TLS: move from SUPPORT_TLS to DISABLE_TLS macro for the build
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 US"substr",
133 US"tr" };
134
135 enum {
136 EITEM_ACL,
137 EITEM_AUTHRESULTS,
138 EITEM_CERTEXTRACT,
139 EITEM_DLFUNC,
140 EITEM_ENV,
141 EITEM_EXTRACT,
142 EITEM_FILTER,
143 EITEM_HASH,
144 EITEM_HMAC,
145 EITEM_IF,
146 #ifdef SUPPORT_I18N
147 EITEM_IMAPFOLDER,
148 #endif
149 EITEM_LENGTH,
150 EITEM_LISTEXTRACT,
151 EITEM_LOOKUP,
152 EITEM_MAP,
153 EITEM_NHASH,
154 EITEM_PERL,
155 EITEM_PRVS,
156 EITEM_PRVSCHECK,
157 EITEM_READFILE,
158 EITEM_READSOCK,
159 EITEM_REDUCE,
160 EITEM_RUN,
161 EITEM_SG,
162 EITEM_SORT,
163 EITEM_SUBSTR,
164 EITEM_TR };
165
166 /* Tables of operator names, and corresponding switch numbers. The names must be
167 in alphabetical order. There are two tables, because underscore is used in some
168 cases to introduce arguments, whereas for other it is part of the name. This is
169 an historical mis-design. */
170
171 static uschar *op_table_underscore[] = {
172 US"from_utf8",
173 US"local_part",
174 US"quote_local_part",
175 US"reverse_ip",
176 US"time_eval",
177 US"time_interval"
178 #ifdef SUPPORT_I18N
179 ,US"utf8_domain_from_alabel",
180 US"utf8_domain_to_alabel",
181 US"utf8_localpart_from_alabel",
182 US"utf8_localpart_to_alabel"
183 #endif
184 };
185
186 enum {
187 EOP_FROM_UTF8,
188 EOP_LOCAL_PART,
189 EOP_QUOTE_LOCAL_PART,
190 EOP_REVERSE_IP,
191 EOP_TIME_EVAL,
192 EOP_TIME_INTERVAL
193 #ifdef SUPPORT_I18N
194 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
195 EOP_UTF8_DOMAIN_TO_ALABEL,
196 EOP_UTF8_LOCALPART_FROM_ALABEL,
197 EOP_UTF8_LOCALPART_TO_ALABEL
198 #endif
199 };
200
201 static uschar *op_table_main[] = {
202 US"address",
203 US"addresses",
204 US"base32",
205 US"base32d",
206 US"base62",
207 US"base62d",
208 US"base64",
209 US"base64d",
210 US"domain",
211 US"escape",
212 US"escape8bit",
213 US"eval",
214 US"eval10",
215 US"expand",
216 US"h",
217 US"hash",
218 US"hex2b64",
219 US"hexquote",
220 US"ipv6denorm",
221 US"ipv6norm",
222 US"l",
223 US"lc",
224 US"length",
225 US"listcount",
226 US"listnamed",
227 US"mask",
228 US"md5",
229 US"nh",
230 US"nhash",
231 US"quote",
232 US"randint",
233 US"rfc2047",
234 US"rfc2047d",
235 US"rxquote",
236 US"s",
237 US"sha1",
238 US"sha2",
239 US"sha256",
240 US"sha3",
241 US"stat",
242 US"str2b64",
243 US"strlen",
244 US"substr",
245 US"uc",
246 US"utf8clean" };
247
248 enum {
249 EOP_ADDRESS = nelem(op_table_underscore),
250 EOP_ADDRESSES,
251 EOP_BASE32,
252 EOP_BASE32D,
253 EOP_BASE62,
254 EOP_BASE62D,
255 EOP_BASE64,
256 EOP_BASE64D,
257 EOP_DOMAIN,
258 EOP_ESCAPE,
259 EOP_ESCAPE8BIT,
260 EOP_EVAL,
261 EOP_EVAL10,
262 EOP_EXPAND,
263 EOP_H,
264 EOP_HASH,
265 EOP_HEX2B64,
266 EOP_HEXQUOTE,
267 EOP_IPV6DENORM,
268 EOP_IPV6NORM,
269 EOP_L,
270 EOP_LC,
271 EOP_LENGTH,
272 EOP_LISTCOUNT,
273 EOP_LISTNAMED,
274 EOP_MASK,
275 EOP_MD5,
276 EOP_NH,
277 EOP_NHASH,
278 EOP_QUOTE,
279 EOP_RANDINT,
280 EOP_RFC2047,
281 EOP_RFC2047D,
282 EOP_RXQUOTE,
283 EOP_S,
284 EOP_SHA1,
285 EOP_SHA2,
286 EOP_SHA256,
287 EOP_SHA3,
288 EOP_STAT,
289 EOP_STR2B64,
290 EOP_STRLEN,
291 EOP_SUBSTR,
292 EOP_UC,
293 EOP_UTF8CLEAN };
294
295
296 /* Table of condition names, and corresponding switch numbers. The names must
297 be in alphabetical order. */
298
299 static uschar *cond_table[] = {
300 US"<",
301 US"<=",
302 US"=",
303 US"==", /* Backward compatibility */
304 US">",
305 US">=",
306 US"acl",
307 US"and",
308 US"bool",
309 US"bool_lax",
310 US"crypteq",
311 US"def",
312 US"eq",
313 US"eqi",
314 US"exists",
315 US"first_delivery",
316 US"forall",
317 US"forall_json",
318 US"forall_jsons",
319 US"forany",
320 US"forany_json",
321 US"forany_jsons",
322 US"ge",
323 US"gei",
324 US"gt",
325 US"gti",
326 US"inlist",
327 US"inlisti",
328 US"isip",
329 US"isip4",
330 US"isip6",
331 US"ldapauth",
332 US"le",
333 US"lei",
334 US"lt",
335 US"lti",
336 US"match",
337 US"match_address",
338 US"match_domain",
339 US"match_ip",
340 US"match_local_part",
341 US"or",
342 US"pam",
343 US"pwcheck",
344 US"queue_running",
345 US"radius",
346 US"saslauthd"
347 };
348
349 enum {
350 ECOND_NUM_L,
351 ECOND_NUM_LE,
352 ECOND_NUM_E,
353 ECOND_NUM_EE,
354 ECOND_NUM_G,
355 ECOND_NUM_GE,
356 ECOND_ACL,
357 ECOND_AND,
358 ECOND_BOOL,
359 ECOND_BOOL_LAX,
360 ECOND_CRYPTEQ,
361 ECOND_DEF,
362 ECOND_STR_EQ,
363 ECOND_STR_EQI,
364 ECOND_EXISTS,
365 ECOND_FIRST_DELIVERY,
366 ECOND_FORALL,
367 ECOND_FORALL_JSON,
368 ECOND_FORALL_JSONS,
369 ECOND_FORANY,
370 ECOND_FORANY_JSON,
371 ECOND_FORANY_JSONS,
372 ECOND_STR_GE,
373 ECOND_STR_GEI,
374 ECOND_STR_GT,
375 ECOND_STR_GTI,
376 ECOND_INLIST,
377 ECOND_INLISTI,
378 ECOND_ISIP,
379 ECOND_ISIP4,
380 ECOND_ISIP6,
381 ECOND_LDAPAUTH,
382 ECOND_STR_LE,
383 ECOND_STR_LEI,
384 ECOND_STR_LT,
385 ECOND_STR_LTI,
386 ECOND_MATCH,
387 ECOND_MATCH_ADDRESS,
388 ECOND_MATCH_DOMAIN,
389 ECOND_MATCH_IP,
390 ECOND_MATCH_LOCAL_PART,
391 ECOND_OR,
392 ECOND_PAM,
393 ECOND_PWCHECK,
394 ECOND_QUEUE_RUNNING,
395 ECOND_RADIUS,
396 ECOND_SASLAUTHD
397 };
398
399
400 /* Types of table entry */
401
402 enum vtypes {
403 vtype_int, /* value is address of int */
404 vtype_filter_int, /* ditto, but recognized only when filtering */
405 vtype_ino, /* value is address of ino_t (not always an int) */
406 vtype_uid, /* value is address of uid_t (not always an int) */
407 vtype_gid, /* value is address of gid_t (not always an int) */
408 vtype_bool, /* value is address of bool */
409 vtype_stringptr, /* value is address of pointer to string */
410 vtype_msgbody, /* as stringptr, but read when first required */
411 vtype_msgbody_end, /* ditto, the end of the message */
412 vtype_msgheaders, /* the message's headers, processed */
413 vtype_msgheaders_raw, /* the message's headers, unprocessed */
414 vtype_localpart, /* extract local part from string */
415 vtype_domain, /* extract domain from string */
416 vtype_string_func, /* value is string returned by given function */
417 vtype_todbsdin, /* value not used; generate BSD inbox tod */
418 vtype_tode, /* value not used; generate tod in epoch format */
419 vtype_todel, /* value not used; generate tod in epoch/usec format */
420 vtype_todf, /* value not used; generate full tod */
421 vtype_todl, /* value not used; generate log tod */
422 vtype_todlf, /* value not used; generate log file datestamp tod */
423 vtype_todzone, /* value not used; generate time zone only */
424 vtype_todzulu, /* value not used; generate zulu tod */
425 vtype_reply, /* value not used; get reply from headers */
426 vtype_pid, /* value not used; result is pid */
427 vtype_host_lookup, /* value not used; get host name */
428 vtype_load_avg, /* value not used; result is int from os_getloadavg */
429 vtype_pspace, /* partition space; value is T/F for spool/log */
430 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
431 vtype_cert /* SSL certificate */
432 #ifndef DISABLE_DKIM
433 ,vtype_dkim /* Lookup of value in DKIM signature */
434 #endif
435 };
436
437 /* Type for main variable table */
438
439 typedef struct {
440 const char *name;
441 enum vtypes type;
442 void *value;
443 } var_entry;
444
445 /* Type for entries pointing to address/length pairs. Not currently
446 in use. */
447
448 typedef struct {
449 uschar **address;
450 int *length;
451 } alblock;
452
453 static uschar * fn_recipients(void);
454
455 /* This table must be kept in alphabetical order. */
456
457 static var_entry var_table[] = {
458 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
459 they will be confused with user-creatable ACL variables. */
460 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
461 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
462 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
463 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
464 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
465 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
466 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
467 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
468 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
469 { "acl_narg", vtype_int, &acl_narg },
470 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
471 { "address_data", vtype_stringptr, &deliver_address_data },
472 { "address_file", vtype_stringptr, &address_file },
473 { "address_pipe", vtype_stringptr, &address_pipe },
474 #ifdef EXPERIMENTAL_ARC
475 { "arc_domains", vtype_string_func, &fn_arc_domains },
476 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
477 { "arc_state", vtype_stringptr, &arc_state },
478 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
479 #endif
480 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
481 { "authenticated_id", vtype_stringptr, &authenticated_id },
482 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
483 { "authentication_failed",vtype_int, &authentication_failed },
484 #ifdef WITH_CONTENT_SCAN
485 { "av_failed", vtype_int, &av_failed },
486 #endif
487 #ifdef EXPERIMENTAL_BRIGHTMAIL
488 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
489 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
490 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
491 { "bmi_deliver", vtype_int, &bmi_deliver },
492 #endif
493 { "body_linecount", vtype_int, &body_linecount },
494 { "body_zerocount", vtype_int, &body_zerocount },
495 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
496 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
497 { "caller_gid", vtype_gid, &real_gid },
498 { "caller_uid", vtype_uid, &real_uid },
499 { "callout_address", vtype_stringptr, &callout_address },
500 { "compile_date", vtype_stringptr, &version_date },
501 { "compile_number", vtype_stringptr, &version_cnumber },
502 { "config_dir", vtype_stringptr, &config_main_directory },
503 { "config_file", vtype_stringptr, &config_main_filename },
504 { "csa_status", vtype_stringptr, &csa_status },
505 #ifdef EXPERIMENTAL_DCC
506 { "dcc_header", vtype_stringptr, &dcc_header },
507 { "dcc_result", vtype_stringptr, &dcc_result },
508 #endif
509 #ifndef DISABLE_DKIM
510 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
511 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
512 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
513 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
514 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
515 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
516 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
517 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
518 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
519 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
520 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
521 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
522 { "dkim_key_length", vtype_int, &dkim_key_length },
523 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
524 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
525 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
526 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
527 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
528 { "dkim_signers", vtype_stringptr, &dkim_signers },
529 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
530 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
531 #endif
532 #ifdef EXPERIMENTAL_DMARC
533 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
534 { "dmarc_status", vtype_stringptr, &dmarc_status },
535 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
536 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
537 #endif
538 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
539 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
540 { "dnslist_text", vtype_stringptr, &dnslist_text },
541 { "dnslist_value", vtype_stringptr, &dnslist_value },
542 { "domain", vtype_stringptr, &deliver_domain },
543 { "domain_data", vtype_stringptr, &deliver_domain_data },
544 #ifndef DISABLE_EVENT
545 { "event_data", vtype_stringptr, &event_data },
546
547 /*XXX want to use generic vars for as many of these as possible*/
548 { "event_defer_errno", vtype_int, &event_defer_errno },
549
550 { "event_name", vtype_stringptr, &event_name },
551 #endif
552 { "exim_gid", vtype_gid, &exim_gid },
553 { "exim_path", vtype_stringptr, &exim_path },
554 { "exim_uid", vtype_uid, &exim_uid },
555 { "exim_version", vtype_stringptr, &version_string },
556 { "headers_added", vtype_string_func, &fn_hdrs_added },
557 { "home", vtype_stringptr, &deliver_home },
558 { "host", vtype_stringptr, &deliver_host },
559 { "host_address", vtype_stringptr, &deliver_host_address },
560 { "host_data", vtype_stringptr, &host_data },
561 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
562 { "host_lookup_failed", vtype_int, &host_lookup_failed },
563 { "host_port", vtype_int, &deliver_host_port },
564 { "initial_cwd", vtype_stringptr, &initial_cwd },
565 { "inode", vtype_ino, &deliver_inode },
566 { "interface_address", vtype_stringptr, &interface_address },
567 { "interface_port", vtype_int, &interface_port },
568 { "item", vtype_stringptr, &iterate_item },
569 #ifdef LOOKUP_LDAP
570 { "ldap_dn", vtype_stringptr, &eldap_dn },
571 #endif
572 { "load_average", vtype_load_avg, NULL },
573 { "local_part", vtype_stringptr, &deliver_localpart },
574 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
575 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
576 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
577 #ifdef HAVE_LOCAL_SCAN
578 { "local_scan_data", vtype_stringptr, &local_scan_data },
579 #endif
580 { "local_user_gid", vtype_gid, &local_user_gid },
581 { "local_user_uid", vtype_uid, &local_user_uid },
582 { "localhost_number", vtype_int, &host_number },
583 { "log_inodes", vtype_pinodes, (void *)FALSE },
584 { "log_space", vtype_pspace, (void *)FALSE },
585 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
586 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
587 #ifdef WITH_CONTENT_SCAN
588 { "malware_name", vtype_stringptr, &malware_name },
589 #endif
590 { "max_received_linelength", vtype_int, &max_received_linelength },
591 { "message_age", vtype_int, &message_age },
592 { "message_body", vtype_msgbody, &message_body },
593 { "message_body_end", vtype_msgbody_end, &message_body_end },
594 { "message_body_size", vtype_int, &message_body_size },
595 { "message_exim_id", vtype_stringptr, &message_id },
596 { "message_headers", vtype_msgheaders, NULL },
597 { "message_headers_raw", vtype_msgheaders_raw, NULL },
598 { "message_id", vtype_stringptr, &message_id },
599 { "message_linecount", vtype_int, &message_linecount },
600 { "message_size", vtype_int, &message_size },
601 #ifdef SUPPORT_I18N
602 { "message_smtputf8", vtype_bool, &message_smtputf8 },
603 #endif
604 #ifdef WITH_CONTENT_SCAN
605 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
606 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
607 { "mime_boundary", vtype_stringptr, &mime_boundary },
608 { "mime_charset", vtype_stringptr, &mime_charset },
609 { "mime_content_description", vtype_stringptr, &mime_content_description },
610 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
611 { "mime_content_id", vtype_stringptr, &mime_content_id },
612 { "mime_content_size", vtype_int, &mime_content_size },
613 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
614 { "mime_content_type", vtype_stringptr, &mime_content_type },
615 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
616 { "mime_filename", vtype_stringptr, &mime_filename },
617 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
618 { "mime_is_multipart", vtype_int, &mime_is_multipart },
619 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
620 { "mime_part_count", vtype_int, &mime_part_count },
621 #endif
622 { "n0", vtype_filter_int, &filter_n[0] },
623 { "n1", vtype_filter_int, &filter_n[1] },
624 { "n2", vtype_filter_int, &filter_n[2] },
625 { "n3", vtype_filter_int, &filter_n[3] },
626 { "n4", vtype_filter_int, &filter_n[4] },
627 { "n5", vtype_filter_int, &filter_n[5] },
628 { "n6", vtype_filter_int, &filter_n[6] },
629 { "n7", vtype_filter_int, &filter_n[7] },
630 { "n8", vtype_filter_int, &filter_n[8] },
631 { "n9", vtype_filter_int, &filter_n[9] },
632 { "original_domain", vtype_stringptr, &deliver_domain_orig },
633 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
634 { "originator_gid", vtype_gid, &originator_gid },
635 { "originator_uid", vtype_uid, &originator_uid },
636 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
637 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
638 { "pid", vtype_pid, NULL },
639 #ifndef DISABLE_PRDR
640 { "prdr_requested", vtype_bool, &prdr_requested },
641 #endif
642 { "primary_hostname", vtype_stringptr, &primary_hostname },
643 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
644 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
645 { "proxy_external_port", vtype_int, &proxy_external_port },
646 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
647 { "proxy_local_port", vtype_int, &proxy_local_port },
648 { "proxy_session", vtype_bool, &proxy_session },
649 #endif
650 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
651 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
652 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
653 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
654 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
655 { "queue_name", vtype_stringptr, &queue_name },
656 { "rcpt_count", vtype_int, &rcpt_count },
657 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
658 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
659 { "received_count", vtype_int, &received_count },
660 { "received_for", vtype_stringptr, &received_for },
661 { "received_ip_address", vtype_stringptr, &interface_address },
662 { "received_port", vtype_int, &interface_port },
663 { "received_protocol", vtype_stringptr, &received_protocol },
664 { "received_time", vtype_int, &received_time.tv_sec },
665 { "recipient_data", vtype_stringptr, &recipient_data },
666 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
667 { "recipients", vtype_string_func, &fn_recipients },
668 { "recipients_count", vtype_int, &recipients_count },
669 #ifdef WITH_CONTENT_SCAN
670 { "regex_match_string", vtype_stringptr, &regex_match_string },
671 #endif
672 { "reply_address", vtype_reply, NULL },
673 { "return_path", vtype_stringptr, &return_path },
674 { "return_size_limit", vtype_int, &bounce_return_size_limit },
675 { "router_name", vtype_stringptr, &router_name },
676 { "runrc", vtype_int, &runrc },
677 { "self_hostname", vtype_stringptr, &self_hostname },
678 { "sender_address", vtype_stringptr, &sender_address },
679 { "sender_address_data", vtype_stringptr, &sender_address_data },
680 { "sender_address_domain", vtype_domain, &sender_address },
681 { "sender_address_local_part", vtype_localpart, &sender_address },
682 { "sender_data", vtype_stringptr, &sender_data },
683 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
684 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
685 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
686 { "sender_host_address", vtype_stringptr, &sender_host_address },
687 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
688 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
689 { "sender_host_name", vtype_host_lookup, NULL },
690 { "sender_host_port", vtype_int, &sender_host_port },
691 { "sender_ident", vtype_stringptr, &sender_ident },
692 { "sender_rate", vtype_stringptr, &sender_rate },
693 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
694 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
695 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
696 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
697 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
698 { "sending_port", vtype_int, &sending_port },
699 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
700 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
701 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
702 { "smtp_command_history", vtype_string_func, &smtp_cmd_hist },
703 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
704 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
705 { "sn0", vtype_filter_int, &filter_sn[0] },
706 { "sn1", vtype_filter_int, &filter_sn[1] },
707 { "sn2", vtype_filter_int, &filter_sn[2] },
708 { "sn3", vtype_filter_int, &filter_sn[3] },
709 { "sn4", vtype_filter_int, &filter_sn[4] },
710 { "sn5", vtype_filter_int, &filter_sn[5] },
711 { "sn6", vtype_filter_int, &filter_sn[6] },
712 { "sn7", vtype_filter_int, &filter_sn[7] },
713 { "sn8", vtype_filter_int, &filter_sn[8] },
714 { "sn9", vtype_filter_int, &filter_sn[9] },
715 #ifdef WITH_CONTENT_SCAN
716 { "spam_action", vtype_stringptr, &spam_action },
717 { "spam_bar", vtype_stringptr, &spam_bar },
718 { "spam_report", vtype_stringptr, &spam_report },
719 { "spam_score", vtype_stringptr, &spam_score },
720 { "spam_score_int", vtype_stringptr, &spam_score_int },
721 #endif
722 #ifdef SUPPORT_SPF
723 { "spf_guess", vtype_stringptr, &spf_guess },
724 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
725 { "spf_received", vtype_stringptr, &spf_received },
726 { "spf_result", vtype_stringptr, &spf_result },
727 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
728 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
729 #endif
730 { "spool_directory", vtype_stringptr, &spool_directory },
731 { "spool_inodes", vtype_pinodes, (void *)TRUE },
732 { "spool_space", vtype_pspace, (void *)TRUE },
733 #ifdef EXPERIMENTAL_SRS
734 { "srs_db_address", vtype_stringptr, &srs_db_address },
735 { "srs_db_key", vtype_stringptr, &srs_db_key },
736 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
737 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
738 { "srs_recipient", vtype_stringptr, &srs_recipient },
739 { "srs_status", vtype_stringptr, &srs_status },
740 #endif
741 { "thisaddress", vtype_stringptr, &filter_thisaddress },
742
743 /* The non-(in,out) variables are now deprecated */
744 { "tls_bits", vtype_int, &tls_in.bits },
745 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
746 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
747
748 { "tls_in_bits", vtype_int, &tls_in.bits },
749 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
750 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
751 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
752 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
753 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
754 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
755 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
756 #ifdef EXPERIMENTAL_TLS_RESUME
757 { "tls_in_resumption", vtype_int, &tls_in.resumption },
758 #endif
759 #ifndef DISABLE_TLS
760 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
761 #endif
762 { "tls_out_bits", vtype_int, &tls_out.bits },
763 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
764 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
765 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
766 #ifdef SUPPORT_DANE
767 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
768 #endif
769 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
770 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
771 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
772 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
773 #ifdef EXPERIMENTAL_TLS_RESUME
774 { "tls_out_resumption", vtype_int, &tls_out.resumption },
775 #endif
776 #ifndef DISABLE_TLS
777 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
778 #endif
779 #ifdef SUPPORT_DANE
780 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
781 #endif
782
783 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
784 #ifndef DISABLE_TLS
785 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
786 #endif
787
788 { "tod_bsdinbox", vtype_todbsdin, NULL },
789 { "tod_epoch", vtype_tode, NULL },
790 { "tod_epoch_l", vtype_todel, NULL },
791 { "tod_full", vtype_todf, NULL },
792 { "tod_log", vtype_todl, NULL },
793 { "tod_logfile", vtype_todlf, NULL },
794 { "tod_zone", vtype_todzone, NULL },
795 { "tod_zulu", vtype_todzulu, NULL },
796 { "transport_name", vtype_stringptr, &transport_name },
797 { "value", vtype_stringptr, &lookup_value },
798 { "verify_mode", vtype_stringptr, &verify_mode },
799 { "version_number", vtype_stringptr, &version_string },
800 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
801 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
802 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
803 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
804 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
805 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
806 };
807
808 static int var_table_size = nelem(var_table);
809 static uschar var_buffer[256];
810 static BOOL malformed_header;
811
812 /* For textual hashes */
813
814 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
815 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
816 "0123456789";
817
818 enum { HMAC_MD5, HMAC_SHA1 };
819
820 /* For numeric hashes */
821
822 static unsigned int prime[] = {
823 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
824 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
825 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
826
827 /* For printing modes in symbolic form */
828
829 static uschar *mtable_normal[] =
830 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
831
832 static uschar *mtable_setid[] =
833 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
834
835 static uschar *mtable_sticky[] =
836 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
837
838 /* flags for find_header() */
839 #define FH_EXISTS_ONLY BIT(0)
840 #define FH_WANT_RAW BIT(1)
841 #define FH_WANT_LIST BIT(2)
842
843
844 /*************************************************
845 * Tables for UTF-8 support *
846 *************************************************/
847
848 /* Table of the number of extra characters, indexed by the first character
849 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
850 0x3d. */
851
852 static uschar utf8_table1[] = {
853 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
854 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
855 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
856 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
857
858 /* These are the masks for the data bits in the first byte of a character,
859 indexed by the number of additional bytes. */
860
861 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
862
863 /* Get the next UTF-8 character, advancing the pointer. */
864
865 #define GETUTF8INC(c, ptr) \
866 c = *ptr++; \
867 if ((c & 0xc0) == 0xc0) \
868 { \
869 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
870 int s = 6*a; \
871 c = (c & utf8_table2[a]) << s; \
872 while (a-- > 0) \
873 { \
874 s -= 6; \
875 c |= (*ptr++ & 0x3f) << s; \
876 } \
877 }
878
879
880
881 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
882
883 /*************************************************
884 * Binary chop search on a table *
885 *************************************************/
886
887 /* This is used for matching expansion items and operators.
888
889 Arguments:
890 name the name that is being sought
891 table the table to search
892 table_size the number of items in the table
893
894 Returns: the offset in the table, or -1
895 */
896
897 static int
898 chop_match(uschar *name, uschar **table, int table_size)
899 {
900 uschar **bot = table;
901 uschar **top = table + table_size;
902
903 while (top > bot)
904 {
905 uschar **mid = bot + (top - bot)/2;
906 int c = Ustrcmp(name, *mid);
907 if (c == 0) return mid - table;
908 if (c > 0) bot = mid + 1; else top = mid;
909 }
910
911 return -1;
912 }
913
914
915
916 /*************************************************
917 * Check a condition string *
918 *************************************************/
919
920 /* This function is called to expand a string, and test the result for a "true"
921 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
922 forced fail or lookup defer.
923
924 We used to release all store used, but this is not not safe due
925 to ${dlfunc } and ${acl }. In any case expand_string_internal()
926 is reasonably careful to release what it can.
927
928 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
929
930 Arguments:
931 condition the condition string
932 m1 text to be incorporated in panic error
933 m2 ditto
934
935 Returns: TRUE if condition is met, FALSE if not
936 */
937
938 BOOL
939 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
940 {
941 int rc;
942 uschar *ss = expand_string(condition);
943 if (ss == NULL)
944 {
945 if (!f.expand_string_forcedfail && !f.search_find_defer)
946 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
947 "for %s %s: %s", condition, m1, m2, expand_string_message);
948 return FALSE;
949 }
950 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
951 strcmpic(ss, US"false") != 0;
952 return rc;
953 }
954
955
956
957
958 /*************************************************
959 * Pseudo-random number generation *
960 *************************************************/
961
962 /* Pseudo-random number generation. The result is not "expected" to be
963 cryptographically strong but not so weak that someone will shoot themselves
964 in the foot using it as a nonce in some email header scheme or whatever
965 weirdness they'll twist this into. The result should ideally handle fork().
966
967 However, if we're stuck unable to provide this, then we'll fall back to
968 appallingly bad randomness.
969
970 If DISABLE_TLS is not defined then this will not be used except as an emergency
971 fallback.
972
973 Arguments:
974 max range maximum
975 Returns a random number in range [0, max-1]
976 */
977
978 #ifndef DISABLE_TLS
979 # define vaguely_random_number vaguely_random_number_fallback
980 #endif
981 int
982 vaguely_random_number(int max)
983 {
984 #ifndef DISABLE_TLS
985 # undef vaguely_random_number
986 #endif
987 static pid_t pid = 0;
988 pid_t p2;
989
990 if ((p2 = getpid()) != pid)
991 {
992 if (pid != 0)
993 {
994
995 #ifdef HAVE_ARC4RANDOM
996 /* cryptographically strong randomness, common on *BSD platforms, not
997 so much elsewhere. Alas. */
998 # ifndef NOT_HAVE_ARC4RANDOM_STIR
999 arc4random_stir();
1000 # endif
1001 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1002 # ifdef HAVE_SRANDOMDEV
1003 /* uses random(4) for seeding */
1004 srandomdev();
1005 # else
1006 {
1007 struct timeval tv;
1008 gettimeofday(&tv, NULL);
1009 srandom(tv.tv_sec | tv.tv_usec | getpid());
1010 }
1011 # endif
1012 #else
1013 /* Poor randomness and no seeding here */
1014 #endif
1015
1016 }
1017 pid = p2;
1018 }
1019
1020 #ifdef HAVE_ARC4RANDOM
1021 return arc4random() % max;
1022 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1023 return random() % max;
1024 #else
1025 /* This one returns a 16-bit number, definitely not crypto-strong */
1026 return random_number(max);
1027 #endif
1028 }
1029
1030
1031
1032
1033 /*************************************************
1034 * Pick out a name from a string *
1035 *************************************************/
1036
1037 /* If the name is too long, it is silently truncated.
1038
1039 Arguments:
1040 name points to a buffer into which to put the name
1041 max is the length of the buffer
1042 s points to the first alphabetic character of the name
1043 extras chars other than alphanumerics to permit
1044
1045 Returns: pointer to the first character after the name
1046
1047 Note: The test for *s != 0 in the while loop is necessary because
1048 Ustrchr() yields non-NULL if the character is zero (which is not something
1049 I expected). */
1050
1051 static const uschar *
1052 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1053 {
1054 int ptr = 0;
1055 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1056 {
1057 if (ptr < max-1) name[ptr++] = *s;
1058 s++;
1059 }
1060 name[ptr] = 0;
1061 return s;
1062 }
1063
1064
1065
1066 /*************************************************
1067 * Pick out the rest of a header name *
1068 *************************************************/
1069
1070 /* A variable name starting $header_ (or just $h_ for those who like
1071 abbreviations) might not be the complete header name because headers can
1072 contain any printing characters in their names, except ':'. This function is
1073 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1074 on the end, if the name was terminated by white space.
1075
1076 Arguments:
1077 name points to a buffer in which the name read so far exists
1078 max is the length of the buffer
1079 s points to the first character after the name so far, i.e. the
1080 first non-alphameric character after $header_xxxxx
1081
1082 Returns: a pointer to the first character after the header name
1083 */
1084
1085 static const uschar *
1086 read_header_name(uschar *name, int max, const uschar *s)
1087 {
1088 int prelen = Ustrchr(name, '_') - name + 1;
1089 int ptr = Ustrlen(name) - prelen;
1090 if (ptr > 0) memmove(name, name+prelen, ptr);
1091 while (mac_isgraph(*s) && *s != ':')
1092 {
1093 if (ptr < max-1) name[ptr++] = *s;
1094 s++;
1095 }
1096 if (*s == ':') s++;
1097 name[ptr++] = ':';
1098 name[ptr] = 0;
1099 return s;
1100 }
1101
1102
1103
1104 /*************************************************
1105 * Pick out a number from a string *
1106 *************************************************/
1107
1108 /* Arguments:
1109 n points to an integer into which to put the number
1110 s points to the first digit of the number
1111
1112 Returns: a pointer to the character after the last digit
1113 */
1114 /*XXX consider expanding to int_eximarith_t. But the test for
1115 "overbig numbers" in 0002 still needs to overflow it. */
1116
1117 static uschar *
1118 read_number(int *n, uschar *s)
1119 {
1120 *n = 0;
1121 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1122 return s;
1123 }
1124
1125 static const uschar *
1126 read_cnumber(int *n, const uschar *s)
1127 {
1128 *n = 0;
1129 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1130 return s;
1131 }
1132
1133
1134
1135 /*************************************************
1136 * Extract keyed subfield from a string *
1137 *************************************************/
1138
1139 /* The yield is in dynamic store; NULL means that the key was not found.
1140
1141 Arguments:
1142 key points to the name of the key
1143 s points to the string from which to extract the subfield
1144
1145 Returns: NULL if the subfield was not found, or
1146 a pointer to the subfield's data
1147 */
1148
1149 static uschar *
1150 expand_getkeyed(uschar * key, const uschar * s)
1151 {
1152 int length = Ustrlen(key);
1153 while (isspace(*s)) s++;
1154
1155 /* Loop to search for the key */
1156
1157 while (*s)
1158 {
1159 int dkeylength;
1160 uschar * data;
1161 const uschar * dkey = s;
1162
1163 while (*s && *s != '=' && !isspace(*s)) s++;
1164 dkeylength = s - dkey;
1165 while (isspace(*s)) s++;
1166 if (*s == '=') while (isspace((*(++s))));
1167
1168 data = string_dequote(&s);
1169 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1170 return data;
1171
1172 while (isspace(*s)) s++;
1173 }
1174
1175 return NULL;
1176 }
1177
1178
1179
1180 static var_entry *
1181 find_var_ent(uschar * name)
1182 {
1183 int first = 0;
1184 int last = var_table_size;
1185
1186 while (last > first)
1187 {
1188 int middle = (first + last)/2;
1189 int c = Ustrcmp(name, var_table[middle].name);
1190
1191 if (c > 0) { first = middle + 1; continue; }
1192 if (c < 0) { last = middle; continue; }
1193 return &var_table[middle];
1194 }
1195 return NULL;
1196 }
1197
1198 /*************************************************
1199 * Extract numbered subfield from string *
1200 *************************************************/
1201
1202 /* Extracts a numbered field from a string that is divided by tokens - for
1203 example a line from /etc/passwd is divided by colon characters. First field is
1204 numbered one. Negative arguments count from the right. Zero returns the whole
1205 string. Returns NULL if there are insufficient tokens in the string
1206
1207 ***WARNING***
1208 Modifies final argument - this is a dynamically generated string, so that's OK.
1209
1210 Arguments:
1211 field number of field to be extracted,
1212 first field = 1, whole string = 0, last field = -1
1213 separators characters that are used to break string into tokens
1214 s points to the string from which to extract the subfield
1215
1216 Returns: NULL if the field was not found,
1217 a pointer to the field's data inside s (modified to add 0)
1218 */
1219
1220 static uschar *
1221 expand_gettokened (int field, uschar *separators, uschar *s)
1222 {
1223 int sep = 1;
1224 int count;
1225 uschar *ss = s;
1226 uschar *fieldtext = NULL;
1227
1228 if (field == 0) return s;
1229
1230 /* Break the line up into fields in place; for field > 0 we stop when we have
1231 done the number of fields we want. For field < 0 we continue till the end of
1232 the string, counting the number of fields. */
1233
1234 count = (field > 0)? field : INT_MAX;
1235
1236 while (count-- > 0)
1237 {
1238 size_t len;
1239
1240 /* Previous field was the last one in the string. For a positive field
1241 number, this means there are not enough fields. For a negative field number,
1242 check that there are enough, and scan back to find the one that is wanted. */
1243
1244 if (sep == 0)
1245 {
1246 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1247 if ((-field) == (INT_MAX - count - 1)) return s;
1248 while (field++ < 0)
1249 {
1250 ss--;
1251 while (ss[-1] != 0) ss--;
1252 }
1253 fieldtext = ss;
1254 break;
1255 }
1256
1257 /* Previous field was not last in the string; save its start and put a
1258 zero at its end. */
1259
1260 fieldtext = ss;
1261 len = Ustrcspn(ss, separators);
1262 sep = ss[len];
1263 ss[len] = 0;
1264 ss += len + 1;
1265 }
1266
1267 return fieldtext;
1268 }
1269
1270
1271 static uschar *
1272 expand_getlistele(int field, const uschar * list)
1273 {
1274 const uschar * tlist = list;
1275 int sep = 0;
1276 uschar dummy;
1277
1278 if (field < 0)
1279 {
1280 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1281 sep = 0;
1282 }
1283 if (field == 0) return NULL;
1284 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1285 return string_nextinlist(&list, &sep, NULL, 0);
1286 }
1287
1288
1289 /* Certificate fields, by name. Worry about by-OID later */
1290 /* Names are chosen to not have common prefixes */
1291
1292 #ifndef DISABLE_TLS
1293 typedef struct
1294 {
1295 uschar * name;
1296 int namelen;
1297 uschar * (*getfn)(void * cert, uschar * mod);
1298 } certfield;
1299 static certfield certfields[] =
1300 { /* linear search; no special order */
1301 { US"version", 7, &tls_cert_version },
1302 { US"serial_number", 13, &tls_cert_serial_number },
1303 { US"subject", 7, &tls_cert_subject },
1304 { US"notbefore", 9, &tls_cert_not_before },
1305 { US"notafter", 8, &tls_cert_not_after },
1306 { US"issuer", 6, &tls_cert_issuer },
1307 { US"signature", 9, &tls_cert_signature },
1308 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1309 { US"subj_altname", 12, &tls_cert_subject_altname },
1310 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1311 { US"crl_uri", 7, &tls_cert_crl_uri },
1312 };
1313
1314 static uschar *
1315 expand_getcertele(uschar * field, uschar * certvar)
1316 {
1317 var_entry * vp;
1318
1319 if (!(vp = find_var_ent(certvar)))
1320 {
1321 expand_string_message =
1322 string_sprintf("no variable named \"%s\"", certvar);
1323 return NULL; /* Unknown variable name */
1324 }
1325 /* NB this stops us passing certs around in variable. Might
1326 want to do that in future */
1327 if (vp->type != vtype_cert)
1328 {
1329 expand_string_message =
1330 string_sprintf("\"%s\" is not a certificate", certvar);
1331 return NULL; /* Unknown variable name */
1332 }
1333 if (!*(void **)vp->value)
1334 return NULL;
1335
1336 if (*field >= '0' && *field <= '9')
1337 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1338
1339 for (certfield * cp = certfields;
1340 cp < certfields + nelem(certfields);
1341 cp++)
1342 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1343 {
1344 uschar * modifier = *(field += cp->namelen) == ','
1345 ? ++field : NULL;
1346 return (*cp->getfn)( *(void **)vp->value, modifier );
1347 }
1348
1349 expand_string_message =
1350 string_sprintf("bad field selector \"%s\" for certextract", field);
1351 return NULL;
1352 }
1353 #endif /*DISABLE_TLS*/
1354
1355 /*************************************************
1356 * Extract a substring from a string *
1357 *************************************************/
1358
1359 /* Perform the ${substr or ${length expansion operations.
1360
1361 Arguments:
1362 subject the input string
1363 value1 the offset from the start of the input string to the start of
1364 the output string; if negative, count from the right.
1365 value2 the length of the output string, or negative (-1) for unset
1366 if value1 is positive, unset means "all after"
1367 if value1 is negative, unset means "all before"
1368 len set to the length of the returned string
1369
1370 Returns: pointer to the output string, or NULL if there is an error
1371 */
1372
1373 static uschar *
1374 extract_substr(uschar *subject, int value1, int value2, int *len)
1375 {
1376 int sublen = Ustrlen(subject);
1377
1378 if (value1 < 0) /* count from right */
1379 {
1380 value1 += sublen;
1381
1382 /* If the position is before the start, skip to the start, and adjust the
1383 length. If the length ends up negative, the substring is null because nothing
1384 can precede. This falls out naturally when the length is unset, meaning "all
1385 to the left". */
1386
1387 if (value1 < 0)
1388 {
1389 value2 += value1;
1390 if (value2 < 0) value2 = 0;
1391 value1 = 0;
1392 }
1393
1394 /* Otherwise an unset length => characters before value1 */
1395
1396 else if (value2 < 0)
1397 {
1398 value2 = value1;
1399 value1 = 0;
1400 }
1401 }
1402
1403 /* For a non-negative offset, if the starting position is past the end of the
1404 string, the result will be the null string. Otherwise, an unset length means
1405 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1406
1407 else
1408 {
1409 if (value1 > sublen)
1410 {
1411 value1 = sublen;
1412 value2 = 0;
1413 }
1414 else if (value2 < 0) value2 = sublen;
1415 }
1416
1417 /* Cut the length down to the maximum possible for the offset value, and get
1418 the required characters. */
1419
1420 if (value1 + value2 > sublen) value2 = sublen - value1;
1421 *len = value2;
1422 return subject + value1;
1423 }
1424
1425
1426
1427
1428 /*************************************************
1429 * Old-style hash of a string *
1430 *************************************************/
1431
1432 /* Perform the ${hash expansion operation.
1433
1434 Arguments:
1435 subject the input string (an expanded substring)
1436 value1 the length of the output string; if greater or equal to the
1437 length of the input string, the input string is returned
1438 value2 the number of hash characters to use, or 26 if negative
1439 len set to the length of the returned string
1440
1441 Returns: pointer to the output string, or NULL if there is an error
1442 */
1443
1444 static uschar *
1445 compute_hash(uschar *subject, int value1, int value2, int *len)
1446 {
1447 int sublen = Ustrlen(subject);
1448
1449 if (value2 < 0) value2 = 26;
1450 else if (value2 > Ustrlen(hashcodes))
1451 {
1452 expand_string_message =
1453 string_sprintf("hash count \"%d\" too big", value2);
1454 return NULL;
1455 }
1456
1457 /* Calculate the hash text. We know it is shorter than the original string, so
1458 can safely place it in subject[] (we know that subject is always itself an
1459 expanded substring). */
1460
1461 if (value1 < sublen)
1462 {
1463 int c;
1464 int i = 0;
1465 int j = value1;
1466 while ((c = (subject[j])) != 0)
1467 {
1468 int shift = (c + j++) & 7;
1469 subject[i] ^= (c << shift) | (c >> (8-shift));
1470 if (++i >= value1) i = 0;
1471 }
1472 for (i = 0; i < value1; i++)
1473 subject[i] = hashcodes[(subject[i]) % value2];
1474 }
1475 else value1 = sublen;
1476
1477 *len = value1;
1478 return subject;
1479 }
1480
1481
1482
1483
1484 /*************************************************
1485 * Numeric hash of a string *
1486 *************************************************/
1487
1488 /* Perform the ${nhash expansion operation. The first characters of the
1489 string are treated as most important, and get the highest prime numbers.
1490
1491 Arguments:
1492 subject the input string
1493 value1 the maximum value of the first part of the result
1494 value2 the maximum value of the second part of the result,
1495 or negative to produce only a one-part result
1496 len set to the length of the returned string
1497
1498 Returns: pointer to the output string, or NULL if there is an error.
1499 */
1500
1501 static uschar *
1502 compute_nhash (uschar *subject, int value1, int value2, int *len)
1503 {
1504 uschar *s = subject;
1505 int i = 0;
1506 unsigned long int total = 0; /* no overflow */
1507
1508 while (*s != 0)
1509 {
1510 if (i == 0) i = nelem(prime) - 1;
1511 total += prime[i--] * (unsigned int)(*s++);
1512 }
1513
1514 /* If value2 is unset, just compute one number */
1515
1516 if (value2 < 0)
1517 s = string_sprintf("%lu", total % value1);
1518
1519 /* Otherwise do a div/mod hash */
1520
1521 else
1522 {
1523 total = total % (value1 * value2);
1524 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1525 }
1526
1527 *len = Ustrlen(s);
1528 return s;
1529 }
1530
1531
1532
1533
1534
1535 /*************************************************
1536 * Find the value of a header or headers *
1537 *************************************************/
1538
1539 /* Multiple instances of the same header get concatenated, and this function
1540 can also return a concatenation of all the header lines. When concatenating
1541 specific headers that contain lists of addresses, a comma is inserted between
1542 them. Otherwise we use a straight concatenation. Because some messages can have
1543 pathologically large number of lines, there is a limit on the length that is
1544 returned.
1545
1546 Arguments:
1547 name the name of the header, without the leading $header_ or $h_,
1548 or NULL if a concatenation of all headers is required
1549 newsize return the size of memory block that was obtained; may be NULL
1550 if exists_only is TRUE
1551 flags FH_EXISTS_ONLY
1552 set if called from a def: test; don't need to build a string;
1553 just return a string that is not "" and not "0" if the header
1554 exists
1555 FH_WANT_RAW
1556 set if called for $rh_ or $rheader_ items; no processing,
1557 other than concatenating, will be done on the header. Also used
1558 for $message_headers_raw.
1559 FH_WANT_LIST
1560 Double colon chars in the content, and replace newline with
1561 colon between each element when concatenating; returning a
1562 colon-sep list (elements might contain newlines)
1563 charset name of charset to translate MIME words to; used only if
1564 want_raw is false; if NULL, no translation is done (this is
1565 used for $bh_ and $bheader_)
1566
1567 Returns: NULL if the header does not exist, else a pointer to a new
1568 store block
1569 */
1570
1571 static uschar *
1572 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1573 {
1574 BOOL found = !name;
1575 int len = name ? Ustrlen(name) : 0;
1576 BOOL comma = FALSE;
1577 gstring * g = NULL;
1578
1579 for (header_line * h = header_list; h; h = h->next)
1580 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1581 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1582 {
1583 uschar * s, * t;
1584 size_t inc;
1585
1586 if (flags & FH_EXISTS_ONLY)
1587 return US"1"; /* don't need actual string */
1588
1589 found = TRUE;
1590 s = h->text + len; /* text to insert */
1591 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1592 while (isspace(*s)) s++; /* remove leading white space */
1593 t = h->text + h->slen; /* end-point */
1594
1595 /* Unless wanted raw, remove trailing whitespace, including the
1596 newline. */
1597
1598 if (flags & FH_WANT_LIST)
1599 while (t > s && t[-1] == '\n') t--;
1600 else if (!(flags & FH_WANT_RAW))
1601 {
1602 while (t > s && isspace(t[-1])) t--;
1603
1604 /* Set comma if handling a single header and it's one of those
1605 that contains an address list, except when asked for raw headers. Only
1606 need to do this once. */
1607
1608 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1609 }
1610
1611 /* Trim the header roughly if we're approaching limits */
1612 inc = t - s;
1613 if ((g ? g->ptr : 0) + inc > header_insert_maxlen)
1614 inc = header_insert_maxlen - (g ? g->ptr : 0);
1615
1616 /* For raw just copy the data; for a list, add the data as a colon-sep
1617 list-element; for comma-list add as an unchecked comma,newline sep
1618 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1619 stripped trailing WS above including the newline). We ignore the potential
1620 expansion due to colon-doubling, just leaving the loop if the limit is met
1621 or exceeded. */
1622
1623 if (flags & FH_WANT_LIST)
1624 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1625 else if (flags & FH_WANT_RAW)
1626 {
1627 g = string_catn(g, s, (unsigned)inc);
1628 (void) string_from_gstring(g);
1629 }
1630 else if (inc > 0)
1631 if (comma)
1632 g = string_append2_listele_n(g, US",\n", s, (unsigned)inc);
1633 else
1634 g = string_append2_listele_n(g, US"\n", s, (unsigned)inc);
1635
1636 if (g && g->ptr >= header_insert_maxlen) break;
1637 }
1638
1639 if (!found) return NULL; /* No header found */
1640 if (!g) return US"";
1641
1642 /* That's all we do for raw header expansion. */
1643
1644 *newsize = g->size;
1645 if (flags & FH_WANT_RAW)
1646 return g->s;
1647
1648 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1649 The rfc2047_decode2() function can return an error with decoded data if the
1650 charset translation fails. If decoding fails, it returns NULL. */
1651
1652 else
1653 {
1654 uschar *decoded, *error;
1655
1656 decoded = rfc2047_decode2(g->s, check_rfc2047_length, charset, '?', NULL,
1657 newsize, &error);
1658 if (error)
1659 {
1660 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1661 " input was: %s\n", error, g->s);
1662 }
1663 return decoded ? decoded : g->s;
1664 }
1665 }
1666
1667
1668
1669
1670 /* Append a "local" element to an Authentication-Results: header
1671 if this was a non-smtp message.
1672 */
1673
1674 static gstring *
1675 authres_local(gstring * g, const uschar * sysname)
1676 {
1677 if (!f.authentication_local)
1678 return g;
1679 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1680 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1681 return g;
1682 }
1683
1684
1685 /* Append an "iprev" element to an Authentication-Results: header
1686 if we have attempted to get the calling host's name.
1687 */
1688
1689 static gstring *
1690 authres_iprev(gstring * g)
1691 {
1692 if (sender_host_name)
1693 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1694 else if (host_lookup_deferred)
1695 g = string_catn(g, US";\n\tiprev=temperror", 19);
1696 else if (host_lookup_failed)
1697 g = string_catn(g, US";\n\tiprev=fail", 13);
1698 else
1699 return g;
1700
1701 if (sender_host_address)
1702 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1703 return g;
1704 }
1705
1706
1707
1708 /*************************************************
1709 * Return list of recipients *
1710 *************************************************/
1711 /* A recipients list is available only during system message filtering,
1712 during ACL processing after DATA, and while expanding pipe commands
1713 generated from a system filter, but not elsewhere. */
1714
1715 static uschar *
1716 fn_recipients(void)
1717 {
1718 uschar * s;
1719 gstring * g = NULL;
1720
1721 if (!f.enable_dollar_recipients) return NULL;
1722
1723 for (int i = 0; i < recipients_count; i++)
1724 {
1725 s = recipients_list[i].address;
1726 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1727 }
1728 return g ? g->s : NULL;
1729 }
1730
1731
1732 /*************************************************
1733 * Find value of a variable *
1734 *************************************************/
1735
1736 /* The table of variables is kept in alphabetic order, so we can search it
1737 using a binary chop. The "choplen" variable is nothing to do with the binary
1738 chop.
1739
1740 Arguments:
1741 name the name of the variable being sought
1742 exists_only TRUE if this is a def: test; passed on to find_header()
1743 skipping TRUE => skip any processing evaluation; this is not the same as
1744 exists_only because def: may test for values that are first
1745 evaluated here
1746 newsize pointer to an int which is initially zero; if the answer is in
1747 a new memory buffer, *newsize is set to its size
1748
1749 Returns: NULL if the variable does not exist, or
1750 a pointer to the variable's contents, or
1751 something non-NULL if exists_only is TRUE
1752 */
1753
1754 static uschar *
1755 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1756 {
1757 var_entry * vp;
1758 uschar *s, *domain;
1759 uschar **ss;
1760 void * val;
1761
1762 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1763 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1764 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1765 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1766 (this gave backwards compatibility at the changeover). There may be built-in
1767 variables whose names start acl_ but they should never start in this way. This
1768 slightly messy specification is a consequence of the history, needless to say.
1769
1770 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1771 set, in which case give an error. */
1772
1773 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1774 !isalpha(name[5]))
1775 {
1776 tree_node *node =
1777 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1778 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1779 }
1780
1781 /* Handle $auth<n> variables. */
1782
1783 if (Ustrncmp(name, "auth", 4) == 0)
1784 {
1785 uschar *endptr;
1786 int n = Ustrtoul(name + 4, &endptr, 10);
1787 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1788 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1789 }
1790 else if (Ustrncmp(name, "regex", 5) == 0)
1791 {
1792 uschar *endptr;
1793 int n = Ustrtoul(name + 5, &endptr, 10);
1794 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1795 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1796 }
1797
1798 /* For all other variables, search the table */
1799
1800 if (!(vp = find_var_ent(name)))
1801 return NULL; /* Unknown variable name */
1802
1803 /* Found an existing variable. If in skipping state, the value isn't needed,
1804 and we want to avoid processing (such as looking up the host name). */
1805
1806 if (skipping)
1807 return US"";
1808
1809 val = vp->value;
1810 switch (vp->type)
1811 {
1812 case vtype_filter_int:
1813 if (!f.filter_running) return NULL;
1814 /* Fall through */
1815 /* VVVVVVVVVVVV */
1816 case vtype_int:
1817 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1818 return var_buffer;
1819
1820 case vtype_ino:
1821 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1822 return var_buffer;
1823
1824 case vtype_gid:
1825 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1826 return var_buffer;
1827
1828 case vtype_uid:
1829 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1830 return var_buffer;
1831
1832 case vtype_bool:
1833 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1834 return var_buffer;
1835
1836 case vtype_stringptr: /* Pointer to string */
1837 return (s = *((uschar **)(val))) ? s : US"";
1838
1839 case vtype_pid:
1840 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1841 return var_buffer;
1842
1843 case vtype_load_avg:
1844 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1845 return var_buffer;
1846
1847 case vtype_host_lookup: /* Lookup if not done so */
1848 if ( !sender_host_name && sender_host_address
1849 && !host_lookup_failed && host_name_lookup() == OK)
1850 host_build_sender_fullhost();
1851 return sender_host_name ? sender_host_name : US"";
1852
1853 case vtype_localpart: /* Get local part from address */
1854 s = *((uschar **)(val));
1855 if (s == NULL) return US"";
1856 domain = Ustrrchr(s, '@');
1857 if (domain == NULL) return s;
1858 if (domain - s > sizeof(var_buffer) - 1)
1859 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1860 " in string expansion", sizeof(var_buffer));
1861 Ustrncpy(var_buffer, s, domain - s);
1862 var_buffer[domain - s] = 0;
1863 return var_buffer;
1864
1865 case vtype_domain: /* Get domain from address */
1866 s = *((uschar **)(val));
1867 if (s == NULL) return US"";
1868 domain = Ustrrchr(s, '@');
1869 return (domain == NULL)? US"" : domain + 1;
1870
1871 case vtype_msgheaders:
1872 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1873
1874 case vtype_msgheaders_raw:
1875 return find_header(NULL, newsize,
1876 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1877
1878 case vtype_msgbody: /* Pointer to msgbody string */
1879 case vtype_msgbody_end: /* Ditto, the end of the msg */
1880 ss = (uschar **)(val);
1881 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1882 {
1883 uschar *body;
1884 off_t start_offset = SPOOL_DATA_START_OFFSET;
1885 int len = message_body_visible;
1886 if (len > message_size) len = message_size;
1887 *ss = body = store_malloc(len+1);
1888 body[0] = 0;
1889 if (vp->type == vtype_msgbody_end)
1890 {
1891 struct stat statbuf;
1892 if (fstat(deliver_datafile, &statbuf) == 0)
1893 {
1894 start_offset = statbuf.st_size - len;
1895 if (start_offset < SPOOL_DATA_START_OFFSET)
1896 start_offset = SPOOL_DATA_START_OFFSET;
1897 }
1898 }
1899 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1900 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1901 strerror(errno));
1902 len = read(deliver_datafile, body, len);
1903 if (len > 0)
1904 {
1905 body[len] = 0;
1906 if (message_body_newlines) /* Separate loops for efficiency */
1907 while (len > 0)
1908 { if (body[--len] == 0) body[len] = ' '; }
1909 else
1910 while (len > 0)
1911 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1912 }
1913 }
1914 return *ss ? *ss : US"";
1915
1916 case vtype_todbsdin: /* BSD inbox time of day */
1917 return tod_stamp(tod_bsdin);
1918
1919 case vtype_tode: /* Unix epoch time of day */
1920 return tod_stamp(tod_epoch);
1921
1922 case vtype_todel: /* Unix epoch/usec time of day */
1923 return tod_stamp(tod_epoch_l);
1924
1925 case vtype_todf: /* Full time of day */
1926 return tod_stamp(tod_full);
1927
1928 case vtype_todl: /* Log format time of day */
1929 return tod_stamp(tod_log_bare); /* (without timezone) */
1930
1931 case vtype_todzone: /* Time zone offset only */
1932 return tod_stamp(tod_zone);
1933
1934 case vtype_todzulu: /* Zulu time */
1935 return tod_stamp(tod_zulu);
1936
1937 case vtype_todlf: /* Log file datestamp tod */
1938 return tod_stamp(tod_log_datestamp_daily);
1939
1940 case vtype_reply: /* Get reply address */
1941 s = find_header(US"reply-to:", newsize,
1942 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1943 headers_charset);
1944 if (s) while (isspace(*s)) s++;
1945 if (!s || !*s)
1946 {
1947 *newsize = 0; /* For the *s==0 case */
1948 s = find_header(US"from:", newsize,
1949 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1950 headers_charset);
1951 }
1952 if (s)
1953 {
1954 uschar *t;
1955 while (isspace(*s)) s++;
1956 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1957 while (t > s && isspace(t[-1])) t--;
1958 *t = 0;
1959 }
1960 return s ? s : US"";
1961
1962 case vtype_string_func:
1963 {
1964 uschar * (*fn)() = val;
1965 return fn();
1966 }
1967
1968 case vtype_pspace:
1969 {
1970 int inodes;
1971 sprintf(CS var_buffer, PR_EXIM_ARITH,
1972 receive_statvfs(val == (void *)TRUE, &inodes));
1973 }
1974 return var_buffer;
1975
1976 case vtype_pinodes:
1977 {
1978 int inodes;
1979 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1980 sprintf(CS var_buffer, "%d", inodes);
1981 }
1982 return var_buffer;
1983
1984 case vtype_cert:
1985 return *(void **)val ? US"<cert>" : US"";
1986
1987 #ifndef DISABLE_DKIM
1988 case vtype_dkim:
1989 return dkim_exim_expand_query((int)(long)val);
1990 #endif
1991
1992 }
1993
1994 return NULL; /* Unknown variable. Silences static checkers. */
1995 }
1996
1997
1998
1999
2000 void
2001 modify_variable(uschar *name, void * value)
2002 {
2003 var_entry * vp;
2004 if ((vp = find_var_ent(name))) vp->value = value;
2005 return; /* Unknown variable name, fail silently */
2006 }
2007
2008
2009
2010
2011
2012
2013 /*************************************************
2014 * Read and expand substrings *
2015 *************************************************/
2016
2017 /* This function is called to read and expand argument substrings for various
2018 expansion items. Some have a minimum requirement that is less than the maximum;
2019 in these cases, the first non-present one is set to NULL.
2020
2021 Arguments:
2022 sub points to vector of pointers to set
2023 n maximum number of substrings
2024 m minimum required
2025 sptr points to current string pointer
2026 skipping the skipping flag
2027 check_end if TRUE, check for final '}'
2028 name name of item, for error message
2029 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2030 the store.
2031
2032 Returns: 0 OK; string pointer updated
2033 1 curly bracketing error (too few arguments)
2034 2 too many arguments (only if check_end is set); message set
2035 3 other error (expansion failure)
2036 */
2037
2038 static int
2039 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2040 BOOL check_end, uschar *name, BOOL *resetok)
2041 {
2042 const uschar *s = *sptr;
2043
2044 while (isspace(*s)) s++;
2045 for (int i = 0; i < n; i++)
2046 {
2047 if (*s != '{')
2048 {
2049 if (i < m)
2050 {
2051 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2052 "(min is %d)", name, m);
2053 return 1;
2054 }
2055 sub[i] = NULL;
2056 break;
2057 }
2058 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2059 return 3;
2060 if (*s++ != '}') return 1;
2061 while (isspace(*s)) s++;
2062 }
2063 if (check_end && *s++ != '}')
2064 {
2065 if (s[-1] == '{')
2066 {
2067 expand_string_message = string_sprintf("Too many arguments for '%s' "
2068 "(max is %d)", name, n);
2069 return 2;
2070 }
2071 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2072 return 1;
2073 }
2074
2075 *sptr = s;
2076 return 0;
2077 }
2078
2079
2080
2081
2082 /*************************************************
2083 * Elaborate message for bad variable *
2084 *************************************************/
2085
2086 /* For the "unknown variable" message, take a look at the variable's name, and
2087 give additional information about possible ACL variables. The extra information
2088 is added on to expand_string_message.
2089
2090 Argument: the name of the variable
2091 Returns: nothing
2092 */
2093
2094 static void
2095 check_variable_error_message(uschar *name)
2096 {
2097 if (Ustrncmp(name, "acl_", 4) == 0)
2098 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2099 (name[4] == 'c' || name[4] == 'm')?
2100 (isalpha(name[5])?
2101 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2102 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2103 ) :
2104 US"user-defined ACL variables must start acl_c or acl_m");
2105 }
2106
2107
2108
2109 /*
2110 Load args from sub array to globals, and call acl_check().
2111 Sub array will be corrupted on return.
2112
2113 Returns: OK access is granted by an ACCEPT verb
2114 DISCARD access is (apparently) granted by a DISCARD verb
2115 FAIL access is denied
2116 FAIL_DROP access is denied; drop the connection
2117 DEFER can't tell at the moment
2118 ERROR disaster
2119 */
2120 static int
2121 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2122 {
2123 int i;
2124 int sav_narg = acl_narg;
2125 int ret;
2126 uschar * dummy_logmsg;
2127 extern int acl_where;
2128
2129 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2130 for (i = 0; i < nsub && sub[i+1]; i++)
2131 {
2132 uschar * tmp = acl_arg[i];
2133 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2134 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2135 }
2136 acl_narg = i;
2137 while (i < nsub)
2138 {
2139 sub[i+1] = acl_arg[i];
2140 acl_arg[i++] = NULL;
2141 }
2142
2143 DEBUG(D_expand)
2144 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2145 sub[0],
2146 acl_narg>0 ? acl_arg[0] : US"<none>",
2147 acl_narg>1 ? " +more" : "");
2148
2149 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2150
2151 for (i = 0; i < nsub; i++)
2152 acl_arg[i] = sub[i+1]; /* restore old args */
2153 acl_narg = sav_narg;
2154
2155 return ret;
2156 }
2157
2158
2159
2160
2161 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2162 The given string is modified on return. Leading whitespace is skipped while
2163 looking for the opening wrap character, then the rest is scanned for the trailing
2164 (non-escaped) wrap character. A backslash in the string will act as an escape.
2165
2166 A nul is written over the trailing wrap, and a pointer to the char after the
2167 leading wrap is returned.
2168
2169 Arguments:
2170 s String for de-wrapping
2171 wrap Two-char string, the first being the opener, second the closer wrapping
2172 character
2173 Return:
2174 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2175 */
2176
2177 static uschar *
2178 dewrap(uschar * s, const uschar * wrap)
2179 {
2180 uschar * p = s;
2181 unsigned depth = 0;
2182 BOOL quotesmode = wrap[0] == wrap[1];
2183
2184 while (isspace(*p)) p++;
2185
2186 if (*p == *wrap)
2187 {
2188 s = ++p;
2189 wrap++;
2190 while (*p)
2191 {
2192 if (*p == '\\') p++;
2193 else if (!quotesmode && *p == wrap[-1]) depth++;
2194 else if (*p == *wrap)
2195 if (depth == 0)
2196 {
2197 *p = '\0';
2198 return s;
2199 }
2200 else
2201 depth--;
2202 p++;
2203 }
2204 }
2205 expand_string_message = string_sprintf("missing '%c'", *wrap);
2206 return NULL;
2207 }
2208
2209
2210 /* Pull off the leading array or object element, returning
2211 a copy in an allocated string. Update the list pointer.
2212
2213 The element may itself be an abject or array.
2214 Return NULL when the list is empty.
2215 */
2216
2217 static uschar *
2218 json_nextinlist(const uschar ** list)
2219 {
2220 unsigned array_depth = 0, object_depth = 0;
2221 const uschar * s = *list, * item;
2222
2223 while (isspace(*s)) s++;
2224
2225 for (item = s;
2226 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2227 s++)
2228 switch (*s)
2229 {
2230 case '[': array_depth++; break;
2231 case ']': array_depth--; break;
2232 case '{': object_depth++; break;
2233 case '}': object_depth--; break;
2234 }
2235 *list = *s ? s+1 : s;
2236 if (item == s) return NULL;
2237 item = string_copyn(item, s - item);
2238 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2239 return US item;
2240 }
2241
2242
2243
2244 /*************************************************
2245 * Read and evaluate a condition *
2246 *************************************************/
2247
2248 /*
2249 Arguments:
2250 s points to the start of the condition text
2251 resetok points to a BOOL which is written false if it is unsafe to
2252 free memory. Certain condition types (acl) may have side-effect
2253 allocation which must be preserved.
2254 yield points to a BOOL to hold the result of the condition test;
2255 if NULL, we are just reading through a condition that is
2256 part of an "or" combination to check syntax, or in a state
2257 where the answer isn't required
2258
2259 Returns: a pointer to the first character after the condition, or
2260 NULL after an error
2261 */
2262
2263 static const uschar *
2264 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2265 {
2266 BOOL testfor = TRUE;
2267 BOOL tempcond, combined_cond;
2268 BOOL *subcondptr;
2269 BOOL sub2_honour_dollar = TRUE;
2270 BOOL is_forany, is_json, is_jsons;
2271 int rc, cond_type, roffset;
2272 int_eximarith_t num[2];
2273 struct stat statbuf;
2274 uschar name[256];
2275 const uschar *sub[10];
2276
2277 const pcre *re;
2278 const uschar *rerror;
2279
2280 for (;;)
2281 {
2282 while (isspace(*s)) s++;
2283 if (*s == '!') { testfor = !testfor; s++; } else break;
2284 }
2285
2286 /* Numeric comparisons are symbolic */
2287
2288 if (*s == '=' || *s == '>' || *s == '<')
2289 {
2290 int p = 0;
2291 name[p++] = *s++;
2292 if (*s == '=')
2293 {
2294 name[p++] = '=';
2295 s++;
2296 }
2297 name[p] = 0;
2298 }
2299
2300 /* All other conditions are named */
2301
2302 else s = read_name(name, 256, s, US"_");
2303
2304 /* If we haven't read a name, it means some non-alpha character is first. */
2305
2306 if (name[0] == 0)
2307 {
2308 expand_string_message = string_sprintf("condition name expected, "
2309 "but found \"%.16s\"", s);
2310 return NULL;
2311 }
2312
2313 /* Find which condition we are dealing with, and switch on it */
2314
2315 cond_type = chop_match(name, cond_table, nelem(cond_table));
2316 switch(cond_type)
2317 {
2318 /* def: tests for a non-empty variable, or for the existence of a header. If
2319 yield == NULL we are in a skipping state, and don't care about the answer. */
2320
2321 case ECOND_DEF:
2322 {
2323 uschar * t;
2324
2325 if (*s != ':')
2326 {
2327 expand_string_message = US"\":\" expected after \"def\"";
2328 return NULL;
2329 }
2330
2331 s = read_name(name, 256, s+1, US"_");
2332
2333 /* Test for a header's existence. If the name contains a closing brace
2334 character, this may be a user error where the terminating colon has been
2335 omitted. Set a flag to adjust a subsequent error message in this case. */
2336
2337 if ( ( *(t = name) == 'h'
2338 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2339 )
2340 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2341 )
2342 {
2343 s = read_header_name(name, 256, s);
2344 /* {-for-text-editors */
2345 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2346 if (yield) *yield =
2347 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2348 }
2349
2350 /* Test for a variable's having a non-empty value. A non-existent variable
2351 causes an expansion failure. */
2352
2353 else
2354 {
2355 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2356 {
2357 expand_string_message = (name[0] == 0)?
2358 string_sprintf("variable name omitted after \"def:\"") :
2359 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
2360 check_variable_error_message(name);
2361 return NULL;
2362 }
2363 if (yield) *yield = (t[0] != 0) == testfor;
2364 }
2365
2366 return s;
2367 }
2368
2369
2370 /* first_delivery tests for first delivery attempt */
2371
2372 case ECOND_FIRST_DELIVERY:
2373 if (yield != NULL) *yield = f.deliver_firsttime == testfor;
2374 return s;
2375
2376
2377 /* queue_running tests for any process started by a queue runner */
2378
2379 case ECOND_QUEUE_RUNNING:
2380 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2381 return s;
2382
2383
2384 /* exists: tests for file existence
2385 isip: tests for any IP address
2386 isip4: tests for an IPv4 address
2387 isip6: tests for an IPv6 address
2388 pam: does PAM authentication
2389 radius: does RADIUS authentication
2390 ldapauth: does LDAP authentication
2391 pwcheck: does Cyrus SASL pwcheck authentication
2392 */
2393
2394 case ECOND_EXISTS:
2395 case ECOND_ISIP:
2396 case ECOND_ISIP4:
2397 case ECOND_ISIP6:
2398 case ECOND_PAM:
2399 case ECOND_RADIUS:
2400 case ECOND_LDAPAUTH:
2401 case ECOND_PWCHECK:
2402
2403 while (isspace(*s)) s++;
2404 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2405
2406 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2407 if (sub[0] == NULL) return NULL;
2408 /* {-for-text-editors */
2409 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2410
2411 if (yield == NULL) return s; /* No need to run the test if skipping */
2412
2413 switch(cond_type)
2414 {
2415 case ECOND_EXISTS:
2416 if ((expand_forbid & RDO_EXISTS) != 0)
2417 {
2418 expand_string_message = US"File existence tests are not permitted";
2419 return NULL;
2420 }
2421 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2422 break;
2423
2424 case ECOND_ISIP:
2425 case ECOND_ISIP4:
2426 case ECOND_ISIP6:
2427 rc = string_is_ip_address(sub[0], NULL);
2428 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2429 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2430 break;
2431
2432 /* Various authentication tests - all optionally compiled */
2433
2434 case ECOND_PAM:
2435 #ifdef SUPPORT_PAM
2436 rc = auth_call_pam(sub[0], &expand_string_message);
2437 goto END_AUTH;
2438 #else
2439 goto COND_FAILED_NOT_COMPILED;
2440 #endif /* SUPPORT_PAM */
2441
2442 case ECOND_RADIUS:
2443 #ifdef RADIUS_CONFIG_FILE
2444 rc = auth_call_radius(sub[0], &expand_string_message);
2445 goto END_AUTH;
2446 #else
2447 goto COND_FAILED_NOT_COMPILED;
2448 #endif /* RADIUS_CONFIG_FILE */
2449
2450 case ECOND_LDAPAUTH:
2451 #ifdef LOOKUP_LDAP
2452 {
2453 /* Just to keep the interface the same */
2454 BOOL do_cache;
2455 int old_pool = store_pool;
2456 store_pool = POOL_SEARCH;
2457 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2458 &expand_string_message, &do_cache);
2459 store_pool = old_pool;
2460 }
2461 goto END_AUTH;
2462 #else
2463 goto COND_FAILED_NOT_COMPILED;
2464 #endif /* LOOKUP_LDAP */
2465
2466 case ECOND_PWCHECK:
2467 #ifdef CYRUS_PWCHECK_SOCKET
2468 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2469 goto END_AUTH;
2470 #else
2471 goto COND_FAILED_NOT_COMPILED;
2472 #endif /* CYRUS_PWCHECK_SOCKET */
2473
2474 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2475 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2476 END_AUTH:
2477 if (rc == ERROR || rc == DEFER) return NULL;
2478 *yield = (rc == OK) == testfor;
2479 #endif
2480 }
2481 return s;
2482
2483
2484 /* call ACL (in a conditional context). Accept true, deny false.
2485 Defer is a forced-fail. Anything set by message= goes to $value.
2486 Up to ten parameters are used; we use the braces round the name+args
2487 like the saslauthd condition does, to permit a variable number of args.
2488 See also the expansion-item version EITEM_ACL and the traditional
2489 acl modifier ACLC_ACL.
2490 Since the ACL may allocate new global variables, tell our caller to not
2491 reclaim memory.
2492 */
2493
2494 case ECOND_ACL:
2495 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2496 {
2497 uschar *sub[10];
2498 uschar *user_msg;
2499 BOOL cond = FALSE;
2500
2501 while (isspace(*s)) s++;
2502 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2503
2504 switch(read_subs(sub, nelem(sub), 1,
2505 &s, yield == NULL, TRUE, US"acl", resetok))
2506 {
2507 case 1: expand_string_message = US"too few arguments or bracketing "
2508 "error for acl";
2509 case 2:
2510 case 3: return NULL;
2511 }
2512
2513 if (yield != NULL)
2514 {
2515 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2516 switch(eval_acl(sub, nelem(sub), &user_msg))
2517 {
2518 case OK:
2519 cond = TRUE;
2520 case FAIL:
2521 lookup_value = NULL;
2522 if (user_msg)
2523 lookup_value = string_copy(user_msg);
2524 *yield = cond == testfor;
2525 break;
2526
2527 case DEFER:
2528 f.expand_string_forcedfail = TRUE;
2529 /*FALLTHROUGH*/
2530 default:
2531 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2532 return NULL;
2533 }
2534 }
2535 return s;
2536 }
2537
2538
2539 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2540
2541 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2542
2543 However, the last two are optional. That is why the whole set is enclosed
2544 in their own set of braces. */
2545
2546 case ECOND_SASLAUTHD:
2547 #ifndef CYRUS_SASLAUTHD_SOCKET
2548 goto COND_FAILED_NOT_COMPILED;
2549 #else
2550 {
2551 uschar *sub[4];
2552 while (isspace(*s)) s++;
2553 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2554 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2555 resetok))
2556 {
2557 case 1: expand_string_message = US"too few arguments or bracketing "
2558 "error for saslauthd";
2559 case 2:
2560 case 3: return NULL;
2561 }
2562 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2563 if (yield != NULL)
2564 {
2565 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2566 &expand_string_message);
2567 if (rc == ERROR || rc == DEFER) return NULL;
2568 *yield = (rc == OK) == testfor;
2569 }
2570 return s;
2571 }
2572 #endif /* CYRUS_SASLAUTHD_SOCKET */
2573
2574
2575 /* symbolic operators for numeric and string comparison, and a number of
2576 other operators, all requiring two arguments.
2577
2578 crypteq: encrypts plaintext and compares against an encrypted text,
2579 using crypt(), crypt16(), MD5 or SHA-1
2580 inlist/inlisti: checks if first argument is in the list of the second
2581 match: does a regular expression match and sets up the numerical
2582 variables if it succeeds
2583 match_address: matches in an address list
2584 match_domain: matches in a domain list
2585 match_ip: matches a host list that is restricted to IP addresses
2586 match_local_part: matches in a local part list
2587 */
2588
2589 case ECOND_MATCH_ADDRESS:
2590 case ECOND_MATCH_DOMAIN:
2591 case ECOND_MATCH_IP:
2592 case ECOND_MATCH_LOCAL_PART:
2593 #ifndef EXPAND_LISTMATCH_RHS
2594 sub2_honour_dollar = FALSE;
2595 #endif
2596 /* FALLTHROUGH */
2597
2598 case ECOND_CRYPTEQ:
2599 case ECOND_INLIST:
2600 case ECOND_INLISTI:
2601 case ECOND_MATCH:
2602
2603 case ECOND_NUM_L: /* Numerical comparisons */
2604 case ECOND_NUM_LE:
2605 case ECOND_NUM_E:
2606 case ECOND_NUM_EE:
2607 case ECOND_NUM_G:
2608 case ECOND_NUM_GE:
2609
2610 case ECOND_STR_LT: /* String comparisons */
2611 case ECOND_STR_LTI:
2612 case ECOND_STR_LE:
2613 case ECOND_STR_LEI:
2614 case ECOND_STR_EQ:
2615 case ECOND_STR_EQI:
2616 case ECOND_STR_GT:
2617 case ECOND_STR_GTI:
2618 case ECOND_STR_GE:
2619 case ECOND_STR_GEI:
2620
2621 for (int i = 0; i < 2; i++)
2622 {
2623 /* Sometimes, we don't expand substrings; too many insecure configurations
2624 created using match_address{}{} and friends, where the second param
2625 includes information from untrustworthy sources. */
2626 BOOL honour_dollar = TRUE;
2627 if ((i > 0) && !sub2_honour_dollar)
2628 honour_dollar = FALSE;
2629
2630 while (isspace(*s)) s++;
2631 if (*s != '{')
2632 {
2633 if (i == 0) goto COND_FAILED_CURLY_START;
2634 expand_string_message = string_sprintf("missing 2nd string in {} "
2635 "after \"%s\"", name);
2636 return NULL;
2637 }
2638 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2639 honour_dollar, resetok)))
2640 return NULL;
2641 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2642 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2643 " for security reasons\n");
2644 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2645
2646 /* Convert to numerical if required; we know that the names of all the
2647 conditions that compare numbers do not start with a letter. This just saves
2648 checking for them individually. */
2649
2650 if (!isalpha(name[0]) && yield != NULL)
2651 if (sub[i][0] == 0)
2652 {
2653 num[i] = 0;
2654 DEBUG(D_expand)
2655 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2656 }
2657 else
2658 {
2659 num[i] = expanded_string_integer(sub[i], FALSE);
2660 if (expand_string_message != NULL) return NULL;
2661 }
2662 }
2663
2664 /* Result not required */
2665
2666 if (yield == NULL) return s;
2667
2668 /* Do an appropriate comparison */
2669
2670 switch(cond_type)
2671 {
2672 case ECOND_NUM_E:
2673 case ECOND_NUM_EE:
2674 tempcond = (num[0] == num[1]);
2675 break;
2676
2677 case ECOND_NUM_G:
2678 tempcond = (num[0] > num[1]);
2679 break;
2680
2681 case ECOND_NUM_GE:
2682 tempcond = (num[0] >= num[1]);
2683 break;
2684
2685 case ECOND_NUM_L:
2686 tempcond = (num[0] < num[1]);
2687 break;
2688
2689 case ECOND_NUM_LE:
2690 tempcond = (num[0] <= num[1]);
2691 break;
2692
2693 case ECOND_STR_LT:
2694 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2695 break;
2696
2697 case ECOND_STR_LTI:
2698 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2699 break;
2700
2701 case ECOND_STR_LE:
2702 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2703 break;
2704
2705 case ECOND_STR_LEI:
2706 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2707 break;
2708
2709 case ECOND_STR_EQ:
2710 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2711 break;
2712
2713 case ECOND_STR_EQI:
2714 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2715 break;
2716
2717 case ECOND_STR_GT:
2718 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2719 break;
2720
2721 case ECOND_STR_GTI:
2722 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2723 break;
2724
2725 case ECOND_STR_GE:
2726 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2727 break;
2728
2729 case ECOND_STR_GEI:
2730 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2731 break;
2732
2733 case ECOND_MATCH: /* Regular expression match */
2734 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2735 NULL);
2736 if (re == NULL)
2737 {
2738 expand_string_message = string_sprintf("regular expression error in "
2739 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2740 return NULL;
2741 }
2742 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2743 break;
2744
2745 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2746 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2747 goto MATCHED_SOMETHING;
2748
2749 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2750 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2751 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2752 goto MATCHED_SOMETHING;
2753
2754 case ECOND_MATCH_IP: /* Match IP address in a host list */
2755 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2756 {
2757 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2758 sub[0]);
2759 return NULL;
2760 }
2761 else
2762 {
2763 unsigned int *nullcache = NULL;
2764 check_host_block cb;
2765
2766 cb.host_name = US"";
2767 cb.host_address = sub[0];
2768
2769 /* If the host address starts off ::ffff: it is an IPv6 address in
2770 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2771 addresses. */
2772
2773 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2774 cb.host_address + 7 : cb.host_address;
2775
2776 rc = match_check_list(
2777 &sub[1], /* the list */
2778 0, /* separator character */
2779 &hostlist_anchor, /* anchor pointer */
2780 &nullcache, /* cache pointer */
2781 check_host, /* function for testing */
2782 &cb, /* argument for function */
2783 MCL_HOST, /* type of check */
2784 sub[0], /* text for debugging */
2785 NULL); /* where to pass back data */
2786 }
2787 goto MATCHED_SOMETHING;
2788
2789 case ECOND_MATCH_LOCAL_PART:
2790 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2791 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2792 /* Fall through */
2793 /* VVVVVVVVVVVV */
2794 MATCHED_SOMETHING:
2795 switch(rc)
2796 {
2797 case OK:
2798 tempcond = TRUE;
2799 break;
2800
2801 case FAIL:
2802 tempcond = FALSE;
2803 break;
2804
2805 case DEFER:
2806 expand_string_message = string_sprintf("unable to complete match "
2807 "against \"%s\": %s", sub[1], search_error_message);
2808 return NULL;
2809 }
2810
2811 break;
2812
2813 /* Various "encrypted" comparisons. If the second string starts with
2814 "{" then an encryption type is given. Default to crypt() or crypt16()
2815 (build-time choice). */
2816 /* }-for-text-editors */
2817
2818 case ECOND_CRYPTEQ:
2819 #ifndef SUPPORT_CRYPTEQ
2820 goto COND_FAILED_NOT_COMPILED;
2821 #else
2822 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2823 {
2824 int sublen = Ustrlen(sub[1]+5);
2825 md5 base;
2826 uschar digest[16];
2827
2828 md5_start(&base);
2829 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
2830
2831 /* If the length that we are comparing against is 24, the MD5 digest
2832 is expressed as a base64 string. This is the way LDAP does it. However,
2833 some other software uses a straightforward hex representation. We assume
2834 this if the length is 32. Other lengths fail. */
2835
2836 if (sublen == 24)
2837 {
2838 uschar *coded = b64encode(CUS digest, 16);
2839 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2840 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2841 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
2842 }
2843 else if (sublen == 32)
2844 {
2845 uschar coded[36];
2846 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2847 coded[32] = 0;
2848 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2849 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2850 tempcond = (strcmpic(coded, sub[1]+5) == 0);
2851 }
2852 else
2853 {
2854 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2855 "fail\n crypted=%s\n", sub[1]+5);
2856 tempcond = FALSE;
2857 }
2858 }
2859
2860 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2861 {
2862 int sublen = Ustrlen(sub[1]+6);
2863 hctx h;
2864 uschar digest[20];
2865
2866 sha1_start(&h);
2867 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
2868
2869 /* If the length that we are comparing against is 28, assume the SHA1
2870 digest is expressed as a base64 string. If the length is 40, assume a
2871 straightforward hex representation. Other lengths fail. */
2872
2873 if (sublen == 28)
2874 {
2875 uschar *coded = b64encode(CUS digest, 20);
2876 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2877 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2878 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
2879 }
2880 else if (sublen == 40)
2881 {
2882 uschar coded[44];
2883 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2884 coded[40] = 0;
2885 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2886 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2887 tempcond = (strcmpic(coded, sub[1]+6) == 0);
2888 }
2889 else
2890 {
2891 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2892 "fail\n crypted=%s\n", sub[1]+6);
2893 tempcond = FALSE;
2894 }
2895 }
2896
2897 else /* {crypt} or {crypt16} and non-{ at start */
2898 /* }-for-text-editors */
2899 {
2900 int which = 0;
2901 uschar *coded;
2902
2903 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2904 {
2905 sub[1] += 7;
2906 which = 1;
2907 }
2908 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2909 {
2910 sub[1] += 9;
2911 which = 2;
2912 }
2913 else if (sub[1][0] == '{') /* }-for-text-editors */
2914 {
2915 expand_string_message = string_sprintf("unknown encryption mechanism "
2916 "in \"%s\"", sub[1]);
2917 return NULL;
2918 }
2919
2920 switch(which)
2921 {
2922 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2923 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2924 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2925 }
2926
2927 #define STR(s) # s
2928 #define XSTR(s) STR(s)
2929 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2930 " subject=%s\n crypted=%s\n",
2931 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
2932 coded, sub[1]);
2933 #undef STR
2934 #undef XSTR
2935
2936 /* If the encrypted string contains fewer than two characters (for the
2937 salt), force failure. Otherwise we get false positives: with an empty
2938 string the yield of crypt() is an empty string! */
2939
2940 if (coded)
2941 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
2942 else if (errno == EINVAL)
2943 tempcond = FALSE;
2944 else
2945 {
2946 expand_string_message = string_sprintf("crypt error: %s\n",
2947 US strerror(errno));
2948 return NULL;
2949 }
2950 }
2951 break;
2952 #endif /* SUPPORT_CRYPTEQ */
2953
2954 case ECOND_INLIST:
2955 case ECOND_INLISTI:
2956 {
2957 const uschar * list = sub[1];
2958 int sep = 0;
2959 uschar *save_iterate_item = iterate_item;
2960 int (*compare)(const uschar *, const uschar *);
2961
2962 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", name, sub[0]);
2963
2964 tempcond = FALSE;
2965 compare = cond_type == ECOND_INLISTI
2966 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
2967
2968 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
2969 {
2970 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
2971 if (compare(sub[0], iterate_item) == 0)
2972 {
2973 tempcond = TRUE;
2974 break;
2975 }
2976 }
2977 iterate_item = save_iterate_item;
2978 }
2979
2980 } /* Switch for comparison conditions */
2981
2982 *yield = tempcond == testfor;
2983 return s; /* End of comparison conditions */
2984
2985
2986 /* and/or: computes logical and/or of several conditions */
2987
2988 case ECOND_AND:
2989 case ECOND_OR:
2990 subcondptr = (yield == NULL)? NULL : &tempcond;
2991 combined_cond = (cond_type == ECOND_AND);
2992
2993 while (isspace(*s)) s++;
2994 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2995
2996 for (;;)
2997 {
2998 while (isspace(*s)) s++;
2999 /* {-for-text-editors */
3000 if (*s == '}') break;
3001 if (*s != '{') /* }-for-text-editors */
3002 {
3003 expand_string_message = string_sprintf("each subcondition "
3004 "inside an \"%s{...}\" condition must be in its own {}", name);
3005 return NULL;
3006 }
3007
3008 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3009 {
3010 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3011 expand_string_message, name);
3012 return NULL;
3013 }
3014 while (isspace(*s)) s++;
3015
3016 /* {-for-text-editors */
3017 if (*s++ != '}')
3018 {
3019 /* {-for-text-editors */
3020 expand_string_message = string_sprintf("missing } at end of condition "
3021 "inside \"%s\" group", name);
3022 return NULL;
3023 }
3024
3025 if (yield != NULL)
3026 {
3027 if (cond_type == ECOND_AND)
3028 {
3029 combined_cond &= tempcond;
3030 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3031 } /* evaluate any more */
3032 else
3033 {
3034 combined_cond |= tempcond;
3035 if (combined_cond) subcondptr = NULL; /* once true, don't */
3036 } /* evaluate any more */
3037 }
3038 }
3039
3040 if (yield != NULL) *yield = (combined_cond == testfor);
3041 return ++s;
3042
3043
3044 /* forall/forany: iterates a condition with different values */
3045
3046 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3047 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3048 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3049 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3050 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3051 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3052
3053 FORMANY:
3054 {
3055 const uschar * list;
3056 int sep = 0;
3057 uschar *save_iterate_item = iterate_item;
3058
3059 DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
3060
3061 while (isspace(*s)) s++;
3062 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3063 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
3064 if (sub[0] == NULL) return NULL;
3065 /* {-for-text-editors */
3066 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3067
3068 while (isspace(*s)) s++;
3069 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3070
3071 sub[1] = s;
3072
3073 /* Call eval_condition once, with result discarded (as if scanning a
3074 "false" part). This allows us to find the end of the condition, because if
3075 the list it empty, we won't actually evaluate the condition for real. */
3076
3077 if (!(s = eval_condition(sub[1], resetok, NULL)))
3078 {
3079 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3080 expand_string_message, name);
3081 return NULL;
3082 }
3083 while (isspace(*s)) s++;
3084
3085 /* {-for-text-editors */
3086 if (*s++ != '}')
3087 {
3088 /* {-for-text-editors */
3089 expand_string_message = string_sprintf("missing } at end of condition "
3090 "inside \"%s\"", name);
3091 return NULL;
3092 }
3093
3094 if (yield) *yield = !testfor;
3095 list = sub[0];
3096 if (is_json) list = dewrap(string_copy(list), US"[]");
3097 while ((iterate_item = is_json
3098 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3099 {
3100 if (is_jsons)
3101 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3102 {
3103 expand_string_message =
3104 string_sprintf("%s wrapping string result for extract jsons",
3105 expand_string_message);
3106 iterate_item = save_iterate_item;
3107 return NULL;
3108 }
3109
3110 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, iterate_item);
3111 if (!eval_condition(sub[1], resetok, &tempcond))
3112 {
3113 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3114 expand_string_message, name);
3115 iterate_item = save_iterate_item;
3116 return NULL;
3117 }
3118 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name,
3119 tempcond? "true":"false");
3120
3121 if (yield) *yield = (tempcond == testfor);
3122 if (tempcond == is_forany) break;
3123 }
3124
3125 iterate_item = save_iterate_item;
3126 return s;
3127 }
3128
3129
3130 /* The bool{} expansion condition maps a string to boolean.
3131 The values supported should match those supported by the ACL condition
3132 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3133 of true/false. Note that Router "condition" rules have a different
3134 interpretation, where general data can be used and only a few values
3135 map to FALSE.
3136 Note that readconf.c boolean matching, for boolean configuration options,
3137 only matches true/yes/false/no.
3138 The bool_lax{} condition matches the Router logic, which is much more
3139 liberal. */
3140 case ECOND_BOOL:
3141 case ECOND_BOOL_LAX:
3142 {
3143 uschar *sub_arg[1];
3144 uschar *t, *t2;
3145 uschar *ourname;
3146 size_t len;
3147 BOOL boolvalue = FALSE;
3148 while (isspace(*s)) s++;
3149 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3150 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3151 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3152 {
3153 case 1: expand_string_message = string_sprintf(
3154 "too few arguments or bracketing error for %s",
3155 ourname);
3156 /*FALLTHROUGH*/
3157 case 2:
3158 case 3: return NULL;
3159 }
3160 t = sub_arg[0];
3161 while (isspace(*t)) t++;
3162 len = Ustrlen(t);
3163 if (len)
3164 {
3165 /* trailing whitespace: seems like a good idea to ignore it too */
3166 t2 = t + len - 1;
3167 while (isspace(*t2)) t2--;
3168 if (t2 != (t + len))
3169 {
3170 *++t2 = '\0';
3171 len = t2 - t;
3172 }
3173 }
3174 DEBUG(D_expand)
3175 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3176 /* logic for the lax case from expand_check_condition(), which also does
3177 expands, and the logic is both short and stable enough that there should
3178 be no maintenance burden from replicating it. */
3179 if (len == 0)
3180 boolvalue = FALSE;
3181 else if (*t == '-'
3182 ? Ustrspn(t+1, "0123456789") == len-1
3183 : Ustrspn(t, "0123456789") == len)
3184 {
3185 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3186 /* expand_check_condition only does a literal string "0" check */
3187 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3188 boolvalue = TRUE;
3189 }
3190 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3191 boolvalue = TRUE;
3192 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3193 boolvalue = FALSE;
3194 else if (cond_type == ECOND_BOOL_LAX)
3195 boolvalue = TRUE;
3196 else
3197 {
3198 expand_string_message = string_sprintf("unrecognised boolean "
3199 "value \"%s\"", t);
3200 return NULL;
3201 }
3202 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
3203 boolvalue? "true":"false");
3204 if (yield != NULL) *yield = (boolvalue == testfor);
3205 return s;
3206 }
3207
3208 /* Unknown condition */
3209
3210 default:
3211 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
3212 return NULL;
3213 } /* End switch on condition type */
3214
3215 /* Missing braces at start and end of data */
3216
3217 COND_FAILED_CURLY_START:
3218 expand_string_message = string_sprintf("missing { after \"%s\"", name);
3219 return NULL;
3220
3221 COND_FAILED_CURLY_END:
3222 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3223 name);
3224 return NULL;
3225
3226 /* A condition requires code that is not compiled */
3227
3228 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3229 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3230 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3231 COND_FAILED_NOT_COMPILED:
3232 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3233 name);
3234 return NULL;
3235 #endif
3236 }
3237
3238
3239
3240
3241 /*************************************************
3242 * Save numerical variables *
3243 *************************************************/
3244
3245 /* This function is called from items such as "if" that want to preserve and
3246 restore the numbered variables.
3247
3248 Arguments:
3249 save_expand_string points to an array of pointers to set
3250 save_expand_nlength points to an array of ints for the lengths
3251
3252 Returns: the value of expand max to save
3253 */
3254
3255 static int
3256 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3257 {
3258 for (int i = 0; i <= expand_nmax; i++)
3259 {
3260 save_expand_nstring[i] = expand_nstring[i];
3261 save_expand_nlength[i] = expand_nlength[i];
3262 }
3263 return expand_nmax;
3264 }
3265
3266
3267
3268 /*************************************************
3269 * Restore numerical variables *
3270 *************************************************/
3271
3272 /* This function restored saved values of numerical strings.
3273
3274 Arguments:
3275 save_expand_nmax the number of strings to restore
3276 save_expand_string points to an array of pointers
3277 save_expand_nlength points to an array of ints
3278
3279 Returns: nothing
3280 */
3281
3282 static void
3283 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3284 int *save_expand_nlength)
3285 {
3286 expand_nmax = save_expand_nmax;
3287 for (int i = 0; i <= expand_nmax; i++)
3288 {
3289 expand_nstring[i] = save_expand_nstring[i];
3290 expand_nlength[i] = save_expand_nlength[i];
3291 }
3292 }
3293
3294
3295
3296
3297
3298 /*************************************************
3299 * Handle yes/no substrings *
3300 *************************************************/
3301
3302 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3303 alternative substrings that depend on whether or not the condition was true,
3304 or the lookup or extraction succeeded. The substrings always have to be
3305 expanded, to check their syntax, but "skipping" is set when the result is not
3306 needed - this avoids unnecessary nested lookups.
3307
3308 Arguments:
3309 skipping TRUE if we were skipping when this item was reached
3310 yes TRUE if the first string is to be used, else use the second
3311 save_lookup a value to put back into lookup_value before the 2nd expansion
3312 sptr points to the input string pointer
3313 yieldptr points to the output growable-string pointer
3314 type "lookup", "if", "extract", "run", "env", "listextract" or
3315 "certextract" for error message
3316 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3317 the store.
3318
3319 Returns: 0 OK; lookup_value has been reset to save_lookup
3320 1 expansion failed
3321 2 expansion failed because of bracketing error
3322 */
3323
3324 static int
3325 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3326 gstring ** yieldptr, uschar *type, BOOL *resetok)
3327 {
3328 int rc = 0;
3329 const uschar *s = *sptr; /* Local value */
3330 uschar *sub1, *sub2;
3331 const uschar * errwhere;
3332
3333 /* If there are no following strings, we substitute the contents of $value for
3334 lookups and for extractions in the success case. For the ${if item, the string
3335 "true" is substituted. In the fail case, nothing is substituted for all three
3336 items. */
3337
3338 while (isspace(*s)) s++;
3339 if (*s == '}')
3340 {
3341 if (type[0] == 'i')
3342 {
3343 if (yes && !skipping)
3344 *yieldptr = string_catn(*yieldptr, US"true", 4);
3345 }
3346 else
3347 {
3348 if (yes && lookup_value && !skipping)
3349 *yieldptr = string_cat(*yieldptr, lookup_value);
3350 lookup_value = save_lookup;
3351 }
3352 s++;
3353 goto RETURN;