661959306bbb6d6f0d06c626b0226486a2883dea
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 #ifdef EXPERIMENTAL_SRS_NATIVE
133 US"srs_encode",
134 #endif
135 US"substr",
136 US"tr" };
137
138 enum {
139 EITEM_ACL,
140 EITEM_AUTHRESULTS,
141 EITEM_CERTEXTRACT,
142 EITEM_DLFUNC,
143 EITEM_ENV,
144 EITEM_EXTRACT,
145 EITEM_FILTER,
146 EITEM_HASH,
147 EITEM_HMAC,
148 EITEM_IF,
149 #ifdef SUPPORT_I18N
150 EITEM_IMAPFOLDER,
151 #endif
152 EITEM_LENGTH,
153 EITEM_LISTEXTRACT,
154 EITEM_LOOKUP,
155 EITEM_MAP,
156 EITEM_NHASH,
157 EITEM_PERL,
158 EITEM_PRVS,
159 EITEM_PRVSCHECK,
160 EITEM_READFILE,
161 EITEM_READSOCK,
162 EITEM_REDUCE,
163 EITEM_RUN,
164 EITEM_SG,
165 EITEM_SORT,
166 #ifdef EXPERIMENTAL_SRS_NATIVE
167 EITEM_SRS_ENCODE,
168 #endif
169 EITEM_SUBSTR,
170 EITEM_TR };
171
172 /* Tables of operator names, and corresponding switch numbers. The names must be
173 in alphabetical order. There are two tables, because underscore is used in some
174 cases to introduce arguments, whereas for other it is part of the name. This is
175 an historical mis-design. */
176
177 static uschar *op_table_underscore[] = {
178 US"from_utf8",
179 US"local_part",
180 US"quote_local_part",
181 US"reverse_ip",
182 US"time_eval",
183 US"time_interval"
184 #ifdef SUPPORT_I18N
185 ,US"utf8_domain_from_alabel",
186 US"utf8_domain_to_alabel",
187 US"utf8_localpart_from_alabel",
188 US"utf8_localpart_to_alabel"
189 #endif
190 };
191
192 enum {
193 EOP_FROM_UTF8,
194 EOP_LOCAL_PART,
195 EOP_QUOTE_LOCAL_PART,
196 EOP_REVERSE_IP,
197 EOP_TIME_EVAL,
198 EOP_TIME_INTERVAL
199 #ifdef SUPPORT_I18N
200 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
201 EOP_UTF8_DOMAIN_TO_ALABEL,
202 EOP_UTF8_LOCALPART_FROM_ALABEL,
203 EOP_UTF8_LOCALPART_TO_ALABEL
204 #endif
205 };
206
207 static uschar *op_table_main[] = {
208 US"address",
209 US"addresses",
210 US"base32",
211 US"base32d",
212 US"base62",
213 US"base62d",
214 US"base64",
215 US"base64d",
216 US"bless",
217 US"domain",
218 US"escape",
219 US"escape8bit",
220 US"eval",
221 US"eval10",
222 US"expand",
223 US"h",
224 US"hash",
225 US"hex2b64",
226 US"hexquote",
227 US"ipv6denorm",
228 US"ipv6norm",
229 US"l",
230 US"lc",
231 US"length",
232 US"listcount",
233 US"listnamed",
234 US"mask",
235 US"md5",
236 US"nh",
237 US"nhash",
238 US"quote",
239 US"randint",
240 US"rfc2047",
241 US"rfc2047d",
242 US"rxquote",
243 US"s",
244 US"sha1",
245 US"sha2",
246 US"sha256",
247 US"sha3",
248 US"stat",
249 US"str2b64",
250 US"strlen",
251 US"substr",
252 US"uc",
253 US"utf8clean" };
254
255 enum {
256 EOP_ADDRESS = nelem(op_table_underscore),
257 EOP_ADDRESSES,
258 EOP_BASE32,
259 EOP_BASE32D,
260 EOP_BASE62,
261 EOP_BASE62D,
262 EOP_BASE64,
263 EOP_BASE64D,
264 EOP_BLESS,
265 EOP_DOMAIN,
266 EOP_ESCAPE,
267 EOP_ESCAPE8BIT,
268 EOP_EVAL,
269 EOP_EVAL10,
270 EOP_EXPAND,
271 EOP_H,
272 EOP_HASH,
273 EOP_HEX2B64,
274 EOP_HEXQUOTE,
275 EOP_IPV6DENORM,
276 EOP_IPV6NORM,
277 EOP_L,
278 EOP_LC,
279 EOP_LENGTH,
280 EOP_LISTCOUNT,
281 EOP_LISTNAMED,
282 EOP_MASK,
283 EOP_MD5,
284 EOP_NH,
285 EOP_NHASH,
286 EOP_QUOTE,
287 EOP_RANDINT,
288 EOP_RFC2047,
289 EOP_RFC2047D,
290 EOP_RXQUOTE,
291 EOP_S,
292 EOP_SHA1,
293 EOP_SHA2,
294 EOP_SHA256,
295 EOP_SHA3,
296 EOP_STAT,
297 EOP_STR2B64,
298 EOP_STRLEN,
299 EOP_SUBSTR,
300 EOP_UC,
301 EOP_UTF8CLEAN };
302
303
304 /* Table of condition names, and corresponding switch numbers. The names must
305 be in alphabetical order. */
306
307 static uschar *cond_table[] = {
308 US"<",
309 US"<=",
310 US"=",
311 US"==", /* Backward compatibility */
312 US">",
313 US">=",
314 US"acl",
315 US"and",
316 US"bool",
317 US"bool_lax",
318 US"crypteq",
319 US"def",
320 US"eq",
321 US"eqi",
322 US"exists",
323 US"first_delivery",
324 US"forall",
325 US"forall_json",
326 US"forall_jsons",
327 US"forany",
328 US"forany_json",
329 US"forany_jsons",
330 US"ge",
331 US"gei",
332 US"gt",
333 US"gti",
334 #ifdef EXPERIMENTAL_SRS_NATIVE
335 US"inbound_srs",
336 #endif
337 US"inlist",
338 US"inlisti",
339 US"isip",
340 US"isip4",
341 US"isip6",
342 US"ldapauth",
343 US"le",
344 US"lei",
345 US"lt",
346 US"lti",
347 US"match",
348 US"match_address",
349 US"match_domain",
350 US"match_ip",
351 US"match_local_part",
352 US"or",
353 US"pam",
354 US"pwcheck",
355 US"queue_running",
356 US"radius",
357 US"saslauthd"
358 };
359
360 enum {
361 ECOND_NUM_L,
362 ECOND_NUM_LE,
363 ECOND_NUM_E,
364 ECOND_NUM_EE,
365 ECOND_NUM_G,
366 ECOND_NUM_GE,
367 ECOND_ACL,
368 ECOND_AND,
369 ECOND_BOOL,
370 ECOND_BOOL_LAX,
371 ECOND_CRYPTEQ,
372 ECOND_DEF,
373 ECOND_STR_EQ,
374 ECOND_STR_EQI,
375 ECOND_EXISTS,
376 ECOND_FIRST_DELIVERY,
377 ECOND_FORALL,
378 ECOND_FORALL_JSON,
379 ECOND_FORALL_JSONS,
380 ECOND_FORANY,
381 ECOND_FORANY_JSON,
382 ECOND_FORANY_JSONS,
383 ECOND_STR_GE,
384 ECOND_STR_GEI,
385 ECOND_STR_GT,
386 ECOND_STR_GTI,
387 #ifdef EXPERIMENTAL_SRS_NATIVE
388 ECOND_INBOUND_SRS,
389 #endif
390 ECOND_INLIST,
391 ECOND_INLISTI,
392 ECOND_ISIP,
393 ECOND_ISIP4,
394 ECOND_ISIP6,
395 ECOND_LDAPAUTH,
396 ECOND_STR_LE,
397 ECOND_STR_LEI,
398 ECOND_STR_LT,
399 ECOND_STR_LTI,
400 ECOND_MATCH,
401 ECOND_MATCH_ADDRESS,
402 ECOND_MATCH_DOMAIN,
403 ECOND_MATCH_IP,
404 ECOND_MATCH_LOCAL_PART,
405 ECOND_OR,
406 ECOND_PAM,
407 ECOND_PWCHECK,
408 ECOND_QUEUE_RUNNING,
409 ECOND_RADIUS,
410 ECOND_SASLAUTHD
411 };
412
413
414 /* Types of table entry */
415
416 enum vtypes {
417 vtype_int, /* value is address of int */
418 vtype_filter_int, /* ditto, but recognized only when filtering */
419 vtype_ino, /* value is address of ino_t (not always an int) */
420 vtype_uid, /* value is address of uid_t (not always an int) */
421 vtype_gid, /* value is address of gid_t (not always an int) */
422 vtype_bool, /* value is address of bool */
423 vtype_stringptr, /* value is address of pointer to string */
424 vtype_msgbody, /* as stringptr, but read when first required */
425 vtype_msgbody_end, /* ditto, the end of the message */
426 vtype_msgheaders, /* the message's headers, processed */
427 vtype_msgheaders_raw, /* the message's headers, unprocessed */
428 vtype_localpart, /* extract local part from string */
429 vtype_domain, /* extract domain from string */
430 vtype_string_func, /* value is string returned by given function */
431 vtype_todbsdin, /* value not used; generate BSD inbox tod */
432 vtype_tode, /* value not used; generate tod in epoch format */
433 vtype_todel, /* value not used; generate tod in epoch/usec format */
434 vtype_todf, /* value not used; generate full tod */
435 vtype_todl, /* value not used; generate log tod */
436 vtype_todlf, /* value not used; generate log file datestamp tod */
437 vtype_todzone, /* value not used; generate time zone only */
438 vtype_todzulu, /* value not used; generate zulu tod */
439 vtype_reply, /* value not used; get reply from headers */
440 vtype_pid, /* value not used; result is pid */
441 vtype_host_lookup, /* value not used; get host name */
442 vtype_load_avg, /* value not used; result is int from os_getloadavg */
443 vtype_pspace, /* partition space; value is T/F for spool/log */
444 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
445 vtype_cert /* SSL certificate */
446 #ifndef DISABLE_DKIM
447 ,vtype_dkim /* Lookup of value in DKIM signature */
448 #endif
449 };
450
451 /* Type for main variable table */
452
453 typedef struct {
454 const char *name;
455 enum vtypes type;
456 void *value;
457 } var_entry;
458
459 /* Type for entries pointing to address/length pairs. Not currently
460 in use. */
461
462 typedef struct {
463 uschar **address;
464 int *length;
465 } alblock;
466
467 static uschar * fn_recipients(void);
468 typedef uschar * stringptr_fn_t(void);
469 static uschar * fn_queue_size(void);
470
471 /* This table must be kept in alphabetical order. */
472
473 static var_entry var_table[] = {
474 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
475 they will be confused with user-creatable ACL variables. */
476 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
477 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
478 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
479 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
480 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
481 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
482 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
483 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
484 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
485 { "acl_narg", vtype_int, &acl_narg },
486 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
487 { "address_data", vtype_stringptr, &deliver_address_data },
488 { "address_file", vtype_stringptr, &address_file },
489 { "address_pipe", vtype_stringptr, &address_pipe },
490 #ifdef EXPERIMENTAL_ARC
491 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
492 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
493 { "arc_state", vtype_stringptr, &arc_state },
494 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
495 #endif
496 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
497 { "authenticated_id", vtype_stringptr, &authenticated_id },
498 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
499 { "authentication_failed",vtype_int, &authentication_failed },
500 #ifdef WITH_CONTENT_SCAN
501 { "av_failed", vtype_int, &av_failed },
502 #endif
503 #ifdef EXPERIMENTAL_BRIGHTMAIL
504 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
505 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
506 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
507 { "bmi_deliver", vtype_int, &bmi_deliver },
508 #endif
509 { "body_linecount", vtype_int, &body_linecount },
510 { "body_zerocount", vtype_int, &body_zerocount },
511 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
512 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
513 { "caller_gid", vtype_gid, &real_gid },
514 { "caller_uid", vtype_uid, &real_uid },
515 { "callout_address", vtype_stringptr, &callout_address },
516 { "compile_date", vtype_stringptr, &version_date },
517 { "compile_number", vtype_stringptr, &version_cnumber },
518 { "config_dir", vtype_stringptr, &config_main_directory },
519 { "config_file", vtype_stringptr, &config_main_filename },
520 { "csa_status", vtype_stringptr, &csa_status },
521 #ifdef EXPERIMENTAL_DCC
522 { "dcc_header", vtype_stringptr, &dcc_header },
523 { "dcc_result", vtype_stringptr, &dcc_result },
524 #endif
525 #ifndef DISABLE_DKIM
526 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
527 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
528 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
529 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
530 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
531 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
532 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
533 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
534 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
535 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
536 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
537 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
538 { "dkim_key_length", vtype_int, &dkim_key_length },
539 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
540 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
541 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
542 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
543 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
544 { "dkim_signers", vtype_stringptr, &dkim_signers },
545 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
546 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
547 #endif
548 #ifdef SUPPORT_DMARC
549 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
550 { "dmarc_status", vtype_stringptr, &dmarc_status },
551 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
552 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
553 #endif
554 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
555 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
556 { "dnslist_text", vtype_stringptr, &dnslist_text },
557 { "dnslist_value", vtype_stringptr, &dnslist_value },
558 { "domain", vtype_stringptr, &deliver_domain },
559 { "domain_data", vtype_stringptr, &deliver_domain_data },
560 #ifndef DISABLE_EVENT
561 { "event_data", vtype_stringptr, &event_data },
562
563 /*XXX want to use generic vars for as many of these as possible*/
564 { "event_defer_errno", vtype_int, &event_defer_errno },
565
566 { "event_name", vtype_stringptr, &event_name },
567 #endif
568 { "exim_gid", vtype_gid, &exim_gid },
569 { "exim_path", vtype_stringptr, &exim_path },
570 { "exim_uid", vtype_uid, &exim_uid },
571 { "exim_version", vtype_stringptr, &version_string },
572 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
573 { "home", vtype_stringptr, &deliver_home },
574 { "host", vtype_stringptr, &deliver_host },
575 { "host_address", vtype_stringptr, &deliver_host_address },
576 { "host_data", vtype_stringptr, &host_data },
577 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
578 { "host_lookup_failed", vtype_int, &host_lookup_failed },
579 { "host_port", vtype_int, &deliver_host_port },
580 { "initial_cwd", vtype_stringptr, &initial_cwd },
581 { "inode", vtype_ino, &deliver_inode },
582 { "interface_address", vtype_stringptr, &interface_address },
583 { "interface_port", vtype_int, &interface_port },
584 { "item", vtype_stringptr, &iterate_item },
585 #ifdef LOOKUP_LDAP
586 { "ldap_dn", vtype_stringptr, &eldap_dn },
587 #endif
588 { "load_average", vtype_load_avg, NULL },
589 { "local_part", vtype_stringptr, &deliver_localpart },
590 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
591 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
592 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
593 { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
594 #ifdef HAVE_LOCAL_SCAN
595 { "local_scan_data", vtype_stringptr, &local_scan_data },
596 #endif
597 { "local_user_gid", vtype_gid, &local_user_gid },
598 { "local_user_uid", vtype_uid, &local_user_uid },
599 { "localhost_number", vtype_int, &host_number },
600 { "log_inodes", vtype_pinodes, (void *)FALSE },
601 { "log_space", vtype_pspace, (void *)FALSE },
602 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
603 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
604 #ifdef WITH_CONTENT_SCAN
605 { "malware_name", vtype_stringptr, &malware_name },
606 #endif
607 { "max_received_linelength", vtype_int, &max_received_linelength },
608 { "message_age", vtype_int, &message_age },
609 { "message_body", vtype_msgbody, &message_body },
610 { "message_body_end", vtype_msgbody_end, &message_body_end },
611 { "message_body_size", vtype_int, &message_body_size },
612 { "message_exim_id", vtype_stringptr, &message_id },
613 { "message_headers", vtype_msgheaders, NULL },
614 { "message_headers_raw", vtype_msgheaders_raw, NULL },
615 { "message_id", vtype_stringptr, &message_id },
616 { "message_linecount", vtype_int, &message_linecount },
617 { "message_size", vtype_int, &message_size },
618 #ifdef SUPPORT_I18N
619 { "message_smtputf8", vtype_bool, &message_smtputf8 },
620 #endif
621 #ifdef WITH_CONTENT_SCAN
622 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
623 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
624 { "mime_boundary", vtype_stringptr, &mime_boundary },
625 { "mime_charset", vtype_stringptr, &mime_charset },
626 { "mime_content_description", vtype_stringptr, &mime_content_description },
627 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
628 { "mime_content_id", vtype_stringptr, &mime_content_id },
629 { "mime_content_size", vtype_int, &mime_content_size },
630 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
631 { "mime_content_type", vtype_stringptr, &mime_content_type },
632 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
633 { "mime_filename", vtype_stringptr, &mime_filename },
634 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
635 { "mime_is_multipart", vtype_int, &mime_is_multipart },
636 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
637 { "mime_part_count", vtype_int, &mime_part_count },
638 #endif
639 { "n0", vtype_filter_int, &filter_n[0] },
640 { "n1", vtype_filter_int, &filter_n[1] },
641 { "n2", vtype_filter_int, &filter_n[2] },
642 { "n3", vtype_filter_int, &filter_n[3] },
643 { "n4", vtype_filter_int, &filter_n[4] },
644 { "n5", vtype_filter_int, &filter_n[5] },
645 { "n6", vtype_filter_int, &filter_n[6] },
646 { "n7", vtype_filter_int, &filter_n[7] },
647 { "n8", vtype_filter_int, &filter_n[8] },
648 { "n9", vtype_filter_int, &filter_n[9] },
649 { "original_domain", vtype_stringptr, &deliver_domain_orig },
650 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
651 { "originator_gid", vtype_gid, &originator_gid },
652 { "originator_uid", vtype_uid, &originator_uid },
653 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
654 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
655 { "pid", vtype_pid, NULL },
656 #ifndef DISABLE_PRDR
657 { "prdr_requested", vtype_bool, &prdr_requested },
658 #endif
659 { "primary_hostname", vtype_stringptr, &primary_hostname },
660 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
661 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
662 { "proxy_external_port", vtype_int, &proxy_external_port },
663 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
664 { "proxy_local_port", vtype_int, &proxy_local_port },
665 { "proxy_session", vtype_bool, &proxy_session },
666 #endif
667 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
668 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
669 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
670 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
671 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
672 { "queue_name", vtype_stringptr, &queue_name },
673 { "queue_size", vtype_string_func, &fn_queue_size },
674 { "rcpt_count", vtype_int, &rcpt_count },
675 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
676 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
677 { "received_count", vtype_int, &received_count },
678 { "received_for", vtype_stringptr, &received_for },
679 { "received_ip_address", vtype_stringptr, &interface_address },
680 { "received_port", vtype_int, &interface_port },
681 { "received_protocol", vtype_stringptr, &received_protocol },
682 { "received_time", vtype_int, &received_time.tv_sec },
683 { "recipient_data", vtype_stringptr, &recipient_data },
684 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
685 { "recipients", vtype_string_func, (void *) &fn_recipients },
686 { "recipients_count", vtype_int, &recipients_count },
687 #ifdef WITH_CONTENT_SCAN
688 { "regex_match_string", vtype_stringptr, &regex_match_string },
689 #endif
690 { "reply_address", vtype_reply, NULL },
691 { "return_path", vtype_stringptr, &return_path },
692 { "return_size_limit", vtype_int, &bounce_return_size_limit },
693 { "router_name", vtype_stringptr, &router_name },
694 { "runrc", vtype_int, &runrc },
695 { "self_hostname", vtype_stringptr, &self_hostname },
696 { "sender_address", vtype_stringptr, &sender_address },
697 { "sender_address_data", vtype_stringptr, &sender_address_data },
698 { "sender_address_domain", vtype_domain, &sender_address },
699 { "sender_address_local_part", vtype_localpart, &sender_address },
700 { "sender_data", vtype_stringptr, &sender_data },
701 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
702 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
703 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
704 { "sender_host_address", vtype_stringptr, &sender_host_address },
705 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
706 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
707 { "sender_host_name", vtype_host_lookup, NULL },
708 { "sender_host_port", vtype_int, &sender_host_port },
709 { "sender_ident", vtype_stringptr, &sender_ident },
710 { "sender_rate", vtype_stringptr, &sender_rate },
711 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
712 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
713 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
714 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
715 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
716 { "sending_port", vtype_int, &sending_port },
717 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
718 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
719 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
720 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
721 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
722 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
723 { "sn0", vtype_filter_int, &filter_sn[0] },
724 { "sn1", vtype_filter_int, &filter_sn[1] },
725 { "sn2", vtype_filter_int, &filter_sn[2] },
726 { "sn3", vtype_filter_int, &filter_sn[3] },
727 { "sn4", vtype_filter_int, &filter_sn[4] },
728 { "sn5", vtype_filter_int, &filter_sn[5] },
729 { "sn6", vtype_filter_int, &filter_sn[6] },
730 { "sn7", vtype_filter_int, &filter_sn[7] },
731 { "sn8", vtype_filter_int, &filter_sn[8] },
732 { "sn9", vtype_filter_int, &filter_sn[9] },
733 #ifdef WITH_CONTENT_SCAN
734 { "spam_action", vtype_stringptr, &spam_action },
735 { "spam_bar", vtype_stringptr, &spam_bar },
736 { "spam_report", vtype_stringptr, &spam_report },
737 { "spam_score", vtype_stringptr, &spam_score },
738 { "spam_score_int", vtype_stringptr, &spam_score_int },
739 #endif
740 #ifdef SUPPORT_SPF
741 { "spf_guess", vtype_stringptr, &spf_guess },
742 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
743 { "spf_received", vtype_stringptr, &spf_received },
744 { "spf_result", vtype_stringptr, &spf_result },
745 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
746 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
747 #endif
748 { "spool_directory", vtype_stringptr, &spool_directory },
749 { "spool_inodes", vtype_pinodes, (void *)TRUE },
750 { "spool_space", vtype_pspace, (void *)TRUE },
751 #ifdef EXPERIMENTAL_SRS
752 { "srs_db_address", vtype_stringptr, &srs_db_address },
753 { "srs_db_key", vtype_stringptr, &srs_db_key },
754 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
755 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
756 #endif
757 #if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
758 { "srs_recipient", vtype_stringptr, &srs_recipient },
759 #endif
760 #ifdef EXPERIMENTAL_SRS
761 { "srs_status", vtype_stringptr, &srs_status },
762 #endif
763 { "thisaddress", vtype_stringptr, &filter_thisaddress },
764
765 /* The non-(in,out) variables are now deprecated */
766 { "tls_bits", vtype_int, &tls_in.bits },
767 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
768 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
769
770 { "tls_in_bits", vtype_int, &tls_in.bits },
771 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
772 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
773 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
774 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
775 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
776 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
777 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
778 #ifdef EXPERIMENTAL_TLS_RESUME
779 { "tls_in_resumption", vtype_int, &tls_in.resumption },
780 #endif
781 #ifndef DISABLE_TLS
782 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
783 #endif
784 { "tls_in_ver", vtype_stringptr, &tls_in.ver },
785 { "tls_out_bits", vtype_int, &tls_out.bits },
786 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
787 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
788 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
789 #ifdef SUPPORT_DANE
790 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
791 #endif
792 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
793 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
794 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
795 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
796 #ifdef EXPERIMENTAL_TLS_RESUME
797 { "tls_out_resumption", vtype_int, &tls_out.resumption },
798 #endif
799 #ifndef DISABLE_TLS
800 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
801 #endif
802 #ifdef SUPPORT_DANE
803 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
804 #endif
805 { "tls_out_ver", vtype_stringptr, &tls_out.ver },
806
807 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
808 #ifndef DISABLE_TLS
809 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
810 #endif
811
812 { "tod_bsdinbox", vtype_todbsdin, NULL },
813 { "tod_epoch", vtype_tode, NULL },
814 { "tod_epoch_l", vtype_todel, NULL },
815 { "tod_full", vtype_todf, NULL },
816 { "tod_log", vtype_todl, NULL },
817 { "tod_logfile", vtype_todlf, NULL },
818 { "tod_zone", vtype_todzone, NULL },
819 { "tod_zulu", vtype_todzulu, NULL },
820 { "transport_name", vtype_stringptr, &transport_name },
821 { "value", vtype_stringptr, &lookup_value },
822 { "verify_mode", vtype_stringptr, &verify_mode },
823 { "version_number", vtype_stringptr, &version_string },
824 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
825 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
826 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
827 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
828 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
829 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
830 };
831
832 static int var_table_size = nelem(var_table);
833 static uschar var_buffer[256];
834 static BOOL malformed_header;
835
836 /* For textual hashes */
837
838 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
839 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
840 "0123456789";
841
842 enum { HMAC_MD5, HMAC_SHA1 };
843
844 /* For numeric hashes */
845
846 static unsigned int prime[] = {
847 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
848 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
849 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
850
851 /* For printing modes in symbolic form */
852
853 static uschar *mtable_normal[] =
854 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
855
856 static uschar *mtable_setid[] =
857 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
858
859 static uschar *mtable_sticky[] =
860 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
861
862 /* flags for find_header() */
863 #define FH_EXISTS_ONLY BIT(0)
864 #define FH_WANT_RAW BIT(1)
865 #define FH_WANT_LIST BIT(2)
866
867
868 /*************************************************
869 * Tables for UTF-8 support *
870 *************************************************/
871
872 /* Table of the number of extra characters, indexed by the first character
873 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
874 0x3d. */
875
876 static uschar utf8_table1[] = {
877 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
878 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
879 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
880 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
881
882 /* These are the masks for the data bits in the first byte of a character,
883 indexed by the number of additional bytes. */
884
885 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
886
887 /* Get the next UTF-8 character, advancing the pointer. */
888
889 #define GETUTF8INC(c, ptr) \
890 c = *ptr++; \
891 if ((c & 0xc0) == 0xc0) \
892 { \
893 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
894 int s = 6*a; \
895 c = (c & utf8_table2[a]) << s; \
896 while (a-- > 0) \
897 { \
898 s -= 6; \
899 c |= (*ptr++ & 0x3f) << s; \
900 } \
901 }
902
903
904
905 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
906
907 /*************************************************
908 * Binary chop search on a table *
909 *************************************************/
910
911 /* This is used for matching expansion items and operators.
912
913 Arguments:
914 name the name that is being sought
915 table the table to search
916 table_size the number of items in the table
917
918 Returns: the offset in the table, or -1
919 */
920
921 static int
922 chop_match(uschar *name, uschar **table, int table_size)
923 {
924 uschar **bot = table;
925 uschar **top = table + table_size;
926
927 while (top > bot)
928 {
929 uschar **mid = bot + (top - bot)/2;
930 int c = Ustrcmp(name, *mid);
931 if (c == 0) return mid - table;
932 if (c > 0) bot = mid + 1; else top = mid;
933 }
934
935 return -1;
936 }
937
938
939
940 /*************************************************
941 * Check a condition string *
942 *************************************************/
943
944 /* This function is called to expand a string, and test the result for a "true"
945 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
946 forced fail or lookup defer.
947
948 We used to release all store used, but this is not not safe due
949 to ${dlfunc } and ${acl }. In any case expand_string_internal()
950 is reasonably careful to release what it can.
951
952 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
953
954 Arguments:
955 condition the condition string
956 m1 text to be incorporated in panic error
957 m2 ditto
958
959 Returns: TRUE if condition is met, FALSE if not
960 */
961
962 BOOL
963 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
964 {
965 uschar * ss = expand_string(condition);
966 if (!ss)
967 {
968 if (!f.expand_string_forcedfail && !f.search_find_defer)
969 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
970 "for %s %s: %s", condition, m1, m2, expand_string_message);
971 return FALSE;
972 }
973 return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
974 strcmpic(ss, US"false") != 0;
975 }
976
977
978
979
980 /*************************************************
981 * Pseudo-random number generation *
982 *************************************************/
983
984 /* Pseudo-random number generation. The result is not "expected" to be
985 cryptographically strong but not so weak that someone will shoot themselves
986 in the foot using it as a nonce in some email header scheme or whatever
987 weirdness they'll twist this into. The result should ideally handle fork().
988
989 However, if we're stuck unable to provide this, then we'll fall back to
990 appallingly bad randomness.
991
992 If DISABLE_TLS is not defined then this will not be used except as an emergency
993 fallback.
994
995 Arguments:
996 max range maximum
997 Returns a random number in range [0, max-1]
998 */
999
1000 #ifndef DISABLE_TLS
1001 # define vaguely_random_number vaguely_random_number_fallback
1002 #endif
1003 int
1004 vaguely_random_number(int max)
1005 {
1006 #ifndef DISABLE_TLS
1007 # undef vaguely_random_number
1008 #endif
1009 static pid_t pid = 0;
1010 pid_t p2;
1011
1012 if ((p2 = getpid()) != pid)
1013 {
1014 if (pid != 0)
1015 {
1016
1017 #ifdef HAVE_ARC4RANDOM
1018 /* cryptographically strong randomness, common on *BSD platforms, not
1019 so much elsewhere. Alas. */
1020 # ifndef NOT_HAVE_ARC4RANDOM_STIR
1021 arc4random_stir();
1022 # endif
1023 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1024 # ifdef HAVE_SRANDOMDEV
1025 /* uses random(4) for seeding */
1026 srandomdev();
1027 # else
1028 {
1029 struct timeval tv;
1030 gettimeofday(&tv, NULL);
1031 srandom(tv.tv_sec | tv.tv_usec | getpid());
1032 }
1033 # endif
1034 #else
1035 /* Poor randomness and no seeding here */
1036 #endif
1037
1038 }
1039 pid = p2;
1040 }
1041
1042 #ifdef HAVE_ARC4RANDOM
1043 return arc4random() % max;
1044 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1045 return random() % max;
1046 #else
1047 /* This one returns a 16-bit number, definitely not crypto-strong */
1048 return random_number(max);
1049 #endif
1050 }
1051
1052
1053
1054
1055 /*************************************************
1056 * Pick out a name from a string *
1057 *************************************************/
1058
1059 /* If the name is too long, it is silently truncated.
1060
1061 Arguments:
1062 name points to a buffer into which to put the name
1063 max is the length of the buffer
1064 s points to the first alphabetic character of the name
1065 extras chars other than alphanumerics to permit
1066
1067 Returns: pointer to the first character after the name
1068
1069 Note: The test for *s != 0 in the while loop is necessary because
1070 Ustrchr() yields non-NULL if the character is zero (which is not something
1071 I expected). */
1072
1073 static const uschar *
1074 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1075 {
1076 int ptr = 0;
1077 while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1078 {
1079 if (ptr < max-1) name[ptr++] = *s;
1080 s++;
1081 }
1082 name[ptr] = 0;
1083 return s;
1084 }
1085
1086
1087
1088 /*************************************************
1089 * Pick out the rest of a header name *
1090 *************************************************/
1091
1092 /* A variable name starting $header_ (or just $h_ for those who like
1093 abbreviations) might not be the complete header name because headers can
1094 contain any printing characters in their names, except ':'. This function is
1095 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1096 on the end, if the name was terminated by white space.
1097
1098 Arguments:
1099 name points to a buffer in which the name read so far exists
1100 max is the length of the buffer
1101 s points to the first character after the name so far, i.e. the
1102 first non-alphameric character after $header_xxxxx
1103
1104 Returns: a pointer to the first character after the header name
1105 */
1106
1107 static const uschar *
1108 read_header_name(uschar *name, int max, const uschar *s)
1109 {
1110 int prelen = Ustrchr(name, '_') - name + 1;
1111 int ptr = Ustrlen(name) - prelen;
1112 if (ptr > 0) memmove(name, name+prelen, ptr);
1113 while (mac_isgraph(*s) && *s != ':')
1114 {
1115 if (ptr < max-1) name[ptr++] = *s;
1116 s++;
1117 }
1118 if (*s == ':') s++;
1119 name[ptr++] = ':';
1120 name[ptr] = 0;
1121 return s;
1122 }
1123
1124
1125
1126 /*************************************************
1127 * Pick out a number from a string *
1128 *************************************************/
1129
1130 /* Arguments:
1131 n points to an integer into which to put the number
1132 s points to the first digit of the number
1133
1134 Returns: a pointer to the character after the last digit
1135 */
1136 /*XXX consider expanding to int_eximarith_t. But the test for
1137 "overbig numbers" in 0002 still needs to overflow it. */
1138
1139 static uschar *
1140 read_number(int *n, uschar *s)
1141 {
1142 *n = 0;
1143 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1144 return s;
1145 }
1146
1147 static const uschar *
1148 read_cnumber(int *n, const uschar *s)
1149 {
1150 *n = 0;
1151 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1152 return s;
1153 }
1154
1155
1156
1157 /*************************************************
1158 * Extract keyed subfield from a string *
1159 *************************************************/
1160
1161 /* The yield is in dynamic store; NULL means that the key was not found.
1162
1163 Arguments:
1164 key points to the name of the key
1165 s points to the string from which to extract the subfield
1166
1167 Returns: NULL if the subfield was not found, or
1168 a pointer to the subfield's data
1169 */
1170
1171 static uschar *
1172 expand_getkeyed(uschar * key, const uschar * s)
1173 {
1174 int length = Ustrlen(key);
1175 while (isspace(*s)) s++;
1176
1177 /* Loop to search for the key */
1178
1179 while (*s)
1180 {
1181 int dkeylength;
1182 uschar * data;
1183 const uschar * dkey = s;
1184
1185 while (*s && *s != '=' && !isspace(*s)) s++;
1186 dkeylength = s - dkey;
1187 while (isspace(*s)) s++;
1188 if (*s == '=') while (isspace((*(++s))));
1189
1190 data = string_dequote(&s);
1191 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1192 return data;
1193
1194 while (isspace(*s)) s++;
1195 }
1196
1197 return NULL;
1198 }
1199
1200
1201
1202 static var_entry *
1203 find_var_ent(uschar * name)
1204 {
1205 int first = 0;
1206 int last = var_table_size;
1207
1208 while (last > first)
1209 {
1210 int middle = (first + last)/2;
1211 int c = Ustrcmp(name, var_table[middle].name);
1212
1213 if (c > 0) { first = middle + 1; continue; }
1214 if (c < 0) { last = middle; continue; }
1215 return &var_table[middle];
1216 }
1217 return NULL;
1218 }
1219
1220 /*************************************************
1221 * Extract numbered subfield from string *
1222 *************************************************/
1223
1224 /* Extracts a numbered field from a string that is divided by tokens - for
1225 example a line from /etc/passwd is divided by colon characters. First field is
1226 numbered one. Negative arguments count from the right. Zero returns the whole
1227 string. Returns NULL if there are insufficient tokens in the string
1228
1229 ***WARNING***
1230 Modifies final argument - this is a dynamically generated string, so that's OK.
1231
1232 Arguments:
1233 field number of field to be extracted,
1234 first field = 1, whole string = 0, last field = -1
1235 separators characters that are used to break string into tokens
1236 s points to the string from which to extract the subfield
1237
1238 Returns: NULL if the field was not found,
1239 a pointer to the field's data inside s (modified to add 0)
1240 */
1241
1242 static uschar *
1243 expand_gettokened (int field, uschar *separators, uschar *s)
1244 {
1245 int sep = 1;
1246 int count;
1247 uschar *ss = s;
1248 uschar *fieldtext = NULL;
1249
1250 if (field == 0) return s;
1251
1252 /* Break the line up into fields in place; for field > 0 we stop when we have
1253 done the number of fields we want. For field < 0 we continue till the end of
1254 the string, counting the number of fields. */
1255
1256 count = (field > 0)? field : INT_MAX;
1257
1258 while (count-- > 0)
1259 {
1260 size_t len;
1261
1262 /* Previous field was the last one in the string. For a positive field
1263 number, this means there are not enough fields. For a negative field number,
1264 check that there are enough, and scan back to find the one that is wanted. */
1265
1266 if (sep == 0)
1267 {
1268 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1269 if ((-field) == (INT_MAX - count - 1)) return s;
1270 while (field++ < 0)
1271 {
1272 ss--;
1273 while (ss[-1] != 0) ss--;
1274 }
1275 fieldtext = ss;
1276 break;
1277 }
1278
1279 /* Previous field was not last in the string; save its start and put a
1280 zero at its end. */
1281
1282 fieldtext = ss;
1283 len = Ustrcspn(ss, separators);
1284 sep = ss[len];
1285 ss[len] = 0;
1286 ss += len + 1;
1287 }
1288
1289 return fieldtext;
1290 }
1291
1292
1293 static uschar *
1294 expand_getlistele(int field, const uschar * list)
1295 {
1296 const uschar * tlist = list;
1297 int sep = 0;
1298 uschar dummy;
1299
1300 if (field < 0)
1301 {
1302 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1303 sep = 0;
1304 }
1305 if (field == 0) return NULL;
1306 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1307 return string_nextinlist(&list, &sep, NULL, 0);
1308 }
1309
1310
1311 /* Certificate fields, by name. Worry about by-OID later */
1312 /* Names are chosen to not have common prefixes */
1313
1314 #ifndef DISABLE_TLS
1315 typedef struct
1316 {
1317 uschar * name;
1318 int namelen;
1319 uschar * (*getfn)(void * cert, uschar * mod);
1320 } certfield;
1321 static certfield certfields[] =
1322 { /* linear search; no special order */
1323 { US"version", 7, &tls_cert_version },
1324 { US"serial_number", 13, &tls_cert_serial_number },
1325 { US"subject", 7, &tls_cert_subject },
1326 { US"notbefore", 9, &tls_cert_not_before },
1327 { US"notafter", 8, &tls_cert_not_after },
1328 { US"issuer", 6, &tls_cert_issuer },
1329 { US"signature", 9, &tls_cert_signature },
1330 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1331 { US"subj_altname", 12, &tls_cert_subject_altname },
1332 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1333 { US"crl_uri", 7, &tls_cert_crl_uri },
1334 };
1335
1336 static uschar *
1337 expand_getcertele(uschar * field, uschar * certvar)
1338 {
1339 var_entry * vp;
1340
1341 if (!(vp = find_var_ent(certvar)))
1342 {
1343 expand_string_message =
1344 string_sprintf("no variable named \"%s\"", certvar);
1345 return NULL; /* Unknown variable name */
1346 }
1347 /* NB this stops us passing certs around in variable. Might
1348 want to do that in future */
1349 if (vp->type != vtype_cert)
1350 {
1351 expand_string_message =
1352 string_sprintf("\"%s\" is not a certificate", certvar);
1353 return NULL; /* Unknown variable name */
1354 }
1355 if (!*(void **)vp->value)
1356 return NULL;
1357
1358 if (*field >= '0' && *field <= '9')
1359 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1360
1361 for (certfield * cp = certfields;
1362 cp < certfields + nelem(certfields);
1363 cp++)
1364 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1365 {
1366 uschar * modifier = *(field += cp->namelen) == ','
1367 ? ++field : NULL;
1368 return (*cp->getfn)( *(void **)vp->value, modifier );
1369 }
1370
1371 expand_string_message =
1372 string_sprintf("bad field selector \"%s\" for certextract", field);
1373 return NULL;
1374 }
1375 #endif /*DISABLE_TLS*/
1376
1377 /*************************************************
1378 * Extract a substring from a string *
1379 *************************************************/
1380
1381 /* Perform the ${substr or ${length expansion operations.
1382
1383 Arguments:
1384 subject the input string
1385 value1 the offset from the start of the input string to the start of
1386 the output string; if negative, count from the right.
1387 value2 the length of the output string, or negative (-1) for unset
1388 if value1 is positive, unset means "all after"
1389 if value1 is negative, unset means "all before"
1390 len set to the length of the returned string
1391
1392 Returns: pointer to the output string, or NULL if there is an error
1393 */
1394
1395 static uschar *
1396 extract_substr(uschar *subject, int value1, int value2, int *len)
1397 {
1398 int sublen = Ustrlen(subject);
1399
1400 if (value1 < 0) /* count from right */
1401 {
1402 value1 += sublen;
1403
1404 /* If the position is before the start, skip to the start, and adjust the
1405 length. If the length ends up negative, the substring is null because nothing
1406 can precede. This falls out naturally when the length is unset, meaning "all
1407 to the left". */
1408
1409 if (value1 < 0)
1410 {
1411 value2 += value1;
1412 if (value2 < 0) value2 = 0;
1413 value1 = 0;
1414 }
1415
1416 /* Otherwise an unset length => characters before value1 */
1417
1418 else if (value2 < 0)
1419 {
1420 value2 = value1;
1421 value1 = 0;
1422 }
1423 }
1424
1425 /* For a non-negative offset, if the starting position is past the end of the
1426 string, the result will be the null string. Otherwise, an unset length means
1427 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1428
1429 else
1430 {
1431 if (value1 > sublen)
1432 {
1433 value1 = sublen;
1434 value2 = 0;
1435 }
1436 else if (value2 < 0) value2 = sublen;
1437 }
1438
1439 /* Cut the length down to the maximum possible for the offset value, and get
1440 the required characters. */
1441
1442 if (value1 + value2 > sublen) value2 = sublen - value1;
1443 *len = value2;
1444 return subject + value1;
1445 }
1446
1447
1448
1449
1450 /*************************************************
1451 * Old-style hash of a string *
1452 *************************************************/
1453
1454 /* Perform the ${hash expansion operation.
1455
1456 Arguments:
1457 subject the input string (an expanded substring)
1458 value1 the length of the output string; if greater or equal to the
1459 length of the input string, the input string is returned
1460 value2 the number of hash characters to use, or 26 if negative
1461 len set to the length of the returned string
1462
1463 Returns: pointer to the output string, or NULL if there is an error
1464 */
1465
1466 static uschar *
1467 compute_hash(uschar *subject, int value1, int value2, int *len)
1468 {
1469 int sublen = Ustrlen(subject);
1470
1471 if (value2 < 0) value2 = 26;
1472 else if (value2 > Ustrlen(hashcodes))
1473 {
1474 expand_string_message =
1475 string_sprintf("hash count \"%d\" too big", value2);
1476 return NULL;
1477 }
1478
1479 /* Calculate the hash text. We know it is shorter than the original string, so
1480 can safely place it in subject[] (we know that subject is always itself an
1481 expanded substring). */
1482
1483 if (value1 < sublen)
1484 {
1485 int c;
1486 int i = 0;
1487 int j = value1;
1488 while ((c = (subject[j])) != 0)
1489 {
1490 int shift = (c + j++) & 7;
1491 subject[i] ^= (c << shift) | (c >> (8-shift));
1492 if (++i >= value1) i = 0;
1493 }
1494 for (i = 0; i < value1; i++)
1495 subject[i] = hashcodes[(subject[i]) % value2];
1496 }
1497 else value1 = sublen;
1498
1499 *len = value1;
1500 return subject;
1501 }
1502
1503
1504
1505
1506 /*************************************************
1507 * Numeric hash of a string *
1508 *************************************************/
1509
1510 /* Perform the ${nhash expansion operation. The first characters of the
1511 string are treated as most important, and get the highest prime numbers.
1512
1513 Arguments:
1514 subject the input string
1515 value1 the maximum value of the first part of the result
1516 value2 the maximum value of the second part of the result,
1517 or negative to produce only a one-part result
1518 len set to the length of the returned string
1519
1520 Returns: pointer to the output string, or NULL if there is an error.
1521 */
1522
1523 static uschar *
1524 compute_nhash (uschar *subject, int value1, int value2, int *len)
1525 {
1526 uschar *s = subject;
1527 int i = 0;
1528 unsigned long int total = 0; /* no overflow */
1529
1530 while (*s != 0)
1531 {
1532 if (i == 0) i = nelem(prime) - 1;
1533 total += prime[i--] * (unsigned int)(*s++);
1534 }
1535
1536 /* If value2 is unset, just compute one number */
1537
1538 if (value2 < 0)
1539 s = string_sprintf("%lu", total % value1);
1540
1541 /* Otherwise do a div/mod hash */
1542
1543 else
1544 {
1545 total = total % (value1 * value2);
1546 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1547 }
1548
1549 *len = Ustrlen(s);
1550 return s;
1551 }
1552
1553
1554
1555
1556
1557 /*************************************************
1558 * Find the value of a header or headers *
1559 *************************************************/
1560
1561 /* Multiple instances of the same header get concatenated, and this function
1562 can also return a concatenation of all the header lines. When concatenating
1563 specific headers that contain lists of addresses, a comma is inserted between
1564 them. Otherwise we use a straight concatenation. Because some messages can have
1565 pathologically large number of lines, there is a limit on the length that is
1566 returned.
1567
1568 Arguments:
1569 name the name of the header, without the leading $header_ or $h_,
1570 or NULL if a concatenation of all headers is required
1571 newsize return the size of memory block that was obtained; may be NULL
1572 if exists_only is TRUE
1573 flags FH_EXISTS_ONLY
1574 set if called from a def: test; don't need to build a string;
1575 just return a string that is not "" and not "0" if the header
1576 exists
1577 FH_WANT_RAW
1578 set if called for $rh_ or $rheader_ items; no processing,
1579 other than concatenating, will be done on the header. Also used
1580 for $message_headers_raw.
1581 FH_WANT_LIST
1582 Double colon chars in the content, and replace newline with
1583 colon between each element when concatenating; returning a
1584 colon-sep list (elements might contain newlines)
1585 charset name of charset to translate MIME words to; used only if
1586 want_raw is false; if NULL, no translation is done (this is
1587 used for $bh_ and $bheader_)
1588
1589 Returns: NULL if the header does not exist, else a pointer to a new
1590 store block
1591 */
1592
1593 static uschar *
1594 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1595 {
1596 BOOL found = !name;
1597 int len = name ? Ustrlen(name) : 0;
1598 BOOL comma = FALSE;
1599 gstring * g = NULL;
1600
1601 for (header_line * h = header_list; h; h = h->next)
1602 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1603 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1604 {
1605 uschar * s, * t;
1606 size_t inc;
1607
1608 if (flags & FH_EXISTS_ONLY)
1609 return US"1"; /* don't need actual string */
1610
1611 found = TRUE;
1612 s = h->text + len; /* text to insert */
1613 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1614 while (isspace(*s)) s++; /* remove leading white space */
1615 t = h->text + h->slen; /* end-point */
1616
1617 /* Unless wanted raw, remove trailing whitespace, including the
1618 newline. */
1619
1620 if (flags & FH_WANT_LIST)
1621 while (t > s && t[-1] == '\n') t--;
1622 else if (!(flags & FH_WANT_RAW))
1623 {
1624 while (t > s && isspace(t[-1])) t--;
1625
1626 /* Set comma if handling a single header and it's one of those
1627 that contains an address list, except when asked for raw headers. Only
1628 need to do this once. */
1629
1630 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1631 }
1632
1633 /* Trim the header roughly if we're approaching limits */
1634 inc = t - s;
1635 if (gstring_length(g) + inc > header_insert_maxlen)
1636 inc = header_insert_maxlen - gstring_length(g);
1637
1638 /* For raw just copy the data; for a list, add the data as a colon-sep
1639 list-element; for comma-list add as an unchecked comma,newline sep
1640 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1641 stripped trailing WS above including the newline). We ignore the potential
1642 expansion due to colon-doubling, just leaving the loop if the limit is met
1643 or exceeded. */
1644
1645 if (flags & FH_WANT_LIST)
1646 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1647 else if (flags & FH_WANT_RAW)
1648 g = string_catn(g, s, (unsigned)inc);
1649 else if (inc > 0)
1650 g = string_append2_listele_n(g, comma ? US",\n" : US"\n",
1651 s, (unsigned)inc);
1652
1653 if (gstring_length(g) >= header_insert_maxlen) break;
1654 }
1655
1656 if (!found) return NULL; /* No header found */
1657 if (!g) return US"";
1658
1659 /* That's all we do for raw header expansion. */
1660
1661 *newsize = g->size;
1662 if (flags & FH_WANT_RAW)
1663 return string_from_gstring(g);
1664
1665 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1666 The rfc2047_decode2() function can return an error with decoded data if the
1667 charset translation fails. If decoding fails, it returns NULL. */
1668
1669 else
1670 {
1671 uschar * error, * decoded = rfc2047_decode2(string_from_gstring(g),
1672 check_rfc2047_length, charset, '?', NULL, newsize, &error);
1673 if (error)
1674 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1675 " input was: %s\n", error, g->s);
1676 return decoded ? decoded : string_from_gstring(g);
1677 }
1678 }
1679
1680
1681
1682
1683 /* Append a "local" element to an Authentication-Results: header
1684 if this was a non-smtp message.
1685 */
1686
1687 static gstring *
1688 authres_local(gstring * g, const uschar * sysname)
1689 {
1690 if (!f.authentication_local)
1691 return g;
1692 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1693 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1694 return g;
1695 }
1696
1697
1698 /* Append an "iprev" element to an Authentication-Results: header
1699 if we have attempted to get the calling host's name.
1700 */
1701
1702 static gstring *
1703 authres_iprev(gstring * g)
1704 {
1705 if (sender_host_name)
1706 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1707 else if (host_lookup_deferred)
1708 g = string_catn(g, US";\n\tiprev=temperror", 19);
1709 else if (host_lookup_failed)
1710 g = string_catn(g, US";\n\tiprev=fail", 13);
1711 else
1712 return g;
1713
1714 if (sender_host_address)
1715 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1716 return g;
1717 }
1718
1719
1720
1721 /*************************************************
1722 * Return list of recipients *
1723 *************************************************/
1724 /* A recipients list is available only during system message filtering,
1725 during ACL processing after DATA, and while expanding pipe commands
1726 generated from a system filter, but not elsewhere. */
1727
1728 static uschar *
1729 fn_recipients(void)
1730 {
1731 uschar * s;
1732 gstring * g = NULL;
1733
1734 if (!f.enable_dollar_recipients) return NULL;
1735
1736 for (int i = 0; i < recipients_count; i++)
1737 {
1738 s = recipients_list[i].address;
1739 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1740 }
1741 return g ? g->s : NULL;
1742 }
1743
1744
1745 /*************************************************
1746 * Return size of queue *
1747 *************************************************/
1748 /* Ask the daemon for the queue size */
1749
1750 static uschar *
1751 fn_queue_size(void)
1752 {
1753 struct sockaddr_un sa_un = {.sun_family = AF_UNIX};
1754 uschar buf[16];
1755 int fd;
1756 ssize_t len;
1757 const uschar * where;
1758 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1759 uschar * sname;
1760 #endif
1761 fd_set fds;
1762 struct timeval tv;
1763
1764 if ((fd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
1765 {
1766 DEBUG(D_expand) debug_printf(" socket: %s\n", strerror(errno));
1767 return NULL;
1768 }
1769
1770 #ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1771 sa_un.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1772 len = offsetof(struct sockaddr_un, sun_path) + 1
1773 + snprintf(sa_un.sun_path+1, sizeof(sa_un.sun_path)-1, "exim_%d", getpid());
1774 #else
1775 sname = string_sprintf("%s/p_%d", spool_directory, getpid());
1776 len = offsetof(struct sockaddr_un, sun_path)
1777 + snprintf(sa_un.sun_path, sizeof(sa_un.sun_path), "%s", sname);
1778 #endif
1779
1780 if (bind(fd, (const struct sockaddr *)&sa_un, len) < 0)
1781 { where = US"bind"; goto bad; }
1782
1783 #ifdef notdef
1784 debug_printf("local addr '%s%s'\n",
1785 *sa_un.sun_path ? "" : "@",
1786 sa_un.sun_path + (*sa_un.sun_path ? 0 : 1));
1787 #endif
1788
1789 #ifdef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1790 sa_un.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1791 len = offsetof(struct sockaddr_un, sun_path) + 1
1792 + snprintf(sa_un.sun_path+1, sizeof(sa_un.sun_path)-1, "%s", NOTIFIER_SOCKET_NAME);
1793 #else
1794 len = offsetof(struct sockaddr_un, sun_path)
1795 + snprintf(sa_un.sun_path, sizeof(sa_un.sun_path), "%s/%s",
1796 spool_directory, NOTIFIER_SOCKET_NAME);
1797 #endif
1798
1799 if (connect(fd, (const struct sockaddr *)&sa_un, len) < 0)
1800 { where = US"connect"; goto bad2; }
1801
1802 buf[0] = NOTIFY_QUEUE_SIZE_REQ;
1803 if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; }
1804
1805 FD_ZERO(&fds); FD_SET(fd, &fds);
1806 tv.tv_sec = 2; tv.tv_usec = 0;
1807 if (select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tv) != 1)
1808 {
1809 DEBUG(D_expand) debug_printf("no daemon response; using local evaluation\n");
1810 len = snprintf(CS buf, sizeof(buf), "%u", queue_count_cached());
1811 }
1812 else if ((len = recv(fd, buf, sizeof(buf), 0)) < 0)
1813 { where = US"recv"; goto bad2; }
1814
1815 close(fd);
1816 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1817 Uunlink(sname);
1818 #endif
1819 return string_copyn(buf, len);
1820
1821 bad2:
1822 #ifndef EXIM_HAVE_ABSTRACT_UNIX_SOCKETS
1823 Uunlink(sname);
1824 #endif
1825 bad:
1826 close(fd);
1827 DEBUG(D_expand) debug_printf(" %s: %s\n", where, strerror(errno));
1828 return NULL;
1829 }
1830
1831
1832 /*************************************************
1833 * Find value of a variable *
1834 *************************************************/
1835
1836 /* The table of variables is kept in alphabetic order, so we can search it
1837 using a binary chop. The "choplen" variable is nothing to do with the binary
1838 chop.
1839
1840 Arguments:
1841 name the name of the variable being sought
1842 exists_only TRUE if this is a def: test; passed on to find_header()
1843 skipping TRUE => skip any processing evaluation; this is not the same as
1844 exists_only because def: may test for values that are first
1845 evaluated here
1846 newsize pointer to an int which is initially zero; if the answer is in
1847 a new memory buffer, *newsize is set to its size
1848
1849 Returns: NULL if the variable does not exist, or
1850 a pointer to the variable's contents, or
1851 something non-NULL if exists_only is TRUE
1852 */
1853
1854 static uschar *
1855 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1856 {
1857 var_entry * vp;
1858 uschar *s, *domain;
1859 uschar **ss;
1860 void * val;
1861
1862 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1863 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1864 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1865 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1866 (this gave backwards compatibility at the changeover). There may be built-in
1867 variables whose names start acl_ but they should never start in this way. This
1868 slightly messy specification is a consequence of the history, needless to say.
1869
1870 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1871 set, in which case give an error. */
1872
1873 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1874 !isalpha(name[5]))
1875 {
1876 tree_node * node =
1877 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1878 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1879 }
1880 else if (Ustrncmp(name, "r_", 2) == 0)
1881 {
1882 tree_node * node = tree_search(router_var, name + 2);
1883 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1884 }
1885
1886 /* Handle $auth<n> variables. */
1887
1888 if (Ustrncmp(name, "auth", 4) == 0)
1889 {
1890 uschar *endptr;
1891 int n = Ustrtoul(name + 4, &endptr, 10);
1892 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1893 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1894 }
1895 else if (Ustrncmp(name, "regex", 5) == 0)
1896 {
1897 uschar *endptr;
1898 int n = Ustrtoul(name + 5, &endptr, 10);
1899 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1900 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1901 }
1902
1903 /* For all other variables, search the table */
1904
1905 if (!(vp = find_var_ent(name)))
1906 return NULL; /* Unknown variable name */
1907
1908 /* Found an existing variable. If in skipping state, the value isn't needed,
1909 and we want to avoid processing (such as looking up the host name). */
1910
1911 if (skipping)
1912 return US"";
1913
1914 val = vp->value;
1915 switch (vp->type)
1916 {
1917 case vtype_filter_int:
1918 if (!f.filter_running) return NULL;
1919 /* Fall through */
1920 /* VVVVVVVVVVVV */
1921 case vtype_int:
1922 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1923 return var_buffer;
1924
1925 case vtype_ino:
1926 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1927 return var_buffer;
1928
1929 case vtype_gid:
1930 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1931 return var_buffer;
1932
1933 case vtype_uid:
1934 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1935 return var_buffer;
1936
1937 case vtype_bool:
1938 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1939 return var_buffer;
1940
1941 case vtype_stringptr: /* Pointer to string */
1942 return (s = *((uschar **)(val))) ? s : US"";
1943
1944 case vtype_pid:
1945 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1946 return var_buffer;
1947
1948 case vtype_load_avg:
1949 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1950 return var_buffer;
1951
1952 case vtype_host_lookup: /* Lookup if not done so */
1953 if ( !sender_host_name && sender_host_address
1954 && !host_lookup_failed && host_name_lookup() == OK)
1955 host_build_sender_fullhost();
1956 return sender_host_name ? sender_host_name : US"";
1957
1958 case vtype_localpart: /* Get local part from address */
1959 if (!(s = *((uschar **)(val)))) return US"";
1960 if (!(domain = Ustrrchr(s, '@'))) return s;
1961 if (domain - s > sizeof(var_buffer) - 1)
1962 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1963 " in string expansion", sizeof(var_buffer));
1964 return string_copyn(s, domain - s);
1965
1966 case vtype_domain: /* Get domain from address */
1967 if (!(s = *((uschar **)(val)))) return US"";
1968 domain = Ustrrchr(s, '@');
1969 return domain ? domain + 1 : US"";
1970
1971 case vtype_msgheaders:
1972 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1973
1974 case vtype_msgheaders_raw:
1975 return find_header(NULL, newsize,
1976 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1977
1978 case vtype_msgbody: /* Pointer to msgbody string */
1979 case vtype_msgbody_end: /* Ditto, the end of the msg */
1980 ss = (uschar **)(val);
1981 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1982 {
1983 uschar *body;
1984 off_t start_offset = SPOOL_DATA_START_OFFSET;
1985 int len = message_body_visible;
1986 if (len > message_size) len = message_size;
1987 *ss = body = store_malloc(len+1);
1988 body[0] = 0;
1989 if (vp->type == vtype_msgbody_end)
1990 {
1991 struct stat statbuf;
1992 if (fstat(deliver_datafile, &statbuf) == 0)
1993 {
1994 start_offset = statbuf.st_size - len;
1995 if (start_offset < SPOOL_DATA_START_OFFSET)
1996 start_offset = SPOOL_DATA_START_OFFSET;
1997 }
1998 }
1999 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
2000 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
2001 strerror(errno));
2002 len = read(deliver_datafile, body, len);
2003 if (len > 0)
2004 {
2005 body[len] = 0;
2006 if (message_body_newlines) /* Separate loops for efficiency */
2007 while (len > 0)
2008 { if (body[--len] == 0) body[len] = ' '; }
2009 else
2010 while (len > 0)
2011 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
2012 }
2013 }
2014 return *ss ? *ss : US"";
2015
2016 case vtype_todbsdin: /* BSD inbox time of day */
2017 return tod_stamp(tod_bsdin);
2018
2019 case vtype_tode: /* Unix epoch time of day */
2020 return tod_stamp(tod_epoch);
2021
2022 case vtype_todel: /* Unix epoch/usec time of day */
2023 return tod_stamp(tod_epoch_l);
2024
2025 case vtype_todf: /* Full time of day */
2026 return tod_stamp(tod_full);
2027
2028 case vtype_todl: /* Log format time of day */
2029 return tod_stamp(tod_log_bare); /* (without timezone) */
2030
2031 case vtype_todzone: /* Time zone offset only */
2032 return tod_stamp(tod_zone);
2033
2034 case vtype_todzulu: /* Zulu time */
2035 return tod_stamp(tod_zulu);
2036
2037 case vtype_todlf: /* Log file datestamp tod */
2038 return tod_stamp(tod_log_datestamp_daily);
2039
2040 case vtype_reply: /* Get reply address */
2041 s = find_header(US"reply-to:", newsize,
2042 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2043 headers_charset);
2044 if (s) while (isspace(*s)) s++;
2045 if (!s || !*s)
2046 {
2047 *newsize = 0; /* For the *s==0 case */
2048 s = find_header(US"from:", newsize,
2049 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2050 headers_charset);
2051 }
2052 if (s)
2053 {
2054 uschar *t;
2055 while (isspace(*s)) s++;
2056 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
2057 while (t > s && isspace(t[-1])) t--;
2058 *t = 0;
2059 }
2060 return s ? s : US"";
2061
2062 case vtype_string_func:
2063 {
2064 stringptr_fn_t * fn = (stringptr_fn_t *) val;
2065 return fn();
2066 }
2067
2068 case vtype_pspace:
2069 {
2070 int inodes;
2071 sprintf(CS var_buffer, PR_EXIM_ARITH,
2072 receive_statvfs(val == (void *)TRUE, &inodes));
2073 }
2074 return var_buffer;
2075
2076 case vtype_pinodes:
2077 {
2078 int inodes;
2079 (void) receive_statvfs(val == (void *)TRUE, &inodes);
2080 sprintf(CS var_buffer, "%d", inodes);
2081 }
2082 return var_buffer;
2083
2084 case vtype_cert:
2085 return *(void **)val ? US"<cert>" : US"";
2086
2087 #ifndef DISABLE_DKIM
2088 case vtype_dkim:
2089 return dkim_exim_expand_query((int)(long)val);
2090 #endif
2091
2092 }
2093
2094 return NULL; /* Unknown variable. Silences static checkers. */
2095 }
2096
2097
2098
2099
2100 void
2101 modify_variable(uschar *name, void * value)
2102 {
2103 var_entry * vp;
2104 if ((vp = find_var_ent(name))) vp->value = value;
2105 return; /* Unknown variable name, fail silently */
2106 }
2107
2108
2109
2110
2111
2112
2113 /*************************************************
2114 * Read and expand substrings *
2115 *************************************************/
2116
2117 /* This function is called to read and expand argument substrings for various
2118 expansion items. Some have a minimum requirement that is less than the maximum;
2119 in these cases, the first non-present one is set to NULL.
2120
2121 Arguments:
2122 sub points to vector of pointers to set
2123 n maximum number of substrings
2124 m minimum required
2125 sptr points to current string pointer
2126 skipping the skipping flag
2127 check_end if TRUE, check for final '}'
2128 name name of item, for error message
2129 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2130 the store.
2131
2132 Returns: 0 OK; string pointer updated
2133 1 curly bracketing error (too few arguments)
2134 2 too many arguments (only if check_end is set); message set
2135 3 other error (expansion failure)
2136 */
2137
2138 static int
2139 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2140 BOOL check_end, uschar *name, BOOL *resetok)
2141 {
2142 const uschar *s = *sptr;
2143
2144 while (isspace(*s)) s++;
2145 for (int i = 0; i < n; i++)
2146 {
2147 if (*s != '{')
2148 {
2149 if (i < m)
2150 {
2151 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2152 "(min is %d)", name, m);
2153 return 1;
2154 }
2155 sub[i] = NULL;
2156 break;
2157 }
2158 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2159 return 3;
2160 if (*s++ != '}') return 1;
2161 while (isspace(*s)) s++;
2162 }
2163 if (check_end && *s++ != '}')
2164 {
2165 if (s[-1] == '{')
2166 {
2167 expand_string_message = string_sprintf("Too many arguments for '%s' "
2168 "(max is %d)", name, n);
2169 return 2;
2170 }
2171 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2172 return 1;
2173 }
2174
2175 *sptr = s;
2176 return 0;
2177 }
2178
2179
2180
2181
2182 /*************************************************
2183 * Elaborate message for bad variable *
2184 *************************************************/
2185
2186 /* For the "unknown variable" message, take a look at the variable's name, and
2187 give additional information about possible ACL variables. The extra information
2188 is added on to expand_string_message.
2189
2190 Argument: the name of the variable
2191 Returns: nothing
2192 */
2193
2194 static void
2195 check_variable_error_message(uschar *name)
2196 {
2197 if (Ustrncmp(name, "acl_", 4) == 0)
2198 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2199 (name[4] == 'c' || name[4] == 'm')?
2200 (isalpha(name[5])?
2201 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2202 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2203 ) :
2204 US"user-defined ACL variables must start acl_c or acl_m");
2205 }
2206
2207
2208
2209 /*
2210 Load args from sub array to globals, and call acl_check().
2211 Sub array will be corrupted on return.
2212
2213 Returns: OK access is granted by an ACCEPT verb
2214 DISCARD access is (apparently) granted by a DISCARD verb
2215 FAIL access is denied
2216 FAIL_DROP access is denied; drop the connection
2217 DEFER can't tell at the moment
2218 ERROR disaster
2219 */
2220 static int
2221 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2222 {
2223 int i;
2224 int sav_narg = acl_narg;
2225 int ret;
2226 uschar * dummy_logmsg;
2227 extern int acl_where;
2228
2229 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2230 for (i = 0; i < nsub && sub[i+1]; i++)
2231 {
2232 uschar * tmp = acl_arg[i];
2233 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2234 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2235 }
2236 acl_narg = i;
2237 while (i < nsub)
2238 {
2239 sub[i+1] = acl_arg[i];
2240 acl_arg[i++] = NULL;
2241 }
2242
2243 DEBUG(D_expand)
2244 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2245 sub[0],
2246 acl_narg>0 ? acl_arg[0] : US"<none>",
2247 acl_narg>1 ? " +more" : "");
2248
2249 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2250
2251 for (i = 0; i < nsub; i++)
2252 acl_arg[i] = sub[i+1]; /* restore old args */
2253 acl_narg = sav_narg;
2254
2255 return ret;
2256 }
2257
2258
2259
2260
2261 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2262 The given string is modified on return. Leading whitespace is skipped while
2263 looking for the opening wrap character, then the rest is scanned for the trailing
2264 (non-escaped) wrap character. A backslash in the string will act as an escape.
2265
2266 A nul is written over the trailing wrap, and a pointer to the char after the
2267 leading wrap is returned.
2268
2269 Arguments:
2270 s String for de-wrapping
2271 wrap Two-char string, the first being the opener, second the closer wrapping
2272 character
2273 Return:
2274 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2275 */
2276
2277 static uschar *
2278 dewrap(uschar * s, const uschar * wrap)
2279 {
2280 uschar * p = s;
2281 unsigned depth = 0;
2282 BOOL quotesmode = wrap[0] == wrap[1];
2283
2284 while (isspace(*p)) p++;
2285
2286 if (*p == *wrap)
2287 {
2288 s = ++p;
2289 wrap++;
2290 while (*p)
2291 {
2292 if (*p == '\\') p++;
2293 else if (!quotesmode && *p == wrap[-1]) depth++;
2294 else if (*p == *wrap)
2295 if (depth == 0)
2296 {
2297 *p = '\0';
2298 return s;
2299 }
2300 else
2301 depth--;
2302 p++;
2303 }
2304 }
2305 expand_string_message = string_sprintf("missing '%c'", *wrap);
2306 return NULL;
2307 }
2308
2309
2310 /* Pull off the leading array or object element, returning
2311 a copy in an allocated string. Update the list pointer.
2312
2313 The element may itself be an abject or array.
2314 Return NULL when the list is empty.
2315 */
2316
2317 static uschar *
2318 json_nextinlist(const uschar ** list)
2319 {
2320 unsigned array_depth = 0, object_depth = 0;
2321 const uschar * s = *list, * item;
2322
2323 while (isspace(*s)) s++;
2324
2325 for (item = s;
2326 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2327 s++)
2328 switch (*s)
2329 {
2330 case '[': array_depth++; break;
2331 case ']': array_depth--; break;
2332 case '{': object_depth++; break;
2333 case '}': object_depth--; break;
2334 }
2335 *list = *s ? s+1 : s;
2336 if (item == s) return NULL;
2337 item = string_copyn(item, s - item);
2338 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2339 return US item;
2340 }
2341
2342
2343
2344 /************************************************/
2345 /* Return offset in ops table, or -1 if not found.
2346 Repoint to just after the operator in the string.
2347
2348 Argument:
2349 ss string representation of operator
2350 opname split-out operator name
2351 */
2352
2353 static int
2354 identify_operator(const uschar ** ss, uschar ** opname)
2355 {
2356 const uschar * s = *ss;
2357 uschar name[256];
2358
2359 /* Numeric comparisons are symbolic */
2360
2361 if (*s == '=' || *s == '>' || *s == '<')
2362 {
2363 int p = 0;
2364 name[p++] = *s++;
2365 if (*s == '=')
2366 {
2367 name[p++] = '=';
2368 s++;
2369 }
2370 name[p] = 0;
2371 }
2372
2373 /* All other conditions are named */
2374
2375 else
2376 s = read_name(name, sizeof(name), s, US"_");
2377 *ss = s;
2378
2379 /* If we haven't read a name, it means some non-alpha character is first. */
2380
2381 if (!name[0])
2382 {
2383 expand_string_message = string_sprintf("condition name expected, "
2384 "but found \"%.16s\"", s);
2385 return -1;
2386 }
2387 if (opname)
2388 *opname = string_copy(name);
2389
2390 return chop_match(name, cond_table, nelem(cond_table));
2391 }
2392
2393
2394 /*************************************************
2395 * Handle MD5 or SHA-1 computation for HMAC *
2396 *************************************************/
2397
2398 /* These are some wrapping functions that enable the HMAC code to be a bit
2399 cleaner. A good compiler will spot the tail recursion.
2400
2401 Arguments:
2402 type HMAC_MD5 or HMAC_SHA1
2403 remaining are as for the cryptographic hash functions
2404
2405 Returns: nothing
2406 */
2407
2408 static void
2409 chash_start(int type, void * base)
2410 {
2411 if (type == HMAC_MD5)
2412 md5_start((md5 *)base);
2413 else
2414 sha1_start((hctx *)base);
2415 }
2416
2417 static void
2418 chash_mid(int type, void * base, const uschar * string)
2419 {
2420 if (type == HMAC_MD5)
2421 md5_mid((md5 *)base, string);
2422 else
2423 sha1_mid((hctx *)base, string);
2424 }
2425
2426 static void
2427 chash_end(int type, void * base, const uschar * string, int length,
2428 uschar * digest)
2429 {
2430 if (type == HMAC_MD5)
2431 md5_end((md5 *)base, string, length, digest);
2432 else
2433 sha1_end((hctx *)base, string, length, digest);
2434 }
2435
2436
2437
2438
2439 /* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as
2440 the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer.
2441
2442 Arguments:
2443 key encoding key, nul-terminated
2444 src data to be hashed, nul-terminated
2445 buf output buffer
2446 len size of output buffer
2447 */
2448
2449 static void
2450 hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len)
2451 {
2452 md5 md5_base;
2453 const uschar * keyptr;
2454 uschar * p;
2455 unsigned int keylen;
2456
2457 #define MD5_HASHLEN 16
2458 #define MD5_HASHBLOCKLEN 64
2459
2460 uschar keyhash[MD5_HASHLEN];
2461 uschar innerhash[MD5_HASHLEN];
2462 uschar finalhash[MD5_HASHLEN];
2463 uschar innerkey[MD5_HASHBLOCKLEN];
2464 uschar outerkey[MD5_HASHBLOCKLEN];
2465
2466 keyptr = key;
2467 keylen = Ustrlen(keyptr);
2468
2469 /* If the key is longer than the hash block length, then hash the key
2470 first */
2471
2472 if (keylen > MD5_HASHBLOCKLEN)
2473 {
2474 chash_start(HMAC_MD5, &md5_base);
2475 chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash);
2476 keyptr = keyhash;
2477 keylen = MD5_HASHLEN;
2478 }
2479
2480 /* Now make the inner and outer key values */
2481
2482 memset(innerkey, 0x36, MD5_HASHBLOCKLEN);
2483 memset(outerkey, 0x5c, MD5_HASHBLOCKLEN);
2484
2485 for (int i = 0; i < keylen; i++)
2486 {
2487 innerkey[i] ^= keyptr[i];
2488 outerkey[i] ^= keyptr[i];
2489 }
2490
2491 /* Now do the hashes */
2492
2493 chash_start(HMAC_MD5, &md5_base);
2494 chash_mid(HMAC_MD5, &md5_base, innerkey);
2495 chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash);
2496
2497 chash_start(HMAC_MD5, &md5_base);
2498 chash_mid(HMAC_MD5, &md5_base, outerkey);
2499 chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash);
2500
2501 /* Encode the final hash as a hex string, limited by output buffer size */
2502
2503 p = buf;
2504 for (int i = 0, j = len; i < MD5_HASHLEN; i++)
2505 {
2506 if (j-- <= 0) break;
2507 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2508 if (j-- <= 0) break;
2509 *p++ = hex_digits[finalhash[i] & 0x0f];
2510 }
2511 return;
2512 }
2513
2514
2515 /*************************************************
2516 * Read and evaluate a condition *
2517 *************************************************/
2518
2519 /*
2520 Arguments:
2521 s points to the start of the condition text
2522 resetok points to a BOOL which is written false if it is unsafe to
2523 free memory. Certain condition types (acl) may have side-effect
2524 allocation which must be preserved.
2525 yield points to a BOOL to hold the result of the condition test;
2526 if NULL, we are just reading through a condition that is
2527 part of an "or" combination to check syntax, or in a state
2528 where the answer isn't required
2529
2530 Returns: a pointer to the first character after the condition, or
2531 NULL after an error
2532 */
2533
2534 static const uschar *
2535 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2536 {
2537 BOOL testfor = TRUE;
2538 BOOL tempcond, combined_cond;
2539 BOOL *subcondptr;
2540 BOOL sub2_honour_dollar = TRUE;
2541 BOOL is_forany, is_json, is_jsons;
2542 int rc, cond_type, roffset;
2543 int_eximarith_t num[2];
2544 struct stat statbuf;
2545 uschar * opname;
2546 uschar name[256];
2547 const uschar *sub[10];
2548
2549 const pcre *re;
2550 const uschar *rerror;
2551
2552 for (;;)
2553 {
2554 while (isspace(*s)) s++;
2555 if (*s == '!') { testfor = !testfor; s++; } else break;
2556 }
2557
2558 switch(cond_type = identify_operator(&s, &opname))
2559 {
2560 /* def: tests for a non-empty variable, or for the existence of a header. If
2561 yield == NULL we are in a skipping state, and don't care about the answer. */
2562
2563 case ECOND_DEF:
2564 {
2565 uschar * t;
2566
2567 if (*s != ':')
2568 {
2569 expand_string_message = US"\":\" expected after \"def\"";
2570 return NULL;
2571 }
2572
2573 s = read_name(name, sizeof(name), s+1, US"_");
2574
2575 /* Test for a header's existence. If the name contains a closing brace
2576 character, this may be a user error where the terminating colon has been
2577 omitted. Set a flag to adjust a subsequent error message in this case. */
2578
2579 if ( ( *(t = name) == 'h'
2580 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2581 )
2582 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2583 )
2584 {
2585 s = read_header_name(name, sizeof(name), s);
2586 /* {-for-text-editors */
2587 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2588 if (yield) *yield =
2589 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2590 }
2591
2592 /* Test for a variable's having a non-empty value. A non-existent variable
2593 causes an expansion failure. */
2594
2595 else
2596 {
2597 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2598 {
2599 expand_string_message = name[0]
2600 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2601 : US"variable name omitted after \"def:\"";
2602 check_variable_error_message(name);
2603 return NULL;
2604 }
2605 if (yield) *yield = (t[0] != 0) == testfor;
2606 }
2607
2608 return s;
2609 }
2610
2611
2612 /* first_delivery tests for first delivery attempt */
2613
2614 case ECOND_FIRST_DELIVERY:
2615 if (yield) *yield = f.deliver_firsttime == testfor;
2616 return s;
2617
2618
2619 /* queue_running tests for any process started by a queue runner */
2620
2621 case ECOND_QUEUE_RUNNING:
2622 if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor;
2623 return s;
2624
2625
2626 /* exists: tests for file existence
2627 isip: tests for any IP address
2628 isip4: tests for an IPv4 address
2629 isip6: tests for an IPv6 address
2630 pam: does PAM authentication
2631 radius: does RADIUS authentication
2632 ldapauth: does LDAP authentication
2633 pwcheck: does Cyrus SASL pwcheck authentication
2634 */
2635
2636 case ECOND_EXISTS:
2637 case ECOND_ISIP:
2638 case ECOND_ISIP4:
2639 case ECOND_ISIP6:
2640 case ECOND_PAM:
2641 case ECOND_RADIUS:
2642 case ECOND_LDAPAUTH:
2643 case ECOND_PWCHECK:
2644
2645 while (isspace(*s)) s++;
2646 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2647
2648 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2649 if (!sub[0]) return NULL;
2650 /* {-for-text-editors */
2651 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2652
2653 if (!yield) return s; /* No need to run the test if skipping */
2654
2655 switch(cond_type)
2656 {
2657 case ECOND_EXISTS:
2658 if ((expand_forbid & RDO_EXISTS) != 0)
2659 {
2660 expand_string_message = US"File existence tests are not permitted";
2661 return NULL;
2662 }
2663 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2664 break;
2665
2666 case ECOND_ISIP:
2667 case ECOND_ISIP4:
2668 case ECOND_ISIP6:
2669 rc = string_is_ip_address(sub[0], NULL);
2670 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2671 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2672 break;
2673
2674 /* Various authentication tests - all optionally compiled */
2675
2676 case ECOND_PAM:
2677 #ifdef SUPPORT_PAM
2678 rc = auth_call_pam(sub[0], &expand_string_message);
2679 goto END_AUTH;
2680 #else
2681 goto COND_FAILED_NOT_COMPILED;
2682 #endif /* SUPPORT_PAM */
2683
2684 case ECOND_RADIUS:
2685 #ifdef RADIUS_CONFIG_FILE
2686 rc = auth_call_radius(sub[0], &expand_string_message);
2687 goto END_AUTH;
2688 #else
2689 goto COND_FAILED_NOT_COMPILED;
2690 #endif /* RADIUS_CONFIG_FILE */
2691
2692 case ECOND_LDAPAUTH:
2693 #ifdef LOOKUP_LDAP
2694 {
2695 /* Just to keep the interface the same */
2696 BOOL do_cache;
2697 int old_pool = store_pool;
2698 store_pool = POOL_SEARCH;
2699 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2700 &expand_string_message, &do_cache);
2701 store_pool = old_pool;
2702 }
2703 goto END_AUTH;
2704 #else
2705 goto COND_FAILED_NOT_COMPILED;
2706 #endif /* LOOKUP_LDAP */
2707
2708 case ECOND_PWCHECK:
2709 #ifdef CYRUS_PWCHECK_SOCKET
2710 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2711 goto END_AUTH;
2712 #else
2713 goto COND_FAILED_NOT_COMPILED;
2714 #endif /* CYRUS_PWCHECK_SOCKET */
2715
2716 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2717 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2718 END_AUTH:
2719 if (rc == ERROR || rc == DEFER) return NULL;
2720 *yield = (rc == OK) == testfor;
2721 #endif
2722 }
2723 return s;
2724
2725
2726 /* call ACL (in a conditional context). Accept true, deny false.
2727 Defer is a forced-fail. Anything set by message= goes to $value.
2728 Up to ten parameters are used; we use the braces round the name+args
2729 like the saslauthd condition does, to permit a variable number of args.
2730 See also the expansion-item version EITEM_ACL and the traditional
2731 acl modifier ACLC_ACL.
2732 Since the ACL may allocate new global variables, tell our caller to not
2733 reclaim memory.
2734 */
2735
2736 case ECOND_ACL:
2737 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2738 {
2739 uschar *sub[10];
2740 uschar *user_msg;
2741 BOOL cond = FALSE;
2742
2743 while (isspace(*s)) s++;
2744 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2745
2746 switch(read_subs(sub, nelem(sub), 1,
2747 &s, yield == NULL, TRUE, US"acl", resetok))
2748 {
2749 case 1: expand_string_message = US"too few arguments or bracketing "
2750 "error for acl";
2751 case 2:
2752 case 3: return NULL;
2753 }
2754
2755 if (yield)
2756 {
2757 int rc;
2758 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2759 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
2760 {
2761 case OK:
2762 cond = TRUE;
2763 case FAIL:
2764 lookup_value = NULL;
2765 if (user_msg)
2766 lookup_value = string_copy(user_msg);
2767 *yield = cond == testfor;
2768 break;
2769
2770 case DEFER:
2771 f.expand_string_forcedfail = TRUE;
2772 /*FALLTHROUGH*/
2773 default:
2774 expand_string_message = string_sprintf("%s from acl \"%s\"",
2775 rc_names[rc], sub[0]);
2776 return NULL;
2777 }
2778 }
2779 return s;
2780 }
2781
2782
2783 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2784
2785 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2786
2787 However, the last two are optional. That is why the whole set is enclosed
2788 in their own set of braces. */
2789
2790 case ECOND_SASLAUTHD:
2791 #ifndef CYRUS_SASLAUTHD_SOCKET
2792 goto COND_FAILED_NOT_COMPILED;
2793 #else
2794 {
2795 uschar *sub[4];
2796 while (isspace(*s)) s++;
2797 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2798 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2799 resetok))
2800 {
2801 case 1: expand_string_message = US"too few arguments or bracketing "
2802 "error for saslauthd";
2803 case 2:
2804 case 3: return NULL;
2805 }
2806 if (!sub[2]) sub[3] = NULL; /* realm if no service */
2807 if (yield)
2808 {
2809 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2810 &expand_string_message);
2811 if (rc == ERROR || rc == DEFER) return NULL;
2812 *yield = (rc == OK) == testfor;
2813 }
2814 return s;
2815 }
2816 #endif /* CYRUS_SASLAUTHD_SOCKET */
2817
2818
2819 /* symbolic operators for numeric and string comparison, and a number of
2820 other operators, all requiring two arguments.
2821
2822 crypteq: encrypts plaintext and compares against an encrypted text,
2823 using crypt(), crypt16(), MD5 or SHA-1
2824 inlist/inlisti: checks if first argument is in the list of the second
2825 match: does a regular expression match and sets up the numerical
2826 variables if it succeeds
2827 match_address: matches in an address list
2828 match_domain: matches in a domain list
2829 match_ip: matches a host list that is restricted to IP addresses
2830 match_local_part: matches in a local part list
2831 */
2832
2833 case ECOND_MATCH_ADDRESS:
2834 case ECOND_MATCH_DOMAIN:
2835 case ECOND_MATCH_IP:
2836 case ECOND_MATCH_LOCAL_PART:
2837 #ifndef EXPAND_LISTMATCH_RHS
2838 sub2_honour_dollar = FALSE;
2839 #endif
2840 /* FALLTHROUGH */
2841
2842 case ECOND_CRYPTEQ:
2843 case ECOND_INLIST:
2844 case ECOND_INLISTI:
2845 case ECOND_MATCH:
2846
2847 case ECOND_NUM_L: /* Numerical comparisons */
2848 case ECOND_NUM_LE:
2849 case ECOND_NUM_E:
2850 case ECOND_NUM_EE:
2851 case ECOND_NUM_G:
2852 case ECOND_NUM_GE:
2853
2854 case ECOND_STR_LT: /* String comparisons */
2855 case ECOND_STR_LTI:
2856 case ECOND_STR_LE:
2857 case ECOND_STR_LEI:
2858 case ECOND_STR_EQ:
2859 case ECOND_STR_EQI:
2860 case ECOND_STR_GT:
2861 case ECOND_STR_GTI:
2862 case ECOND_STR_GE:
2863 case ECOND_STR_GEI:
2864
2865 for (int i = 0; i < 2; i++)
2866 {
2867 /* Sometimes, we don't expand substrings; too many insecure configurations
2868 created using match_address{}{} and friends, where the second param
2869 includes information from untrustworthy sources. */
2870 BOOL honour_dollar = TRUE;
2871 if ((i > 0) && !sub2_honour_dollar)
2872 honour_dollar = FALSE;
2873
2874 while (isspace(*s)) s++;
2875 if (*s != '{')
2876 {
2877 if (i == 0) goto COND_FAILED_CURLY_START;
2878 expand_string_message = string_sprintf("missing 2nd string in {} "
2879 "after \"%s\"", opname);
2880 return NULL;
2881 }
2882 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2883 honour_dollar, resetok)))
2884 return NULL;
2885 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2886 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2887 " for security reasons\n");
2888 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2889
2890 /* Convert to numerical if required; we know that the names of all the
2891 conditions that compare numbers do not start with a letter. This just saves
2892 checking for them individually. */
2893
2894 if (!isalpha(opname[0]) && yield)
2895 if (sub[i][0] == 0)
2896 {
2897 num[i] = 0;
2898 DEBUG(D_expand)
2899 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2900 }
2901 else
2902 {
2903 num[i] = expanded_string_integer(sub[i], FALSE);
2904 if (expand_string_message) return NULL;
2905 }
2906 }
2907
2908 /* Result not required */
2909
2910 if (!yield) return s;
2911
2912 /* Do an appropriate comparison */
2913
2914 switch(cond_type)
2915 {
2916 case ECOND_NUM_E:
2917 case ECOND_NUM_EE:
2918 tempcond = (num[0] == num[1]);
2919 break;
2920
2921 case ECOND_NUM_G:
2922 tempcond = (num[0] > num[1]);
2923 break;
2924
2925 case ECOND_NUM_GE:
2926 tempcond = (num[0] >= num[1]);
2927 break;
2928
2929 case ECOND_NUM_L:
2930 tempcond = (num[0] < num[1]);
2931 break;
2932
2933 case ECOND_NUM_LE:
2934 tempcond = (num[0] <= num[1]);
2935 break;
2936
2937 case ECOND_STR_LT:
2938 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2939 break;
2940
2941 case ECOND_STR_LTI:
2942 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2943 break;
2944
2945 case ECOND_STR_LE:
2946 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2947 break;
2948
2949 case ECOND_STR_LEI:
2950 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2951 break;
2952
2953 case ECOND_STR_EQ:
2954 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2955 break;
2956
2957 case ECOND_STR_EQI:
2958 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2959 break;
2960
2961 case ECOND_STR_GT:
2962 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2963 break;
2964
2965 case ECOND_STR_GTI:
2966 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2967 break;
2968
2969 case ECOND_STR_GE:
2970 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2971 break;
2972
2973 case ECOND_STR_GEI:
2974 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2975 break;
2976
2977 case ECOND_MATCH: /* Regular expression match */
2978 if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
2979 &roffset, NULL)))
2980 {
2981 expand_string_message = string_sprintf("regular expression error in "
2982 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2983 return NULL;
2984 }
2985 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2986 break;
2987
2988 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2989 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2990 goto MATCHED_SOMETHING;
2991
2992 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2993 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2994 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2995 goto MATCHED_SOMETHING;
2996
2997 case ECOND_MATCH_IP: /* Match IP address in a host list */
2998 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2999 {
3000 expand_string_message = string_sprintf("\"%s\" is not an IP address",
3001 sub[0]);
3002 return NULL;
3003 }
3004 else
3005 {
3006 unsigned int *nullcache = NULL;
3007 check_host_block cb;
3008
3009 cb.host_name = US"";
3010 cb.host_address = sub[0];
3011
3012 /* If the host address starts off ::ffff: it is an IPv6 address in
3013 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
3014 addresses. */
3015
3016 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
3017 cb.host_address + 7 : cb.host_address;
3018
3019 rc = match_check_list(
3020 &sub[1], /* the list */
3021 0, /* separator character */
3022 &hostlist_anchor, /* anchor pointer */
3023 &nullcache, /* cache pointer */
3024 check_host, /* function for testing */
3025 &cb, /* argument for function */
3026 MCL_HOST, /* type of check */
3027 sub[0], /* text for debugging */
3028 NULL); /* where to pass back data */
3029 }
3030 goto MATCHED_SOMETHING;
3031
3032 case ECOND_MATCH_LOCAL_PART:
3033 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
3034 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
3035 /* Fall through */
3036 /* VVVVVVVVVVVV */
3037 MATCHED_SOMETHING:
3038 switch(rc)
3039 {
3040 case OK:
3041 tempcond = TRUE;
3042 break;
3043
3044 case FAIL:
3045 tempcond = FALSE;
3046 break;
3047
3048 case DEFER:
3049 expand_string_message = string_sprintf("unable to complete match "
3050 "against \"%s\": %s", sub[1], search_error_message);
3051 return NULL;
3052 }
3053
3054 break;
3055
3056 /* Various "encrypted" comparisons. If the second string starts with
3057 "{" then an encryption type is given. Default to crypt() or crypt16()
3058 (build-time choice). */
3059 /* }-for-text-editors */
3060
3061 case ECOND_CRYPTEQ:
3062 #ifndef SUPPORT_CRYPTEQ
3063 goto COND_FAILED_NOT_COMPILED;
3064 #else
3065 if (strncmpic(sub[1], US"{md5}", 5) == 0)
3066 {
3067 int sublen = Ustrlen(sub[1]+5);
3068 md5 base;
3069 uschar digest[16];
3070
3071 md5_start(&base);
3072 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
3073
3074 /* If the length that we are comparing against is 24, the MD5 digest
3075 is expressed as a base64 string. This is the way LDAP does it. However,
3076 some other software uses a straightforward hex representation. We assume
3077 this if the length is 32. Other lengths fail. */
3078
3079 if (sublen == 24)
3080 {
3081 uschar *coded = b64encode(CUS digest, 16);
3082 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
3083 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3084 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
3085 }
3086 else if (sublen == 32)
3087 {
3088 uschar coded[36];
3089 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3090 coded[32] = 0;
3091 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
3092 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3093 tempcond = (strcmpic(coded, sub[1]+5) == 0);
3094 }
3095 else
3096 {
3097 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
3098 "fail\n crypted=%s\n", sub[1]+5);
3099 tempcond = FALSE;
3100 }
3101 }
3102
3103 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
3104 {
3105 int sublen = Ustrlen(sub[1]+6);
3106 hctx h;
3107 uschar digest[20];
3108
3109 sha1_start(&h);
3110 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
3111
3112 /* If the length that we are comparing against is 28, assume the SHA1
3113 digest is expressed as a base64 string. If the length is 40, assume a
3114 straightforward hex representation. Other lengths fail. */
3115
3116 if (sublen == 28)
3117 {
3118 uschar *coded = b64encode(CUS digest, 20);
3119 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
3120 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3121 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
3122 }
3123 else if (sublen == 40)
3124 {
3125 uschar coded[44];
3126 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3127 coded[40] = 0;
3128 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
3129 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3130 tempcond = (strcmpic(coded, sub[1]+6) == 0);
3131 }
3132 else
3133 {
3134 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
3135 "fail\n crypted=%s\n", sub[1]+6);
3136 tempcond = FALSE;
3137 }
3138 }
3139
3140 else /* {crypt} or {crypt16} and non-{ at start */
3141 /* }-for-text-editors */
3142 {
3143 int which = 0;
3144 uschar *coded;
3145
3146 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
3147 {
3148 sub[1] += 7;
3149 which = 1;
3150 }
3151 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
3152 {
3153 sub[1] += 9;
3154 which = 2;
3155 }
3156 else if (sub[1][0] == '{') /* }-for-text-editors */
3157 {
3158 expand_string_message = string_sprintf("unknown encryption mechanism "
3159 "in \"%s\"", sub[1]);
3160 return NULL;
3161 }
3162
3163 switch(which)
3164 {
3165 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
3166 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
3167 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
3168 }
3169
3170 #define STR(s) # s
3171 #define XSTR(s) STR(s)
3172 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
3173 " subject=%s\n crypted=%s\n",
3174 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
3175 coded, sub[1]);
3176 #undef STR
3177 #undef XSTR
3178
3179 /* If the encrypted string contains fewer than two characters (for the
3180 salt), force failure. Otherwise we get false positives: with an empty
3181 string the yield of crypt() is an empty string! */
3182
3183 if (coded)
3184 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
3185 else if (errno == EINVAL)
3186 tempcond = FALSE;
3187 else
3188 {
3189 expand_string_message = string_sprintf("crypt error: %s\n",
3190 US strerror(errno));
3191 return NULL;
3192 }
3193 }
3194 break;
3195 #endif /* SUPPORT_CRYPTEQ */
3196
3197 case ECOND_INLIST:
3198 case ECOND_INLISTI:
3199 {
3200 const uschar * list = sub[1];
3201 int sep = 0;
3202 uschar *save_iterate_item = iterate_item;
3203 int (*compare)(const uschar *, const uschar *);
3204
3205 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
3206
3207 tempcond = FALSE;
3208 compare = cond_type == ECOND_INLISTI
3209 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
3210
3211 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
3212 {
3213 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
3214 if (compare(sub[0], iterate_item) == 0)
3215 {
3216 tempcond = TRUE;
3217 break;
3218 }
3219 }
3220 iterate_item = save_iterate_item;
3221 }
3222
3223 } /* Switch for comparison conditions */
3224
3225 *yield = tempcond == testfor;
3226 return s; /* End of comparison conditions */
3227
3228
3229 /* and/or: computes logical and/or of several conditions */
3230
3231 case ECOND_AND:
3232 case ECOND_OR:
3233 subcondptr = (yield == NULL) ? NULL : &tempcond;
3234 combined_cond = (cond_type == ECOND_AND);
3235
3236 while (isspace(*s)) s++;
3237 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3238
3239 for (;;)
3240 {
3241 while (isspace(*s)) s++;
3242 /* {-for-text-editors */
3243 if (*s == '}') break;
3244 if (*s != '{') /* }-for-text-editors */
3245 {
3246 expand_string_message = string_sprintf("each subcondition "
3247 "inside an \"%s{...}\" condition must be in its own {}", opname);
3248 return NULL;
3249 }
3250
3251 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3252 {
3253 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3254 expand_string_message, opname);
3255 return NULL;
3256 }
3257 while (isspace(*s)) s++;
3258
3259 /* {-for-text-editors */
3260 if (*s++ != '}')
3261 {
3262 /* {-for-text-editors */
3263 expand_string_message = string_sprintf("missing } at end of condition "
3264 "inside \"%s\" group", opname);
3265 return NULL;
3266 }
3267
3268 if (yield)
3269 if (cond_type == ECOND_AND)
3270 {
3271 combined_cond &= tempcond;
3272 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3273 } /* evaluate any more */
3274 else
3275 {
3276 combined_cond |= tempcond;
3277 if (combined_cond) subcondptr = NULL; /* once true, don't */
3278 } /* evaluate any more */
3279 }
3280
3281 if (yield) *yield = (combined_cond == testfor);
3282 return ++s;
3283
3284
3285 /* forall/forany: iterates a condition with different values */
3286
3287 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3288 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3289 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3290 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3291 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3292 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3293
3294 FORMANY:
3295 {
3296 const uschar * list;
3297 int sep = 0;
3298 uschar *save_iterate_item = iterate_item;
3299
3300 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
3301
3302 while (isspace(*s)) s++;
3303 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3304 if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok)))
3305 return NULL;
3306 /* {-for-text-editors */
3307 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3308
3309 while (isspace(*s)) s++;
3310 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3311
3312 sub[1] = s;
3313
3314 /* Call eval_condition once, with result discarded (as if scanning a
3315 "false" part). This allows us to find the end of the condition, because if
3316 the list it empty, we won't actually evaluate the condition for real. */
3317
3318 if (!(s = eval_condition(sub[1], resetok, NULL)))
3319 {
3320 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3321 expand_string_message, opname);
3322 return NULL;
3323 }
3324 while (isspace(*s)) s++;
3325
3326 /* {-for-text-editors */
3327 if (*s++ != '}')
3328 {
3329 /* {-for-text-editors */
3330 expand_string_message = string_sprintf("missing } at end of condition "
3331 "inside \"%s\"", opname);
3332 return NULL;
3333 }
3334
3335 if (yield) *yield = !testfor;
3336 list = sub[0];
3337 if (is_json) list = dewrap(string_copy(list), US"[]");
3338 while ((iterate_item = is_json
3339 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3340 {
3341 if (is_jsons)
3342 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3343 {
3344 expand_string_message =
3345 string_sprintf("%s wrapping string result for extract jsons",
3346 expand_string_message);
3347 iterate_item = save_iterate_item;
3348 return NULL;
3349 }
3350
3351 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n"