Compiling with DomainKeys caused the test suite to show up some bugs:
[exim.git] / src / src / expand.c
1 /* $Cambridge: exim/src/src/expand.c,v 1.33 2005/06/20 13:58:22 ph10 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2005 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10
11 /* Functions for handling string expansion. */
12
13
14 #include "exim.h"
15
16 #ifdef STAND_ALONE
17 #ifndef SUPPORT_CRYPTEQ
18 #define SUPPORT_CRYPTEQ
19 #endif
20 #endif
21
22 #ifdef SUPPORT_CRYPTEQ
23 #ifdef CRYPT_H
24 #include <crypt.h>
25 #endif
26 #ifndef HAVE_CRYPT16
27 extern char* crypt16(char*, char*);
28 #endif
29 #endif
30
31 #ifdef LOOKUP_LDAP
32 #include "lookups/ldap.h"
33 #endif
34
35
36
37 /* Recursively called function */
38
39 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43 /*************************************************
44 * Local statics and tables *
45 *************************************************/
46
47 /* Table of item names, and corresponding switch numbers. The names must be in
48 alphabetical order. */
49
50 static uschar *item_table[] = {
51 US"dlfunc",
52 US"extract",
53 US"hash",
54 US"hmac",
55 US"if",
56 US"length",
57 US"lookup",
58 US"nhash",
59 US"perl",
60 US"prvs",
61 US"prvscheck",
62 US"readfile",
63 US"readsocket",
64 US"run",
65 US"sg",
66 US"substr",
67 US"tr" };
68
69 enum {
70 EITEM_DLFUNC,
71 EITEM_EXTRACT,
72 EITEM_HASH,
73 EITEM_HMAC,
74 EITEM_IF,
75 EITEM_LENGTH,
76 EITEM_LOOKUP,
77 EITEM_NHASH,
78 EITEM_PERL,
79 EITEM_PRVS,
80 EITEM_PRVSCHECK,
81 EITEM_READFILE,
82 EITEM_READSOCK,
83 EITEM_RUN,
84 EITEM_SG,
85 EITEM_SUBSTR,
86 EITEM_TR };
87
88 /* Tables of operator names, and corresponding switch numbers. The names must be
89 in alphabetical order. There are two tables, because underscore is used in some
90 cases to introduce arguments, whereas for other it is part of the name. This is
91 an historical mis-design. */
92
93 static uschar *op_table_underscore[] = {
94 US"from_utf8",
95 US"local_part",
96 US"quote_local_part",
97 US"time_interval"};
98
99 enum {
100 EOP_FROM_UTF8,
101 EOP_LOCAL_PART,
102 EOP_QUOTE_LOCAL_PART,
103 EOP_TIME_INTERVAL };
104
105 static uschar *op_table_main[] = {
106 US"address",
107 US"base62",
108 US"base62d",
109 US"domain",
110 US"escape",
111 US"eval",
112 US"eval10",
113 US"expand",
114 US"h",
115 US"hash",
116 US"hex2b64",
117 US"l",
118 US"lc",
119 US"length",
120 US"mask",
121 US"md5",
122 US"nh",
123 US"nhash",
124 US"quote",
125 US"rfc2047",
126 US"rxquote",
127 US"s",
128 US"sha1",
129 US"stat",
130 US"str2b64",
131 US"strlen",
132 US"substr",
133 US"uc" };
134
135 enum {
136 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
137 EOP_BASE62,
138 EOP_BASE62D,
139 EOP_DOMAIN,
140 EOP_ESCAPE,
141 EOP_EVAL,
142 EOP_EVAL10,
143 EOP_EXPAND,
144 EOP_H,
145 EOP_HASH,
146 EOP_HEX2B64,
147 EOP_L,
148 EOP_LC,
149 EOP_LENGTH,
150 EOP_MASK,
151 EOP_MD5,
152 EOP_NH,
153 EOP_NHASH,
154 EOP_QUOTE,
155 EOP_RFC2047,
156 EOP_RXQUOTE,
157 EOP_S,
158 EOP_SHA1,
159 EOP_STAT,
160 EOP_STR2B64,
161 EOP_STRLEN,
162 EOP_SUBSTR,
163 EOP_UC };
164
165
166 /* Table of condition names, and corresponding switch numbers. The names must
167 be in alphabetical order. */
168
169 static uschar *cond_table[] = {
170 US"<",
171 US"<=",
172 US"=",
173 US"==", /* Backward compatibility */
174 US">",
175 US">=",
176 US"and",
177 US"crypteq",
178 US"def",
179 US"eq",
180 US"eqi",
181 US"exists",
182 US"first_delivery",
183 US"ge",
184 US"gei",
185 US"gt",
186 US"gti",
187 US"isip",
188 US"isip4",
189 US"isip6",
190 US"ldapauth",
191 US"le",
192 US"lei",
193 US"lt",
194 US"lti",
195 US"match",
196 US"match_address",
197 US"match_domain",
198 US"match_local_part",
199 US"or",
200 US"pam",
201 US"pwcheck",
202 US"queue_running",
203 US"radius",
204 US"saslauthd"
205 };
206
207 enum {
208 ECOND_NUM_L,
209 ECOND_NUM_LE,
210 ECOND_NUM_E,
211 ECOND_NUM_EE,
212 ECOND_NUM_G,
213 ECOND_NUM_GE,
214 ECOND_AND,
215 ECOND_CRYPTEQ,
216 ECOND_DEF,
217 ECOND_STR_EQ,
218 ECOND_STR_EQI,
219 ECOND_EXISTS,
220 ECOND_FIRST_DELIVERY,
221 ECOND_STR_GE,
222 ECOND_STR_GEI,
223 ECOND_STR_GT,
224 ECOND_STR_GTI,
225 ECOND_ISIP,
226 ECOND_ISIP4,
227 ECOND_ISIP6,
228 ECOND_LDAPAUTH,
229 ECOND_STR_LE,
230 ECOND_STR_LEI,
231 ECOND_STR_LT,
232 ECOND_STR_LTI,
233 ECOND_MATCH,
234 ECOND_MATCH_ADDRESS,
235 ECOND_MATCH_DOMAIN,
236 ECOND_MATCH_LOCAL_PART,
237 ECOND_OR,
238 ECOND_PAM,
239 ECOND_PWCHECK,
240 ECOND_QUEUE_RUNNING,
241 ECOND_RADIUS,
242 ECOND_SASLAUTHD
243 };
244
245
246 /* Type for main variable table */
247
248 typedef struct {
249 char *name;
250 int type;
251 void *value;
252 } var_entry;
253
254 /* Type for entries pointing to address/length pairs. Not currently
255 in use. */
256
257 typedef struct {
258 uschar **address;
259 int *length;
260 } alblock;
261
262 /* Types of table entry */
263
264 enum {
265 vtype_int, /* value is address of int */
266 vtype_filter_int, /* ditto, but recognized only when filtering */
267 vtype_ino, /* value is address of ino_t (not always an int) */
268 vtype_uid, /* value is address of uid_t (not always an int) */
269 vtype_gid, /* value is address of gid_t (not always an int) */
270 vtype_stringptr, /* value is address of pointer to string */
271 vtype_msgbody, /* as stringptr, but read when first required */
272 vtype_msgbody_end, /* ditto, the end of the message */
273 vtype_msgheaders, /* the message's headers */
274 vtype_localpart, /* extract local part from string */
275 vtype_domain, /* extract domain from string */
276 vtype_recipients, /* extract recipients from recipients list */
277 /* (enabled only during system filtering */
278 vtype_todbsdin, /* value not used; generate BSD inbox tod */
279 vtype_tode, /* value not used; generate tod in epoch format */
280 vtype_todf, /* value not used; generate full tod */
281 vtype_todl, /* value not used; generate log tod */
282 vtype_todlf, /* value not used; generate log file datestamp tod */
283 vtype_todzone, /* value not used; generate time zone only */
284 vtype_todzulu, /* value not used; generate zulu tod */
285 vtype_reply, /* value not used; get reply from headers */
286 vtype_pid, /* value not used; result is pid */
287 vtype_host_lookup, /* value not used; get host name */
288 vtype_load_avg, /* value not used; result is int from os_getloadavg */
289 vtype_pspace, /* partition space; value is T/F for spool/log */
290 vtype_pinodes /* partition inodes; value is T/F for spool/log */
291 #ifdef EXPERIMENTAL_DOMAINKEYS
292 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
293 #endif
294 };
295
296 /* This table must be kept in alphabetical order. */
297
298 static var_entry var_table[] = {
299 { "acl_c0", vtype_stringptr, &acl_var[0] },
300 { "acl_c1", vtype_stringptr, &acl_var[1] },
301 { "acl_c2", vtype_stringptr, &acl_var[2] },
302 { "acl_c3", vtype_stringptr, &acl_var[3] },
303 { "acl_c4", vtype_stringptr, &acl_var[4] },
304 { "acl_c5", vtype_stringptr, &acl_var[5] },
305 { "acl_c6", vtype_stringptr, &acl_var[6] },
306 { "acl_c7", vtype_stringptr, &acl_var[7] },
307 { "acl_c8", vtype_stringptr, &acl_var[8] },
308 { "acl_c9", vtype_stringptr, &acl_var[9] },
309 { "acl_m0", vtype_stringptr, &acl_var[10] },
310 { "acl_m1", vtype_stringptr, &acl_var[11] },
311 { "acl_m2", vtype_stringptr, &acl_var[12] },
312 { "acl_m3", vtype_stringptr, &acl_var[13] },
313 { "acl_m4", vtype_stringptr, &acl_var[14] },
314 { "acl_m5", vtype_stringptr, &acl_var[15] },
315 { "acl_m6", vtype_stringptr, &acl_var[16] },
316 { "acl_m7", vtype_stringptr, &acl_var[17] },
317 { "acl_m8", vtype_stringptr, &acl_var[18] },
318 { "acl_m9", vtype_stringptr, &acl_var[19] },
319 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
320 { "address_data", vtype_stringptr, &deliver_address_data },
321 { "address_file", vtype_stringptr, &address_file },
322 { "address_pipe", vtype_stringptr, &address_pipe },
323 { "authenticated_id", vtype_stringptr, &authenticated_id },
324 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
325 { "authentication_failed",vtype_int, &authentication_failed },
326 #ifdef EXPERIMENTAL_BRIGHTMAIL
327 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
328 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
329 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
330 { "bmi_deliver", vtype_int, &bmi_deliver },
331 #endif
332 { "body_linecount", vtype_int, &body_linecount },
333 { "body_zerocount", vtype_int, &body_zerocount },
334 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
335 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
336 { "caller_gid", vtype_gid, &real_gid },
337 { "caller_uid", vtype_uid, &real_uid },
338 { "compile_date", vtype_stringptr, &version_date },
339 { "compile_number", vtype_stringptr, &version_cnumber },
340 { "csa_status", vtype_stringptr, &csa_status },
341 #ifdef WITH_OLD_DEMIME
342 { "demime_errorlevel", vtype_int, &demime_errorlevel },
343 { "demime_reason", vtype_stringptr, &demime_reason },
344 #endif
345 #ifdef EXPERIMENTAL_DOMAINKEYS
346 { "dk_domain", vtype_stringptr, &dk_signing_domain },
347 { "dk_is_signed", vtype_dk_verify, NULL },
348 { "dk_result", vtype_dk_verify, NULL },
349 { "dk_selector", vtype_stringptr, &dk_signing_selector },
350 { "dk_sender", vtype_dk_verify, NULL },
351 { "dk_sender_domain", vtype_dk_verify, NULL },
352 { "dk_sender_local_part",vtype_dk_verify, NULL },
353 { "dk_sender_source", vtype_dk_verify, NULL },
354 { "dk_signsall", vtype_dk_verify, NULL },
355 { "dk_status", vtype_dk_verify, NULL },
356 { "dk_testing", vtype_dk_verify, NULL },
357 #endif
358 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
359 { "dnslist_text", vtype_stringptr, &dnslist_text },
360 { "dnslist_value", vtype_stringptr, &dnslist_value },
361 { "domain", vtype_stringptr, &deliver_domain },
362 { "domain_data", vtype_stringptr, &deliver_domain_data },
363 { "exim_gid", vtype_gid, &exim_gid },
364 { "exim_path", vtype_stringptr, &exim_path },
365 { "exim_uid", vtype_uid, &exim_uid },
366 #ifdef WITH_OLD_DEMIME
367 { "found_extension", vtype_stringptr, &found_extension },
368 #endif
369 { "home", vtype_stringptr, &deliver_home },
370 { "host", vtype_stringptr, &deliver_host },
371 { "host_address", vtype_stringptr, &deliver_host_address },
372 { "host_data", vtype_stringptr, &host_data },
373 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
374 { "host_lookup_failed", vtype_int, &host_lookup_failed },
375 { "inode", vtype_ino, &deliver_inode },
376 { "interface_address", vtype_stringptr, &interface_address },
377 { "interface_port", vtype_int, &interface_port },
378 #ifdef LOOKUP_LDAP
379 { "ldap_dn", vtype_stringptr, &eldap_dn },
380 #endif
381 { "load_average", vtype_load_avg, NULL },
382 { "local_part", vtype_stringptr, &deliver_localpart },
383 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
384 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
385 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
386 { "local_scan_data", vtype_stringptr, &local_scan_data },
387 { "local_user_gid", vtype_gid, &local_user_gid },
388 { "local_user_uid", vtype_uid, &local_user_uid },
389 { "localhost_number", vtype_int, &host_number },
390 { "log_inodes", vtype_pinodes, (void *)FALSE },
391 { "log_space", vtype_pspace, (void *)FALSE },
392 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
393 #ifdef WITH_CONTENT_SCAN
394 { "malware_name", vtype_stringptr, &malware_name },
395 #endif
396 { "message_age", vtype_int, &message_age },
397 { "message_body", vtype_msgbody, &message_body },
398 { "message_body_end", vtype_msgbody_end, &message_body_end },
399 { "message_body_size", vtype_int, &message_body_size },
400 { "message_headers", vtype_msgheaders, NULL },
401 { "message_id", vtype_stringptr, &message_id },
402 { "message_linecount", vtype_int, &message_linecount },
403 { "message_size", vtype_int, &message_size },
404 #ifdef WITH_CONTENT_SCAN
405 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
406 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
407 { "mime_boundary", vtype_stringptr, &mime_boundary },
408 { "mime_charset", vtype_stringptr, &mime_charset },
409 { "mime_content_description", vtype_stringptr, &mime_content_description },
410 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
411 { "mime_content_id", vtype_stringptr, &mime_content_id },
412 { "mime_content_size", vtype_int, &mime_content_size },
413 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
414 { "mime_content_type", vtype_stringptr, &mime_content_type },
415 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
416 { "mime_filename", vtype_stringptr, &mime_filename },
417 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
418 { "mime_is_multipart", vtype_int, &mime_is_multipart },
419 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
420 { "mime_part_count", vtype_int, &mime_part_count },
421 #endif
422 { "n0", vtype_filter_int, &filter_n[0] },
423 { "n1", vtype_filter_int, &filter_n[1] },
424 { "n2", vtype_filter_int, &filter_n[2] },
425 { "n3", vtype_filter_int, &filter_n[3] },
426 { "n4", vtype_filter_int, &filter_n[4] },
427 { "n5", vtype_filter_int, &filter_n[5] },
428 { "n6", vtype_filter_int, &filter_n[6] },
429 { "n7", vtype_filter_int, &filter_n[7] },
430 { "n8", vtype_filter_int, &filter_n[8] },
431 { "n9", vtype_filter_int, &filter_n[9] },
432 { "original_domain", vtype_stringptr, &deliver_domain_orig },
433 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
434 { "originator_gid", vtype_gid, &originator_gid },
435 { "originator_uid", vtype_uid, &originator_uid },
436 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
437 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
438 { "pid", vtype_pid, NULL },
439 { "primary_hostname", vtype_stringptr, &primary_hostname },
440 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
441 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
442 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
443 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
444 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
445 { "rcpt_count", vtype_int, &rcpt_count },
446 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
447 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
448 { "received_count", vtype_int, &received_count },
449 { "received_for", vtype_stringptr, &received_for },
450 { "received_protocol", vtype_stringptr, &received_protocol },
451 { "received_time", vtype_int, &received_time },
452 { "recipient_data", vtype_stringptr, &recipient_data },
453 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
454 { "recipients", vtype_recipients, NULL },
455 { "recipients_count", vtype_int, &recipients_count },
456 #ifdef WITH_CONTENT_SCAN
457 { "regex_match_string", vtype_stringptr, &regex_match_string },
458 #endif
459 { "reply_address", vtype_reply, NULL },
460 { "return_path", vtype_stringptr, &return_path },
461 { "return_size_limit", vtype_int, &bounce_return_size_limit },
462 { "runrc", vtype_int, &runrc },
463 { "self_hostname", vtype_stringptr, &self_hostname },
464 { "sender_address", vtype_stringptr, &sender_address },
465 { "sender_address_data", vtype_stringptr, &sender_address_data },
466 { "sender_address_domain", vtype_domain, &sender_address },
467 { "sender_address_local_part", vtype_localpart, &sender_address },
468 { "sender_data", vtype_stringptr, &sender_data },
469 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
470 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
471 { "sender_host_address", vtype_stringptr, &sender_host_address },
472 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
473 { "sender_host_name", vtype_host_lookup, NULL },
474 { "sender_host_port", vtype_int, &sender_host_port },
475 { "sender_ident", vtype_stringptr, &sender_ident },
476 { "sender_rate", vtype_stringptr, &sender_rate },
477 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
478 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
479 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
480 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
481 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
482 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
483 { "sn0", vtype_filter_int, &filter_sn[0] },
484 { "sn1", vtype_filter_int, &filter_sn[1] },
485 { "sn2", vtype_filter_int, &filter_sn[2] },
486 { "sn3", vtype_filter_int, &filter_sn[3] },
487 { "sn4", vtype_filter_int, &filter_sn[4] },
488 { "sn5", vtype_filter_int, &filter_sn[5] },
489 { "sn6", vtype_filter_int, &filter_sn[6] },
490 { "sn7", vtype_filter_int, &filter_sn[7] },
491 { "sn8", vtype_filter_int, &filter_sn[8] },
492 { "sn9", vtype_filter_int, &filter_sn[9] },
493 #ifdef WITH_CONTENT_SCAN
494 { "spam_bar", vtype_stringptr, &spam_bar },
495 { "spam_report", vtype_stringptr, &spam_report },
496 { "spam_score", vtype_stringptr, &spam_score },
497 { "spam_score_int", vtype_stringptr, &spam_score_int },
498 #endif
499 #ifdef EXPERIMENTAL_SPF
500 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
501 { "spf_received", vtype_stringptr, &spf_received },
502 { "spf_result", vtype_stringptr, &spf_result },
503 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
504 #endif
505 { "spool_directory", vtype_stringptr, &spool_directory },
506 { "spool_inodes", vtype_pinodes, (void *)TRUE },
507 { "spool_space", vtype_pspace, (void *)TRUE },
508 #ifdef EXPERIMENTAL_SRS
509 { "srs_db_address", vtype_stringptr, &srs_db_address },
510 { "srs_db_key", vtype_stringptr, &srs_db_key },
511 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
512 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
513 { "srs_recipient", vtype_stringptr, &srs_recipient },
514 { "srs_status", vtype_stringptr, &srs_status },
515 #endif
516 { "thisaddress", vtype_stringptr, &filter_thisaddress },
517 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
518 { "tls_cipher", vtype_stringptr, &tls_cipher },
519 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
520 { "tod_bsdinbox", vtype_todbsdin, NULL },
521 { "tod_epoch", vtype_tode, NULL },
522 { "tod_full", vtype_todf, NULL },
523 { "tod_log", vtype_todl, NULL },
524 { "tod_logfile", vtype_todlf, NULL },
525 { "tod_zone", vtype_todzone, NULL },
526 { "tod_zulu", vtype_todzulu, NULL },
527 { "value", vtype_stringptr, &lookup_value },
528 { "version_number", vtype_stringptr, &version_string },
529 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
530 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
531 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
532 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
533 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
534 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
535 };
536
537 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
538 static uschar var_buffer[256];
539 static BOOL malformed_header;
540
541 /* For textual hashes */
542
543 static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
544 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
545 "0123456789";
546
547 enum { HMAC_MD5, HMAC_SHA1 };
548
549 /* For numeric hashes */
550
551 static unsigned int prime[] = {
552 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
553 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
554 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
555
556 /* For printing modes in symbolic form */
557
558 static uschar *mtable_normal[] =
559 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
560
561 static uschar *mtable_setid[] =
562 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
563
564 static uschar *mtable_sticky[] =
565 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
566
567
568
569 /*************************************************
570 * Tables for UTF-8 support *
571 *************************************************/
572
573 /* Table of the number of extra characters, indexed by the first character
574 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
575 0x3d. */
576
577 static uschar utf8_table1[] = {
578 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
579 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
580 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
581 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
582
583 /* These are the masks for the data bits in the first byte of a character,
584 indexed by the number of additional bytes. */
585
586 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
587
588 /* Get the next UTF-8 character, advancing the pointer. */
589
590 #define GETUTF8INC(c, ptr) \
591 c = *ptr++; \
592 if ((c & 0xc0) == 0xc0) \
593 { \
594 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
595 int s = 6*a; \
596 c = (c & utf8_table2[a]) << s; \
597 while (a-- > 0) \
598 { \
599 s -= 6; \
600 c |= (*ptr++ & 0x3f) << s; \
601 } \
602 }
603
604
605 /*************************************************
606 * Binary chop search on a table *
607 *************************************************/
608
609 /* This is used for matching expansion items and operators.
610
611 Arguments:
612 name the name that is being sought
613 table the table to search
614 table_size the number of items in the table
615
616 Returns: the offset in the table, or -1
617 */
618
619 static int
620 chop_match(uschar *name, uschar **table, int table_size)
621 {
622 uschar **bot = table;
623 uschar **top = table + table_size;
624
625 while (top > bot)
626 {
627 uschar **mid = bot + (top - bot)/2;
628 int c = Ustrcmp(name, *mid);
629 if (c == 0) return mid - table;
630 if (c > 0) bot = mid + 1; else top = mid;
631 }
632
633 return -1;
634 }
635
636
637
638 /*************************************************
639 * Check a condition string *
640 *************************************************/
641
642 /* This function is called to expand a string, and test the result for a "true"
643 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
644 forced fail or lookup defer. All store used by the function can be released on
645 exit.
646
647 Arguments:
648 condition the condition string
649 m1 text to be incorporated in panic error
650 m2 ditto
651
652 Returns: TRUE if condition is met, FALSE if not
653 */
654
655 BOOL
656 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
657 {
658 int rc;
659 void *reset_point = store_get(0);
660 uschar *ss = expand_string(condition);
661 if (ss == NULL)
662 {
663 if (!expand_string_forcedfail && !search_find_defer)
664 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
665 "for %s %s: %s", condition, m1, m2, expand_string_message);
666 return FALSE;
667 }
668 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
669 strcmpic(ss, US"false") != 0;
670 store_reset(reset_point);
671 return rc;
672 }
673
674
675
676 /*************************************************
677 * Pick out a name from a string *
678 *************************************************/
679
680 /* If the name is too long, it is silently truncated.
681
682 Arguments:
683 name points to a buffer into which to put the name
684 max is the length of the buffer
685 s points to the first alphabetic character of the name
686 extras chars other than alphanumerics to permit
687
688 Returns: pointer to the first character after the name
689
690 Note: The test for *s != 0 in the while loop is necessary because
691 Ustrchr() yields non-NULL if the character is zero (which is not something
692 I expected). */
693
694 static uschar *
695 read_name(uschar *name, int max, uschar *s, uschar *extras)
696 {
697 int ptr = 0;
698 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
699 {
700 if (ptr < max-1) name[ptr++] = *s;
701 s++;
702 }
703 name[ptr] = 0;
704 return s;
705 }
706
707
708
709 /*************************************************
710 * Pick out the rest of a header name *
711 *************************************************/
712
713 /* A variable name starting $header_ (or just $h_ for those who like
714 abbreviations) might not be the complete header name because headers can
715 contain any printing characters in their names, except ':'. This function is
716 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
717 on the end, if the name was terminated by white space.
718
719 Arguments:
720 name points to a buffer in which the name read so far exists
721 max is the length of the buffer
722 s points to the first character after the name so far, i.e. the
723 first non-alphameric character after $header_xxxxx
724
725 Returns: a pointer to the first character after the header name
726 */
727
728 static uschar *
729 read_header_name(uschar *name, int max, uschar *s)
730 {
731 int prelen = Ustrchr(name, '_') - name + 1;
732 int ptr = Ustrlen(name) - prelen;
733 if (ptr > 0) memmove(name, name+prelen, ptr);
734 while (mac_isgraph(*s) && *s != ':')
735 {
736 if (ptr < max-1) name[ptr++] = *s;
737 s++;
738 }
739 if (*s == ':') s++;
740 name[ptr++] = ':';
741 name[ptr] = 0;
742 return s;
743 }
744
745
746
747 /*************************************************
748 * Pick out a number from a string *
749 *************************************************/
750
751 /* Arguments:
752 n points to an integer into which to put the number
753 s points to the first digit of the number
754
755 Returns: a pointer to the character after the last digit
756 */
757
758 static uschar *
759 read_number(int *n, uschar *s)
760 {
761 *n = 0;
762 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
763 return s;
764 }
765
766
767
768 /*************************************************
769 * Extract keyed subfield from a string *
770 *************************************************/
771
772 /* The yield is in dynamic store; NULL means that the key was not found.
773
774 Arguments:
775 key points to the name of the key
776 s points to the string from which to extract the subfield
777
778 Returns: NULL if the subfield was not found, or
779 a pointer to the subfield's data
780 */
781
782 static uschar *
783 expand_getkeyed(uschar *key, uschar *s)
784 {
785 int length = Ustrlen(key);
786 while (isspace(*s)) s++;
787
788 /* Loop to search for the key */
789
790 while (*s != 0)
791 {
792 int dkeylength;
793 uschar *data;
794 uschar *dkey = s;
795
796 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
797 dkeylength = s - dkey;
798 while (isspace(*s)) s++;
799 if (*s == '=') while (isspace((*(++s))));
800
801 data = string_dequote(&s);
802 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
803 return data;
804
805 while (isspace(*s)) s++;
806 }
807
808 return NULL;
809 }
810
811
812
813
814 /*************************************************
815 * Extract numbered subfield from string *
816 *************************************************/
817
818 /* Extracts a numbered field from a string that is divided by tokens - for
819 example a line from /etc/passwd is divided by colon characters. First field is
820 numbered one. Negative arguments count from the right. Zero returns the whole
821 string. Returns NULL if there are insufficient tokens in the string
822
823 ***WARNING***
824 Modifies final argument - this is a dynamically generated string, so that's OK.
825
826 Arguments:
827 field number of field to be extracted,
828 first field = 1, whole string = 0, last field = -1
829 separators characters that are used to break string into tokens
830 s points to the string from which to extract the subfield
831
832 Returns: NULL if the field was not found,
833 a pointer to the field's data inside s (modified to add 0)
834 */
835
836 static uschar *
837 expand_gettokened (int field, uschar *separators, uschar *s)
838 {
839 int sep = 1;
840 int count;
841 uschar *ss = s;
842 uschar *fieldtext = NULL;
843
844 if (field == 0) return s;
845
846 /* Break the line up into fields in place; for field > 0 we stop when we have
847 done the number of fields we want. For field < 0 we continue till the end of
848 the string, counting the number of fields. */
849
850 count = (field > 0)? field : INT_MAX;
851
852 while (count-- > 0)
853 {
854 size_t len;
855
856 /* Previous field was the last one in the string. For a positive field
857 number, this means there are not enough fields. For a negative field number,
858 check that there are enough, and scan back to find the one that is wanted. */
859
860 if (sep == 0)
861 {
862 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
863 if ((-field) == (INT_MAX - count - 1)) return s;
864 while (field++ < 0)
865 {
866 ss--;
867 while (ss[-1] != 0) ss--;
868 }
869 fieldtext = ss;
870 break;
871 }
872
873 /* Previous field was not last in the string; save its start and put a
874 zero at its end. */
875
876 fieldtext = ss;
877 len = Ustrcspn(ss, separators);
878 sep = ss[len];
879 ss[len] = 0;
880 ss += len + 1;
881 }
882
883 return fieldtext;
884 }
885
886
887
888 /*************************************************
889 * Extract a substring from a string *
890 *************************************************/
891
892 /* Perform the ${substr or ${length expansion operations.
893
894 Arguments:
895 subject the input string
896 value1 the offset from the start of the input string to the start of
897 the output string; if negative, count from the right.
898 value2 the length of the output string, or negative (-1) for unset
899 if value1 is positive, unset means "all after"
900 if value1 is negative, unset means "all before"
901 len set to the length of the returned string
902
903 Returns: pointer to the output string, or NULL if there is an error
904 */
905
906 static uschar *
907 extract_substr(uschar *subject, int value1, int value2, int *len)
908 {
909 int sublen = Ustrlen(subject);
910
911 if (value1 < 0) /* count from right */
912 {
913 value1 += sublen;
914
915 /* If the position is before the start, skip to the start, and adjust the
916 length. If the length ends up negative, the substring is null because nothing
917 can precede. This falls out naturally when the length is unset, meaning "all
918 to the left". */
919
920 if (value1 < 0)
921 {
922 value2 += value1;
923 if (value2 < 0) value2 = 0;
924 value1 = 0;
925 }
926
927 /* Otherwise an unset length => characters before value1 */
928
929 else if (value2 < 0)
930 {
931 value2 = value1;
932 value1 = 0;
933 }
934 }
935
936 /* For a non-negative offset, if the starting position is past the end of the
937 string, the result will be the null string. Otherwise, an unset length means
938 "rest"; just set it to the maximum - it will be cut down below if necessary. */
939
940 else
941 {
942 if (value1 > sublen)
943 {
944 value1 = sublen;
945 value2 = 0;
946 }
947 else if (value2 < 0) value2 = sublen;
948 }
949
950 /* Cut the length down to the maximum possible for the offset value, and get
951 the required characters. */
952
953 if (value1 + value2 > sublen) value2 = sublen - value1;
954 *len = value2;
955 return subject + value1;
956 }
957
958
959
960
961 /*************************************************
962 * Old-style hash of a string *
963 *************************************************/
964
965 /* Perform the ${hash expansion operation.
966
967 Arguments:
968 subject the input string (an expanded substring)
969 value1 the length of the output string; if greater or equal to the
970 length of the input string, the input string is returned
971 value2 the number of hash characters to use, or 26 if negative
972 len set to the length of the returned string
973
974 Returns: pointer to the output string, or NULL if there is an error
975 */
976
977 static uschar *
978 compute_hash(uschar *subject, int value1, int value2, int *len)
979 {
980 int sublen = Ustrlen(subject);
981
982 if (value2 < 0) value2 = 26;
983 else if (value2 > Ustrlen(hashcodes))
984 {
985 expand_string_message =
986 string_sprintf("hash count \"%d\" too big", value2);
987 return NULL;
988 }
989
990 /* Calculate the hash text. We know it is shorter than the original string, so
991 can safely place it in subject[] (we know that subject is always itself an
992 expanded substring). */
993
994 if (value1 < sublen)
995 {
996 int c;
997 int i = 0;
998 int j = value1;
999 while ((c = (subject[j])) != 0)
1000 {
1001 int shift = (c + j++) & 7;
1002 subject[i] ^= (c << shift) | (c >> (8-shift));
1003 if (++i >= value1) i = 0;
1004 }
1005 for (i = 0; i < value1; i++)
1006 subject[i] = hashcodes[(subject[i]) % value2];
1007 }
1008 else value1 = sublen;
1009
1010 *len = value1;
1011 return subject;
1012 }
1013
1014
1015
1016
1017 /*************************************************
1018 * Numeric hash of a string *
1019 *************************************************/
1020
1021 /* Perform the ${nhash expansion operation. The first characters of the
1022 string are treated as most important, and get the highest prime numbers.
1023
1024 Arguments:
1025 subject the input string
1026 value1 the maximum value of the first part of the result
1027 value2 the maximum value of the second part of the result,
1028 or negative to produce only a one-part result
1029 len set to the length of the returned string
1030
1031 Returns: pointer to the output string, or NULL if there is an error.
1032 */
1033
1034 static uschar *
1035 compute_nhash (uschar *subject, int value1, int value2, int *len)
1036 {
1037 uschar *s = subject;
1038 int i = 0;
1039 unsigned long int total = 0; /* no overflow */
1040
1041 while (*s != 0)
1042 {
1043 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1044 total += prime[i--] * (unsigned int)(*s++);
1045 }
1046
1047 /* If value2 is unset, just compute one number */
1048
1049 if (value2 < 0)
1050 {
1051 s = string_sprintf("%d", total % value1);
1052 }
1053
1054 /* Otherwise do a div/mod hash */
1055
1056 else
1057 {
1058 total = total % (value1 * value2);
1059 s = string_sprintf("%d/%d", total/value2, total % value2);
1060 }
1061
1062 *len = Ustrlen(s);
1063 return s;
1064 }
1065
1066
1067
1068
1069
1070 /*************************************************
1071 * Find the value of a header or headers *
1072 *************************************************/
1073
1074 /* Multiple instances of the same header get concatenated, and this function
1075 can also return a concatenation of all the header lines. When concatenating
1076 specific headers that contain lists of addresses, a comma is inserted between
1077 them. Otherwise we use a straight concatenation. Because some messages can have
1078 pathologically large number of lines, there is a limit on the length that is
1079 returned. Also, to avoid massive store use which would result from using
1080 string_cat() as it copies and extends strings, we do a preliminary pass to find
1081 out exactly how much store will be needed. On "normal" messages this will be
1082 pretty trivial.
1083
1084 Arguments:
1085 name the name of the header, without the leading $header_ or $h_,
1086 or NULL if a concatenation of all headers is required
1087 exists_only TRUE if called from a def: test; don't need to build a string;
1088 just return a string that is not "" and not "0" if the header
1089 exists
1090 newsize return the size of memory block that was obtained; may be NULL
1091 if exists_only is TRUE
1092 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1093 other than concatenating, will be done on the header
1094 charset name of charset to translate MIME words to; used only if
1095 want_raw is false; if NULL, no translation is done (this is
1096 used for $bh_ and $bheader_)
1097
1098 Returns: NULL if the header does not exist, else a pointer to a new
1099 store block
1100 */
1101
1102 static uschar *
1103 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1104 uschar *charset)
1105 {
1106 BOOL found = name == NULL;
1107 int comma = 0;
1108 int len = found? 0 : Ustrlen(name);
1109 int i;
1110 uschar *yield = NULL;
1111 uschar *ptr = NULL;
1112
1113 /* Loop for two passes - saves code repetition */
1114
1115 for (i = 0; i < 2; i++)
1116 {
1117 int size = 0;
1118 header_line *h;
1119
1120 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1121 {
1122 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1123 {
1124 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1125 {
1126 int ilen;
1127 uschar *t;
1128
1129 if (exists_only) return US"1"; /* don't need actual string */
1130 found = TRUE;
1131 t = h->text + len; /* text to insert */
1132 if (!want_raw) /* unless wanted raw, */
1133 while (isspace(*t)) t++; /* remove leading white space */
1134 ilen = h->slen - (t - h->text); /* length to insert */
1135
1136 /* Set comma = 1 if handling a single header and it's one of those
1137 that contains an address list, except when asked for raw headers. Only
1138 need to do this once. */
1139
1140 if (!want_raw && name != NULL && comma == 0 &&
1141 Ustrchr("BCFRST", h->type) != NULL)
1142 comma = 1;
1143
1144 /* First pass - compute total store needed; second pass - compute
1145 total store used, including this header. */
1146
1147 size += ilen + comma;
1148
1149 /* Second pass - concatentate the data, up to a maximum. Note that
1150 the loop stops when size hits the limit. */
1151
1152 if (i != 0)
1153 {
1154 if (size > header_insert_maxlen)
1155 {
1156 ilen -= size - header_insert_maxlen;
1157 comma = 0;
1158 }
1159 Ustrncpy(ptr, t, ilen);
1160 ptr += ilen;
1161 if (comma != 0 && ilen > 0)
1162 {
1163 ptr[-1] = ',';
1164 *ptr++ = '\n';
1165 }
1166 }
1167 }
1168 }
1169 }
1170
1171 /* At end of first pass, truncate size if necessary, and get the buffer
1172 to hold the data, returning the buffer size. */
1173
1174 if (i == 0)
1175 {
1176 if (!found) return NULL;
1177 if (size > header_insert_maxlen) size = header_insert_maxlen;
1178 *newsize = size + 1;
1179 ptr = yield = store_get(*newsize);
1180 }
1181 }
1182
1183 /* Remove a redundant added comma if present */
1184
1185 if (comma != 0 && ptr > yield) ptr -= 2;
1186
1187 /* That's all we do for raw header expansion. */
1188
1189 if (want_raw)
1190 {
1191 *ptr = 0;
1192 }
1193
1194 /* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
1195 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1196 function can return an error with decoded data if the charset translation
1197 fails. If decoding fails, it returns NULL. */
1198
1199 else
1200 {
1201 uschar *decoded, *error;
1202 while (ptr > yield && isspace(ptr[-1])) ptr--;
1203 *ptr = 0;
1204 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1205 if (error != NULL)
1206 {
1207 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1208 " input was: %s\n", error, yield);
1209 }
1210 if (decoded != NULL) yield = decoded;
1211 }
1212
1213 return yield;
1214 }
1215
1216
1217
1218
1219 /*************************************************
1220 * Find value of a variable *
1221 *************************************************/
1222
1223 /* The table of variables is kept in alphabetic order, so we can search it
1224 using a binary chop. The "choplen" variable is nothing to do with the binary
1225 chop.
1226
1227 Arguments:
1228 name the name of the variable being sought
1229 exists_only TRUE if this is a def: test; passed on to find_header()
1230 skipping TRUE => skip any processing evaluation; this is not the same as
1231 exists_only because def: may test for values that are first
1232 evaluated here
1233 newsize pointer to an int which is initially zero; if the answer is in
1234 a new memory buffer, *newsize is set to its size
1235
1236 Returns: NULL if the variable does not exist, or
1237 a pointer to the variable's contents, or
1238 something non-NULL if exists_only is TRUE
1239 */
1240
1241 static uschar *
1242 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1243 {
1244 int first = 0;
1245 int last = var_table_size;
1246
1247 while (last > first)
1248 {
1249 uschar *s, *domain;
1250 uschar **ss;
1251 int middle = (first + last)/2;
1252 int c = Ustrcmp(name, var_table[middle].name);
1253
1254 if (c > 0) { first = middle + 1; continue; }
1255 if (c < 0) { last = middle; continue; }
1256
1257 /* Found an existing variable. If in skipping state, the value isn't needed,
1258 and we want to avoid processing (such as looking up up the host name). */
1259
1260 if (skipping) return US"";
1261
1262 switch (var_table[middle].type)
1263 {
1264 #ifdef EXPERIMENTAL_DOMAINKEYS
1265
1266 case vtype_dk_verify:
1267 if (dk_verify_block == NULL) return US"";
1268 s = NULL;
1269 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1270 s = dk_verify_block->result_string;
1271 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1272 s = dk_verify_block->address;
1273 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1274 s = dk_verify_block->domain;
1275 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1276 s = dk_verify_block->local_part;
1277
1278 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1279 switch(dk_verify_block->address_source) {
1280 case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
1281 case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
1282 case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
1283 }
1284
1285 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1286 switch(dk_verify_block->result) {
1287 case DK_EXIM_RESULT_ERR: s = US"error"; break;
1288 case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
1289 case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
1290 case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
1291 case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
1292 case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
1293 case DK_EXIM_RESULT_GOOD: s = US"good"; break;
1294 case DK_EXIM_RESULT_BAD: s = US"bad"; break;
1295 }
1296
1297 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
1298 s = (dk_verify_block->signsall)? US"1" : US"0";
1299
1300 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
1301 s = (dk_verify_block->testing)? US"1" : US"0";
1302
1303 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
1304 s = (dk_verify_block->is_signed)? US"1" : US"0";
1305
1306 return (s == NULL)? US"" : s;
1307 #endif
1308
1309 case vtype_filter_int:
1310 if (!filter_running) return NULL;
1311 /* Fall through */
1312 /* VVVVVVVVVVVV */
1313 case vtype_int:
1314 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1315 return var_buffer;
1316
1317 case vtype_ino:
1318 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1319 return var_buffer;
1320
1321 case vtype_gid:
1322 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1323 return var_buffer;
1324
1325 case vtype_uid:
1326 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1327 return var_buffer;
1328
1329 case vtype_stringptr: /* Pointer to string */
1330 s = *((uschar **)(var_table[middle].value));
1331 return (s == NULL)? US"" : s;
1332
1333 case vtype_pid:
1334 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1335 return var_buffer;
1336
1337 case vtype_load_avg:
1338 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1339 return var_buffer;
1340
1341 case vtype_host_lookup: /* Lookup if not done so */
1342 if (sender_host_name == NULL && sender_host_address != NULL &&
1343 !host_lookup_failed && host_name_lookup() == OK)
1344 host_build_sender_fullhost();
1345 return (sender_host_name == NULL)? US"" : sender_host_name;
1346
1347 case vtype_localpart: /* Get local part from address */
1348 s = *((uschar **)(var_table[middle].value));
1349 if (s == NULL) return US"";
1350 domain = Ustrrchr(s, '@');
1351 if (domain == NULL) return s;
1352 if (domain - s > sizeof(var_buffer) - 1)
1353 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1354 "string expansion", sizeof(var_buffer));
1355 Ustrncpy(var_buffer, s, domain - s);
1356 var_buffer[domain - s] = 0;
1357 return var_buffer;
1358
1359 case vtype_domain: /* Get domain from address */
1360 s = *((uschar **)(var_table[middle].value));
1361 if (s == NULL) return US"";
1362 domain = Ustrrchr(s, '@');
1363 return (domain == NULL)? US"" : domain + 1;
1364
1365 case vtype_msgheaders:
1366 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1367
1368 case vtype_msgbody: /* Pointer to msgbody string */
1369 case vtype_msgbody_end: /* Ditto, the end of the msg */
1370 ss = (uschar **)(var_table[middle].value);
1371 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1372 {
1373 uschar *body;
1374 off_t start_offset = SPOOL_DATA_START_OFFSET;
1375 int len = message_body_visible;
1376 if (len > message_size) len = message_size;
1377 *ss = body = store_malloc(len+1);
1378 body[0] = 0;
1379 if (var_table[middle].type == vtype_msgbody_end)
1380 {
1381 struct stat statbuf;
1382 if (fstat(deliver_datafile, &statbuf) == 0)
1383 {
1384 start_offset = statbuf.st_size - len;
1385 if (start_offset < SPOOL_DATA_START_OFFSET)
1386 start_offset = SPOOL_DATA_START_OFFSET;
1387 }
1388 }
1389 lseek(deliver_datafile, start_offset, SEEK_SET);
1390 len = read(deliver_datafile, body, len);
1391 if (len > 0)
1392 {
1393 body[len] = 0;
1394 while (len > 0)
1395 {
1396 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1397 }
1398 }
1399 }
1400 return (*ss == NULL)? US"" : *ss;
1401
1402 case vtype_todbsdin: /* BSD inbox time of day */
1403 return tod_stamp(tod_bsdin);
1404
1405 case vtype_tode: /* Unix epoch time of day */
1406 return tod_stamp(tod_epoch);
1407
1408 case vtype_todf: /* Full time of day */
1409 return tod_stamp(tod_full);
1410
1411 case vtype_todl: /* Log format time of day */
1412 return tod_stamp(tod_log_bare); /* (without timezone) */
1413
1414 case vtype_todzone: /* Time zone offset only */
1415 return tod_stamp(tod_zone);
1416
1417 case vtype_todzulu: /* Zulu time */
1418 return tod_stamp(tod_zulu);
1419
1420 case vtype_todlf: /* Log file datestamp tod */
1421 return tod_stamp(tod_log_datestamp);
1422
1423 case vtype_reply: /* Get reply address */
1424 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1425 headers_charset);
1426 if (s == NULL || *s == 0)
1427 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1428 return (s == NULL)? US"" : s;
1429
1430 /* A recipients list is available only during system message filtering,
1431 during ACL processing after DATA, and while expanding pipe commands
1432 generated from a system filter, but not elsewhere. */
1433
1434 case vtype_recipients:
1435 if (!enable_dollar_recipients) return NULL; else
1436 {
1437 int size = 128;
1438 int ptr = 0;
1439 int i;
1440 s = store_get(size);
1441 for (i = 0; i < recipients_count; i++)
1442 {
1443 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1444 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1445 Ustrlen(recipients_list[i].address));
1446 }
1447 s[ptr] = 0; /* string_cat() leaves room */
1448 }
1449 return s;
1450
1451 case vtype_pspace:
1452 {
1453 int inodes;
1454 sprintf(CS var_buffer, "%d",
1455 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1456 }
1457 return var_buffer;
1458
1459 case vtype_pinodes:
1460 {
1461 int inodes;
1462 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1463 sprintf(CS var_buffer, "%d", inodes);
1464 }
1465 return var_buffer;
1466 }
1467 }
1468
1469 return NULL; /* Unknown variable name */
1470 }
1471
1472
1473
1474
1475 /*************************************************
1476 * Read and expand substrings *
1477 *************************************************/
1478
1479 /* This function is called to read and expand argument substrings for various
1480 expansion items. Some have a minimum requirement that is less than the maximum;
1481 in these cases, the first non-present one is set to NULL.
1482
1483 Arguments:
1484 sub points to vector of pointers to set
1485 n maximum number of substrings
1486 m minimum required
1487 sptr points to current string pointer
1488 skipping the skipping flag
1489 check_end if TRUE, check for final '}'
1490 name name of item, for error message
1491
1492 Returns: 0 OK; string pointer updated
1493 1 curly bracketing error (too few arguments)
1494 2 too many arguments (only if check_end is set); message set
1495 3 other error (expansion failure)
1496 */
1497
1498 static int
1499 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1500 BOOL check_end, uschar *name)
1501 {
1502 int i;
1503 uschar *s = *sptr;
1504
1505 while (isspace(*s)) s++;
1506 for (i = 0; i < n; i++)
1507 {
1508 if (*s != '{')
1509 {
1510 if (i < m) return 1;
1511 sub[i] = NULL;
1512 break;
1513 }
1514 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1515 if (sub[i] == NULL) return 3;
1516 if (*s++ != '}') return 1;
1517 while (isspace(*s)) s++;
1518 }
1519 if (check_end && *s++ != '}')
1520 {
1521 if (s[-1] == '{')
1522 {
1523 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1524 "(max is %d)", name, n);
1525 return 2;
1526 }
1527 return 1;
1528 }
1529
1530 *sptr = s;
1531 return 0;
1532 }
1533
1534
1535
1536
1537 /*************************************************
1538 * Read and evaluate a condition *
1539 *************************************************/
1540
1541 /*
1542 Arguments:
1543 s points to the start of the condition text
1544 yield points to a BOOL to hold the result of the condition test;
1545 if NULL, we are just reading through a condition that is
1546 part of an "or" combination to check syntax, or in a state
1547 where the answer isn't required
1548
1549 Returns: a pointer to the first character after the condition, or
1550 NULL after an error
1551 */
1552
1553 static uschar *
1554 eval_condition(uschar *s, BOOL *yield)
1555 {
1556 BOOL testfor = TRUE;
1557 BOOL tempcond, combined_cond;
1558 BOOL *subcondptr;
1559 int i, rc, cond_type, roffset;
1560 int num[2];
1561 struct stat statbuf;
1562 uschar name[256];
1563 uschar *sub[4];
1564
1565 const pcre *re;
1566 const uschar *rerror;
1567
1568 for (;;)
1569 {
1570 while (isspace(*s)) s++;
1571 if (*s == '!') { testfor = !testfor; s++; } else break;
1572 }
1573
1574 /* Numeric comparisons are symbolic */
1575
1576 if (*s == '=' || *s == '>' || *s == '<')
1577 {
1578 int p = 0;
1579 name[p++] = *s++;
1580 if (*s == '=')
1581 {
1582 name[p++] = '=';
1583 s++;
1584 }
1585 name[p] = 0;
1586 }
1587
1588 /* All other conditions are named */
1589
1590 else s = read_name(name, 256, s, US"_");
1591
1592 /* If we haven't read a name, it means some non-alpha character is first. */
1593
1594 if (name[0] == 0)
1595 {
1596 expand_string_message = string_sprintf("condition name expected, "
1597 "but found \"%.16s\"", s);
1598 return NULL;
1599 }
1600
1601 /* Find which condition we are dealing with, and switch on it */
1602
1603 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1604 switch(cond_type)
1605 {
1606 /* def: tests for a non-empty variable, or for the existence of a header. If
1607 yield == NULL we are in a skipping state, and don't care about the answer. */
1608
1609 case ECOND_DEF:
1610 if (*s != ':')
1611 {
1612 expand_string_message = US"\":\" expected after \"def\"";
1613 return NULL;
1614 }
1615
1616 s = read_name(name, 256, s+1, US"_");
1617
1618 /* Test for a header's existence */
1619
1620 if (Ustrncmp(name, "h_", 2) == 0 ||
1621 Ustrncmp(name, "rh_", 3) == 0 ||
1622 Ustrncmp(name, "bh_", 3) == 0 ||
1623 Ustrncmp(name, "header_", 7) == 0 ||
1624 Ustrncmp(name, "rheader_", 8) == 0 ||
1625 Ustrncmp(name, "bheader_", 8) == 0)
1626 {
1627 s = read_header_name(name, 256, s);
1628 if (yield != NULL) *yield =
1629 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1630 }
1631
1632 /* Test for a variable's having a non-empty value. A non-existent variable
1633 causes an expansion failure. */
1634
1635 else
1636 {
1637 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1638 if (value == NULL)
1639 {
1640 expand_string_message = (name[0] == 0)?
1641 string_sprintf("variable name omitted after \"def:\"") :
1642 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1643 return NULL;
1644 }
1645 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1646 }
1647
1648 return s;
1649
1650
1651 /* first_delivery tests for first delivery attempt */
1652
1653 case ECOND_FIRST_DELIVERY:
1654 if (yield != NULL) *yield = deliver_firsttime == testfor;
1655 return s;
1656
1657
1658 /* queue_running tests for any process started by a queue runner */
1659
1660 case ECOND_QUEUE_RUNNING:
1661 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1662 return s;
1663
1664
1665 /* exists: tests for file existence
1666 isip: tests for any IP address
1667 isip4: tests for an IPv4 address
1668 isip6: tests for an IPv6 address
1669 pam: does PAM authentication
1670 radius: does RADIUS authentication
1671 ldapauth: does LDAP authentication
1672 pwcheck: does Cyrus SASL pwcheck authentication
1673 */
1674
1675 case ECOND_EXISTS:
1676 case ECOND_ISIP:
1677 case ECOND_ISIP4:
1678 case ECOND_ISIP6:
1679 case ECOND_PAM:
1680 case ECOND_RADIUS:
1681 case ECOND_LDAPAUTH:
1682 case ECOND_PWCHECK:
1683
1684 while (isspace(*s)) s++;
1685 if (*s != '{') goto COND_FAILED_CURLY_START;
1686
1687 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1688 if (sub[0] == NULL) return NULL;
1689 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1690
1691 if (yield == NULL) return s; /* No need to run the test if skipping */
1692
1693 switch(cond_type)
1694 {
1695 case ECOND_EXISTS:
1696 if ((expand_forbid & RDO_EXISTS) != 0)
1697 {
1698 expand_string_message = US"File existence tests are not permitted";
1699 return NULL;
1700 }
1701 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1702 break;
1703
1704 case ECOND_ISIP:
1705 case ECOND_ISIP4:
1706 case ECOND_ISIP6:
1707 rc = string_is_ip_address(sub[0], NULL);
1708 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1709 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1710 break;
1711
1712 /* Various authentication tests - all optionally compiled */
1713
1714 case ECOND_PAM:
1715 #ifdef SUPPORT_PAM
1716 rc = auth_call_pam(sub[0], &expand_string_message);
1717 goto END_AUTH;
1718 #else
1719 goto COND_FAILED_NOT_COMPILED;
1720 #endif /* SUPPORT_PAM */
1721
1722 case ECOND_RADIUS:
1723 #ifdef RADIUS_CONFIG_FILE
1724 rc = auth_call_radius(sub[0], &expand_string_message);
1725 goto END_AUTH;
1726 #else
1727 goto COND_FAILED_NOT_COMPILED;
1728 #endif /* RADIUS_CONFIG_FILE */
1729
1730 case ECOND_LDAPAUTH:
1731 #ifdef LOOKUP_LDAP
1732 {
1733 /* Just to keep the interface the same */
1734 BOOL do_cache;
1735 int old_pool = store_pool;
1736 store_pool = POOL_SEARCH;
1737 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1738 &expand_string_message, &do_cache);
1739 store_pool = old_pool;
1740 }
1741 goto END_AUTH;
1742 #else
1743 goto COND_FAILED_NOT_COMPILED;
1744 #endif /* LOOKUP_LDAP */
1745
1746 case ECOND_PWCHECK:
1747 #ifdef CYRUS_PWCHECK_SOCKET
1748 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1749 goto END_AUTH;
1750 #else
1751 goto COND_FAILED_NOT_COMPILED;
1752 #endif /* CYRUS_PWCHECK_SOCKET */
1753
1754 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1755 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1756 END_AUTH:
1757 if (rc == ERROR || rc == DEFER) return NULL;
1758 *yield = (rc == OK) == testfor;
1759 #endif
1760 }
1761 return s;
1762
1763
1764 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1765
1766 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1767
1768 However, the last two are optional. That is why the whole set is enclosed
1769 in their own set or braces. */
1770
1771 case ECOND_SASLAUTHD:
1772 #ifndef CYRUS_SASLAUTHD_SOCKET
1773 goto COND_FAILED_NOT_COMPILED;
1774 #else
1775 while (isspace(*s)) s++;
1776 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1777 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1778 {
1779 case 1: expand_string_message = US"too few arguments or bracketing "
1780 "error for saslauthd";
1781 case 2:
1782 case 3: return NULL;
1783 }
1784 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1785 if (yield != NULL)
1786 {
1787 int rc;
1788 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1789 &expand_string_message);
1790 if (rc == ERROR || rc == DEFER) return NULL;
1791 *yield = (rc == OK) == testfor;
1792 }
1793 return s;
1794 #endif /* CYRUS_SASLAUTHD_SOCKET */
1795
1796
1797 /* symbolic operators for numeric and string comparison, and a number of
1798 other operators, all requiring two arguments.
1799
1800 match: does a regular expression match and sets up the numerical
1801 variables if it succeeds
1802 match_address: matches in an address list
1803 match_domain: matches in a domain list
1804 match_local_part: matches in a local part list
1805 crypteq: encrypts plaintext and compares against an encrypted text,
1806 using crypt(), crypt16(), MD5 or SHA-1
1807 */
1808
1809 case ECOND_MATCH:
1810 case ECOND_MATCH_ADDRESS:
1811 case ECOND_MATCH_DOMAIN:
1812 case ECOND_MATCH_LOCAL_PART:
1813 case ECOND_CRYPTEQ:
1814
1815 case ECOND_NUM_L: /* Numerical comparisons */
1816 case ECOND_NUM_LE:
1817 case ECOND_NUM_E:
1818 case ECOND_NUM_EE:
1819 case ECOND_NUM_G:
1820 case ECOND_NUM_GE:
1821
1822 case ECOND_STR_LT: /* String comparisons */
1823 case ECOND_STR_LTI:
1824 case ECOND_STR_LE:
1825 case ECOND_STR_LEI:
1826 case ECOND_STR_EQ:
1827 case ECOND_STR_EQI:
1828 case ECOND_STR_GT:
1829 case ECOND_STR_GTI:
1830 case ECOND_STR_GE:
1831 case ECOND_STR_GEI:
1832
1833 for (i = 0; i < 2; i++)
1834 {
1835 while (isspace(*s)) s++;
1836 if (*s != '{')
1837 {
1838 if (i == 0) goto COND_FAILED_CURLY_START;
1839 expand_string_message = string_sprintf("missing 2nd string in {} "
1840 "after \"%s\"", name);
1841 return NULL;
1842 }
1843 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1844 if (sub[i] == NULL) return NULL;
1845 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1846
1847 /* Convert to numerical if required; we know that the names of all the
1848 conditions that compare numbers do not start with a letter. This just saves
1849 checking for them individually. */
1850
1851 if (!isalpha(name[0]))
1852 {
1853 uschar *endptr;
1854 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1855 if (tolower(*endptr) == 'k')
1856 {
1857 num[i] *= 1024;
1858 endptr++;
1859 }
1860 else if (tolower(*endptr) == 'm')
1861 {
1862 num[i] *= 1024*1024;
1863 endptr++;
1864 }
1865 while (isspace(*endptr)) endptr++;
1866 if (*endptr != 0)
1867 {
1868 expand_string_message = string_sprintf("\"%s\" is not a number",
1869 sub[i]);
1870 return NULL;
1871 }
1872 }
1873 }
1874
1875 /* Result not required */
1876
1877 if (yield == NULL) return s;
1878
1879 /* Do an appropriate comparison */
1880
1881 switch(cond_type)
1882 {
1883 case ECOND_NUM_E:
1884 case ECOND_NUM_EE:
1885 *yield = (num[0] == num[1]) == testfor;
1886 break;
1887
1888 case ECOND_NUM_G:
1889 *yield = (num[0] > num[1]) == testfor;
1890 break;
1891
1892 case ECOND_NUM_GE:
1893 *yield = (num[0] >= num[1]) == testfor;
1894 break;
1895
1896 case ECOND_NUM_L:
1897 *yield = (num[0] < num[1]) == testfor;
1898 break;
1899
1900 case ECOND_NUM_LE:
1901 *yield = (num[0] <= num[1]) == testfor;
1902 break;
1903
1904 case ECOND_STR_LT:
1905 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1906 break;
1907
1908 case ECOND_STR_LTI:
1909 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1910 break;
1911
1912 case ECOND_STR_LE:
1913 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1914 break;
1915
1916 case ECOND_STR_LEI:
1917 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1918 break;
1919
1920 case ECOND_STR_EQ:
1921 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1922 break;
1923
1924 case ECOND_STR_EQI:
1925 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1926 break;
1927
1928 case ECOND_STR_GT:
1929 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1930 break;
1931
1932 case ECOND_STR_GTI:
1933 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1934 break;
1935
1936 case ECOND_STR_GE:
1937 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1938 break;
1939
1940 case ECOND_STR_GEI:
1941 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1942 break;
1943
1944 case ECOND_MATCH: /* Regular expression match */
1945 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1946 NULL);
1947 if (re == NULL)
1948 {
1949 expand_string_message = string_sprintf("regular expression error in "
1950 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1951 return NULL;
1952 }
1953 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1954 break;
1955
1956 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1957 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1958 goto MATCHED_SOMETHING;
1959
1960 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1961 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1962 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1963 goto MATCHED_SOMETHING;
1964
1965 case ECOND_MATCH_LOCAL_PART:
1966 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1967 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1968 /* Fall through */
1969 /* VVVVVVVVVVVV */
1970 MATCHED_SOMETHING:
1971 switch(rc)
1972 {
1973 case OK:
1974 *yield = testfor;
1975 break;
1976
1977 case FAIL:
1978 *yield = !testfor;
1979 break;
1980
1981 case DEFER:
1982 expand_string_message = string_sprintf("unable to complete match "
1983 "against \"%s\": %s", sub[1], search_error_message);
1984 return NULL;
1985 }
1986
1987 break;
1988
1989 /* Various "encrypted" comparisons. If the second string starts with
1990 "{" then an encryption type is given. Default to crypt() or crypt16()
1991 (build-time choice). */
1992
1993 case ECOND_CRYPTEQ:
1994 #ifndef SUPPORT_CRYPTEQ
1995 goto COND_FAILED_NOT_COMPILED;
1996 #else
1997 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1998 {
1999 int sublen = Ustrlen(sub[1]+5);
2000 md5 base;
2001 uschar digest[16];
2002
2003 md5_start(&base);
2004 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2005
2006 /* If the length that we are comparing against is 24, the MD5 digest
2007 is expressed as a base64 string. This is the way LDAP does it. However,
2008 some other software uses a straightforward hex representation. We assume
2009 this if the length is 32. Other lengths fail. */
2010
2011 if (sublen == 24)
2012 {
2013 uschar *coded = auth_b64encode((uschar *)digest, 16);
2014 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2015 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2016 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2017 }
2018 else if (sublen == 32)
2019 {
2020 int i;
2021 uschar coded[36];
2022 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2023 coded[32] = 0;
2024 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2025 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2026 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2027 }
2028 else
2029 {
2030 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2031 "fail\n crypted=%s\n", sub[1]+5);
2032 *yield = !testfor;
2033 }
2034 }
2035
2036 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2037 {
2038 int sublen = Ustrlen(sub[1]+6);
2039 sha1 base;
2040 uschar digest[20];
2041
2042 sha1_start(&base);
2043 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2044
2045 /* If the length that we are comparing against is 28, assume the SHA1
2046 digest is expressed as a base64 string. If the length is 40, assume a
2047 straightforward hex representation. Other lengths fail. */
2048
2049 if (sublen == 28)
2050 {
2051 uschar *coded = auth_b64encode((uschar *)digest, 20);
2052 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2053 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2054 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2055 }
2056 else if (sublen == 40)
2057 {
2058 int i;
2059 uschar coded[44];
2060 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2061 coded[40] = 0;
2062 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2063 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2064 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2065 }
2066 else
2067 {
2068 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2069 "fail\n crypted=%s\n", sub[1]+6);
2070 *yield = !testfor;
2071 }
2072 }
2073
2074 else /* {crypt} or {crypt16} and non-{ at start */
2075 {
2076 int which = 0;
2077 uschar *coded;
2078
2079 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2080 {
2081 sub[1] += 7;
2082 which = 1;
2083 }
2084 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2085 {
2086 sub[1] += 9;
2087 which = 2;
2088 }
2089 else if (sub[1][0] == '{')
2090 {
2091 expand_string_message = string_sprintf("unknown encryption mechanism "
2092 "in \"%s\"", sub[1]);
2093 return NULL;
2094 }
2095
2096 switch(which)
2097 {
2098 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2099 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2100 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2101 }
2102
2103 #define STR(s) # s
2104 #define XSTR(s) STR(s)
2105 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2106 " subject=%s\n crypted=%s\n",
2107 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2108 coded, sub[1]);
2109 #undef STR
2110 #undef XSTR
2111
2112 /* If the encrypted string contains fewer than two characters (for the
2113 salt), force failure. Otherwise we get false positives: with an empty
2114 string the yield of crypt() is an empty string! */
2115
2116 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2117 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2118 }
2119 break;
2120 #endif /* SUPPORT_CRYPTEQ */
2121 } /* Switch for comparison conditions */
2122
2123 return s; /* End of comparison conditions */
2124
2125
2126 /* and/or: computes logical and/or of several conditions */
2127
2128 case ECOND_AND:
2129 case ECOND_OR:
2130 subcondptr = (yield == NULL)? NULL : &tempcond;
2131 combined_cond = (cond_type == ECOND_AND);
2132
2133 while (isspace(*s)) s++;
2134 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2135
2136 for (;;)
2137 {
2138 while (isspace(*s)) s++;
2139 if (*s == '}') break;
2140 if (*s != '{')
2141 {
2142 expand_string_message = string_sprintf("each subcondition "
2143 "inside an \"%s{...}\" condition must be in its own {}", name);
2144 return NULL;
2145 }
2146
2147 s = eval_condition(s+1, subcondptr);
2148 if (s == NULL)
2149 {
2150 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2151 expand_string_message, name);
2152 return NULL;
2153 }
2154 while (isspace(*s)) s++;
2155
2156 if (*s++ != '}')
2157 {
2158 expand_string_message = string_sprintf("missing } at end of condition "
2159 "inside \"%s\" group", name);
2160 return NULL;
2161 }
2162
2163 if (yield != NULL)
2164 {
2165 if (cond_type == ECOND_AND)
2166 {
2167 combined_cond &= tempcond;
2168 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2169 } /* evaluate any more */
2170 else
2171 {
2172 combined_cond |= tempcond;
2173 if (combined_cond) subcondptr = NULL; /* once true, don't */
2174 } /* evaluate any more */
2175 }
2176 }
2177
2178 if (yield != NULL) *yield = (combined_cond == testfor);
2179 return ++s;
2180
2181
2182 /* Unknown condition */
2183
2184 default:
2185 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2186 return NULL;
2187 } /* End switch on condition type */
2188
2189 /* Missing braces at start and end of data */
2190
2191 COND_FAILED_CURLY_START:
2192 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2193 return NULL;
2194
2195 COND_FAILED_CURLY_END:
2196 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2197 name);
2198 return NULL;
2199
2200 /* A condition requires code that is not compiled */
2201
2202 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2203 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2204 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2205 COND_FAILED_NOT_COMPILED:
2206 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2207 name);
2208 return NULL;
2209 #endif
2210 }
2211
2212
2213
2214
2215 /*************************************************
2216 * Save numerical variables *
2217 *************************************************/
2218
2219 /* This function is called from items such as "if" that want to preserve and
2220 restore the numbered variables.
2221
2222 Arguments:
2223 save_expand_string points to an array of pointers to set
2224 save_expand_nlength points to an array of ints for the lengths
2225
2226 Returns: the value of expand max to save
2227 */
2228
2229 static int
2230 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2231 {
2232 int i;
2233 for (i = 0; i <= expand_nmax; i++)
2234 {
2235 save_expand_nstring[i] = expand_nstring[i];
2236 save_expand_nlength[i] = expand_nlength[i];
2237 }
2238 return expand_nmax;
2239 }
2240
2241
2242
2243 /*************************************************
2244 * Restore numerical variables *
2245 *************************************************/
2246
2247 /* This function restored saved values of numerical strings.
2248
2249 Arguments:
2250 save_expand_nmax the number of strings to restore
2251 save_expand_string points to an array of pointers
2252 save_expand_nlength points to an array of ints
2253
2254 Returns: nothing
2255 */
2256
2257 static void
2258 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2259 int *save_expand_nlength)
2260 {
2261 int i;
2262 expand_nmax = save_expand_nmax;
2263 for (i = 0; i <= expand_nmax; i++)
2264 {
2265 expand_nstring[i] = save_expand_nstring[i];
2266 expand_nlength[i] = save_expand_nlength[i];
2267 }
2268 }
2269
2270
2271
2272
2273
2274 /*************************************************
2275 * Handle yes/no substrings *
2276 *************************************************/
2277
2278 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2279 alternative substrings that depend on whether or not the condition was true,
2280 or the lookup or extraction succeeded. The substrings always have to be
2281 expanded, to check their syntax, but "skipping" is set when the result is not
2282 needed - this avoids unnecessary nested lookups.
2283
2284 Arguments:
2285 skipping TRUE if we were skipping when this item was reached
2286 yes TRUE if the first string is to be used, else use the second
2287 save_lookup a value to put back into lookup_value before the 2nd expansion
2288 sptr points to the input string pointer
2289 yieldptr points to the output string pointer
2290 sizeptr points to the output string size
2291 ptrptr points to the output string pointer
2292 type "lookup" or "if" or "extract" or "run", for error message
2293
2294 Returns: 0 OK; lookup_value has been reset to save_lookup
2295 1 expansion failed
2296 2 expansion failed because of bracketing error
2297 */
2298
2299 static int
2300 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2301 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2302 {
2303 int rc = 0;
2304 uschar *s = *sptr; /* Local value */
2305 uschar *sub1, *sub2;
2306
2307 /* If there are no following strings, we substitute the contents of $value for
2308 lookups and for extractions in the success case. For the ${if item, the string
2309 "true" is substituted. In the fail case, nothing is substituted for all three
2310 items. */
2311
2312 while (isspace(*s)) s++;
2313 if (*s == '}')
2314 {
2315 if (type[0] == 'i')
2316 {
2317 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2318 }
2319 else
2320 {
2321 if (yes && lookup_value != NULL)
2322 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2323 Ustrlen(lookup_value));
2324 lookup_value = save_lookup;
2325 }
2326 s++;
2327 goto RETURN;
2328 }
2329
2330 /* The first following string must be braced. */
2331
2332 if (*s++ != '{') goto FAILED_CURLY;
2333
2334 /* Expand the first substring. Forced failures are noticed only if we actually
2335 want this string. Set skipping in the call in the fail case (this will always
2336 be the case if we were already skipping). */
2337
2338 sub1 = expand_string_internal(s, TRUE, &s, !yes);
2339 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2340 expand_string_forcedfail = FALSE;
2341 if (*s++ != '}') goto FAILED_CURLY;
2342
2343 /* If we want the first string, add it to the output */
2344
2345 if (yes)
2346 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2347
2348 /* If this is called from a lookup or an extract, we want to restore $value to
2349 what it was at the start of the item, so that it has this value during the
2350 second string expansion. For the call from "if" or "run" to this function,
2351 save_lookup is set to lookup_value, so that this statement does nothing. */
2352
2353 lookup_value = save_lookup;
2354
2355 /* There now follows either another substring, or "fail", or nothing. This
2356 time, forced failures are noticed only if we want the second string. We must
2357 set skipping in the nested call if we don't want this string, or if we were
2358 already skipping. */
2359
2360 while (isspace(*s)) s++;
2361 if (*s == '{')
2362 {
2363 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2364 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2365 expand_string_forcedfail = FALSE;
2366 if (*s++ != '}') goto FAILED_CURLY;
2367
2368 /* If we want the second string, add it to the output */
2369
2370 if (!yes)
2371 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2372 }
2373
2374 /* If there is no second string, but the word "fail" is present when the use of
2375 the second string is wanted, set a flag indicating it was a forced failure
2376 rather than a syntactic error. Swallow the terminating } in case this is nested
2377 inside another lookup or if or extract. */
2378
2379 else if (*s != '}')
2380 {
2381 uschar name[256];
2382 s = read_name(name, sizeof(name), s, US"_");
2383 if (Ustrcmp(name, "fail") == 0)
2384 {
2385 if (!yes && !skipping)
2386 {
2387 while (isspace(*s)) s++;
2388 if (*s++ != '}') goto FAILED_CURLY;
2389 expand_string_message =
2390 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2391 expand_string_forcedfail = TRUE;
2392 goto FAILED;
2393 }
2394 }
2395 else
2396 {
2397 expand_string_message =
2398 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2399 goto FAILED;
2400 }
2401 }
2402
2403 /* All we have to do now is to check on the final closing brace. */
2404
2405 while (isspace(*s)) s++;
2406 if (*s++ == '}') goto RETURN;
2407
2408 /* Get here if there is a bracketing failure */
2409
2410 FAILED_CURLY:
2411 rc++;
2412
2413 /* Get here for other failures */
2414
2415 FAILED:
2416 rc++;
2417
2418 /* Update the input pointer value before returning */
2419
2420 RETURN:
2421 *sptr = s;
2422 return rc;
2423 }
2424
2425
2426
2427
2428 /*************************************************
2429 * Handle MD5 or SHA-1 computation for HMAC *
2430 *************************************************/
2431
2432 /* These are some wrapping functions that enable the HMAC code to be a bit
2433 cleaner. A good compiler will spot the tail recursion.
2434
2435 Arguments:
2436 type HMAC_MD5 or HMAC_SHA1
2437 remaining are as for the cryptographic hash functions
2438
2439 Returns: nothing
2440 */
2441
2442 static void
2443 chash_start(int type, void *base)
2444 {
2445 if (type == HMAC_MD5)
2446 md5_start((md5 *)base);
2447 else
2448 sha1_start((sha1 *)base);
2449 }
2450
2451 static void
2452 chash_mid(int type, void *base, uschar *string)
2453 {
2454 if (type == HMAC_MD5)
2455 md5_mid((md5 *)base, string);
2456 else
2457 sha1_mid((sha1 *)base, string);
2458 }
2459
2460 static void
2461 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2462 {
2463 if (type == HMAC_MD5)
2464 md5_end((md5 *)base, string, length, digest);
2465 else
2466 sha1_end((sha1 *)base, string, length, digest);
2467 }
2468
2469
2470
2471
2472
2473 /********************************************************
2474 * prvs: Get last three digits of days since Jan 1, 1970 *
2475 ********************************************************/
2476
2477 /* This is needed to implement the "prvs" BATV reverse
2478 path signing scheme
2479
2480 Argument: integer "days" offset to add or substract to
2481 or from the current number of days.
2482
2483 Returns: pointer to string containing the last three
2484 digits of the number of days since Jan 1, 1970,
2485 modified by the offset argument, NULL if there
2486 was an error in the conversion.
2487
2488 */
2489
2490 static uschar *
2491 prvs_daystamp(int day_offset)
2492 {
2493 uschar *days = store_get(16);
2494 (void)string_format(days, 16, TIME_T_FMT,
2495 (time(NULL) + day_offset*86400)/86400);
2496 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
2497 }
2498
2499
2500
2501 /********************************************************
2502 * prvs: perform HMAC-SHA1 computation of prvs bits *
2503 ********************************************************/
2504
2505 /* This is needed to implement the "prvs" BATV reverse
2506 path signing scheme
2507
2508 Arguments:
2509 address RFC2821 Address to use
2510 key The key to use (must be less than 64 characters
2511 in size)
2512 key_num Single-digit key number to use. Defaults to
2513 '0' when NULL.
2514
2515 Returns: pointer to string containing the first three
2516 bytes of the final hash in hex format, NULL if
2517 there was an error in the process.
2518 */
2519
2520 static uschar *
2521 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2522 {
2523 uschar *hash_source, *p;
2524 int size = 0,offset = 0,i;
2525 sha1 sha1_base;
2526 void *use_base = &sha1_base;
2527 uschar innerhash[20];
2528 uschar finalhash[20];
2529 uschar innerkey[64];
2530 uschar outerkey[64];
2531 uschar *finalhash_hex = store_get(40);
2532
2533 if (key_num == NULL)
2534 key_num = US"0";
2535
2536 if (Ustrlen(key) > 64)
2537 return NULL;
2538
2539 hash_source = string_cat(NULL,&size,&offset,key_num,1);
2540 string_cat(hash_source,&size,&offset,daystamp,3);
2541 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2542 hash_source[offset] = '\0';
2543
2544 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2545
2546 memset(innerkey, 0x36, 64);
2547 memset(outerkey, 0x5c, 64);
2548
2549 for (i = 0; i < Ustrlen(key); i++)
2550 {
2551 innerkey[i] ^= key[i];
2552 outerkey[i] ^= key[i];
2553 }
2554
2555 chash_start(HMAC_SHA1, use_base);
2556 chash_mid(HMAC_SHA1, use_base, innerkey);
2557 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2558
2559 chash_start(HMAC_SHA1, use_base);
2560 chash_mid(HMAC_SHA1, use_base, outerkey);
2561 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2562
2563 p = finalhash_hex;
2564 for (i = 0; i < 3; i++)
2565 {
2566 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2567 *p++ = hex_digits[finalhash[i] & 0x0f];
2568 }
2569 *p = '\0';
2570
2571 return finalhash_hex;
2572 }
2573
2574
2575
2576
2577 /*************************************************
2578 * Join a file onto the output string *
2579 *************************************************/
2580
2581 /* This is used for readfile and after a run expansion. It joins the contents
2582 of a file onto the output string, globally replacing newlines with a given
2583 string (optionally). The file is closed at the end.
2584
2585 Arguments:
2586 f the FILE
2587 yield pointer to the expandable string
2588 sizep pointer to the current size
2589 ptrp pointer to the current position
2590 eol newline replacement string, or NULL
2591
2592 Returns: new value of string pointer
2593 */
2594
2595 static uschar *
2596 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2597 {
2598 int eollen;
2599 uschar buffer[1024];
2600
2601 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2602
2603 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2604 {
2605 int len = Ustrlen(buffer);
2606 if (eol != NULL && buffer[len-1] == '\n') len--;
2607 yield = string_cat(yield, sizep, ptrp, buffer, len);
2608 if (buffer[len] != 0)
2609 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2610 }
2611
2612 if (yield != NULL) yield[*ptrp] = 0;
2613
2614 return yield;
2615 }
2616
2617
2618
2619
2620 /*************************************************
2621 * Evaluate numeric expression *
2622 *************************************************/
2623
2624 /* This is a set of mutually recursive functions that evaluate a simple
2625 arithmetic expression involving only + - * / and parentheses. The only one that
2626 is called from elsewhere is eval_expr, whose interface is:
2627
2628 Arguments:
2629 sptr pointer to the pointer to the string - gets updated
2630 decimal TRUE if numbers are to be assumed decimal
2631 error pointer to where to put an error message - must be NULL on input
2632 endket TRUE if ')' must terminate - FALSE for external call
2633
2634
2635 Returns: on success: the value of the expression, with *error still NULL
2636 on failure: an undefined value, with *error = a message
2637 */
2638
2639 static int eval_sumterm(uschar **, BOOL, uschar **);
2640
2641 static int
2642 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2643 {
2644 uschar *s = *sptr;
2645 int x = eval_sumterm(&s, decimal, error);
2646 if (*error == NULL)
2647 {
2648 while (*s == '+' || *s == '-')
2649 {
2650 int op = *s++;
2651 int y = eval_sumterm(&s, decimal, error);
2652 if (*error != NULL) break;
2653 if (op == '+') x += y; else x -= y;
2654 }
2655 if (*error == NULL)
2656 {
2657 if (endket)
2658 {
2659 if (*s != ')')
2660 *error = US"expecting closing parenthesis";
2661 else
2662 while (isspace(*(++s)));
2663 }
2664 else if (*s != 0) *error = US"expecting + or -";
2665 }
2666 }
2667
2668 *sptr = s;
2669 return x;
2670 }
2671
2672 static int
2673 eval_term(uschar **sptr, BOOL decimal, uschar **error)
2674 {
2675 register int c;
2676 int n;
2677 uschar *s = *sptr;
2678 while (isspace(*s)) s++;
2679 c = *s;
2680 if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2681 {
2682 int count;
2683 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2684 s += count;
2685 if (tolower(*s) == 'k') { n *= 1024; s++; }
2686 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2687 while (isspace (*s)) s++;
2688 }
2689 else if (c == '(')
2690 {
2691 s++;
2692 n = eval_expr(&s, decimal, error, 1);
2693 }
2694 else
2695 {
2696 *error = US"expecting number or opening parenthesis";
2697 n = 0;
2698 }
2699 *sptr = s;
2700 return n;
2701 }
2702
2703 static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2704 {
2705 uschar *s = *sptr;
2706 int x = eval_term(&s, decimal, error);
2707 if (*error == NULL)
2708 {
2709 while (*s == '*' || *s == '/')
2710 {
2711 int op = *s++;
2712 int y = eval_term(&s, decimal, error);
2713 if (*error != NULL) break;
2714 if (op == '*') x *= y; else x /= y;
2715 }
2716 }
2717 *sptr = s;
2718 return x;
2719 }
2720
2721
2722
2723
2724 /*************************************************
2725 * Expand string *
2726 *************************************************/
2727
2728 /* Returns either an unchanged string, or the expanded string in stacking pool
2729 store. Interpreted sequences are:
2730
2731 \... normal escaping rules
2732 $name substitutes the variable
2733 ${name} ditto
2734 ${op:string} operates on the expanded string value
2735 ${item{arg1}{arg2}...} expands the args and then does the business
2736 some literal args are not enclosed in {}
2737
2738 There are now far too many operators and item types to make it worth listing
2739 them here in detail any more.
2740
2741 We use an internal routine recursively to handle embedded substrings. The
2742 external function follows. The yield is NULL if the expansion failed, and there
2743 are two cases: if something collapsed syntactically, or if "fail" was given
2744 as the action on a lookup failure. These can be distinguised by looking at the
2745 variable expand_string_forcedfail, which is TRUE in the latter case.
2746
2747 The skipping flag is set true when expanding a substring that isn't actually
2748 going to be used (after "if" or "lookup") and it prevents lookups from
2749 happening lower down.
2750
2751 Store usage: At start, a store block of the length of the input plus 64
2752 is obtained. This is expanded as necessary by string_cat(), which might have to
2753 get a new block, or might be able to expand the original. At the end of the
2754 function we can release any store above that portion of the yield block that
2755 was actually used. In many cases this will be optimal.
2756
2757 However: if the first item in the expansion is a variable name or header name,
2758 we reset the store before processing it; if the result is in fresh store, we
2759 use that without copying. This is helpful for expanding strings like
2760 $message_headers which can get very long.
2761
2762 Arguments:
2763 string the string to be expanded
2764 ket_ends true if expansion is to stop at }
2765 left if not NULL, a pointer to the first character after the
2766 expansion is placed here (typically used with ket_ends)
2767 skipping TRUE for recursive calls when the value isn't actually going
2768 to be used (to allow for optimisation)
2769
2770 Returns: NULL if expansion fails:
2771 expand_string_forcedfail is set TRUE if failure was forced
2772 expand_string_message contains a textual error message
2773 a pointer to the expanded string on success
2774 */
2775
2776 static uschar *
2777 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2778 BOOL skipping)
2779 {
2780 int ptr = 0;
2781 int size = Ustrlen(string)+ 64;
2782 int item_type;
2783 uschar *yield = store_get(size);
2784 uschar *s = string;
2785 uschar *save_expand_nstring[EXPAND_MAXN+1];
2786 int save_expand_nlength[EXPAND_MAXN+1];
2787
2788 expand_string_forcedfail = FALSE;
2789 expand_string_message = US"";
2790
2791 while (*s != 0)
2792 {
2793 uschar *value;
2794 uschar name[256];
2795
2796 /* \ escapes the next character, which must exist, or else
2797 the expansion fails. There's a special escape, \N, which causes
2798 copying of the subject verbatim up to the next \N. Otherwise,
2799 the escapes are the standard set. */
2800
2801 if (*s == '\\')
2802 {
2803 if (s[1] == 0)
2804 {
2805 expand_string_message = US"\\ at end of string";
2806 goto EXPAND_FAILED;
2807 }
2808
2809 if (s[1] == 'N')
2810 {
2811 uschar *t = s + 2;
2812 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2813 yield = string_cat(yield, &size, &ptr, t, s - t);
2814 if (*s != 0) s += 2;
2815 }
2816
2817 else
2818 {
2819 uschar ch[1];
2820 ch[0] = string_interpret_escape(&s);
2821 s++;
2822 yield = string_cat(yield, &size, &ptr, ch, 1);
2823 }
2824
2825 continue;
2826 }
2827
2828 /* Anything other than $ is just copied verbatim, unless we are
2829 looking for a terminating } character. */
2830
2831 if (ket_ends && *s == '}') break;
2832
2833 if (*s != '$')
2834 {
2835 yield = string_cat(yield, &size, &ptr, s++, 1);
2836 continue;
2837 }
2838
2839 /* No { after the $ - must be a plain name or a number for string
2840 match variable. There has to be a fudge for variables that are the
2841 names of header fields preceded by "$header_" because header field
2842 names can contain any printing characters except space and colon.
2843 For those that don't like typing this much, "$h_" is a synonym for
2844 "$header_". A non-existent header yields a NULL value; nothing is
2845 inserted. */
2846
2847 if (isalpha((*(++s))))
2848 {
2849 int len;
2850 int newsize = 0;
2851
2852 s = read_name(name, sizeof(name), s, US"_");
2853
2854 /* If this is the first thing to be expanded, release the pre-allocated
2855 buffer. */
2856
2857 if (ptr == 0 && yield != NULL)
2858 {
2859 store_reset(yield);
2860 yield = NULL;
2861 size = 0;
2862 }
2863
2864 /* Header */
2865
2866 if (Ustrncmp(name, "h_", 2) == 0 ||
2867 Ustrncmp(name, "rh_", 3) == 0 ||
2868 Ustrncmp(name, "bh_", 3) == 0 ||
2869 Ustrncmp(name, "header_", 7) == 0 ||
2870 Ustrncmp(name, "rheader_", 8) == 0 ||
2871 Ustrncmp(name, "bheader_", 8) == 0)
2872 {
2873 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2874 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2875 s = read_header_name(name, sizeof(name), s);
2876 value = find_header(name, FALSE, &newsize, want_raw, charset);
2877
2878 /* If we didn't find the header, and the header contains a closing brace
2879 characters, this may be a user error where the terminating colon
2880 has been omitted. Set a flag to adjust the error message in this case.
2881 But there is no error here - nothing gets inserted. */
2882
2883 if (value == NULL)
2884 {
2885 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2886 continue;
2887 }
2888 }
2889
2890 /* Variable */
2891
2892 else
2893 {
2894 value = find_variable(name, FALSE, skipping, &newsize);
2895 if (value == NULL)
2896 {
2897 expand_string_message =
2898 string_sprintf("unknown variable name \"%s\"", name);
2899 goto EXPAND_FAILED;
2900 }
2901 }
2902
2903 /* If the data is known to be in a new buffer, newsize will be set to the
2904 size of that buffer. If this is the first thing in an expansion string,
2905 yield will be NULL; just point it at the new store instead of copying. Many
2906 expansion strings contain just one reference, so this is a useful
2907 optimization, especially for humungous headers. */
2908
2909 len = Ustrlen(value);
2910 if (yield == NULL && newsize != 0)
2911 {
2912 yield = value;
2913 size = newsize;
2914 ptr = len;
2915 }
2916 else yield = string_cat(yield, &size, &ptr, value, len);
2917
2918 continue;
2919 }
2920
2921 if (isdigit(*s))
2922 {
2923 int n;
2924 s = read_number(&n, s);
2925 if (n >= 0 && n <= expand_nmax)
2926 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2927 expand_nlength[n]);
2928 continue;
2929 }
2930
2931 /* Otherwise, if there's no '{' after $ it's an error. */
2932
2933 if (*s != '{')
2934 {
2935 expand_string_message = US"$ not followed by letter, digit, or {";
2936 goto EXPAND_FAILED;
2937 }
2938
2939 /* After { there can be various things, but they all start with
2940 an initial word, except for a number for a string match variable. */
2941
2942 if (isdigit((*(++s))))
2943 {
2944 int n;
2945 s = read_number(&n, s);
2946 if (*s++ != '}')
2947 {
2948 expand_string_message = US"} expected after number";
2949 goto EXPAND_FAILED;
2950 }
2951 if (n >= 0 && n <= expand_nmax)
2952 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2953 expand_nlength[n]);
2954 continue;
2955 }
2956
2957 if (!isalpha(*s))
2958 {
2959 expand_string_message = US"letter or digit expected after ${";
2960 goto EXPAND_FAILED;
2961 }
2962
2963 /* Allow "-" in names to cater for substrings with negative
2964 arguments. Since we are checking for known names after { this is
2965 OK. */
2966
2967 s = read_name(name, sizeof(name), s, US"_-");
2968 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2969
2970 switch(item_type)
2971 {
2972 /* Handle conditionals - preserve the values of the numerical expansion
2973 variables in case they get changed by a regular expression match in the
2974 condition. If not, they retain their external settings. At the end
2975 of this "if" section, they get restored to their previous values. */
2976
2977 case EITEM_IF:
2978 {
2979 BOOL cond = FALSE;
2980 uschar *next_s;
2981 int save_expand_nmax =
2982 save_expand_strings(save_expand_nstring, save_expand_nlength);
2983
2984 while (isspace(*s)) s++;
2985 next_s = eval_condition(s, skipping? NULL : &cond);
2986 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2987
2988 DEBUG(D_expand)
2989 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2990 cond? "true" : "false");
2991
2992 s = next_s;
2993
2994 /* The handling of "yes" and "no" result strings is now in a separate
2995 function that is also used by ${lookup} and ${extract} and ${run}. */
2996
2997 switch(process_yesno(
2998 skipping, /* were previously skipping */
2999 cond, /* success/failure indicator */
3000 lookup_value, /* value to reset for string2 */
3001 &s, /* input pointer */
3002 &yield, /* output pointer */
3003 &size, /* output size */
3004 &ptr, /* output current point */
3005 US"if")) /* condition type */
3006 {
3007 case 1: goto EXPAND_FAILED; /* when all is well, the */
3008 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3009 }
3010
3011 /* Restore external setting of expansion variables for continuation
3012 at this level. */
3013
3014 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3015 save_expand_nlength);
3016 continue;
3017 }
3018
3019 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3020 expanding an internal string that isn't actually going to be used. All we
3021 need to do is check the syntax, so don't do a lookup at all. Preserve the
3022 values of the numerical expansion variables in case they get changed by a
3023 partial lookup. If not, they retain their external settings. At the end
3024 of this "lookup" section, they get restored to their previous values. */
3025
3026 case EITEM_LOOKUP:
3027 {
3028 int stype, partial, affixlen, starflags;
3029 int expand_setup = 0;
3030 int nameptr = 0;
3031 uschar *key, *filename, *affix;
3032 uschar *save_lookup_value = lookup_value;
3033 int save_expand_nmax =
3034 save_expand_strings(save_expand_nstring, save_expand_nlength);
3035
3036 if ((expand_forbid & RDO_LOOKUP) != 0)
3037 {
3038 expand_string_message = US"lookup expansions are not permitted";
3039 goto EXPAND_FAILED;
3040 }
3041
3042 /* Get the key we are to look up for single-key+file style lookups.
3043 Otherwise set the key NULL pro-tem. */
3044
3045 while (isspace(*s)) s++;
3046 if (*s == '{')
3047 {
3048 key = expand_string_internal(s+1, TRUE, &s, skipping);
3049 if (key == NULL) goto EXPAND_FAILED;
3050 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3051 while (isspace(*s)) s++;
3052 }
3053 else key = NULL;
3054
3055 /* Find out the type of database */
3056
3057 if (!isalpha(*s))
3058 {
3059 expand_string_message = US"missing lookup type";
3060 goto EXPAND_FAILED;
3061 }
3062
3063 /* The type is a string that may contain special characters of various
3064 kinds. Allow everything except space or { to appear; the actual content
3065 is checked by search_findtype_partial. */
3066
3067 while (*s != 0 && *s != '{' && !isspace(*s))
3068 {
3069 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3070 s++;
3071 }
3072 name[nameptr] = 0;
3073 while (isspace(*s)) s++;
3074
3075 /* Now check for the individual search type and any partial or default
3076 options. Only those types that are actually in the binary are valid. */
3077
3078 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3079 &starflags);
3080 if (stype < 0)
3081 {
3082 expand_string_message = search_error_message;
3083 goto EXPAND_FAILED;
3084 }
3085
3086 /* Check that a key was provided for those lookup types that need it,
3087 and was not supplied for those that use the query style. */
3088
3089 if (!mac_islookup(stype, lookup_querystyle))
3090 {
3091 if (key == NULL)
3092 {
3093 expand_string_message = string_sprintf("missing {key} for single-"
3094 "key \"%s\" lookup", name);
3095 goto EXPAND_FAILED;
3096 }
3097 }
3098 else
3099 {
3100 if (key != NULL)
3101 {
3102 expand_string_message = string_sprintf("a single key was given for "
3103 "lookup type \"%s\", which is not a single-key lookup type", name);
3104 goto EXPAND_FAILED;
3105 }
3106 }
3107
3108 /* Get the next string in brackets and expand it. It is the file name for
3109 single-key+file lookups, and the whole query otherwise. */
3110
3111 if (*s != '{') goto EXPAND_FAILED_CURLY;
3112 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3113 if (filename == NULL) goto EXPAND_FAILED;
3114 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3115 while (isspace(*s)) s++;
3116
3117 /* If this isn't a single-key+file lookup, re-arrange the variables
3118 to be appropriate for the search_ functions. */
3119
3120 if (key == NULL)
3121 {
3122 key = filename;
3123 filename = NULL;
3124 }
3125
3126 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3127 the entry was not found. Note that there is no search_close() function.
3128 Files are left open in case of re-use. At suitable places in higher logic,
3129 search_tidyup() is called to tidy all open files. This can save opening
3130 the same file several times. However, files may also get closed when
3131 others are opened, if too many are open at once. The rule is that a
3132 handle should not be used after a second search_open().
3133
3134 Request that a partial search sets up $1 and maybe $2 by passing
3135 expand_setup containing zero. If its value changes, reset expand_nmax,
3136 since new variables will have been set. Note that at the end of this
3137 "lookup" section, the old numeric variables are restored. */
3138
3139 if (skipping)
3140 lookup_value = NULL;
3141 else
3142 {
3143 void *handle = search_open(filename, stype, 0, NULL, NULL);
3144 if (handle == NULL)
3145 {
3146 expand_string_message = search_error_message;
3147 goto EXPAND_FAILED;
3148 }
3149 lookup_value = search_find(handle, filename, key, partial, affix,
3150 affixlen, starflags, &expand_setup);
3151 if (search_find_defer)
3152 {
3153 expand_string_message =
3154 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3155 search_error_message);
3156 goto EXPAND_FAILED;
3157 }
3158 if (expand_setup > 0) expand_nmax = expand_setup;
3159 }
3160
3161 /* The handling of "yes" and "no" result strings is now in a separate
3162 function that is also used by ${if} and ${extract}. */
3163
3164 switch(process_yesno(
3165 skipping, /* were previously skipping */
3166 lookup_value != NULL, /* success/failure indicator */
3167 save_lookup_value, /* value to reset for string2 */
3168 &s, /* input pointer */
3169 &yield, /* output pointer */
3170 &size, /* output size */
3171 &ptr, /* output current point */
3172 US"lookup")) /* condition type */
3173 {
3174 case 1: goto EXPAND_FAILED; /* when all is well, the */
3175 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3176 }
3177
3178 /* Restore external setting of expansion variables for carrying on
3179 at this level, and continue. */
3180
3181 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3182 save_expand_nlength);
3183 continue;
3184 }
3185
3186 /* If Perl support is configured, handle calling embedded perl subroutines,
3187 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3188 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3189 arguments (defined below). */
3190
3191 #define EXIM_PERL_MAX_ARGS 8
3192
3193 case EITEM_PERL:
3194 #ifndef EXIM_PERL
3195 expand_string_message = US"\"${perl\" encountered, but this facility "
3196 "is not included in this binary";
3197 goto EXPAND_FAILED;
3198
3199 #else /* EXIM_PERL */
3200 {
3201 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3202 uschar *new_yield;
3203
3204 if ((expand_forbid & RDO_PERL) != 0)
3205 {
3206 expand_string_message = US"Perl calls are not permitted";
3207 goto EXPAND_FAILED;
3208 }
3209
3210 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3211 US"perl"))
3212 {
3213 case 1: goto EXPAND_FAILED_CURLY;
3214 case 2:
3215 case 3: goto EXPAND_FAILED;
3216 }
3217
3218 /* If skipping, we don't actually do anything */
3219
3220 if (skipping) continue;
3221
3222 /* Start the interpreter if necessary */
3223
3224 if (!opt_perl_started)
3225 {
3226 uschar *initerror;
3227 if (opt_perl_startup == NULL)
3228 {
3229 expand_string_message = US"A setting of perl_startup is needed when "
3230 "using the Perl interpreter";
3231 goto EXPAND_FAILED;
3232 }
3233 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3234 initerror = init_perl(opt_perl_startup);
3235 if (initerror != NULL)
3236 {
3237 expand_string_message =
3238 string_sprintf("error in perl_startup code: %s\n", initerror);
3239 goto EXPAND_FAILED;
3240 }
3241 opt_perl_started = TRUE;
3242 }
3243
3244 /* Call the function */
3245
3246 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3247 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3248 sub_arg[0], sub_arg + 1);
3249
3250 /* NULL yield indicates failure; if the message pointer has been set to
3251 NULL, the yield was undef, indicating a forced failure. Otherwise the
3252 message will indicate some kind of Perl error. */
3253
3254 if (new_yield == NULL)
3255 {
3256 if (expand_string_message == NULL)
3257 {
3258 expand_string_message =
3259 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3260 "failure", sub_arg[0]);
3261 expand_string_forcedfail = TRUE;
3262 }
3263 goto EXPAND_FAILED;
3264 }
3265
3266 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3267 set during a callback from Perl. */
3268
3269 expand_string_forcedfail = FALSE;
3270 yield = new_yield;
3271 continue;
3272 }
3273 #endif /* EXIM_PERL */
3274
3275 /* Transform email address to "prvs" scheme to use
3276 as BATV-signed return path */
3277
3278 case EITEM_PRVS:
3279 {
3280 uschar *sub_arg[3];
3281 uschar *p,*domain;
3282
3283 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3284 {
3285 case 1: goto EXPAND_FAILED_CURLY;
3286 case 2:
3287 case 3: goto EXPAND_FAILED;
3288 }
3289
3290 /* If skipping, we don't actually do anything */
3291 if (skipping) continue;
3292
3293 /* sub_arg[0] is the address */
3294 domain = Ustrrchr(sub_arg[0],'@');
3295 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3296 {
3297 expand_string_message = US"first parameter must be a qualified email address";
3298 goto EXPAND_FAILED;
3299 }
3300
3301 /* Calculate the hash */
3302 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3303 if (p == NULL)
3304 {
3305 expand_string_message = US"hmac-sha1 conversion failed";
3306 goto EXPAND_FAILED;
3307 }
3308
3309 /* Now separate the domain from the local part */
3310 *domain++ = '\0';
3311
3312 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3313 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3314 string_cat(yield,&size,&ptr,US"/",1);
3315 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3316 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3317 string_cat(yield,&size,&ptr,p,6);
3318 string_cat(yield,&size,&ptr,US"@",1);
3319 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3320
3321 continue;
3322 }
3323
3324 /* Check a prvs-encoded address for validity */
3325
3326 case EITEM_PRVSCHECK:
3327 {
3328 uschar *sub_arg[3];
3329 int mysize = 0, myptr = 0;
3330 const pcre *re;
3331 uschar *p;
3332 /* Ugliness: We want to expand parameter 1 first, then set
3333 up expansion variables that are used in the expansion of
3334 parameter 2. So we clone the string for the first
3335 expansion, where we only expand paramter 1. */
3336 uschar *s_backup = string_copy(s);
3337
3338 /* Reset expansion variables */
3339 prvscheck_result = NULL;
3340 prvscheck_address = NULL;
3341 prvscheck_keynum = NULL;
3342
3343 switch(read_subs(sub_arg, 1, 1, &s_backup, skipping, FALSE, US"prvs"))
3344 {
3345 case 1: goto EXPAND_FAILED_CURLY;
3346 case 2:
3347 case 3: goto EXPAND_FAILED;
3348 }
3349
3350 re = regex_must_compile(US"^prvs\\=(.+)\\/([0-9])([0-9]{3})([A-F0-9]{6})\\@(.+)$",
3351 TRUE,FALSE);
3352
3353 if (regex_match_and_setup(re,sub_arg[0],0,-1)) {
3354 uschar *local_part = string_copyn(expand_nstring[1],expand_nlength[1]);
3355 uschar *key_num = string_copyn(expand_nstring[2],expand_nlength[2]);
3356 uschar *daystamp = string_copyn(expand_nstring[3],expand_nlength[3]);
3357 uschar *hash = string_copyn(expand_nstring[4],expand_nlength[4]);
3358 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3359
3360 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3361 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3362 DEBUG