Unix socket creds sockopt for BSD-ish platforms
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 #ifdef EXPERIMENTAL_SRS_NATIVE
133 US"srs_encode",
134 #endif
135 US"substr",
136 US"tr" };
137
138 enum {
139 EITEM_ACL,
140 EITEM_AUTHRESULTS,
141 EITEM_CERTEXTRACT,
142 EITEM_DLFUNC,
143 EITEM_ENV,
144 EITEM_EXTRACT,
145 EITEM_FILTER,
146 EITEM_HASH,
147 EITEM_HMAC,
148 EITEM_IF,
149 #ifdef SUPPORT_I18N
150 EITEM_IMAPFOLDER,
151 #endif
152 EITEM_LENGTH,
153 EITEM_LISTEXTRACT,
154 EITEM_LOOKUP,
155 EITEM_MAP,
156 EITEM_NHASH,
157 EITEM_PERL,
158 EITEM_PRVS,
159 EITEM_PRVSCHECK,
160 EITEM_READFILE,
161 EITEM_READSOCK,
162 EITEM_REDUCE,
163 EITEM_RUN,
164 EITEM_SG,
165 EITEM_SORT,
166 #ifdef EXPERIMENTAL_SRS_NATIVE
167 EITEM_SRS_ENCODE,
168 #endif
169 EITEM_SUBSTR,
170 EITEM_TR };
171
172 /* Tables of operator names, and corresponding switch numbers. The names must be
173 in alphabetical order. There are two tables, because underscore is used in some
174 cases to introduce arguments, whereas for other it is part of the name. This is
175 an historical mis-design. */
176
177 static uschar *op_table_underscore[] = {
178 US"from_utf8",
179 US"local_part",
180 US"quote_local_part",
181 US"reverse_ip",
182 US"time_eval",
183 US"time_interval"
184 #ifdef SUPPORT_I18N
185 ,US"utf8_domain_from_alabel",
186 US"utf8_domain_to_alabel",
187 US"utf8_localpart_from_alabel",
188 US"utf8_localpart_to_alabel"
189 #endif
190 };
191
192 enum {
193 EOP_FROM_UTF8,
194 EOP_LOCAL_PART,
195 EOP_QUOTE_LOCAL_PART,
196 EOP_REVERSE_IP,
197 EOP_TIME_EVAL,
198 EOP_TIME_INTERVAL
199 #ifdef SUPPORT_I18N
200 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
201 EOP_UTF8_DOMAIN_TO_ALABEL,
202 EOP_UTF8_LOCALPART_FROM_ALABEL,
203 EOP_UTF8_LOCALPART_TO_ALABEL
204 #endif
205 };
206
207 static uschar *op_table_main[] = {
208 US"address",
209 US"addresses",
210 US"base32",
211 US"base32d",
212 US"base62",
213 US"base62d",
214 US"base64",
215 US"base64d",
216 US"bless",
217 US"domain",
218 US"escape",
219 US"escape8bit",
220 US"eval",
221 US"eval10",
222 US"expand",
223 US"h",
224 US"hash",
225 US"hex2b64",
226 US"hexquote",
227 US"ipv6denorm",
228 US"ipv6norm",
229 US"l",
230 US"lc",
231 US"length",
232 US"listcount",
233 US"listnamed",
234 US"mask",
235 US"md5",
236 US"nh",
237 US"nhash",
238 US"quote",
239 US"randint",
240 US"rfc2047",
241 US"rfc2047d",
242 US"rxquote",
243 US"s",
244 US"sha1",
245 US"sha2",
246 US"sha256",
247 US"sha3",
248 US"stat",
249 US"str2b64",
250 US"strlen",
251 US"substr",
252 US"uc",
253 US"utf8clean" };
254
255 enum {
256 EOP_ADDRESS = nelem(op_table_underscore),
257 EOP_ADDRESSES,
258 EOP_BASE32,
259 EOP_BASE32D,
260 EOP_BASE62,
261 EOP_BASE62D,
262 EOP_BASE64,
263 EOP_BASE64D,
264 EOP_BLESS,
265 EOP_DOMAIN,
266 EOP_ESCAPE,
267 EOP_ESCAPE8BIT,
268 EOP_EVAL,
269 EOP_EVAL10,
270 EOP_EXPAND,
271 EOP_H,
272 EOP_HASH,
273 EOP_HEX2B64,
274 EOP_HEXQUOTE,
275 EOP_IPV6DENORM,
276 EOP_IPV6NORM,
277 EOP_L,
278 EOP_LC,
279 EOP_LENGTH,
280 EOP_LISTCOUNT,
281 EOP_LISTNAMED,
282 EOP_MASK,
283 EOP_MD5,
284 EOP_NH,
285 EOP_NHASH,
286 EOP_QUOTE,
287 EOP_RANDINT,
288 EOP_RFC2047,
289 EOP_RFC2047D,
290 EOP_RXQUOTE,
291 EOP_S,
292 EOP_SHA1,
293 EOP_SHA2,
294 EOP_SHA256,
295 EOP_SHA3,
296 EOP_STAT,
297 EOP_STR2B64,
298 EOP_STRLEN,
299 EOP_SUBSTR,
300 EOP_UC,
301 EOP_UTF8CLEAN };
302
303
304 /* Table of condition names, and corresponding switch numbers. The names must
305 be in alphabetical order. */
306
307 static uschar *cond_table[] = {
308 US"<",
309 US"<=",
310 US"=",
311 US"==", /* Backward compatibility */
312 US">",
313 US">=",
314 US"acl",
315 US"and",
316 US"bool",
317 US"bool_lax",
318 US"crypteq",
319 US"def",
320 US"eq",
321 US"eqi",
322 US"exists",
323 US"first_delivery",
324 US"forall",
325 US"forall_json",
326 US"forall_jsons",
327 US"forany",
328 US"forany_json",
329 US"forany_jsons",
330 US"ge",
331 US"gei",
332 US"gt",
333 US"gti",
334 #ifdef EXPERIMENTAL_SRS_NATIVE
335 US"inbound_srs",
336 #endif
337 US"inlist",
338 US"inlisti",
339 US"isip",
340 US"isip4",
341 US"isip6",
342 US"ldapauth",
343 US"le",
344 US"lei",
345 US"lt",
346 US"lti",
347 US"match",
348 US"match_address",
349 US"match_domain",
350 US"match_ip",
351 US"match_local_part",
352 US"or",
353 US"pam",
354 US"pwcheck",
355 US"queue_running",
356 US"radius",
357 US"saslauthd"
358 };
359
360 enum {
361 ECOND_NUM_L,
362 ECOND_NUM_LE,
363 ECOND_NUM_E,
364 ECOND_NUM_EE,
365 ECOND_NUM_G,
366 ECOND_NUM_GE,
367 ECOND_ACL,
368 ECOND_AND,
369 ECOND_BOOL,
370 ECOND_BOOL_LAX,
371 ECOND_CRYPTEQ,
372 ECOND_DEF,
373 ECOND_STR_EQ,
374 ECOND_STR_EQI,
375 ECOND_EXISTS,
376 ECOND_FIRST_DELIVERY,
377 ECOND_FORALL,
378 ECOND_FORALL_JSON,
379 ECOND_FORALL_JSONS,
380 ECOND_FORANY,
381 ECOND_FORANY_JSON,
382 ECOND_FORANY_JSONS,
383 ECOND_STR_GE,
384 ECOND_STR_GEI,
385 ECOND_STR_GT,
386 ECOND_STR_GTI,
387 #ifdef EXPERIMENTAL_SRS_NATIVE
388 ECOND_INBOUND_SRS,
389 #endif
390 ECOND_INLIST,
391 ECOND_INLISTI,
392 ECOND_ISIP,
393 ECOND_ISIP4,
394 ECOND_ISIP6,
395 ECOND_LDAPAUTH,
396 ECOND_STR_LE,
397 ECOND_STR_LEI,
398 ECOND_STR_LT,
399 ECOND_STR_LTI,
400 ECOND_MATCH,
401 ECOND_MATCH_ADDRESS,
402 ECOND_MATCH_DOMAIN,
403 ECOND_MATCH_IP,
404 ECOND_MATCH_LOCAL_PART,
405 ECOND_OR,
406 ECOND_PAM,
407 ECOND_PWCHECK,
408 ECOND_QUEUE_RUNNING,
409 ECOND_RADIUS,
410 ECOND_SASLAUTHD
411 };
412
413
414 /* Types of table entry */
415
416 enum vtypes {
417 vtype_int, /* value is address of int */
418 vtype_filter_int, /* ditto, but recognized only when filtering */
419 vtype_ino, /* value is address of ino_t (not always an int) */
420 vtype_uid, /* value is address of uid_t (not always an int) */
421 vtype_gid, /* value is address of gid_t (not always an int) */
422 vtype_bool, /* value is address of bool */
423 vtype_stringptr, /* value is address of pointer to string */
424 vtype_msgbody, /* as stringptr, but read when first required */
425 vtype_msgbody_end, /* ditto, the end of the message */
426 vtype_msgheaders, /* the message's headers, processed */
427 vtype_msgheaders_raw, /* the message's headers, unprocessed */
428 vtype_localpart, /* extract local part from string */
429 vtype_domain, /* extract domain from string */
430 vtype_string_func, /* value is string returned by given function */
431 vtype_todbsdin, /* value not used; generate BSD inbox tod */
432 vtype_tode, /* value not used; generate tod in epoch format */
433 vtype_todel, /* value not used; generate tod in epoch/usec format */
434 vtype_todf, /* value not used; generate full tod */
435 vtype_todl, /* value not used; generate log tod */
436 vtype_todlf, /* value not used; generate log file datestamp tod */
437 vtype_todzone, /* value not used; generate time zone only */
438 vtype_todzulu, /* value not used; generate zulu tod */
439 vtype_reply, /* value not used; get reply from headers */
440 vtype_pid, /* value not used; result is pid */
441 vtype_host_lookup, /* value not used; get host name */
442 vtype_load_avg, /* value not used; result is int from os_getloadavg */
443 vtype_pspace, /* partition space; value is T/F for spool/log */
444 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
445 vtype_cert /* SSL certificate */
446 #ifndef DISABLE_DKIM
447 ,vtype_dkim /* Lookup of value in DKIM signature */
448 #endif
449 };
450
451 /* Type for main variable table */
452
453 typedef struct {
454 const char *name;
455 enum vtypes type;
456 void *value;
457 } var_entry;
458
459 /* Type for entries pointing to address/length pairs. Not currently
460 in use. */
461
462 typedef struct {
463 uschar **address;
464 int *length;
465 } alblock;
466
467 static uschar * fn_recipients(void);
468 typedef uschar * stringptr_fn_t(void);
469 static uschar * fn_queue_size(void);
470
471 /* This table must be kept in alphabetical order. */
472
473 static var_entry var_table[] = {
474 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
475 they will be confused with user-creatable ACL variables. */
476 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
477 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
478 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
479 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
480 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
481 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
482 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
483 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
484 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
485 { "acl_narg", vtype_int, &acl_narg },
486 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
487 { "address_data", vtype_stringptr, &deliver_address_data },
488 { "address_file", vtype_stringptr, &address_file },
489 { "address_pipe", vtype_stringptr, &address_pipe },
490 #ifdef EXPERIMENTAL_ARC
491 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
492 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
493 { "arc_state", vtype_stringptr, &arc_state },
494 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
495 #endif
496 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
497 { "authenticated_id", vtype_stringptr, &authenticated_id },
498 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
499 { "authentication_failed",vtype_int, &authentication_failed },
500 #ifdef WITH_CONTENT_SCAN
501 { "av_failed", vtype_int, &av_failed },
502 #endif
503 #ifdef EXPERIMENTAL_BRIGHTMAIL
504 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
505 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
506 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
507 { "bmi_deliver", vtype_int, &bmi_deliver },
508 #endif
509 { "body_linecount", vtype_int, &body_linecount },
510 { "body_zerocount", vtype_int, &body_zerocount },
511 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
512 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
513 { "caller_gid", vtype_gid, &real_gid },
514 { "caller_uid", vtype_uid, &real_uid },
515 { "callout_address", vtype_stringptr, &callout_address },
516 { "compile_date", vtype_stringptr, &version_date },
517 { "compile_number", vtype_stringptr, &version_cnumber },
518 { "config_dir", vtype_stringptr, &config_main_directory },
519 { "config_file", vtype_stringptr, &config_main_filename },
520 { "csa_status", vtype_stringptr, &csa_status },
521 #ifdef EXPERIMENTAL_DCC
522 { "dcc_header", vtype_stringptr, &dcc_header },
523 { "dcc_result", vtype_stringptr, &dcc_result },
524 #endif
525 #ifndef DISABLE_DKIM
526 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
527 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
528 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
529 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
530 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
531 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
532 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
533 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
534 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
535 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
536 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
537 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
538 { "dkim_key_length", vtype_int, &dkim_key_length },
539 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
540 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
541 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
542 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
543 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
544 { "dkim_signers", vtype_stringptr, &dkim_signers },
545 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
546 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
547 #endif
548 #ifdef SUPPORT_DMARC
549 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
550 { "dmarc_status", vtype_stringptr, &dmarc_status },
551 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
552 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
553 #endif
554 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
555 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
556 { "dnslist_text", vtype_stringptr, &dnslist_text },
557 { "dnslist_value", vtype_stringptr, &dnslist_value },
558 { "domain", vtype_stringptr, &deliver_domain },
559 { "domain_data", vtype_stringptr, &deliver_domain_data },
560 #ifndef DISABLE_EVENT
561 { "event_data", vtype_stringptr, &event_data },
562
563 /*XXX want to use generic vars for as many of these as possible*/
564 { "event_defer_errno", vtype_int, &event_defer_errno },
565
566 { "event_name", vtype_stringptr, &event_name },
567 #endif
568 { "exim_gid", vtype_gid, &exim_gid },
569 { "exim_path", vtype_stringptr, &exim_path },
570 { "exim_uid", vtype_uid, &exim_uid },
571 { "exim_version", vtype_stringptr, &version_string },
572 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
573 { "home", vtype_stringptr, &deliver_home },
574 { "host", vtype_stringptr, &deliver_host },
575 { "host_address", vtype_stringptr, &deliver_host_address },
576 { "host_data", vtype_stringptr, &host_data },
577 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
578 { "host_lookup_failed", vtype_int, &host_lookup_failed },
579 { "host_port", vtype_int, &deliver_host_port },
580 { "initial_cwd", vtype_stringptr, &initial_cwd },
581 { "inode", vtype_ino, &deliver_inode },
582 { "interface_address", vtype_stringptr, &interface_address },
583 { "interface_port", vtype_int, &interface_port },
584 { "item", vtype_stringptr, &iterate_item },
585 #ifdef LOOKUP_LDAP
586 { "ldap_dn", vtype_stringptr, &eldap_dn },
587 #endif
588 { "load_average", vtype_load_avg, NULL },
589 { "local_part", vtype_stringptr, &deliver_localpart },
590 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
591 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
592 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
593 { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
594 #ifdef HAVE_LOCAL_SCAN
595 { "local_scan_data", vtype_stringptr, &local_scan_data },
596 #endif
597 { "local_user_gid", vtype_gid, &local_user_gid },
598 { "local_user_uid", vtype_uid, &local_user_uid },
599 { "localhost_number", vtype_int, &host_number },
600 { "log_inodes", vtype_pinodes, (void *)FALSE },
601 { "log_space", vtype_pspace, (void *)FALSE },
602 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
603 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
604 #ifdef WITH_CONTENT_SCAN
605 { "malware_name", vtype_stringptr, &malware_name },
606 #endif
607 { "max_received_linelength", vtype_int, &max_received_linelength },
608 { "message_age", vtype_int, &message_age },
609 { "message_body", vtype_msgbody, &message_body },
610 { "message_body_end", vtype_msgbody_end, &message_body_end },
611 { "message_body_size", vtype_int, &message_body_size },
612 { "message_exim_id", vtype_stringptr, &message_id },
613 { "message_headers", vtype_msgheaders, NULL },
614 { "message_headers_raw", vtype_msgheaders_raw, NULL },
615 { "message_id", vtype_stringptr, &message_id },
616 { "message_linecount", vtype_int, &message_linecount },
617 { "message_size", vtype_int, &message_size },
618 #ifdef SUPPORT_I18N
619 { "message_smtputf8", vtype_bool, &message_smtputf8 },
620 #endif
621 #ifdef WITH_CONTENT_SCAN
622 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
623 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
624 { "mime_boundary", vtype_stringptr, &mime_boundary },
625 { "mime_charset", vtype_stringptr, &mime_charset },
626 { "mime_content_description", vtype_stringptr, &mime_content_description },
627 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
628 { "mime_content_id", vtype_stringptr, &mime_content_id },
629 { "mime_content_size", vtype_int, &mime_content_size },
630 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
631 { "mime_content_type", vtype_stringptr, &mime_content_type },
632 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
633 { "mime_filename", vtype_stringptr, &mime_filename },
634 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
635 { "mime_is_multipart", vtype_int, &mime_is_multipart },
636 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
637 { "mime_part_count", vtype_int, &mime_part_count },
638 #endif
639 { "n0", vtype_filter_int, &filter_n[0] },
640 { "n1", vtype_filter_int, &filter_n[1] },
641 { "n2", vtype_filter_int, &filter_n[2] },
642 { "n3", vtype_filter_int, &filter_n[3] },
643 { "n4", vtype_filter_int, &filter_n[4] },
644 { "n5", vtype_filter_int, &filter_n[5] },
645 { "n6", vtype_filter_int, &filter_n[6] },
646 { "n7", vtype_filter_int, &filter_n[7] },
647 { "n8", vtype_filter_int, &filter_n[8] },
648 { "n9", vtype_filter_int, &filter_n[9] },
649 { "original_domain", vtype_stringptr, &deliver_domain_orig },
650 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
651 { "originator_gid", vtype_gid, &originator_gid },
652 { "originator_uid", vtype_uid, &originator_uid },
653 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
654 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
655 { "pid", vtype_pid, NULL },
656 #ifndef DISABLE_PRDR
657 { "prdr_requested", vtype_bool, &prdr_requested },
658 #endif
659 { "primary_hostname", vtype_stringptr, &primary_hostname },
660 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
661 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
662 { "proxy_external_port", vtype_int, &proxy_external_port },
663 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
664 { "proxy_local_port", vtype_int, &proxy_local_port },
665 { "proxy_session", vtype_bool, &proxy_session },
666 #endif
667 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
668 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
669 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
670 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
671 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
672 { "queue_name", vtype_stringptr, &queue_name },
673 { "queue_size", vtype_string_func, &fn_queue_size },
674 { "rcpt_count", vtype_int, &rcpt_count },
675 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
676 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
677 { "received_count", vtype_int, &received_count },
678 { "received_for", vtype_stringptr, &received_for },
679 { "received_ip_address", vtype_stringptr, &interface_address },
680 { "received_port", vtype_int, &interface_port },
681 { "received_protocol", vtype_stringptr, &received_protocol },
682 { "received_time", vtype_int, &received_time.tv_sec },
683 { "recipient_data", vtype_stringptr, &recipient_data },
684 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
685 { "recipients", vtype_string_func, (void *) &fn_recipients },
686 { "recipients_count", vtype_int, &recipients_count },
687 #ifdef WITH_CONTENT_SCAN
688 { "regex_match_string", vtype_stringptr, &regex_match_string },
689 #endif
690 { "reply_address", vtype_reply, NULL },
691 { "return_path", vtype_stringptr, &return_path },
692 { "return_size_limit", vtype_int, &bounce_return_size_limit },
693 { "router_name", vtype_stringptr, &router_name },
694 { "runrc", vtype_int, &runrc },
695 { "self_hostname", vtype_stringptr, &self_hostname },
696 { "sender_address", vtype_stringptr, &sender_address },
697 { "sender_address_data", vtype_stringptr, &sender_address_data },
698 { "sender_address_domain", vtype_domain, &sender_address },
699 { "sender_address_local_part", vtype_localpart, &sender_address },
700 { "sender_data", vtype_stringptr, &sender_data },
701 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
702 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
703 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
704 { "sender_host_address", vtype_stringptr, &sender_host_address },
705 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
706 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
707 { "sender_host_name", vtype_host_lookup, NULL },
708 { "sender_host_port", vtype_int, &sender_host_port },
709 { "sender_ident", vtype_stringptr, &sender_ident },
710 { "sender_rate", vtype_stringptr, &sender_rate },
711 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
712 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
713 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
714 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
715 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
716 { "sending_port", vtype_int, &sending_port },
717 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
718 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
719 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
720 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
721 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
722 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
723 { "sn0", vtype_filter_int, &filter_sn[0] },
724 { "sn1", vtype_filter_int, &filter_sn[1] },
725 { "sn2", vtype_filter_int, &filter_sn[2] },
726 { "sn3", vtype_filter_int, &filter_sn[3] },
727 { "sn4", vtype_filter_int, &filter_sn[4] },
728 { "sn5", vtype_filter_int, &filter_sn[5] },
729 { "sn6", vtype_filter_int, &filter_sn[6] },
730 { "sn7", vtype_filter_int, &filter_sn[7] },
731 { "sn8", vtype_filter_int, &filter_sn[8] },
732 { "sn9", vtype_filter_int, &filter_sn[9] },
733 #ifdef WITH_CONTENT_SCAN
734 { "spam_action", vtype_stringptr, &spam_action },
735 { "spam_bar", vtype_stringptr, &spam_bar },
736 { "spam_report", vtype_stringptr, &spam_report },
737 { "spam_score", vtype_stringptr, &spam_score },
738 { "spam_score_int", vtype_stringptr, &spam_score_int },
739 #endif
740 #ifdef SUPPORT_SPF
741 { "spf_guess", vtype_stringptr, &spf_guess },
742 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
743 { "spf_received", vtype_stringptr, &spf_received },
744 { "spf_result", vtype_stringptr, &spf_result },
745 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
746 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
747 #endif
748 { "spool_directory", vtype_stringptr, &spool_directory },
749 { "spool_inodes", vtype_pinodes, (void *)TRUE },
750 { "spool_space", vtype_pspace, (void *)TRUE },
751 #ifdef EXPERIMENTAL_SRS
752 { "srs_db_address", vtype_stringptr, &srs_db_address },
753 { "srs_db_key", vtype_stringptr, &srs_db_key },
754 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
755 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
756 #endif
757 #if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
758 { "srs_recipient", vtype_stringptr, &srs_recipient },
759 #endif
760 #ifdef EXPERIMENTAL_SRS
761 { "srs_status", vtype_stringptr, &srs_status },
762 #endif
763 { "thisaddress", vtype_stringptr, &filter_thisaddress },
764
765 /* The non-(in,out) variables are now deprecated */
766 { "tls_bits", vtype_int, &tls_in.bits },
767 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
768 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
769
770 { "tls_in_bits", vtype_int, &tls_in.bits },
771 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
772 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
773 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
774 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
775 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
776 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
777 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
778 #ifdef EXPERIMENTAL_TLS_RESUME
779 { "tls_in_resumption", vtype_int, &tls_in.resumption },
780 #endif
781 #ifndef DISABLE_TLS
782 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
783 #endif
784 { "tls_in_ver", vtype_stringptr, &tls_in.ver },
785 { "tls_out_bits", vtype_int, &tls_out.bits },
786 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
787 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
788 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
789 #ifdef SUPPORT_DANE
790 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
791 #endif
792 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
793 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
794 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
795 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
796 #ifdef EXPERIMENTAL_TLS_RESUME
797 { "tls_out_resumption", vtype_int, &tls_out.resumption },
798 #endif
799 #ifndef DISABLE_TLS
800 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
801 #endif
802 #ifdef SUPPORT_DANE
803 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
804 #endif
805 { "tls_out_ver", vtype_stringptr, &tls_out.ver },
806
807 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
808 #ifndef DISABLE_TLS
809 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
810 #endif
811
812 { "tod_bsdinbox", vtype_todbsdin, NULL },
813 { "tod_epoch", vtype_tode, NULL },
814 { "tod_epoch_l", vtype_todel, NULL },
815 { "tod_full", vtype_todf, NULL },
816 { "tod_log", vtype_todl, NULL },
817 { "tod_logfile", vtype_todlf, NULL },
818 { "tod_zone", vtype_todzone, NULL },
819 { "tod_zulu", vtype_todzulu, NULL },
820 { "transport_name", vtype_stringptr, &transport_name },
821 { "value", vtype_stringptr, &lookup_value },
822 { "verify_mode", vtype_stringptr, &verify_mode },
823 { "version_number", vtype_stringptr, &version_string },
824 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
825 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
826 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
827 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
828 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
829 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
830 };
831
832 static int var_table_size = nelem(var_table);
833 static uschar var_buffer[256];
834 static BOOL malformed_header;
835
836 /* For textual hashes */
837
838 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
839 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
840 "0123456789";
841
842 enum { HMAC_MD5, HMAC_SHA1 };
843
844 /* For numeric hashes */
845
846 static unsigned int prime[] = {
847 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
848 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
849 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
850
851 /* For printing modes in symbolic form */
852
853 static uschar *mtable_normal[] =
854 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
855
856 static uschar *mtable_setid[] =
857 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
858
859 static uschar *mtable_sticky[] =
860 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
861
862 /* flags for find_header() */
863 #define FH_EXISTS_ONLY BIT(0)
864 #define FH_WANT_RAW BIT(1)
865 #define FH_WANT_LIST BIT(2)
866
867
868 /*************************************************
869 * Tables for UTF-8 support *
870 *************************************************/
871
872 /* Table of the number of extra characters, indexed by the first character
873 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
874 0x3d. */
875
876 static uschar utf8_table1[] = {
877 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
878 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
879 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
880 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
881
882 /* These are the masks for the data bits in the first byte of a character,
883 indexed by the number of additional bytes. */
884
885 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
886
887 /* Get the next UTF-8 character, advancing the pointer. */
888
889 #define GETUTF8INC(c, ptr) \
890 c = *ptr++; \
891 if ((c & 0xc0) == 0xc0) \
892 { \
893 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
894 int s = 6*a; \
895 c = (c & utf8_table2[a]) << s; \
896 while (a-- > 0) \
897 { \
898 s -= 6; \
899 c |= (*ptr++ & 0x3f) << s; \
900 } \
901 }
902
903
904
905 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
906
907 /*************************************************
908 * Binary chop search on a table *
909 *************************************************/
910
911 /* This is used for matching expansion items and operators.
912
913 Arguments:
914 name the name that is being sought
915 table the table to search
916 table_size the number of items in the table
917
918 Returns: the offset in the table, or -1
919 */
920
921 static int
922 chop_match(uschar *name, uschar **table, int table_size)
923 {
924 uschar **bot = table;
925 uschar **top = table + table_size;
926
927 while (top > bot)
928 {
929 uschar **mid = bot + (top - bot)/2;
930 int c = Ustrcmp(name, *mid);
931 if (c == 0) return mid - table;
932 if (c > 0) bot = mid + 1; else top = mid;
933 }
934
935 return -1;
936 }
937
938
939
940 /*************************************************
941 * Check a condition string *
942 *************************************************/
943
944 /* This function is called to expand a string, and test the result for a "true"
945 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
946 forced fail or lookup defer.
947
948 We used to release all store used, but this is not not safe due
949 to ${dlfunc } and ${acl }. In any case expand_string_internal()
950 is reasonably careful to release what it can.
951
952 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
953
954 Arguments:
955 condition the condition string
956 m1 text to be incorporated in panic error
957 m2 ditto
958
959 Returns: TRUE if condition is met, FALSE if not
960 */
961
962 BOOL
963 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
964 {
965 uschar * ss = expand_string(condition);
966 if (!ss)
967 {
968 if (!f.expand_string_forcedfail && !f.search_find_defer)
969 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
970 "for %s %s: %s", condition, m1, m2, expand_string_message);
971 return FALSE;
972 }
973 return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
974 strcmpic(ss, US"false") != 0;
975 }
976
977
978
979
980 /*************************************************
981 * Pseudo-random number generation *
982 *************************************************/
983
984 /* Pseudo-random number generation. The result is not "expected" to be
985 cryptographically strong but not so weak that someone will shoot themselves
986 in the foot using it as a nonce in some email header scheme or whatever
987 weirdness they'll twist this into. The result should ideally handle fork().
988
989 However, if we're stuck unable to provide this, then we'll fall back to
990 appallingly bad randomness.
991
992 If DISABLE_TLS is not defined then this will not be used except as an emergency
993 fallback.
994
995 Arguments:
996 max range maximum
997 Returns a random number in range [0, max-1]
998 */
999
1000 #ifndef DISABLE_TLS
1001 # define vaguely_random_number vaguely_random_number_fallback
1002 #endif
1003 int
1004 vaguely_random_number(int max)
1005 {
1006 #ifndef DISABLE_TLS
1007 # undef vaguely_random_number
1008 #endif
1009 static pid_t pid = 0;
1010 pid_t p2;
1011
1012 if ((p2 = getpid()) != pid)
1013 {
1014 if (pid != 0)
1015 {
1016
1017 #ifdef HAVE_ARC4RANDOM
1018 /* cryptographically strong randomness, common on *BSD platforms, not
1019 so much elsewhere. Alas. */
1020 # ifndef NOT_HAVE_ARC4RANDOM_STIR
1021 arc4random_stir();
1022 # endif
1023 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1024 # ifdef HAVE_SRANDOMDEV
1025 /* uses random(4) for seeding */
1026 srandomdev();
1027 # else
1028 {
1029 struct timeval tv;
1030 gettimeofday(&tv, NULL);
1031 srandom(tv.tv_sec | tv.tv_usec | getpid());
1032 }
1033 # endif
1034 #else
1035 /* Poor randomness and no seeding here */
1036 #endif
1037
1038 }
1039 pid = p2;
1040 }
1041
1042 #ifdef HAVE_ARC4RANDOM
1043 return arc4random() % max;
1044 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1045 return random() % max;
1046 #else
1047 /* This one returns a 16-bit number, definitely not crypto-strong */
1048 return random_number(max);
1049 #endif
1050 }
1051
1052
1053
1054
1055 /*************************************************
1056 * Pick out a name from a string *
1057 *************************************************/
1058
1059 /* If the name is too long, it is silently truncated.
1060
1061 Arguments:
1062 name points to a buffer into which to put the name
1063 max is the length of the buffer
1064 s points to the first alphabetic character of the name
1065 extras chars other than alphanumerics to permit
1066
1067 Returns: pointer to the first character after the name
1068
1069 Note: The test for *s != 0 in the while loop is necessary because
1070 Ustrchr() yields non-NULL if the character is zero (which is not something
1071 I expected). */
1072
1073 static const uschar *
1074 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1075 {
1076 int ptr = 0;
1077 while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1078 {
1079 if (ptr < max-1) name[ptr++] = *s;
1080 s++;
1081 }
1082 name[ptr] = 0;
1083 return s;
1084 }
1085
1086
1087
1088 /*************************************************
1089 * Pick out the rest of a header name *
1090 *************************************************/
1091
1092 /* A variable name starting $header_ (or just $h_ for those who like
1093 abbreviations) might not be the complete header name because headers can
1094 contain any printing characters in their names, except ':'. This function is
1095 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1096 on the end, if the name was terminated by white space.
1097
1098 Arguments:
1099 name points to a buffer in which the name read so far exists
1100 max is the length of the buffer
1101 s points to the first character after the name so far, i.e. the
1102 first non-alphameric character after $header_xxxxx
1103
1104 Returns: a pointer to the first character after the header name
1105 */
1106
1107 static const uschar *
1108 read_header_name(uschar *name, int max, const uschar *s)
1109 {
1110 int prelen = Ustrchr(name, '_') - name + 1;
1111 int ptr = Ustrlen(name) - prelen;
1112 if (ptr > 0) memmove(name, name+prelen, ptr);
1113 while (mac_isgraph(*s) && *s != ':')
1114 {
1115 if (ptr < max-1) name[ptr++] = *s;
1116 s++;
1117 }
1118 if (*s == ':') s++;
1119 name[ptr++] = ':';
1120 name[ptr] = 0;
1121 return s;
1122 }
1123
1124
1125
1126 /*************************************************
1127 * Pick out a number from a string *
1128 *************************************************/
1129
1130 /* Arguments:
1131 n points to an integer into which to put the number
1132 s points to the first digit of the number
1133
1134 Returns: a pointer to the character after the last digit
1135 */
1136 /*XXX consider expanding to int_eximarith_t. But the test for
1137 "overbig numbers" in 0002 still needs to overflow it. */
1138
1139 static uschar *
1140 read_number(int *n, uschar *s)
1141 {
1142 *n = 0;
1143 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1144 return s;
1145 }
1146
1147 static const uschar *
1148 read_cnumber(int *n, const uschar *s)
1149 {
1150 *n = 0;
1151 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1152 return s;
1153 }
1154
1155
1156
1157 /*************************************************
1158 * Extract keyed subfield from a string *
1159 *************************************************/
1160
1161 /* The yield is in dynamic store; NULL means that the key was not found.
1162
1163 Arguments:
1164 key points to the name of the key
1165 s points to the string from which to extract the subfield
1166
1167 Returns: NULL if the subfield was not found, or
1168 a pointer to the subfield's data
1169 */
1170
1171 static uschar *
1172 expand_getkeyed(uschar * key, const uschar * s)
1173 {
1174 int length = Ustrlen(key);
1175 while (isspace(*s)) s++;
1176
1177 /* Loop to search for the key */
1178
1179 while (*s)
1180 {
1181 int dkeylength;
1182 uschar * data;
1183 const uschar * dkey = s;
1184
1185 while (*s && *s != '=' && !isspace(*s)) s++;
1186 dkeylength = s - dkey;
1187 while (isspace(*s)) s++;
1188 if (*s == '=') while (isspace((*(++s))));
1189
1190 data = string_dequote(&s);
1191 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1192 return data;
1193
1194 while (isspace(*s)) s++;
1195 }
1196
1197 return NULL;
1198 }
1199
1200
1201
1202 static var_entry *
1203 find_var_ent(uschar * name)
1204 {
1205 int first = 0;
1206 int last = var_table_size;
1207
1208 while (last > first)
1209 {
1210 int middle = (first + last)/2;
1211 int c = Ustrcmp(name, var_table[middle].name);
1212
1213 if (c > 0) { first = middle + 1; continue; }
1214 if (c < 0) { last = middle; continue; }
1215 return &var_table[middle];
1216 }
1217 return NULL;
1218 }
1219
1220 /*************************************************
1221 * Extract numbered subfield from string *
1222 *************************************************/
1223
1224 /* Extracts a numbered field from a string that is divided by tokens - for
1225 example a line from /etc/passwd is divided by colon characters. First field is
1226 numbered one. Negative arguments count from the right. Zero returns the whole
1227 string. Returns NULL if there are insufficient tokens in the string
1228
1229 ***WARNING***
1230 Modifies final argument - this is a dynamically generated string, so that's OK.
1231
1232 Arguments:
1233 field number of field to be extracted,
1234 first field = 1, whole string = 0, last field = -1
1235 separators characters that are used to break string into tokens
1236 s points to the string from which to extract the subfield
1237
1238 Returns: NULL if the field was not found,
1239 a pointer to the field's data inside s (modified to add 0)
1240 */
1241
1242 static uschar *
1243 expand_gettokened (int field, uschar *separators, uschar *s)
1244 {
1245 int sep = 1;
1246 int count;
1247 uschar *ss = s;
1248 uschar *fieldtext = NULL;
1249
1250 if (field == 0) return s;
1251
1252 /* Break the line up into fields in place; for field > 0 we stop when we have
1253 done the number of fields we want. For field < 0 we continue till the end of
1254 the string, counting the number of fields. */
1255
1256 count = (field > 0)? field : INT_MAX;
1257
1258 while (count-- > 0)
1259 {
1260 size_t len;
1261
1262 /* Previous field was the last one in the string. For a positive field
1263 number, this means there are not enough fields. For a negative field number,
1264 check that there are enough, and scan back to find the one that is wanted. */
1265
1266 if (sep == 0)
1267 {
1268 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1269 if ((-field) == (INT_MAX - count - 1)) return s;
1270 while (field++ < 0)
1271 {
1272 ss--;
1273 while (ss[-1] != 0) ss--;
1274 }
1275 fieldtext = ss;
1276 break;
1277 }
1278
1279 /* Previous field was not last in the string; save its start and put a
1280 zero at its end. */
1281
1282 fieldtext = ss;
1283 len = Ustrcspn(ss, separators);
1284 sep = ss[len];
1285 ss[len] = 0;
1286 ss += len + 1;
1287 }
1288
1289 return fieldtext;
1290 }
1291
1292
1293 static uschar *
1294 expand_getlistele(int field, const uschar * list)
1295 {
1296 const uschar * tlist = list;
1297 int sep = 0;
1298 uschar dummy;
1299
1300 if (field < 0)
1301 {
1302 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1303 sep = 0;
1304 }
1305 if (field == 0) return NULL;
1306 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1307 return string_nextinlist(&list, &sep, NULL, 0);
1308 }
1309
1310
1311 /* Certificate fields, by name. Worry about by-OID later */
1312 /* Names are chosen to not have common prefixes */
1313
1314 #ifndef DISABLE_TLS
1315 typedef struct
1316 {
1317 uschar * name;
1318 int namelen;
1319 uschar * (*getfn)(void * cert, uschar * mod);
1320 } certfield;
1321 static certfield certfields[] =
1322 { /* linear search; no special order */
1323 { US"version", 7, &tls_cert_version },
1324 { US"serial_number", 13, &tls_cert_serial_number },
1325 { US"subject", 7, &tls_cert_subject },
1326 { US"notbefore", 9, &tls_cert_not_before },
1327 { US"notafter", 8, &tls_cert_not_after },
1328 { US"issuer", 6, &tls_cert_issuer },
1329 { US"signature", 9, &tls_cert_signature },
1330 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1331 { US"subj_altname", 12, &tls_cert_subject_altname },
1332 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1333 { US"crl_uri", 7, &tls_cert_crl_uri },
1334 };
1335
1336 static uschar *
1337 expand_getcertele(uschar * field, uschar * certvar)
1338 {
1339 var_entry * vp;
1340
1341 if (!(vp = find_var_ent(certvar)))
1342 {
1343 expand_string_message =
1344 string_sprintf("no variable named \"%s\"", certvar);
1345 return NULL; /* Unknown variable name */
1346 }
1347 /* NB this stops us passing certs around in variable. Might
1348 want to do that in future */
1349 if (vp->type != vtype_cert)
1350 {
1351 expand_string_message =
1352 string_sprintf("\"%s\" is not a certificate", certvar);
1353 return NULL; /* Unknown variable name */
1354 }
1355 if (!*(void **)vp->value)
1356 return NULL;
1357
1358 if (*field >= '0' && *field <= '9')
1359 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1360
1361 for (certfield * cp = certfields;
1362 cp < certfields + nelem(certfields);
1363 cp++)
1364 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1365 {
1366 uschar * modifier = *(field += cp->namelen) == ','
1367 ? ++field : NULL;
1368 return (*cp->getfn)( *(void **)vp->value, modifier );
1369 }
1370
1371 expand_string_message =
1372 string_sprintf("bad field selector \"%s\" for certextract", field);
1373 return NULL;
1374 }
1375 #endif /*DISABLE_TLS*/
1376
1377 /*************************************************
1378 * Extract a substring from a string *
1379 *************************************************/
1380
1381 /* Perform the ${substr or ${length expansion operations.
1382
1383 Arguments:
1384 subject the input string
1385 value1 the offset from the start of the input string to the start of
1386 the output string; if negative, count from the right.
1387 value2 the length of the output string, or negative (-1) for unset
1388 if value1 is positive, unset means "all after"
1389 if value1 is negative, unset means "all before"
1390 len set to the length of the returned string
1391
1392 Returns: pointer to the output string, or NULL if there is an error
1393 */
1394
1395 static uschar *
1396 extract_substr(uschar *subject, int value1, int value2, int *len)
1397 {
1398 int sublen = Ustrlen(subject);
1399
1400 if (value1 < 0) /* count from right */
1401 {
1402 value1 += sublen;
1403
1404 /* If the position is before the start, skip to the start, and adjust the
1405 length. If the length ends up negative, the substring is null because nothing
1406 can precede. This falls out naturally when the length is unset, meaning "all
1407 to the left". */
1408
1409 if (value1 < 0)
1410 {
1411 value2 += value1;
1412 if (value2 < 0) value2 = 0;
1413 value1 = 0;
1414 }
1415
1416 /* Otherwise an unset length => characters before value1 */
1417
1418 else if (value2 < 0)
1419 {
1420 value2 = value1;
1421 value1 = 0;
1422 }
1423 }
1424
1425 /* For a non-negative offset, if the starting position is past the end of the
1426 string, the result will be the null string. Otherwise, an unset length means
1427 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1428
1429 else
1430 {
1431 if (value1 > sublen)
1432 {
1433 value1 = sublen;
1434 value2 = 0;
1435 }
1436 else if (value2 < 0) value2 = sublen;
1437 }
1438
1439 /* Cut the length down to the maximum possible for the offset value, and get
1440 the required characters. */
1441
1442 if (value1 + value2 > sublen) value2 = sublen - value1;
1443 *len = value2;
1444 return subject + value1;
1445 }
1446
1447
1448
1449
1450 /*************************************************
1451 * Old-style hash of a string *
1452 *************************************************/
1453
1454 /* Perform the ${hash expansion operation.
1455
1456 Arguments:
1457 subject the input string (an expanded substring)
1458 value1 the length of the output string; if greater or equal to the
1459 length of the input string, the input string is returned
1460 value2 the number of hash characters to use, or 26 if negative
1461 len set to the length of the returned string
1462
1463 Returns: pointer to the output string, or NULL if there is an error
1464 */
1465
1466 static uschar *
1467 compute_hash(uschar *subject, int value1, int value2, int *len)
1468 {
1469 int sublen = Ustrlen(subject);
1470
1471 if (value2 < 0) value2 = 26;
1472 else if (value2 > Ustrlen(hashcodes))
1473 {
1474 expand_string_message =
1475 string_sprintf("hash count \"%d\" too big", value2);
1476 return NULL;
1477 }
1478
1479 /* Calculate the hash text. We know it is shorter than the original string, so
1480 can safely place it in subject[] (we know that subject is always itself an
1481 expanded substring). */
1482
1483 if (value1 < sublen)
1484 {
1485 int c;
1486 int i = 0;
1487 int j = value1;
1488 while ((c = (subject[j])) != 0)
1489 {
1490 int shift = (c + j++) & 7;
1491 subject[i] ^= (c << shift) | (c >> (8-shift));
1492 if (++i >= value1) i = 0;
1493 }
1494 for (i = 0; i < value1; i++)
1495 subject[i] = hashcodes[(subject[i]) % value2];
1496 }
1497 else value1 = sublen;
1498
1499 *len = value1;
1500 return subject;
1501 }
1502
1503
1504
1505
1506 /*************************************************
1507 * Numeric hash of a string *
1508 *************************************************/
1509
1510 /* Perform the ${nhash expansion operation. The first characters of the
1511 string are treated as most important, and get the highest prime numbers.
1512
1513 Arguments:
1514 subject the input string
1515 value1 the maximum value of the first part of the result
1516 value2 the maximum value of the second part of the result,
1517 or negative to produce only a one-part result
1518 len set to the length of the returned string
1519
1520 Returns: pointer to the output string, or NULL if there is an error.
1521 */
1522
1523 static uschar *
1524 compute_nhash (uschar *subject, int value1, int value2, int *len)
1525 {
1526 uschar *s = subject;
1527 int i = 0;
1528 unsigned long int total = 0; /* no overflow */
1529
1530 while (*s != 0)
1531 {
1532 if (i == 0) i = nelem(prime) - 1;
1533 total += prime[i--] * (unsigned int)(*s++);
1534 }
1535
1536 /* If value2 is unset, just compute one number */
1537
1538 if (value2 < 0)
1539 s = string_sprintf("%lu", total % value1);
1540
1541 /* Otherwise do a div/mod hash */
1542
1543 else
1544 {
1545 total = total % (value1 * value2);
1546 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1547 }
1548
1549 *len = Ustrlen(s);
1550 return s;
1551 }
1552
1553
1554
1555
1556
1557 /*************************************************
1558 * Find the value of a header or headers *
1559 *************************************************/
1560
1561 /* Multiple instances of the same header get concatenated, and this function
1562 can also return a concatenation of all the header lines. When concatenating
1563 specific headers that contain lists of addresses, a comma is inserted between
1564 them. Otherwise we use a straight concatenation. Because some messages can have
1565 pathologically large number of lines, there is a limit on the length that is
1566 returned.
1567
1568 Arguments:
1569 name the name of the header, without the leading $header_ or $h_,
1570 or NULL if a concatenation of all headers is required
1571 newsize return the size of memory block that was obtained; may be NULL
1572 if exists_only is TRUE
1573 flags FH_EXISTS_ONLY
1574 set if called from a def: test; don't need to build a string;
1575 just return a string that is not "" and not "0" if the header
1576 exists
1577 FH_WANT_RAW
1578 set if called for $rh_ or $rheader_ items; no processing,
1579 other than concatenating, will be done on the header. Also used
1580 for $message_headers_raw.
1581 FH_WANT_LIST
1582 Double colon chars in the content, and replace newline with
1583 colon between each element when concatenating; returning a
1584 colon-sep list (elements might contain newlines)
1585 charset name of charset to translate MIME words to; used only if
1586 want_raw is false; if NULL, no translation is done (this is
1587 used for $bh_ and $bheader_)
1588
1589 Returns: NULL if the header does not exist, else a pointer to a new
1590 store block
1591 */
1592
1593 static uschar *
1594 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1595 {
1596 BOOL found = !name;
1597 int len = name ? Ustrlen(name) : 0;
1598 BOOL comma = FALSE;
1599 gstring * g = NULL;
1600
1601 for (header_line * h = header_list; h; h = h->next)
1602 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1603 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1604 {
1605 uschar * s, * t;
1606 size_t inc;
1607
1608 if (flags & FH_EXISTS_ONLY)
1609 return US"1"; /* don't need actual string */
1610
1611 found = TRUE;
1612 s = h->text + len; /* text to insert */
1613 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1614 while (isspace(*s)) s++; /* remove leading white space */
1615 t = h->text + h->slen; /* end-point */
1616
1617 /* Unless wanted raw, remove trailing whitespace, including the
1618 newline. */
1619
1620 if (flags & FH_WANT_LIST)
1621 while (t > s && t[-1] == '\n') t--;
1622 else if (!(flags & FH_WANT_RAW))
1623 {
1624 while (t > s && isspace(t[-1])) t--;
1625
1626 /* Set comma if handling a single header and it's one of those
1627 that contains an address list, except when asked for raw headers. Only
1628 need to do this once. */
1629
1630 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1631 }
1632
1633 /* Trim the header roughly if we're approaching limits */
1634 inc = t - s;
1635 if (gstring_length(g) + inc > header_insert_maxlen)
1636 inc = header_insert_maxlen - gstring_length(g);
1637
1638 /* For raw just copy the data; for a list, add the data as a colon-sep
1639 list-element; for comma-list add as an unchecked comma,newline sep
1640 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1641 stripped trailing WS above including the newline). We ignore the potential
1642 expansion due to colon-doubling, just leaving the loop if the limit is met
1643 or exceeded. */
1644
1645 if (flags & FH_WANT_LIST)
1646 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1647 else if (flags & FH_WANT_RAW)
1648 g = string_catn(g, s, (unsigned)inc);
1649 else if (inc > 0)
1650 g = string_append2_listele_n(g, comma ? US",\n" : US"\n",
1651 s, (unsigned)inc);
1652
1653 if (gstring_length(g) >= header_insert_maxlen) break;
1654 }
1655
1656 if (!found) return NULL; /* No header found */
1657 if (!g) return US"";
1658
1659 /* That's all we do for raw header expansion. */
1660
1661 *newsize = g->size;
1662 if (flags & FH_WANT_RAW)
1663 return string_from_gstring(g);
1664
1665 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1666 The rfc2047_decode2() function can return an error with decoded data if the
1667 charset translation fails. If decoding fails, it returns NULL. */
1668
1669 else
1670 {
1671 uschar * error, * decoded = rfc2047_decode2(string_from_gstring(g),
1672 check_rfc2047_length, charset, '?', NULL, newsize, &error);
1673 if (error)
1674 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1675 " input was: %s\n", error, g->s);
1676 return decoded ? decoded : string_from_gstring(g);
1677 }
1678 }
1679
1680
1681
1682
1683 /* Append a "local" element to an Authentication-Results: header
1684 if this was a non-smtp message.
1685 */
1686
1687 static gstring *
1688 authres_local(gstring * g, const uschar * sysname)
1689 {
1690 if (!f.authentication_local)
1691 return g;
1692 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1693 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1694 return g;
1695 }
1696
1697
1698 /* Append an "iprev" element to an Authentication-Results: header
1699 if we have attempted to get the calling host's name.
1700 */
1701
1702 static gstring *
1703 authres_iprev(gstring * g)
1704 {
1705 if (sender_host_name)
1706 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1707 else if (host_lookup_deferred)
1708 g = string_catn(g, US";\n\tiprev=temperror", 19);
1709 else if (host_lookup_failed)
1710 g = string_catn(g, US";\n\tiprev=fail", 13);
1711 else
1712 return g;
1713
1714 if (sender_host_address)
1715 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1716 return g;
1717 }
1718
1719
1720
1721 /*************************************************
1722 * Return list of recipients *
1723 *************************************************/
1724 /* A recipients list is available only during system message filtering,
1725 during ACL processing after DATA, and while expanding pipe commands
1726 generated from a system filter, but not elsewhere. */
1727
1728 static uschar *
1729 fn_recipients(void)
1730 {
1731 uschar * s;
1732 gstring * g = NULL;
1733
1734 if (!f.enable_dollar_recipients) return NULL;
1735
1736 for (int i = 0; i < recipients_count; i++)
1737 {
1738 s = recipients_list[i].address;
1739 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1740 }
1741 return g ? g->s : NULL;
1742 }
1743
1744
1745 /*************************************************
1746 * Return size of queue *
1747 *************************************************/
1748 /* Ask the daemon for the queue size */
1749
1750 static uschar *
1751 fn_queue_size(void)
1752 {
1753 struct sockaddr_un sun = {.sun_family = AF_UNIX};
1754 uschar buf[16];
1755 int fd;
1756 ssize_t len;
1757 const uschar * where;
1758
1759 if ((fd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
1760 {
1761 DEBUG(D_expand) debug_printf(" socket: %s\n", strerror(errno));
1762 return NULL;
1763 }
1764
1765 #define ABSTRACT_CLIENT
1766 #ifdef ABSTRACT_CLIENT
1767 sun.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1768 len = offsetof(struct sockaddr_un, sun_path) + 1
1769 + snprintf(sun.sun_path+1, sizeof(sun.sun_path)-1, "exim_%d", getpid());
1770 #else
1771 len = offsetof(struct sockaddr_un, sun_path)
1772 + snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/p_%d",
1773 spool_directory, getpid());
1774 #endif
1775
1776 if (bind(fd, (const struct sockaddr *)&sun, len) < 0)
1777 { where = US"bind"; goto bad; }
1778
1779 #ifdef notdef
1780 debug_printf("local%s '%s'\n", *sun.sun_path ? "" : " abstract",
1781 sun.sun_path+ (*sun.sun_path ? 0 : 1));
1782 #endif
1783
1784 sun.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1785 len = offsetof(struct sockaddr_un, sun_path) + 1
1786 + snprintf(sun.sun_path+1, sizeof(sun.sun_path)-1, "%s", NOTIFIER_SOCKET_NAME);
1787
1788 if (connect(fd, (const struct sockaddr *)&sun, len) < 0)
1789 { where = US"connect"; goto bad; }
1790
1791 buf[0] = NOTIFY_QUEUE_SIZE_REQ;
1792 if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; }
1793
1794 if ((len = recv(fd, buf, sizeof(buf), 0)) < 0) { where = US"recv"; goto bad; }
1795
1796 close(fd);
1797 return string_copyn(buf, len);
1798
1799 bad:
1800 close(fd);
1801 DEBUG(D_expand) debug_printf(" %s: %s\n", where, strerror(errno));
1802 return NULL;
1803 }
1804
1805
1806 /*************************************************
1807 * Find value of a variable *
1808 *************************************************/
1809
1810 /* The table of variables is kept in alphabetic order, so we can search it
1811 using a binary chop. The "choplen" variable is nothing to do with the binary
1812 chop.
1813
1814 Arguments:
1815 name the name of the variable being sought
1816 exists_only TRUE if this is a def: test; passed on to find_header()
1817 skipping TRUE => skip any processing evaluation; this is not the same as
1818 exists_only because def: may test for values that are first
1819 evaluated here
1820 newsize pointer to an int which is initially zero; if the answer is in
1821 a new memory buffer, *newsize is set to its size
1822
1823 Returns: NULL if the variable does not exist, or
1824 a pointer to the variable's contents, or
1825 something non-NULL if exists_only is TRUE
1826 */
1827
1828 static uschar *
1829 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1830 {
1831 var_entry * vp;
1832 uschar *s, *domain;
1833 uschar **ss;
1834 void * val;
1835
1836 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1837 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1838 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1839 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1840 (this gave backwards compatibility at the changeover). There may be built-in
1841 variables whose names start acl_ but they should never start in this way. This
1842 slightly messy specification is a consequence of the history, needless to say.
1843
1844 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1845 set, in which case give an error. */
1846
1847 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1848 !isalpha(name[5]))
1849 {
1850 tree_node * node =
1851 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1852 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1853 }
1854 else if (Ustrncmp(name, "r_", 2) == 0)
1855 {
1856 tree_node * node = tree_search(router_var, name + 2);
1857 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1858 }
1859
1860 /* Handle $auth<n> variables. */
1861
1862 if (Ustrncmp(name, "auth", 4) == 0)
1863 {
1864 uschar *endptr;
1865 int n = Ustrtoul(name + 4, &endptr, 10);
1866 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1867 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1868 }
1869 else if (Ustrncmp(name, "regex", 5) == 0)
1870 {
1871 uschar *endptr;
1872 int n = Ustrtoul(name + 5, &endptr, 10);
1873 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1874 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1875 }
1876
1877 /* For all other variables, search the table */
1878
1879 if (!(vp = find_var_ent(name)))
1880 return NULL; /* Unknown variable name */
1881
1882 /* Found an existing variable. If in skipping state, the value isn't needed,
1883 and we want to avoid processing (such as looking up the host name). */
1884
1885 if (skipping)
1886 return US"";
1887
1888 val = vp->value;
1889 switch (vp->type)
1890 {
1891 case vtype_filter_int:
1892 if (!f.filter_running) return NULL;
1893 /* Fall through */
1894 /* VVVVVVVVVVVV */
1895 case vtype_int:
1896 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1897 return var_buffer;
1898
1899 case vtype_ino:
1900 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1901 return var_buffer;
1902
1903 case vtype_gid:
1904 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1905 return var_buffer;
1906
1907 case vtype_uid:
1908 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1909 return var_buffer;
1910
1911 case vtype_bool:
1912 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1913 return var_buffer;
1914
1915 case vtype_stringptr: /* Pointer to string */
1916 return (s = *((uschar **)(val))) ? s : US"";
1917
1918 case vtype_pid:
1919 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1920 return var_buffer;
1921
1922 case vtype_load_avg:
1923 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1924 return var_buffer;
1925
1926 case vtype_host_lookup: /* Lookup if not done so */
1927 if ( !sender_host_name && sender_host_address
1928 && !host_lookup_failed && host_name_lookup() == OK)
1929 host_build_sender_fullhost();
1930 return sender_host_name ? sender_host_name : US"";
1931
1932 case vtype_localpart: /* Get local part from address */
1933 if (!(s = *((uschar **)(val)))) return US"";
1934 if (!(domain = Ustrrchr(s, '@'))) return s;
1935 if (domain - s > sizeof(var_buffer) - 1)
1936 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1937 " in string expansion", sizeof(var_buffer));
1938 return string_copyn(s, domain - s);
1939
1940 case vtype_domain: /* Get domain from address */
1941 if (!(s = *((uschar **)(val)))) return US"";
1942 domain = Ustrrchr(s, '@');
1943 return domain ? domain + 1 : US"";
1944
1945 case vtype_msgheaders:
1946 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1947
1948 case vtype_msgheaders_raw:
1949 return find_header(NULL, newsize,
1950 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1951
1952 case vtype_msgbody: /* Pointer to msgbody string */
1953 case vtype_msgbody_end: /* Ditto, the end of the msg */
1954 ss = (uschar **)(val);
1955 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1956 {
1957 uschar *body;
1958 off_t start_offset = SPOOL_DATA_START_OFFSET;
1959 int len = message_body_visible;
1960 if (len > message_size) len = message_size;
1961 *ss = body = store_malloc(len+1);
1962 body[0] = 0;
1963 if (vp->type == vtype_msgbody_end)
1964 {
1965 struct stat statbuf;
1966 if (fstat(deliver_datafile, &statbuf) == 0)
1967 {
1968 start_offset = statbuf.st_size - len;
1969 if (start_offset < SPOOL_DATA_START_OFFSET)
1970 start_offset = SPOOL_DATA_START_OFFSET;
1971 }
1972 }
1973 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1974 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1975 strerror(errno));
1976 len = read(deliver_datafile, body, len);
1977 if (len > 0)
1978 {
1979 body[len] = 0;
1980 if (message_body_newlines) /* Separate loops for efficiency */
1981 while (len > 0)
1982 { if (body[--len] == 0) body[len] = ' '; }
1983 else
1984 while (len > 0)
1985 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1986 }
1987 }
1988 return *ss ? *ss : US"";
1989
1990 case vtype_todbsdin: /* BSD inbox time of day */
1991 return tod_stamp(tod_bsdin);
1992
1993 case vtype_tode: /* Unix epoch time of day */
1994 return tod_stamp(tod_epoch);
1995
1996 case vtype_todel: /* Unix epoch/usec time of day */
1997 return tod_stamp(tod_epoch_l);
1998
1999 case vtype_todf: /* Full time of day */
2000 return tod_stamp(tod_full);
2001
2002 case vtype_todl: /* Log format time of day */
2003 return tod_stamp(tod_log_bare); /* (without timezone) */
2004
2005 case vtype_todzone: /* Time zone offset only */
2006 return tod_stamp(tod_zone);
2007
2008 case vtype_todzulu: /* Zulu time */
2009 return tod_stamp(tod_zulu);
2010
2011 case vtype_todlf: /* Log file datestamp tod */
2012 return tod_stamp(tod_log_datestamp_daily);
2013
2014 case vtype_reply: /* Get reply address */
2015 s = find_header(US"reply-to:", newsize,
2016 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2017 headers_charset);
2018 if (s) while (isspace(*s)) s++;
2019 if (!s || !*s)
2020 {
2021 *newsize = 0; /* For the *s==0 case */
2022 s = find_header(US"from:", newsize,
2023 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2024 headers_charset);
2025 }
2026 if (s)
2027 {
2028 uschar *t;
2029 while (isspace(*s)) s++;
2030 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
2031 while (t > s && isspace(t[-1])) t--;
2032 *t = 0;
2033 }
2034 return s ? s : US"";
2035
2036 case vtype_string_func:
2037 {
2038 stringptr_fn_t * fn = (stringptr_fn_t *) val;
2039 return fn();
2040 }
2041
2042 case vtype_pspace:
2043 {
2044 int inodes;
2045 sprintf(CS var_buffer, PR_EXIM_ARITH,
2046 receive_statvfs(val == (void *)TRUE, &inodes));
2047 }
2048 return var_buffer;
2049
2050 case vtype_pinodes:
2051 {
2052 int inodes;
2053 (void) receive_statvfs(val == (void *)TRUE, &inodes);
2054 sprintf(CS var_buffer, "%d", inodes);
2055 }
2056 return var_buffer;
2057
2058 case vtype_cert:
2059 return *(void **)val ? US"<cert>" : US"";
2060
2061 #ifndef DISABLE_DKIM
2062 case vtype_dkim:
2063 return dkim_exim_expand_query((int)(long)val);
2064 #endif
2065
2066 }
2067
2068 return NULL; /* Unknown variable. Silences static checkers. */
2069 }
2070
2071
2072
2073
2074 void
2075 modify_variable(uschar *name, void * value)
2076 {
2077 var_entry * vp;
2078 if ((vp = find_var_ent(name))) vp->value = value;
2079 return; /* Unknown variable name, fail silently */
2080 }
2081
2082
2083
2084
2085
2086
2087 /*************************************************
2088 * Read and expand substrings *
2089 *************************************************/
2090
2091 /* This function is called to read and expand argument substrings for various
2092 expansion items. Some have a minimum requirement that is less than the maximum;
2093 in these cases, the first non-present one is set to NULL.
2094
2095 Arguments:
2096 sub points to vector of pointers to set
2097 n maximum number of substrings
2098 m minimum required
2099 sptr points to current string pointer
2100 skipping the skipping flag
2101 check_end if TRUE, check for final '}'
2102 name name of item, for error message
2103 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2104 the store.
2105
2106 Returns: 0 OK; string pointer updated
2107 1 curly bracketing error (too few arguments)
2108 2 too many arguments (only if check_end is set); message set
2109 3 other error (expansion failure)
2110 */
2111
2112 static int
2113 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2114 BOOL check_end, uschar *name, BOOL *resetok)
2115 {
2116 const uschar *s = *sptr;
2117
2118 while (isspace(*s)) s++;
2119 for (int i = 0; i < n; i++)
2120 {
2121 if (*s != '{')
2122 {
2123 if (i < m)
2124 {
2125 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2126 "(min is %d)", name, m);
2127 return 1;
2128 }
2129 sub[i] = NULL;
2130 break;
2131 }
2132 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2133 return 3;
2134 if (*s++ != '}') return 1;
2135 while (isspace(*s)) s++;
2136 }
2137 if (check_end && *s++ != '}')
2138 {
2139 if (s[-1] == '{')
2140 {
2141 expand_string_message = string_sprintf("Too many arguments for '%s' "
2142 "(max is %d)", name, n);
2143 return 2;
2144 }
2145 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2146 return 1;
2147 }
2148
2149 *sptr = s;
2150 return 0;
2151 }
2152
2153
2154
2155
2156 /*************************************************
2157 * Elaborate message for bad variable *
2158 *************************************************/
2159
2160 /* For the "unknown variable" message, take a look at the variable's name, and
2161 give additional information about possible ACL variables. The extra information
2162 is added on to expand_string_message.
2163
2164 Argument: the name of the variable
2165 Returns: nothing
2166 */
2167
2168 static void
2169 check_variable_error_message(uschar *name)
2170 {
2171 if (Ustrncmp(name, "acl_", 4) == 0)
2172 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2173 (name[4] == 'c' || name[4] == 'm')?
2174 (isalpha(name[5])?
2175 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2176 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2177 ) :
2178 US"user-defined ACL variables must start acl_c or acl_m");
2179 }
2180
2181
2182
2183 /*
2184 Load args from sub array to globals, and call acl_check().
2185 Sub array will be corrupted on return.
2186
2187 Returns: OK access is granted by an ACCEPT verb
2188 DISCARD access is (apparently) granted by a DISCARD verb
2189 FAIL access is denied
2190 FAIL_DROP access is denied; drop the connection
2191 DEFER can't tell at the moment
2192 ERROR disaster
2193 */
2194 static int
2195 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2196 {
2197 int i;
2198 int sav_narg = acl_narg;
2199 int ret;
2200 uschar * dummy_logmsg;
2201 extern int acl_where;
2202
2203 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2204 for (i = 0; i < nsub && sub[i+1]; i++)
2205 {
2206 uschar * tmp = acl_arg[i];
2207 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2208 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2209 }
2210 acl_narg = i;
2211 while (i < nsub)
2212 {
2213 sub[i+1] = acl_arg[i];
2214 acl_arg[i++] = NULL;
2215 }
2216
2217 DEBUG(D_expand)
2218 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2219 sub[0],
2220 acl_narg>0 ? acl_arg[0] : US"<none>",
2221 acl_narg>1 ? " +more" : "");
2222
2223 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2224
2225 for (i = 0; i < nsub; i++)
2226 acl_arg[i] = sub[i+1]; /* restore old args */
2227 acl_narg = sav_narg;
2228
2229 return ret;
2230 }
2231
2232
2233
2234
2235 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2236 The given string is modified on return. Leading whitespace is skipped while
2237 looking for the opening wrap character, then the rest is scanned for the trailing
2238 (non-escaped) wrap character. A backslash in the string will act as an escape.
2239
2240 A nul is written over the trailing wrap, and a pointer to the char after the
2241 leading wrap is returned.
2242
2243 Arguments:
2244 s String for de-wrapping
2245 wrap Two-char string, the first being the opener, second the closer wrapping
2246 character
2247 Return:
2248 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2249 */
2250
2251 static uschar *
2252 dewrap(uschar * s, const uschar * wrap)
2253 {
2254 uschar * p = s;
2255 unsigned depth = 0;
2256 BOOL quotesmode = wrap[0] == wrap[1];
2257
2258 while (isspace(*p)) p++;
2259
2260 if (*p == *wrap)
2261 {
2262 s = ++p;
2263 wrap++;
2264 while (*p)
2265 {
2266 if (*p == '\\') p++;
2267 else if (!quotesmode && *p == wrap[-1]) depth++;
2268 else if (*p == *wrap)
2269 if (depth == 0)
2270 {
2271 *p = '\0';
2272 return s;
2273 }
2274 else
2275 depth--;
2276 p++;
2277 }
2278 }
2279 expand_string_message = string_sprintf("missing '%c'", *wrap);
2280 return NULL;
2281 }
2282
2283
2284 /* Pull off the leading array or object element, returning
2285 a copy in an allocated string. Update the list pointer.
2286
2287 The element may itself be an abject or array.
2288 Return NULL when the list is empty.
2289 */
2290
2291 static uschar *
2292 json_nextinlist(const uschar ** list)
2293 {
2294 unsigned array_depth = 0, object_depth = 0;
2295 const uschar * s = *list, * item;
2296
2297 while (isspace(*s)) s++;
2298
2299 for (item = s;
2300 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2301 s++)
2302 switch (*s)
2303 {
2304 case '[': array_depth++; break;
2305 case ']': array_depth--; break;
2306 case '{': object_depth++; break;
2307 case '}': object_depth--; break;
2308 }
2309 *list = *s ? s+1 : s;
2310 if (item == s) return NULL;
2311 item = string_copyn(item, s - item);
2312 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2313 return US item;
2314 }
2315
2316
2317
2318 /************************************************/
2319 /* Return offset in ops table, or -1 if not found.
2320 Repoint to just after the operator in the string.
2321
2322 Argument:
2323 ss string representation of operator
2324 opname split-out operator name
2325 */
2326
2327 static int
2328 identify_operator(const uschar ** ss, uschar ** opname)
2329 {
2330 const uschar * s = *ss;
2331 uschar name[256];
2332
2333 /* Numeric comparisons are symbolic */
2334
2335 if (*s == '=' || *s == '>' || *s == '<')
2336 {
2337 int p = 0;
2338 name[p++] = *s++;
2339 if (*s == '=')
2340 {
2341 name[p++] = '=';
2342 s++;
2343 }
2344 name[p] = 0;
2345 }
2346
2347 /* All other conditions are named */
2348
2349 else
2350 s = read_name(name, sizeof(name), s, US"_");
2351 *ss = s;
2352
2353 /* If we haven't read a name, it means some non-alpha character is first. */
2354
2355 if (!name[0])
2356 {
2357 expand_string_message = string_sprintf("condition name expected, "
2358 "but found \"%.16s\"", s);
2359 return -1;
2360 }
2361 if (opname)
2362 *opname = string_copy(name);
2363
2364 return chop_match(name, cond_table, nelem(cond_table));
2365 }
2366
2367
2368 /*************************************************
2369 * Handle MD5 or SHA-1 computation for HMAC *
2370 *************************************************/
2371
2372 /* These are some wrapping functions that enable the HMAC code to be a bit
2373 cleaner. A good compiler will spot the tail recursion.
2374
2375 Arguments:
2376 type HMAC_MD5 or HMAC_SHA1
2377 remaining are as for the cryptographic hash functions
2378
2379 Returns: nothing
2380 */
2381
2382 static void
2383 chash_start(int type, void * base)
2384 {
2385 if (type == HMAC_MD5)
2386 md5_start((md5 *)base);
2387 else
2388 sha1_start((hctx *)base);
2389 }
2390
2391 static void
2392 chash_mid(int type, void * base, const uschar * string)
2393 {
2394 if (type == HMAC_MD5)
2395 md5_mid((md5 *)base, string);
2396 else
2397 sha1_mid((hctx *)base, string);
2398 }
2399
2400 static void
2401 chash_end(int type, void * base, const uschar * string, int length,
2402 uschar * digest)
2403 {
2404 if (type == HMAC_MD5)
2405 md5_end((md5 *)base, string, length, digest);
2406 else
2407 sha1_end((hctx *)base, string, length, digest);
2408 }
2409
2410
2411
2412
2413 /* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as
2414 the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer.
2415
2416 Arguments:
2417 key encoding key, nul-terminated
2418 src data to be hashed, nul-terminated
2419 buf output buffer
2420 len size of output buffer
2421 */
2422
2423 static void
2424 hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len)
2425 {
2426 md5 md5_base;
2427 const uschar * keyptr;
2428 uschar * p;
2429 unsigned int keylen;
2430
2431 #define MD5_HASHLEN 16
2432 #define MD5_HASHBLOCKLEN 64
2433
2434 uschar keyhash[MD5_HASHLEN];
2435 uschar innerhash[MD5_HASHLEN];
2436 uschar finalhash[MD5_HASHLEN];
2437 uschar innerkey[MD5_HASHBLOCKLEN];
2438 uschar outerkey[MD5_HASHBLOCKLEN];
2439
2440 keyptr = key;
2441 keylen = Ustrlen(keyptr);
2442
2443 /* If the key is longer than the hash block length, then hash the key
2444 first */
2445
2446 if (keylen > MD5_HASHBLOCKLEN)
2447 {
2448 chash_start(HMAC_MD5, &md5_base);
2449 chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash);
2450 keyptr = keyhash;
2451 keylen = MD5_HASHLEN;
2452 }
2453
2454 /* Now make the inner and outer key values */
2455
2456 memset(innerkey, 0x36, MD5_HASHBLOCKLEN);
2457 memset(outerkey, 0x5c, MD5_HASHBLOCKLEN);
2458
2459 for (int i = 0; i < keylen; i++)
2460 {
2461 innerkey[i] ^= keyptr[i];
2462 outerkey[i] ^= keyptr[i];
2463 }
2464
2465 /* Now do the hashes */
2466
2467 chash_start(HMAC_MD5, &md5_base);
2468 chash_mid(HMAC_MD5, &md5_base, innerkey);
2469 chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash);
2470
2471 chash_start(HMAC_MD5, &md5_base);
2472 chash_mid(HMAC_MD5, &md5_base, outerkey);
2473 chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash);
2474
2475 /* Encode the final hash as a hex string, limited by output buffer size */
2476
2477 p = buf;
2478 for (int i = 0, j = len; i < MD5_HASHLEN; i++)
2479 {
2480 if (j-- <= 0) break;
2481 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2482 if (j-- <= 0) break;
2483 *p++ = hex_digits[finalhash[i] & 0x0f];
2484 }
2485 return;
2486 }
2487
2488
2489 /*************************************************
2490 * Read and evaluate a condition *
2491 *************************************************/
2492
2493 /*
2494 Arguments:
2495 s points to the start of the condition text
2496 resetok points to a BOOL which is written false if it is unsafe to
2497 free memory. Certain condition types (acl) may have side-effect
2498 allocation which must be preserved.
2499 yield points to a BOOL to hold the result of the condition test;
2500 if NULL, we are just reading through a condition that is
2501 part of an "or" combination to check syntax, or in a state
2502 where the answer isn't required
2503
2504 Returns: a pointer to the first character after the condition, or
2505 NULL after an error
2506 */
2507
2508 static const uschar *
2509 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2510 {
2511 BOOL testfor = TRUE;
2512 BOOL tempcond, combined_cond;
2513 BOOL *subcondptr;
2514 BOOL sub2_honour_dollar = TRUE;
2515 BOOL is_forany, is_json, is_jsons;
2516 int rc, cond_type, roffset;
2517 int_eximarith_t num[2];
2518 struct stat statbuf;
2519 uschar * opname;
2520 uschar name[256];
2521 const uschar *sub[10];
2522
2523 const pcre *re;
2524 const uschar *rerror;
2525
2526 for (;;)
2527 {
2528 while (isspace(*s)) s++;
2529 if (*s == '!') { testfor = !testfor; s++; } else break;
2530 }
2531
2532 switch(cond_type = identify_operator(&s, &opname))
2533 {
2534 /* def: tests for a non-empty variable, or for the existence of a header. If
2535 yield == NULL we are in a skipping state, and don't care about the answer. */
2536
2537 case ECOND_DEF:
2538 {
2539 uschar * t;
2540
2541 if (*s != ':')
2542 {
2543 expand_string_message = US"\":\" expected after \"def\"";
2544 return NULL;
2545 }
2546
2547 s = read_name(name, sizeof(name), s+1, US"_");
2548
2549 /* Test for a header's existence. If the name contains a closing brace
2550 character, this may be a user error where the terminating colon has been
2551 omitted. Set a flag to adjust a subsequent error message in this case. */
2552
2553 if ( ( *(t = name) == 'h'
2554 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2555 )
2556 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2557 )
2558 {
2559 s = read_header_name(name, sizeof(name), s);
2560 /* {-for-text-editors */
2561 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2562 if (yield) *yield =
2563 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2564 }
2565
2566 /* Test for a variable's having a non-empty value. A non-existent variable
2567 causes an expansion failure. */
2568
2569 else
2570 {
2571 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2572 {
2573 expand_string_message = name[0]
2574 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2575 : US"variable name omitted after \"def:\"";
2576 check_variable_error_message(name);
2577 return NULL;
2578 }
2579 if (yield) *yield = (t[0] != 0) == testfor;
2580 }
2581
2582 return s;
2583 }
2584
2585
2586 /* first_delivery tests for first delivery attempt */
2587
2588 case ECOND_FIRST_DELIVERY:
2589 if (yield) *yield = f.deliver_firsttime == testfor;
2590 return s;
2591
2592
2593 /* queue_running tests for any process started by a queue runner */
2594
2595 case ECOND_QUEUE_RUNNING:
2596 if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor;
2597 return s;
2598
2599
2600 /* exists: tests for file existence
2601 isip: tests for any IP address
2602 isip4: tests for an IPv4 address
2603 isip6: tests for an IPv6 address
2604 pam: does PAM authentication
2605 radius: does RADIUS authentication
2606 ldapauth: does LDAP authentication
2607 pwcheck: does Cyrus SASL pwcheck authentication
2608 */
2609
2610 case ECOND_EXISTS:
2611 case ECOND_ISIP:
2612 case ECOND_ISIP4:
2613 case ECOND_ISIP6:
2614 case ECOND_PAM:
2615 case ECOND_RADIUS:
2616 case ECOND_LDAPAUTH:
2617 case ECOND_PWCHECK:
2618
2619 while (isspace(*s)) s++;
2620 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2621
2622 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2623 if (!sub[0]) return NULL;
2624 /* {-for-text-editors */
2625 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2626
2627 if (!yield) return s; /* No need to run the test if skipping */
2628
2629 switch(cond_type)
2630 {
2631 case ECOND_EXISTS:
2632 if ((expand_forbid & RDO_EXISTS) != 0)
2633 {
2634 expand_string_message = US"File existence tests are not permitted";
2635 return NULL;
2636 }
2637 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2638 break;
2639
2640 case ECOND_ISIP:
2641 case ECOND_ISIP4:
2642 case ECOND_ISIP6:
2643 rc = string_is_ip_address(sub[0], NULL);
2644 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2645 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2646 break;
2647
2648 /* Various authentication tests - all optionally compiled */
2649
2650 case ECOND_PAM:
2651 #ifdef SUPPORT_PAM
2652 rc = auth_call_pam(sub[0], &expand_string_message);
2653 goto END_AUTH;
2654 #else
2655 goto COND_FAILED_NOT_COMPILED;
2656 #endif /* SUPPORT_PAM */
2657
2658 case ECOND_RADIUS:
2659 #ifdef RADIUS_CONFIG_FILE
2660 rc = auth_call_radius(sub[0], &expand_string_message);
2661 goto END_AUTH;
2662 #else
2663 goto COND_FAILED_NOT_COMPILED;
2664 #endif /* RADIUS_CONFIG_FILE */
2665
2666 case ECOND_LDAPAUTH:
2667 #ifdef LOOKUP_LDAP
2668 {
2669 /* Just to keep the interface the same */
2670 BOOL do_cache;
2671 int old_pool = store_pool;
2672 store_pool = POOL_SEARCH;
2673 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2674 &expand_string_message, &do_cache);
2675 store_pool = old_pool;
2676 }
2677 goto END_AUTH;
2678 #else
2679 goto COND_FAILED_NOT_COMPILED;
2680 #endif /* LOOKUP_LDAP */
2681
2682 case ECOND_PWCHECK:
2683 #ifdef CYRUS_PWCHECK_SOCKET
2684 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2685 goto END_AUTH;
2686 #else
2687 goto COND_FAILED_NOT_COMPILED;
2688 #endif /* CYRUS_PWCHECK_SOCKET */
2689
2690 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2691 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2692 END_AUTH:
2693 if (rc == ERROR || rc == DEFER) return NULL;
2694 *yield = (rc == OK) == testfor;
2695 #endif
2696 }
2697 return s;
2698
2699
2700 /* call ACL (in a conditional context). Accept true, deny false.
2701 Defer is a forced-fail. Anything set by message= goes to $value.
2702 Up to ten parameters are used; we use the braces round the name+args
2703 like the saslauthd condition does, to permit a variable number of args.
2704 See also the expansion-item version EITEM_ACL and the traditional
2705 acl modifier ACLC_ACL.
2706 Since the ACL may allocate new global variables, tell our caller to not
2707 reclaim memory.
2708 */
2709
2710 case ECOND_ACL:
2711 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2712 {
2713 uschar *sub[10];
2714 uschar *user_msg;
2715 BOOL cond = FALSE;
2716
2717 while (isspace(*s)) s++;
2718 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2719
2720 switch(read_subs(sub, nelem(sub), 1,
2721 &s, yield == NULL, TRUE, US"acl", resetok))
2722 {
2723 case 1: expand_string_message = US"too few arguments or bracketing "
2724 "error for acl";
2725 case 2:
2726 case 3: return NULL;
2727 }
2728
2729 if (yield)
2730 {
2731 int rc;
2732 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2733 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
2734 {
2735 case OK:
2736 cond = TRUE;
2737 case FAIL:
2738 lookup_value = NULL;
2739 if (user_msg)
2740 lookup_value = string_copy(user_msg);
2741 *yield = cond == testfor;
2742 break;
2743
2744 case DEFER:
2745 f.expand_string_forcedfail = TRUE;
2746 /*FALLTHROUGH*/
2747 default:
2748 expand_string_message = string_sprintf("%s from acl \"%s\"",
2749 rc_names[rc], sub[0]);
2750 return NULL;
2751 }
2752 }
2753 return s;
2754 }
2755
2756
2757 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2758
2759 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2760
2761 However, the last two are optional. That is why the whole set is enclosed
2762 in their own set of braces. */
2763
2764 case ECOND_SASLAUTHD:
2765 #ifndef CYRUS_SASLAUTHD_SOCKET
2766 goto COND_FAILED_NOT_COMPILED;
2767 #else
2768 {
2769 uschar *sub[4];
2770 while (isspace(*s)) s++;
2771 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2772 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2773 resetok))
2774 {
2775 case 1: expand_string_message = US"too few arguments or bracketing "
2776 "error for saslauthd";
2777 case 2:
2778 case 3: return NULL;
2779 }
2780 if (!sub[2]) sub[3] = NULL; /* realm if no service */
2781 if (yield)
2782 {
2783 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2784 &expand_string_message);
2785 if (rc == ERROR || rc == DEFER) return NULL;
2786 *yield = (rc == OK) == testfor;
2787 }
2788 return s;
2789 }
2790 #endif /* CYRUS_SASLAUTHD_SOCKET */
2791
2792
2793 /* symbolic operators for numeric and string comparison, and a number of
2794 other operators, all requiring two arguments.
2795
2796 crypteq: encrypts plaintext and compares against an encrypted text,
2797 using crypt(), crypt16(), MD5 or SHA-1
2798 inlist/inlisti: checks if first argument is in the list of the second
2799 match: does a regular expression match and sets up the numerical
2800 variables if it succeeds
2801 match_address: matches in an address list
2802 match_domain: matches in a domain list
2803 match_ip: matches a host list that is restricted to IP addresses
2804 match_local_part: matches in a local part list
2805 */
2806
2807 case ECOND_MATCH_ADDRESS:
2808 case ECOND_MATCH_DOMAIN:
2809 case ECOND_MATCH_IP:
2810 case ECOND_MATCH_LOCAL_PART:
2811 #ifndef EXPAND_LISTMATCH_RHS
2812 sub2_honour_dollar = FALSE;
2813 #endif
2814 /* FALLTHROUGH */
2815
2816 case ECOND_CRYPTEQ:
2817 case ECOND_INLIST:
2818 case ECOND_INLISTI:
2819 case ECOND_MATCH:
2820
2821 case ECOND_NUM_L: /* Numerical comparisons */
2822 case ECOND_NUM_LE:
2823 case ECOND_NUM_E:
2824 case ECOND_NUM_EE:
2825 case ECOND_NUM_G:
2826 case ECOND_NUM_GE:
2827
2828 case ECOND_STR_LT: /* String comparisons */
2829 case ECOND_STR_LTI:
2830 case ECOND_STR_LE:
2831 case ECOND_STR_LEI:
2832 case ECOND_STR_EQ:
2833 case ECOND_STR_EQI:
2834 case ECOND_STR_GT:
2835 case ECOND_STR_GTI:
2836 case ECOND_STR_GE:
2837 case ECOND_STR_GEI:
2838
2839 for (int i = 0; i < 2; i++)
2840 {
2841 /* Sometimes, we don't expand substrings; too many insecure configurations
2842 created using match_address{}{} and friends, where the second param
2843 includes information from untrustworthy sources. */
2844 BOOL honour_dollar = TRUE;
2845 if ((i > 0) && !sub2_honour_dollar)
2846 honour_dollar = FALSE;
2847
2848 while (isspace(*s)) s++;
2849 if (*s != '{')
2850 {
2851 if (i == 0) goto COND_FAILED_CURLY_START;
2852 expand_string_message = string_sprintf("missing 2nd string in {} "
2853 "after \"%s\"", opname);
2854 return NULL;
2855 }
2856 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2857 honour_dollar, resetok)))
2858 return NULL;
2859 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2860 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2861 " for security reasons\n");
2862 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2863
2864 /* Convert to numerical if required; we know that the names of all the
2865 conditions that compare numbers do not start with a letter. This just saves
2866 checking for them individually. */
2867
2868 if (!isalpha(opname[0]) && yield)
2869 if (sub[i][0] == 0)
2870 {
2871 num[i] = 0;
2872 DEBUG(D_expand)
2873 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2874 }
2875 else
2876 {
2877 num[i] = expanded_string_integer(sub[i], FALSE);
2878 if (expand_string_message) return NULL;
2879 }
2880 }
2881
2882 /* Result not required */
2883
2884 if (!yield) return s;
2885
2886 /* Do an appropriate comparison */
2887
2888 switch(cond_type)
2889 {
2890 case ECOND_NUM_E:
2891 case ECOND_NUM_EE:
2892 tempcond = (num[0] == num[1]);
2893 break;
2894
2895 case ECOND_NUM_G:
2896 tempcond = (num[0] > num[1]);
2897 break;
2898
2899 case ECOND_NUM_GE:
2900 tempcond = (num[0] >= num[1]);
2901 break;
2902
2903 case ECOND_NUM_L:
2904 tempcond = (num[0] < num[1]);
2905 break;
2906
2907 case ECOND_NUM_LE:
2908 tempcond = (num[0] <= num[1]);
2909 break;
2910
2911 case ECOND_STR_LT:
2912 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2913 break;
2914
2915 case ECOND_STR_LTI:
2916 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2917 break;
2918
2919 case ECOND_STR_LE:
2920 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2921 break;
2922
2923 case ECOND_STR_LEI:
2924 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2925 break;
2926
2927 case ECOND_STR_EQ:
2928 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2929 break;
2930
2931 case ECOND_STR_EQI:
2932 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2933 break;
2934
2935 case ECOND_STR_GT:
2936 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2937 break;
2938
2939 case ECOND_STR_GTI:
2940 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2941 break;
2942
2943 case ECOND_STR_GE:
2944 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2945 break;
2946
2947 case ECOND_STR_GEI:
2948 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2949 break;
2950
2951 case ECOND_MATCH: /* Regular expression match */
2952 if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
2953 &roffset, NULL)))
2954 {
2955 expand_string_message = string_sprintf("regular expression error in "
2956 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2957 return NULL;
2958 }
2959 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2960 break;
2961
2962 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2963 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2964 goto MATCHED_SOMETHING;
2965
2966 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2967 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2968 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2969 goto MATCHED_SOMETHING;
2970
2971 case ECOND_MATCH_IP: /* Match IP address in a host list */
2972 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2973 {
2974 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2975 sub[0]);
2976 return NULL;
2977 }
2978 else
2979 {
2980 unsigned int *nullcache = NULL;
2981 check_host_block cb;
2982
2983 cb.host_name = US"";
2984 cb.host_address = sub[0];
2985
2986 /* If the host address starts off ::ffff: it is an IPv6 address in
2987 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2988 addresses. */
2989
2990 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2991 cb.host_address + 7 : cb.host_address;
2992
2993 rc = match_check_list(
2994 &sub[1], /* the list */
2995 0, /* separator character */
2996 &hostlist_anchor, /* anchor pointer */
2997 &nullcache, /* cache pointer */
2998 check_host, /* function for testing */
2999 &cb, /* argument for function */
3000 MCL_HOST, /* type of check */
3001 sub[0], /* text for debugging */
3002 NULL); /* where to pass back data */
3003 }
3004 goto MATCHED_SOMETHING;
3005
3006 case ECOND_MATCH_LOCAL_PART:
3007 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
3008 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
3009 /* Fall through */
3010 /* VVVVVVVVVVVV */
3011 MATCHED_SOMETHING:
3012 switch(rc)
3013 {
3014 case OK:
3015 tempcond = TRUE;
3016 break;
3017
3018 case FAIL:
3019 tempcond = FALSE;
3020 break;
3021
3022 case DEFER:
3023 expand_string_message = string_sprintf("unable to complete match "
3024 "against \"%s\": %s", sub[1], search_error_message);
3025 return NULL;
3026 }
3027
3028 break;
3029
3030 /* Various "encrypted" comparisons. If the second string starts with
3031 "{" then an encryption type is given. Default to crypt() or crypt16()
3032 (build-time choice). */
3033 /* }-for-text-editors */
3034
3035 case ECOND_CRYPTEQ:
3036 #ifndef SUPPORT_CRYPTEQ
3037 goto COND_FAILED_NOT_COMPILED;
3038 #else
3039 if (strncmpic(sub[1], US"{md5}", 5) == 0)
3040 {
3041 int sublen = Ustrlen(sub[1]+5);
3042 md5 base;
3043 uschar digest[16];
3044
3045 md5_start(&base);
3046 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
3047
3048 /* If the length that we are comparing against is 24, the MD5 digest
3049 is expressed as a base64 string. This is the way LDAP does it. However,
3050 some other software uses a straightforward hex representation. We assume
3051 this if the length is 32. Other lengths fail. */
3052
3053 if (sublen == 24)
3054 {
3055 uschar *coded = b64encode(CUS digest, 16);
3056 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
3057 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3058 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
3059 }
3060 else if (sublen == 32)
3061 {
3062 uschar coded[36];
3063 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3064 coded[32] = 0;
3065 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
3066 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3067 tempcond = (strcmpic(coded, sub[1]+5) == 0);
3068 }
3069 else
3070 {
3071 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
3072 "fail\n crypted=%s\n", sub[1]+5);
3073 tempcond = FALSE;
3074 }
3075 }
3076
3077 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
3078 {
3079 int sublen = Ustrlen(sub[1]+6);
3080 hctx h;
3081 uschar digest[20];
3082
3083 sha1_start(&h);
3084 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
3085
3086 /* If the length that we are comparing against is 28, assume the SHA1
3087 digest is expressed as a base64 string. If the length is 40, assume a
3088 straightforward hex representation. Other lengths fail. */
3089
3090 if (sublen == 28)
3091 {
3092 uschar *coded = b64encode(CUS digest, 20);
3093 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
3094 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3095 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
3096 }
3097 else if (sublen == 40)
3098 {
3099 uschar coded[44];
3100 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3101 coded[40] = 0;
3102 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
3103 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3104 tempcond = (strcmpic(coded, sub[1]+6) == 0);
3105 }
3106 else
3107 {
3108 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
3109 "fail\n crypted=%s\n", sub[1]+6);
3110 tempcond = FALSE;
3111 }
3112 }
3113
3114 else /* {crypt} or {crypt16} and non-{ at start */
3115 /* }-for-text-editors */
3116 {
3117 int which = 0;
3118 uschar *coded;
3119
3120 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
3121 {
3122 sub[1] += 7;
3123 which = 1;
3124 }
3125 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
3126 {
3127 sub[1] += 9;
3128 which = 2;
3129 }
3130 else if (sub[1][0] == '{') /* }-for-text-editors */
3131 {
3132 expand_string_message = string_sprintf("unknown encryption mechanism "
3133 "in \"%s\"", sub[1]);
3134 return NULL;
3135 }
3136
3137 switch(which)
3138 {
3139 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
3140 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
3141 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
3142 }
3143
3144 #define STR(s) # s
3145 #define XSTR(s) STR(s)
3146 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
3147 " subject=%s\n crypted=%s\n",
3148 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
3149 coded, sub[1]);
3150 #undef STR
3151 #undef XSTR
3152
3153 /* If the encrypted string contains fewer than two characters (for the
3154 salt), force failure. Otherwise we get false positives: with an empty
3155 string the yield of crypt() is an empty string! */
3156
3157 if (coded)
3158 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
3159 else if (errno == EINVAL)
3160 tempcond = FALSE;
3161 else
3162 {
3163 expand_string_message = string_sprintf("crypt error: %s\n",
3164 US strerror(errno));
3165 return NULL;
3166 }
3167 }
3168 break;
3169 #endif /* SUPPORT_CRYPTEQ */
3170
3171 case ECOND_INLIST:
3172 case ECOND_INLISTI:
3173 {
3174 const uschar * list = sub[1];
3175 int sep = 0;
3176 uschar *save_iterate_item = iterate_item;
3177 int (*compare)(const uschar *, const uschar *);
3178
3179 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
3180
3181 tempcond = FALSE;
3182 compare = cond_type == ECOND_INLISTI
3183 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
3184
3185 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
3186 {
3187 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
3188 if (compare(sub[0], iterate_item) == 0)
3189 {
3190 tempcond = TRUE;
3191 break;
3192 }
3193 }
3194 iterate_item = save_iterate_item;
3195 }
3196
3197 } /* Switch for comparison conditions */
3198
3199 *yield = tempcond == testfor;
3200 return s; /* End of comparison conditions */
3201
3202
3203 /* and/or: computes logical and/or of several conditions */
3204
3205 case ECOND_AND:
3206 case ECOND_OR:
3207 subcondptr = (yield == NULL) ? NULL : &tempcond;
3208 combined_cond = (cond_type == ECOND_AND);
3209
3210 while (isspace(*s)) s++;
3211 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3212
3213 for (;;)
3214 {
3215 while (isspace(*s)) s++;
3216 /* {-for-text-editors */
3217 if (*s == '}') break;
3218 if (*s != '{') /* }-for-text-editors */
3219 {
3220 expand_string_message = string_sprintf("each subcondition "
3221 "inside an \"%s{...}\" condition must be in its own {}", opname);
3222 return NULL;
3223 }
3224
3225 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3226 {
3227 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3228 expand_string_message, opname);
3229 return NULL;
3230 }
3231 while (isspace(*s)) s++;
3232
3233 /* {-for-text-editors */
3234 if (*s++ != '}')
3235 {
3236 /* {-for-text-editors */
3237 expand_string_message = string_sprintf("missing } at end of condition "
3238 "inside \"%s\" group", opname);
3239 return NULL;
3240 }
3241
3242 if (yield)
3243 if (cond_type == ECOND_AND)
3244 {
3245 combined_cond &= tempcond;
3246 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3247 } /* evaluate any more */
3248 else
3249 {
3250 combined_cond |= tempcond;
3251 if (combined_cond) subcondptr = NULL; /* once true, don't */
3252 } /* evaluate any more */
3253 }
3254
3255 if (yield) *yield = (combined_cond == testfor);
3256 return ++s;
3257
3258
3259 /* forall/forany: iterates a condition with different values */
3260
3261 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3262 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3263 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3264 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3265 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3266 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3267
3268 FORMANY:
3269 {
3270 const uschar * list;
3271 int sep = 0;
3272 uschar *save_iterate_item = iterate_item;
3273
3274 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
3275
3276 while (isspace(*s)) s++;
3277 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3278 if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok)))
3279 return NULL;
3280 /* {-for-text-editors */
3281 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3282
3283 while (isspace(*s)) s++;
3284 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3285
3286 sub[1] = s;
3287
3288 /* Call eval_condition once, with result discarded (as if scanning a
3289 "false" part). This allows us to find the end of the condition, because if
3290 the list it empty, we won't actually evaluate the condition for real. */
3291
3292 if (!(s = eval_condition(sub[1], resetok, NULL)))
3293 {
3294 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3295 expand_string_message, opname);
3296 return NULL;
3297 }
3298 while (isspace(*s)) s++;
3299
3300 /* {-for-text-editors */
3301 if (*s++ != '}')
3302 {
3303 /* {-for-text-editors */
3304 expand_string_message = string_sprintf("missing } at end of condition "
3305 "inside \"%s\"", opname);
3306 return NULL;
3307 }
3308
3309 if (yield) *yield = !testfor;
3310 list = sub[0];
3311 if (is_json) list = dewrap(string_copy(list), US"[]");
3312 while ((iterate_item = is_json
3313 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3314 {
3315 if (is_jsons)
3316 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3317 {
3318 expand_string_message =
3319 string_sprintf("%s wrapping string result for extract jsons",
3320 expand_string_message);
3321 iterate_item = save_iterate_item;
3322 return NULL;
3323 }
3324
3325 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", opname, iterate_item);
3326 if (!eval_condition(sub[1], resetok, &tempcond))
3327 {
3328 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3329 expand_string_message, opname);
3330 iterate_item = save_iterate_item;
3331 return NULL;
3332 }
3333 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
3334 tempcond? "true":"false");
3335
3336 if (yield) *yield = (tempcond == testfor);
3337 if (tempcond == is_forany) break;
3338 }
3339
3340 iterate_item = save_iterate_item;
3341 return s;
3342 }
3343
3344
3345 /* The bool{} expansion condition maps a string to boolean.
3346 The values supported should match those supported by the ACL condition
3347 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3348 of true/false. Note that Router "condition" rules have a different
3349 interpretation, where general data can be used and only a few values