426e40e735936436429375bc61dbe62bc004a526
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 #ifdef EXPERIMENTAL_SRS_NATIVE
133 US"srs_encode",
134 #endif
135 US"substr",
136 US"tr" };
137
138 enum {
139 EITEM_ACL,
140 EITEM_AUTHRESULTS,
141 EITEM_CERTEXTRACT,
142 EITEM_DLFUNC,
143 EITEM_ENV,
144 EITEM_EXTRACT,
145 EITEM_FILTER,
146 EITEM_HASH,
147 EITEM_HMAC,
148 EITEM_IF,
149 #ifdef SUPPORT_I18N
150 EITEM_IMAPFOLDER,
151 #endif
152 EITEM_LENGTH,
153 EITEM_LISTEXTRACT,
154 EITEM_LOOKUP,
155 EITEM_MAP,
156 EITEM_NHASH,
157 EITEM_PERL,
158 EITEM_PRVS,
159 EITEM_PRVSCHECK,
160 EITEM_READFILE,
161 EITEM_READSOCK,
162 EITEM_REDUCE,
163 EITEM_RUN,
164 EITEM_SG,
165 EITEM_SORT,
166 #ifdef EXPERIMENTAL_SRS_NATIVE
167 EITEM_SRS_ENCODE,
168 #endif
169 EITEM_SUBSTR,
170 EITEM_TR };
171
172 /* Tables of operator names, and corresponding switch numbers. The names must be
173 in alphabetical order. There are two tables, because underscore is used in some
174 cases to introduce arguments, whereas for other it is part of the name. This is
175 an historical mis-design. */
176
177 static uschar *op_table_underscore[] = {
178 US"from_utf8",
179 US"local_part",
180 US"quote_local_part",
181 US"reverse_ip",
182 US"time_eval",
183 US"time_interval"
184 #ifdef SUPPORT_I18N
185 ,US"utf8_domain_from_alabel",
186 US"utf8_domain_to_alabel",
187 US"utf8_localpart_from_alabel",
188 US"utf8_localpart_to_alabel"
189 #endif
190 };
191
192 enum {
193 EOP_FROM_UTF8,
194 EOP_LOCAL_PART,
195 EOP_QUOTE_LOCAL_PART,
196 EOP_REVERSE_IP,
197 EOP_TIME_EVAL,
198 EOP_TIME_INTERVAL
199 #ifdef SUPPORT_I18N
200 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
201 EOP_UTF8_DOMAIN_TO_ALABEL,
202 EOP_UTF8_LOCALPART_FROM_ALABEL,
203 EOP_UTF8_LOCALPART_TO_ALABEL
204 #endif
205 };
206
207 static uschar *op_table_main[] = {
208 US"address",
209 US"addresses",
210 US"base32",
211 US"base32d",
212 US"base62",
213 US"base62d",
214 US"base64",
215 US"base64d",
216 US"bless",
217 US"domain",
218 US"escape",
219 US"escape8bit",
220 US"eval",
221 US"eval10",
222 US"expand",
223 US"h",
224 US"hash",
225 US"hex2b64",
226 US"hexquote",
227 US"ipv6denorm",
228 US"ipv6norm",
229 US"l",
230 US"lc",
231 US"length",
232 US"listcount",
233 US"listnamed",
234 US"mask",
235 US"md5",
236 US"nh",
237 US"nhash",
238 US"quote",
239 US"randint",
240 US"rfc2047",
241 US"rfc2047d",
242 US"rxquote",
243 US"s",
244 US"sha1",
245 US"sha2",
246 US"sha256",
247 US"sha3",
248 US"stat",
249 US"str2b64",
250 US"strlen",
251 US"substr",
252 US"uc",
253 US"utf8clean" };
254
255 enum {
256 EOP_ADDRESS = nelem(op_table_underscore),
257 EOP_ADDRESSES,
258 EOP_BASE32,
259 EOP_BASE32D,
260 EOP_BASE62,
261 EOP_BASE62D,
262 EOP_BASE64,
263 EOP_BASE64D,
264 EOP_BLESS,
265 EOP_DOMAIN,
266 EOP_ESCAPE,
267 EOP_ESCAPE8BIT,
268 EOP_EVAL,
269 EOP_EVAL10,
270 EOP_EXPAND,
271 EOP_H,
272 EOP_HASH,
273 EOP_HEX2B64,
274 EOP_HEXQUOTE,
275 EOP_IPV6DENORM,
276 EOP_IPV6NORM,
277 EOP_L,
278 EOP_LC,
279 EOP_LENGTH,
280 EOP_LISTCOUNT,
281 EOP_LISTNAMED,
282 EOP_MASK,
283 EOP_MD5,
284 EOP_NH,
285 EOP_NHASH,
286 EOP_QUOTE,
287 EOP_RANDINT,
288 EOP_RFC2047,
289 EOP_RFC2047D,
290 EOP_RXQUOTE,
291 EOP_S,
292 EOP_SHA1,
293 EOP_SHA2,
294 EOP_SHA256,
295 EOP_SHA3,
296 EOP_STAT,
297 EOP_STR2B64,
298 EOP_STRLEN,
299 EOP_SUBSTR,
300 EOP_UC,
301 EOP_UTF8CLEAN };
302
303
304 /* Table of condition names, and corresponding switch numbers. The names must
305 be in alphabetical order. */
306
307 static uschar *cond_table[] = {
308 US"<",
309 US"<=",
310 US"=",
311 US"==", /* Backward compatibility */
312 US">",
313 US">=",
314 US"acl",
315 US"and",
316 US"bool",
317 US"bool_lax",
318 US"crypteq",
319 US"def",
320 US"eq",
321 US"eqi",
322 US"exists",
323 US"first_delivery",
324 US"forall",
325 US"forall_json",
326 US"forall_jsons",
327 US"forany",
328 US"forany_json",
329 US"forany_jsons",
330 US"ge",
331 US"gei",
332 US"gt",
333 US"gti",
334 #ifdef EXPERIMENTAL_SRS_NATIVE
335 US"inbound_srs",
336 #endif
337 US"inlist",
338 US"inlisti",
339 US"isip",
340 US"isip4",
341 US"isip6",
342 US"ldapauth",
343 US"le",
344 US"lei",
345 US"lt",
346 US"lti",
347 US"match",
348 US"match_address",
349 US"match_domain",
350 US"match_ip",
351 US"match_local_part",
352 US"or",
353 US"pam",
354 US"pwcheck",
355 US"queue_running",
356 US"radius",
357 US"saslauthd"
358 };
359
360 enum {
361 ECOND_NUM_L,
362 ECOND_NUM_LE,
363 ECOND_NUM_E,
364 ECOND_NUM_EE,
365 ECOND_NUM_G,
366 ECOND_NUM_GE,
367 ECOND_ACL,
368 ECOND_AND,
369 ECOND_BOOL,
370 ECOND_BOOL_LAX,
371 ECOND_CRYPTEQ,
372 ECOND_DEF,
373 ECOND_STR_EQ,
374 ECOND_STR_EQI,
375 ECOND_EXISTS,
376 ECOND_FIRST_DELIVERY,
377 ECOND_FORALL,
378 ECOND_FORALL_JSON,
379 ECOND_FORALL_JSONS,
380 ECOND_FORANY,
381 ECOND_FORANY_JSON,
382 ECOND_FORANY_JSONS,
383 ECOND_STR_GE,
384 ECOND_STR_GEI,
385 ECOND_STR_GT,
386 ECOND_STR_GTI,
387 #ifdef EXPERIMENTAL_SRS_NATIVE
388 ECOND_INBOUND_SRS,
389 #endif
390 ECOND_INLIST,
391 ECOND_INLISTI,
392 ECOND_ISIP,
393 ECOND_ISIP4,
394 ECOND_ISIP6,
395 ECOND_LDAPAUTH,
396 ECOND_STR_LE,
397 ECOND_STR_LEI,
398 ECOND_STR_LT,
399 ECOND_STR_LTI,
400 ECOND_MATCH,
401 ECOND_MATCH_ADDRESS,
402 ECOND_MATCH_DOMAIN,
403 ECOND_MATCH_IP,
404 ECOND_MATCH_LOCAL_PART,
405 ECOND_OR,
406 ECOND_PAM,
407 ECOND_PWCHECK,
408 ECOND_QUEUE_RUNNING,
409 ECOND_RADIUS,
410 ECOND_SASLAUTHD
411 };
412
413
414 /* Types of table entry */
415
416 enum vtypes {
417 vtype_int, /* value is address of int */
418 vtype_filter_int, /* ditto, but recognized only when filtering */
419 vtype_ino, /* value is address of ino_t (not always an int) */
420 vtype_uid, /* value is address of uid_t (not always an int) */
421 vtype_gid, /* value is address of gid_t (not always an int) */
422 vtype_bool, /* value is address of bool */
423 vtype_stringptr, /* value is address of pointer to string */
424 vtype_msgbody, /* as stringptr, but read when first required */
425 vtype_msgbody_end, /* ditto, the end of the message */
426 vtype_msgheaders, /* the message's headers, processed */
427 vtype_msgheaders_raw, /* the message's headers, unprocessed */
428 vtype_localpart, /* extract local part from string */
429 vtype_domain, /* extract domain from string */
430 vtype_string_func, /* value is string returned by given function */
431 vtype_todbsdin, /* value not used; generate BSD inbox tod */
432 vtype_tode, /* value not used; generate tod in epoch format */
433 vtype_todel, /* value not used; generate tod in epoch/usec format */
434 vtype_todf, /* value not used; generate full tod */
435 vtype_todl, /* value not used; generate log tod */
436 vtype_todlf, /* value not used; generate log file datestamp tod */
437 vtype_todzone, /* value not used; generate time zone only */
438 vtype_todzulu, /* value not used; generate zulu tod */
439 vtype_reply, /* value not used; get reply from headers */
440 vtype_pid, /* value not used; result is pid */
441 vtype_host_lookup, /* value not used; get host name */
442 vtype_load_avg, /* value not used; result is int from os_getloadavg */
443 vtype_pspace, /* partition space; value is T/F for spool/log */
444 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
445 vtype_cert /* SSL certificate */
446 #ifndef DISABLE_DKIM
447 ,vtype_dkim /* Lookup of value in DKIM signature */
448 #endif
449 };
450
451 /* Type for main variable table */
452
453 typedef struct {
454 const char *name;
455 enum vtypes type;
456 void *value;
457 } var_entry;
458
459 /* Type for entries pointing to address/length pairs. Not currently
460 in use. */
461
462 typedef struct {
463 uschar **address;
464 int *length;
465 } alblock;
466
467 static uschar * fn_recipients(void);
468 typedef uschar * stringptr_fn_t(void);
469 static uschar * fn_queue_size(void);
470
471 /* This table must be kept in alphabetical order. */
472
473 static var_entry var_table[] = {
474 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
475 they will be confused with user-creatable ACL variables. */
476 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
477 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
478 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
479 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
480 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
481 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
482 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
483 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
484 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
485 { "acl_narg", vtype_int, &acl_narg },
486 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
487 { "address_data", vtype_stringptr, &deliver_address_data },
488 { "address_file", vtype_stringptr, &address_file },
489 { "address_pipe", vtype_stringptr, &address_pipe },
490 #ifdef EXPERIMENTAL_ARC
491 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
492 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
493 { "arc_state", vtype_stringptr, &arc_state },
494 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
495 #endif
496 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
497 { "authenticated_id", vtype_stringptr, &authenticated_id },
498 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
499 { "authentication_failed",vtype_int, &authentication_failed },
500 #ifdef WITH_CONTENT_SCAN
501 { "av_failed", vtype_int, &av_failed },
502 #endif
503 #ifdef EXPERIMENTAL_BRIGHTMAIL
504 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
505 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
506 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
507 { "bmi_deliver", vtype_int, &bmi_deliver },
508 #endif
509 { "body_linecount", vtype_int, &body_linecount },
510 { "body_zerocount", vtype_int, &body_zerocount },
511 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
512 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
513 { "caller_gid", vtype_gid, &real_gid },
514 { "caller_uid", vtype_uid, &real_uid },
515 { "callout_address", vtype_stringptr, &callout_address },
516 { "compile_date", vtype_stringptr, &version_date },
517 { "compile_number", vtype_stringptr, &version_cnumber },
518 { "config_dir", vtype_stringptr, &config_main_directory },
519 { "config_file", vtype_stringptr, &config_main_filename },
520 { "csa_status", vtype_stringptr, &csa_status },
521 #ifdef EXPERIMENTAL_DCC
522 { "dcc_header", vtype_stringptr, &dcc_header },
523 { "dcc_result", vtype_stringptr, &dcc_result },
524 #endif
525 #ifndef DISABLE_DKIM
526 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
527 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
528 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
529 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
530 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
531 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
532 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
533 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
534 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
535 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
536 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
537 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
538 { "dkim_key_length", vtype_int, &dkim_key_length },
539 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
540 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
541 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
542 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
543 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
544 { "dkim_signers", vtype_stringptr, &dkim_signers },
545 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
546 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
547 #endif
548 #ifdef SUPPORT_DMARC
549 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
550 { "dmarc_status", vtype_stringptr, &dmarc_status },
551 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
552 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
553 #endif
554 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
555 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
556 { "dnslist_text", vtype_stringptr, &dnslist_text },
557 { "dnslist_value", vtype_stringptr, &dnslist_value },
558 { "domain", vtype_stringptr, &deliver_domain },
559 { "domain_data", vtype_stringptr, &deliver_domain_data },
560 #ifndef DISABLE_EVENT
561 { "event_data", vtype_stringptr, &event_data },
562
563 /*XXX want to use generic vars for as many of these as possible*/
564 { "event_defer_errno", vtype_int, &event_defer_errno },
565
566 { "event_name", vtype_stringptr, &event_name },
567 #endif
568 { "exim_gid", vtype_gid, &exim_gid },
569 { "exim_path", vtype_stringptr, &exim_path },
570 { "exim_uid", vtype_uid, &exim_uid },
571 { "exim_version", vtype_stringptr, &version_string },
572 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
573 { "home", vtype_stringptr, &deliver_home },
574 { "host", vtype_stringptr, &deliver_host },
575 { "host_address", vtype_stringptr, &deliver_host_address },
576 { "host_data", vtype_stringptr, &host_data },
577 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
578 { "host_lookup_failed", vtype_int, &host_lookup_failed },
579 { "host_port", vtype_int, &deliver_host_port },
580 { "initial_cwd", vtype_stringptr, &initial_cwd },
581 { "inode", vtype_ino, &deliver_inode },
582 { "interface_address", vtype_stringptr, &interface_address },
583 { "interface_port", vtype_int, &interface_port },
584 { "item", vtype_stringptr, &iterate_item },
585 #ifdef LOOKUP_LDAP
586 { "ldap_dn", vtype_stringptr, &eldap_dn },
587 #endif
588 { "load_average", vtype_load_avg, NULL },
589 { "local_part", vtype_stringptr, &deliver_localpart },
590 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
591 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
592 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
593 { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
594 #ifdef HAVE_LOCAL_SCAN
595 { "local_scan_data", vtype_stringptr, &local_scan_data },
596 #endif
597 { "local_user_gid", vtype_gid, &local_user_gid },
598 { "local_user_uid", vtype_uid, &local_user_uid },
599 { "localhost_number", vtype_int, &host_number },
600 { "log_inodes", vtype_pinodes, (void *)FALSE },
601 { "log_space", vtype_pspace, (void *)FALSE },
602 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
603 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
604 #ifdef WITH_CONTENT_SCAN
605 { "malware_name", vtype_stringptr, &malware_name },
606 #endif
607 { "max_received_linelength", vtype_int, &max_received_linelength },
608 { "message_age", vtype_int, &message_age },
609 { "message_body", vtype_msgbody, &message_body },
610 { "message_body_end", vtype_msgbody_end, &message_body_end },
611 { "message_body_size", vtype_int, &message_body_size },
612 { "message_exim_id", vtype_stringptr, &message_id },
613 { "message_headers", vtype_msgheaders, NULL },
614 { "message_headers_raw", vtype_msgheaders_raw, NULL },
615 { "message_id", vtype_stringptr, &message_id },
616 { "message_linecount", vtype_int, &message_linecount },
617 { "message_size", vtype_int, &message_size },
618 #ifdef SUPPORT_I18N
619 { "message_smtputf8", vtype_bool, &message_smtputf8 },
620 #endif
621 #ifdef WITH_CONTENT_SCAN
622 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
623 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
624 { "mime_boundary", vtype_stringptr, &mime_boundary },
625 { "mime_charset", vtype_stringptr, &mime_charset },
626 { "mime_content_description", vtype_stringptr, &mime_content_description },
627 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
628 { "mime_content_id", vtype_stringptr, &mime_content_id },
629 { "mime_content_size", vtype_int, &mime_content_size },
630 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
631 { "mime_content_type", vtype_stringptr, &mime_content_type },
632 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
633 { "mime_filename", vtype_stringptr, &mime_filename },
634 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
635 { "mime_is_multipart", vtype_int, &mime_is_multipart },
636 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
637 { "mime_part_count", vtype_int, &mime_part_count },
638 #endif
639 { "n0", vtype_filter_int, &filter_n[0] },
640 { "n1", vtype_filter_int, &filter_n[1] },
641 { "n2", vtype_filter_int, &filter_n[2] },
642 { "n3", vtype_filter_int, &filter_n[3] },
643 { "n4", vtype_filter_int, &filter_n[4] },
644 { "n5", vtype_filter_int, &filter_n[5] },
645 { "n6", vtype_filter_int, &filter_n[6] },
646 { "n7", vtype_filter_int, &filter_n[7] },
647 { "n8", vtype_filter_int, &filter_n[8] },
648 { "n9", vtype_filter_int, &filter_n[9] },
649 { "original_domain", vtype_stringptr, &deliver_domain_orig },
650 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
651 { "originator_gid", vtype_gid, &originator_gid },
652 { "originator_uid", vtype_uid, &originator_uid },
653 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
654 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
655 { "pid", vtype_pid, NULL },
656 #ifndef DISABLE_PRDR
657 { "prdr_requested", vtype_bool, &prdr_requested },
658 #endif
659 { "primary_hostname", vtype_stringptr, &primary_hostname },
660 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
661 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
662 { "proxy_external_port", vtype_int, &proxy_external_port },
663 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
664 { "proxy_local_port", vtype_int, &proxy_local_port },
665 { "proxy_session", vtype_bool, &proxy_session },
666 #endif
667 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
668 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
669 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
670 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
671 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
672 { "queue_name", vtype_stringptr, &queue_name },
673 { "queue_size", vtype_string_func, &fn_queue_size },
674 { "rcpt_count", vtype_int, &rcpt_count },
675 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
676 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
677 { "received_count", vtype_int, &received_count },
678 { "received_for", vtype_stringptr, &received_for },
679 { "received_ip_address", vtype_stringptr, &interface_address },
680 { "received_port", vtype_int, &interface_port },
681 { "received_protocol", vtype_stringptr, &received_protocol },
682 { "received_time", vtype_int, &received_time.tv_sec },
683 { "recipient_data", vtype_stringptr, &recipient_data },
684 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
685 { "recipients", vtype_string_func, (void *) &fn_recipients },
686 { "recipients_count", vtype_int, &recipients_count },
687 #ifdef WITH_CONTENT_SCAN
688 { "regex_match_string", vtype_stringptr, &regex_match_string },
689 #endif
690 { "reply_address", vtype_reply, NULL },
691 { "return_path", vtype_stringptr, &return_path },
692 { "return_size_limit", vtype_int, &bounce_return_size_limit },
693 { "router_name", vtype_stringptr, &router_name },
694 { "runrc", vtype_int, &runrc },
695 { "self_hostname", vtype_stringptr, &self_hostname },
696 { "sender_address", vtype_stringptr, &sender_address },
697 { "sender_address_data", vtype_stringptr, &sender_address_data },
698 { "sender_address_domain", vtype_domain, &sender_address },
699 { "sender_address_local_part", vtype_localpart, &sender_address },
700 { "sender_data", vtype_stringptr, &sender_data },
701 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
702 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
703 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
704 { "sender_host_address", vtype_stringptr, &sender_host_address },
705 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
706 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
707 { "sender_host_name", vtype_host_lookup, NULL },
708 { "sender_host_port", vtype_int, &sender_host_port },
709 { "sender_ident", vtype_stringptr, &sender_ident },
710 { "sender_rate", vtype_stringptr, &sender_rate },
711 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
712 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
713 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
714 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
715 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
716 { "sending_port", vtype_int, &sending_port },
717 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
718 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
719 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
720 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
721 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
722 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
723 { "sn0", vtype_filter_int, &filter_sn[0] },
724 { "sn1", vtype_filter_int, &filter_sn[1] },
725 { "sn2", vtype_filter_int, &filter_sn[2] },
726 { "sn3", vtype_filter_int, &filter_sn[3] },
727 { "sn4", vtype_filter_int, &filter_sn[4] },
728 { "sn5", vtype_filter_int, &filter_sn[5] },
729 { "sn6", vtype_filter_int, &filter_sn[6] },
730 { "sn7", vtype_filter_int, &filter_sn[7] },
731 { "sn8", vtype_filter_int, &filter_sn[8] },
732 { "sn9", vtype_filter_int, &filter_sn[9] },
733 #ifdef WITH_CONTENT_SCAN
734 { "spam_action", vtype_stringptr, &spam_action },
735 { "spam_bar", vtype_stringptr, &spam_bar },
736 { "spam_report", vtype_stringptr, &spam_report },
737 { "spam_score", vtype_stringptr, &spam_score },
738 { "spam_score_int", vtype_stringptr, &spam_score_int },
739 #endif
740 #ifdef SUPPORT_SPF
741 { "spf_guess", vtype_stringptr, &spf_guess },
742 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
743 { "spf_received", vtype_stringptr, &spf_received },
744 { "spf_result", vtype_stringptr, &spf_result },
745 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
746 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
747 #endif
748 { "spool_directory", vtype_stringptr, &spool_directory },
749 { "spool_inodes", vtype_pinodes, (void *)TRUE },
750 { "spool_space", vtype_pspace, (void *)TRUE },
751 #ifdef EXPERIMENTAL_SRS
752 { "srs_db_address", vtype_stringptr, &srs_db_address },
753 { "srs_db_key", vtype_stringptr, &srs_db_key },
754 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
755 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
756 #endif
757 #if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
758 { "srs_recipient", vtype_stringptr, &srs_recipient },
759 #endif
760 #ifdef EXPERIMENTAL_SRS
761 { "srs_status", vtype_stringptr, &srs_status },
762 #endif
763 { "thisaddress", vtype_stringptr, &filter_thisaddress },
764
765 /* The non-(in,out) variables are now deprecated */
766 { "tls_bits", vtype_int, &tls_in.bits },
767 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
768 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
769
770 { "tls_in_bits", vtype_int, &tls_in.bits },
771 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
772 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
773 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
774 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
775 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
776 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
777 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
778 #ifdef EXPERIMENTAL_TLS_RESUME
779 { "tls_in_resumption", vtype_int, &tls_in.resumption },
780 #endif
781 #ifndef DISABLE_TLS
782 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
783 #endif
784 { "tls_in_ver", vtype_stringptr, &tls_in.ver },
785 { "tls_out_bits", vtype_int, &tls_out.bits },
786 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
787 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
788 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
789 #ifdef SUPPORT_DANE
790 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
791 #endif
792 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
793 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
794 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
795 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
796 #ifdef EXPERIMENTAL_TLS_RESUME
797 { "tls_out_resumption", vtype_int, &tls_out.resumption },
798 #endif
799 #ifndef DISABLE_TLS
800 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
801 #endif
802 #ifdef SUPPORT_DANE
803 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
804 #endif
805 { "tls_out_ver", vtype_stringptr, &tls_out.ver },
806
807 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
808 #ifndef DISABLE_TLS
809 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
810 #endif
811
812 { "tod_bsdinbox", vtype_todbsdin, NULL },
813 { "tod_epoch", vtype_tode, NULL },
814 { "tod_epoch_l", vtype_todel, NULL },
815 { "tod_full", vtype_todf, NULL },
816 { "tod_log", vtype_todl, NULL },
817 { "tod_logfile", vtype_todlf, NULL },
818 { "tod_zone", vtype_todzone, NULL },
819 { "tod_zulu", vtype_todzulu, NULL },
820 { "transport_name", vtype_stringptr, &transport_name },
821 { "value", vtype_stringptr, &lookup_value },
822 { "verify_mode", vtype_stringptr, &verify_mode },
823 { "version_number", vtype_stringptr, &version_string },
824 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
825 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
826 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
827 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
828 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
829 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
830 };
831
832 static int var_table_size = nelem(var_table);
833 static uschar var_buffer[256];
834 static BOOL malformed_header;
835
836 /* For textual hashes */
837
838 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
839 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
840 "0123456789";
841
842 enum { HMAC_MD5, HMAC_SHA1 };
843
844 /* For numeric hashes */
845
846 static unsigned int prime[] = {
847 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
848 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
849 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
850
851 /* For printing modes in symbolic form */
852
853 static uschar *mtable_normal[] =
854 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
855
856 static uschar *mtable_setid[] =
857 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
858
859 static uschar *mtable_sticky[] =
860 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
861
862 /* flags for find_header() */
863 #define FH_EXISTS_ONLY BIT(0)
864 #define FH_WANT_RAW BIT(1)
865 #define FH_WANT_LIST BIT(2)
866
867
868 /*************************************************
869 * Tables for UTF-8 support *
870 *************************************************/
871
872 /* Table of the number of extra characters, indexed by the first character
873 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
874 0x3d. */
875
876 static uschar utf8_table1[] = {
877 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
878 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
879 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
880 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
881
882 /* These are the masks for the data bits in the first byte of a character,
883 indexed by the number of additional bytes. */
884
885 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
886
887 /* Get the next UTF-8 character, advancing the pointer. */
888
889 #define GETUTF8INC(c, ptr) \
890 c = *ptr++; \
891 if ((c & 0xc0) == 0xc0) \
892 { \
893 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
894 int s = 6*a; \
895 c = (c & utf8_table2[a]) << s; \
896 while (a-- > 0) \
897 { \
898 s -= 6; \
899 c |= (*ptr++ & 0x3f) << s; \
900 } \
901 }
902
903
904
905 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
906
907 /*************************************************
908 * Binary chop search on a table *
909 *************************************************/
910
911 /* This is used for matching expansion items and operators.
912
913 Arguments:
914 name the name that is being sought
915 table the table to search
916 table_size the number of items in the table
917
918 Returns: the offset in the table, or -1
919 */
920
921 static int
922 chop_match(uschar *name, uschar **table, int table_size)
923 {
924 uschar **bot = table;
925 uschar **top = table + table_size;
926
927 while (top > bot)
928 {
929 uschar **mid = bot + (top - bot)/2;
930 int c = Ustrcmp(name, *mid);
931 if (c == 0) return mid - table;
932 if (c > 0) bot = mid + 1; else top = mid;
933 }
934
935 return -1;
936 }
937
938
939
940 /*************************************************
941 * Check a condition string *
942 *************************************************/
943
944 /* This function is called to expand a string, and test the result for a "true"
945 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
946 forced fail or lookup defer.
947
948 We used to release all store used, but this is not not safe due
949 to ${dlfunc } and ${acl }. In any case expand_string_internal()
950 is reasonably careful to release what it can.
951
952 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
953
954 Arguments:
955 condition the condition string
956 m1 text to be incorporated in panic error
957 m2 ditto
958
959 Returns: TRUE if condition is met, FALSE if not
960 */
961
962 BOOL
963 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
964 {
965 uschar * ss = expand_string(condition);
966 if (!ss)
967 {
968 if (!f.expand_string_forcedfail && !f.search_find_defer)
969 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
970 "for %s %s: %s", condition, m1, m2, expand_string_message);
971 return FALSE;
972 }
973 return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
974 strcmpic(ss, US"false") != 0;
975 }
976
977
978
979
980 /*************************************************
981 * Pseudo-random number generation *
982 *************************************************/
983
984 /* Pseudo-random number generation. The result is not "expected" to be
985 cryptographically strong but not so weak that someone will shoot themselves
986 in the foot using it as a nonce in some email header scheme or whatever
987 weirdness they'll twist this into. The result should ideally handle fork().
988
989 However, if we're stuck unable to provide this, then we'll fall back to
990 appallingly bad randomness.
991
992 If DISABLE_TLS is not defined then this will not be used except as an emergency
993 fallback.
994
995 Arguments:
996 max range maximum
997 Returns a random number in range [0, max-1]
998 */
999
1000 #ifndef DISABLE_TLS
1001 # define vaguely_random_number vaguely_random_number_fallback
1002 #endif
1003 int
1004 vaguely_random_number(int max)
1005 {
1006 #ifndef DISABLE_TLS
1007 # undef vaguely_random_number
1008 #endif
1009 static pid_t pid = 0;
1010 pid_t p2;
1011
1012 if ((p2 = getpid()) != pid)
1013 {
1014 if (pid != 0)
1015 {
1016
1017 #ifdef HAVE_ARC4RANDOM
1018 /* cryptographically strong randomness, common on *BSD platforms, not
1019 so much elsewhere. Alas. */
1020 # ifndef NOT_HAVE_ARC4RANDOM_STIR
1021 arc4random_stir();
1022 # endif
1023 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1024 # ifdef HAVE_SRANDOMDEV
1025 /* uses random(4) for seeding */
1026 srandomdev();
1027 # else
1028 {
1029 struct timeval tv;
1030 gettimeofday(&tv, NULL);
1031 srandom(tv.tv_sec | tv.tv_usec | getpid());
1032 }
1033 # endif
1034 #else
1035 /* Poor randomness and no seeding here */
1036 #endif
1037
1038 }
1039 pid = p2;
1040 }
1041
1042 #ifdef HAVE_ARC4RANDOM
1043 return arc4random() % max;
1044 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1045 return random() % max;
1046 #else
1047 /* This one returns a 16-bit number, definitely not crypto-strong */
1048 return random_number(max);
1049 #endif
1050 }
1051
1052
1053
1054
1055 /*************************************************
1056 * Pick out a name from a string *
1057 *************************************************/
1058
1059 /* If the name is too long, it is silently truncated.
1060
1061 Arguments:
1062 name points to a buffer into which to put the name
1063 max is the length of the buffer
1064 s points to the first alphabetic character of the name
1065 extras chars other than alphanumerics to permit
1066
1067 Returns: pointer to the first character after the name
1068
1069 Note: The test for *s != 0 in the while loop is necessary because
1070 Ustrchr() yields non-NULL if the character is zero (which is not something
1071 I expected). */
1072
1073 static const uschar *
1074 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1075 {
1076 int ptr = 0;
1077 while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1078 {
1079 if (ptr < max-1) name[ptr++] = *s;
1080 s++;
1081 }
1082 name[ptr] = 0;
1083 return s;
1084 }
1085
1086
1087
1088 /*************************************************
1089 * Pick out the rest of a header name *
1090 *************************************************/
1091
1092 /* A variable name starting $header_ (or just $h_ for those who like
1093 abbreviations) might not be the complete header name because headers can
1094 contain any printing characters in their names, except ':'. This function is
1095 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1096 on the end, if the name was terminated by white space.
1097
1098 Arguments:
1099 name points to a buffer in which the name read so far exists
1100 max is the length of the buffer
1101 s points to the first character after the name so far, i.e. the
1102 first non-alphameric character after $header_xxxxx
1103
1104 Returns: a pointer to the first character after the header name
1105 */
1106
1107 static const uschar *
1108 read_header_name(uschar *name, int max, const uschar *s)
1109 {
1110 int prelen = Ustrchr(name, '_') - name + 1;
1111 int ptr = Ustrlen(name) - prelen;
1112 if (ptr > 0) memmove(name, name+prelen, ptr);
1113 while (mac_isgraph(*s) && *s != ':')
1114 {
1115 if (ptr < max-1) name[ptr++] = *s;
1116 s++;
1117 }
1118 if (*s == ':') s++;
1119 name[ptr++] = ':';
1120 name[ptr] = 0;
1121 return s;
1122 }
1123
1124
1125
1126 /*************************************************
1127 * Pick out a number from a string *
1128 *************************************************/
1129
1130 /* Arguments:
1131 n points to an integer into which to put the number
1132 s points to the first digit of the number
1133
1134 Returns: a pointer to the character after the last digit
1135 */
1136 /*XXX consider expanding to int_eximarith_t. But the test for
1137 "overbig numbers" in 0002 still needs to overflow it. */
1138
1139 static uschar *
1140 read_number(int *n, uschar *s)
1141 {
1142 *n = 0;
1143 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1144 return s;
1145 }
1146
1147 static const uschar *
1148 read_cnumber(int *n, const uschar *s)
1149 {
1150 *n = 0;
1151 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1152 return s;
1153 }
1154
1155
1156
1157 /*************************************************
1158 * Extract keyed subfield from a string *
1159 *************************************************/
1160
1161 /* The yield is in dynamic store; NULL means that the key was not found.
1162
1163 Arguments:
1164 key points to the name of the key
1165 s points to the string from which to extract the subfield
1166
1167 Returns: NULL if the subfield was not found, or
1168 a pointer to the subfield's data
1169 */
1170
1171 static uschar *
1172 expand_getkeyed(uschar * key, const uschar * s)
1173 {
1174 int length = Ustrlen(key);
1175 while (isspace(*s)) s++;
1176
1177 /* Loop to search for the key */
1178
1179 while (*s)
1180 {
1181 int dkeylength;
1182 uschar * data;
1183 const uschar * dkey = s;
1184
1185 while (*s && *s != '=' && !isspace(*s)) s++;
1186 dkeylength = s - dkey;
1187 while (isspace(*s)) s++;
1188 if (*s == '=') while (isspace((*(++s))));
1189
1190 data = string_dequote(&s);
1191 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1192 return data;
1193
1194 while (isspace(*s)) s++;
1195 }
1196
1197 return NULL;
1198 }
1199
1200
1201
1202 static var_entry *
1203 find_var_ent(uschar * name)
1204 {
1205 int first = 0;
1206 int last = var_table_size;
1207
1208 while (last > first)
1209 {
1210 int middle = (first + last)/2;
1211 int c = Ustrcmp(name, var_table[middle].name);
1212
1213 if (c > 0) { first = middle + 1; continue; }
1214 if (c < 0) { last = middle; continue; }
1215 return &var_table[middle];
1216 }
1217 return NULL;
1218 }
1219
1220 /*************************************************
1221 * Extract numbered subfield from string *
1222 *************************************************/
1223
1224 /* Extracts a numbered field from a string that is divided by tokens - for
1225 example a line from /etc/passwd is divided by colon characters. First field is
1226 numbered one. Negative arguments count from the right. Zero returns the whole
1227 string. Returns NULL if there are insufficient tokens in the string
1228
1229 ***WARNING***
1230 Modifies final argument - this is a dynamically generated string, so that's OK.
1231
1232 Arguments:
1233 field number of field to be extracted,
1234 first field = 1, whole string = 0, last field = -1
1235 separators characters that are used to break string into tokens
1236 s points to the string from which to extract the subfield
1237
1238 Returns: NULL if the field was not found,
1239 a pointer to the field's data inside s (modified to add 0)
1240 */
1241
1242 static uschar *
1243 expand_gettokened (int field, uschar *separators, uschar *s)
1244 {
1245 int sep = 1;
1246 int count;
1247 uschar *ss = s;
1248 uschar *fieldtext = NULL;
1249
1250 if (field == 0) return s;
1251
1252 /* Break the line up into fields in place; for field > 0 we stop when we have
1253 done the number of fields we want. For field < 0 we continue till the end of
1254 the string, counting the number of fields. */
1255
1256 count = (field > 0)? field : INT_MAX;
1257
1258 while (count-- > 0)
1259 {
1260 size_t len;
1261
1262 /* Previous field was the last one in the string. For a positive field
1263 number, this means there are not enough fields. For a negative field number,
1264 check that there are enough, and scan back to find the one that is wanted. */
1265
1266 if (sep == 0)
1267 {
1268 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1269 if ((-field) == (INT_MAX - count - 1)) return s;
1270 while (field++ < 0)
1271 {
1272 ss--;
1273 while (ss[-1] != 0) ss--;
1274 }
1275 fieldtext = ss;
1276 break;
1277 }
1278
1279 /* Previous field was not last in the string; save its start and put a
1280 zero at its end. */
1281
1282 fieldtext = ss;
1283 len = Ustrcspn(ss, separators);
1284 sep = ss[len];
1285 ss[len] = 0;
1286 ss += len + 1;
1287 }
1288
1289 return fieldtext;
1290 }
1291
1292
1293 static uschar *
1294 expand_getlistele(int field, const uschar * list)
1295 {
1296 const uschar * tlist = list;
1297 int sep = 0;
1298 uschar dummy;
1299
1300 if (field < 0)
1301 {
1302 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1303 sep = 0;
1304 }
1305 if (field == 0) return NULL;
1306 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1307 return string_nextinlist(&list, &sep, NULL, 0);
1308 }
1309
1310
1311 /* Certificate fields, by name. Worry about by-OID later */
1312 /* Names are chosen to not have common prefixes */
1313
1314 #ifndef DISABLE_TLS
1315 typedef struct
1316 {
1317 uschar * name;
1318 int namelen;
1319 uschar * (*getfn)(void * cert, uschar * mod);
1320 } certfield;
1321 static certfield certfields[] =
1322 { /* linear search; no special order */
1323 { US"version", 7, &tls_cert_version },
1324 { US"serial_number", 13, &tls_cert_serial_number },
1325 { US"subject", 7, &tls_cert_subject },
1326 { US"notbefore", 9, &tls_cert_not_before },
1327 { US"notafter", 8, &tls_cert_not_after },
1328 { US"issuer", 6, &tls_cert_issuer },
1329 { US"signature", 9, &tls_cert_signature },
1330 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1331 { US"subj_altname", 12, &tls_cert_subject_altname },
1332 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1333 { US"crl_uri", 7, &tls_cert_crl_uri },
1334 };
1335
1336 static uschar *
1337 expand_getcertele(uschar * field, uschar * certvar)
1338 {
1339 var_entry * vp;
1340
1341 if (!(vp = find_var_ent(certvar)))
1342 {
1343 expand_string_message =
1344 string_sprintf("no variable named \"%s\"", certvar);
1345 return NULL; /* Unknown variable name */
1346 }
1347 /* NB this stops us passing certs around in variable. Might
1348 want to do that in future */
1349 if (vp->type != vtype_cert)
1350 {
1351 expand_string_message =
1352 string_sprintf("\"%s\" is not a certificate", certvar);
1353 return NULL; /* Unknown variable name */
1354 }
1355 if (!*(void **)vp->value)
1356 return NULL;
1357
1358 if (*field >= '0' && *field <= '9')
1359 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1360
1361 for (certfield * cp = certfields;
1362 cp < certfields + nelem(certfields);
1363 cp++)
1364 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1365 {
1366 uschar * modifier = *(field += cp->namelen) == ','
1367 ? ++field : NULL;
1368 return (*cp->getfn)( *(void **)vp->value, modifier );
1369 }
1370
1371 expand_string_message =
1372 string_sprintf("bad field selector \"%s\" for certextract", field);
1373 return NULL;
1374 }
1375 #endif /*DISABLE_TLS*/
1376
1377 /*************************************************
1378 * Extract a substring from a string *
1379 *************************************************/
1380
1381 /* Perform the ${substr or ${length expansion operations.
1382
1383 Arguments:
1384 subject the input string
1385 value1 the offset from the start of the input string to the start of
1386 the output string; if negative, count from the right.
1387 value2 the length of the output string, or negative (-1) for unset
1388 if value1 is positive, unset means "all after"
1389 if value1 is negative, unset means "all before"
1390 len set to the length of the returned string
1391
1392 Returns: pointer to the output string, or NULL if there is an error
1393 */
1394
1395 static uschar *
1396 extract_substr(uschar *subject, int value1, int value2, int *len)
1397 {
1398 int sublen = Ustrlen(subject);
1399
1400 if (value1 < 0) /* count from right */
1401 {
1402 value1 += sublen;
1403
1404 /* If the position is before the start, skip to the start, and adjust the
1405 length. If the length ends up negative, the substring is null because nothing
1406 can precede. This falls out naturally when the length is unset, meaning "all
1407 to the left". */
1408
1409 if (value1 < 0)
1410 {
1411 value2 += value1;
1412 if (value2 < 0) value2 = 0;
1413 value1 = 0;
1414 }
1415
1416 /* Otherwise an unset length => characters before value1 */
1417
1418 else if (value2 < 0)
1419 {
1420 value2 = value1;
1421 value1 = 0;
1422 }
1423 }
1424
1425 /* For a non-negative offset, if the starting position is past the end of the
1426 string, the result will be the null string. Otherwise, an unset length means
1427 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1428
1429 else
1430 {
1431 if (value1 > sublen)
1432 {
1433 value1 = sublen;
1434 value2 = 0;
1435 }
1436 else if (value2 < 0) value2 = sublen;
1437 }
1438
1439 /* Cut the length down to the maximum possible for the offset value, and get
1440 the required characters. */
1441
1442 if (value1 + value2 > sublen) value2 = sublen - value1;
1443 *len = value2;
1444 return subject + value1;
1445 }
1446
1447
1448
1449
1450 /*************************************************
1451 * Old-style hash of a string *
1452 *************************************************/
1453
1454 /* Perform the ${hash expansion operation.
1455
1456 Arguments:
1457 subject the input string (an expanded substring)
1458 value1 the length of the output string; if greater or equal to the
1459 length of the input string, the input string is returned
1460 value2 the number of hash characters to use, or 26 if negative
1461 len set to the length of the returned string
1462
1463 Returns: pointer to the output string, or NULL if there is an error
1464 */
1465
1466 static uschar *
1467 compute_hash(uschar *subject, int value1, int value2, int *len)
1468 {
1469 int sublen = Ustrlen(subject);
1470
1471 if (value2 < 0) value2 = 26;
1472 else if (value2 > Ustrlen(hashcodes))
1473 {
1474 expand_string_message =
1475 string_sprintf("hash count \"%d\" too big", value2);
1476 return NULL;
1477 }
1478
1479 /* Calculate the hash text. We know it is shorter than the original string, so
1480 can safely place it in subject[] (we know that subject is always itself an
1481 expanded substring). */
1482
1483 if (value1 < sublen)
1484 {
1485 int c;
1486 int i = 0;
1487 int j = value1;
1488 while ((c = (subject[j])) != 0)
1489 {
1490 int shift = (c + j++) & 7;
1491 subject[i] ^= (c << shift) | (c >> (8-shift));
1492 if (++i >= value1) i = 0;
1493 }
1494 for (i = 0; i < value1; i++)
1495 subject[i] = hashcodes[(subject[i]) % value2];
1496 }
1497 else value1 = sublen;
1498
1499 *len = value1;
1500 return subject;
1501 }
1502
1503
1504
1505
1506 /*************************************************
1507 * Numeric hash of a string *
1508 *************************************************/
1509
1510 /* Perform the ${nhash expansion operation. The first characters of the
1511 string are treated as most important, and get the highest prime numbers.
1512
1513 Arguments:
1514 subject the input string
1515 value1 the maximum value of the first part of the result
1516 value2 the maximum value of the second part of the result,
1517 or negative to produce only a one-part result
1518 len set to the length of the returned string
1519
1520 Returns: pointer to the output string, or NULL if there is an error.
1521 */
1522
1523 static uschar *
1524 compute_nhash (uschar *subject, int value1, int value2, int *len)
1525 {
1526 uschar *s = subject;
1527 int i = 0;
1528 unsigned long int total = 0; /* no overflow */
1529
1530 while (*s != 0)
1531 {
1532 if (i == 0) i = nelem(prime) - 1;
1533 total += prime[i--] * (unsigned int)(*s++);
1534 }
1535
1536 /* If value2 is unset, just compute one number */
1537
1538 if (value2 < 0)
1539 s = string_sprintf("%lu", total % value1);
1540
1541 /* Otherwise do a div/mod hash */
1542
1543 else
1544 {
1545 total = total % (value1 * value2);
1546 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1547 }
1548
1549 *len = Ustrlen(s);
1550 return s;
1551 }
1552
1553
1554
1555
1556
1557 /*************************************************
1558 * Find the value of a header or headers *
1559 *************************************************/
1560
1561 /* Multiple instances of the same header get concatenated, and this function
1562 can also return a concatenation of all the header lines. When concatenating
1563 specific headers that contain lists of addresses, a comma is inserted between
1564 them. Otherwise we use a straight concatenation. Because some messages can have
1565 pathologically large number of lines, there is a limit on the length that is
1566 returned.
1567
1568 Arguments:
1569 name the name of the header, without the leading $header_ or $h_,
1570 or NULL if a concatenation of all headers is required
1571 newsize return the size of memory block that was obtained; may be NULL
1572 if exists_only is TRUE
1573 flags FH_EXISTS_ONLY
1574 set if called from a def: test; don't need to build a string;
1575 just return a string that is not "" and not "0" if the header
1576 exists
1577 FH_WANT_RAW
1578 set if called for $rh_ or $rheader_ items; no processing,
1579 other than concatenating, will be done on the header. Also used
1580 for $message_headers_raw.
1581 FH_WANT_LIST
1582 Double colon chars in the content, and replace newline with
1583 colon between each element when concatenating; returning a
1584 colon-sep list (elements might contain newlines)
1585 charset name of charset to translate MIME words to; used only if
1586 want_raw is false; if NULL, no translation is done (this is
1587 used for $bh_ and $bheader_)
1588
1589 Returns: NULL if the header does not exist, else a pointer to a new
1590 store block
1591 */
1592
1593 static uschar *
1594 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1595 {
1596 BOOL found = !name;
1597 int len = name ? Ustrlen(name) : 0;
1598 BOOL comma = FALSE;
1599 gstring * g = NULL;
1600
1601 for (header_line * h = header_list; h; h = h->next)
1602 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1603 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1604 {
1605 uschar * s, * t;
1606 size_t inc;
1607
1608 if (flags & FH_EXISTS_ONLY)
1609 return US"1"; /* don't need actual string */
1610
1611 found = TRUE;
1612 s = h->text + len; /* text to insert */
1613 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1614 while (isspace(*s)) s++; /* remove leading white space */
1615 t = h->text + h->slen; /* end-point */
1616
1617 /* Unless wanted raw, remove trailing whitespace, including the
1618 newline. */
1619
1620 if (flags & FH_WANT_LIST)
1621 while (t > s && t[-1] == '\n') t--;
1622 else if (!(flags & FH_WANT_RAW))
1623 {
1624 while (t > s && isspace(t[-1])) t--;
1625
1626 /* Set comma if handling a single header and it's one of those
1627 that contains an address list, except when asked for raw headers. Only
1628 need to do this once. */
1629
1630 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1631 }
1632
1633 /* Trim the header roughly if we're approaching limits */
1634 inc = t - s;
1635 if (gstring_length(g) + inc > header_insert_maxlen)
1636 inc = header_insert_maxlen - gstring_length(g);
1637
1638 /* For raw just copy the data; for a list, add the data as a colon-sep
1639 list-element; for comma-list add as an unchecked comma,newline sep
1640 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1641 stripped trailing WS above including the newline). We ignore the potential
1642 expansion due to colon-doubling, just leaving the loop if the limit is met
1643 or exceeded. */
1644
1645 if (flags & FH_WANT_LIST)
1646 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1647 else if (flags & FH_WANT_RAW)
1648 g = string_catn(g, s, (unsigned)inc);
1649 else if (inc > 0)
1650 g = string_append2_listele_n(g, comma ? US",\n" : US"\n",
1651 s, (unsigned)inc);
1652
1653 if (gstring_length(g) >= header_insert_maxlen) break;
1654 }
1655
1656 if (!found) return NULL; /* No header found */
1657 if (!g) return US"";
1658
1659 /* That's all we do for raw header expansion. */
1660
1661 *newsize = g->size;
1662 if (flags & FH_WANT_RAW)
1663 return string_from_gstring(g);
1664
1665 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1666 The rfc2047_decode2() function can return an error with decoded data if the
1667 charset translation fails. If decoding fails, it returns NULL. */
1668
1669 else
1670 {
1671 uschar * error, * decoded = rfc2047_decode2(string_from_gstring(g),
1672 check_rfc2047_length, charset, '?', NULL, newsize, &error);
1673 if (error)
1674 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1675 " input was: %s\n", error, g->s);
1676 return decoded ? decoded : string_from_gstring(g);
1677 }
1678 }
1679
1680
1681
1682
1683 /* Append a "local" element to an Authentication-Results: header
1684 if this was a non-smtp message.
1685 */
1686
1687 static gstring *
1688 authres_local(gstring * g, const uschar * sysname)
1689 {
1690 if (!f.authentication_local)
1691 return g;
1692 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1693 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1694 return g;
1695 }
1696
1697
1698 /* Append an "iprev" element to an Authentication-Results: header
1699 if we have attempted to get the calling host's name.
1700 */
1701
1702 static gstring *
1703 authres_iprev(gstring * g)
1704 {
1705 if (sender_host_name)
1706 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1707 else if (host_lookup_deferred)
1708 g = string_catn(g, US";\n\tiprev=temperror", 19);
1709 else if (host_lookup_failed)
1710 g = string_catn(g, US";\n\tiprev=fail", 13);
1711 else
1712 return g;
1713
1714 if (sender_host_address)
1715 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1716 return g;
1717 }
1718
1719
1720
1721 /*************************************************
1722 * Return list of recipients *
1723 *************************************************/
1724 /* A recipients list is available only during system message filtering,
1725 during ACL processing after DATA, and while expanding pipe commands
1726 generated from a system filter, but not elsewhere. */
1727
1728 static uschar *
1729 fn_recipients(void)
1730 {
1731 uschar * s;
1732 gstring * g = NULL;
1733
1734 if (!f.enable_dollar_recipients) return NULL;
1735
1736 for (int i = 0; i < recipients_count; i++)
1737 {
1738 s = recipients_list[i].address;
1739 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1740 }
1741 return g ? g->s : NULL;
1742 }
1743
1744
1745 /*************************************************
1746 * Return size of queue *
1747 *************************************************/
1748 /* Ask the daemon for the queue size */
1749
1750 static uschar *
1751 fn_queue_size(void)
1752 {
1753 struct sockaddr_un sa_un = {.sun_family = AF_UNIX};
1754 uschar buf[16];
1755 int fd;
1756 ssize_t len;
1757 const uschar * where;
1758 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1759 uschar * sname;
1760 #endif
1761
1762 if ((fd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
1763 {
1764 DEBUG(D_expand) debug_printf(" socket: %s\n", strerror(errno));
1765 return NULL;
1766 }
1767
1768 #ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1769 sa_un.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1770 len = offsetof(struct sockaddr_un, sun_path) + 1
1771 + snprintf(sa_un.sun_path+1, sizeof(sa_un.sun_path)-1, "exim_%d", getpid());
1772 #else
1773 sname = string_sprintf("%s/p_%d", spool_directory, getpid());
1774 len = offsetof(struct sockaddr_un, sun_path)
1775 + snprintf(sa_un.sun_path, sizeof(sa_un.sun_path), "%s", sname);
1776 #endif
1777
1778 if (bind(fd, (const struct sockaddr *)&sa_un, len) < 0)
1779 { where = US"bind"; goto bad; }
1780
1781 #ifdef notdef
1782 debug_printf("local addr '%s%s'\n",
1783 *sa_un.sun_path ? "" : "@",
1784 sa_un.sun_path + (*sa_un.sun_path ? 0 : 1));
1785 #endif
1786
1787 #ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1788 sa_un.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1789 len = offsetof(struct sockaddr_un, sun_path) + 1
1790 + snprintf(sa_un.sun_path+1, sizeof(sa_un.sun_path)-1, "%s", NOTIFIER_SOCKET_NAME);
1791 #else
1792 len = offsetof(struct sockaddr_un, sun_path)
1793 + snprintf(sa_un.sun_path, sizeof(sa_un.sun_path), "%s/%s",
1794 spool_directory, NOTIFIER_SOCKET_NAME);
1795 #endif
1796
1797 if (connect(fd, (const struct sockaddr *)&sa_un, len) < 0)
1798 { where = US"connect"; goto bad; }
1799
1800 buf[0] = NOTIFY_QUEUE_SIZE_REQ;
1801 if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; }
1802
1803 if ((len = recv(fd, buf, sizeof(buf), 0)) < 0) { where = US"recv"; goto bad; }
1804
1805 close(fd);
1806 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1807 Uunlink(sname);
1808 #endif
1809 return string_copyn(buf, len);
1810
1811 bad:
1812 close(fd);
1813 DEBUG(D_expand) debug_printf(" %s: %s\n", where, strerror(errno));
1814 return NULL;
1815 }
1816
1817
1818 /*************************************************
1819 * Find value of a variable *
1820 *************************************************/
1821
1822 /* The table of variables is kept in alphabetic order, so we can search it
1823 using a binary chop. The "choplen" variable is nothing to do with the binary
1824 chop.
1825
1826 Arguments:
1827 name the name of the variable being sought
1828 exists_only TRUE if this is a def: test; passed on to find_header()
1829 skipping TRUE => skip any processing evaluation; this is not the same as
1830 exists_only because def: may test for values that are first
1831 evaluated here
1832 newsize pointer to an int which is initially zero; if the answer is in
1833 a new memory buffer, *newsize is set to its size
1834
1835 Returns: NULL if the variable does not exist, or
1836 a pointer to the variable's contents, or
1837 something non-NULL if exists_only is TRUE
1838 */
1839
1840 static uschar *
1841 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1842 {
1843 var_entry * vp;
1844 uschar *s, *domain;
1845 uschar **ss;
1846 void * val;
1847
1848 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1849 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1850 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1851 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1852 (this gave backwards compatibility at the changeover). There may be built-in
1853 variables whose names start acl_ but they should never start in this way. This
1854 slightly messy specification is a consequence of the history, needless to say.
1855
1856 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1857 set, in which case give an error. */
1858
1859 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1860 !isalpha(name[5]))
1861 {
1862 tree_node * node =
1863 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1864 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1865 }
1866 else if (Ustrncmp(name, "r_", 2) == 0)
1867 {
1868 tree_node * node = tree_search(router_var, name + 2);
1869 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1870 }
1871
1872 /* Handle $auth<n> variables. */
1873
1874 if (Ustrncmp(name, "auth", 4) == 0)
1875 {
1876 uschar *endptr;
1877 int n = Ustrtoul(name + 4, &endptr, 10);
1878 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1879 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1880 }
1881 else if (Ustrncmp(name, "regex", 5) == 0)
1882 {
1883 uschar *endptr;
1884 int n = Ustrtoul(name + 5, &endptr, 10);
1885 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1886 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1887 }
1888
1889 /* For all other variables, search the table */
1890
1891 if (!(vp = find_var_ent(name)))
1892 return NULL; /* Unknown variable name */
1893
1894 /* Found an existing variable. If in skipping state, the value isn't needed,
1895 and we want to avoid processing (such as looking up the host name). */
1896
1897 if (skipping)
1898 return US"";
1899
1900 val = vp->value;
1901 switch (vp->type)
1902 {
1903 case vtype_filter_int:
1904 if (!f.filter_running) return NULL;
1905 /* Fall through */
1906 /* VVVVVVVVVVVV */
1907 case vtype_int:
1908 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1909 return var_buffer;
1910
1911 case vtype_ino:
1912 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1913 return var_buffer;
1914
1915 case vtype_gid:
1916 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1917 return var_buffer;
1918
1919 case vtype_uid:
1920 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1921 return var_buffer;
1922
1923 case vtype_bool:
1924 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1925 return var_buffer;
1926
1927 case vtype_stringptr: /* Pointer to string */
1928 return (s = *((uschar **)(val))) ? s : US"";
1929
1930 case vtype_pid:
1931 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1932 return var_buffer;
1933
1934 case vtype_load_avg:
1935 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1936 return var_buffer;
1937
1938 case vtype_host_lookup: /* Lookup if not done so */
1939 if ( !sender_host_name && sender_host_address
1940 && !host_lookup_failed && host_name_lookup() == OK)
1941 host_build_sender_fullhost();
1942 return sender_host_name ? sender_host_name : US"";
1943
1944 case vtype_localpart: /* Get local part from address */
1945 if (!(s = *((uschar **)(val)))) return US"";
1946 if (!(domain = Ustrrchr(s, '@'))) return s;
1947 if (domain - s > sizeof(var_buffer) - 1)
1948 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1949 " in string expansion", sizeof(var_buffer));
1950 return string_copyn(s, domain - s);
1951
1952 case vtype_domain: /* Get domain from address */
1953 if (!(s = *((uschar **)(val)))) return US"";
1954 domain = Ustrrchr(s, '@');
1955 return domain ? domain + 1 : US"";
1956
1957 case vtype_msgheaders:
1958 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1959
1960 case vtype_msgheaders_raw:
1961 return find_header(NULL, newsize,
1962 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1963
1964 case vtype_msgbody: /* Pointer to msgbody string */
1965 case vtype_msgbody_end: /* Ditto, the end of the msg */
1966 ss = (uschar **)(val);
1967 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1968 {
1969 uschar *body;
1970 off_t start_offset = SPOOL_DATA_START_OFFSET;
1971 int len = message_body_visible;
1972 if (len > message_size) len = message_size;
1973 *ss = body = store_malloc(len+1);
1974 body[0] = 0;
1975 if (vp->type == vtype_msgbody_end)
1976 {
1977 struct stat statbuf;
1978 if (fstat(deliver_datafile, &statbuf) == 0)
1979 {
1980 start_offset = statbuf.st_size - len;
1981 if (start_offset < SPOOL_DATA_START_OFFSET)
1982 start_offset = SPOOL_DATA_START_OFFSET;
1983 }
1984 }
1985 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1986 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1987 strerror(errno));
1988 len = read(deliver_datafile, body, len);
1989 if (len > 0)
1990 {
1991 body[len] = 0;
1992 if (message_body_newlines) /* Separate loops for efficiency */
1993 while (len > 0)
1994 { if (body[--len] == 0) body[len] = ' '; }
1995 else
1996 while (len > 0)
1997 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1998 }
1999 }
2000 return *ss ? *ss : US"";
2001
2002 case vtype_todbsdin: /* BSD inbox time of day */
2003 return tod_stamp(tod_bsdin);
2004
2005 case vtype_tode: /* Unix epoch time of day */
2006 return tod_stamp(tod_epoch);
2007
2008 case vtype_todel: /* Unix epoch/usec time of day */
2009 return tod_stamp(tod_epoch_l);
2010
2011 case vtype_todf: /* Full time of day */
2012 return tod_stamp(tod_full);
2013
2014 case vtype_todl: /* Log format time of day */
2015 return tod_stamp(tod_log_bare); /* (without timezone) */
2016
2017 case vtype_todzone: /* Time zone offset only */
2018 return tod_stamp(tod_zone);
2019
2020 case vtype_todzulu: /* Zulu time */
2021 return tod_stamp(tod_zulu);
2022
2023 case vtype_todlf: /* Log file datestamp tod */
2024 return tod_stamp(tod_log_datestamp_daily);
2025
2026 case vtype_reply: /* Get reply address */
2027 s = find_header(US"reply-to:", newsize,
2028 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2029 headers_charset);
2030 if (s) while (isspace(*s)) s++;
2031 if (!s || !*s)
2032 {
2033 *newsize = 0; /* For the *s==0 case */
2034 s = find_header(US"from:", newsize,
2035 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2036 headers_charset);
2037 }
2038 if (s)
2039 {
2040 uschar *t;
2041 while (isspace(*s)) s++;
2042 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
2043 while (t > s && isspace(t[-1])) t--;
2044 *t = 0;
2045 }
2046 return s ? s : US"";
2047
2048 case vtype_string_func:
2049 {
2050 stringptr_fn_t * fn = (stringptr_fn_t *) val;
2051 return fn();
2052 }
2053
2054 case vtype_pspace:
2055 {
2056 int inodes;
2057 sprintf(CS var_buffer, PR_EXIM_ARITH,
2058 receive_statvfs(val == (void *)TRUE, &inodes));
2059 }
2060 return var_buffer;
2061
2062 case vtype_pinodes:
2063 {
2064 int inodes;
2065 (void) receive_statvfs(val == (void *)TRUE, &inodes);
2066 sprintf(CS var_buffer, "%d", inodes);
2067 }
2068 return var_buffer;
2069
2070 case vtype_cert:
2071 return *(void **)val ? US"<cert>" : US"";
2072
2073 #ifndef DISABLE_DKIM
2074 case vtype_dkim:
2075 return dkim_exim_expand_query((int)(long)val);
2076 #endif
2077
2078 }
2079
2080 return NULL; /* Unknown variable. Silences static checkers. */
2081 }
2082
2083
2084
2085
2086 void
2087 modify_variable(uschar *name, void * value)
2088 {
2089 var_entry * vp;
2090 if ((vp = find_var_ent(name))) vp->value = value;
2091 return; /* Unknown variable name, fail silently */
2092 }
2093
2094
2095
2096
2097
2098
2099 /*************************************************
2100 * Read and expand substrings *
2101 *************************************************/
2102
2103 /* This function is called to read and expand argument substrings for various
2104 expansion items. Some have a minimum requirement that is less than the maximum;
2105 in these cases, the first non-present one is set to NULL.
2106
2107 Arguments:
2108 sub points to vector of pointers to set
2109 n maximum number of substrings
2110 m minimum required
2111 sptr points to current string pointer
2112 skipping the skipping flag
2113 check_end if TRUE, check for final '}'
2114 name name of item, for error message
2115 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2116 the store.
2117
2118 Returns: 0 OK; string pointer updated
2119 1 curly bracketing error (too few arguments)
2120 2 too many arguments (only if check_end is set); message set
2121 3 other error (expansion failure)
2122 */
2123
2124 static int
2125 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2126 BOOL check_end, uschar *name, BOOL *resetok)
2127 {
2128 const uschar *s = *sptr;
2129
2130 while (isspace(*s)) s++;
2131 for (int i = 0; i < n; i++)
2132 {
2133 if (*s != '{')
2134 {
2135 if (i < m)
2136 {
2137 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2138 "(min is %d)", name, m);
2139 return 1;
2140 }
2141 sub[i] = NULL;
2142 break;
2143 }
2144 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2145 return 3;
2146 if (*s++ != '}') return 1;
2147 while (isspace(*s)) s++;
2148 }
2149 if (check_end && *s++ != '}')
2150 {
2151 if (s[-1] == '{')
2152 {
2153 expand_string_message = string_sprintf("Too many arguments for '%s' "
2154 "(max is %d)", name, n);
2155 return 2;
2156 }
2157 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2158 return 1;
2159 }
2160
2161 *sptr = s;
2162 return 0;
2163 }
2164
2165
2166
2167
2168 /*************************************************
2169 * Elaborate message for bad variable *
2170 *************************************************/
2171
2172 /* For the "unknown variable" message, take a look at the variable's name, and
2173 give additional information about possible ACL variables. The extra information
2174 is added on to expand_string_message.
2175
2176 Argument: the name of the variable
2177 Returns: nothing
2178 */
2179
2180 static void
2181 check_variable_error_message(uschar *name)
2182 {
2183 if (Ustrncmp(name, "acl_", 4) == 0)
2184 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2185 (name[4] == 'c' || name[4] == 'm')?
2186 (isalpha(name[5])?
2187 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2188 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2189 ) :
2190 US"user-defined ACL variables must start acl_c or acl_m");
2191 }
2192
2193
2194
2195 /*
2196 Load args from sub array to globals, and call acl_check().
2197 Sub array will be corrupted on return.
2198
2199 Returns: OK access is granted by an ACCEPT verb
2200 DISCARD access is (apparently) granted by a DISCARD verb
2201 FAIL access is denied
2202 FAIL_DROP access is denied; drop the connection
2203 DEFER can't tell at the moment
2204 ERROR disaster
2205 */
2206 static int
2207 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2208 {
2209 int i;
2210 int sav_narg = acl_narg;
2211 int ret;
2212 uschar * dummy_logmsg;
2213 extern int acl_where;
2214
2215 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2216 for (i = 0; i < nsub && sub[i+1]; i++)
2217 {
2218 uschar * tmp = acl_arg[i];
2219 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2220 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2221 }
2222 acl_narg = i;
2223 while (i < nsub)
2224 {
2225 sub[i+1] = acl_arg[i];
2226 acl_arg[i++] = NULL;
2227 }
2228
2229 DEBUG(D_expand)
2230 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2231 sub[0],
2232 acl_narg>0 ? acl_arg[0] : US"<none>",
2233 acl_narg>1 ? " +more" : "");
2234
2235 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2236
2237 for (i = 0; i < nsub; i++)
2238 acl_arg[i] = sub[i+1]; /* restore old args */
2239 acl_narg = sav_narg;
2240
2241 return ret;
2242 }
2243
2244
2245
2246
2247 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2248 The given string is modified on return. Leading whitespace is skipped while
2249 looking for the opening wrap character, then the rest is scanned for the trailing
2250 (non-escaped) wrap character. A backslash in the string will act as an escape.
2251
2252 A nul is written over the trailing wrap, and a pointer to the char after the
2253 leading wrap is returned.
2254
2255 Arguments:
2256 s String for de-wrapping
2257 wrap Two-char string, the first being the opener, second the closer wrapping
2258 character
2259 Return:
2260 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2261 */
2262
2263 static uschar *
2264 dewrap(uschar * s, const uschar * wrap)
2265 {
2266 uschar * p = s;
2267 unsigned depth = 0;
2268 BOOL quotesmode = wrap[0] == wrap[1];
2269
2270 while (isspace(*p)) p++;
2271
2272 if (*p == *wrap)
2273 {
2274 s = ++p;
2275 wrap++;
2276 while (*p)
2277 {
2278 if (*p == '\\') p++;
2279 else if (!quotesmode && *p == wrap[-1]) depth++;
2280 else if (*p == *wrap)
2281 if (depth == 0)
2282 {
2283 *p = '\0';
2284 return s;
2285 }
2286 else
2287 depth--;
2288 p++;
2289 }
2290 }
2291 expand_string_message = string_sprintf("missing '%c'", *wrap);
2292 return NULL;
2293 }
2294
2295
2296 /* Pull off the leading array or object element, returning
2297 a copy in an allocated string. Update the list pointer.
2298
2299 The element may itself be an abject or array.
2300 Return NULL when the list is empty.
2301 */
2302
2303 static uschar *
2304 json_nextinlist(const uschar ** list)
2305 {
2306 unsigned array_depth = 0, object_depth = 0;
2307 const uschar * s = *list, * item;
2308
2309 while (isspace(*s)) s++;
2310
2311 for (item = s;
2312 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2313 s++)
2314 switch (*s)
2315 {
2316 case '[': array_depth++; break;
2317 case ']': array_depth--; break;
2318 case '{': object_depth++; break;
2319 case '}': object_depth--; break;
2320 }
2321 *list = *s ? s+1 : s;
2322 if (item == s) return NULL;
2323 item = string_copyn(item, s - item);
2324 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2325 return US item;
2326 }
2327
2328
2329
2330 /************************************************/
2331 /* Return offset in ops table, or -1 if not found.
2332 Repoint to just after the operator in the string.
2333
2334 Argument:
2335 ss string representation of operator
2336 opname split-out operator name
2337 */
2338
2339 static int
2340 identify_operator(const uschar ** ss, uschar ** opname)
2341 {
2342 const uschar * s = *ss;
2343 uschar name[256];
2344
2345 /* Numeric comparisons are symbolic */
2346
2347 if (*s == '=' || *s == '>' || *s == '<')
2348 {
2349 int p = 0;
2350 name[p++] = *s++;
2351 if (*s == '=')
2352 {
2353 name[p++] = '=';
2354 s++;
2355 }
2356 name[p] = 0;
2357 }
2358
2359 /* All other conditions are named */
2360
2361 else
2362 s = read_name(name, sizeof(name), s, US"_");
2363 *ss = s;
2364
2365 /* If we haven't read a name, it means some non-alpha character is first. */
2366
2367 if (!name[0])
2368 {
2369 expand_string_message = string_sprintf("condition name expected, "
2370 "but found \"%.16s\"", s);
2371 return -1;
2372 }
2373 if (opname)
2374 *opname = string_copy(name);
2375
2376 return chop_match(name, cond_table, nelem(cond_table));
2377 }
2378
2379
2380 /*************************************************
2381 * Handle MD5 or SHA-1 computation for HMAC *
2382 *************************************************/
2383
2384 /* These are some wrapping functions that enable the HMAC code to be a bit
2385 cleaner. A good compiler will spot the tail recursion.
2386
2387 Arguments:
2388 type HMAC_MD5 or HMAC_SHA1
2389 remaining are as for the cryptographic hash functions
2390
2391 Returns: nothing
2392 */
2393
2394 static void
2395 chash_start(int type, void * base)
2396 {
2397 if (type == HMAC_MD5)
2398 md5_start((md5 *)base);
2399 else
2400 sha1_start((hctx *)base);
2401 }
2402
2403 static void
2404 chash_mid(int type, void * base, const uschar * string)
2405 {
2406 if (type == HMAC_MD5)
2407 md5_mid((md5 *)base, string);
2408 else
2409 sha1_mid((hctx *)base, string);
2410 }
2411
2412 static void
2413 chash_end(int type, void * base, const uschar * string, int length,
2414 uschar * digest)
2415 {
2416 if (type == HMAC_MD5)
2417 md5_end((md5 *)base, string, length, digest);
2418 else
2419 sha1_end((hctx *)base, string, length, digest);
2420 }
2421
2422
2423
2424
2425 /* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as
2426 the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer.
2427
2428 Arguments:
2429 key encoding key, nul-terminated
2430 src data to be hashed, nul-terminated
2431 buf output buffer
2432 len size of output buffer
2433 */
2434
2435 static void
2436 hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len)
2437 {
2438 md5 md5_base;
2439 const uschar * keyptr;
2440 uschar * p;
2441 unsigned int keylen;
2442
2443 #define MD5_HASHLEN 16
2444 #define MD5_HASHBLOCKLEN 64
2445
2446 uschar keyhash[MD5_HASHLEN];
2447 uschar innerhash[MD5_HASHLEN];
2448 uschar finalhash[MD5_HASHLEN];
2449 uschar innerkey[MD5_HASHBLOCKLEN];
2450 uschar outerkey[MD5_HASHBLOCKLEN];
2451
2452 keyptr = key;
2453 keylen = Ustrlen(keyptr);
2454
2455 /* If the key is longer than the hash block length, then hash the key
2456 first */
2457
2458 if (keylen > MD5_HASHBLOCKLEN)
2459 {
2460 chash_start(HMAC_MD5, &md5_base);
2461 chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash);
2462 keyptr = keyhash;
2463 keylen = MD5_HASHLEN;
2464 }
2465
2466 /* Now make the inner and outer key values */
2467
2468 memset(innerkey, 0x36, MD5_HASHBLOCKLEN);
2469 memset(outerkey, 0x5c, MD5_HASHBLOCKLEN);
2470
2471 for (int i = 0; i < keylen; i++)
2472 {
2473 innerkey[i] ^= keyptr[i];
2474 outerkey[i] ^= keyptr[i];
2475 }
2476
2477 /* Now do the hashes */
2478
2479 chash_start(HMAC_MD5, &md5_base);
2480 chash_mid(HMAC_MD5, &md5_base, innerkey);
2481 chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash);
2482
2483 chash_start(HMAC_MD5, &md5_base);
2484 chash_mid(HMAC_MD5, &md5_base, outerkey);
2485 chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash);
2486
2487 /* Encode the final hash as a hex string, limited by output buffer size */
2488
2489 p = buf;
2490 for (int i = 0, j = len; i < MD5_HASHLEN; i++)
2491 {
2492 if (j-- <= 0) break;
2493 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2494 if (j-- <= 0) break;
2495 *p++ = hex_digits[finalhash[i] & 0x0f];
2496 }
2497 return;
2498 }
2499
2500
2501 /*************************************************
2502 * Read and evaluate a condition *
2503 *************************************************/
2504
2505 /*
2506 Arguments:
2507 s points to the start of the condition text
2508 resetok points to a BOOL which is written false if it is unsafe to
2509 free memory. Certain condition types (acl) may have side-effect
2510 allocation which must be preserved.
2511 yield points to a BOOL to hold the result of the condition test;
2512 if NULL, we are just reading through a condition that is
2513 part of an "or" combination to check syntax, or in a state
2514 where the answer isn't required
2515
2516 Returns: a pointer to the first character after the condition, or
2517 NULL after an error
2518 */
2519
2520 static const uschar *
2521 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2522 {
2523 BOOL testfor = TRUE;
2524 BOOL tempcond, combined_cond;
2525 BOOL *subcondptr;
2526 BOOL sub2_honour_dollar = TRUE;
2527 BOOL is_forany, is_json, is_jsons;
2528 int rc, cond_type, roffset;
2529 int_eximarith_t num[2];
2530 struct stat statbuf;
2531 uschar * opname;
2532 uschar name[256];
2533 const uschar *sub[10];
2534
2535 const pcre *re;
2536 const uschar *rerror;
2537
2538 for (;;)
2539 {
2540 while (isspace(*s)) s++;
2541 if (*s == '!') { testfor = !testfor; s++; } else break;
2542 }
2543
2544 switch(cond_type = identify_operator(&s, &opname))
2545 {
2546 /* def: tests for a non-empty variable, or for the existence of a header. If
2547 yield == NULL we are in a skipping state, and don't care about the answer. */
2548
2549 case ECOND_DEF:
2550 {
2551 uschar * t;
2552
2553 if (*s != ':')
2554 {
2555 expand_string_message = US"\":\" expected after \"def\"";
2556 return NULL;
2557 }
2558
2559 s = read_name(name, sizeof(name), s+1, US"_");
2560
2561 /* Test for a header's existence. If the name contains a closing brace
2562 character, this may be a user error where the terminating colon has been
2563 omitted. Set a flag to adjust a subsequent error message in this case. */
2564
2565 if ( ( *(t = name) == 'h'
2566 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2567 )
2568 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2569 )
2570 {
2571 s = read_header_name(name, sizeof(name), s);
2572 /* {-for-text-editors */
2573 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2574 if (yield) *yield =
2575 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2576 }
2577
2578 /* Test for a variable's having a non-empty value. A non-existent variable
2579 causes an expansion failure. */
2580
2581 else
2582 {
2583 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2584 {
2585 expand_string_message = name[0]
2586 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2587 : US"variable name omitted after \"def:\"";
2588 check_variable_error_message(name);
2589 return NULL;
2590 }
2591 if (yield) *yield = (t[0] != 0) == testfor;
2592 }
2593
2594 return s;
2595 }
2596
2597
2598 /* first_delivery tests for first delivery attempt */
2599
2600 case ECOND_FIRST_DELIVERY:
2601 if (yield) *yield = f.deliver_firsttime == testfor;
2602 return s;
2603
2604
2605 /* queue_running tests for any process started by a queue runner */
2606
2607 case ECOND_QUEUE_RUNNING:
2608 if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor;
2609 return s;
2610
2611
2612 /* exists: tests for file existence
2613 isip: tests for any IP address
2614 isip4: tests for an IPv4 address
2615 isip6: tests for an IPv6 address
2616 pam: does PAM authentication
2617 radius: does RADIUS authentication
2618 ldapauth: does LDAP authentication
2619 pwcheck: does Cyrus SASL pwcheck authentication
2620 */
2621
2622 case ECOND_EXISTS:
2623 case ECOND_ISIP:
2624 case ECOND_ISIP4:
2625 case ECOND_ISIP6:
2626 case ECOND_PAM:
2627 case ECOND_RADIUS:
2628 case ECOND_LDAPAUTH:
2629 case ECOND_PWCHECK:
2630
2631 while (isspace(*s)) s++;
2632 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2633
2634 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2635 if (!sub[0]) return NULL;
2636 /* {-for-text-editors */
2637 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2638
2639 if (!yield) return s; /* No need to run the test if skipping */
2640
2641 switch(cond_type)
2642 {
2643 case ECOND_EXISTS:
2644 if ((expand_forbid & RDO_EXISTS) != 0)
2645 {
2646 expand_string_message = US"File existence tests are not permitted";
2647 return NULL;
2648 }
2649 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2650 break;
2651
2652 case ECOND_ISIP:
2653 case ECOND_ISIP4:
2654 case ECOND_ISIP6:
2655 rc = string_is_ip_address(sub[0], NULL);
2656 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2657 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2658 break;
2659
2660 /* Various authentication tests - all optionally compiled */
2661
2662 case ECOND_PAM:
2663 #ifdef SUPPORT_PAM
2664 rc = auth_call_pam(sub[0], &expand_string_message);
2665 goto END_AUTH;
2666 #else
2667 goto COND_FAILED_NOT_COMPILED;
2668 #endif /* SUPPORT_PAM */
2669
2670 case ECOND_RADIUS:
2671 #ifdef RADIUS_CONFIG_FILE
2672 rc = auth_call_radius(sub[0], &expand_string_message);
2673 goto END_AUTH;
2674 #else
2675 goto COND_FAILED_NOT_COMPILED;
2676 #endif /* RADIUS_CONFIG_FILE */
2677
2678 case ECOND_LDAPAUTH:
2679 #ifdef LOOKUP_LDAP
2680 {
2681 /* Just to keep the interface the same */
2682 BOOL do_cache;
2683 int old_pool = store_pool;
2684 store_pool = POOL_SEARCH;
2685 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2686 &expand_string_message, &do_cache);
2687 store_pool = old_pool;
2688 }
2689 goto END_AUTH;
2690 #else
2691 goto COND_FAILED_NOT_COMPILED;
2692 #endif /* LOOKUP_LDAP */
2693
2694 case ECOND_PWCHECK:
2695 #ifdef CYRUS_PWCHECK_SOCKET
2696 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2697 goto END_AUTH;
2698 #else
2699 goto COND_FAILED_NOT_COMPILED;
2700 #endif /* CYRUS_PWCHECK_SOCKET */
2701
2702 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2703 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2704 END_AUTH:
2705 if (rc == ERROR || rc == DEFER) return NULL;
2706 *yield = (rc == OK) == testfor;
2707 #endif
2708 }
2709 return s;
2710
2711
2712 /* call ACL (in a conditional context). Accept true, deny false.
2713 Defer is a forced-fail. Anything set by message= goes to $value.
2714 Up to ten parameters are used; we use the braces round the name+args
2715 like the saslauthd condition does, to permit a variable number of args.
2716 See also the expansion-item version EITEM_ACL and the traditional
2717 acl modifier ACLC_ACL.
2718 Since the ACL may allocate new global variables, tell our caller to not
2719 reclaim memory.
2720 */
2721
2722 case ECOND_ACL:
2723 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2724 {
2725 uschar *sub[10];
2726 uschar *user_msg;
2727 BOOL cond = FALSE;
2728
2729 while (isspace(*s)) s++;
2730 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2731
2732 switch(read_subs(sub, nelem(sub), 1,
2733 &s, yield == NULL, TRUE, US"acl", resetok))
2734 {
2735 case 1: expand_string_message = US"too few arguments or bracketing "
2736 "error for acl";
2737 case 2:
2738 case 3: return NULL;
2739 }
2740
2741 if (yield)
2742 {
2743 int rc;
2744 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2745 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
2746 {
2747 case OK:
2748 cond = TRUE;
2749 case FAIL:
2750 lookup_value = NULL;
2751 if (user_msg)
2752 lookup_value = string_copy(user_msg);
2753 *yield = cond == testfor;
2754 break;
2755
2756 case DEFER:
2757 f.expand_string_forcedfail = TRUE;
2758 /*FALLTHROUGH*/
2759 default:
2760 expand_string_message = string_sprintf("%s from acl \"%s\"",
2761 rc_names[rc], sub[0]);
2762 return NULL;
2763 }
2764 }
2765 return s;
2766 }
2767
2768
2769 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2770
2771 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2772
2773 However, the last two are optional. That is why the whole set is enclosed
2774 in their own set of braces. */
2775
2776 case ECOND_SASLAUTHD:
2777 #ifndef CYRUS_SASLAUTHD_SOCKET
2778 goto COND_FAILED_NOT_COMPILED;
2779 #else
2780 {
2781 uschar *sub[4];
2782 while (isspace(*s)) s++;
2783 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2784 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2785 resetok))
2786 {
2787 case 1: expand_string_message = US"too few arguments or bracketing "
2788 "error for saslauthd";
2789 case 2:
2790 case 3: return NULL;
2791 }
2792 if (!sub[2]) sub[3] = NULL; /* realm if no service */
2793 if (yield)
2794 {
2795 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2796 &expand_string_message);
2797 if (rc == ERROR || rc == DEFER) return NULL;
2798 *yield = (rc == OK) == testfor;
2799 }
2800 return s;
2801 }
2802 #endif /* CYRUS_SASLAUTHD_SOCKET */
2803
2804
2805 /* symbolic operators for numeric and string comparison, and a number of
2806 other operators, all requiring two arguments.
2807
2808 crypteq: encrypts plaintext and compares against an encrypted text,
2809 using crypt(), crypt16(), MD5 or SHA-1
2810 inlist/inlisti: checks if first argument is in the list of the second
2811 match: does a regular expression match and sets up the numerical
2812 variables if it succeeds
2813 match_address: matches in an address list
2814 match_domain: matches in a domain list
2815 match_ip: matches a host list that is restricted to IP addresses
2816 match_local_part: matches in a local part list
2817 */
2818
2819 case ECOND_MATCH_ADDRESS:
2820 case ECOND_MATCH_DOMAIN:
2821 case ECOND_MATCH_IP:
2822 case ECOND_MATCH_LOCAL_PART:
2823 #ifndef EXPAND_LISTMATCH_RHS
2824 sub2_honour_dollar = FALSE;
2825 #endif
2826 /* FALLTHROUGH */
2827
2828 case ECOND_CRYPTEQ:
2829 case ECOND_INLIST:
2830 case ECOND_INLISTI:
2831 case ECOND_MATCH:
2832
2833 case ECOND_NUM_L: /* Numerical comparisons */
2834 case ECOND_NUM_LE:
2835 case ECOND_NUM_E:
2836 case ECOND_NUM_EE:
2837 case ECOND_NUM_G:
2838 case ECOND_NUM_GE:
2839
2840 case ECOND_STR_LT: /* String comparisons */
2841 case ECOND_STR_LTI:
2842 case ECOND_STR_LE:
2843 case ECOND_STR_LEI:
2844 case ECOND_STR_EQ:
2845 case ECOND_STR_EQI:
2846 case ECOND_STR_GT:
2847 case ECOND_STR_GTI:
2848 case ECOND_STR_GE:
2849 case ECOND_STR_GEI:
2850
2851 for (int i = 0; i < 2; i++)
2852 {
2853 /* Sometimes, we don't expand substrings; too many insecure configurations
2854 created using match_address{}{} and friends, where the second param
2855 includes information from untrustworthy sources. */
2856 BOOL honour_dollar = TRUE;
2857 if ((i > 0) && !sub2_honour_dollar)
2858 honour_dollar = FALSE;
2859
2860 while (isspace(*s)) s++;
2861 if (*s != '{')
2862 {
2863 if (i == 0) goto COND_FAILED_CURLY_START;
2864 expand_string_message = string_sprintf("missing 2nd string in {} "
2865 "after \"%s\"", opname);
2866 return NULL;
2867 }
2868 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2869 honour_dollar, resetok)))
2870 return NULL;
2871 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2872 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2873 " for security reasons\n");
2874 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2875
2876 /* Convert to numerical if required; we know that the names of all the
2877 conditions that compare numbers do not start with a letter. This just saves
2878 checking for them individually. */
2879
2880 if (!isalpha(opname[0]) && yield)
2881 if (sub[i][0] == 0)
2882 {
2883 num[i] = 0;
2884 DEBUG(D_expand)
2885 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2886 }
2887 else
2888 {
2889 num[i] = expanded_string_integer(sub[i], FALSE);
2890 if (expand_string_message) return NULL;
2891 }
2892 }
2893
2894 /* Result not required */
2895
2896 if (!yield) return s;
2897
2898 /* Do an appropriate comparison */
2899
2900 switch(cond_type)
2901 {
2902 case ECOND_NUM_E:
2903 case ECOND_NUM_EE:
2904 tempcond = (num[0] == num[1]);
2905 break;
2906
2907 case ECOND_NUM_G:
2908 tempcond = (num[0] > num[1]);
2909 break;
2910
2911 case ECOND_NUM_GE:
2912 tempcond = (num[0] >= num[1]);
2913 break;
2914
2915 case ECOND_NUM_L:
2916 tempcond = (num[0] < num[1]);
2917 break;
2918
2919 case ECOND_NUM_LE:
2920 tempcond = (num[0] <= num[1]);
2921 break;
2922
2923 case ECOND_STR_LT:
2924 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2925 break;
2926
2927 case ECOND_STR_LTI:
2928 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2929 break;
2930
2931 case ECOND_STR_LE:
2932 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2933 break;
2934
2935 case ECOND_STR_LEI:
2936 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2937 break;
2938
2939 case ECOND_STR_EQ:
2940 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2941 break;
2942
2943 case ECOND_STR_EQI:
2944 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2945 break;
2946
2947 case ECOND_STR_GT:
2948 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2949 break;
2950
2951 case ECOND_STR_GTI:
2952 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2953 break;
2954
2955 case ECOND_STR_GE:
2956 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2957 break;
2958
2959 case ECOND_STR_GEI:
2960 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2961 break;
2962
2963 case ECOND_MATCH: /* Regular expression match */
2964 if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
2965 &roffset, NULL)))
2966 {
2967 expand_string_message = string_sprintf("regular expression error in "
2968 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2969 return NULL;
2970 }
2971 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2972 break;
2973
2974 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2975 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2976 goto MATCHED_SOMETHING;
2977
2978 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2979 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2980 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2981 goto MATCHED_SOMETHING;
2982
2983 case ECOND_MATCH_IP: /* Match IP address in a host list */
2984 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2985 {
2986 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2987 sub[0]);
2988 return NULL;
2989 }
2990 else
2991 {
2992 unsigned int *nullcache = NULL;
2993 check_host_block cb;
2994
2995 cb.host_name = US"";
2996 cb.host_address = sub[0];
2997
2998 /* If the host address starts off ::ffff: it is an IPv6 address in
2999 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
3000 addresses. */
3001
3002 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
3003 cb.host_address + 7 : cb.host_address;
3004
3005 rc = match_check_list(
3006 &sub[1], /* the list */
3007 0, /* separator character */
3008 &hostlist_anchor, /* anchor pointer */
3009 &nullcache, /* cache pointer */
3010 check_host, /* function for testing */
3011 &cb, /* argument for function */
3012 MCL_HOST, /* type of check */
3013 sub[0], /* text for debugging */
3014 NULL); /* where to pass back data */
3015 }
3016 goto MATCHED_SOMETHING;
3017
3018 case ECOND_MATCH_LOCAL_PART:
3019 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
3020 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
3021 /* Fall through */
3022 /* VVVVVVVVVVVV */
3023 MATCHED_SOMETHING:
3024 switch(rc)
3025 {
3026 case OK:
3027 tempcond = TRUE;
3028 break;
3029
3030 case FAIL:
3031 tempcond = FALSE;
3032 break;
3033
3034 case DEFER:
3035 expand_string_message = string_sprintf("unable to complete match "
3036 "against \"%s\": %s", sub[1], search_error_message);
3037 return NULL;
3038 }
3039
3040 break;
3041
3042 /* Various "encrypted" comparisons. If the second string starts with
3043 "{" then an encryption type is given. Default to crypt() or crypt16()
3044 (build-time choice). */
3045 /* }-for-text-editors */
3046
3047 case ECOND_CRYPTEQ:
3048 #ifndef SUPPORT_CRYPTEQ
3049 goto COND_FAILED_NOT_COMPILED;
3050 #else
3051 if (strncmpic(sub[1], US"{md5}", 5) == 0)
3052 {
3053 int sublen = Ustrlen(sub[1]+5);
3054 md5 base;
3055 uschar digest[16];
3056
3057 md5_start(&base);
3058 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
3059
3060 /* If the length that we are comparing against is 24, the MD5 digest
3061 is expressed as a base64 string. This is the way LDAP does it. However,
3062 some other software uses a straightforward hex representation. We assume
3063 this if the length is 32. Other lengths fail. */
3064
3065 if (sublen == 24)
3066 {
3067 uschar *coded = b64encode(CUS digest, 16);
3068 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
3069 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3070 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
3071 }
3072 else if (sublen == 32)
3073 {
3074 uschar coded[36];
3075 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3076 coded[32] = 0;
3077 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
3078 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3079 tempcond = (strcmpic(coded, sub[1]+5) == 0);
3080 }
3081 else
3082 {
3083 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
3084 "fail\n crypted=%s\n", sub[1]+5);
3085 tempcond = FALSE;
3086 }
3087 }
3088
3089 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
3090 {
3091 int sublen = Ustrlen(sub[1]+6);
3092 hctx h;
3093 uschar digest[20];
3094
3095 sha1_start(&h);
3096 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
3097
3098 /* If the length that we are comparing against is 28, assume the SHA1
3099 digest is expressed as a base64 string. If the length is 40, assume a
3100 straightforward hex representation. Other lengths fail. */
3101
3102 if (sublen == 28)
3103 {
3104 uschar *coded = b64encode(CUS digest, 20);
3105 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
3106 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3107 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
3108 }
3109 else if (sublen == 40)
3110 {
3111 uschar coded[44];
3112 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3113 coded[40] = 0;
3114 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
3115 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3116 tempcond = (strcmpic(coded, sub[1]+6) == 0);
3117 }
3118 else
3119 {
3120 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
3121 "fail\n crypted=%s\n", sub[1]+6);
3122 tempcond = FALSE;
3123 }
3124 }
3125
3126 else /* {crypt} or {crypt16} and non-{ at start */
3127 /* }-for-text-editors */
3128 {
3129 int which = 0;
3130 uschar *coded;
3131
3132 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
3133 {
3134 sub[1] += 7;
3135 which = 1;
3136 }
3137 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
3138 {
3139 sub[1] += 9;
3140 which = 2;
3141 }
3142 else if (sub[1][0] == '{') /* }-for-text-editors */
3143 {
3144 expand_string_message = string_sprintf("unknown encryption mechanism "
3145 "in \"%s\"", sub[1]);
3146 return NULL;
3147 }
3148
3149 switch(which)
3150 {
3151 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
3152 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
3153 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
3154 }
3155
3156 #define STR(s) # s
3157 #define XSTR(s) STR(s)
3158 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
3159 " subject=%s\n crypted=%s\n",
3160 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
3161 coded, sub[1]);
3162 #undef STR
3163 #undef XSTR
3164
3165 /* If the encrypted string contains fewer than two characters (for the
3166 salt), force failure. Otherwise we get false positives: with an empty
3167 string the yield of crypt() is an empty string! */
3168
3169 if (coded)
3170 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
3171 else if (errno == EINVAL)
3172 tempcond = FALSE;
3173 else
3174 {
3175 expand_string_message = string_sprintf("crypt error: %s\n",
3176 US strerror(errno));
3177 return NULL;
3178 }
3179 }
3180 break;
3181 #endif /* SUPPORT_CRYPTEQ */
3182
3183 case ECOND_INLIST:
3184 case ECOND_INLISTI:
3185 {
3186 const uschar * list = sub[1];
3187 int sep = 0;
3188 uschar *save_iterate_item = iterate_item;
3189 int (*compare)(const uschar *, const uschar *);
3190
3191 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
3192
3193 tempcond = FALSE;
3194 compare = cond_type == ECOND_INLISTI
3195 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
3196
3197 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
3198 {
3199 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
3200 if (compare(sub[0], iterate_item) == 0)
3201 {
3202 tempcond = TRUE;
3203 break;
3204 }
3205 }
3206 iterate_item = save_iterate_item;
3207 }
3208
3209 } /* Switch for comparison conditions */
3210
3211 *yield = tempcond == testfor;
3212 return s; /* End of comparison conditions */
3213
3214
3215 /* and/or: computes logical and/or of several conditions */
3216
3217 case ECOND_AND:
3218 case ECOND_OR:
3219 subcondptr = (yield == NULL) ? NULL : &tempcond;
3220 combined_cond = (cond_type == ECOND_AND);
3221
3222 while (isspace(*s)) s++;
3223 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3224
3225 for (;;)
3226 {
3227 while (isspace(*s)) s++;
3228 /* {-for-text-editors */
3229 if (*s == '}') break;
3230 if (*s != '{') /* }-for-text-editors */
3231 {
3232 expand_string_message = string_sprintf("each subcondition "
3233 "inside an \"%s{...}\" condition must be in its own {}", opname);
3234 return NULL;
3235 }
3236
3237 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3238 {
3239 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3240 expand_string_message, opname);
3241 return NULL;
3242 }
3243 while (isspace(*s)) s++;
3244
3245 /* {-for-text-editors */
3246 if (*s++ != '}')
3247 {
3248 /* {-for-text-editors */
3249 expand_string_message = string_sprintf("missing } at end of condition "
3250 "inside \"%s\" group", opname);
3251 return NULL;
3252 }
3253
3254 if (yield)
3255 if (cond_type == ECOND_AND)
3256 {
3257 combined_cond &= tempcond;
3258 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3259 } /* evaluate any more */
3260 else
3261 {
3262 combined_cond |= tempcond;
3263 if (combined_cond) subcondptr = NULL; /* once true, don't */
3264 } /* evaluate any more */
3265 }
3266
3267 if (yield) *yield = (combined_cond == testfor);
3268 return ++s;
3269
3270
3271 /* forall/forany: iterates a condition with different values */
3272
3273 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3274 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3275 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3276 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3277 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3278 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3279
3280 FORMANY:
3281 {
3282 const uschar * list;
3283 int sep = 0;
3284 uschar *save_iterate_item = iterate_item;
3285
3286 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
3287
3288 while (isspace(*s)) s++;
3289 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3290 if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok)))
3291 return NULL;
3292 /* {-for-text-editors */
3293 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3294
3295 while (isspace(*s)) s++;
3296 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3297
3298 sub[1] = s;
3299
3300 /* Call eval_condition once, with result discarded (as if scanning a
3301 "false" part). This allows us to find the end of the condition, because if
3302 the list it empty, we won't actually evaluate the condition for real. */
3303
3304 if (!(s = eval_condition(sub[1], resetok, NULL)))
3305 {
3306 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3307 expand_string_message, opname);
3308 return NULL;
3309 }
3310 while (isspace(*s)) s++;
3311
3312 /* {-for-text-editors */
3313 if (*s++ != '}')
3314 {
3315 /* {-for-text-editors */
3316 expand_string_message = string_sprintf("missing } at end of condition "
3317 "inside \"%s\"", opname);
3318 return NULL;
3319 }
3320
3321 if (yield) *yield = !testfor;
3322 list = sub[0];
3323 if (is_json) list = dewrap(string_copy(list), US"[]");
3324 while ((iterate_item = is_json
3325 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3326 {
3327 if (is_jsons)
3328 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3329 {
3330 expand_string_message =
3331 string_sprintf("%s wrapping string result for extract jsons",
3332 expand_string_message);
3333 iterate_item = save_iterate_item;
3334 return NULL;
3335 }
3336
3337 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", opname, iterate_item);
3338 if (!eval_condition(sub[1], resetok, &tempcond))
3339 {
3340 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3341 expand_string_message, opname);
3342 iterate_item = save_iterate_item;
3343 return NULL;
3344 }
3345 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
3346 tempcond? "true":"false");
3347
3348 if (yield) *yield = (tempcond == testfor);
3349 if (tempcond == is_forany) break;
3350 }
3351
3352 iterate_item = save_iterate_item;
3353 return s;
3354 }
3355
3356
3357 /* The bool{} expansion condition maps a string to boolean.
3358 The values supported should match those supported by the ACL condition
3359 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3360 of true/false. Note that Router "condition" rules have a different
3361 interpretation, where general data can be used and only a few values
3362 map to FALSE.
3363 Note that readconf.c boolean matching, for boolean configuration options,
3364 only matches true/yes/false/no.
3365 The bool_lax{} condition matches the Router logic, which is much more
3366 liberal. */
3367 case ECOND_BOOL:
3368 case ECOND_BOOL_LAX:
3369 {
3370 uschar *sub_arg[1];
3371 uschar *t, *t2;
3372 uschar *ourname;
3373 size_t len;
3374 BOOL boolvalue = FALSE;
3375 while (isspace(*s)) s++;
3376 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3377 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3378 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3379 {
3380 case 1: expand_string_message = string_sprintf(
3381 "too few arguments or bracketing error for %s",
3382 ourname);
3383 /*FALLTHROUGH*/
3384 case 2:
3385 case 3: return NULL;
3386 }
3387 t = sub_arg[0];
3388 while (isspace(*t)) t++;
3389 len = Ustrlen(t);
3390 if (len)
3391 {
3392 /* trailing whitespace: seems like a good idea to ignore it too */
3393 t2 = t + len - 1;
3394 while (isspace(*t2)) t2--;
3395 if (t2 != (t + len))
3396 {
3397 *++t2 = '\0';
3398 len = t2 - t;
3399 }
3400 }
3401 DEBUG(D_expand)
3402 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3403 /* logic for the lax case from expand_check_condition(), which also does
3404 expands, and the logic is both short and stable enough that there should
3405 be no maintenance burden from replicating it. */
3406 if (len == 0)
3407 boolvalue = FALSE;
3408 else if (*t == '-'
3409 ? Ustrspn(t+1, "0123456789") == len-1
3410 : Ustrspn(t, "0123456789") == len)
3411 {
3412 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3413 /* expand_check_condition only does a literal string "0" check */
3414 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3415 boolvalue = TRUE;
3416 }
3417 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3418 boolvalue = TRUE;
3419 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3420 boolvalue = FALSE;
3421 else if (cond_type == ECOND_BOOL_LAX)
3422 boolvalue = TRUE;
3423 else
3424 {
3425 expand_string_message = string_sprintf("unrecognised boolean "
3426 "value \"%s\"", t);
3427 return NULL;
3428 }
3429 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
3430 boolvalue? "true":"false");
3431 if (yield) *yield = (boolvalue == testfor);
3432 return s;
3433 }
3434
3435 #ifdef EXPERIMENTAL_SRS_NATIVE
3436 case ECOND_INBOUND_SRS:
3437 /* ${if inbound_srs {local_part}{secret} {yes}{no}} */
3438 {
3439 uschar * sub[2];
3440 const pcre * re;
3441 int ovec[3*(4+1)];
3442 int n;
3443 uschar cksum[4];
3444 BOOL boolvalue = FALSE;
3445
3446 switch(read_subs(sub, 2, 2, CUSS &s, yield == NULL, FALSE, US"inbound_srs", resetok))
3447 {
3448 case 1: expand_string_message = US"too few arguments or bracketing "
3449 "error for inbound_srs";
3450 case 2:
3451 case 3: return NULL;
3452 }
3453
3454 /* Match the given local_part against the SRS-encoded pattern */
3455
3456 re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$",
3457 TRUE, FALSE);
3458 if (pcre_exec(re, NULL, CS sub[0], Ustrlen(sub[0]), 0, PCRE_EOPT,
3459 ovec, nelem(ovec)) < 0)
3460 {
3461 DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n");
3462 goto srs_result;
3463 }
3464
3465 /* Side-effect: record the decoded recipient */
3466
3467 srs_recipient = string_sprintf("%.*S@%.*S", /* lowercased */
3468 ovec[9]-ovec[8], sub[0] + ovec[8], /* substring 4 */
3469 ovec[7]-ovec[6], sub[0] + ovec[6]); /* substring 3 */
3470
3471 /* If a zero-length secret was given, we're done. Otherwise carry on
3472 and validate the given SRS local_part againt our secret. */
3473
3474 if (!*sub[1])
3475 {
3476 boolvalue = TRUE;
3477 goto srs_result;
3478 }
3479
3480 /* check the timestamp */
3481 {
3482 struct timeval now;
3483 uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */
3484 long d;
3485
3486 gettimeofday(&now, NULL);
3487 now.tv_sec /= 86400; /* days since epoch */
3488
3489 /* Decode substring 2 from base32 to a number */
3490
3491 for (d = 0, n = ovec[5]-ovec[4]; n; n--)
3492 {
3493 uschar * t = Ustrchr(base32_chars, *ss++);
3494 d = d * 32 + (t - base32_chars);
3495 }
3496
3497 if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */
3498 {
3499 DEBUG(D_expand) debug_printf("SRS too old\n");
3500 goto srs_result;
3501 }
3502 }
3503
3504 /* check length of substring 1, the offered checksum */
3505
3506 if (ovec[3]-ovec[2] != 4)
3507 {
3508 DEBUG(D_expand) debug_printf("SRS checksum wrong size\n");
3509 goto srs_result;
3510 }
3511
3512 /* Hash the address with our secret, and compare that computed checksum
3513 with the one extracted from the arg */
3514
3515 hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum));
3516 if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0)
3517 {
3518 DEBUG(D_expand) debug_printf("SRS checksum mismatch\n");
3519 goto srs_result;
3520 }
3521 boolvalue = TRUE;
3522
3523 srs_result:
3524 if (yield) *yield = (boolvalue == testfor);
3525 return s;
3526 }
3527 #endif /*EXPERIMENTAL_SRS_NATIVE*/
3528
3529 /* Unknown condition */
3530
3531 default:
3532 if (!expand_string_message || !*expand_string_message)
3533 expand_string_message = string_sprintf("unknown condition \"%s\"", opname);
3534 return NULL;
3535 } /* End switch on condition type */
3536
3537 /* Missing braces at start and end of data */
3538
3539 COND_FAILED_CURLY_START:
3540 expand_string_message = string_sprintf("missing { after \"%s\"", opname);
3541 return NULL;
3542
3543 COND_FAILED_CURLY_END:
3544 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3545 opname);
3546 return NULL;
3547
3548 /* A condition requires code that is not compiled */
3549
3550 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3551 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3552 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3553 COND_FAILED_NOT_COMPILED:
3554 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3555 opname);
3556 return NULL;
3557 #endif
3558 }
3559
3560
3561
3562
3563 /*************************************************
3564 * Save numerical variables *
3565 *************************************************/
3566
3567 /* This function is called from items such as "if" that want to preserve and
3568 restore the numbered variables.
3569
3570 Arguments:
3571 save_expand_string points to an array of pointers to set
3572 save_expand_nlength points to an array of ints for the lengths
3573
3574 Returns: the value of expand max to save
3575 */
3576
3577 static int
3578 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3579 {
3580 for (int i = 0; i <= expand_nmax; i++)
3581 {
3582 save_expand_nstring[i] = expand_nstring[i];
3583 save_expand_nlength[i] = expand_nlength[i];
3584 }
3585 return expand_nmax;
3586 }
3587
3588
3589
3590 /*************************************************
3591 * Restore numerical variables *
3592 *************************************************/
3593
3594 /* This function restored saved values of numerical strings.
3595
3596 Arguments:
3597 save_expand_nmax the number of strings to restore
3598 save_expand_string points to an array of pointers
3599 save_expand_nlength points to an array of ints
3600
3601 Returns: nothing
3602 */
3603
3604 static void
3605 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3606 int *save_expand_nlength)
3607 {
3608 expand_nmax = save_expand_nmax;
3609 for (int i = 0; i <= expand_nmax; i++)
3610 {
3611 expand_nstring[i] = save_expand_nstring[i];
3612 expand_nlength[i] = save_expand_nlength[i];
3613 }
3614 }
3615
3616
3617
3618
3619
3620 /*************************************************
3621 * Handle yes/no substrings *
3622 *************************************************/
3623
3624 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3625 alternative substrings that depend on whether or not the condition was true,
3626 or the lookup or extraction succeeded. The substrings always have to be
3627 expanded, to check their syntax, but "skipping" is set when the result is not
3628 needed - this avoids unnecessary nested lookups.
3629
3630 Arguments:
3631 skipping TRUE if we were skipping when this item was reached
3632 yes TRUE if the first string is to be used, else use the second
3633 save_lookup a value to put back into lookup_value before the 2nd expansion
3634 sptr points to the input string pointer
3635 yieldptr points to the output growable-string pointer
3636 type "lookup", "if", "extract", "run", "env", "listextract" or
3637 "certextract" for error message
3638 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3639 the store.
3640
3641 Returns: 0 OK; lookup_value has been reset to save_lookup
3642 1 expansion failed
3643 2 expansion failed because of bracketing error
3644 */
3645
3646 static int
3647 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3648 gstring ** yieldptr, uschar *type, BOOL *resetok)
3649 {
3650 int rc = 0;
3651 const uschar *s = *sptr; /* Local value */
3652 uschar *sub1, *sub2;
3653 const uschar * errwhere;
3654
3655 /* If there are no following strings, we substitute the contents of $value for
3656 lookups and for extractions in the success case. For the ${if item, the string
3657 "true" is substituted. In the fail case, nothing is substituted for all three
3658 items. */
3659
3660 while (isspace(*s)) s++;
3661 if (*s == '}')
3662 {
3663 if (type[0] == 'i')
3664 {
3665 if (yes && !skipping)
3666 *yieldptr = string_catn(*yieldptr, US"true", 4);
3667 }
3668 else
3669 {
3670 if (yes && lookup_value && !skipping)
3671 *yieldptr = string_cat(*yieldptr, lookup_value);
3672 lookup_value = save_lookup;
3673 }
3674 s++;
3675 goto RETURN;
3676 }
3677
3678 /* The first following string must be braced. */
3679
3680 if (*s++ != '{')
3681 {
3682 errwhere = US"'yes' part did not start with '{'";
3683 goto FAILED_CURLY;
3684 }
3685
3686 /* Expand the first substring. Forced failures are noticed only if we actually
3687 want this string. Set skipping in the call in the fail case (this will always
3688 be the case if we were already skipping). */
3689
3690 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
3691 if (sub1 == NULL && (yes || !f.expand_string_forcedfail)) goto FAILED;
3692 f.expand_string_forcedfail = FALSE;
3693 if (*s++ != '}')
3694 {
3695 errwhere = US"'yes' part did not end with '}'";
3696 goto FAILED_CURLY;
3697 }
3698
3699 /* If we want the first string, add it to the output */
3700
3701 if (yes)
3702 *yieldptr = string_cat(*yieldptr, sub1);
3703
3704 /* If this is called from a lookup/env or a (cert)extract, we want to restore
3705 $value to what it was at the start of the item, so that it has this value
3706 during the second string expansion. For the call from "if" or "run" to this
3707 function, save_lookup is set to lookup_value, so that this statement does
3708 nothing. */
3709
3710 lookup_value = save_lookup;
3711
3712 /* There now follows either another substring, or "fail", or nothing. This
3713 time, forced failures are noticed only if we want the second string. We must
3714 set skipping in the nested call if we don't want this string, or if we were
3715 already skipping. */
3716
3717 while (isspace(*s)) s++;
3718 if (*s == '{')
3719 {
3720 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
3721 if (sub2 == NULL && (!yes || !f.expand_string_forcedfail)) goto FAILED;
3722 f.expand_string_forcedfail = FALSE;
3723 if (*s++ != '}')
3724 {
3725 errwhere = US"'no' part did not start with '{'";
3726 goto FAILED_CURLY;
3727 }
3728
3729 /* If we want the second string, add it to the output */
3730
3731 if (!yes)
3732 *yieldptr = string_cat(*yieldptr, sub2);
3733 }
3734
3735 /* If there is no second string, but the word "fail" is present when the use of
3736 the second string is wanted, set a flag indicating it was a forced failure
3737 rather than a syntactic error. Swallow the terminating } in case this is nested
3738 inside another lookup or if or extract. */
3739
3740 else if (*s != '}')
3741 {
3742 uschar name[256];
3743 /* deconst cast ok here as source is s anyway */
3744 s = US read_name(name, sizeof(name), s, US"_");
3745 if (Ustrcmp(name, "fail") == 0)
3746 {
3747 if (!yes && !skipping)
3748 {
3749 while (isspace(*s)) s++;
3750 if (*s++ != '}')
3751 {
3752 errwhere = US"did not close with '}' after forcedfail";
3753 goto FAILED_CURLY;
3754 }
3755 expand_string_message =
3756 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3757 f.expand_string_forcedfail = TRUE;
3758 goto FAILED;
3759 }
3760 }
3761 else
3762 {
3763 expand_string_message =
3764 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3765 goto FAILED;
3766 }
3767 }
3768
3769 /* All we have to do now is to check on the final closing brace. */
3770
3771 while (isspace(*s)) s++;
3772 if (*s++ != '}')
3773 {
3774 errwhere = US"did not close with '}'";
3775 goto FAILED_CURLY;
3776 }
3777
3778
3779 RETURN:
3780 /* Update the input pointer value before returning */
3781 *sptr = s;
3782 return rc;
3783
3784 FAILED_CURLY:
3785 /* Get here if there is a bracketing failure */
3786 expand_string_message = string_sprintf(
3787 "curly-bracket problem in conditional yes/no parsing: %s\n"
3788 " remaining string is '%s'", errwhere, --s);
3789 rc = 2;
3790 goto RETURN;
3791
3792 FAILED:
3793 /* Get here for other failures */
3794 rc = 1;
3795 goto RETURN;
3796 }
3797
3798
3799
3800
3801 /********************************************************
3802 * prvs: Get last three digits of days since Jan 1, 1970 *
3803 ********************************************************/
3804
3805 /* This is needed to implement the "prvs" BATV reverse
3806 path signing scheme
3807
3808 Argument: integer "days" offset to add or substract to
3809 or from the current number of days.
3810
3811 Returns: pointer to string containing the last three
3812 digits of the number of days since Jan 1, 1970,
3813 modified by the offset argument, NULL if there
3814 was an error in the conversion.
3815
3816 */
3817
3818 static uschar *
3819 prvs_daystamp(int day_offset)
3820 {
3821 uschar *days = store_get(32, FALSE); /* Need at least 24 for cases */
3822 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3823 (time(NULL) + day_offset*86400)/86400);
3824 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3825 }
3826
3827
3828
3829 /********************************************************
3830 * prvs: perform HMAC-SHA1 computation of prvs bits *
3831 ********************************************************/
3832
3833 /* This is needed to implement the "prvs" BATV reverse
3834 path signing scheme
3835
3836 Arguments:
3837 address RFC2821 Address to use
3838 key The key to use (must be less than 64 characters
3839 in size)
3840 key_num Single-digit key number to use. Defaults to
3841 '0' when NULL.
3842
3843 Returns: pointer to string containing the first three
3844 bytes of the final hash in hex format, NULL if
3845 there was an error in the process.
3846 */
3847
3848 static uschar *
3849 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3850 {
3851 gstring * hash_source;
3852 uschar * p;
3853 hctx h;
3854 uschar innerhash[20];
3855 uschar finalhash[20];
3856 uschar innerkey[64];
3857 uschar outerkey[64];
3858 uschar *finalhash_hex;
3859
3860 if (!key_num)
3861 key_num = US"0";
3862
3863 if (Ustrlen(key) > 64)
3864 return NULL;
3865
3866 hash_source = string_catn(NULL, key_num, 1);
3867 hash_source = string_catn(hash_source, daystamp, 3);
3868 hash_source = string_cat(hash_source, address);
3869 (void) string_from_gstring(hash_source);
3870
3871 DEBUG(D_expand)
3872 debug_printf_indent("prvs: hash source is '%s'\n", hash_source->s);
3873
3874 memset(innerkey, 0x36, 64);
3875 memset(outerkey, 0x5c, 64);
3876
3877 for (int i = 0; i < Ustrlen(key); i++)
3878 {
3879 innerkey[i] ^= key[i];
3880 outerkey[i] ^= key[i];
3881 }
3882
3883 chash_start(HMAC_SHA1, &h);
3884 chash_mid(HMAC_SHA1, &h, innerkey);
3885 chash_end(HMAC_SHA1, &h, hash_source->s, hash_source->ptr, innerhash);
3886
3887 chash_start(HMAC_SHA1, &h);
3888 chash_mid(HMAC_SHA1, &h, outerkey);
3889 chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash);
3890
3891 /* Hashing is deemed sufficient to de-taint any input data */
3892
3893 p = finalhash_hex = store_get(40, FALSE);
3894 for (int i = 0; i < 3; i++)
3895 {
3896 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3897 *p++ = hex_digits[finalhash[i] & 0x0f];
3898 }
3899 *p = '\0';
3900
3901 return finalhash_hex;
3902 }
3903
3904
3905
3906
3907 /*************************************************
3908 * Join a file onto the output string *
3909 *************************************************/
3910
3911 /* This is used for readfile/readsock and after a run expansion.
3912 It joins the contents of a file onto the output string, globally replacing
3913 newlines with a given string (optionally).
3914
3915 Arguments:
3916 f the FILE
3917 yield pointer to the expandable string struct
3918 eol newline replacement string, or NULL
3919
3920 Returns: new pointer for expandable string, terminated if non-null
3921 */
3922
3923 static gstring *
3924 cat_file(FILE *f, gstring *yield, uschar *eol)
3925 {
3926 us