projects / exim.git / blob
? search:


42a5a5d5a88cad9e0faa7571d13b711537f8fedc
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 US"substr",
133 US"tr" };
134
135 enum {
136 EITEM_ACL,
137 EITEM_AUTHRESULTS,
138 EITEM_CERTEXTRACT,
139 EITEM_DLFUNC,
140 EITEM_ENV,
141 EITEM_EXTRACT,
142 EITEM_FILTER,
143 EITEM_HASH,
144 EITEM_HMAC,
145 EITEM_IF,
146 #ifdef SUPPORT_I18N
147 EITEM_IMAPFOLDER,
148 #endif
149 EITEM_LENGTH,
150 EITEM_LISTEXTRACT,
151 EITEM_LOOKUP,
152 EITEM_MAP,
153 EITEM_NHASH,
154 EITEM_PERL,
155 EITEM_PRVS,
156 EITEM_PRVSCHECK,
157 EITEM_READFILE,
158 EITEM_READSOCK,
159 EITEM_REDUCE,
160 EITEM_RUN,
161 EITEM_SG,
162 EITEM_SORT,
163 EITEM_SUBSTR,
164 EITEM_TR };
165
166 /* Tables of operator names, and corresponding switch numbers. The names must be
167 in alphabetical order. There are two tables, because underscore is used in some
168 cases to introduce arguments, whereas for other it is part of the name. This is
169 an historical mis-design. */
170
171 static uschar *op_table_underscore[] = {
172 US"from_utf8",
173 US"local_part",
174 US"quote_local_part",
175 US"reverse_ip",
176 US"time_eval",
177 US"time_interval"
178 #ifdef SUPPORT_I18N
179 ,US"utf8_domain_from_alabel",
180 US"utf8_domain_to_alabel",
181 US"utf8_localpart_from_alabel",
182 US"utf8_localpart_to_alabel"
183 #endif
184 };
185
186 enum {
187 EOP_FROM_UTF8,
188 EOP_LOCAL_PART,
189 EOP_QUOTE_LOCAL_PART,
190 EOP_REVERSE_IP,
191 EOP_TIME_EVAL,
192 EOP_TIME_INTERVAL
193 #ifdef SUPPORT_I18N
194 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
195 EOP_UTF8_DOMAIN_TO_ALABEL,
196 EOP_UTF8_LOCALPART_FROM_ALABEL,
197 EOP_UTF8_LOCALPART_TO_ALABEL
198 #endif
199 };
200
201 static uschar *op_table_main[] = {
202 US"address",
203 US"addresses",
204 US"base32",
205 US"base32d",
206 US"base62",
207 US"base62d",
208 US"base64",
209 US"base64d",
210 US"domain",
211 US"escape",
212 US"escape8bit",
213 US"eval",
214 US"eval10",
215 US"expand",
216 US"h",
217 US"hash",
218 US"hex2b64",
219 US"hexquote",
220 US"ipv6denorm",
221 US"ipv6norm",
222 US"l",
223 US"lc",
224 US"length",
225 US"listcount",
226 US"listnamed",
227 US"mask",
228 US"md5",
229 US"nh",
230 US"nhash",
231 US"quote",
232 US"randint",
233 US"rfc2047",
234 US"rfc2047d",
235 US"rxquote",
236 US"s",
237 US"sha1",
238 US"sha256",
239 US"sha3",
240 US"stat",
241 US"str2b64",
242 US"strlen",
243 US"substr",
244 US"uc",
245 US"utf8clean" };
246
247 enum {
248 EOP_ADDRESS = nelem(op_table_underscore),
249 EOP_ADDRESSES,
250 EOP_BASE32,
251 EOP_BASE32D,
252 EOP_BASE62,
253 EOP_BASE62D,
254 EOP_BASE64,
255 EOP_BASE64D,
256 EOP_DOMAIN,
257 EOP_ESCAPE,
258 EOP_ESCAPE8BIT,
259 EOP_EVAL,
260 EOP_EVAL10,
261 EOP_EXPAND,
262 EOP_H,
263 EOP_HASH,
264 EOP_HEX2B64,
265 EOP_HEXQUOTE,
266 EOP_IPV6DENORM,
267 EOP_IPV6NORM,
268 EOP_L,
269 EOP_LC,
270 EOP_LENGTH,
271 EOP_LISTCOUNT,
272 EOP_LISTNAMED,
273 EOP_MASK,
274 EOP_MD5,
275 EOP_NH,
276 EOP_NHASH,
277 EOP_QUOTE,
278 EOP_RANDINT,
279 EOP_RFC2047,
280 EOP_RFC2047D,
281 EOP_RXQUOTE,
282 EOP_S,
283 EOP_SHA1,
284 EOP_SHA256,
285 EOP_SHA3,
286 EOP_STAT,
287 EOP_STR2B64,
288 EOP_STRLEN,
289 EOP_SUBSTR,
290 EOP_UC,
291 EOP_UTF8CLEAN };
292
293
294 /* Table of condition names, and corresponding switch numbers. The names must
295 be in alphabetical order. */
296
297 static uschar *cond_table[] = {
298 US"<",
299 US"<=",
300 US"=",
301 US"==", /* Backward compatibility */
302 US">",
303 US">=",
304 US"acl",
305 US"and",
306 US"bool",
307 US"bool_lax",
308 US"crypteq",
309 US"def",
310 US"eq",
311 US"eqi",
312 US"exists",
313 US"first_delivery",
314 US"forall",
315 US"forany",
316 US"ge",
317 US"gei",
318 US"gt",
319 US"gti",
320 US"inlist",
321 US"inlisti",
322 US"isip",
323 US"isip4",
324 US"isip6",
325 US"ldapauth",
326 US"le",
327 US"lei",
328 US"lt",
329 US"lti",
330 US"match",
331 US"match_address",
332 US"match_domain",
333 US"match_ip",
334 US"match_local_part",
335 US"or",
336 US"pam",
337 US"pwcheck",
338 US"queue_running",
339 US"radius",
340 US"saslauthd"
341 };
342
343 enum {
344 ECOND_NUM_L,
345 ECOND_NUM_LE,
346 ECOND_NUM_E,
347 ECOND_NUM_EE,
348 ECOND_NUM_G,
349 ECOND_NUM_GE,
350 ECOND_ACL,
351 ECOND_AND,
352 ECOND_BOOL,
353 ECOND_BOOL_LAX,
354 ECOND_CRYPTEQ,
355 ECOND_DEF,
356 ECOND_STR_EQ,
357 ECOND_STR_EQI,
358 ECOND_EXISTS,
359 ECOND_FIRST_DELIVERY,
360 ECOND_FORALL,
361 ECOND_FORANY,
362 ECOND_STR_GE,
363 ECOND_STR_GEI,
364 ECOND_STR_GT,
365 ECOND_STR_GTI,
366 ECOND_INLIST,
367 ECOND_INLISTI,
368 ECOND_ISIP,
369 ECOND_ISIP4,
370 ECOND_ISIP6,
371 ECOND_LDAPAUTH,
372 ECOND_STR_LE,
373 ECOND_STR_LEI,
374 ECOND_STR_LT,
375 ECOND_STR_LTI,
376 ECOND_MATCH,
377 ECOND_MATCH_ADDRESS,
378 ECOND_MATCH_DOMAIN,
379 ECOND_MATCH_IP,
380 ECOND_MATCH_LOCAL_PART,
381 ECOND_OR,
382 ECOND_PAM,
383 ECOND_PWCHECK,
384 ECOND_QUEUE_RUNNING,
385 ECOND_RADIUS,
386 ECOND_SASLAUTHD
387 };
388
389
390 /* Types of table entry */
391
392 enum vtypes {
393 vtype_int, /* value is address of int */
394 vtype_filter_int, /* ditto, but recognized only when filtering */
395 vtype_ino, /* value is address of ino_t (not always an int) */
396 vtype_uid, /* value is address of uid_t (not always an int) */
397 vtype_gid, /* value is address of gid_t (not always an int) */
398 vtype_bool, /* value is address of bool */
399 vtype_stringptr, /* value is address of pointer to string */
400 vtype_msgbody, /* as stringptr, but read when first required */
401 vtype_msgbody_end, /* ditto, the end of the message */
402 vtype_msgheaders, /* the message's headers, processed */
403 vtype_msgheaders_raw, /* the message's headers, unprocessed */
404 vtype_localpart, /* extract local part from string */
405 vtype_domain, /* extract domain from string */
406 vtype_string_func, /* value is string returned by given function */
407 vtype_todbsdin, /* value not used; generate BSD inbox tod */
408 vtype_tode, /* value not used; generate tod in epoch format */
409 vtype_todel, /* value not used; generate tod in epoch/usec format */
410 vtype_todf, /* value not used; generate full tod */
411 vtype_todl, /* value not used; generate log tod */
412 vtype_todlf, /* value not used; generate log file datestamp tod */
413 vtype_todzone, /* value not used; generate time zone only */
414 vtype_todzulu, /* value not used; generate zulu tod */
415 vtype_reply, /* value not used; get reply from headers */
416 vtype_pid, /* value not used; result is pid */
417 vtype_host_lookup, /* value not used; get host name */
418 vtype_load_avg, /* value not used; result is int from os_getloadavg */
419 vtype_pspace, /* partition space; value is T/F for spool/log */
420 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
421 vtype_cert /* SSL certificate */
422 #ifndef DISABLE_DKIM
423 ,vtype_dkim /* Lookup of value in DKIM signature */
424 #endif
425 };
426
427 /* Type for main variable table */
428
429 typedef struct {
430 const char *name;
431 enum vtypes type;
432 void *value;
433 } var_entry;
434
435 /* Type for entries pointing to address/length pairs. Not currently
436 in use. */
437
438 typedef struct {
439 uschar **address;
440 int *length;
441 } alblock;
442
443 static uschar * fn_recipients(void);
444
445 /* This table must be kept in alphabetical order. */
446
447 static var_entry var_table[] = {
448 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
449 they will be confused with user-creatable ACL variables. */
450 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
451 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
452 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
453 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
454 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
455 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
456 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
457 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
458 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
459 { "acl_narg", vtype_int, &acl_narg },
460 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
461 { "address_data", vtype_stringptr, &deliver_address_data },
462 { "address_file", vtype_stringptr, &address_file },
463 { "address_pipe", vtype_stringptr, &address_pipe },
464 #ifdef EXPERIMENTAL_ARC
465 { "arc_domains", vtype_string_func, &fn_arc_domains },
466 { "arc_state", vtype_stringptr, &arc_state },
467 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
468 #endif
469 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
470 { "authenticated_id", vtype_stringptr, &authenticated_id },
471 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
472 { "authentication_failed",vtype_int, &authentication_failed },
473 #ifdef WITH_CONTENT_SCAN
474 { "av_failed", vtype_int, &av_failed },
475 #endif
476 #ifdef EXPERIMENTAL_BRIGHTMAIL
477 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
478 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
479 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
480 { "bmi_deliver", vtype_int, &bmi_deliver },
481 #endif
482 { "body_linecount", vtype_int, &body_linecount },
483 { "body_zerocount", vtype_int, &body_zerocount },
484 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
485 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
486 { "caller_gid", vtype_gid, &real_gid },
487 { "caller_uid", vtype_uid, &real_uid },
488 { "callout_address", vtype_stringptr, &callout_address },
489 { "compile_date", vtype_stringptr, &version_date },
490 { "compile_number", vtype_stringptr, &version_cnumber },
491 { "config_dir", vtype_stringptr, &config_main_directory },
492 { "config_file", vtype_stringptr, &config_main_filename },
493 { "csa_status", vtype_stringptr, &csa_status },
494 #ifdef EXPERIMENTAL_DCC
495 { "dcc_header", vtype_stringptr, &dcc_header },
496 { "dcc_result", vtype_stringptr, &dcc_result },
497 #endif
498 #ifndef DISABLE_DKIM
499 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
500 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
501 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
502 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
503 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
504 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
505 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
506 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
507 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
508 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
509 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
510 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
511 { "dkim_key_length", vtype_int, &dkim_key_length },
512 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
513 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
514 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
515 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
516 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
517 { "dkim_signers", vtype_stringptr, &dkim_signers },
518 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
519 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
520 #endif
521 #ifdef EXPERIMENTAL_DMARC
522 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
523 { "dmarc_status", vtype_stringptr, &dmarc_status },
524 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
525 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
526 #endif
527 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
528 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
529 { "dnslist_text", vtype_stringptr, &dnslist_text },
530 { "dnslist_value", vtype_stringptr, &dnslist_value },
531 { "domain", vtype_stringptr, &deliver_domain },
532 { "domain_data", vtype_stringptr, &deliver_domain_data },
533 #ifndef DISABLE_EVENT
534 { "event_data", vtype_stringptr, &event_data },
535
536 /*XXX want to use generic vars for as many of these as possible*/
537 { "event_defer_errno", vtype_int, &event_defer_errno },
538
539 { "event_name", vtype_stringptr, &event_name },
540 #endif
541 { "exim_gid", vtype_gid, &exim_gid },
542 { "exim_path", vtype_stringptr, &exim_path },
543 { "exim_uid", vtype_uid, &exim_uid },
544 { "exim_version", vtype_stringptr, &version_string },
545 { "headers_added", vtype_string_func, &fn_hdrs_added },
546 { "home", vtype_stringptr, &deliver_home },
547 { "host", vtype_stringptr, &deliver_host },
548 { "host_address", vtype_stringptr, &deliver_host_address },
549 { "host_data", vtype_stringptr, &host_data },
550 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
551 { "host_lookup_failed", vtype_int, &host_lookup_failed },
552 { "host_port", vtype_int, &deliver_host_port },
553 { "initial_cwd", vtype_stringptr, &initial_cwd },
554 { "inode", vtype_ino, &deliver_inode },
555 { "interface_address", vtype_stringptr, &interface_address },
556 { "interface_port", vtype_int, &interface_port },
557 { "item", vtype_stringptr, &iterate_item },
558 #ifdef LOOKUP_LDAP
559 { "ldap_dn", vtype_stringptr, &eldap_dn },
560 #endif
561 { "load_average", vtype_load_avg, NULL },
562 { "local_part", vtype_stringptr, &deliver_localpart },
563 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
564 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
565 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
566 #ifdef HAVE_LOCAL_SCAN
567 { "local_scan_data", vtype_stringptr, &local_scan_data },
568 #endif
569 { "local_user_gid", vtype_gid, &local_user_gid },
570 { "local_user_uid", vtype_uid, &local_user_uid },
571 { "localhost_number", vtype_int, &host_number },
572 { "log_inodes", vtype_pinodes, (void *)FALSE },
573 { "log_space", vtype_pspace, (void *)FALSE },
574 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
575 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
576 #ifdef WITH_CONTENT_SCAN
577 { "malware_name", vtype_stringptr, &malware_name },
578 #endif
579 { "max_received_linelength", vtype_int, &max_received_linelength },
580 { "message_age", vtype_int, &message_age },
581 { "message_body", vtype_msgbody, &message_body },
582 { "message_body_end", vtype_msgbody_end, &message_body_end },
583 { "message_body_size", vtype_int, &message_body_size },
584 { "message_exim_id", vtype_stringptr, &message_id },
585 { "message_headers", vtype_msgheaders, NULL },
586 { "message_headers_raw", vtype_msgheaders_raw, NULL },
587 { "message_id", vtype_stringptr, &message_id },
588 { "message_linecount", vtype_int, &message_linecount },
589 { "message_size", vtype_int, &message_size },
590 #ifdef SUPPORT_I18N
591 { "message_smtputf8", vtype_bool, &message_smtputf8 },
592 #endif
593 #ifdef WITH_CONTENT_SCAN
594 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
595 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
596 { "mime_boundary", vtype_stringptr, &mime_boundary },
597 { "mime_charset", vtype_stringptr, &mime_charset },
598 { "mime_content_description", vtype_stringptr, &mime_content_description },
599 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
600 { "mime_content_id", vtype_stringptr, &mime_content_id },
601 { "mime_content_size", vtype_int, &mime_content_size },
602 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
603 { "mime_content_type", vtype_stringptr, &mime_content_type },
604 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
605 { "mime_filename", vtype_stringptr, &mime_filename },
606 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
607 { "mime_is_multipart", vtype_int, &mime_is_multipart },
608 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
609 { "mime_part_count", vtype_int, &mime_part_count },
610 #endif
611 { "n0", vtype_filter_int, &filter_n[0] },
612 { "n1", vtype_filter_int, &filter_n[1] },
613 { "n2", vtype_filter_int, &filter_n[2] },
614 { "n3", vtype_filter_int, &filter_n[3] },
615 { "n4", vtype_filter_int, &filter_n[4] },
616 { "n5", vtype_filter_int, &filter_n[5] },
617 { "n6", vtype_filter_int, &filter_n[6] },
618 { "n7", vtype_filter_int, &filter_n[7] },
619 { "n8", vtype_filter_int, &filter_n[8] },
620 { "n9", vtype_filter_int, &filter_n[9] },
621 { "original_domain", vtype_stringptr, &deliver_domain_orig },
622 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
623 { "originator_gid", vtype_gid, &originator_gid },
624 { "originator_uid", vtype_uid, &originator_uid },
625 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
626 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
627 { "pid", vtype_pid, NULL },
628 #ifndef DISABLE_PRDR
629 { "prdr_requested", vtype_bool, &prdr_requested },
630 #endif
631 { "primary_hostname", vtype_stringptr, &primary_hostname },
632 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
633 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
634 { "proxy_external_port", vtype_int, &proxy_external_port },
635 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
636 { "proxy_local_port", vtype_int, &proxy_local_port },
637 { "proxy_session", vtype_bool, &proxy_session },
638 #endif
639 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
640 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
641 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
642 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
643 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
644 { "queue_name", vtype_stringptr, &queue_name },
645 { "rcpt_count", vtype_int, &rcpt_count },
646 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
647 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
648 { "received_count", vtype_int, &received_count },
649 { "received_for", vtype_stringptr, &received_for },
650 { "received_ip_address", vtype_stringptr, &interface_address },
651 { "received_port", vtype_int, &interface_port },
652 { "received_protocol", vtype_stringptr, &received_protocol },
653 { "received_time", vtype_int, &received_time.tv_sec },
654 { "recipient_data", vtype_stringptr, &recipient_data },
655 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
656 { "recipients", vtype_string_func, &fn_recipients },
657 { "recipients_count", vtype_int, &recipients_count },
658 #ifdef WITH_CONTENT_SCAN
659 { "regex_match_string", vtype_stringptr, &regex_match_string },
660 #endif
661 { "reply_address", vtype_reply, NULL },
662 { "return_path", vtype_stringptr, &return_path },
663 { "return_size_limit", vtype_int, &bounce_return_size_limit },
664 { "router_name", vtype_stringptr, &router_name },
665 { "runrc", vtype_int, &runrc },
666 { "self_hostname", vtype_stringptr, &self_hostname },
667 { "sender_address", vtype_stringptr, &sender_address },
668 { "sender_address_data", vtype_stringptr, &sender_address_data },
669 { "sender_address_domain", vtype_domain, &sender_address },
670 { "sender_address_local_part", vtype_localpart, &sender_address },
671 { "sender_data", vtype_stringptr, &sender_data },
672 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
673 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
674 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
675 { "sender_host_address", vtype_stringptr, &sender_host_address },
676 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
677 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
678 { "sender_host_name", vtype_host_lookup, NULL },
679 { "sender_host_port", vtype_int, &sender_host_port },
680 { "sender_ident", vtype_stringptr, &sender_ident },
681 { "sender_rate", vtype_stringptr, &sender_rate },
682 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
683 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
684 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
685 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
686 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
687 { "sending_port", vtype_int, &sending_port },
688 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
689 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
690 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
691 { "smtp_command_history", vtype_string_func, &smtp_cmd_hist },
692 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
693 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
694 { "sn0", vtype_filter_int, &filter_sn[0] },
695 { "sn1", vtype_filter_int, &filter_sn[1] },
696 { "sn2", vtype_filter_int, &filter_sn[2] },
697 { "sn3", vtype_filter_int, &filter_sn[3] },
698 { "sn4", vtype_filter_int, &filter_sn[4] },
699 { "sn5", vtype_filter_int, &filter_sn[5] },
700 { "sn6", vtype_filter_int, &filter_sn[6] },
701 { "sn7", vtype_filter_int, &filter_sn[7] },
702 { "sn8", vtype_filter_int, &filter_sn[8] },
703 { "sn9", vtype_filter_int, &filter_sn[9] },
704 #ifdef WITH_CONTENT_SCAN
705 { "spam_action", vtype_stringptr, &spam_action },
706 { "spam_bar", vtype_stringptr, &spam_bar },
707 { "spam_report", vtype_stringptr, &spam_report },
708 { "spam_score", vtype_stringptr, &spam_score },
709 { "spam_score_int", vtype_stringptr, &spam_score_int },
710 #endif
711 #ifdef SUPPORT_SPF
712 { "spf_guess", vtype_stringptr, &spf_guess },
713 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
714 { "spf_received", vtype_stringptr, &spf_received },
715 { "spf_result", vtype_stringptr, &spf_result },
716 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
717 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
718 #endif
719 { "spool_directory", vtype_stringptr, &spool_directory },
720 { "spool_inodes", vtype_pinodes, (void *)TRUE },
721 { "spool_space", vtype_pspace, (void *)TRUE },
722 #ifdef EXPERIMENTAL_SRS
723 { "srs_db_address", vtype_stringptr, &srs_db_address },
724 { "srs_db_key", vtype_stringptr, &srs_db_key },
725 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
726 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
727 { "srs_recipient", vtype_stringptr, &srs_recipient },
728 { "srs_status", vtype_stringptr, &srs_status },
729 #endif
730 { "thisaddress", vtype_stringptr, &filter_thisaddress },
731
732 /* The non-(in,out) variables are now deprecated */
733 { "tls_bits", vtype_int, &tls_in.bits },
734 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
735 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
736
737 { "tls_in_bits", vtype_int, &tls_in.bits },
738 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
739 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
740 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
741 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
742 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
743 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
744 #if defined(SUPPORT_TLS)
745 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
746 #endif
747 { "tls_out_bits", vtype_int, &tls_out.bits },
748 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
749 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
750 #ifdef SUPPORT_DANE
751 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
752 #endif
753 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
754 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
755 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
756 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
757 #if defined(SUPPORT_TLS)
758 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
759 #endif
760 #ifdef SUPPORT_DANE
761 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
762 #endif
763
764 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
765 #if defined(SUPPORT_TLS)
766 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
767 #endif
768
769 { "tod_bsdinbox", vtype_todbsdin, NULL },
770 { "tod_epoch", vtype_tode, NULL },
771 { "tod_epoch_l", vtype_todel, NULL },
772 { "tod_full", vtype_todf, NULL },
773 { "tod_log", vtype_todl, NULL },
774 { "tod_logfile", vtype_todlf, NULL },
775 { "tod_zone", vtype_todzone, NULL },
776 { "tod_zulu", vtype_todzulu, NULL },
777 { "transport_name", vtype_stringptr, &transport_name },
778 { "value", vtype_stringptr, &lookup_value },
779 { "verify_mode", vtype_stringptr, &verify_mode },
780 { "version_number", vtype_stringptr, &version_string },
781 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
782 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
783 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
784 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
785 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
786 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
787 };
788
789 static int var_table_size = nelem(var_table);
790 static uschar var_buffer[256];
791 static BOOL malformed_header;
792
793 /* For textual hashes */
794
795 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
796 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
797 "0123456789";
798
799 enum { HMAC_MD5, HMAC_SHA1 };
800
801 /* For numeric hashes */
802
803 static unsigned int prime[] = {
804 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
805 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
806 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
807
808 /* For printing modes in symbolic form */
809
810 static uschar *mtable_normal[] =
811 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
812
813 static uschar *mtable_setid[] =
814 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
815
816 static uschar *mtable_sticky[] =
817 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
818
819
820
821 /*************************************************
822 * Tables for UTF-8 support *
823 *************************************************/
824
825 /* Table of the number of extra characters, indexed by the first character
826 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
827 0x3d. */
828
829 static uschar utf8_table1[] = {
830 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
831 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
832 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
833 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
834
835 /* These are the masks for the data bits in the first byte of a character,
836 indexed by the number of additional bytes. */
837
838 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
839
840 /* Get the next UTF-8 character, advancing the pointer. */
841
842 #define GETUTF8INC(c, ptr) \
843 c = *ptr++; \
844 if ((c & 0xc0) == 0xc0) \
845 { \
846 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
847 int s = 6*a; \
848 c = (c & utf8_table2[a]) << s; \
849 while (a-- > 0) \
850 { \
851 s -= 6; \
852 c |= (*ptr++ & 0x3f) << s; \
853 } \
854 }
855
856
857
858 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
859
860 /*************************************************
861 * Binary chop search on a table *
862 *************************************************/
863
864 /* This is used for matching expansion items and operators.
865
866 Arguments:
867 name the name that is being sought
868 table the table to search
869 table_size the number of items in the table
870
871 Returns: the offset in the table, or -1
872 */
873
874 static int
875 chop_match(uschar *name, uschar **table, int table_size)
876 {
877 uschar **bot = table;
878 uschar **top = table + table_size;
879
880 while (top > bot)
881 {
882 uschar **mid = bot + (top - bot)/2;
883 int c = Ustrcmp(name, *mid);
884 if (c == 0) return mid - table;
885 if (c > 0) bot = mid + 1; else top = mid;
886 }
887
888 return -1;
889 }
890
891
892
893 /*************************************************
894 * Check a condition string *
895 *************************************************/
896
897 /* This function is called to expand a string, and test the result for a "true"
898 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
899 forced fail or lookup defer.
900
901 We used to release all store used, but this is not not safe due
902 to ${dlfunc } and ${acl }. In any case expand_string_internal()
903 is reasonably careful to release what it can.
904
905 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
906
907 Arguments:
908 condition the condition string
909 m1 text to be incorporated in panic error
910 m2 ditto
911
912 Returns: TRUE if condition is met, FALSE if not
913 */
914
915 BOOL
916 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
917 {
918 int rc;
919 uschar *ss = expand_string(condition);
920 if (ss == NULL)
921 {
922 if (!expand_string_forcedfail && !search_find_defer)
923 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
924 "for %s %s: %s", condition, m1, m2, expand_string_message);
925 return FALSE;
926 }
927 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
928 strcmpic(ss, US"false") != 0;
929 return rc;
930 }
931
932
933
934
935 /*************************************************
936 * Pseudo-random number generation *
937 *************************************************/
938
939 /* Pseudo-random number generation. The result is not "expected" to be
940 cryptographically strong but not so weak that someone will shoot themselves
941 in the foot using it as a nonce in some email header scheme or whatever
942 weirdness they'll twist this into. The result should ideally handle fork().
943
944 However, if we're stuck unable to provide this, then we'll fall back to
945 appallingly bad randomness.
946
947 If SUPPORT_TLS is defined then this will not be used except as an emergency
948 fallback.
949
950 Arguments:
951 max range maximum
952 Returns a random number in range [0, max-1]
953 */
954
955 #ifdef SUPPORT_TLS
956 # define vaguely_random_number vaguely_random_number_fallback
957 #endif
958 int
959 vaguely_random_number(int max)
960 {
961 #ifdef SUPPORT_TLS
962 # undef vaguely_random_number
963 #endif
964 static pid_t pid = 0;
965 pid_t p2;
966 #if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
967 struct timeval tv;
968 #endif
969
970 p2 = getpid();
971 if (p2 != pid)
972 {
973 if (pid != 0)
974 {
975
976 #ifdef HAVE_ARC4RANDOM
977 /* cryptographically strong randomness, common on *BSD platforms, not
978 so much elsewhere. Alas. */
979 #ifndef NOT_HAVE_ARC4RANDOM_STIR
980 arc4random_stir();
981 #endif
982 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
983 #ifdef HAVE_SRANDOMDEV
984 /* uses random(4) for seeding */
985 srandomdev();
986 #else
987 gettimeofday(&tv, NULL);
988 srandom(tv.tv_sec | tv.tv_usec | getpid());
989 #endif
990 #else
991 /* Poor randomness and no seeding here */
992 #endif
993
994 }
995 pid = p2;
996 }
997
998 #ifdef HAVE_ARC4RANDOM
999 return arc4random() % max;
1000 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1001 return random() % max;
1002 #else
1003 /* This one returns a 16-bit number, definitely not crypto-strong */
1004 return random_number(max);
1005 #endif
1006 }
1007
1008
1009
1010
1011 /*************************************************
1012 * Pick out a name from a string *
1013 *************************************************/
1014
1015 /* If the name is too long, it is silently truncated.
1016
1017 Arguments:
1018 name points to a buffer into which to put the name
1019 max is the length of the buffer
1020 s points to the first alphabetic character of the name
1021 extras chars other than alphanumerics to permit
1022
1023 Returns: pointer to the first character after the name
1024
1025 Note: The test for *s != 0 in the while loop is necessary because
1026 Ustrchr() yields non-NULL if the character is zero (which is not something
1027 I expected). */
1028
1029 static const uschar *
1030 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1031 {
1032 int ptr = 0;
1033 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1034 {
1035 if (ptr < max-1) name[ptr++] = *s;
1036 s++;
1037 }
1038 name[ptr] = 0;
1039 return s;
1040 }
1041
1042
1043
1044 /*************************************************
1045 * Pick out the rest of a header name *
1046 *************************************************/
1047
1048 /* A variable name starting $header_ (or just $h_ for those who like
1049 abbreviations) might not be the complete header name because headers can
1050 contain any printing characters in their names, except ':'. This function is
1051 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1052 on the end, if the name was terminated by white space.
1053
1054 Arguments:
1055 name points to a buffer in which the name read so far exists
1056 max is the length of the buffer
1057 s points to the first character after the name so far, i.e. the
1058 first non-alphameric character after $header_xxxxx
1059
1060 Returns: a pointer to the first character after the header name
1061 */
1062
1063 static const uschar *
1064 read_header_name(uschar *name, int max, const uschar *s)
1065 {
1066 int prelen = Ustrchr(name, '_') - name + 1;
1067 int ptr = Ustrlen(name) - prelen;
1068 if (ptr > 0) memmove(name, name+prelen, ptr);
1069 while (mac_isgraph(*s) && *s != ':')
1070 {
1071 if (ptr < max-1) name[ptr++] = *s;
1072 s++;
1073 }
1074 if (*s == ':') s++;
1075 name[ptr++] = ':';
1076 name[ptr] = 0;
1077 return s;
1078 }
1079
1080
1081
1082 /*************************************************
1083 * Pick out a number from a string *
1084 *************************************************/
1085
1086 /* Arguments:
1087 n points to an integer into which to put the number
1088 s points to the first digit of the number
1089
1090 Returns: a pointer to the character after the last digit
1091 */
1092 /*XXX consider expanding to int_eximarith_t. But the test for
1093 "overbig numbers" in 0002 still needs to overflow it. */
1094
1095 static uschar *
1096 read_number(int *n, uschar *s)
1097 {
1098 *n = 0;
1099 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1100 return s;
1101 }
1102
1103 static const uschar *
1104 read_cnumber(int *n, const uschar *s)
1105 {
1106 *n = 0;
1107 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1108 return s;
1109 }
1110
1111
1112
1113 /*************************************************
1114 * Extract keyed subfield from a string *
1115 *************************************************/
1116
1117 /* The yield is in dynamic store; NULL means that the key was not found.
1118
1119 Arguments:
1120 key points to the name of the key
1121 s points to the string from which to extract the subfield
1122
1123 Returns: NULL if the subfield was not found, or
1124 a pointer to the subfield's data
1125 */
1126
1127 static uschar *
1128 expand_getkeyed(uschar *key, const uschar *s)
1129 {
1130 int length = Ustrlen(key);
1131 while (isspace(*s)) s++;
1132
1133 /* Loop to search for the key */
1134
1135 while (*s != 0)
1136 {
1137 int dkeylength;
1138 uschar *data;
1139 const uschar *dkey = s;
1140
1141 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1142 dkeylength = s - dkey;
1143 while (isspace(*s)) s++;
1144 if (*s == '=') while (isspace((*(++s))));
1145
1146 data = string_dequote(&s);
1147 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1148 return data;
1149
1150 while (isspace(*s)) s++;
1151 }
1152
1153 return NULL;
1154 }
1155
1156
1157
1158 static var_entry *
1159 find_var_ent(uschar * name)
1160 {
1161 int first = 0;
1162 int last = var_table_size;
1163
1164 while (last > first)
1165 {
1166 int middle = (first + last)/2;
1167 int c = Ustrcmp(name, var_table[middle].name);
1168
1169 if (c > 0) { first = middle + 1; continue; }
1170 if (c < 0) { last = middle; continue; }
1171 return &var_table[middle];
1172 }
1173 return NULL;
1174 }
1175
1176 /*************************************************
1177 * Extract numbered subfield from string *
1178 *************************************************/
1179
1180 /* Extracts a numbered field from a string that is divided by tokens - for
1181 example a line from /etc/passwd is divided by colon characters. First field is
1182 numbered one. Negative arguments count from the right. Zero returns the whole
1183 string. Returns NULL if there are insufficient tokens in the string
1184
1185 ***WARNING***
1186 Modifies final argument - this is a dynamically generated string, so that's OK.
1187
1188 Arguments:
1189 field number of field to be extracted,
1190 first field = 1, whole string = 0, last field = -1
1191 separators characters that are used to break string into tokens
1192 s points to the string from which to extract the subfield
1193
1194 Returns: NULL if the field was not found,
1195 a pointer to the field's data inside s (modified to add 0)
1196 */
1197
1198 static uschar *
1199 expand_gettokened (int field, uschar *separators, uschar *s)
1200 {
1201 int sep = 1;
1202 int count;
1203 uschar *ss = s;
1204 uschar *fieldtext = NULL;
1205
1206 if (field == 0) return s;
1207
1208 /* Break the line up into fields in place; for field > 0 we stop when we have
1209 done the number of fields we want. For field < 0 we continue till the end of
1210 the string, counting the number of fields. */
1211
1212 count = (field > 0)? field : INT_MAX;
1213
1214 while (count-- > 0)
1215 {
1216 size_t len;
1217
1218 /* Previous field was the last one in the string. For a positive field
1219 number, this means there are not enough fields. For a negative field number,
1220 check that there are enough, and scan back to find the one that is wanted. */
1221
1222 if (sep == 0)
1223 {
1224 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1225 if ((-field) == (INT_MAX - count - 1)) return s;
1226 while (field++ < 0)
1227 {
1228 ss--;
1229 while (ss[-1] != 0) ss--;
1230 }
1231 fieldtext = ss;
1232 break;
1233 }
1234
1235 /* Previous field was not last in the string; save its start and put a
1236 zero at its end. */
1237
1238 fieldtext = ss;
1239 len = Ustrcspn(ss, separators);
1240 sep = ss[len];
1241 ss[len] = 0;
1242 ss += len + 1;
1243 }
1244
1245 return fieldtext;
1246 }
1247
1248
1249 static uschar *
1250 expand_getlistele(int field, const uschar * list)
1251 {
1252 const uschar * tlist= list;
1253 int sep= 0;
1254 uschar dummy;
1255
1256 if(field<0)
1257 {
1258 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1259 sep= 0;
1260 }
1261 if(field==0) return NULL;
1262 while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1263 return string_nextinlist(&list, &sep, NULL, 0);
1264 }
1265
1266
1267 /* Certificate fields, by name. Worry about by-OID later */
1268 /* Names are chosen to not have common prefixes */
1269
1270 #ifdef SUPPORT_TLS
1271 typedef struct
1272 {
1273 uschar * name;
1274 int namelen;
1275 uschar * (*getfn)(void * cert, uschar * mod);
1276 } certfield;
1277 static certfield certfields[] =
1278 { /* linear search; no special order */
1279 { US"version", 7, &tls_cert_version },
1280 { US"serial_number", 13, &tls_cert_serial_number },
1281 { US"subject", 7, &tls_cert_subject },
1282 { US"notbefore", 9, &tls_cert_not_before },
1283 { US"notafter", 8, &tls_cert_not_after },
1284 { US"issuer", 6, &tls_cert_issuer },
1285 { US"signature", 9, &tls_cert_signature },
1286 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1287 { US"subj_altname", 12, &tls_cert_subject_altname },
1288 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1289 { US"crl_uri", 7, &tls_cert_crl_uri },
1290 };
1291
1292 static uschar *
1293 expand_getcertele(uschar * field, uschar * certvar)
1294 {
1295 var_entry * vp;
1296 certfield * cp;
1297
1298 if (!(vp = find_var_ent(certvar)))
1299 {
1300 expand_string_message =
1301 string_sprintf("no variable named \"%s\"", certvar);
1302 return NULL; /* Unknown variable name */
1303 }
1304 /* NB this stops us passing certs around in variable. Might
1305 want to do that in future */
1306 if (vp->type != vtype_cert)
1307 {
1308 expand_string_message =
1309 string_sprintf("\"%s\" is not a certificate", certvar);
1310 return NULL; /* Unknown variable name */
1311 }
1312 if (!*(void **)vp->value)
1313 return NULL;
1314
1315 if (*field >= '0' && *field <= '9')
1316 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1317
1318 for(cp = certfields;
1319 cp < certfields + nelem(certfields);
1320 cp++)
1321 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1322 {
1323 uschar * modifier = *(field += cp->namelen) == ','
1324 ? ++field : NULL;
1325 return (*cp->getfn)( *(void **)vp->value, modifier );
1326 }
1327
1328 expand_string_message =
1329 string_sprintf("bad field selector \"%s\" for certextract", field);
1330 return NULL;
1331 }
1332 #endif /*SUPPORT_TLS*/
1333
1334 /*************************************************
1335 * Extract a substring from a string *
1336 *************************************************/
1337
1338 /* Perform the ${substr or ${length expansion operations.
1339
1340 Arguments:
1341 subject the input string
1342 value1 the offset from the start of the input string to the start of
1343 the output string; if negative, count from the right.
1344 value2 the length of the output string, or negative (-1) for unset
1345 if value1 is positive, unset means "all after"
1346 if value1 is negative, unset means "all before"
1347 len set to the length of the returned string
1348
1349 Returns: pointer to the output string, or NULL if there is an error
1350 */
1351
1352 static uschar *
1353 extract_substr(uschar *subject, int value1, int value2, int *len)
1354 {
1355 int sublen = Ustrlen(subject);
1356
1357 if (value1 < 0) /* count from right */
1358 {
1359 value1 += sublen;
1360
1361 /* If the position is before the start, skip to the start, and adjust the
1362 length. If the length ends up negative, the substring is null because nothing
1363 can precede. This falls out naturally when the length is unset, meaning "all
1364 to the left". */
1365
1366 if (value1 < 0)
1367 {
1368 value2 += value1;
1369 if (value2 < 0) value2 = 0;
1370 value1 = 0;
1371 }
1372
1373 /* Otherwise an unset length => characters before value1 */
1374
1375 else if (value2 < 0)
1376 {
1377 value2 = value1;
1378 value1 = 0;
1379 }
1380 }
1381
1382 /* For a non-negative offset, if the starting position is past the end of the
1383 string, the result will be the null string. Otherwise, an unset length means
1384 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1385
1386 else
1387 {
1388 if (value1 > sublen)
1389 {
1390 value1 = sublen;
1391 value2 = 0;
1392 }
1393 else if (value2 < 0) value2 = sublen;
1394 }
1395
1396 /* Cut the length down to the maximum possible for the offset value, and get
1397 the required characters. */
1398
1399 if (value1 + value2 > sublen) value2 = sublen - value1;
1400 *len = value2;
1401 return subject + value1;
1402 }
1403
1404
1405
1406
1407 /*************************************************
1408 * Old-style hash of a string *
1409 *************************************************/
1410
1411 /* Perform the ${hash expansion operation.
1412
1413 Arguments:
1414 subject the input string (an expanded substring)
1415 value1 the length of the output string; if greater or equal to the
1416 length of the input string, the input string is returned
1417 value2 the number of hash characters to use, or 26 if negative
1418 len set to the length of the returned string
1419
1420 Returns: pointer to the output string, or NULL if there is an error
1421 */
1422
1423 static uschar *
1424 compute_hash(uschar *subject, int value1, int value2, int *len)
1425 {
1426 int sublen = Ustrlen(subject);
1427
1428 if (value2 < 0) value2 = 26;
1429 else if (value2 > Ustrlen(hashcodes))
1430 {
1431 expand_string_message =
1432 string_sprintf("hash count \"%d\" too big", value2);
1433 return NULL;
1434 }
1435
1436 /* Calculate the hash text. We know it is shorter than the original string, so
1437 can safely place it in subject[] (we know that subject is always itself an
1438 expanded substring). */
1439
1440 if (value1 < sublen)
1441 {
1442 int c;
1443 int i = 0;
1444 int j = value1;
1445 while ((c = (subject[j])) != 0)
1446 {
1447 int shift = (c + j++) & 7;
1448 subject[i] ^= (c << shift) | (c >> (8-shift));
1449 if (++i >= value1) i = 0;
1450 }
1451 for (i = 0; i < value1; i++)
1452 subject[i] = hashcodes[(subject[i]) % value2];
1453 }
1454 else value1 = sublen;
1455
1456 *len = value1;
1457 return subject;
1458 }
1459
1460
1461
1462
1463 /*************************************************
1464 * Numeric hash of a string *
1465 *************************************************/
1466
1467 /* Perform the ${nhash expansion operation. The first characters of the
1468 string are treated as most important, and get the highest prime numbers.
1469
1470 Arguments:
1471 subject the input string
1472 value1 the maximum value of the first part of the result
1473 value2 the maximum value of the second part of the result,
1474 or negative to produce only a one-part result
1475 len set to the length of the returned string
1476
1477 Returns: pointer to the output string, or NULL if there is an error.
1478 */
1479
1480 static uschar *
1481 compute_nhash (uschar *subject, int value1, int value2, int *len)
1482 {
1483 uschar *s = subject;
1484 int i = 0;
1485 unsigned long int total = 0; /* no overflow */
1486
1487 while (*s != 0)
1488 {
1489 if (i == 0) i = nelem(prime) - 1;
1490 total += prime[i--] * (unsigned int)(*s++);
1491 }
1492
1493 /* If value2 is unset, just compute one number */
1494
1495 if (value2 < 0)
1496 s = string_sprintf("%lu", total % value1);
1497
1498 /* Otherwise do a div/mod hash */
1499
1500 else
1501 {
1502 total = total % (value1 * value2);
1503 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1504 }
1505
1506 *len = Ustrlen(s);
1507 return s;
1508 }
1509
1510
1511
1512
1513
1514 /*************************************************
1515 * Find the value of a header or headers *
1516 *************************************************/
1517
1518 /* Multiple instances of the same header get concatenated, and this function
1519 can also return a concatenation of all the header lines. When concatenating
1520 specific headers that contain lists of addresses, a comma is inserted between
1521 them. Otherwise we use a straight concatenation. Because some messages can have
1522 pathologically large number of lines, there is a limit on the length that is
1523 returned. Also, to avoid massive store use which would result from using
1524 string_cat() as it copies and extends strings, we do a preliminary pass to find
1525 out exactly how much store will be needed. On "normal" messages this will be
1526 pretty trivial.
1527
1528 Arguments:
1529 name the name of the header, without the leading $header_ or $h_,
1530 or NULL if a concatenation of all headers is required
1531 exists_only TRUE if called from a def: test; don't need to build a string;
1532 just return a string that is not "" and not "0" if the header
1533 exists
1534 newsize return the size of memory block that was obtained; may be NULL
1535 if exists_only is TRUE
1536 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1537 other than concatenating, will be done on the header. Also used
1538 for $message_headers_raw.
1539 charset name of charset to translate MIME words to; used only if
1540 want_raw is false; if NULL, no translation is done (this is
1541 used for $bh_ and $bheader_)
1542
1543 Returns: NULL if the header does not exist, else a pointer to a new
1544 store block
1545 */
1546
1547 static uschar *
1548 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1549 uschar *charset)
1550 {
1551 BOOL found = name == NULL;
1552 int comma = 0;
1553 int len = found? 0 : Ustrlen(name);
1554 int i;
1555 uschar *yield = NULL;
1556 uschar *ptr = NULL;
1557
1558 /* Loop for two passes - saves code repetition */
1559
1560 for (i = 0; i < 2; i++)
1561 {
1562 int size = 0;
1563 header_line *h;
1564
1565 for (h = header_list; size < header_insert_maxlen && h; h = h->next)
1566 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1567 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1568 {
1569 int ilen;
1570 uschar *t;
1571
1572 if (exists_only) return US"1"; /* don't need actual string */
1573 found = TRUE;
1574 t = h->text + len; /* text to insert */
1575 if (!want_raw) /* unless wanted raw, */
1576 while (isspace(*t)) t++; /* remove leading white space */
1577 ilen = h->slen - (t - h->text); /* length to insert */
1578
1579 /* Unless wanted raw, remove trailing whitespace, including the
1580 newline. */
1581
1582 if (!want_raw)
1583 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1584
1585 /* Set comma = 1 if handling a single header and it's one of those
1586 that contains an address list, except when asked for raw headers. Only
1587 need to do this once. */
1588
1589 if (!want_raw && name && comma == 0 &&
1590 Ustrchr("BCFRST", h->type) != NULL)
1591 comma = 1;
1592
1593 /* First pass - compute total store needed; second pass - compute
1594 total store used, including this header. */
1595
1596 size += ilen + comma + 1; /* +1 for the newline */
1597
1598 /* Second pass - concatenate the data, up to a maximum. Note that
1599 the loop stops when size hits the limit. */
1600
1601 if (i != 0)
1602 {
1603 if (size > header_insert_maxlen)
1604 {
1605 ilen -= size - header_insert_maxlen - 1;
1606 comma = 0;
1607 }
1608 Ustrncpy(ptr, t, ilen);
1609 ptr += ilen;
1610
1611 /* For a non-raw header, put in the comma if needed, then add
1612 back the newline we removed above, provided there was some text in
1613 the header. */
1614
1615 if (!want_raw && ilen > 0)
1616 {
1617 if (comma != 0) *ptr++ = ',';
1618 *ptr++ = '\n';
1619 }
1620 }
1621 }
1622
1623 /* At end of first pass, return NULL if no header found. Then truncate size
1624 if necessary, and get the buffer to hold the data, returning the buffer size.
1625 */
1626
1627 if (i == 0)
1628 {
1629 if (!found) return NULL;
1630 if (size > header_insert_maxlen) size = header_insert_maxlen;
1631 *newsize = size + 1;
1632 ptr = yield = store_get(*newsize);
1633 }
1634 }
1635
1636 /* That's all we do for raw header expansion. */
1637
1638 if (want_raw)
1639 *ptr = 0;
1640
1641 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1642 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1643 function can return an error with decoded data if the charset translation
1644 fails. If decoding fails, it returns NULL. */
1645
1646 else
1647 {
1648 uschar *decoded, *error;
1649 if (ptr > yield && ptr[-1] == '\n') ptr--;
1650 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1651 *ptr = 0;
1652 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1653 newsize, &error);
1654 if (error != NULL)
1655 {
1656 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1657 " input was: %s\n", error, yield);
1658 }
1659 if (decoded != NULL) yield = decoded;
1660 }
1661
1662 return yield;
1663 }
1664
1665
1666
1667
1668 /* Append a "local" element to an Autherntication-Results: header
1669 if this was a non-smtp message.
1670 */
1671
1672 static gstring *
1673 authres_local(gstring * g, const uschar * sysname)
1674 {
1675 if (!authentication_local)
1676 return g;
1677 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1678 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1679 return g;
1680 }
1681
1682
1683 /* Append an "iprev" element to an Autherntication-Results: header
1684 if we have attempted to get the calling host's name.
1685 */
1686
1687 static gstring *
1688 authres_iprev(gstring * g)
1689 {
1690 if (sender_host_name)
1691 return string_append(g, sender_host_address ? 5 : 3,
1692 US";\n\tiprev=pass (", sender_host_name, US")",
1693 US" smtp.client-ip=", sender_host_address);
1694 if (host_lookup_deferred)
1695 return string_catn(g, US";\n\tiprev=temperror", 19);
1696 if (host_lookup_failed)
1697 return string_catn(g, US";\n\tiprev=fail", 13);
1698 return g;
1699 }
1700
1701
1702
1703 /*************************************************
1704 * Return list of recipients *
1705 *************************************************/
1706 /* A recipients list is available only during system message filtering,
1707 during ACL processing after DATA, and while expanding pipe commands
1708 generated from a system filter, but not elsewhere. */
1709
1710 static uschar *
1711 fn_recipients(void)
1712 {
1713 gstring * g = NULL;
1714 int i;
1715
1716 if (!enable_dollar_recipients) return NULL;
1717
1718 for (i = 0; i < recipients_count; i++)
1719 {
1720 /*XXX variant of list_appendele? */
1721 if (i != 0) g = string_catn(g, US", ", 2);
1722 g = string_cat(g, recipients_list[i].address);
1723 }
1724 return string_from_gstring(g);
1725 }
1726
1727
1728 /*************************************************
1729 * Find value of a variable *
1730 *************************************************/
1731
1732 /* The table of variables is kept in alphabetic order, so we can search it
1733 using a binary chop. The "choplen" variable is nothing to do with the binary
1734 chop.
1735
1736 Arguments:
1737 name the name of the variable being sought
1738 exists_only TRUE if this is a def: test; passed on to find_header()
1739 skipping TRUE => skip any processing evaluation; this is not the same as
1740 exists_only because def: may test for values that are first
1741 evaluated here
1742 newsize pointer to an int which is initially zero; if the answer is in
1743 a new memory buffer, *newsize is set to its size
1744
1745 Returns: NULL if the variable does not exist, or
1746 a pointer to the variable's contents, or
1747 something non-NULL if exists_only is TRUE
1748 */
1749
1750 static uschar *
1751 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1752 {
1753 var_entry * vp;
1754 uschar *s, *domain;
1755 uschar **ss;
1756 void * val;
1757
1758 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1759 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1760 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1761 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1762 (this gave backwards compatibility at the changeover). There may be built-in
1763 variables whose names start acl_ but they should never start in this way. This
1764 slightly messy specification is a consequence of the history, needless to say.
1765
1766 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1767 set, in which case give an error. */
1768
1769 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1770 !isalpha(name[5]))
1771 {
1772 tree_node *node =
1773 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1774 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1775 }
1776
1777 /* Handle $auth<n> variables. */
1778
1779 if (Ustrncmp(name, "auth", 4) == 0)
1780 {
1781 uschar *endptr;
1782 int n = Ustrtoul(name + 4, &endptr, 10);
1783 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1784 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1785 }
1786 else if (Ustrncmp(name, "regex", 5) == 0)
1787 {
1788 uschar *endptr;
1789 int n = Ustrtoul(name + 5, &endptr, 10);
1790 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1791 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1792 }
1793
1794 /* For all other variables, search the table */
1795
1796 if (!(vp = find_var_ent(name)))
1797 return NULL; /* Unknown variable name */
1798
1799 /* Found an existing variable. If in skipping state, the value isn't needed,
1800 and we want to avoid processing (such as looking up the host name). */
1801
1802 if (skipping)
1803 return US"";
1804
1805 val = vp->value;
1806 switch (vp->type)
1807 {
1808 case vtype_filter_int:
1809 if (!filter_running) return NULL;
1810 /* Fall through */
1811 /* VVVVVVVVVVVV */
1812 case vtype_int:
1813 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1814 return var_buffer;
1815
1816 case vtype_ino:
1817 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1818 return var_buffer;
1819
1820 case vtype_gid:
1821 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1822 return var_buffer;
1823
1824 case vtype_uid:
1825 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1826 return var_buffer;
1827
1828 case vtype_bool:
1829 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1830 return var_buffer;
1831
1832 case vtype_stringptr: /* Pointer to string */
1833 return (s = *((uschar **)(val))) ? s : US"";
1834
1835 case vtype_pid:
1836 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1837 return var_buffer;
1838
1839 case vtype_load_avg:
1840 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1841 return var_buffer;
1842
1843 case vtype_host_lookup: /* Lookup if not done so */
1844 if ( !sender_host_name && sender_host_address
1845 && !host_lookup_failed && host_name_lookup() == OK)
1846 host_build_sender_fullhost();
1847 return sender_host_name ? sender_host_name : US"";
1848
1849 case vtype_localpart: /* Get local part from address */
1850 s = *((uschar **)(val));
1851 if (s == NULL) return US"";
1852 domain = Ustrrchr(s, '@');
1853 if (domain == NULL) return s;
1854 if (domain - s > sizeof(var_buffer) - 1)
1855 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1856 " in string expansion", sizeof(var_buffer));
1857 Ustrncpy(var_buffer, s, domain - s);
1858 var_buffer[domain - s] = 0;
1859 return var_buffer;
1860
1861 case vtype_domain: /* Get domain from address */
1862 s = *((uschar **)(val));
1863 if (s == NULL) return US"";
1864 domain = Ustrrchr(s, '@');
1865 return (domain == NULL)? US"" : domain + 1;
1866
1867 case vtype_msgheaders:
1868 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1869
1870 case vtype_msgheaders_raw:
1871 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1872
1873 case vtype_msgbody: /* Pointer to msgbody string */
1874 case vtype_msgbody_end: /* Ditto, the end of the msg */
1875 ss = (uschar **)(val);
1876 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1877 {
1878 uschar *body;
1879 off_t start_offset = SPOOL_DATA_START_OFFSET;
1880 int len = message_body_visible;
1881 if (len > message_size) len = message_size;
1882 *ss = body = store_malloc(len+1);
1883 body[0] = 0;
1884 if (vp->type == vtype_msgbody_end)
1885 {
1886 struct stat statbuf;
1887 if (fstat(deliver_datafile, &statbuf) == 0)
1888 {
1889 start_offset = statbuf.st_size - len;
1890 if (start_offset < SPOOL_DATA_START_OFFSET)
1891 start_offset = SPOOL_DATA_START_OFFSET;
1892 }
1893 }
1894 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1895 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1896 strerror(errno));
1897 len = read(deliver_datafile, body, len);
1898 if (len > 0)
1899 {
1900 body[len] = 0;
1901 if (message_body_newlines) /* Separate loops for efficiency */
1902 while (len > 0)
1903 { if (body[--len] == 0) body[len] = ' '; }
1904 else
1905 while (len > 0)
1906 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1907 }
1908 }
1909 return *ss ? *ss : US"";
1910
1911 case vtype_todbsdin: /* BSD inbox time of day */
1912 return tod_stamp(tod_bsdin);
1913
1914 case vtype_tode: /* Unix epoch time of day */
1915 return tod_stamp(tod_epoch);
1916
1917 case vtype_todel: /* Unix epoch/usec time of day */
1918 return tod_stamp(tod_epoch_l);
1919
1920 case vtype_todf: /* Full time of day */
1921 return tod_stamp(tod_full);
1922
1923 case vtype_todl: /* Log format time of day */
1924 return tod_stamp(tod_log_bare); /* (without timezone) */
1925
1926 case vtype_todzone: /* Time zone offset only */
1927 return tod_stamp(tod_zone);
1928
1929 case vtype_todzulu: /* Zulu time */
1930 return tod_stamp(tod_zulu);
1931
1932 case vtype_todlf: /* Log file datestamp tod */
1933 return tod_stamp(tod_log_datestamp_daily);
1934
1935 case vtype_reply: /* Get reply address */
1936 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1937 headers_charset);
1938 if (s) while (isspace(*s)) s++;
1939 if (!s || !*s)
1940 {
1941 *newsize = 0; /* For the *s==0 case */
1942 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1943 }
1944 if (s)
1945 {
1946 uschar *t;
1947 while (isspace(*s)) s++;
1948 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1949 while (t > s && isspace(t[-1])) t--;
1950 *t = 0;
1951 }
1952 return s ? s : US"";
1953
1954 case vtype_string_func:
1955 {
1956 uschar * (*fn)() = val;
1957 return fn();
1958 }
1959
1960 case vtype_pspace:
1961 {
1962 int inodes;
1963 sprintf(CS var_buffer, "%d",
1964 receive_statvfs(val == (void *)TRUE, &inodes));
1965 }
1966 return var_buffer;
1967
1968 case vtype_pinodes:
1969 {
1970 int inodes;
1971 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1972 sprintf(CS var_buffer, "%d", inodes);
1973 }
1974 return var_buffer;
1975
1976 case vtype_cert:
1977 return *(void **)val ? US"<cert>" : US"";
1978
1979 #ifndef DISABLE_DKIM
1980 case vtype_dkim:
1981 return dkim_exim_expand_query((int)(long)val);
1982 #endif
1983
1984 }
1985
1986 return NULL; /* Unknown variable. Silences static checkers. */
1987 }
1988
1989
1990
1991
1992 void
1993 modify_variable(uschar *name, void * value)
1994 {
1995 var_entry * vp;
1996 if ((vp = find_var_ent(name))) vp->value = value;
1997 return; /* Unknown variable name, fail silently */
1998 }
1999
2000
2001
2002
2003
2004
2005 /*************************************************
2006 * Read and expand substrings *
2007 *************************************************/
2008
2009 /* This function is called to read and expand argument substrings for various
2010 expansion items. Some have a minimum requirement that is less than the maximum;
2011 in these cases, the first non-present one is set to NULL.
2012
2013 Arguments:
2014 sub points to vector of pointers to set
2015 n maximum number of substrings
2016 m minimum required
2017 sptr points to current string pointer
2018 skipping the skipping flag
2019 check_end if TRUE, check for final '}'
2020 name name of item, for error message
2021 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2022 the store.
2023
2024 Returns: 0 OK; string pointer updated
2025 1 curly bracketing error (too few arguments)
2026 2 too many arguments (only if check_end is set); message set
2027 3 other error (expansion failure)
2028 */
2029
2030 static int
2031 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2032 BOOL check_end, uschar *name, BOOL *resetok)
2033 {
2034 int i;
2035 const uschar *s = *sptr;
2036
2037 while (isspace(*s)) s++;
2038 for (i = 0; i < n; i++)
2039 {
2040 if (*s != '{')
2041 {
2042 if (i < m)
2043 {
2044 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2045 "(min is %d)", name, m);
2046 return 1;
2047 }
2048 sub[i] = NULL;
2049 break;
2050 }
2051 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2052 return 3;
2053 if (*s++ != '}') return 1;
2054 while (isspace(*s)) s++;
2055 }
2056 if (check_end && *s++ != '}')
2057 {
2058 if (s[-1] == '{')
2059 {
2060 expand_string_message = string_sprintf("Too many arguments for '%s' "
2061 "(max is %d)", name, n);
2062 return 2;
2063 }
2064 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2065 return 1;
2066 }
2067
2068 *sptr = s;
2069 return 0;
2070 }
2071
2072
2073
2074
2075 /*************************************************
2076 * Elaborate message for bad variable *
2077 *************************************************/
2078
2079 /* For the "unknown variable" message, take a look at the variable's name, and
2080 give additional information about possible ACL variables. The extra information
2081 is added on to expand_string_message.
2082
2083 Argument: the name of the variable
2084 Returns: nothing
2085 */
2086
2087 static void
2088 check_variable_error_message(uschar *name)
2089 {
2090 if (Ustrncmp(name, "acl_", 4) == 0)
2091 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2092 (name[4] == 'c' || name[4] == 'm')?
2093 (isalpha(name[5])?
2094 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2095 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2096 ) :
2097 US"user-defined ACL variables must start acl_c or acl_m");
2098 }
2099
2100
2101
2102 /*
2103 Load args from sub array to globals, and call acl_check().
2104 Sub array will be corrupted on return.
2105
2106 Returns: OK access is granted by an ACCEPT verb
2107 DISCARD access is (apparently) granted by a DISCARD verb
2108 FAIL access is denied
2109 FAIL_DROP access is denied; drop the connection
2110 DEFER can't tell at the moment
2111 ERROR disaster
2112 */
2113 static int
2114 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2115 {
2116 int i;
2117 int sav_narg = acl_narg;
2118 int ret;
2119 uschar * dummy_logmsg;
2120 extern int acl_where;
2121
2122 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2123 for (i = 0; i < nsub && sub[i+1]; i++)
2124 {
2125 uschar * tmp = acl_arg[i];
2126 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2127 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2128 }
2129 acl_narg = i;
2130 while (i < nsub)
2131 {
2132 sub[i+1] = acl_arg[i];
2133 acl_arg[i++] = NULL;
2134 }
2135
2136 DEBUG(D_expand)
2137 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2138 sub[0],
2139 acl_narg>0 ? acl_arg[0] : US"<none>",
2140 acl_narg>1 ? " +more" : "");
2141
2142 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2143
2144 for (i = 0; i < nsub; i++)
2145 acl_arg[i] = sub[i+1]; /* restore old args */
2146 acl_narg = sav_narg;
2147
2148 return ret;
2149 }
2150
2151
2152
2153
2154 /*************************************************
2155 * Read and evaluate a condition *
2156 *************************************************/
2157
2158 /*
2159 Arguments:
2160 s points to the start of the condition text
2161 resetok points to a BOOL which is written false if it is unsafe to
2162 free memory. Certain condition types (acl) may have side-effect
2163 allocation which must be preserved.
2164 yield points to a BOOL to hold the result of the condition test;
2165 if NULL, we are just reading through a condition that is
2166 part of an "or" combination to check syntax, or in a state
2167 where the answer isn't required
2168
2169 Returns: a pointer to the first character after the condition, or
2170 NULL after an error
2171 */
2172
2173 static const uschar *
2174 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2175 {
2176 BOOL testfor = TRUE;
2177 BOOL tempcond, combined_cond;
2178 BOOL *subcondptr;
2179 BOOL sub2_honour_dollar = TRUE;
2180 int i, rc, cond_type, roffset;
2181 int_eximarith_t num[2];
2182 struct stat statbuf;
2183 uschar name[256];
2184 const uschar *sub[10];
2185
2186 const pcre *re;
2187 const uschar *rerror;
2188
2189 for (;;)
2190 {
2191 while (isspace(*s)) s++;
2192 if (*s == '!') { testfor = !testfor; s++; } else break;
2193 }
2194
2195 /* Numeric comparisons are symbolic */
2196
2197 if (*s == '=' || *s == '>' || *s == '<')
2198 {
2199 int p = 0;
2200 name[p++] = *s++;
2201 if (*s == '=')
2202 {
2203 name[p++] = '=';
2204 s++;
2205 }
2206 name[p] = 0;
2207 }
2208
2209 /* All other conditions are named */
2210
2211 else s = read_name(name, 256, s, US"_");
2212
2213 /* If we haven't read a name, it means some non-alpha character is first. */
2214
2215 if (name[0] == 0)
2216 {
2217 expand_string_message = string_sprintf("condition name expected, "
2218 "but found \"%.16s\"", s);
2219 return NULL;
2220 }
2221
2222 /* Find which condition we are dealing with, and switch on it */
2223
2224 cond_type = chop_match(name, cond_table, nelem(cond_table));
2225 switch(cond_type)
2226 {
2227 /* def: tests for a non-empty variable, or for the existence of a header. If
2228 yield == NULL we are in a skipping state, and don't care about the answer. */
2229
2230 case ECOND_DEF:
2231 if (*s != ':')
2232 {
2233 expand_string_message = US"\":\" expected after \"def\"";
2234 return NULL;
2235 }
2236
2237 s = read_name(name, 256, s+1, US"_");
2238
2239 /* Test for a header's existence. If the name contains a closing brace
2240 character, this may be a user error where the terminating colon has been
2241 omitted. Set a flag to adjust a subsequent error message in this case. */
2242
2243 if (Ustrncmp(name, "h_", 2) == 0 ||
2244 Ustrncmp(name, "rh_", 3) == 0 ||
2245 Ustrncmp(name, "bh_", 3) == 0 ||
2246 Ustrncmp(name, "header_", 7) == 0 ||
2247 Ustrncmp(name, "rheader_", 8) == 0 ||
2248 Ustrncmp(name, "bheader_", 8) == 0)
2249 {
2250 s = read_header_name(name, 256, s);
2251 /* {-for-text-editors */
2252 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2253 if (yield != NULL) *yield =
2254 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2255 }
2256
2257 /* Test for a variable's having a non-empty value. A non-existent variable
2258 causes an expansion failure. */
2259
2260 else
2261 {
2262 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2263 if (value == NULL)
2264 {
2265 expand_string_message = (name[0] == 0)?
2266 string_sprintf("variable name omitted after \"def:\"") :
2267 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
2268 check_variable_error_message(name);
2269 return NULL;
2270 }
2271 if (yield != NULL) *yield = (value[0] != 0) == testfor;
2272 }
2273
2274 return s;
2275
2276
2277 /* first_delivery tests for first delivery attempt */
2278
2279 case ECOND_FIRST_DELIVERY:
2280 if (yield != NULL) *yield = deliver_firsttime == testfor;
2281 return s;
2282
2283
2284 /* queue_running tests for any process started by a queue runner */
2285
2286 case ECOND_QUEUE_RUNNING:
2287 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2288 return s;
2289
2290
2291 /* exists: tests for file existence
2292 isip: tests for any IP address
2293 isip4: tests for an IPv4 address
2294 isip6: tests for an IPv6 address
2295 pam: does PAM authentication
2296 radius: does RADIUS authentication
2297 ldapauth: does LDAP authentication
2298 pwcheck: does Cyrus SASL pwcheck authentication
2299 */
2300
2301 case ECOND_EXISTS:
2302 case ECOND_ISIP:
2303 case ECOND_ISIP4:
2304 case ECOND_ISIP6:
2305 case ECOND_PAM:
2306 case ECOND_RADIUS:
2307 case ECOND_LDAPAUTH:
2308 case ECOND_PWCHECK:
2309
2310 while (isspace(*s)) s++;
2311 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2312
2313 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2314 if (sub[0] == NULL) return NULL;
2315 /* {-for-text-editors */
2316 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2317
2318 if (yield == NULL) return s; /* No need to run the test if skipping */
2319
2320 switch(cond_type)
2321 {
2322 case ECOND_EXISTS:
2323 if ((expand_forbid & RDO_EXISTS) != 0)
2324 {
2325 expand_string_message = US"File existence tests are not permitted";
2326 return NULL;
2327 }
2328 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2329 break;
2330
2331 case ECOND_ISIP:
2332 case ECOND_ISIP4:
2333 case ECOND_ISIP6:
2334 rc = string_is_ip_address(sub[0], NULL);
2335 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2336 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2337 break;
2338
2339 /* Various authentication tests - all optionally compiled */
2340
2341 case ECOND_PAM:
2342 #ifdef SUPPORT_PAM
2343 rc = auth_call_pam(sub[0], &expand_string_message);
2344 goto END_AUTH;
2345 #else
2346 goto COND_FAILED_NOT_COMPILED;
2347 #endif /* SUPPORT_PAM */
2348
2349 case ECOND_RADIUS:
2350 #ifdef RADIUS_CONFIG_FILE
2351 rc = auth_call_radius(sub[0], &expand_string_message);
2352 goto END_AUTH;
2353 #else
2354 goto COND_FAILED_NOT_COMPILED;
2355 #endif /* RADIUS_CONFIG_FILE */
2356
2357 case ECOND_LDAPAUTH:
2358 #ifdef LOOKUP_LDAP
2359 {
2360 /* Just to keep the interface the same */
2361 BOOL do_cache;
2362 int old_pool = store_pool;
2363 store_pool = POOL_SEARCH;
2364 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2365 &expand_string_message, &do_cache);
2366 store_pool = old_pool;
2367 }
2368 goto END_AUTH;
2369 #else
2370 goto COND_FAILED_NOT_COMPILED;
2371 #endif /* LOOKUP_LDAP */
2372
2373 case ECOND_PWCHECK:
2374 #ifdef CYRUS_PWCHECK_SOCKET
2375 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2376 goto END_AUTH;
2377 #else
2378 goto COND_FAILED_NOT_COMPILED;
2379 #endif /* CYRUS_PWCHECK_SOCKET */
2380
2381 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2382 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2383 END_AUTH:
2384 if (rc == ERROR || rc == DEFER) return NULL;
2385 *yield = (rc == OK) == testfor;
2386 #endif
2387 }
2388 return s;
2389
2390
2391 /* call ACL (in a conditional context). Accept true, deny false.
2392 Defer is a forced-fail. Anything set by message= goes to $value.
2393 Up to ten parameters are used; we use the braces round the name+args
2394 like the saslauthd condition does, to permit a variable number of args.
2395 See also the expansion-item version EITEM_ACL and the traditional
2396 acl modifier ACLC_ACL.
2397 Since the ACL may allocate new global variables, tell our caller to not
2398 reclaim memory.
2399 */
2400
2401 case ECOND_ACL:
2402 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2403 {
2404 uschar *sub[10];
2405 uschar *user_msg;
2406 BOOL cond = FALSE;
2407
2408 while (isspace(*s)) s++;
2409 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2410
2411 switch(read_subs(sub, nelem(sub), 1,
2412 &s, yield == NULL, TRUE, US"acl", resetok))
2413 {
2414 case 1: expand_string_message = US"too few arguments or bracketing "
2415 "error for acl";
2416 case 2:
2417 case 3: return NULL;
2418 }
2419
2420 if (yield != NULL)
2421 {
2422 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2423 switch(eval_acl(sub, nelem(sub), &user_msg))
2424 {
2425 case OK:
2426 cond = TRUE;
2427 case FAIL:
2428 lookup_value = NULL;
2429 if (user_msg)
2430 lookup_value = string_copy(user_msg);
2431 *yield = cond == testfor;
2432 break;
2433
2434 case DEFER:
2435 expand_string_forcedfail = TRUE;
2436 /*FALLTHROUGH*/
2437 default:
2438 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2439 return NULL;
2440 }
2441 }
2442 return s;
2443 }
2444
2445
2446 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2447
2448 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2449
2450 However, the last two are optional. That is why the whole set is enclosed
2451 in their own set of braces. */
2452
2453 case ECOND_SASLAUTHD:
2454 #ifndef CYRUS_SASLAUTHD_SOCKET
2455 goto COND_FAILED_NOT_COMPILED;
2456 #else
2457 {
2458 uschar *sub[4];
2459 while (isspace(*s)) s++;
2460 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2461 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2462 resetok))
2463 {
2464 case 1: expand_string_message = US"too few arguments or bracketing "
2465 "error for saslauthd";
2466 case 2:
2467 case 3: return NULL;
2468 }
2469 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2470 if (yield != NULL)
2471 {
2472 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2473 &expand_string_message);
2474 if (rc == ERROR || rc == DEFER) return NULL;
2475 *yield = (rc == OK) == testfor;
2476 }
2477 return s;
2478 }
2479 #endif /* CYRUS_SASLAUTHD_SOCKET */
2480
2481
2482 /* symbolic operators for numeric and string comparison, and a number of
2483 other operators, all requiring two arguments.
2484
2485 crypteq: encrypts plaintext and compares against an encrypted text,
2486 using crypt(), crypt16(), MD5 or SHA-1
2487 inlist/inlisti: checks if first argument is in the list of the second
2488 match: does a regular expression match and sets up the numerical
2489 variables if it succeeds
2490 match_address: matches in an address list
2491 match_domain: matches in a domain list
2492 match_ip: matches a host list that is restricted to IP addresses
2493 match_local_part: matches in a local part list
2494 */
2495
2496 case ECOND_MATCH_ADDRESS:
2497 case ECOND_MATCH_DOMAIN:
2498 case ECOND_MATCH_IP:
2499 case ECOND_MATCH_LOCAL_PART:
2500 #ifndef EXPAND_LISTMATCH_RHS
2501 sub2_honour_dollar = FALSE;
2502 #endif
2503 /* FALLTHROUGH */
2504
2505 case ECOND_CRYPTEQ:
2506 case ECOND_INLIST:
2507 case ECOND_INLISTI:
2508 case ECOND_MATCH:
2509
2510 case ECOND_NUM_L: /* Numerical comparisons */
2511 case ECOND_NUM_LE:
2512 case ECOND_NUM_E:
2513 case ECOND_NUM_EE:
2514 case ECOND_NUM_G:
2515 case ECOND_NUM_GE:
2516
2517 case ECOND_STR_LT: /* String comparisons */
2518 case ECOND_STR_LTI:
2519 case ECOND_STR_LE:
2520 case ECOND_STR_LEI:
2521 case ECOND_STR_EQ:
2522 case ECOND_STR_EQI:
2523 case ECOND_STR_GT:
2524 case ECOND_STR_GTI:
2525 case ECOND_STR_GE:
2526 case ECOND_STR_GEI:
2527
2528 for (i = 0; i < 2; i++)
2529 {
2530 /* Sometimes, we don't expand substrings; too many insecure configurations
2531 created using match_address{}{} and friends, where the second param
2532 includes information from untrustworthy sources. */
2533 BOOL honour_dollar = TRUE;
2534 if ((i > 0) && !sub2_honour_dollar)
2535 honour_dollar = FALSE;
2536
2537 while (isspace(*s)) s++;
2538 if (*s != '{')
2539 {
2540 if (i == 0) goto COND_FAILED_CURLY_START;
2541 expand_string_message = string_sprintf("missing 2nd string in {} "
2542 "after \"%s\"", name);
2543 return NULL;
2544 }
2545 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2546 honour_dollar, resetok)))
2547 return NULL;
2548 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2549 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2550 " for security reasons\n");
2551 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2552
2553 /* Convert to numerical if required; we know that the names of all the
2554 conditions that compare numbers do not start with a letter. This just saves
2555 checking for them individually. */
2556
2557 if (!isalpha(name[0]) && yield != NULL)
2558 if (sub[i][0] == 0)
2559 {
2560 num[i] = 0;
2561 DEBUG(D_expand)
2562 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2563 }
2564 else
2565 {
2566 num[i] = expanded_string_integer(sub[i], FALSE);
2567 if (expand_string_message != NULL) return NULL;
2568 }
2569 }
2570
2571 /* Result not required */
2572
2573 if (yield == NULL) return s;
2574
2575 /* Do an appropriate comparison */
2576
2577 switch(cond_type)
2578 {
2579 case ECOND_NUM_E:
2580 case ECOND_NUM_EE:
2581 tempcond = (num[0] == num[1]);
2582 break;
2583
2584 case ECOND_NUM_G:
2585 tempcond = (num[0] > num[1]);
2586 break;
2587
2588 case ECOND_NUM_GE:
2589 tempcond = (num[0] >= num[1]);
2590 break;
2591
2592 case ECOND_NUM_L:
2593 tempcond = (num[0] < num[1]);
2594 break;
2595
2596 case ECOND_NUM_LE:
2597 tempcond = (num[0] <= num[1]);
2598 break;
2599
2600 case ECOND_STR_LT:
2601 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2602 break;
2603
2604 case ECOND_STR_LTI:
2605 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2606 break;
2607
2608 case ECOND_STR_LE:
2609 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2610 break;
2611
2612 case ECOND_STR_LEI:
2613 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2614 break;
2615
2616 case ECOND_STR_EQ:
2617 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2618 break;
2619
2620 case ECOND_STR_EQI:
2621 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2622 break;
2623
2624 case ECOND_STR_GT:
2625 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2626 break;
2627
2628 case ECOND_STR_GTI:
2629 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2630 break;
2631
2632 case ECOND_STR_GE:
2633 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2634 break;
2635
2636 case ECOND_STR_GEI:
2637 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2638 break;
2639
2640 case ECOND_MATCH: /* Regular expression match */
2641 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2642 NULL);
2643 if (re == NULL)
2644 {
2645 expand_string_message = string_sprintf("regular expression error in "
2646 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2647 return NULL;
2648 }
2649 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2650 break;
2651
2652 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2653 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2654 goto MATCHED_SOMETHING;
2655
2656 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2657 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2658 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2659 goto MATCHED_SOMETHING;
2660
2661 case ECOND_MATCH_IP: /* Match IP address in a host list */
2662 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2663 {
2664 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2665 sub[0]);
2666 return NULL;
2667 }
2668 else
2669 {
2670 unsigned int *nullcache = NULL;
2671 check_host_block cb;
2672
2673 cb.host_name = US"";
2674 cb.host_address = sub[0];
2675
2676 /* If the host address starts off ::ffff: it is an IPv6 address in
2677 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2678 addresses. */
2679
2680 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2681 cb.host_address + 7 : cb.host_address;
2682
2683 rc = match_check_list(
2684 &sub[1], /* the list */
2685 0, /* separator character */
2686 &hostlist_anchor, /* anchor pointer */
2687 &nullcache, /* cache pointer */
2688 check_host, /* function for testing */
2689 &cb, /* argument for function */
2690 MCL_HOST, /* type of check */
2691 sub[0], /* text for debugging */
2692 NULL); /* where to pass back data */
2693 }
2694 goto MATCHED_SOMETHING;
2695
2696 case ECOND_MATCH_LOCAL_PART:
2697 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2698 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2699 /* Fall through */
2700 /* VVVVVVVVVVVV */
2701 MATCHED_SOMETHING:
2702 switch(rc)
2703 {
2704 case OK:
2705 tempcond = TRUE;
2706 break;
2707
2708 case FAIL:
2709 tempcond = FALSE;
2710 break;
2711
2712 case DEFER:
2713 expand_string_message = string_sprintf("unable to complete match "
2714 "against \"%s\": %s", sub[1], search_error_message);
2715 return NULL;
2716 }
2717
2718 break;
2719
2720 /* Various "encrypted" comparisons. If the second string starts with
2721 "{" then an encryption type is given. Default to crypt() or crypt16()
2722 (build-time choice). */
2723 /* }-for-text-editors */
2724
2725 case ECOND_CRYPTEQ:
2726 #ifndef SUPPORT_CRYPTEQ
2727 goto COND_FAILED_NOT_COMPILED;
2728 #else
2729 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2730 {
2731 int sublen = Ustrlen(sub[1]+5);
2732 md5 base;
2733 uschar digest[16];
2734
2735 md5_start(&base);
2736 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
2737
2738 /* If the length that we are comparing against is 24, the MD5 digest
2739 is expressed as a base64 string. This is the way LDAP does it. However,
2740 some other software uses a straightforward hex representation. We assume
2741 this if the length is 32. Other lengths fail. */
2742
2743 if (sublen == 24)
2744 {
2745 uschar *coded = b64encode(digest, 16);
2746 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2747 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2748 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
2749 }
2750 else if (sublen == 32)
2751 {
2752 int i;
2753 uschar coded[36];
2754 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2755 coded[32] = 0;
2756 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2757 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2758 tempcond = (strcmpic(coded, sub[1]+5) == 0);
2759 }
2760 else
2761 {
2762 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2763 "fail\n crypted=%s\n", sub[1]+5);
2764 tempcond = FALSE;
2765 }
2766 }
2767
2768 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2769 {
2770 int sublen = Ustrlen(sub[1]+6);
2771 hctx h;
2772 uschar digest[20];
2773
2774 sha1_start(&h);
2775 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
2776
2777 /* If the length that we are comparing against is 28, assume the SHA1
2778 digest is expressed as a base64 string. If the length is 40, assume a
2779 straightforward hex representation. Other lengths fail. */
2780
2781 if (sublen == 28)
2782 {
2783 uschar *coded = b64encode(digest, 20);
2784 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2785 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2786 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
2787 }
2788 else if (sublen == 40)
2789 {
2790 int i;
2791 uschar coded[44];
2792 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2793 coded[40] = 0;
2794 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2795 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2796 tempcond = (strcmpic(coded, sub[1]+6) == 0);
2797 }
2798 else
2799 {
2800 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2801 "fail\n crypted=%s\n", sub[1]+6);
2802 tempcond = FALSE;
2803 }
2804 }
2805
2806 else /* {crypt} or {crypt16} and non-{ at start */
2807 /* }-for-text-editors */
2808 {
2809 int which = 0;
2810 uschar *coded;
2811
2812 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2813 {
2814 sub[1] += 7;
2815 which = 1;
2816 }
2817 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2818 {
2819 sub[1] += 9;
2820 which = 2;
2821 }
2822 else if (sub[1][0] == '{') /* }-for-text-editors */
2823 {
2824 expand_string_message = string_sprintf("unknown encryption mechanism "
2825 "in \"%s\"", sub[1]);
2826 return NULL;
2827 }
2828
2829 switch(which)
2830 {
2831 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2832 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2833 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2834 }
2835
2836 #define STR(s) # s
2837 #define XSTR(s) STR(s)
2838 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2839 " subject=%s\n crypted=%s\n",
2840 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
2841 coded, sub[1]);
2842 #undef STR
2843 #undef XSTR
2844
2845 /* If the encrypted string contains fewer than two characters (for the
2846 salt), force failure. Otherwise we get false positives: with an empty
2847 string the yield of crypt() is an empty string! */
2848
2849 if (coded)
2850 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
2851 else if (errno == EINVAL)
2852 tempcond = FALSE;
2853 else
2854 {
2855 expand_string_message = string_sprintf("crypt error: %s\n",
2856 US strerror(errno));
2857 return NULL;
2858 }
2859 }
2860 break;
2861 #endif /* SUPPORT_CRYPTEQ */
2862
2863 case ECOND_INLIST:
2864 case ECOND_INLISTI:
2865 {
2866 const uschar * list = sub[1];
2867 int sep = 0;
2868 uschar *save_iterate_item = iterate_item;
2869 int (*compare)(const uschar *, const uschar *);
2870
2871 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", name, sub[0]);
2872
2873 tempcond = FALSE;
2874 compare = cond_type == ECOND_INLISTI
2875 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
2876
2877 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
2878 {
2879 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
2880 if (compare(sub[0], iterate_item) == 0)
2881 {
2882 tempcond = TRUE;
2883 break;
2884 }
2885 }
2886 iterate_item = save_iterate_item;
2887 }
2888
2889 } /* Switch for comparison conditions */
2890
2891 *yield = tempcond == testfor;
2892 return s; /* End of comparison conditions */
2893
2894
2895 /* and/or: computes logical and/or of several conditions */
2896
2897 case ECOND_AND:
2898 case ECOND_OR:
2899 subcondptr = (yield == NULL)? NULL : &tempcond;
2900 combined_cond = (cond_type == ECOND_AND);
2901
2902 while (isspace(*s)) s++;
2903 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2904
2905 for (;;)
2906 {
2907 while (isspace(*s)) s++;
2908 /* {-for-text-editors */
2909 if (*s == '}') break;
2910 if (*s != '{') /* }-for-text-editors */
2911 {
2912 expand_string_message = string_sprintf("each subcondition "
2913 "inside an \"%s{...}\" condition must be in its own {}", name);
2914 return NULL;
2915 }
2916
2917 if (!(s = eval_condition(s+1, resetok, subcondptr)))
2918 {
2919 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2920 expand_string_message, name);
2921 return NULL;
2922 }
2923 while (isspace(*s)) s++;
2924
2925 /* {-for-text-editors */
2926 if (*s++ != '}')
2927 {
2928 /* {-for-text-editors */
2929 expand_string_message = string_sprintf("missing } at end of condition "
2930 "inside \"%s\" group", name);
2931 return NULL;
2932 }
2933
2934 if (yield != NULL)
2935 {
2936 if (cond_type == ECOND_AND)
2937 {
2938 combined_cond &= tempcond;
2939 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2940 } /* evaluate any more */
2941 else
2942 {
2943 combined_cond |= tempcond;
2944 if (combined_cond) subcondptr = NULL; /* once true, don't */
2945 } /* evaluate any more */
2946 }
2947 }
2948
2949 if (yield != NULL) *yield = (combined_cond == testfor);
2950 return ++s;
2951
2952
2953 /* forall/forany: iterates a condition with different values */
2954
2955 case ECOND_FORALL:
2956 case ECOND_FORANY:
2957 {
2958 const uschar * list;
2959 int sep = 0;
2960 uschar *save_iterate_item = iterate_item;
2961
2962 DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
2963
2964 while (isspace(*s)) s++;
2965 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2966 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
2967 if (sub[0] == NULL) return NULL;
2968 /* {-for-text-editors */
2969 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2970
2971 while (isspace(*s)) s++;
2972 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2973
2974 sub[1] = s;
2975
2976 /* Call eval_condition once, with result discarded (as if scanning a
2977 "false" part). This allows us to find the end of the condition, because if
2978 the list it empty, we won't actually evaluate the condition for real. */
2979
2980 if (!(s = eval_condition(sub[1], resetok, NULL)))
2981 {
2982 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2983 expand_string_message, name);
2984 return NULL;
2985 }
2986 while (isspace(*s)) s++;
2987
2988 /* {-for-text-editors */
2989 if (*s++ != '}')
2990 {
2991 /* {-for-text-editors */
2992 expand_string_message = string_sprintf("missing } at end of condition "
2993 "inside \"%s\"", name);
2994 return NULL;
2995 }
2996
2997 if (yield != NULL) *yield = !testfor;
2998 list = sub[0];
2999 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
3000 {
3001 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, iterate_item);
3002 if (!eval_condition(sub[1], resetok, &tempcond))
3003 {
3004 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3005 expand_string_message, name);
3006 iterate_item = save_iterate_item;
3007 return NULL;
3008 }
3009 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name,
3010 tempcond? "true":"false");
3011
3012 if (yield != NULL) *yield = (tempcond == testfor);
3013 if (tempcond == (cond_type == ECOND_FORANY)) break;
3014 }
3015
3016 iterate_item = save_iterate_item;
3017 return s;
3018 }
3019
3020
3021 /* The bool{} expansion condition maps a string to boolean.
3022 The values supported should match those supported by the ACL condition
3023 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3024 of true/false. Note that Router "condition" rules have a different
3025 interpretation, where general data can be used and only a few values
3026 map to FALSE.
3027 Note that readconf.c boolean matching, for boolean configuration options,
3028 only matches true/yes/false/no.
3029 The bool_lax{} condition matches the Router logic, which is much more
3030 liberal. */
3031 case ECOND_BOOL:
3032 case ECOND_BOOL_LAX:
3033 {
3034 uschar *sub_arg[1];
3035 uschar *t, *t2;
3036 uschar *ourname;
3037 size_t len;
3038 BOOL boolvalue = FALSE;
3039 while (isspace(*s)) s++;
3040 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3041 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3042 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3043 {
3044 case 1: expand_string_message = string_sprintf(
3045 "too few arguments or bracketing error for %s",
3046 ourname);
3047 /*FALLTHROUGH*/
3048 case 2:
3049 case 3: return NULL;
3050 }
3051 t = sub_arg[0];
3052 while (isspace(*t)) t++;
3053 len = Ustrlen(t);
3054 if (len)
3055 {
3056 /* trailing whitespace: seems like a good idea to ignore it too */
3057 t2 = t + len - 1;
3058 while (isspace(*t2)) t2--;
3059 if (t2 != (t + len))
3060 {
3061 *++t2 = '\0';
3062 len = t2 - t;
3063 }
3064 }
3065 DEBUG(D_expand)
3066 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3067 /* logic for the lax case from expand_check_condition(), which also does
3068 expands, and the logic is both short and stable enough that there should
3069 be no maintenance burden from replicating it. */
3070 if (len == 0)
3071 boolvalue = FALSE;
3072 else if (*t == '-'
3073 ? Ustrspn(t+1, "0123456789") == len-1
3074 : Ustrspn(t, "0123456789") == len)
3075 {
3076 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3077 /* expand_check_condition only does a literal string "0" check */
3078 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3079 boolvalue = TRUE;
3080 }
3081 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3082 boolvalue = TRUE;
3083 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3084 boolvalue = FALSE;
3085 else if (cond_type == ECOND_BOOL_LAX)
3086 boolvalue = TRUE;
3087 else
3088 {
3089 expand_string_message = string_sprintf("unrecognised boolean "
3090 "value \"%s\"", t);
3091 return NULL;
3092 }
3093 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
3094 boolvalue? "true":"false");
3095 if (yield != NULL) *yield = (boolvalue == testfor);
3096 return s;
3097 }
3098
3099 /* Unknown condition */
3100
3101 default:
3102 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
3103 return NULL;
3104 } /* End switch on condition type */
3105
3106 /* Missing braces at start and end of data */
3107
3108 COND_FAILED_CURLY_START:
3109 expand_string_message = string_sprintf("missing { after \"%s\"", name);
3110 return NULL;
3111
3112 COND_FAILED_CURLY_END:
3113 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3114 name);
3115 return NULL;
3116
3117 /* A condition requires code that is not compiled */
3118
3119 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3120 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3121 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3122 COND_FAILED_NOT_COMPILED:
3123 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3124 name);
3125 return NULL;
3126 #endif
3127 }
3128
3129
3130
3131
3132 /*************************************************
3133 * Save numerical variables *
3134 *************************************************/
3135
3136 /* This function is called from items such as "if" that want to preserve and
3137 restore the numbered variables.
3138
3139 Arguments:
3140 save_expand_string points to an array of pointers to set
3141 save_expand_nlength points to an array of ints for the lengths
3142
3143 Returns: the value of expand max to save
3144 */
3145
3146 static int
3147 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3148 {
3149 int i;
3150 for (i = 0; i <= expand_nmax; i++)
3151 {
3152 save_expand_nstring[i] = expand_nstring[i];
3153 save_expand_nlength[i] = expand_nlength[i];
3154 }
3155 return expand_nmax;
3156 }
3157
3158
3159
3160 /*************************************************
3161 * Restore numerical variables *
3162 *************************************************/
3163
3164 /* This function restored saved values of numerical strings.
3165
3166 Arguments:
3167 save_expand_nmax the number of strings to restore
3168 save_expand_string points to an array of pointers
3169 save_expand_nlength points to an array of ints
3170
3171 Returns: nothing
3172 */
3173
3174 static void
3175 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3176 int *save_expand_nlength)
3177 {
3178 int i;
3179 expand_nmax = save_expand_nmax;
3180 for (i = 0; i <= expand_nmax; i++)
3181 {
3182 expand_nstring[i] = save_expand_nstring[i];
3183 expand_nlength[i] = save_expand_nlength[i];
3184 }
3185 }
3186
3187
3188
3189
3190
3191 /*************************************************
3192 * Handle yes/no substrings *
3193 *************************************************/
3194
3195 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3196 alternative substrings that depend on whether or not the condition was true,
3197 or the lookup or extraction succeeded. The substrings always have to be
3198 expanded, to check their syntax, but "skipping" is set when the result is not
3199 needed - this avoids unnecessary nested lookups.
3200
3201 Arguments:
3202 skipping TRUE if we were skipping when this item was reached
3203 yes TRUE if the first string is to be used, else use the second
3204 save_lookup a value to put back into lookup_value before the 2nd expansion
3205 sptr points to the input string pointer
3206 yieldptr points to the output growable-string pointer
3207 type "lookup", "if", "extract", "run", "env", "listextract" or
3208 "certextract" for error message
3209 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3210 the store.
3211
3212 Returns: 0 OK; lookup_value has been reset to save_lookup
3213 1 expansion failed
3214 2 expansion failed because of bracketing error
3215 */
3216
3217 static int
3218 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3219 gstring ** yieldptr, uschar *type, BOOL *resetok)
3220 {
3221 int rc = 0;
3222 const uschar *s = *sptr; /* Local value */
3223 uschar *sub1, *sub2;
3224 const uschar * errwhere;
3225
3226 /* If there are no following strings, we substitute the contents of $value for
3227 lookups and for extractions in the success case. For the ${if item, the string
3228 "true" is substituted. In the fail case, nothing is substituted for all three
3229 items. */
3230
3231 while (isspace(*s)) s++;
3232 if (*s == '}')
3233 {
3234 if (type[0] == 'i')
3235 {
3236 if (yes && !skipping)
3237 *yieldptr = string_catn(*yieldptr, US"true", 4);
3238 }
3239 else
3240 {
3241 if (yes && lookup_value && !skipping)
3242 *yieldptr = string_cat(*yieldptr, lookup_value);
3243 lookup_value = save_lookup;
3244 }
3245 s++;
3246 goto RETURN;
3247 }
3248
3249 /* The first following string must be braced. */
3250
3251 if (*s++ != '{')
3252 {
3253 errwhere = US"'yes' part did not start with '{'";
3254 goto FAILED_CURLY;
3255 }
3256
3257 /* Expand the first substring. Forced failures are noticed only if we actually
3258 want this string. Set skipping in the call in the fail case (this will always
3259 be the case if we were already skipping). */
3260
3261 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
3262 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3263 expand_string_forcedfail = FALSE;
3264 if (*s++ != '}')
3265 {
3266 errwhere = US"'yes' part did not end with '}'";
3267 goto FAILED_CURLY;
3268 }
3269
3270 /* If we want the first string, add it to the output */
3271
3272 if (yes)
3273 *yieldptr = string_cat(*yieldptr, sub1);
3274
3275 /* If this is called from a lookup/env or a (cert)extract, we want to restore
3276 $value to what it was at the start of the item, so that it has this value
3277 during the second string expansion. For the call from "if" or "run" to this
3278 function, save_lookup is set to lookup_value, so that this statement does
3279 nothing. */
3280
3281 lookup_value = save_lookup;
3282
3283 /* There now follows either another substring, or "fail", or nothing. This
3284 time, forced failures are noticed only if we want the second string. We must
3285 set skipping in the nested call if we don't want this string, or if we were
3286 already skipping. */
3287
3288 while (isspace(*s)) s++;
3289 if (*s == '{')
3290 {
3291 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
3292 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3293 expand_string_forcedfail = FALSE;
3294 if (*s++ != '}')
3295 {
3296 errwhere = US"'no' part did not start with '{'";
3297 goto FAILED_CURLY;
3298 }
3299
3300 /* If we want the second string, add it to the output */
3301
3302 if (!yes)
3303 *yieldptr = string_cat(*yieldptr, sub2);
3304 }
3305
3306 /* If there is no second string, but the word "fail" is present when the use of
3307 the second string is wanted, set a flag indicating it was a forced failure
3308 rather than a syntactic error. Swallow the terminating } in case this is nested
3309 inside another lookup or if or extract. */
3310
3311 else if (*s != '}')
3312 {
3313 uschar name[256];
3314 /* deconst cast ok here as source is s anyway */
3315 s = US read_name(name, sizeof(name), s, US"_");
3316 if (Ustrcmp(name, "fail") == 0)
3317 {
3318 if (!yes && !skipping)
3319 {
3320 while (isspace(*s)) s++;
3321 if (*s++ != '}')
3322 {
3323 errwhere = US"did not close with '}' after forcedfail";
3324 goto FAILED_CURLY;
3325 }
3326 expand_string_message =
3327 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3328 expand_string_forcedfail = TRUE;
3329 goto FAILED;
3330 }
3331 }
3332 else
3333 {
3334 expand_string_message =
3335 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3336 goto FAILED;
3337 }
3338 }
3339
3340 /* All we have to do now is to check on the final closing brace. */
3341
3342 while (isspace(*s)) s++;
3343 if (*s++ != '}')
3344 {
3345 errwhere = US"did not close with '}'";
3346 goto FAILED_CURLY;
3347 }
3348
3349
3350 RETURN:
3351 /* Update the input pointer value before returning */
3352 *sptr = s;
3353 return rc;
3354
3355 FAILED_CURLY:
3356 /* Get here if there is a bracketing failure */
3357 expand_string_message = string_sprintf(
3358 "curly-bracket problem in conditional yes/no parsing: %s\n"
3359 " remaining string is '%s'", errwhere, --s);
3360 rc = 2;
3361 goto RETURN;
3362
3363 FAILED:
3364 /* Get here for other failures */
3365 rc = 1;
3366 goto RETURN;
3367 }
3368
3369
3370
3371
3372 /*************************************************
3373 * Handle MD5 or SHA-1 computation for HMAC *
3374 *************************************************/
3375
3376 /* These are some wrapping functions that enable the HMAC code to be a bit
3377 cleaner. A good compiler will spot the tail recursion.
3378
3379 Arguments:
3380 type HMAC_MD5 or HMAC_SHA1
3381 remaining are as for the cryptographic hash functions
3382
3383 Returns: nothing
3384 */
3385
3386 static void
3387 chash_start(int type, void *base)
3388 {
3389 if (type == HMAC_MD5)
3390 md5_start((md5 *)base);
3391 else
3392 sha1_start((hctx *)base);
3393 }
3394
3395 static void
3396 chash_mid(int type, void *base, uschar *string)
3397 {
3398 if (type == HMAC_MD5)
3399 md5_mid((md5 *)base, string);
3400 else
3401 sha1_mid((hctx *)base, string);
3402 }
3403
3404 static void
3405 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3406 {
3407 if (type == HMAC_MD5)
3408 md5_end((md5 *)base, string, length, digest);
3409 else
3410 sha1_end((hctx *)base, string, length, digest);
3411 }
3412
3413
3414
3415
3416
3417 /********************************************************
3418 * prvs: Get last three digits of days since Jan 1, 1970 *
3419 ********************************************************/
3420
3421 /* This is needed to implement the "prvs" BATV reverse
3422 path signing scheme
3423
3424 Argument: integer "days" offset to add or substract to
3425 or from the current number of days.
3426
3427 Returns: pointer to string containing the last three
3428 digits of the number of days since Jan 1, 1970,
3429 modified by the offset argument, NULL if there
3430 was an error in the conversion.
3431
3432 */
3433
3434 static uschar *
3435 prvs_daystamp(int day_offset)
3436 {
3437 uschar *days = store_get(32); /* Need at least 24 for cases */
3438 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3439 (time(NULL) + day_offset*86400)/86400);
3440 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3441 }
3442
3443
3444
3445 /********************************************************
3446 * prvs: perform HMAC-SHA1 computation of prvs bits *
3447 ********************************************************/
3448
3449 /* This is needed to implement the "prvs" BATV reverse
3450 path signing scheme
3451
3452 Arguments:
3453 address RFC2821 Address to use
3454 key The key to use (must be less than 64 characters
3455 in size)
3456 key_num Single-digit key number to use. Defaults to
3457 '0' when NULL.
3458
3459 Returns: pointer to string containing the first three
3460 bytes of the final hash in hex format, NULL if
3461 there was an error in the process.
3462 */
3463
3464 static uschar *
3465 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3466 {
3467 gstring * hash_source;
3468 uschar * p;
3469 int i;
3470 hctx h;
3471 uschar innerhash[20];
3472 uschar finalhash[20];
3473 uschar innerkey[64];
3474 uschar outerkey[64];
3475 uschar *finalhash_hex = store_get(40);
3476
3477 if (key_num == NULL)
3478 key_num = US"0";
3479
3480 if (Ustrlen(key) > 64)
3481 return NULL;
3482
3483 hash_source = string_catn(NULL, key_num, 1);
3484 hash_source = string_catn(hash_source, daystamp, 3);
3485 hash_source = string_cat(hash_source, address);
3486 (void) string_from_gstring(hash_source);
3487
3488 DEBUG(D_expand)
3489 debug_printf_indent("prvs: hash source is '%s'\n", hash_source->s);
3490
3491 memset(innerkey, 0x36, 64);
3492 memset(outerkey, 0x5c, 64);
3493
3494 for (i = 0; i < Ustrlen(key); i++)
3495 {
3496 innerkey[i] ^= key[i];
3497 outerkey[i] ^= key[i];
3498 }
3499
3500 chash_start(HMAC_SHA1, &h);
3501 chash_mid(HMAC_SHA1, &h, innerkey);
3502 chash_end(HMAC_SHA1, &h, hash_source->s, hash_source->ptr, innerhash);
3503
3504 chash_start(HMAC_SHA1, &h);
3505 chash_mid(HMAC_SHA1, &h, outerkey);
3506 chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash);
3507
3508 p = finalhash_hex;
3509 for (i = 0; i < 3; i++)
3510 {
3511 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3512 *p++ = hex_digits[finalhash[i] & 0x0f];
3513 }
3514 *p = '\0';
3515
3516 return finalhash_hex;
3517 }
3518
3519
3520
3521
3522 /*************************************************
3523 * Join a file onto the output string *
3524 *************************************************/
3525
3526 /* This is used for readfile/readsock and after a run expansion.
3527 It joins the contents of a file onto the output string, globally replacing
3528 newlines with a given string (optionally).
3529
3530 Arguments:
3531 f the FILE
3532 yield pointer to the expandable string struct
3533 eol newline replacement string, or NULL
3534
3535 Returns: new pointer for expandable string, terminated if non-null
3536 */
3537
3538 static gstring *
3539 cat_file(FILE *f, gstring *yield, uschar *eol)
3540 {
3541 uschar buffer[1024];
3542
3543 while (Ufgets(buffer, sizeof(buffer), f))
3544 {
3545 int len = Ustrlen(buffer);
3546 if (eol && buffer[len-1] == '\n') len--;
3547 yield = string_catn(yield, buffer, len);
3548 if (eol && buffer[len])
3549 yield = string_cat(yield, eol);
3550 }
3551
3552 (void) string_from_gstring(yield);
3553 return yield;
3554 }
3555
3556
3557
3558
3559 /*************************************************
3560 * Evaluate numeric expression *
3561 *************************************************/
3562
3563 /* This is a set of mutually recursive functions that evaluate an arithmetic
3564 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3565 these functions that is called from elsewhere is eval_expr, whose interface is:
3566
3567 Arguments:
3568 sptr pointer to the pointer to the string - gets updated
3569 decimal TRUE if numbers are to be assumed decimal
3570 error pointer to where to put an error message - must be NULL on input
3571 endket TRUE if ')' must terminate - FALSE for external call
3572
3573 Returns: on success: the value of the expression, with *error still NULL
3574 on failure: an undefined value, with *error = a message
3575 */
3576
3577 static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
3578
3579
3580 static int_eximarith_t
3581 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3582 {
3583 uschar *s = *sptr;
3584 int_eximarith_t x = eval_op_or(&s, decimal, error);
3585 if (*error == NULL)
3586 {
3587 if (endket)
3588 {
3589 if (*s != ')')
3590 *error = US"expecting closing parenthesis";
3591 else
3592 while (isspace(*(++s)));
3593 }
3594 else if (*s != 0) *error = US"expecting operator";
3595 }
3596 *sptr = s;
3597 return x;
3598 }
3599
3600
3601 static int_eximarith_t
3602 eval_number(uschar **sptr, BOOL decimal, uschar **error)
3603 {
3604 register int c;
3605 int_eximarith_t n;
3606 uschar *s = *sptr;
3607 while (isspace(*s)) s++;
3608 c = *s;
3609 if (isdigit(c))
3610 {
3611 int count;
3612 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
3613 s += count;
3614 switch (tolower(*s))
3615 {
3616 default: break;
3617 case 'k': n *= 1024; s++; break;
3618 case 'm': n *= 1024*1024; s++; break;
3619 case 'g': n *= 1024*1024*1024; s++; break;
3620 }
3621 while (isspace (*s)) s++;
3622 }
3623 else if (c == '(')
3624 {
3625 s++;
3626 n = eval_expr(&s, decimal, error, 1);
3627 }
3628 else
3629 {
3630 *error = US"expecting number or opening parenthesis";
3631 n = 0;
3632 }
3633 *sptr = s;
3634 return n;
3635 }
3636
3637
3638 static int_eximarith_t
3639 eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3640 {
3641 uschar *s = *sptr;
3642 int_eximarith_t x;
3643 while (isspace(*s)) s++;
3644 if (*s == '+' || *s == '-' || *s == '~')
3645 {
3646 int op = *s++;
3647 x = eval_op_unary(&s, decimal, error);
3648 if (op == '-') x = -x;
3649 else if (op == '~') x = ~x;
3650 }
3651 else
3652 {
3653 x = eval_number(&s, decimal, error);
3654 }
3655 *sptr = s;
3656 return x;
3657 }
3658
3659
3660 static int_eximarith_t
3661 eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
3662 {
3663 uschar *s = *sptr;
3664 int_eximarith_t x = eval_op_unary(&s, decimal, error);
3665 if (*error == NULL)
3666 {
3667 while (*s == '*' || *s == '/' || *s == '%')
3668 {
3669 int op = *s++;
3670 int_eximarith_t y = eval_op_unary(&s, decimal, error);
3671 if (*error != NULL) break;
3672 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3673 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3674 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3675 * -N*M is INT_MIN will yield INT_MIN.
3676 * Since we don't support floating point, this is somewhat simpler.
3677 * Ideally, we'd return an error, but since we overflow for all other
3678 * arithmetic, consistency suggests otherwise, but what's the correct value
3679 * to use? There is none.
3680 * The C standard guarantees overflow for unsigned arithmetic but signed
3681 * overflow invokes undefined behaviour; in practice, this is overflow
3682 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3683 * that long/longlong larger than int are available, or we could just work
3684 * with larger types. We should consider whether to guarantee 32bit eval
3685 * and 64-bit working variables, with errors returned. For now ...
3686 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3687 * can just let the other invalid results occur otherwise, as they have
3688 * until now. For this one case, we can coerce.
3689 */
3690 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
3691 {
3692 DEBUG(D_expand)
3693 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
3694 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3695 x = EXIM_ARITH_MAX;
3696 continue;
3697 }
3698 if (op == '*')
3699 x *= y;
3700 else
3701 {
3702 if (y == 0)
3703 {
3704 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3705 x = 0;
3706 break;
3707 }
3708 if (op == '/')
3709 x /= y;
3710 else
3711 x %= y;
3712 }
3713 }
3714 }
3715 *sptr = s;
3716 return x;
3717 }
3718
3719
3720 static int_eximarith_t
3721 eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3722 {
3723 uschar *s = *sptr;
3724 int_eximarith_t x = eval_op_mult(&s, decimal, error);
3725 if (!*error)
3726 {
3727 while (*s == '+' || *s == '-')
3728 {
3729 int op = *s++;
3730 int_eximarith_t y = eval_op_mult(&s, decimal, error);
3731 if (*error) break;
3732 if ( (x >= EXIM_ARITH_MAX/2 && x >= EXIM_ARITH_MAX/2)
3733 || (x <= -(EXIM_ARITH_MAX/2) && y <= -(EXIM_ARITH_MAX/2)))
3734 { /* over-conservative check */
3735 *error = op == '+'
3736 ? US"overflow in sum" : US"overflow in difference";
3737 break;
3738 }
3739 if (op == '+') x += y; else x -= y;
3740 }
3741 }
3742 *sptr = s;
3743 return x;
3744 }
3745
3746
3747 static int_eximarith_t
3748 eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3749 {
3750 uschar *s = *sptr;
3751 int_eximarith_t x = eval_op_sum(&s, decimal, error);
3752 if (*error == NULL)
3753 {
3754 while ((*s == '<' || *s == '>') && s[1] == s[0])
3755 {
3756 int_eximarith_t y;
3757 int op = *s++;
3758 s++;
3759 y = eval_op_sum(&s, decimal, error);
3760 if (*error != NULL) break;
3761 if (op == '<') x <<= y; else x >>= y;
3762 }
3763 }
3764 *sptr = s;
3765 return x;
3766 }
3767
3768
3769 static int_eximarith_t
3770 eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3771 {
3772 uschar *s = *sptr;
3773 int_eximarith_t x = eval_op_shift(&s, decimal, error);
3774 if (*error == NULL)
3775 {
3776 while (*s == '&')
3777 {
3778 int_eximarith_t y;
3779 s++;
3780 y = eval_op_shift(&s, decimal, error);
3781 if (*error != NULL) break;
3782 x &= y;
3783 }
3784 }
3785 *sptr = s;
3786 return x;
3787 }
3788
3789
3790 static int_eximarith_t
3791 eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3792 {
3793 uschar *s = *sptr;
3794 int_eximarith_t x = eval_op_and(&s, decimal, error);
3795 if (*error == NULL)
3796 {
3797 while (*s == '^')
3798 {
3799 int_eximarith_t y;
3800 s++;
3801 y = eval_op_and(&s, decimal, error);
3802 if (*error != NULL) break;
3803 x ^= y;
3804 }
3805 }
3806 *sptr = s;
3807 return x;
3808 }
3809
3810
3811 static int_eximarith_t
3812 eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3813 {
3814 uschar *s = *sptr;
3815 int_eximarith_t x = eval_op_xor(&s, decimal, error);
3816 if (*error == NULL)
3817 {
3818 while (*s == '|')
3819 {
3820 int_eximarith_t y;
3821 s++;
3822 y = eval_op_xor(&s, decimal, error);
3823 if (*error != NULL) break;
3824 x |= y;
3825 }
3826 }
3827 *sptr = s;
3828 return x;
3829 }
3830
3831
3832
3833 /*************************************************
3834 * Expand string *
3835 *************************************************/
3836
3837 /* Returns either an unchanged string, or the expanded string in stacking pool
3838 store. Interpreted sequences are:
3839
3840 \... normal escaping rules
3841 $name substitutes the variable
3842 ${name} ditto
3843 ${op:string} operates on the expanded string value
3844 ${item{arg1}{arg2}...} expands the args and then does the business
3845 some literal args are not enclosed in {}
3846
3847 There are now far too many operators and item types to make it worth listing
3848 them here in detail any more.
3849
3850 We use an internal routine recursively to handle embedded substrings. The
3851 external function follows. The yield is NULL if the expansion failed, and there
3852 are two cases: if something collapsed syntactically, or if "fail" was given
3853 as the action on a lookup failure. These can be distinguished by looking at the
3854 variable expand_string_forcedfail, which is TRUE in the latter case.
3855
3856 The skipping flag is set true when expanding a substring that isn't actually
3857 going to be used (after "if" or "lookup") and it prevents lookups from
3858 happening lower down.
3859
3860 Store usage: At start, a store block of the length of the input plus 64
3861 is obtained. This is expanded as necessary by string_cat(), which might have to
3862 get a new block, or might be able to expand the original. At the end of the
3863 function we can release any store above that portion of the yield block that
3864 was actually used. In many cases this will be optimal.
3865
3866 However: if the first item in the expansion is a variable name or header name,
3867 we reset the store before processing it; if the result is in fresh store, we
3868 use that without copying. This is helpful for expanding strings like
3869 $message_headers which can get very long.
3870
3871 There's a problem if a ${dlfunc item has side-effects that cause allocation,
3872 since resetting the store at the end of the expansion will free store that was
3873 allocated by the plugin code as well as the slop after the expanded string. So
3874 we skip any resets if ${dlfunc } has been used. The same applies for ${acl }
3875 and, given the acl condition, ${if }. This is an unfortunate consequence of
3876 string expansion becoming too powerful.
3877
3878 Arguments:
3879 string the string to be expanded
3880 ket_ends true if expansion is to stop at }
3881 left if not NULL, a pointer to the first character after the
3882 expansion is placed here (typically used with ket_ends)
3883 skipping TRUE for recursive calls when the value isn't actually going
3884 to be used (to allow for optimisation)
3885 honour_dollar TRUE if $ is to be expanded,
3886 FALSE if it's just another character
3887 resetok_p if not NULL, pointer to flag - write FALSE if unsafe to reset
3888 the store.
3889
3890 Returns: NULL if expansion fails:
3891 expand_string_forcedfail is set TRUE if failure was forced
3892 expand_string_message contains a textual error message
3893 a pointer to the expanded string on success
3894 */
3895
3896 static uschar *
3897 expand_string_internal(const uschar *string, BOOL ket_ends, const uschar **left,
3898 BOOL skipping, BOOL honour_dollar, BOOL *resetok_p)
3899 {
3900 gstring * yield = string_get(Ustrlen(string) + 64);
3901 int item_type;
3902 const uschar *s = string;
3903 uschar *save_expand_nstring[EXPAND_MAXN+1];
3904 int save_expand_nlength[EXPAND_MAXN+1];
3905 BOOL resetok = TRUE;
3906
3907 expand_level++;
3908 DEBUG(D_expand)
3909 debug_printf_indent(UTF8_DOWN_RIGHT "%s: %s\n",
3910 skipping
3911 ? UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "scanning"
3912 : "considering",
3913 string);
3914
3915 expand_string_forcedfail = FALSE;
3916 expand_string_message = US"";
3917
3918 while (*s != 0)
3919 {
3920 uschar *value;
3921 uschar name[256];
3922
3923 /* \ escapes the next character, which must exist, or else
3924 the expansion fails. There's a special escape, \N, which causes
3925 copying of the subject verbatim up to the next \N. Otherwise,
3926 the escapes are the standard set. */
3927
3928 if (*s == '\\')
3929 {
3930 if (s[1] == 0)
3931 {
3932 expand_string_message = US"\\ at end of string";
3933 goto EXPAND_FAILED;
3934 }
3935
3936 if (s[1] == 'N')
3937 {
3938 const uschar * t = s + 2;
3939 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3940 yield = string_catn(yield, t, s - t);
3941 if (*s != 0) s += 2;
3942 }
3943
3944 else
3945 {
3946 uschar ch[1];
3947 ch[0] = string_interpret_escape(&s);
3948 s++;
3949 yield = string_catn(yield, ch, 1);
3950 }
3951
3952 continue;
3953 }
3954
3955 /*{*/
3956 /* Anything other than $ is just copied verbatim, unless we are
3957 looking for a terminating } character. */
3958
3959 /*{*/
3960 if (ket_ends && *s == '}') break;
3961
3962 if (*s != '$' || !honour_dollar)
3963 {
3964 yield = string_catn(yield, s++, 1);
3965 continue;
3966 }
3967
3968 /* No { after the $ - must be a plain name or a number for string
3969 match variable. There has to be a fudge for variables that are the
3970 names of header fields preceded by "$header_" because header field
3971 names can contain any printing characters except space and colon.
3972 For those that don't like typing this much, "$h_" is a synonym for
3973 "$header_". A non-existent header yields a NULL value; nothing is
3974 inserted. */ /*}*/
3975
3976 if (isalpha((*(++s))))
3977 {
3978 int len;
3979 int newsize = 0;
3980 gstring * g = NULL;
3981
3982 s = read_name(name, sizeof(name), s, US"_");
3983
3984 /* If this is the first thing to be expanded, release the pre-allocated
3985 buffer. */
3986
3987 if (!yield)
3988 g = store_get(sizeof(gstring));
3989 else if (yield->ptr == 0)
3990 {
3991 if (resetok) store_reset(yield);
3992 yield = NULL;
3993 g = store_get(sizeof(gstring)); /* alloc _before_ calling find_variable() */
3994 }
3995
3996 /* Header */
3997
3998 if (Ustrncmp(name, "h_", 2) == 0 ||
3999 Ustrncmp(name, "rh_", 3) == 0 ||
4000 Ustrncmp(name, "bh_", 3) == 0 ||
4001 Ustrncmp(name, "header_", 7) == 0 ||
4002 Ustrncmp(name, "rheader_", 8) == 0 ||
4003 Ustrncmp(name, "bheader_", 8) == 0)
4004 {
4005 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
4006 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
4007 s = read_header_name(name, sizeof(name), s);
4008 value = find_header(name, FALSE, &newsize, want_raw, charset);
4009
4010 /* If we didn't find the header, and the header contains a closing brace
4011 character, this may be a user error where the terminating colon
4012 has been omitted. Set a flag to adjust the error message in this case.
4013 But there is no error here - nothing gets inserted. */
4014
4015 if (!value)
4016 {
4017 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
4018 continue;
4019 }
4020 }
4021
4022 /* Variable */
4023
4024 else if (!(value = find_variable(name, FALSE, skipping, &newsize)))
4025 {
4026 expand_string_message =
4027 string_sprintf("unknown variable name \"%s\"", name);
4028 check_variable_error_message(name);
4029 goto EXPAND_FAILED;
4030 }
4031
4032 /* If the data is known to be in a new buffer, newsize will be set to the
4033 size of that buffer. If this is the first thing in an expansion string,
4034 yield will be NULL; just point it at the new store instead of copying. Many
4035 expansion strings contain just one reference, so this is a useful
4036 optimization, especially for humungous headers. We need to use a gstring
4037 structure that is not allocated after that new-buffer, else a later store
4038 reset in the middle of the buffer will make it inaccessible. */
4039
4040 len = Ustrlen(value);
4041 if (!yield && newsize != 0)
4042 {
4043 yield = g;
4044 yield->size = newsize;
4045 yield->ptr = len;
4046 yield->s = value;
4047 }
4048 else
4049 yield = string_catn(yield, value, len);
4050
4051 continue;
4052 }
4053
4054 if (isdigit(*s))
4055 {
4056 int n;
4057 s = read_cnumber(&n, s);
4058 if (n >= 0 && n <= expand_nmax)
4059 yield = string_catn(yield, expand_nstring[n], expand_nlength[n]);
4060 continue;
4061 }
4062
4063 /* Otherwise, if there's no '{' after $ it's an error. */ /*}*/
4064
4065 if (*s != '{') /*}*/
4066 {
4067 expand_string_message = US"$ not followed by letter, digit, or {"; /*}*/
4068 goto EXPAND_FAILED;
4069 }
4070
4071 /* After { there can be various things, but they all start with
4072 an initial word, except for a number for a string match variable. */
4073
4074 if (isdigit((*(++s))))
4075 {
4076 int n;
4077 s = read_cnumber(&n, s); /*{*/
4078 if (*s++ != '}')
4079 { /*{*/
4080 expand_string_message = US"} expected after number";
4081 goto EXPAND_FAILED;
4082 }
4083 if (n >= 0 && n <= expand_nmax)
4084 yield = string_catn(yield, expand_nstring[n], expand_nlength[n]);
4085 continue;
4086 }
4087
4088 if (!isalpha(*s))
4089 {
4090 expand_string_message = US"letter or digit expected after ${"; /*}*/
4091 goto EXPAND_FAILED;
4092 }
4093
4094 /* Allow "-" in names to cater for substrings with negative
4095 arguments. Since we are checking for known names after { this is
4096 OK. */
4097
4098 s = read_name(name, sizeof(name), s, US"_-");
4099 item_type = chop_match(name, item_table, nelem(item_table));
4100
4101 switch(item_type)
4102 {
4103 /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
4104 If the ACL returns accept or reject we return content set by "message ="
4105 There is currently no limit on recursion; this would have us call
4106 acl_check_internal() directly and get a current level from somewhere.
4107 See also the acl expansion condition ECOND_ACL and the traditional
4108 acl modifier ACLC_ACL.
4109 Assume that the function has side-effects on the store that must be preserved.
4110 */
4111
4112 case EITEM_ACL:
4113 /* ${acl {name} {arg1}{arg2}...} */
4114 {
4115 uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */
4116 uschar *user_msg;
4117
4118 switch(read_subs(sub, nelem(sub), 1, &s, skipping, TRUE, US"acl",
4119 &resetok))
4120 {
4121 case 1: goto EXPAND_FAILED_CURLY;
4122 case 2:
4123 case 3: goto EXPAND_FAILED;
4124 }
4125 if (skipping) continue;
4126
4127 resetok = FALSE;
4128 switch(eval_acl(sub, nelem(sub), &user_msg))
4129 {
4130 case OK:
4131 case FAIL:
4132 DEBUG(D_expand)
4133 debug_printf_indent("acl expansion yield: %s\n", user_msg);
4134 if (user_msg)
4135 yield = string_cat(yield, user_msg);
4136 continue;
4137
4138 case DEFER:
4139 expand_string_forcedfail = TRUE;
4140 /*FALLTHROUGH*/
4141 default:
4142 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
4143 goto EXPAND_FAILED;
4144 }
4145 }
4146
4147 case EITEM_AUTHRESULTS:
4148 /* ${authresults {mysystemname}} */
4149 {
4150 uschar *sub_arg[1];
4151
4152 switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
4153 &resetok))
4154 {
4155 case 1: goto EXPAND_FAILED_CURLY;
4156 case 2:
4157 case 3: goto EXPAND_FAILED;
4158 }
4159
4160 yield = string_append(yield, 3,
4161 US"Authentication-Results: ", sub_arg[0], US"; none");
4162 yield->ptr -= 6;
4163
4164 yield = authres_local(yield, sub_arg[0]);
4165 yield = authres_iprev(yield);
4166 yield = authres_smtpauth(yield);
4167 #ifdef SUPPORT_SPF
4168 yield = authres_spf(yield);
4169 #endif
4170 #ifndef DISABLE_DKIM
4171 yield = authres_dkim(yield);
4172 #endif
4173 #ifdef EXPERIMENTAL_DMARC
4174 yield = authres_dmarc(yield);
4175 #endif
4176 #ifdef EXPERIMENTAL_ARC
4177 yield = authres_arc(yield);
4178 #endif
4179 continue;
4180 }
4181
4182 /* Handle conditionals - preserve the values of the numerical expansion
4183 variables in case they get changed by a regular expression match in the
4184 condition. If not, they retain their external settings. At the end
4185 of this "if" section, they get restored to their previous values. */
4186
4187 case EITEM_IF:
4188 {
4189 BOOL cond = FALSE;
4190 const uschar *next_s;
4191 int save_expand_nmax =
4192 save_expand_strings(save_expand_nstring, save_expand_nlength);
4193
4194 while (isspace(*s)) s++;
4195 next_s = eval_condition(s, &resetok, skipping ? NULL : &cond);
4196 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
4197
4198 DEBUG(D_expand)
4199 {
4200 debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
4201 "condition: %.*s\n",
4202 (int)(next_s - s), s);
4203 debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
4204 UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
4205 "result: %s\n",
4206 cond ? "true" : "false");
4207 }
4208
4209 s = next_s;
4210
4211 /* The handling of "yes" and "no" result strings is now in a separate
4212 function that is also used by ${lookup} and ${extract} and ${run}. */
4213
4214 switch(process_yesno(
4215 skipping, /* were previously skipping */
4216 cond, /* success/failure indicator */
4217 lookup_value, /* value to reset for string2 */
4218 &s, /* input pointer */
4219 &yield, /* output pointer */
4220 US"if", /* condition type */
4221 &resetok))
4222 {
4223 case 1: goto EXPAND_FAILED; /* when all is well, the */
4224 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4225 }
4226
4227 /* Restore external setting of expansion variables for continuation
4228 at this level. */
4229
4230 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4231 save_expand_nlength);
4232 continue;
4233 }
4234
4235 #ifdef SUPPORT_I18N
4236 case EITEM_IMAPFOLDER:
4237 { /* ${imapfolder {name}{sep]{specials}} */
4238 uschar *sub_arg[3];
4239 uschar *encoded;
4240
4241 switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name,
4242 &resetok))
4243 {
4244 case 1: goto EXPAND_FAILED_CURLY;
4245 case 2:
4246 case 3: goto EXPAND_FAILED;
4247 }
4248
4249 if (sub_arg[1] == NULL) /* One argument */
4250 {
4251 sub_arg[1] = US"/"; /* default separator */
4252 sub_arg[2] = NULL;
4253 }
4254 else if (Ustrlen(sub_arg[1]) != 1)
4255 {
4256 expand_string_message =
4257 string_sprintf(
4258 "IMAP folder separator must be one character, found \"%s\"",
4259 sub_arg[1]);
4260 goto EXPAND_FAILED;
4261 }
4262
4263 if (!skipping)
4264 {
4265 if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset,
4266 sub_arg[1][0], sub_arg[2], &expand_string_message)))
4267 goto EXPAND_FAILED;
4268 yield = string_cat(yield, encoded);
4269 }
4270 continue;
4271 }
4272 #endif
4273
4274 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
4275 expanding an internal string that isn't actually going to be used. All we
4276 need to do is check the syntax, so don't do a lookup at all. Preserve the
4277 values of the numerical expansion variables in case they get changed by a
4278 partial lookup. If not, they retain their external settings. At the end
4279 of this "lookup" section, they get restored to their previous values. */
4280
4281 case EITEM_LOOKUP:
4282 {
4283 int stype, partial, affixlen, starflags;
4284 int expand_setup = 0;
4285 int nameptr = 0;
4286 uschar *key, *filename;
4287 const uschar *affix;
4288 uschar *save_lookup_value = lookup_value;
4289 int save_expand_nmax =
4290 save_expand_strings(save_expand_nstring, save_expand_nlength);
4291
4292 if ((expand_forbid & RDO_LOOKUP) != 0)
4293 {
4294 expand_string_message = US"lookup expansions are not permitted";
4295 goto EXPAND_FAILED;
4296 }
4297
4298 /* Get the key we are to look up for single-key+file style lookups.
4299 Otherwise set the key NULL pro-tem. */
4300
4301 while (isspace(*s)) s++;
4302 if (*s == '{') /*}*/
4303 {
4304 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
4305 if (!key) goto EXPAND_FAILED; /*{{*/
4306 if (*s++ != '}')
4307 {
4308 expand_string_message = US"missing '}' after lookup key";
4309 goto EXPAND_FAILED_CURLY;
4310 }
4311 while (isspace(*s)) s++;
4312 }
4313 else key = NULL;
4314
4315 /* Find out the type of database */
4316
4317 if (!isalpha(*s))
4318 {
4319 expand_string_message = US"missing lookup type";
4320 goto EXPAND_FAILED;
4321 }
4322
4323 /* The type is a string that may contain special characters of various
4324 kinds. Allow everything except space or { to appear; the actual content
4325 is checked by search_findtype_partial. */ /*}*/
4326
4327 while (*s != 0 && *s != '{' && !isspace(*s)) /*}*/
4328 {
4329 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
4330 s++;
4331 }
4332 name[nameptr] = 0;
4333 while (isspace(*s)) s++;
4334
4335 /* Now check for the individual search type and any partial or default
4336 options. Only those types that are actually in the binary are valid. */
4337
4338 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
4339 &starflags);
4340 if (stype < 0)
4341 {
4342 expand_string_message = search_error_message;
4343 goto EXPAND_FAILED;
4344 }
4345
4346 /* Check that a key was provided for those lookup types that need it,
4347 and was not supplied for those that use the query style. */
4348
4349 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
4350 {
4351 if (key == NULL)
4352 {
4353 expand_string_message = string_sprintf("missing {key} for single-"
4354 "key \"%s\" lookup", name);
4355 goto EXPAND_FAILED;
4356 }
4357 }
4358 else
4359 {
4360 if (key != NULL)
4361 {
4362 expand_string_message = string_sprintf("a single key was given for "
4363 "lookup type \"%s\", which is not a single-key lookup type", name);
4364 goto EXPAND_FAILED;
4365 }
4366 }
4367
4368 /* Get the next string in brackets and expand it. It is the file name for
4369 single-key+file lookups, and the whole query otherwise. In the case of
4370 queries that also require a file name (e.g. sqlite), the file name comes
4371 first. */
4372
4373 if (*s != '{')
4374 {
4375 expand_string_message = US"missing '{' for lookup file-or-query arg";
4376 goto EXPAND_FAILED_CURLY;
4377 }
4378 filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
4379 if (filename == NULL) goto EXPAND_FAILED;
4380 if (*s++ != '}')
4381 {
4382 expand_string_message = US"missing '}' closing lookup file-or-query arg";
4383 goto EXPAND_FAILED_CURLY;
4384 }
4385 while (isspace(*s)) s++;
4386
4387 /* If this isn't a single-key+file lookup, re-arrange the variables
4388 to be appropriate for the search_ functions. For query-style lookups,
4389 there is just a "key", and no file name. For the special query-style +
4390 file types, the query (i.e. "key") starts with a file name. */
4391
4392 if (!key)
4393 {
4394 while (isspace(*filename)) filename++;
4395 key = filename;
4396
4397 if (mac_islookup(stype, lookup_querystyle))
4398 filename = NULL;
4399 else
4400 {
4401 if (*filename != '/')
4402 {
4403 expand_string_message = string_sprintf(
4404 "absolute file name expected for \"%s\" lookup", name);
4405 goto EXPAND_FAILED;
4406 }
4407 while (*key != 0 && !isspace(*key)) key++;
4408 if (*key != 0) *key++ = 0;
4409 }
4410 }
4411
4412 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
4413 the entry was not found. Note that there is no search_close() function.
4414 Files are left open in case of re-use. At suitable places in higher logic,
4415 search_tidyup() is called to tidy all open files. This can save opening
4416 the same file several times. However, files may also get closed when
4417 others are opened, if too many are open at once. The rule is that a
4418 handle should not be used after a second search_open().
4419
4420 Request that a partial search sets up $1 and maybe $2 by passing
4421 expand_setup containing zero. If its value changes, reset expand_nmax,
4422 since new variables will have been set. Note that at the end of this
4423 "lookup" section, the old numeric variables are restored. */
4424
4425 if (skipping)
4426 lookup_value = NULL;
4427 else
4428 {
4429 void *handle = search_open(filename, stype, 0, NULL, NULL);
4430 if (handle == NULL)
4431 {
4432 expand_string_message = search_error_message;
4433 goto EXPAND_FAILED;
4434 }
4435 lookup_value = search_find(handle, filename, key, partial, affix,
4436 affixlen, starflags, &expand_setup);
4437 if (search_find_defer)
4438 {
4439 expand_string_message =
4440 string_sprintf("lookup of \"%s\" gave DEFER: %s",
4441 string_printing2(key, FALSE), search_error_message);
4442 goto EXPAND_FAILED;
4443 }
4444 if (expand_setup > 0) expand_nmax = expand_setup;
4445 }
4446
4447 /* The handling of "yes" and "no" result strings is now in a separate
4448 function that is also used by ${if} and ${extract}. */
4449
4450 switch(process_yesno(
4451 skipping, /* were previously skipping */
4452 lookup_value != NULL, /* success/failure indicator */
4453 save_lookup_value, /* value to reset for string2 */
4454 &s, /* input pointer */
4455 &yield, /* output pointer */
4456 US"lookup", /* condition type */
4457 &resetok))
4458 {
4459 case 1: goto EXPAND_FAILED; /* when all is well, the */
4460 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4461 }
4462
4463 /* Restore external setting of expansion variables for carrying on
4464 at this level, and continue. */
4465
4466 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4467 save_expand_nlength);
4468 continue;
4469 }
4470
4471 /* If Perl support is configured, handle calling embedded perl subroutines,
4472 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
4473 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
4474 arguments (defined below). */
4475
4476 #define EXIM_PERL_MAX_ARGS 8
4477
4478 case EITEM_PERL:
4479 #ifndef EXIM_PERL
4480 expand_string_message = US"\"${perl\" encountered, but this facility " /*}*/
4481 "is not included in this binary";
4482 goto EXPAND_FAILED;
4483
4484 #else /* EXIM_PERL */
4485 {
4486 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
4487 gstring *new_yield;
4488
4489 if ((expand_forbid & RDO_PERL) != 0)
4490 {
4491 expand_string_message = US"Perl calls are not permitted";
4492 goto EXPAND_FAILED;
4493 }
4494
4495 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
4496 US"perl", &resetok))
4497 {
4498 case 1: goto EXPAND_FAILED_CURLY;
4499 case 2:
4500 case 3: goto EXPAND_FAILED;
4501 }
4502
4503 /* If skipping, we don't actually do anything */
4504
4505 if (skipping) continue;
4506
4507 /* Start the interpreter if necessary */
4508
4509 if (!opt_perl_started)
4510 {
4511 uschar *initerror;
4512 if (opt_perl_startup == NULL)
4513 {
4514 expand_string_message = US"A setting of perl_startup is needed when "
4515 "using the Perl interpreter";
4516 goto EXPAND_FAILED;
4517 }
4518 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
4519 initerror = init_perl(opt_perl_startup);
4520 if (initerror != NULL)
4521 {
4522 expand_string_message =
4523 string_sprintf("error in perl_startup code: %s\n", initerror);
4524 goto EXPAND_FAILED;
4525 }
4526 opt_perl_started = TRUE;
4527 }
4528
4529 /* Call the function */
4530
4531 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
4532 new_yield = call_perl_cat(yield, &expand_string_message,
4533 sub_arg[0], sub_arg + 1);
4534
4535 /* NULL yield indicates failure; if the message pointer has been set to
4536 NULL, the yield was undef, indicating a forced failure. Otherwise the
4537 message will indicate some kind of Perl error. */
4538
4539 if (new_yield == NULL)
4540 {
4541 if (expand_string_message == NULL)
4542 {
4543 expand_string_message =
4544 string_sprintf("Perl subroutine \"%s\" returned undef to force "
4545 "failure", sub_arg[0]);
4546 expand_string_forcedfail = TRUE;
4547 }
4548 goto EXPAND_FAILED;
4549 }
4550
4551 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
4552 set during a callback from Perl. */
4553
4554 expand_string_forcedfail = FALSE;
4555 yield = new_yield;
4556 continue;
4557 }
4558 #endif /* EXIM_PERL */
4559
4560 /* Transform email address to "prvs" scheme to use
4561 as BATV-signed return path */
4562
4563 case EITEM_PRVS:
4564 {
4565 uschar *sub_arg[3];
4566 uschar *p,*domain;
4567
4568 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs", &resetok))
4569 {
4570 case 1: goto EXPAND_FAILED_CURLY;
4571 case 2:
4572 case 3: goto EXPAND_FAILED;
4573 }
4574
4575 /* If skipping, we don't actually do anything */
4576 if (skipping) continue;
4577
4578 /* sub_arg[0] is the address */
4579 if ( !(domain = Ustrrchr(sub_arg[0],'@'))
4580 || domain == sub_arg[0] || Ustrlen(domain) == 1)
4581 {
4582 expand_string_message = US"prvs first argument must be a qualified email address";
4583 goto EXPAND_FAILED;
4584 }
4585
4586 /* Calculate the hash. The third argument must be a single-digit
4587 key number, or unset. */
4588
4589 if ( sub_arg[2]
4590 && (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
4591 {
4592 expand_string_message = US"prvs third argument must be a single digit";
4593 goto EXPAND_FAILED;
4594 }
4595
4596 p = prvs_hmac_sha1(sub_arg[0], sub_arg[1], sub_arg[2], prvs_daystamp(7));
4597 if (!p)
4598 {
4599 expand_string_message = US"prvs hmac-sha1 conversion failed";
4600 goto EXPAND_FAILED;
4601 }
4602
4603 /* Now separate the domain from the local part */
4604 *domain++ = '\0';
4605
4606 yield = string_catn(yield, US"prvs=", 5);
4607 yield = string_catn(yield, sub_arg[2] ? sub_arg[2] : US"0", 1);
4608 yield = string_catn(yield, prvs_daystamp(7), 3);
4609 yield = string_catn(yield, p, 6);
4610 yield = string_catn(yield, US"=", 1);
4611 yield = string_cat (yield, sub_arg[0]);
4612 yield = string_catn(yield, US"@", 1);
4613 yield = string_cat (yield, domain);
4614
4615 continue;
4616 }
4617
4618 /* Check a prvs-encoded address for validity */
4619
4620 case EITEM_PRVSCHECK:
4621 {
4622 uschar *sub_arg[3];
4623 gstring * g;
4624 const pcre *re;
4625 uschar *p;
4626
4627 /* TF: Ugliness: We want to expand parameter 1 first, then set
4628 up expansion variables that are used in the expansion of
4629 parameter 2. So we clone the string for the first
4630 expansion, where we only expand parameter 1.
4631
4632 PH: Actually, that isn't necessary. The read_subs() function is
4633 designed to work this way for the ${if and ${lookup expansions. I've
4634 tidied the code.
4635 */
4636
4637 /* Reset expansion variables */
4638 prvscheck_result = NULL;
4639 prvscheck_address = NULL;
4640 prvscheck_keynum = NULL;
4641
4642 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
4643 {
4644 case 1: goto EXPAND_FAILED_CURLY;
4645 case 2:
4646 case 3: goto EXPAND_FAILED;
4647 }
4648
4649 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
4650 TRUE,FALSE);
4651
4652 if (regex_match_and_setup(re,sub_arg[0],0,-1))
4653 {
4654 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
4655 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
4656 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
4657 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
4658 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
4659
4660 DEBUG(D_expand) debug_printf_indent("prvscheck localpart: %s\n", local_part);
4661 DEBUG(D_expand) debug_printf_indent("prvscheck key number: %s\n", key_num);
4662 DEBUG(D_expand) debug_printf_indent("prvscheck daystamp: %s\n", daystamp);
4663 DEBUG(D_expand) debug_printf_indent("prvscheck hash: %s\n", hash);
4664 DEBUG(D_expand) debug_printf_indent("prvscheck domain: %s\n", domain);
4665
4666 /* Set up expansion variables */
4667 g = string_cat (NULL, local_part);
4668 g = string_catn(g, US"@", 1);
4669 g = string_cat (g, domain);
4670 prvscheck_address = string_from_gstring(g);
4671 prvscheck_keynum = string_copy(key_num);
4672
4673 /* Now expand the second argument */
4674 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs", &resetok))
4675 {
4676 case 1: goto EXPAND_FAILED_CURLY;
4677 case 2:
4678 case 3: goto EXPAND_FAILED;
4679 }
4680
4681 /* Now we have the key and can check the address. */
4682
4683 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
4684 daystamp);
4685
4686 if (!p)
4687 {
4688 expand_string_message = US"hmac-sha1 conversion failed";
4689 goto EXPAND_FAILED;
4690 }
4691
4692 DEBUG(D_expand) debug_printf_indent("prvscheck: received hash is %s\n", hash);
4693 DEBUG(D_expand) debug_printf_indent("prvscheck: own hash is %s\n", p);
4694
4695 if (Ustrcmp(p,hash) == 0)
4696 {
4697 /* Success, valid BATV address. Now check the expiry date. */
4698 uschar *now = prvs_daystamp(0);
4699 unsigned int inow = 0,iexpire = 1;
4700
4701 (void)sscanf(CS now,"%u",&inow);
4702 (void)sscanf(CS daystamp,"%u",&iexpire);
4703
4704 /* When "iexpire" is < 7, a "flip" has occured.
4705 Adjust "inow" accordingly. */
4706 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
4707
4708 if (iexpire >= inow)
4709 {
4710 prvscheck_result = US"1";
4711 DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n");
4712 }
4713 else
4714 {
4715 prvscheck_result = NULL;
4716 DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n");
4717 }
4718 }
4719 else
4720 {
4721 prvscheck_result = NULL;
4722 DEBUG(D_expand) debug_printf_indent("prvscheck: hash failure, $pvrs_result unset\n");
4723 }
4724
4725 /* Now expand the final argument. We leave this till now so that
4726 it can include $prvscheck_result. */
4727
4728 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs", &resetok))
4729 {
4730 case 1: goto EXPAND_FAILED_CURLY;
4731 case 2:
4732 case 3: goto EXPAND_FAILED;
4733 }
4734
4735 yield = string_cat(yield,
4736 !sub_arg[0] || !*sub_arg[0] ? prvscheck_address : sub_arg[0]);
4737
4738 /* Reset the "internal" variables afterwards, because they are in
4739 dynamic store that will be reclaimed if the expansion succeeded. */
4740
4741 prvscheck_address = NULL;
4742 prvscheck_keynum = NULL;
4743 }
4744 else
4745 /* Does not look like a prvs encoded address, return the empty string.
4746 We need to make sure all subs are expanded first, so as to skip over
4747 the entire item. */
4748
4749 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs", &resetok))
4750 {
4751 case 1: goto EXPAND_FAILED_CURLY;
4752 case 2:
4753 case 3: goto EXPAND_FAILED;
4754 }
4755
4756 continue;
4757 }
4758
4759 /* Handle "readfile" to insert an entire file */
4760
4761 case EITEM_READFILE:
4762 {
4763 FILE *f;
4764 uschar *sub_arg[2];
4765
4766 if ((expand_forbid & RDO_READFILE) != 0)
4767 {
4768 expand_string_message = US"file insertions are not permitted";
4769 goto EXPAND_FAILED;
4770 }
4771
4772 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile", &resetok))
4773 {
4774 case 1: goto EXPAND_FAILED_CURLY;
4775 case 2:
4776 case 3: goto EXPAND_FAILED;
4777 }
4778
4779 /* If skipping, we don't actually do anything */
4780
4781 if (skipping) continue;
4782
4783 /* Open the file and read it */
4784
4785 if (!(f = Ufopen(sub_arg[0], "rb")))
4786 {
4787 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4788 goto EXPAND_FAILED;
4789 }
4790
4791 yield = cat_file(f, yield, sub_arg[1]);
4792 (void)fclose(f);
4793 continue;
4794 }
4795
4796 /* Handle "readsocket" to insert data from a socket, either
4797 Inet or Unix domain */
4798
4799 case EITEM_READSOCK:
4800 {
4801 int fd;
4802 int timeout = 5;
4803 int save_ptr = yield->ptr;
4804 FILE *f;
4805 uschar *arg;
4806 uschar *sub_arg[4];
4807 BOOL do_shutdown = TRUE;
4808 blob reqstr;
4809
4810 if (expand_forbid & RDO_READSOCK)
4811 {
4812 expand_string_message = US"socket insertions are not permitted";
4813 goto EXPAND_FAILED;
4814 }
4815
4816 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4817 because there may be a string for expansion on failure. */
4818
4819 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket", &resetok))
4820 {
4821 case 1: goto EXPAND_FAILED_CURLY;
4822 case 2: /* Won't occur: no end check */
4823 case 3: goto EXPAND_FAILED;
4824 }
4825
4826 /* Grab the request string, if any */
4827
4828 reqstr.data = sub_arg[1];
4829 reqstr.len = Ustrlen(sub_arg[1]);
4830
4831 /* Sort out timeout, if given. The second arg is a list with the first element
4832 being a time value. Any more are options of form "name=value". Currently the
4833 only option recognised is "shutdown". */
4834
4835 if (sub_arg[2])
4836 {
4837 const uschar * list = sub_arg[2];
4838 uschar * item;
4839 int sep = 0;
4840
4841 item = string_nextinlist(&list, &sep, NULL, 0);
4842 if ((timeout = readconf_readtime(item, 0, FALSE)) < 0)
4843 {
4844 expand_string_message = string_sprintf("bad time value %s", item);
4845 goto EXPAND_FAILED;
4846 }
4847
4848 while ((item = string_nextinlist(&list, &sep, NULL, 0)))
4849 if (Ustrncmp(item, US"shutdown=", 9) == 0)
4850 if (Ustrcmp(item + 9, US"no") == 0)
4851 do_shutdown = FALSE;
4852 }
4853 else sub_arg[3] = NULL; /* No eol if no timeout */
4854
4855 /* If skipping, we don't actually do anything. Otherwise, arrange to
4856 connect to either an IP or a Unix socket. */
4857
4858 if (!skipping)
4859 {
4860 /* Handle an IP (internet) domain */
4861
4862 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
4863 {
4864 int port;
4865 uschar * server_name = sub_arg[0] + 5;
4866 uschar * port_name = Ustrrchr(server_name, ':');
4867
4868 /* Sort out the port */
4869
4870 if (!port_name)
4871 {
4872 expand_string_message =
4873 string_sprintf("missing port for readsocket %s", sub_arg[0]);
4874 goto EXPAND_FAILED;
4875 }
4876 *port_name++ = 0; /* Terminate server name */
4877
4878 if (isdigit(*port_name))
4879 {
4880 uschar *end;
4881 port = Ustrtol(port_name, &end, 0);
4882 if (end != port_name + Ustrlen(port_name))
4883 {
4884 expand_string_message =
4885 string_sprintf("invalid port number %s", port_name);
4886 goto EXPAND_FAILED;
4887 }
4888 }
4889 else
4890 {
4891 struct servent *service_info = getservbyname(CS port_name, "tcp");
4892 if (!service_info)
4893 {
4894 expand_string_message = string_sprintf("unknown port \"%s\"",
4895 port_name);
4896 goto EXPAND_FAILED;
4897 }
4898 port = ntohs(service_info->s_port);
4899 }
4900
4901 fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
4902 timeout, NULL, &expand_string_message, &reqstr);
4903 callout_address = NULL;
4904 if (fd < 0)
4905 goto SOCK_FAIL;
4906 reqstr.len = 0;
4907 }
4908
4909 /* Handle a Unix domain socket */
4910
4911 else
4912 {
4913 struct sockaddr_un sockun; /* don't call this "sun" ! */
4914 int rc;
4915
4916 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4917 {
4918 expand_string_message = string_sprintf("failed to create socket: %s",
4919 strerror(errno));
4920 goto SOCK_FAIL;
4921 }
4922
4923 sockun.sun_family = AF_UNIX;
4924 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4925 sub_arg[0]);
4926
4927 sigalrm_seen = FALSE;
4928 alarm(timeout);
4929 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4930 alarm(0);
4931 if (sigalrm_seen)
4932 {
4933 expand_string_message = US "socket connect timed out";
4934 goto SOCK_FAIL;
4935 }
4936 if (rc < 0)
4937 {
4938 expand_string_message = string_sprintf("failed to connect to socket "
4939 "%s: %s", sub_arg[0], strerror(errno));
4940 goto SOCK_FAIL;
4941 }
4942 }
4943
4944 DEBUG(D_expand) debug_printf_indent("connected to socket %s\n", sub_arg[0]);
4945
4946 /* Allow sequencing of test actions */
4947 if (running_in_test_harness) millisleep(100);
4948
4949 /* Write the request string, if not empty or already done */
4950
4951 if (reqstr.len)
4952 {
4953 DEBUG(D_expand) debug_printf_indent("writing \"%s\" to socket\n",
4954 reqstr.data);
4955 if (write(fd, reqstr.data, reqstr.len) != reqstr.len)
4956 {
4957 expand_string_message = string_sprintf("request write to socket "
4958 "failed: %s", strerror(errno));
4959 goto SOCK_FAIL;
4960 }
4961 }
4962
4963 /* Shut down the sending side of the socket. This helps some servers to
4964 recognise that it is their turn to do some work. Just in case some
4965 system doesn't have this function, make it conditional. */
4966
4967 #ifdef SHUT_WR
4968 if (do_shutdown) shutdown(fd, SHUT_WR);
4969 #endif
4970
4971 if (running_in_test_harness) millisleep(100);
4972
4973 /* Now we need to read from the socket, under a timeout. The function
4974 that reads a file can be used. */
4975
4976 f = fdopen(fd, "rb");
4977 sigalrm_seen = FALSE;
4978 alarm(timeout);
4979 yield = cat_file(f, yield, sub_arg[3]);
4980 alarm(0);
4981 (void)fclose(f);
4982
4983 /* After a timeout, we restore the pointer in the result, that is,
4984 make sure we add nothing from the socket. */
4985
4986 if (sigalrm_seen)
4987 {
4988 yield->ptr = save_ptr;
4989 expand_string_message = US "socket read timed out";
4990 goto SOCK_FAIL;
4991 }
4992 }
4993
4994 /* The whole thing has worked (or we were skipping). If there is a
4995 failure string following, we need to skip it. */
4996
4997 if (*s == '{')
4998 {
4999 if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL)
5000 goto EXPAND_FAILED;
5001 if (*s++ != '}')
5002 {
5003 expand_string_message = US"missing '}' closing failstring for readsocket";
5004 goto EXPAND_FAILED_CURLY;
5005 }
5006 while (isspace(*s)) s++;
5007 }
5008
5009 READSOCK_DONE:
5010 if (*s++ != '}')
5011 {
5012 expand_string_message = US"missing '}' closing readsocket";
5013 goto EXPAND_FAILED_CURLY;
5014 }
5015 continue;
5016
5017 /* Come here on failure to create socket, connect socket, write to the
5018 socket, or timeout on reading. If another substring follows, expand and
5019 use it. Otherwise, those conditions give expand errors. */
5020
5021 SOCK_FAIL:
5022 if (*s != '{') goto EXPAND_FAILED;
5023 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
5024 if (!(arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok)))
5025 goto EXPAND_FAILED;
5026 yield = string_cat(yield, arg);
5027 if (*s++ != '}')
5028 {
5029 expand_string_message = US"missing '}' closing failstring for readsocket";
5030 goto EXPAND_FAILED_CURLY;
5031 }
5032 while (isspace(*s)) s++;
5033 goto READSOCK_DONE;
5034 }
5035
5036 /* Handle "run" to execute a program. */
5037
5038 case EITEM_RUN:
5039 {
5040 FILE *f;
5041 uschar *arg;
5042 const uschar **argv;
5043 pid_t pid;
5044 int fd_in, fd_out;
5045
5046 if ((expand_forbid & RDO_RUN) != 0)
5047 {
5048 expand_string_message = US"running a command is not permitted";
5049 goto EXPAND_FAILED;
5050 }
5051
5052 while (isspace(*s)) s++;
5053 if (*s != '{')
5054 {
5055 expand_string_message = US"missing '{' for command arg of run";
5056 goto EXPAND_FAILED_CURLY;
5057 }
5058 arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5059 if (arg == NULL) goto EXPAND_FAILED;
5060 while (isspace(*s)) s++;
5061 if (*s++ != '}')
5062 {
5063 expand_string_message = US"missing '}' closing command arg of run";
5064 goto EXPAND_FAILED_CURLY;
5065 }
5066
5067 if (skipping) /* Just pretend it worked when we're skipping */
5068 {
5069 runrc = 0;
5070 lookup_value = NULL;
5071 }
5072 else
5073 {
5074 if (!transport_set_up_command(&argv, /* anchor for arg list */
5075 arg, /* raw command */
5076 FALSE, /* don't expand the arguments */
5077 0, /* not relevant when... */
5078 NULL, /* no transporting address */
5079 US"${run} expansion", /* for error messages */
5080 &expand_string_message)) /* where to put error message */
5081 goto EXPAND_FAILED;
5082
5083 /* Create the child process, making it a group leader. */
5084
5085 if ((pid = child_open(USS argv, NULL, 0077, &fd_in, &fd_out, TRUE)) < 0)
5086 {
5087 expand_string_message =
5088 string_sprintf("couldn't create child process: %s", strerror(errno));
5089 goto EXPAND_FAILED;
5090 }
5091
5092 /* Nothing is written to the standard input. */
5093
5094 (void)close(fd_in);
5095
5096 /* Read the pipe to get the command's output into $value (which is kept
5097 in lookup_value). Read during execution, so that if the output exceeds
5098 the OS pipe buffer limit, we don't block forever. Remember to not release
5099 memory just allocated for $value. */
5100
5101 resetok = FALSE;
5102 f = fdopen(fd_out, "rb");
5103 sigalrm_seen = FALSE;
5104 alarm(60);
5105 lookup_value = string_from_gstring(cat_file(f, NULL, NULL));
5106 alarm(0);
5107 (void)fclose(f);
5108
5109 /* Wait for the process to finish, applying the timeout, and inspect its
5110 return code for serious disasters. Simple non-zero returns are passed on.
5111 */
5112
5113 if (sigalrm_seen || (runrc = child_close(pid, 30)) < 0)
5114 {
5115 if (sigalrm_seen || runrc == -256)
5116 {
5117 expand_string_message = string_sprintf("command timed out");
5118 killpg(pid, SIGKILL); /* Kill the whole process group */
5119 }
5120
5121 else if (runrc == -257)
5122 expand_string_message = string_sprintf("wait() failed: %s",
5123 strerror(errno));
5124
5125 else
5126 expand_string_message = string_sprintf("command killed by signal %d",
5127 -runrc);
5128
5129 goto EXPAND_FAILED;
5130 }
5131 }
5132
5133 /* Process the yes/no strings; $value may be useful in both cases */
5134
5135 switch(process_yesno(
5136 skipping, /* were previously skipping */
5137 runrc == 0, /* success/failure indicator */
5138 lookup_value, /* value to reset for string2 */
5139 &s, /* input pointer */
5140 &yield, /* output pointer */
5141 US"run", /* condition type */
5142 &resetok))
5143 {
5144 case 1: goto EXPAND_FAILED; /* when all is well, the */
5145 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5146 }
5147
5148 continue;
5149 }
5150
5151 /* Handle character translation for "tr" */
5152
5153 case EITEM_TR:
5154 {
5155 int oldptr = yield->ptr;
5156 int o2m;
5157 uschar *sub[3];
5158
5159 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr", &resetok))
5160 {
5161 case 1: goto EXPAND_FAILED_CURLY;
5162 case 2:
5163 case 3: goto EXPAND_FAILED;
5164 }
5165
5166 yield = string_cat(yield, sub[0]);
5167 o2m = Ustrlen(sub[2]) - 1;
5168
5169 if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++)
5170 {
5171 uschar *m = Ustrrchr(sub[1], yield->s[oldptr]);
5172 if (m != NULL)
5173 {
5174 int o = m - sub[1];
5175 yield->s[oldptr] = sub[2][(o < o2m)? o : o2m];
5176 }
5177 }
5178
5179 continue;
5180 }
5181
5182 /* Handle "hash", "length", "nhash", and "substr" when they are given with
5183 expanded arguments. */
5184
5185 case EITEM_HASH:
5186 case EITEM_LENGTH:
5187 case EITEM_NHASH:
5188 case EITEM_SUBSTR:
5189 {
5190 int i;
5191 int len;
5192 uschar *ret;
5193 int val[2] = { 0, -1 };
5194 uschar *sub[3];
5195
5196 /* "length" takes only 2 arguments whereas the others take 2 or 3.
5197 Ensure that sub[2] is set in the ${length } case. */
5198
5199 sub[2] = NULL;
5200 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
5201 TRUE, name, &resetok))
5202 {
5203 case 1: goto EXPAND_FAILED_CURLY;
5204 case 2:
5205 case 3: goto EXPAND_FAILED;
5206 }
5207
5208 /* Juggle the arguments if there are only two of them: always move the
5209 string to the last position and make ${length{n}{str}} equivalent to
5210 ${substr{0}{n}{str}}. See the defaults for val[] above. */
5211
5212 if (sub[2] == NULL)
5213 {
5214 sub[2] = sub[1];
5215 sub[1] = NULL;
5216 if (item_type == EITEM_LENGTH)
5217 {
5218 sub[1] = sub[0];
5219 sub[0] = NULL;
5220 }
5221 }
5222
5223 for (i = 0; i < 2; i++)
5224 {
5225 if (sub[i] == NULL) continue;
5226 val[i] = (int)Ustrtol(sub[i], &ret, 10);
5227 if (*ret != 0 || (i != 0 && val[i] < 0))
5228 {
5229 expand_string_message = string_sprintf("\"%s\" is not a%s number "
5230 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
5231 goto EXPAND_FAILED;
5232 }
5233 }
5234
5235 ret =
5236 (item_type == EITEM_HASH)?
5237 compute_hash(sub[2], val[0], val[1], &len) :
5238 (item_type == EITEM_NHASH)?
5239 compute_nhash(sub[2], val[0], val[1], &len) :
5240 extract_substr(sub[2], val[0], val[1], &len);
5241
5242 if (ret == NULL) goto EXPAND_FAILED;
5243 yield = string_catn(yield, ret, len);
5244 continue;
5245 }
5246
5247 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
5248 This code originally contributed by Steve Haslam. It currently supports
5249 the use of MD5 and SHA-1 hashes.
5250
5251 We need some workspace that is large enough to handle all the supported
5252 hash types. Use macros to set the sizes rather than be too elaborate. */
5253
5254 #define MAX_HASHLEN 20
5255 #define MAX_HASHBLOCKLEN 64
5256
5257 case EITEM_HMAC:
5258 {
5259 uschar *sub[3];
5260 md5 md5_base;
5261 hctx sha1_ctx;
5262 void *use_base;
5263 int type, i;
5264 int hashlen; /* Number of octets for the hash algorithm's output */
5265 int hashblocklen; /* Number of octets the hash algorithm processes */
5266 uschar *keyptr, *p;
5267 unsigned int keylen;
5268
5269 uschar keyhash[MAX_HASHLEN];
5270 uschar innerhash[MAX_HASHLEN];
5271 uschar finalhash[MAX_HASHLEN];
5272 uschar finalhash_hex[2*MAX_HASHLEN];
5273 uschar innerkey[MAX_HASHBLOCKLEN];
5274 uschar outerkey[MAX_HASHBLOCKLEN];
5275
5276 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name, &resetok))
5277 {
5278 case 1: goto EXPAND_FAILED_CURLY;
5279 case 2:
5280 case 3: goto EXPAND_FAILED;
5281 }
5282
5283 if (!skipping)
5284 {
5285 if (Ustrcmp(sub[0], "md5") == 0)
5286 {
5287 type = HMAC_MD5;
5288 use_base = &md5_base;
5289 hashlen = 16;
5290 hashblocklen = 64;
5291 }
5292 else if (Ustrcmp(sub[0], "sha1") == 0)
5293 {
5294 type = HMAC_SHA1;
5295 use_base = &sha1_ctx;
5296 hashlen = 20;
5297 hashblocklen = 64;
5298 }
5299 else
5300 {
5301 expand_string_message =
5302 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
5303 goto EXPAND_FAILED;
5304 }
5305
5306 keyptr = sub[1];
5307 keylen = Ustrlen(keyptr);
5308
5309 /* If the key is longer than the hash block length, then hash the key
5310 first */
5311
5312 if (keylen > hashblocklen)
5313 {
5314 chash_start(type, use_base);
5315 chash_end(type, use_base, keyptr, keylen, keyhash);
5316 keyptr = keyhash;
5317 keylen = hashlen;
5318 }
5319
5320 /* Now make the inner and outer key values */
5321
5322 memset(innerkey, 0x36, hashblocklen);
5323 memset(outerkey, 0x5c, hashblocklen);
5324
5325 for (i = 0; i < keylen; i++)
5326 {
5327 innerkey[i] ^= keyptr[i];
5328 outerkey[i] ^= keyptr[i];
5329 }
5330
5331 /* Now do the hashes */
5332
5333 chash_start(type, use_base);
5334 chash_mid(type, use_base, innerkey);
5335 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
5336
5337 chash_start(type, use_base);
5338 chash_mid(type, use_base, outerkey);
5339 chash_end(type, use_base, innerhash, hashlen, finalhash);
5340
5341 /* Encode the final hash as a hex string */
5342
5343 p = finalhash_hex;
5344 for (i = 0; i < hashlen; i++)
5345 {
5346 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
5347 *p++ = hex_digits[finalhash[i] & 0x0f];
5348 }
5349
5350 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%s)=%.*s\n",
5351 sub[0], (int)keylen, keyptr, sub[2], hashlen*2, finalhash_hex);
5352
5353 yield = string_catn(yield, finalhash_hex, hashlen*2);
5354 }
5355 continue;
5356 }
5357
5358 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
5359 We have to save the numerical variables and restore them afterwards. */
5360
5361 case EITEM_SG:
5362 {
5363 const pcre *re;
5364 int moffset, moffsetextra, slen;
5365 int roffset;
5366 int emptyopt;
5367 const uschar *rerror;
5368 uschar *subject;
5369 uschar *sub[3];
5370 int save_expand_nmax =
5371 save_expand_strings(save_expand_nstring, save_expand_nlength);
5372
5373 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg", &resetok))
5374 {
5375 case 1: goto EXPAND_FAILED_CURLY;
5376 case 2:
5377 case 3: goto EXPAND_FAILED;
5378 }
5379
5380 /* Compile the regular expression */
5381
5382 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
5383 NULL);
5384
5385 if (re == NULL)
5386 {
5387 expand_string_message = string_sprintf("regular expression error in "
5388 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
5389 goto EXPAND_FAILED;
5390 }
5391
5392 /* Now run a loop to do the substitutions as often as necessary. It ends
5393 when there are no more matches. Take care over matches of the null string;
5394 do the same thing as Perl does. */
5395
5396 subject = sub[0];
5397 slen = Ustrlen(sub[0]);
5398 moffset = moffsetextra = 0;
5399 emptyopt = 0;
5400
5401 for (;;)
5402 {
5403 int ovector[3*(EXPAND_MAXN+1)];
5404 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
5405 PCRE_EOPT | emptyopt, ovector, nelem(ovector));
5406 int nn;
5407 uschar *insert;
5408
5409 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
5410 is not necessarily the end. We want to repeat the match from one
5411 character further along, but leaving the basic offset the same (for
5412 copying below). We can't be at the end of the string - that was checked
5413 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
5414 finished; copy the remaining string and end the loop. */
5415
5416 if (n < 0)
5417 {
5418 if (emptyopt != 0)
5419 {
5420 moffsetextra = 1;
5421 emptyopt = 0;
5422 continue;
5423 }
5424 yield = string_catn(yield, subject+moffset, slen-moffset);
5425 break;
5426 }
5427
5428 /* Match - set up for expanding the replacement. */
5429
5430 if (n == 0) n = EXPAND_MAXN + 1;
5431 expand_nmax = 0;
5432 for (nn = 0; nn < n*2; nn += 2)
5433 {
5434 expand_nstring[expand_nmax] = subject + ovector[nn];
5435 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5436 }
5437 expand_nmax--;
5438
5439 /* Copy the characters before the match, plus the expanded insertion. */
5440
5441 yield = string_catn(yield, subject + moffset, ovector[0] - moffset);
5442 insert = expand_string(sub[2]);
5443 if (insert == NULL) goto EXPAND_FAILED;
5444 yield = string_cat(yield, insert);
5445
5446 moffset = ovector[1];
5447 moffsetextra = 0;
5448 emptyopt = 0;
5449
5450 /* If we have matched an empty string, first check to see if we are at
5451 the end of the subject. If so, the loop is over. Otherwise, mimic
5452 what Perl's /g options does. This turns out to be rather cunning. First
5453 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
5454 string at the same point. If this fails (picked up above) we advance to
5455 the next character. */
5456
5457 if (ovector[0] == ovector[1])
5458 {
5459 if (ovector[0] == slen) break;
5460 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
5461 }
5462 }
5463
5464 /* All done - restore numerical variables. */
5465
5466 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5467 save_expand_nlength);
5468 continue;
5469 }
5470
5471 /* Handle keyed and numbered substring extraction. If the first argument
5472 consists entirely of digits, then a numerical extraction is assumed. */
5473
5474 case EITEM_EXTRACT:
5475 {
5476 int i;
5477 int j;
5478 int field_number = 1;
5479 BOOL field_number_set = FALSE;
5480 uschar *save_lookup_value = lookup_value;
5481 uschar *sub[3];
5482 int save_expand_nmax =
5483 save_expand_strings(save_expand_nstring, save_expand_nlength);
5484
5485 /* While skipping we cannot rely on the data for expansions being
5486 available (eg. $item) hence cannot decide on numeric vs. keyed.
5487 Read a maximum of 5 arguments (including the yes/no) */
5488
5489 if (skipping)
5490 {
5491 while (isspace(*s)) s++;
5492 for (j = 5; j > 0 && *s == '{'; j--)
5493 {
5494 if (!expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))
5495 goto EXPAND_FAILED; /*{*/
5496 if (*s++ != '}')
5497 {
5498 expand_string_message = US"missing '{' for arg of extract";
5499 goto EXPAND_FAILED_CURLY;
5500 }
5501 while (isspace(*s)) s++;
5502 }
5503 if ( Ustrncmp(s, "fail", 4) == 0
5504 && (s[4] == '}' || s[4] == ' ' || s[4] == '\t' || !s[4])
5505 )
5506 {
5507 s += 4;
5508 while (isspace(*s)) s++;
5509 }
5510 if (*s != '}')
5511 {
5512 expand_string_message = US"missing '}' closing extract";
5513 goto EXPAND_FAILED_CURLY;
5514 }
5515 }
5516
5517 else for (i = 0, j = 2; i < j; i++) /* Read the proper number of arguments */
5518 {
5519 while (isspace(*s)) s++;
5520 if (*s == '{') /*}*/
5521 {
5522 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5523 if (sub[i] == NULL) goto EXPAND_FAILED; /*{*/
5524 if (*s++ != '}')
5525 {
5526 expand_string_message = string_sprintf(
5527 "missing '}' closing arg %d of extract", i+1);
5528 goto EXPAND_FAILED_CURLY;
5529 }
5530
5531 /* After removal of leading and trailing white space, the first
5532 argument must not be empty; if it consists entirely of digits
5533 (optionally preceded by a minus sign), this is a numerical
5534 extraction, and we expect 3 arguments. */
5535
5536 if (i == 0)
5537 {
5538 int len;
5539 int x = 0;
5540 uschar *p = sub[0];
5541
5542 while (isspace(*p)) p++;
5543 sub[0] = p;
5544
5545 len = Ustrlen(p);
5546 while (len > 0 && isspace(p[len-1])) len--;
5547 p[len] = 0;
5548
5549 if (*p == 0)
5550 {
5551 expand_string_message = US"first argument of \"extract\" must "
5552 "not be empty";
5553 goto EXPAND_FAILED;
5554 }
5555
5556 if (*p == '-')
5557 {
5558 field_number = -1;
5559 p++;
5560 }
5561 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
5562 if (*p == 0)
5563 {
5564 field_number *= x;
5565 j = 3; /* Need 3 args */
5566 field_number_set = TRUE;
5567 }
5568 }
5569 }
5570 else
5571 {
5572 expand_string_message = string_sprintf(
5573 "missing '{' for arg %d of extract", i+1);
5574 goto EXPAND_FAILED_CURLY;
5575 }
5576 }
5577
5578 /* Extract either the numbered or the keyed substring into $value. If
5579 skipping, just pretend the extraction failed. */
5580
5581 lookup_value = skipping? NULL : field_number_set?
5582 expand_gettokened(field_number, sub[1], sub[2]) :
5583 expand_getkeyed(sub[0], sub[1]);
5584
5585 /* If no string follows, $value gets substituted; otherwise there can
5586 be yes/no strings, as for lookup or if. */
5587
5588 switch(process_yesno(
5589 skipping, /* were previously skipping */
5590 lookup_value != NULL, /* success/failure indicator */
5591 save_lookup_value, /* value to reset for string2 */
5592 &s, /* input pointer */
5593 &yield, /* output pointer */
5594 US"extract", /* condition type */
5595 &resetok))
5596 {
5597 case 1: goto EXPAND_FAILED; /* when all is well, the */
5598 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5599 }
5600
5601 /* All done - restore numerical variables. */
5602
5603 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5604 save_expand_nlength);
5605
5606 continue;
5607 }
5608
5609 /* return the Nth item from a list */
5610
5611 case EITEM_LISTEXTRACT:
5612 {
5613 int i;
5614 int field_number = 1;
5615 uschar *save_lookup_value = lookup_value;
5616 uschar *sub[2];
5617 int save_expand_nmax =
5618 save_expand_strings(save_expand_nstring, save_expand_nlength);
5619
5620 /* Read the field & list arguments */
5621
5622 for (i = 0; i < 2; i++)
5623 {
5624 while (isspace(*s)) s++;
5625 if (*s != '{') /*}*/
5626 {
5627 expand_string_message = string_sprintf(
5628 "missing '{' for arg %d of listextract", i+1);
5629 goto EXPAND_FAILED_CURLY;
5630 }
5631
5632 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5633 if (!sub[i]) goto EXPAND_FAILED; /*{*/
5634 if (*s++ != '}')
5635 {
5636 expand_string_message = string_sprintf(
5637 "missing '}' closing arg %d of listextract", i+1);
5638 goto EXPAND_FAILED_CURLY;
5639 }
5640
5641 /* After removal of leading and trailing white space, the first
5642 argument must be numeric and nonempty. */
5643
5644 if (i == 0)
5645 {
5646 int len;
5647 int x = 0;
5648 uschar *p = sub[0];
5649
5650 while (isspace(*p)) p++;
5651 sub[0] = p;
5652
5653 len = Ustrlen(p);
5654 while (len > 0 && isspace(p[len-1])) len--;
5655 p[len] = 0;
5656
5657 if (!*p && !skipping)
5658 {
5659 expand_string_message = US"first argument of \"listextract\" must "
5660 "not be empty";
5661 goto EXPAND_FAILED;
5662 }
5663
5664 if (*p == '-')
5665 {
5666 field_number = -1;
5667 p++;
5668 }
5669 while (*p && isdigit(*p)) x = x * 10 + *p++ - '0';
5670 if (*p)
5671 {
5672 expand_string_message = US"first argument of \"listextract\" must "
5673 "be numeric";
5674 goto EXPAND_FAILED;
5675 }
5676 field_number *= x;
5677 }
5678 }
5679
5680 /* Extract the numbered element into $value. If
5681 skipping, just pretend the extraction failed. */
5682
5683 lookup_value = skipping? NULL : expand_getlistele(field_number, sub[1]);
5684
5685 /* If no string follows, $value gets substituted; otherwise there can
5686 be yes/no strings, as for lookup or if. */
5687
5688 switch(process_yesno(
5689 skipping, /* were previously skipping */
5690 lookup_value != NULL, /* success/failure indicator */
5691 save_lookup_value, /* value to reset for string2 */
5692 &s, /* input pointer */
5693 &yield, /* output pointer */
5694 US"listextract", /* condition type */
5695 &resetok))
5696 {
5697 case 1: goto EXPAND_FAILED; /* when all is well, the */
5698 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5699 }
5700
5701 /* All done - restore numerical variables. */
5702
5703 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5704 save_expand_nlength);
5705
5706 continue;
5707 }
5708
5709 #ifdef SUPPORT_TLS
5710 case EITEM_CERTEXTRACT:
5711 {
5712 uschar *save_lookup_value = lookup_value;
5713 uschar *sub[2];
5714 int save_expand_nmax =
5715 save_expand_strings(save_expand_nstring, save_expand_nlength);
5716
5717 /* Read the field argument */
5718 while (isspace(*s)) s++;
5719 if (*s != '{') /*}*/
5720 {
5721 expand_string_message = US"missing '{' for field arg of certextract";
5722 goto EXPAND_FAILED_CURLY;
5723 }
5724 sub[0] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
5725 if (!sub[0]) goto EXPAND_FAILED; /*{*/
5726 if (*s++ != '}')
5727 {
5728 expand_string_message = US"missing '}' closing field arg of certextract";
5729 goto EXPAND_FAILED_CURLY;
5730 }
5731 /* strip spaces fore & aft */
5732 {
5733 int len;
5734 uschar *p = sub[0];
5735
5736 while (isspace(*p)) p++;
5737 sub[0] = p;
5738
5739 len = Ustrlen(p);
5740 while (len > 0 && isspace(p[len-1])) len--;
5741 p[len] = 0;
5742 }
5743
5744 /* inspect the cert argument */
5745 while (isspace(*s)) s++;
5746 if (*s != '{') /*}*/
5747 {
5748 expand_string_message = US"missing '{' for cert variable arg of certextract";
5749 goto EXPAND_FAILED_CURLY;
5750 }
5751 if (*++s != '$')
5752 {
5753 expand_string_message = US"second argument of \"certextract\" must "
5754 "be a certificate variable";
5755 goto EXPAND_FAILED;
5756 }
5757 sub[1] = expand_string_internal(s+1, TRUE, &s, skipping, FALSE, &resetok);
5758 if (!sub[1]) goto EXPAND_FAILED; /*{*/
5759 if (*s++ != '}')
5760 {
5761 expand_string_message = US"missing '}' closing cert variable arg of certextract";
5762 goto EXPAND_FAILED_CURLY;
5763 }
5764
5765 if (skipping)
5766 lookup_value = NULL;
5767 else
5768 {
5769 lookup_value = expand_getcertele(sub[0], sub[1]);
5770 if (*expand_string_message) goto EXPAND_FAILED;
5771 }
5772 switch(process_yesno(
5773 skipping, /* were previously skipping */
5774 lookup_value != NULL, /* success/failure indicator */
5775 save_lookup_value, /* value to reset for string2 */
5776 &s, /* input pointer */
5777 &yield, /* output pointer */
5778 US"certextract", /* condition type */
5779 &resetok))
5780 {
5781 case 1: goto EXPAND_FAILED; /* when all is well, the */
5782 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5783 }
5784
5785 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5786 save_expand_nlength);
5787 continue;
5788 }
5789 #endif /*SUPPORT_TLS*/
5790
5791 /* Handle list operations */
5792
5793 case EITEM_FILTER:
5794 case EITEM_MAP:
5795 case EITEM_REDUCE:
5796 {
5797 int sep = 0;
5798 int save_ptr = yield->ptr;
5799 uschar outsep[2] = { '\0', '\0' };
5800 const uschar *list, *expr, *temp;
5801 uschar *save_iterate_item = iterate_item;
5802 uschar *save_lookup_value = lookup_value;
5803
5804 while (isspace(*s)) s++;
5805 if (*s++ != '{')
5806 {
5807 expand_string_message =
5808 string_sprintf("missing '{' for first arg of %s", name);
5809 goto EXPAND_FAILED_CURLY;
5810 }
5811
5812 list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
5813 if (list == NULL) goto EXPAND_FAILED;
5814 if (*s++ != '}')
5815 {
5816 expand_string_message =
5817 string_sprintf("missing '}' closing first arg of %s", name);
5818 goto EXPAND_FAILED_CURLY;
5819 }
5820
5821 if (item_type == EITEM_REDUCE)
5822 {
5823 uschar * t;
5824 while (isspace(*s)) s++;
5825 if (*s++ != '{')
5826 {
5827 expand_string_message = US"missing '{' for second arg of reduce";
5828 goto EXPAND_FAILED_CURLY;
5829 }
5830 t = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
5831 if (!t) goto EXPAND_FAILED;
5832 lookup_value = t;
5833 if (*s++ != '}')
5834 {
5835 expand_string_message = US"missing '}' closing second arg of reduce";
5836 goto EXPAND_FAILED_CURLY;
5837 }
5838 }
5839
5840 while (isspace(*s)) s++;
5841 if (*s++ != '{')
5842 {
5843 expand_string_message =
5844 string_sprintf("missing '{' for last arg of %s", name);
5845 goto EXPAND_FAILED_CURLY;
5846 }
5847
5848 expr = s;
5849
5850 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
5851 if scanning a "false" part). This allows us to find the end of the
5852 condition, because if the list is empty, we won't actually evaluate the
5853 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
5854 the normal internal expansion function. */
5855
5856 if (item_type == EITEM_FILTER)
5857 {
5858 temp = eval_condition(expr, &resetok, NULL);
5859 if (temp != NULL) s = temp;
5860 }
5861 else
5862 temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
5863
5864 if (temp == NULL)
5865 {
5866 expand_string_message = string_sprintf("%s inside \"%s\" item",
5867 expand_string_message, name);
5868 goto EXPAND_FAILED;
5869 }
5870
5871 while (isspace(*s)) s++;
5872 if (*s++ != '}')
5873 { /*{*/
5874 expand_string_message = string_sprintf("missing } at end of condition "
5875 "or expression inside \"%s\"; could be an unquoted } in the content",
5876 name);
5877 goto EXPAND_FAILED;
5878 }
5879
5880 while (isspace(*s)) s++; /*{*/
5881 if (*s++ != '}')
5882 { /*{*/
5883 expand_string_message = string_sprintf("missing } at end of \"%s\"",
5884 name);
5885 goto EXPAND_FAILED;
5886 }
5887
5888 /* If we are skipping, we can now just move on to the next item. When
5889 processing for real, we perform the iteration. */
5890
5891 if (skipping) continue;
5892 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
5893 {
5894 *outsep = (uschar)sep; /* Separator as a string */
5895
5896 DEBUG(D_expand) debug_printf_indent("%s: $item = '%s' $value = '%s'\n",
5897 name, iterate_item, lookup_value);
5898
5899 if (item_type == EITEM_FILTER)
5900 {
5901 BOOL condresult;
5902 if (eval_condition(expr, &resetok, &condresult) == NULL)
5903 {
5904 iterate_item = save_iterate_item;
5905 lookup_value = save_lookup_value;
5906 expand_string_message = string_sprintf("%s inside \"%s\" condition",
5907 expand_string_message, name);
5908 goto EXPAND_FAILED;
5909 }
5910 DEBUG(D_expand) debug_printf_indent("%s: condition is %s\n", name,
5911 condresult? "true":"false");
5912 if (condresult)
5913 temp = iterate_item; /* TRUE => include this item */
5914 else
5915 continue; /* FALSE => skip this item */
5916 }
5917
5918 /* EITEM_MAP and EITEM_REDUCE */
5919
5920 else
5921 {
5922 uschar * t = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok);
5923 temp = t;
5924 if (temp == NULL)
5925 {
5926 iterate_item = save_iterate_item;
5927 expand_string_message = string_sprintf("%s inside \"%s\" item",
5928 expand_string_message, name);
5929 goto EXPAND_FAILED;
5930 }
5931 if (item_type == EITEM_REDUCE)
5932 {
5933 lookup_value = t; /* Update the value of $value */
5934 continue; /* and continue the iteration */
5935 }
5936 }
5937
5938 /* We reach here for FILTER if the condition is true, always for MAP,
5939 and never for REDUCE. The value in "temp" is to be added to the output
5940 list that is being created, ensuring that any occurrences of the
5941 separator character are doubled. Unless we are dealing with the first
5942 item of the output list, add in a space if the new item begins with the
5943 separator character, or is an empty string. */
5944
5945 if (yield->ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
5946 yield = string_catn(yield, US" ", 1);
5947
5948 /* Add the string in "temp" to the output list that we are building,
5949 This is done in chunks by searching for the separator character. */
5950
5951 for (;;)
5952 {
5953 size_t seglen = Ustrcspn(temp, outsep);
5954
5955 yield = string_catn(yield, temp, seglen + 1);
5956
5957 /* If we got to the end of the string we output one character
5958 too many; backup and end the loop. Otherwise arrange to double the
5959 separator. */
5960
5961 if (temp[seglen] == '\0') { yield->ptr--; break; }
5962 yield = string_catn(yield, outsep, 1);
5963 temp += seglen + 1;
5964 }
5965
5966 /* Output a separator after the string: we will remove the redundant
5967 final one at the end. */
5968
5969 yield = string_catn(yield, outsep, 1);
5970 } /* End of iteration over the list loop */
5971
5972 /* REDUCE has generated no output above: output the final value of
5973 $value. */
5974
5975 if (item_type == EITEM_REDUCE)
5976 {
5977 yield = string_cat(yield, lookup_value);
5978 lookup_value = save_lookup_value; /* Restore $value */
5979 }
5980
5981 /* FILTER and MAP generate lists: if they have generated anything, remove
5982 the redundant final separator. Even though an empty item at the end of a
5983 list does not count, this is tidier. */
5984
5985 else if (yield->ptr != save_ptr) yield->ptr--;
5986
5987 /* Restore preserved $item */
5988
5989 iterate_item = save_iterate_item;
5990 continue;
5991 }
5992
5993 case EITEM_SORT:
5994 {
5995 int sep = 0;
5996 const uschar *srclist, *cmp, *xtract;
5997 uschar *srcitem;
5998 const uschar *dstlist = NULL, *dstkeylist = NULL;
5999 uschar * tmp;
6000 uschar *save_iterate_item = iterate_item;
6001
6002 while (isspace(*s)) s++;
6003 if (*s++ != '{')
6004 {
6005 expand_string_message = US"missing '{' for list arg of sort";
6006 goto EXPAND_FAILED_CURLY;
6007 }
6008
6009 srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
6010 if (!srclist) goto EXPAND_FAILED;
6011 if (*s++ != '}')
6012 {
6013 expand_string_message = US"missing '}' closing list arg of sort";
6014 goto EXPAND_FAILED_CURLY;
6015 }
6016
6017 while (isspace(*s)) s++;
6018 if (*s++ != '{')
6019 {
6020 expand_string_message = US"missing '{' for comparator arg of sort";
6021 goto EXPAND_FAILED_CURLY;
6022 }
6023
6024 cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok);
6025 if (!cmp) goto EXPAND_FAILED;
6026 if (*s++ != '}')
6027 {
6028 expand_string_message = US"missing '}' closing comparator arg of sort";
6029 goto EXPAND_FAILED_CURLY;
6030 }
6031
6032 while (isspace(*s)) s++;
6033 if (*s++ != '{')
6034 {
6035 expand_string_message = US"missing '{' for extractor arg of sort";
6036 goto EXPAND_FAILED_CURLY;
6037 }
6038
6039 xtract = s;
6040 tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
6041 if (!tmp) goto EXPAND_FAILED;
6042 xtract = string_copyn(xtract, s - xtract);
6043
6044 if (*s++ != '}')
6045 {
6046 expand_string_message = US"missing '}' closing extractor arg of sort";
6047 goto EXPAND_FAILED_CURLY;
6048 }
6049 /*{*/
6050 if (*s++ != '}')
6051 { /*{*/
6052 expand_string_message = US"missing } at end of \"sort\"";
6053 goto EXPAND_FAILED;
6054 }
6055
6056 if (skipping) continue;
6057
6058 while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0)))
6059 {
6060 uschar * dstitem;
6061 gstring * newlist = NULL;
6062 gstring * newkeylist = NULL;
6063 uschar * srcfield;
6064
6065 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, srcitem);
6066
6067 /* extract field for comparisons */
6068 iterate_item = srcitem;
6069 if ( !(srcfield = expand_string_internal(xtract, FALSE, NULL, FALSE,
6070 TRUE, &resetok))
6071 || !*srcfield)
6072 {
6073 expand_string_message = string_sprintf(
6074 "field-extract in sort: \"%s\"", xtract);
6075 goto EXPAND_FAILED;
6076 }
6077
6078 /* Insertion sort */
6079
6080 /* copy output list until new-item < list-item */
6081 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
6082 {
6083 uschar * dstfield;
6084 uschar * expr;
6085 BOOL before;
6086
6087 /* field for comparison */
6088 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
6089 goto sort_mismatch;
6090
6091 /* build and run condition string */
6092 expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield);
6093
6094 DEBUG(D_expand) debug_printf_indent("%s: cond = \"%s\"\n", name, expr);
6095 if (!eval_condition(expr, &resetok, &before))
6096 {
6097 expand_string_message = string_sprintf("comparison in sort: %s",
6098 expr);
6099 goto EXPAND_FAILED;
6100 }
6101
6102 if (before)
6103 {
6104 /* New-item sorts before this dst-item. Append new-item,
6105 then dst-item, then remainder of dst list. */
6106
6107 newlist = string_append_listele(newlist, sep, srcitem);
6108 newkeylist = string_append_listele(newkeylist, sep, srcfield);
6109 srcitem = NULL;
6110
6111 newlist = string_append_listele(newlist, sep, dstitem);
6112 newkeylist = string_append_listele(newkeylist, sep, dstfield);
6113
6114 while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
6115 {
6116 if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
6117 goto sort_mismatch;
6118 newlist = string_append_listele(newlist, sep, dstitem);
6119 newkeylist = string_append_listele(newkeylist, sep, dstfield);
6120 }
6121
6122 break;
6123 }
6124
6125 newlist = string_append_listele(newlist, sep, dstitem);
6126 newkeylist = string_append_listele(newkeylist, sep, dstfield);
6127 }
6128
6129 /* If we ran out of dstlist without consuming srcitem, append it */
6130 if (srcitem)
6131 {
6132 newlist = string_append_listele(newlist, sep, srcitem);
6133 newkeylist = string_append_listele(newkeylist, sep, srcfield);
6134 }
6135
6136 dstlist = newlist->s;
6137 dstkeylist = newkeylist->s;
6138
6139 DEBUG(D_expand) debug_printf_indent("%s: dstlist = \"%s\"\n", name, dstlist);
6140 DEBUG(D_expand) debug_printf_indent("%s: dstkeylist = \"%s\"\n", name, dstkeylist);
6141 }
6142
6143 if (dstlist)
6144 yield = string_cat(yield, dstlist);
6145
6146 /* Restore preserved $item */
6147 iterate_item = save_iterate_item;
6148 continue;
6149
6150 sort_mismatch:
6151 expand_string_message = US"Internal error in sort (list mismatch)";
6152 goto EXPAND_FAILED;
6153 }
6154
6155
6156 /* If ${dlfunc } support is configured, handle calling dynamically-loaded
6157 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
6158 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
6159 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
6160
6161 #define EXPAND_DLFUNC_MAX_ARGS 8
6162
6163 case EITEM_DLFUNC:
6164 #ifndef EXPAND_DLFUNC
6165 expand_string_message = US"\"${dlfunc\" encountered, but this facility " /*}*/
6166 "is not included in this binary";
6167 goto EXPAND_FAILED;
6168
6169 #else /* EXPAND_DLFUNC */
6170 {
6171 tree_node *t;
6172 exim_dlfunc_t *func;
6173 uschar *result;
6174 int status, argc;
6175 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
6176
6177 if ((expand_forbid & RDO_DLFUNC) != 0)
6178 {
6179 expand_string_message =
6180 US"dynamically-loaded functions are not permitted";
6181 goto EXPAND_FAILED;
6182 }
6183
6184 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
6185 TRUE, US"dlfunc", &resetok))
6186 {
6187 case 1: goto EXPAND_FAILED_CURLY;
6188 case 2:
6189 case 3: goto EXPAND_FAILED;
6190 }
6191
6192 /* If skipping, we don't actually do anything */
6193
6194 if (skipping) continue;
6195
6196 /* Look up the dynamically loaded object handle in the tree. If it isn't
6197 found, dlopen() the file and put the handle in the tree for next time. */
6198
6199 t = tree_search(dlobj_anchor, argv[0]);
6200 if (t == NULL)
6201 {
6202 void *handle = dlopen(CS argv[0], RTLD_LAZY);
6203 if (handle == NULL)
6204 {
6205 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
6206 argv[0], dlerror());
6207 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
6208 goto EXPAND_FAILED;
6209 }
6210 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
6211 Ustrcpy(t->name, argv[0]);
6212 t->data.ptr = handle;
6213 (void)tree_insertnode(&dlobj_anchor, t);
6214 }
6215
6216 /* Having obtained the dynamically loaded object handle, look up the
6217 function pointer. */
6218
6219 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
6220 if (func == NULL)
6221 {
6222 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
6223 "%s", argv[1], argv[0], dlerror());
6224 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
6225 goto EXPAND_FAILED;
6226 }
6227
6228 /* Call the function and work out what to do with the result. If it
6229 returns OK, we have a replacement string; if it returns DEFER then
6230 expansion has failed in a non-forced manner; if it returns FAIL then
6231 failure was forced; if it returns ERROR or any other value there's a
6232 problem, so panic slightly. In any case, assume that the function has
6233 side-effects on the store that must be preserved. */
6234
6235 resetok = FALSE;
6236 result = NULL;
6237 for (argc = 0; argv[argc] != NULL; argc++);
6238 status = func(&result, argc - 2, &argv[2]);
6239 if(status == OK)
6240 {
6241 if (result == NULL) result = US"";
6242 yield = string_cat(yield, result);
6243 continue;
6244 }
6245 else
6246 {
6247 expand_string_message = result == NULL ? US"(no message)" : result;
6248 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
6249 else if(status != FAIL)
6250 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
6251 argv[0], argv[1], status, expand_string_message);
6252 goto EXPAND_FAILED;
6253 }
6254 }
6255 #endif /* EXPAND_DLFUNC */
6256
6257 case EITEM_ENV: /* ${env {name} {val_if_found} {val_if_unfound}} */
6258 {
6259 uschar * key;
6260 uschar *save_lookup_value = lookup_value;
6261
6262 while (isspace(*s)) s++;
6263 if (*s != '{') /*}*/
6264 goto EXPAND_FAILED;
6265
6266 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
6267 if (!key) goto EXPAND_FAILED; /*{*/
6268 if (*s++ != '}')
6269 {
6270 expand_string_message = US"missing '{' for name arg of env";
6271 goto EXPAND_FAILED_CURLY;
6272 }
6273
6274 lookup_value = US getenv(CS key);
6275
6276 switch(process_yesno(
6277 skipping, /* were previously skipping */
6278 lookup_value != NULL, /* success/failure indicator */
6279 save_lookup_value, /* value to reset for string2 */
6280 &s, /* input pointer */
6281 &yield, /* output pointer */
6282 US"env", /* condition type */
6283 &resetok))
6284 {
6285 case 1: goto EXPAND_FAILED; /* when all is well, the */
6286 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
6287 }
6288 continue;
6289 }
6290 } /* EITEM_* switch */
6291
6292 /* Control reaches here if the name is not recognized as one of the more
6293 complicated expansion items. Check for the "operator" syntax (name terminated
6294 by a colon). Some of the operators have arguments, separated by _ from the
6295 name. */
6296
6297 if (*s == ':')
6298 {
6299 int c;
6300 uschar *arg = NULL;
6301 uschar *sub;
6302 var_entry *vp = NULL;
6303
6304 /* Owing to an historical mis-design, an underscore may be part of the
6305 operator name, or it may introduce arguments. We therefore first scan the
6306 table of names that contain underscores. If there is no match, we cut off
6307 the arguments and then scan the main table. */
6308
6309 if ((c = chop_match(name, op_table_underscore,
6310 nelem(op_table_underscore))) < 0)
6311 {
6312 arg = Ustrchr(name, '_');
6313 if (arg != NULL) *arg = 0;
6314 c = chop_match(name, op_table_main, nelem(op_table_main));
6315 if (c >= 0) c += nelem(op_table_underscore);
6316 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
6317 }
6318
6319 /* Deal specially with operators that might take a certificate variable
6320 as we do not want to do the usual expansion. For most, expand the string.*/
6321 switch(c)
6322 {
6323 #ifdef SUPPORT_TLS
6324 case EOP_MD5:
6325 case EOP_SHA1:
6326 case EOP_SHA256:
6327 case EOP_BASE64:
6328 if (s[1] == '$')
6329 {
6330 const uschar * s1 = s;
6331 sub = expand_string_internal(s+2, TRUE, &s1, skipping,
6332 FALSE, &resetok);
6333 if (!sub) goto EXPAND_FAILED; /*{*/
6334 if (*s1 != '}')
6335 {
6336 expand_string_message =
6337 string_sprintf("missing '}' closing cert arg of %s", name);
6338 goto EXPAND_FAILED_CURLY;
6339 }
6340 if ((vp = find_var_ent(sub)) && vp->type == vtype_cert)
6341 {
6342 s = s1+1;
6343 break;
6344 }
6345 vp = NULL;
6346 }
6347 /*FALLTHROUGH*/
6348 #endif
6349 default:
6350 sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
6351 if (!sub) goto EXPAND_FAILED;
6352 s++;
6353 break;
6354 }
6355
6356 /* If we are skipping, we don't need to perform the operation at all.
6357 This matters for operations like "mask", because the data may not be
6358 in the correct format when skipping. For example, the expression may test
6359 for the existence of $sender_host_address before trying to mask it. For
6360 other operations, doing them may not fail, but it is a waste of time. */
6361
6362 if (skipping && c >= 0) continue;
6363
6364 /* Otherwise, switch on the operator type */
6365
6366 switch(c)
6367 {
6368 case EOP_BASE32:
6369 {
6370 uschar *t;
6371 unsigned long int n = Ustrtoul(sub, &t, 10);
6372 gstring * g = NULL;
6373
6374 if (*t != 0)
6375 {
6376 expand_string_message = string_sprintf("argument for base32 "
6377 "operator is \"%s\", which is not a decimal number", sub);
6378 goto EXPAND_FAILED;
6379 }
6380 for ( ; n; n >>= 5)
6381 g = string_catn(g, &base32_chars[n & 0x1f], 1);
6382
6383 if (g) while (g->ptr > 0) yield = string_catn(yield, &g->s[--g->ptr], 1);
6384 continue;
6385 }
6386
6387 case EOP_BASE32D:
6388 {
6389 uschar *tt = sub;
6390 unsigned long int n = 0;
6391 uschar * s;
6392 while (*tt)
6393 {
6394 uschar * t = Ustrchr(base32_chars, *tt++);
6395 if (t == NULL)
6396 {
6397 expand_string_message = string_sprintf("argument for base32d "
6398 "operator is \"%s\", which is not a base 32 number", sub);
6399 goto EXPAND_FAILED;
6400 }
6401 n = n * 32 + (t - base32_chars);
6402 }
6403 s = string_sprintf("%ld", n);
6404 yield = string_cat(yield, s);
6405 continue;
6406 }
6407
6408 case EOP_BASE62:
6409 {
6410 uschar *t;
6411 unsigned long int n = Ustrtoul(sub, &t, 10);
6412 if (*t != 0)
6413 {
6414 expand_string_message = string_sprintf("argument for base62 "
6415 "operator is \"%s\", which is not a decimal number", sub);
6416 goto EXPAND_FAILED;
6417 }
6418 t = string_base62(n);
6419 yield = string_cat(yield, t);
6420 continue;
6421 }
6422
6423 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
6424
6425 case EOP_BASE62D:
6426 {
6427 uschar buf[16];
6428 uschar *tt = sub;
6429 unsigned long int n = 0;
6430 while (*tt != 0)
6431 {
6432 uschar *t = Ustrchr(base62_chars, *tt++);
6433 if (t == NULL)
6434 {
6435 expand_string_message = string_sprintf("argument for base62d "
6436 "operator is \"%s\", which is not a base %d number", sub,
6437 BASE_62);
6438 goto EXPAND_FAILED;
6439 }
6440 n = n * BASE_62 + (t - base62_chars);
6441 }
6442 (void)sprintf(CS buf, "%ld", n);
6443 yield = string_cat(yield, buf);
6444 continue;
6445 }
6446
6447 case EOP_EXPAND:
6448 {
6449 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
6450 if (expanded == NULL)
6451 {
6452 expand_string_message =
6453 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
6454 expand_string_message);
6455 goto EXPAND_FAILED;
6456 }
6457 yield = string_cat(yield, expanded);
6458 continue;
6459 }
6460
6461 case EOP_LC:
6462 {
6463 int count = 0;
6464 uschar *t = sub - 1;
6465 while (*(++t) != 0) { *t = tolower(*t); count++; }
6466 yield = string_catn(yield, sub, count);
6467 continue;
6468 }
6469
6470 case EOP_UC:
6471 {
6472 int count = 0;
6473 uschar *t = sub - 1;
6474 while (*(++t) != 0) { *t = toupper(*t); count++; }
6475 yield = string_catn(yield, sub, count);
6476 continue;
6477 }
6478
6479 case EOP_MD5:
6480 #ifdef SUPPORT_TLS
6481 if (vp && *(void **)vp->value)
6482 {
6483 uschar * cp = tls_cert_fprt_md5(*(void **)vp->value);
6484 yield = string_cat(yield, cp);
6485 }
6486 else
6487 #endif
6488 {
6489 md5 base;
6490 uschar digest[16];
6491 int j;
6492 char st[33];
6493 md5_start(&base);
6494 md5_end(&base, sub, Ustrlen(sub), digest);
6495 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
6496 yield = string_cat(yield, US st);
6497 }
6498 continue;
6499
6500 case EOP_SHA1:
6501 #ifdef SUPPORT_TLS
6502 if (vp && *(void **)vp->value)
6503 {
6504 uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value);
6505 yield = string_cat(yield, cp);
6506 }
6507 else
6508 #endif
6509 {
6510 hctx h;
6511 uschar digest[20];
6512 int j;
6513 char st[41];
6514 sha1_start(&h);
6515 sha1_end(&h, sub, Ustrlen(sub), digest);
6516 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
6517 yield = string_catn(yield, US st, 40);
6518 }
6519 continue;
6520
6521 case EOP_SHA256:
6522 #ifdef EXIM_HAVE_SHA2
6523 if (vp && *(void **)vp->value)
6524 {
6525 uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
6526 yield = string_cat(yield, cp);
6527 }
6528 else
6529 {
6530 hctx h;
6531 blob b;
6532 char st[3];
6533
6534 if (!exim_sha_init(&h, HASH_SHA2_256))
6535 {
6536 expand_string_message = US"unrecognised sha256 variant";
6537 goto EXPAND_FAILED;
6538 }
6539 exim_sha_update(&h, sub, Ustrlen(sub));
6540 exim_sha_finish(&h, &b);
6541 while (b.len-- > 0)
6542 {
6543 sprintf(st, "%02X", *b.data++);
6544 yield = string_catn(yield, US st, 2);
6545 }
6546 }
6547 #else
6548 expand_string_message = US"sha256 only supported with TLS";
6549 #endif
6550 continue;
6551
6552 case EOP_SHA3:
6553 #ifdef EXIM_HAVE_SHA3
6554 {
6555 hctx h;
6556 blob b;
6557 char st[3];
6558 hashmethod m = !arg ? HASH_SHA3_256
6559 : Ustrcmp(arg, "224") == 0 ? HASH_SHA3_224
6560 : Ustrcmp(arg, "256") == 0 ? HASH_SHA3_256
6561 : Ustrcmp(arg, "384") == 0 ? HASH_SHA3_384
6562 : Ustrcmp(arg, "512") == 0 ? HASH_SHA3_512
6563 : HASH_BADTYPE;
6564
6565 if (m == HASH_BADTYPE || !exim_sha_init(&h, m))
6566 {
6567 expand_string_message = US"unrecognised sha3 variant";
6568 goto EXPAND_FAILED;
6569 }
6570
6571 exim_sha_update(&h, sub, Ustrlen(sub));
6572 exim_sha_finish(&h, &b);
6573 while (b.len-- > 0)
6574 {
6575 sprintf(st, "%02X", *b.data++);
6576 yield = string_catn(yield, US st, 2);
6577 }
6578 }
6579 continue;
6580 #else
6581 expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 + or OpenSSL 1.1.1 +";
6582 goto EXPAND_FAILED;
6583 #endif
6584
6585 /* Convert hex encoding to base64 encoding */
6586
6587 case EOP_HEX2B64:
6588 {
6589 int c = 0;
6590 int b = -1;
6591 uschar *in = sub;
6592 uschar *out = sub;
6593 uschar *enc;
6594
6595 for (enc = sub; *enc != 0; enc++)
6596 {
6597 if (!isxdigit(*enc))
6598 {
6599 expand_string_message = string_sprintf("\"%s\" is not a hex "
6600 "string", sub);
6601 goto EXPAND_FAILED;
6602 }
6603 c++;
6604 }
6605
6606 if ((c & 1) != 0)
6607 {
6608 expand_string_message = string_sprintf("\"%s\" contains an odd "
6609 "number of characters", sub);
6610 goto EXPAND_FAILED;
6611 }
6612
6613 while ((c = *in++) != 0)
6614 {
6615 if (isdigit(c)) c -= '0';
6616 else c = toupper(c) - 'A' + 10;
6617 if (b == -1)
6618 {
6619 b = c << 4;
6620 }
6621 else
6622 {
6623 *out++ = b | c;
6624 b = -1;
6625 }
6626 }
6627
6628 enc = b64encode(sub, out - sub);
6629 yield = string_cat(yield, enc);
6630 continue;
6631 }
6632
6633 /* Convert octets outside 0x21..0x7E to \xXX form */
6634
6635 case EOP_HEXQUOTE:
6636 {
6637 uschar *t = sub - 1;
6638 while (*(++t) != 0)
6639 {
6640 if (*t < 0x21 || 0x7E < *t)
6641 yield = string_catn(yield, string_sprintf("\\x%02x", *t), 4);
6642 else
6643 yield = string_catn(yield, t, 1);
6644 }
6645 continue;
6646 }
6647
6648 /* count the number of list elements */
6649
6650 case EOP_LISTCOUNT:
6651 {
6652 int cnt = 0;
6653 int sep = 0;
6654 uschar * cp;
6655 uschar buffer[256];
6656
6657 while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
6658 cp = string_sprintf("%d", cnt);
6659 yield = string_cat(yield, cp);
6660 continue;
6661 }
6662
6663 /* expand a named list given the name */
6664 /* handles nested named lists; requotes as colon-sep list */
6665
6666 case EOP_LISTNAMED:
6667 {
6668 tree_node *t = NULL;
6669 const uschar * list;
6670 int sep = 0;
6671 uschar * item;
6672 uschar * suffix = US"";
6673 BOOL needsep = FALSE;
6674 uschar buffer[256];
6675
6676 if (*sub == '+') sub++;
6677 if (arg == NULL) /* no-argument version */
6678 {
6679 if (!(t = tree_search(addresslist_anchor, sub)) &&
6680 !(t = tree_search(domainlist_anchor, sub)) &&
6681 !(t = tree_search(hostlist_anchor, sub)))
6682 t = tree_search(localpartlist_anchor, sub);
6683 }
6684 else switch(*arg) /* specific list-type version */
6685 {
6686 case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break;
6687 case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break;
6688 case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break;
6689 case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
6690 default:
6691 expand_string_message = string_sprintf("bad suffix on \"list\" operator");
6692 goto EXPAND_FAILED;
6693 }
6694
6695 if(!t)
6696 {
6697 expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
6698 sub, !arg?""
6699 : *arg=='a'?"address "
6700 : *arg=='d'?"domain "
6701 : *arg=='h'?"host "
6702 : *arg=='l'?"localpart "
6703 : 0);
6704 goto EXPAND_FAILED;
6705 }
6706
6707 list = ((namedlist_block *)(t->data.ptr))->string;
6708
6709 while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
6710 {
6711 uschar * buf = US" : ";
6712 if (needsep)
6713 yield = string_catn(yield, buf, 3);
6714 else
6715 needsep = TRUE;
6716
6717 if (*item == '+') /* list item is itself a named list */
6718 {
6719 uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
6720 item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE, &resetok);
6721 }
6722 else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
6723 {
6724 char * cp;
6725 char tok[3];
6726 tok[0] = sep; tok[1] = ':'; tok[2] = 0;
6727 while ((cp= strpbrk(CCS item, tok)))
6728 {
6729 yield = string_catn(yield, item, cp - CS item);
6730 if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
6731 {
6732 yield = string_catn(yield, US"::", 2);
6733 item = US cp;
6734 }
6735 else /* sep in item; should already be doubled; emit once */
6736 {
6737 yield = string_catn(yield, US tok, 1);
6738 if (*cp == sep) cp++;
6739 item = US cp;
6740 }
6741 }
6742 }
6743 yield = string_cat(yield, item);
6744 }
6745 continue;
6746 }
6747
6748 /* mask applies a mask to an IP address; for example the result of
6749 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
6750
6751 case EOP_MASK:
6752 {
6753 int count;
6754 uschar *endptr;
6755 int binary[4];
6756 int mask, maskoffset;
6757 int type = string_is_ip_address(sub, &maskoffset);
6758 uschar buffer[64];
6759
6760 if (type == 0)
6761 {
6762 expand_string_message = string_sprintf("\"%s\" is not an IP address",
6763 sub);
6764 goto EXPAND_FAILED;
6765 }
6766
6767 if (maskoffset == 0)
6768 {
6769 expand_string_message = string_sprintf("missing mask value in \"%s\"",
6770 sub);
6771 goto EXPAND_FAILED;
6772 }
6773
6774 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
6775
6776 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
6777 {
6778 expand_string_message = string_sprintf("mask value too big in \"%s\"",
6779 sub);
6780 goto EXPAND_FAILED;
6781 }
6782
6783 /* Convert the address to binary integer(s) and apply the mask */
6784
6785 sub[maskoffset] = 0;
6786 count = host_aton(sub, binary);
6787 host_mask(count, binary, mask);
6788
6789 /* Convert to masked textual format and add to output. */
6790
6791 yield = string_catn(yield, buffer,
6792 host_nmtoa(count, binary, mask, buffer, '.'));
6793 continue;
6794 }
6795
6796 case EOP_IPV6NORM:
6797 case EOP_IPV6DENORM:
6798 {
6799 int type = string_is_ip_address(sub, NULL);
6800 int binary[4];
6801 uschar buffer[44];
6802
6803 switch (type)
6804 {
6805 case 6:
6806 (void) host_aton(sub, binary);
6807 break;
6808
6809 case 4: /* convert to IPv4-mapped IPv6 */
6810 binary[0] = binary[1] = 0;
6811 binary[2] = 0x0000ffff;
6812 (void) host_aton(sub, binary+3);
6813 break;
6814
6815 case 0:
6816 expand_string_message =
6817 string_sprintf("\"%s\" is not an IP address", sub);
6818 goto EXPAND_FAILED;
6819 }
6820
6821 yield = string_catn(yield, buffer, c == EOP_IPV6NORM
6822 ? ipv6_nmtoa(binary, buffer)
6823 : host_nmtoa(4, binary, -1, buffer, ':')
6824 );
6825 continue;
6826 }
6827
6828 case EOP_ADDRESS:
6829 case EOP_LOCAL_PART:
6830 case EOP_DOMAIN:
6831 {
6832 uschar * error;
6833 int start, end, domain;
6834 uschar * t = parse_extract_address(sub, &error, &start, &end, &domain,
6835 FALSE);
6836 if (t)
6837 if (c != EOP_DOMAIN)
6838 {
6839 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
6840 yield = string_catn(yield, sub+start, end-start);
6841 }
6842 else if (domain != 0)
6843 {
6844 domain += start;
6845 yield = string_catn(yield, sub+domain, end-domain);
6846 }
6847 continue;
6848 }
6849
6850 case EOP_ADDRESSES:
6851 {
6852 uschar outsep[2] = { ':', '\0' };
6853 uschar *address, *error;
6854 int save_ptr = yield->ptr;
6855 int start, end, domain; /* Not really used */
6856
6857 while (isspace(*sub)) sub++;
6858 if (*sub == '>')
6859 if (*outsep = *++sub) ++sub;
6860 else
6861 {
6862 expand_string_message = string_sprintf("output separator "
6863 "missing in expanding ${addresses:%s}", --sub);
6864 goto EXPAND_FAILED;
6865 }
6866 parse_allow_group = TRUE;
6867
6868 for (;;)
6869 {
6870 uschar *p = parse_find_address_end(sub, FALSE);
6871 uschar saveend = *p;
6872 *p = '\0';
6873 address = parse_extract_address(sub, &error, &start, &end, &domain,
6874 FALSE);
6875 *p = saveend;
6876
6877 /* Add the address to the output list that we are building. This is
6878 done in chunks by searching for the separator character. At the
6879 start, unless we are dealing with the first address of the output
6880 list, add in a space if the new address begins with the separator
6881 character, or is an empty string. */
6882
6883 if (address != NULL)
6884 {
6885 if (yield->ptr != save_ptr && address[0] == *outsep)
6886 yield = string_catn(yield, US" ", 1);
6887
6888 for (;;)
6889 {
6890 size_t seglen = Ustrcspn(address, outsep);
6891 yield = string_catn(yield, address, seglen + 1);
6892
6893 /* If we got to the end of the string we output one character
6894 too many. */
6895
6896 if (address[seglen] == '\0') { yield->ptr--; break; }
6897 yield = string_catn(yield, outsep, 1);
6898 address += seglen + 1;
6899 }
6900
6901 /* Output a separator after the string: we will remove the
6902 redundant final one at the end. */
6903
6904 yield = string_catn(yield, outsep, 1);
6905 }
6906
6907 if (saveend == '\0') break;
6908 sub = p + 1;
6909 }
6910
6911 /* If we have generated anything, remove the redundant final
6912 separator. */
6913
6914 if (yield->ptr != save_ptr) yield->ptr--;
6915 parse_allow_group = FALSE;
6916 continue;
6917 }
6918
6919
6920 /* quote puts a string in quotes if it is empty or contains anything
6921 other than alphamerics, underscore, dot, or hyphen.
6922
6923 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
6924 be quoted in order to be a valid local part.
6925
6926 In both cases, newlines and carriage returns are converted into \n and \r
6927 respectively */
6928
6929 case EOP_QUOTE:
6930 case EOP_QUOTE_LOCAL_PART:
6931 if (arg == NULL)
6932 {
6933 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
6934 uschar *t = sub - 1;
6935
6936 if (c == EOP_QUOTE)
6937 {
6938 while (!needs_quote && *(++t) != 0)
6939 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
6940 }
6941 else /* EOP_QUOTE_LOCAL_PART */
6942 {
6943 while (!needs_quote && *(++t) != 0)
6944 needs_quote = !isalnum(*t) &&
6945 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
6946 (*t != '.' || t == sub || t[1] == 0);
6947 }
6948
6949 if (needs_quote)
6950 {
6951 yield = string_catn(yield, US"\"", 1);
6952 t = sub - 1;
6953 while (*(++t) != 0)
6954 {
6955 if (*t == '\n')
6956 yield = string_catn(yield, US"\\n", 2);
6957 else if (*t == '\r')
6958 yield = string_catn(yield, US"\\r", 2);
6959 else
6960 {
6961 if (*t == '\\' || *t == '"')
6962 yield = string_catn(yield, US"\\", 1);
6963 yield = string_catn(yield, t, 1);
6964 }
6965 }
6966 yield = string_catn(yield, US"\"", 1);
6967 }
6968 else yield = string_cat(yield, sub);
6969 continue;
6970 }
6971
6972 /* quote_lookuptype does lookup-specific quoting */
6973
6974 else
6975 {
6976 int n;
6977 uschar *opt = Ustrchr(arg, '_');
6978
6979 if (opt != NULL) *opt++ = 0;
6980
6981 n = search_findtype(arg, Ustrlen(arg));
6982 if (n < 0)
6983 {
6984 expand_string_message = search_error_message;
6985 goto EXPAND_FAILED;
6986 }
6987
6988 if (lookup_list[n]->quote != NULL)
6989 sub = (lookup_list[n]->quote)(sub, opt);
6990 else if (opt != NULL) sub = NULL;
6991
6992 if (sub == NULL)
6993 {
6994 expand_string_message = string_sprintf(
6995 "\"%s\" unrecognized after \"${quote_%s\"",
6996 opt, arg);
6997 goto EXPAND_FAILED;
6998 }
6999
7000 yield = string_cat(yield, sub);
7001 continue;
7002 }
7003
7004 /* rx quote sticks in \ before any non-alphameric character so that
7005 the insertion works in a regular expression. */
7006
7007 case EOP_RXQUOTE:
7008 {
7009 uschar *t = sub - 1;
7010 while (*(++t) != 0)
7011 {
7012 if (!isalnum(*t))
7013 yield = string_catn(yield, US"\\", 1);
7014 yield = string_catn(yield, t, 1);
7015 }
7016 continue;
7017 }
7018
7019 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
7020 prescribed by the RFC, if there are characters that need to be encoded */
7021
7022 case EOP_RFC2047:
7023 {
7024 uschar buffer[2048];
7025 const uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
7026 buffer, sizeof(buffer), FALSE);
7027 yield = string_cat(yield, string);
7028 continue;
7029 }
7030
7031 /* RFC 2047 decode */
7032
7033 case EOP_RFC2047D:
7034 {
7035 int len;
7036 uschar *error;
7037 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
7038 headers_charset, '?', &len, &error);
7039 if (error != NULL)
7040 {
7041 expand_string_message = error;
7042 goto EXPAND_FAILED;
7043 }
7044 yield = string_catn(yield, decoded, len);
7045 continue;
7046 }
7047
7048 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
7049 underscores */
7050
7051 case EOP_FROM_UTF8:
7052 {
7053 while (*sub != 0)
7054 {
7055 int c;
7056 uschar buff[4];
7057 GETUTF8INC(c, sub);
7058 if (c > 255) c = '_';
7059 buff[0] = c;
7060 yield = string_catn(yield, buff, 1);
7061 }
7062 continue;
7063 }
7064
7065 /* replace illegal UTF-8 sequences by replacement character */
7066
7067 #define UTF8_REPLACEMENT_CHAR US"?"
7068
7069 case EOP_UTF8CLEAN:
7070 {
7071 int seq_len = 0, index = 0;
7072 int bytes_left = 0;
7073 long codepoint = -1;
7074 uschar seq_buff[4]; /* accumulate utf-8 here */
7075
7076 while (*sub != 0)
7077 {
7078 int complete = 0;
7079 uschar c = *sub++;
7080
7081 if (bytes_left)
7082 {
7083 if ((c & 0xc0) != 0x80)
7084 /* wrong continuation byte; invalidate all bytes */
7085 complete = 1; /* error */
7086 else
7087 {
7088 codepoint = (codepoint << 6) | (c & 0x3f);
7089 seq_buff[index++] = c;
7090 if (--bytes_left == 0) /* codepoint complete */
7091 if(codepoint > 0x10FFFF) /* is it too large? */
7092 complete = -1; /* error (RFC3629 limit) */
7093 else
7094 { /* finished; output utf-8 sequence */
7095 yield = string_catn(yield, seq_buff, seq_len);
7096 index = 0;
7097 }
7098 }
7099 }
7100 else /* no bytes left: new sequence */
7101 {
7102 if((c & 0x80) == 0) /* 1-byte sequence, US-ASCII, keep it */
7103 {
7104 yield = string_catn(yield, &c, 1);
7105 continue;
7106 }
7107 if((c & 0xe0) == 0xc0) /* 2-byte sequence */
7108 {
7109 if(c == 0xc0 || c == 0xc1) /* 0xc0 and 0xc1 are illegal */
7110 complete = -1;
7111 else
7112 {
7113 bytes_left = 1;
7114 codepoint = c & 0x1f;
7115 }
7116 }
7117 else if((c & 0xf0) == 0xe0) /* 3-byte sequence */
7118 {
7119 bytes_left = 2;
7120 codepoint = c & 0x0f;
7121 }
7122 else if((c & 0xf8) == 0xf0) /* 4-byte sequence */
7123 {
7124 bytes_left = 3;
7125 codepoint = c & 0x07;
7126 }
7127 else /* invalid or too long (RFC3629 allows only 4 bytes) */
7128 complete = -1;
7129
7130 seq_buff[index++] = c;
7131 seq_len = bytes_left + 1;
7132 } /* if(bytes_left) */
7133
7134 if (complete != 0)
7135 {
7136 bytes_left = index = 0;
7137 yield = string_catn(yield, UTF8_REPLACEMENT_CHAR, 1);
7138 }
7139 if ((complete == 1) && ((c & 0x80) == 0))
7140 /* ASCII character follows incomplete sequence */
7141 yield = string_catn(yield, &c, 1);
7142 }
7143 continue;
7144 }
7145
7146 #ifdef SUPPORT_I18N
7147 case EOP_UTF8_DOMAIN_TO_ALABEL:
7148 {
7149 uschar * error = NULL;
7150 uschar * s = string_domain_utf8_to_alabel(sub, &error);
7151 if (error)
7152 {
7153 expand_string_message = string_sprintf(
7154 "error converting utf8 (%s) to alabel: %s",
7155 string_printing(sub), error);
7156 goto EXPAND_FAILED;
7157 }
7158 yield = string_cat(yield, s);
7159 continue;
7160 }
7161
7162 case EOP_UTF8_DOMAIN_FROM_ALABEL:
7163 {
7164 uschar * error = NULL;
7165 uschar * s = string_domain_alabel_to_utf8(sub, &error);
7166 if (error)
7167 {
7168 expand_string_message = string_sprintf(
7169 "error converting alabel (%s) to utf8: %s",
7170 string_printing(sub), error);
7171 goto EXPAND_FAILED;
7172 }
7173 yield = string_cat(yield, s);
7174 continue;
7175 }
7176
7177 case EOP_UTF8_LOCALPART_TO_ALABEL:
7178 {
7179 uschar * error = NULL;
7180 uschar * s = string_localpart_utf8_to_alabel(sub, &error);
7181 if (error)
7182 {
7183 expand_string_message = string_sprintf(
7184 "error converting utf8 (%s) to alabel: %s",
7185 string_printing(sub), error);
7186 goto EXPAND_FAILED;
7187 }
7188 yield = string_cat(yield, s);
7189 DEBUG(D_expand) debug_printf_indent("yield: '%s'\n", yield->s);
7190 continue;
7191 }
7192
7193 case EOP_UTF8_LOCALPART_FROM_ALABEL:
7194 {
7195 uschar * error = NULL;
7196 uschar * s = string_localpart_alabel_to_utf8(sub, &error);
7197 if (error)
7198 {
7199 expand_string_message = string_sprintf(
7200 "error converting alabel (%s) to utf8: %s",
7201 string_printing(sub), error);
7202 goto EXPAND_FAILED;
7203 }
7204 yield = string_cat(yield, s);
7205 continue;
7206 }
7207 #endif /* EXPERIMENTAL_INTERNATIONAL */
7208
7209 /* escape turns all non-printing characters into escape sequences. */
7210
7211 case EOP_ESCAPE:
7212 {
7213 const uschar * t = string_printing(sub);
7214 yield = string_cat(yield, t);
7215 continue;
7216 }
7217
7218 case EOP_ESCAPE8BIT:
7219 {
7220 const uschar * s = sub;
7221 uschar c;
7222
7223 for (s = sub; (c = *s); s++)
7224 yield = c < 127 && c != '\\'
7225 ? string_catn(yield, s, 1)
7226 : string_catn(yield, string_sprintf("\\%03o", c), 4);
7227 continue;
7228 }
7229
7230 /* Handle numeric expression evaluation */
7231
7232 case EOP_EVAL:
7233 case EOP_EVAL10:
7234 {
7235 uschar *save_sub = sub;
7236 uschar *error = NULL;
7237 int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
7238 if (error != NULL)
7239 {
7240 expand_string_message = string_sprintf("error in expression "
7241 "evaluation: %s (after processing \"%.*s\")", error,
7242 (int)(sub-save_sub), save_sub);
7243 goto EXPAND_FAILED;
7244 }
7245 sprintf(CS var_buffer, PR_EXIM_ARITH, n);
7246 yield = string_cat(yield, var_buffer);
7247 continue;
7248 }
7249
7250 /* Handle time period formating */
7251
7252 case EOP_TIME_EVAL:
7253 {
7254 int n = readconf_readtime(sub, 0, FALSE);
7255 if (n < 0)
7256 {
7257 expand_string_message = string_sprintf("string \"%s\" is not an "
7258 "Exim time interval in \"%s\" operator", sub, name);
7259 goto EXPAND_FAILED;
7260 }
7261 sprintf(CS var_buffer, "%d", n);
7262 yield = string_cat(yield, var_buffer);
7263 continue;
7264 }
7265
7266 case EOP_TIME_INTERVAL:
7267 {
7268 int n;
7269 uschar *t = read_number(&n, sub);
7270 if (*t != 0) /* Not A Number*/
7271 {
7272 expand_string_message = string_sprintf("string \"%s\" is not a "
7273 "positive number in \"%s\" operator", sub, name);
7274 goto EXPAND_FAILED;
7275 }
7276 t = readconf_printtime(n);
7277 yield = string_cat(yield, t);
7278 continue;
7279 }
7280
7281 /* Convert string to base64 encoding */
7282
7283 case EOP_STR2B64:
7284 case EOP_BASE64:
7285 {
7286 #ifdef SUPPORT_TLS
7287 uschar * s = vp && *(void **)vp->value
7288 ? tls_cert_der_b64(*(void **)vp->value)
7289 : b64encode(sub, Ustrlen(sub));
7290 #else
7291 uschar * s = b64encode(sub, Ustrlen(sub));
7292 #endif
7293 yield = string_cat(yield, s);
7294 continue;
7295 }
7296
7297 case EOP_BASE64D:
7298 {
7299 uschar * s;
7300 int len = b64decode(sub, &s);
7301 if (len < 0)
7302 {
7303 expand_string_message = string_sprintf("string \"%s\" is not "
7304 "well-formed for \"%s\" operator", sub, name);
7305 goto EXPAND_FAILED;
7306 }
7307 yield = string_cat(yield, s);
7308 continue;
7309 }
7310
7311 /* strlen returns the length of the string */
7312
7313 case EOP_STRLEN:
7314 {
7315 uschar buff[24];
7316 (void)sprintf(CS buff, "%d", Ustrlen(sub));
7317 yield = string_cat(yield, buff);
7318 continue;
7319 }
7320
7321 /* length_n or l_n takes just the first n characters or the whole string,
7322 whichever is the shorter;
7323
7324 substr_m_n, and s_m_n take n characters from offset m; negative m take
7325 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
7326 takes the rest, either to the right or to the left.
7327
7328 hash_n or h_n makes a hash of length n from the string, yielding n
7329 characters from the set a-z; hash_n_m makes a hash of length n, but
7330 uses m characters from the set a-zA-Z0-9.
7331
7332 nhash_n returns a single number between 0 and n-1 (in text form), while
7333 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
7334 between 0 and n-1 and the second between 0 and m-1. */
7335
7336 case EOP_LENGTH:
7337 case EOP_L:
7338 case EOP_SUBSTR:
7339 case EOP_S:
7340 case EOP_HASH:
7341 case EOP_H:
7342 case EOP_NHASH:
7343 case EOP_NH:
7344 {
7345 int sign = 1;
7346 int value1 = 0;
7347 int value2 = -1;
7348 int *pn;
7349 int len;
7350 uschar *ret;
7351
7352 if (arg == NULL)
7353 {
7354 expand_string_message = string_sprintf("missing values after %s",
7355 name);
7356 goto EXPAND_FAILED;
7357 }
7358
7359 /* "length" has only one argument, effectively being synonymous with
7360 substr_0_n. */
7361
7362 if (c == EOP_LENGTH || c == EOP_L)
7363 {
7364 pn = &value2;
7365 value2 = 0;
7366 }
7367
7368 /* The others have one or two arguments; for "substr" the first may be
7369 negative. The second being negative means "not supplied". */
7370
7371 else
7372 {
7373 pn = &value1;
7374 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
7375 }
7376
7377 /* Read up to two numbers, separated by underscores */
7378
7379 ret = arg;
7380 while (*arg != 0)
7381 {
7382 if (arg != ret && *arg == '_' && pn == &value1)
7383 {
7384 pn = &value2;
7385 value2 = 0;
7386 if (arg[1] != 0) arg++;
7387 }
7388 else if (!isdigit(*arg))
7389 {
7390 expand_string_message =
7391 string_sprintf("non-digit after underscore in \"%s\"", name);
7392 goto EXPAND_FAILED;
7393 }
7394 else *pn = (*pn)*10 + *arg++ - '0';
7395 }
7396 value1 *= sign;
7397
7398 /* Perform the required operation */
7399
7400 ret =
7401 (c == EOP_HASH || c == EOP_H)?
7402 compute_hash(sub, value1, value2, &len) :
7403 (c == EOP_NHASH || c == EOP_NH)?
7404 compute_nhash(sub, value1, value2, &len) :
7405 extract_substr(sub, value1, value2, &len);
7406
7407 if (ret == NULL) goto EXPAND_FAILED;
7408 yield = string_catn(yield, ret, len);
7409 continue;
7410 }
7411
7412 /* Stat a path */
7413
7414 case EOP_STAT:
7415 {
7416 uschar *s;
7417 uschar smode[12];
7418 uschar **modetable[3];
7419 int i;
7420 mode_t mode;
7421 struct stat st;
7422
7423 if ((expand_forbid & RDO_EXISTS) != 0)
7424 {
7425 expand_string_message = US"Use of the stat() expansion is not permitted";
7426 goto EXPAND_FAILED;
7427 }
7428
7429 if (stat(CS sub, &st) < 0)
7430 {
7431 expand_string_message = string_sprintf("stat(%s) failed: %s",
7432 sub, strerror(errno));
7433 goto EXPAND_FAILED;
7434 }
7435 mode = st.st_mode;
7436 switch (mode & S_IFMT)
7437 {
7438 case S_IFIFO: smode[0] = 'p'; break;
7439 case S_IFCHR: smode[0] = 'c'; break;
7440 case S_IFDIR: smode[0] = 'd'; break;
7441 case S_IFBLK: smode[0] = 'b'; break;
7442 case S_IFREG: smode[0] = '-'; break;
7443 default: smode[0] = '?'; break;
7444 }
7445
7446 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
7447 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
7448 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
7449
7450 for (i = 0; i < 3; i++)
7451 {
7452 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
7453 mode >>= 3;
7454 }
7455
7456 smode[10] = 0;
7457 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
7458 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
7459 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
7460 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
7461 (long)st.st_gid, st.st_size, (long)st.st_atime,
7462 (long)st.st_mtime, (long)st.st_ctime);
7463 yield = string_cat(yield, s);
7464 continue;
7465 }
7466
7467 /* vaguely random number less than N */
7468
7469 case EOP_RANDINT:
7470 {
7471 int_eximarith_t max;
7472 uschar *s;
7473
7474 max = expanded_string_integer(sub, TRUE);
7475 if (expand_string_message != NULL)
7476 goto EXPAND_FAILED;
7477 s = string_sprintf("%d", vaguely_random_number((int)max));
7478 yield = string_cat(yield, s);
7479 continue;
7480 }
7481
7482 /* Reverse IP, including IPv6 to dotted-nibble */
7483
7484 case EOP_REVERSE_IP:
7485 {
7486 int family, maskptr;
7487 uschar reversed[128];
7488
7489 family = string_is_ip_address(sub, &maskptr);
7490 if (family == 0)
7491 {
7492 expand_string_message = string_sprintf(
7493 "reverse_ip() not given an IP address [%s]", sub);
7494 goto EXPAND_FAILED;
7495 }
7496 invert_address(reversed, sub);
7497 yield = string_cat(yield, reversed);
7498 continue;
7499 }
7500
7501 /* Unknown operator */
7502
7503 default:
7504 expand_string_message =
7505 string_sprintf("unknown expansion operator \"%s\"", name);
7506 goto EXPAND_FAILED;
7507 }
7508 }
7509
7510 /* Handle a plain name. If this is the first thing in the expansion, release
7511 the pre-allocated buffer. If the result data is known to be in a new buffer,
7512 newsize will be set to the size of that buffer, and we can just point at that
7513 store instead of copying. Many expansion strings contain just one reference,
7514 so this is a useful optimization, especially for humungous headers
7515 ($message_headers). */
7516 /*{*/
7517 if (*s++ == '}')
7518 {
7519 int len;
7520 int newsize = 0;
7521 gstring * g = NULL;
7522
7523 if (!yield)
7524 g = store_get(sizeof(gstring));
7525 else if (yield->ptr == 0)
7526 {
7527 if (resetok) store_reset(yield);
7528 yield = NULL;
7529 g = store_get(sizeof(gstring)); /* alloc _before_ calling find_variable() */
7530 }
7531 if (!(value = find_variable(name, FALSE, skipping, &newsize)))
7532 {
7533 expand_string_message =
7534 string_sprintf("unknown variable in \"${%s}\"", name);
7535 check_variable_error_message(name);
7536 goto EXPAND_FAILED;
7537 }
7538 len = Ustrlen(value);
7539 if (!yield && newsize)
7540 {
7541 yield = g;
7542 yield->size = newsize;
7543 yield->ptr = len;
7544 yield->s = value;
7545 }
7546 else
7547 yield = string_catn(yield, value, len);
7548 continue;
7549 }
7550
7551 /* Else there's something wrong */
7552
7553 expand_string_message =
7554 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
7555 "in a variable reference)", name);
7556 goto EXPAND_FAILED;
7557 }
7558
7559 /* If we hit the end of the string when ket_ends is set, there is a missing
7560 terminating brace. */
7561
7562 if (ket_ends && *s == 0)
7563 {
7564 expand_string_message = malformed_header
7565 ? US"missing } at end of string - could be header name not terminated by colon"
7566 : US"missing } at end of string";
7567 goto EXPAND_FAILED;
7568 }
7569
7570 /* Expansion succeeded; yield may still be NULL here if nothing was actually
7571 added to the string. If so, set up an empty string. Add a terminating zero. If
7572 left != NULL, return a pointer to the terminator. */
7573
7574 if (!yield)
7575 yield = string_get(1);
7576 (void) string_from_gstring(yield);
7577 if (left) *left = s;
7578
7579 /* Any stacking store that was used above the final string is no longer needed.
7580 In many cases the final string will be the first one that was got and so there
7581 will be optimal store usage. */
7582
7583 if (resetok) store_reset(yield->s + (yield->size = yield->ptr + 1));
7584 else if (resetok_p) *resetok_p = FALSE;
7585
7586 DEBUG(D_expand)
7587 {
7588 debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
7589 "expanding: %.*s\n",
7590 (int)(s - string), string);
7591 debug_printf_indent("%s"
7592 UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
7593 "result: %s\n",
7594 skipping ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT,
7595 yield->s);
7596 if (skipping)
7597 debug_printf_indent(UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
7598 "skipping: result is not used\n");
7599 }
7600 expand_level--;
7601 return yield->s;
7602
7603 /* This is the failure exit: easiest to program with a goto. We still need
7604 to update the pointer to the terminator, for cases of nested calls with "fail".
7605 */
7606
7607 EXPAND_FAILED_CURLY:
7608 if (malformed_header)
7609 expand_string_message =
7610 US"missing or misplaced { or } - could be header name not terminated by colon";
7611
7612 else if (!expand_string_message || !*expand_string_message)
7613 expand_string_message = US"missing or misplaced { or }";
7614
7615 /* At one point, Exim reset the store to yield (if yield was not NULL), but
7616 that is a bad idea, because expand_string_message is in dynamic store. */
7617
7618 EXPAND_FAILED:
7619 if (left) *left = s;
7620 DEBUG(D_expand)
7621 {
7622 debug_printf_indent(UTF8_VERT_RIGHT "failed to expand: %s\n",
7623 string);
7624 debug_printf_indent("%s" UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
7625 "error message: %s\n",
7626 expand_string_forcedfail ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT,
7627 expand_string_message);
7628 if (expand_string_forcedfail)
7629 debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n");
7630 }
7631 if (resetok_p && !resetok) *resetok_p = FALSE;
7632 expand_level--;
7633 return NULL;
7634 }
7635
7636
7637 /* This is the external function call. Do a quick check for any expansion
7638 metacharacters, and if there are none, just return the input string.
7639
7640 Argument: the string to be expanded
7641 Returns: the expanded string, or NULL if expansion failed; if failure was
7642 due to a lookup deferring, search_find_defer will be TRUE
7643 */
7644
7645 const uschar *
7646 expand_cstring(const uschar * string)
7647 {
7648 if (Ustrpbrk(string, "$\\") != NULL)
7649 {
7650 int old_pool = store_pool;
7651 uschar * s;
7652
7653 search_find_defer = FALSE;
7654 malformed_header = FALSE;
7655 store_pool = POOL_MAIN;
7656 s = expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL);
7657 store_pool = old_pool;
7658 return s;
7659 }
7660 return string;
7661 }
7662
7663
7664 uschar *
7665 expand_string(uschar * string)
7666 {
7667 return US expand_cstring(CUS string);
7668 }
7669
7670
7671
7672
7673
7674 /*************************************************
7675 * Expand and copy *
7676 *************************************************/
7677
7678 /* Now and again we want to expand a string and be sure that the result is in a
7679 new bit of store. This function does that.
7680 Since we know it has been copied, the de-const cast is safe.
7681
7682 Argument: the string to be expanded
7683 Returns: the expanded string, always in a new bit of store, or NULL
7684 */
7685
7686 uschar *
7687 expand_string_copy(const uschar *string)
7688 {
7689 const uschar *yield = expand_cstring(string);
7690 if (yield == string) yield = string_copy(string);
7691 return US yield;
7692 }
7693
7694
7695
7696 /*************************************************
7697 * Expand and interpret as an integer *
7698 *************************************************/
7699
7700 /* Expand a string, and convert the result into an integer.
7701
7702 Arguments:
7703 string the string to be expanded
7704 isplus TRUE if a non-negative number is expected
7705
7706 Returns: the integer value, or
7707 -1 for an expansion error ) in both cases, message in
7708 -2 for an integer interpretation error ) expand_string_message
7709 expand_string_message is set NULL for an OK integer
7710 */
7711
7712 int_eximarith_t
7713 expand_string_integer(uschar *string, BOOL isplus)
7714 {
7715 return expanded_string_integer(expand_string(string), isplus);
7716 }
7717
7718
7719 /*************************************************
7720 * Interpret string as an integer *
7721 *************************************************/
7722
7723 /* Convert a string (that has already been expanded) into an integer.
7724
7725 This function is used inside the expansion code.
7726
7727 Arguments:
7728 s the string to be expanded
7729 isplus TRUE if a non-negative number is expected
7730
7731 Returns: the integer value, or
7732 -1 if string is NULL (which implies an expansion error)
7733 -2 for an integer interpretation error
7734 expand_string_message is set NULL for an OK integer
7735 */
7736
7737 static int_eximarith_t
7738 expanded_string_integer(const uschar *s, BOOL isplus)
7739 {
7740 int_eximarith_t value;
7741 uschar *msg = US"invalid integer \"%s\"";
7742 uschar *endptr;
7743
7744 /* If expansion failed, expand_string_message will be set. */
7745
7746 if (s == NULL) return -1;
7747
7748 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
7749 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
7750 systems, so we set it zero ourselves. */
7751
7752 errno = 0;
7753 expand_string_message = NULL; /* Indicates no error */
7754
7755 /* Before Exim 4.64, strings consisting entirely of whitespace compared
7756 equal to 0. Unfortunately, people actually relied upon that, so preserve
7757 the behaviour explicitly. Stripping leading whitespace is a harmless
7758 noop change since strtol skips it anyway (provided that there is a number
7759 to find at all). */
7760 if (isspace(*s))
7761 {
7762 while (isspace(*s)) ++s;
7763 if (*s == '\0')
7764 {
7765 DEBUG(D_expand)
7766 debug_printf_indent("treating blank string as number 0\n");
7767 return 0;
7768 }
7769 }
7770
7771 value = strtoll(CS s, CSS &endptr, 10);
7772
7773 if (endptr == s)
7774 {
7775 msg = US"integer expected but \"%s\" found";
7776 }
7777 else if (value < 0 && isplus)
7778 {
7779 msg = US"non-negative integer expected but \"%s\" found";
7780 }
7781 else
7782 {
7783 switch (tolower(*endptr))
7784 {
7785 default:
7786 break;
7787 case 'k':
7788 if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE;
7789 else value *= 1024;
7790 endptr++;
7791 break;
7792 case 'm':
7793 if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE;
7794 else value *= 1024*1024;
7795 endptr++;
7796 break;
7797 case 'g':
7798 if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE;
7799 else value *= 1024*1024*1024;
7800 endptr++;
7801 break;
7802 }
7803 if (errno == ERANGE)
7804 msg = US"absolute value of integer \"%s\" is too large (overflow)";
7805 else
7806 {
7807 while (isspace(*endptr)) endptr++;
7808 if (*endptr == 0) return value;
7809 }
7810 }
7811
7812 expand_string_message = string_sprintf(CS msg, s);
7813 return -2;
7814 }
7815
7816
7817 /* These values are usually fixed boolean values, but they are permitted to be
7818 expanded strings.
7819
7820 Arguments:
7821 addr address being routed
7822 mtype the module type
7823 mname the module name
7824 dbg_opt debug selectors
7825 oname the option name
7826 bvalue the router's boolean value
7827 svalue the router's string value
7828 rvalue where to put the returned value
7829
7830 Returns: OK value placed in rvalue
7831 DEFER expansion failed
7832 */
7833
7834 int
7835 exp_bool(address_item *addr,
7836 uschar *mtype, uschar *mname, unsigned dbg_opt,
7837 uschar *oname, BOOL bvalue,
7838 uschar *svalue, BOOL *rvalue)
7839 {
7840 uschar *expanded;
7841 if (svalue == NULL) { *rvalue = bvalue; return OK; }
7842
7843 expanded = expand_string(svalue);
7844 if (expanded == NULL)
7845 {
7846 if (expand_string_forcedfail)
7847 {
7848 DEBUG(dbg_opt) debug_printf("expansion of \"%s\" forced failure\n", oname);
7849 *rvalue = bvalue;
7850 return OK;
7851 }
7852 addr->message = string_sprintf("failed to expand \"%s\" in %s %s: %s",
7853 oname, mname, mtype, expand_string_message);
7854 DEBUG(dbg_opt) debug_printf("%s\n", addr->message);
7855 return DEFER;
7856 }
7857
7858 DEBUG(dbg_opt) debug_printf("expansion of \"%s\" yields \"%s\"\n", oname,
7859 expanded);
7860
7861 if (strcmpic(expanded, US"true") == 0 || strcmpic(expanded, US"yes") == 0)
7862 *rvalue = TRUE;
7863 else if (strcmpic(expanded, US"false") == 0 || strcmpic(expanded, US"no") == 0)
7864 *rvalue = FALSE;
7865 else
7866 {
7867 addr->message = string_sprintf("\"%s\" is not a valid value for the "
7868 "\"%s\" option in the %s %s", expanded, oname, mname, mtype);
7869 return DEFER;
7870 }
7871
7872 return OK;
7873 }
7874
7875
7876
7877 /* Avoid potentially exposing a password in a string about to be logged */
7878
7879 uschar *
7880 expand_hide_passwords(uschar * s)
7881 {
7882 return ( ( Ustrstr(s, "failed to expand") != NULL
7883 || Ustrstr(s, "expansion of ") != NULL
7884 )
7885 && ( Ustrstr(s, "mysql") != NULL
7886 || Ustrstr(s, "pgsql") != NULL
7887 || Ustrstr(s, "redis") != NULL
7888 || Ustrstr(s, "sqlite") != NULL
7889 || Ustrstr(s, "ldap:") != NULL
7890 || Ustrstr(s, "ldaps:") != NULL
7891 || Ustrstr(s, "ldapi:") != NULL
7892 || Ustrstr(s, "ldapdn:") != NULL
7893 || Ustrstr(s, "ldapm:") != NULL
7894 ) )
7895 ? US"Temporary internal error" : s;
7896 }
7897
7898
7899 /* Read given named file into big_buffer. Use for keying material etc.
7900 The content will have an ascii NUL appended.
7901
7902 Arguments:
7903 filename as it says
7904
7905 Return: pointer to buffer, or NULL on error.
7906 */
7907
7908 uschar *
7909 expand_file_big_buffer(const uschar * filename)
7910 {
7911 int fd, off = 0, len;
7912
7913 if ((fd = open(CS filename, O_RDONLY)) < 0)
7914 {
7915 log_write(0, LOG_MAIN | LOG_PANIC, "unable to open file for reading: %s",
7916 filename);
7917 return NULL;
7918 }
7919
7920 do
7921 {
7922 if ((len = read(fd, big_buffer + off, big_buffer_size - 2 - off)) < 0)
7923 {
7924 (void) close(fd);
7925 log_write(0, LOG_MAIN|LOG_PANIC, "unable to read file: %s", filename);
7926 return NULL;
7927 }
7928 off += len;
7929 }
7930 while (len > 0);
7931
7932 (void) close(fd);
7933 big_buffer[off] = '\0';
7934 return big_buffer;
7935 }
7936
7937
7938
7939 /*************************************************
7940 * Error-checking for testsuite *
7941 *************************************************/
7942 typedef struct {
7943 uschar * region_start;
7944 uschar * region_end;
7945 const uschar *var_name;
7946 const uschar *var_data;
7947 } err_ctx;
7948
7949 static void
7950 assert_variable_notin(uschar * var_name, uschar * var_data, void * ctx)
7951 {
7952 err_ctx * e = ctx;
7953 if (var_data >= e->region_start && var_data < e->region_end)
7954 {
7955 e->var_name = CUS var_name;
7956 e->var_data = CUS var_data;
7957 }
7958 }
7959
7960 void
7961 assert_no_variables(void * ptr, int len, const char * filename, int linenumber)
7962 {
7963 err_ctx e = { .region_start = ptr, .region_end = US ptr + len,
7964 .var_name = NULL, .var_data = NULL };
7965 int i;
7966 var_entry * v;
7967
7968 /* check acl_ variables */
7969 tree_walk(acl_var_c, assert_variable_notin, &e);
7970 tree_walk(acl_var_m, assert_variable_notin, &e);
7971
7972 /* check auth<n> variables */
7973 for (i = 0; i < AUTH_VARS; i++) if (auth_vars[i])
7974 assert_variable_notin(US"auth<n>", auth_vars[i], &e);
7975
7976 /* check regex<n> variables */
7977 for (i = 0; i < REGEX_VARS; i++) if (regex_vars[i])
7978 assert_variable_notin(US"regex<n>", regex_vars[i], &e);
7979
7980 /* check known-name variables */
7981 for (v = var_table; v < var_table + var_table_size; v++)
7982 if (v->type == vtype_stringptr)
7983 assert_variable_notin(US v->name, *(USS v->value), &e);
7984
7985 /* check dns and address trees */
7986 tree_walk(tree_dns_fails, assert_variable_notin, &e);
7987 tree_walk(tree_duplicates, assert_variable_notin, &e);
7988 tree_walk(tree_nonrecipients, assert_variable_notin, &e);
7989 tree_walk(tree_unusable, assert_variable_notin, &e);
7990
7991 if (e.var_name)
7992 log_write(0, LOG_MAIN|LOG_PANIC_DIE,
7993 "live variable '%s' destroyed by reset_store at %s:%d\n- value '%.64s'",
7994 e.var_name, filename, linenumber, e.var_data);
7995 }
7996
7997
7998
7999 /*************************************************
8000 **************************************************
8001 * Stand-alone test program *
8002 **************************************************
8003 *************************************************/
8004
8005 #ifdef STAND_ALONE
8006
8007
8008 BOOL
8009 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
8010 {
8011 int ovector[3*(EXPAND_MAXN+1)];
8012 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
8013 ovector, nelem(ovector));
8014 BOOL yield = n >= 0;
8015 if (n == 0) n = EXPAND_MAXN + 1;
8016 if (yield)
8017 {
8018 int nn;
8019 expand_nmax = (setup < 0)? 0 : setup + 1;
8020 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
8021 {
8022 expand_nstring[expand_nmax] = subject + ovector[nn];
8023 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
8024 }
8025 expand_nmax--;
8026 }
8027 return yield;
8028 }
8029
8030
8031 int main(int argc, uschar **argv)
8032 {
8033 int i;
8034 uschar buffer[1024];
8035
8036 debug_selector = D_v;
8037 debug_file = stderr;
8038 debug_fd = fileno(debug_file);
8039 big_buffer = malloc(big_buffer_size);
8040
8041 for (i = 1; i < argc; i++)
8042 {
8043 if (argv[i][0] == '+')
8044 {
8045 debug_trace_memory = 2;
8046 argv[i]++;
8047 }
8048 if (isdigit(argv[i][0]))
8049 debug_selector = Ustrtol(argv[i], NULL, 0);
8050 else
8051 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
8052 Ustrlen(argv[i]))
8053 {
8054 #ifdef LOOKUP_LDAP
8055 eldap_default_servers = argv[i];
8056 #endif
8057 #ifdef LOOKUP_MYSQL
8058 mysql_servers = argv[i];
8059 #endif
8060 #ifdef LOOKUP_PGSQL
8061 pgsql_servers = argv[i];
8062 #endif
8063 #ifdef LOOKUP_REDIS
8064 redis_servers = argv[i];
8065 #endif
8066 }
8067 #ifdef EXIM_PERL
8068 else opt_perl_startup = argv[i];
8069 #endif
8070 }
8071
8072 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
8073
8074 expand_nstring[1] = US"string 1....";
8075 expand_nlength[1] = 8;
8076 expand_nmax = 1;
8077
8078 #ifdef EXIM_PERL
8079 if (opt_perl_startup != NULL)
8080 {
8081 uschar *errstr;
8082 printf("Starting Perl interpreter\n");
8083 errstr = init_perl(opt_perl_startup);
8084 if (errstr != NULL)
8085 {
8086 printf("** error in perl_startup code: %s\n", errstr);
8087 return EXIT_FAILURE;
8088 }
8089 }
8090 #endif /* EXIM_PERL */
8091
8092 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
8093 {
8094 void *reset_point = store_get(0);
8095 uschar *yield = expand_string(buffer);
8096 if (yield != NULL)
8097 {
8098 printf("%s\n", yield);
8099 store_reset(reset_point);
8100 }
8101 else
8102 {
8103 if (search_find_defer) printf("search_find deferred\n");
8104 printf("Failed: %s\n", expand_string_message);
8105 if (expand_string_forcedfail) printf("Forced failure\n");
8106 printf("\n");
8107 }
8108 }
8109
8110 search_tidyup();
8111
8112 return 0;
8113 }
8114
8115 #endif
8116
8117 /* vi: aw ai sw=2
8118 */
8119 /* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.