (expand_string_forcedfail) printf("Forced failure\n");
4618 printf("\n");
4619 }
4620 }
4621
4622 search_tidyup();
4623
4624 return 0;
4625 }
4626
4627 #endif
4628
4629 /* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.