Use Ustrlen() on a uschar
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2014 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL, BOOL, BOOL *);
17
18 #ifdef STAND_ALONE
19 #ifndef SUPPORT_CRYPTEQ
20 #define SUPPORT_CRYPTEQ
21 #endif
22 #endif
23
24 #ifdef LOOKUP_LDAP
25 #include "lookups/ldap.h"
26 #endif
27
28 #ifdef SUPPORT_CRYPTEQ
29 #ifdef CRYPT_H
30 #include <crypt.h>
31 #endif
32 #ifndef HAVE_CRYPT16
33 extern char* crypt16(char*, char*);
34 #endif
35 #endif
36
37 /* The handling of crypt16() is a mess. I will record below the analysis of the
38 mess that was sent to me. We decided, however, to make changing this very low
39 priority, because in practice people are moving away from the crypt()
40 algorithms nowadays, so it doesn't seem worth it.
41
42 <quote>
43 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44 the first 8 characters of the password using a 20-round version of crypt
45 (standard crypt does 25 rounds). It then crypts the next 8 characters,
46 or an empty block if the password is less than 9 characters, using a
47 20-round version of crypt and the same salt as was used for the first
48 block. Charaters after the first 16 are ignored. It always generates
49 a 16-byte hash, which is expressed together with the salt as a string
50 of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56 and OSF/1. This is the same as the standard crypt if given a password
57 of 8 characters or less. If given more, it first does the same as crypt
58 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59 using as salt the first two base 64 digits from the first hash block.
60 If the password is more than 16 characters then it crypts the 17th to 24th
61 characters using as salt the first two base 64 digits from the second hash
62 block. And so on: I've seen references to it cutting off the password at
63 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70 Exim has something it calls "crypt16". It will either use a native
71 crypt16 or its own implementation. A native crypt16 will presumably
72 be the one that I called "crypt16" above. The internal "crypt16"
73 function, however, is a two-block-maximum implementation of what I called
74 "bigcrypt". The documentation matches the internal code.
75
76 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77 that crypt16 and bigcrypt were different things.
78
79 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80 to whatever it is using under that name. This unfortunately sets a
81 precedent for using "{crypt16}" to identify two incompatible algorithms
82 whose output can't be distinguished. With "{crypt16}" thus rendered
83 ambiguous, I suggest you deprecate it and invent two new identifiers
84 for the two algorithms.
85
86 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87 of the password separately means they can be cracked separately, so
88 the double-length hash only doubles the cracking effort instead of
89 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90 bcrypt ({CRYPT}$2a$).
91 </quote>
92 */
93
94
95
96 #ifndef nelements
97 # define nelements(arr) (sizeof(arr) / sizeof(*arr))
98 #endif
99
100 /*************************************************
101 * Local statics and tables *
102 *************************************************/
103
104 /* Table of item names, and corresponding switch numbers. The names must be in
105 alphabetical order. */
106
107 static uschar *item_table[] = {
108 US"acl",
109 US"certextract",
110 US"dlfunc",
111 US"extract",
112 US"filter",
113 US"hash",
114 US"hmac",
115 US"if",
116 US"length",
117 US"listextract",
118 US"lookup",
119 US"map",
120 US"nhash",
121 US"perl",
122 US"prvs",
123 US"prvscheck",
124 US"readfile",
125 US"readsocket",
126 US"reduce",
127 US"run",
128 US"sg",
129 US"substr",
130 US"tr" };
131
132 enum {
133 EITEM_ACL,
134 EITEM_CERTEXTRACT,
135 EITEM_DLFUNC,
136 EITEM_EXTRACT,
137 EITEM_FILTER,
138 EITEM_HASH,
139 EITEM_HMAC,
140 EITEM_IF,
141 EITEM_LENGTH,
142 EITEM_LISTEXTRACT,
143 EITEM_LOOKUP,
144 EITEM_MAP,
145 EITEM_NHASH,
146 EITEM_PERL,
147 EITEM_PRVS,
148 EITEM_PRVSCHECK,
149 EITEM_READFILE,
150 EITEM_READSOCK,
151 EITEM_REDUCE,
152 EITEM_RUN,
153 EITEM_SG,
154 EITEM_SUBSTR,
155 EITEM_TR };
156
157 /* Tables of operator names, and corresponding switch numbers. The names must be
158 in alphabetical order. There are two tables, because underscore is used in some
159 cases to introduce arguments, whereas for other it is part of the name. This is
160 an historical mis-design. */
161
162 static uschar *op_table_underscore[] = {
163 US"from_utf8",
164 US"local_part",
165 US"quote_local_part",
166 US"reverse_ip",
167 US"time_eval",
168 US"time_interval"};
169
170 enum {
171 EOP_FROM_UTF8,
172 EOP_LOCAL_PART,
173 EOP_QUOTE_LOCAL_PART,
174 EOP_REVERSE_IP,
175 EOP_TIME_EVAL,
176 EOP_TIME_INTERVAL };
177
178 static uschar *op_table_main[] = {
179 US"address",
180 US"addresses",
181 US"base62",
182 US"base62d",
183 US"domain",
184 US"escape",
185 US"eval",
186 US"eval10",
187 US"expand",
188 US"h",
189 US"hash",
190 US"hex2b64",
191 US"hexquote",
192 US"l",
193 US"lc",
194 US"length",
195 US"listcount",
196 US"listnamed",
197 US"mask",
198 US"md5",
199 US"nh",
200 US"nhash",
201 US"quote",
202 US"randint",
203 US"rfc2047",
204 US"rfc2047d",
205 US"rxquote",
206 US"s",
207 US"sha1",
208 US"sha256",
209 US"stat",
210 US"str2b64",
211 US"strlen",
212 US"substr",
213 US"uc",
214 US"utf8clean" };
215
216 enum {
217 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
218 EOP_ADDRESSES,
219 EOP_BASE62,
220 EOP_BASE62D,
221 EOP_DOMAIN,
222 EOP_ESCAPE,
223 EOP_EVAL,
224 EOP_EVAL10,
225 EOP_EXPAND,
226 EOP_H,
227 EOP_HASH,
228 EOP_HEX2B64,
229 EOP_HEXQUOTE,
230 EOP_L,
231 EOP_LC,
232 EOP_LENGTH,
233 EOP_LISTCOUNT,
234 EOP_LISTNAMED,
235 EOP_MASK,
236 EOP_MD5,
237 EOP_NH,
238 EOP_NHASH,
239 EOP_QUOTE,
240 EOP_RANDINT,
241 EOP_RFC2047,
242 EOP_RFC2047D,
243 EOP_RXQUOTE,
244 EOP_S,
245 EOP_SHA1,
246 EOP_SHA256,
247 EOP_STAT,
248 EOP_STR2B64,
249 EOP_STRLEN,
250 EOP_SUBSTR,
251 EOP_UC,
252 EOP_UTF8CLEAN };
253
254
255 /* Table of condition names, and corresponding switch numbers. The names must
256 be in alphabetical order. */
257
258 static uschar *cond_table[] = {
259 US"<",
260 US"<=",
261 US"=",
262 US"==", /* Backward compatibility */
263 US">",
264 US">=",
265 US"acl",
266 US"and",
267 US"bool",
268 US"bool_lax",
269 US"crypteq",
270 US"def",
271 US"eq",
272 US"eqi",
273 US"exists",
274 US"first_delivery",
275 US"forall",
276 US"forany",
277 US"ge",
278 US"gei",
279 US"gt",
280 US"gti",
281 US"inlist",
282 US"inlisti",
283 US"isip",
284 US"isip4",
285 US"isip6",
286 US"ldapauth",
287 US"le",
288 US"lei",
289 US"lt",
290 US"lti",
291 US"match",
292 US"match_address",
293 US"match_domain",
294 US"match_ip",
295 US"match_local_part",
296 US"or",
297 US"pam",
298 US"pwcheck",
299 US"queue_running",
300 US"radius",
301 US"saslauthd"
302 };
303
304 enum {
305 ECOND_NUM_L,
306 ECOND_NUM_LE,
307 ECOND_NUM_E,
308 ECOND_NUM_EE,
309 ECOND_NUM_G,
310 ECOND_NUM_GE,
311 ECOND_ACL,
312 ECOND_AND,
313 ECOND_BOOL,
314 ECOND_BOOL_LAX,
315 ECOND_CRYPTEQ,
316 ECOND_DEF,
317 ECOND_STR_EQ,
318 ECOND_STR_EQI,
319 ECOND_EXISTS,
320 ECOND_FIRST_DELIVERY,
321 ECOND_FORALL,
322 ECOND_FORANY,
323 ECOND_STR_GE,
324 ECOND_STR_GEI,
325 ECOND_STR_GT,
326 ECOND_STR_GTI,
327 ECOND_INLIST,
328 ECOND_INLISTI,
329 ECOND_ISIP,
330 ECOND_ISIP4,
331 ECOND_ISIP6,
332 ECOND_LDAPAUTH,
333 ECOND_STR_LE,
334 ECOND_STR_LEI,
335 ECOND_STR_LT,
336 ECOND_STR_LTI,
337 ECOND_MATCH,
338 ECOND_MATCH_ADDRESS,
339 ECOND_MATCH_DOMAIN,
340 ECOND_MATCH_IP,
341 ECOND_MATCH_LOCAL_PART,
342 ECOND_OR,
343 ECOND_PAM,
344 ECOND_PWCHECK,
345 ECOND_QUEUE_RUNNING,
346 ECOND_RADIUS,
347 ECOND_SASLAUTHD
348 };
349
350
351 /* Types of table entry */
352
353 enum vtypes {
354 vtype_int, /* value is address of int */
355 vtype_filter_int, /* ditto, but recognized only when filtering */
356 vtype_ino, /* value is address of ino_t (not always an int) */
357 vtype_uid, /* value is address of uid_t (not always an int) */
358 vtype_gid, /* value is address of gid_t (not always an int) */
359 vtype_bool, /* value is address of bool */
360 vtype_stringptr, /* value is address of pointer to string */
361 vtype_msgbody, /* as stringptr, but read when first required */
362 vtype_msgbody_end, /* ditto, the end of the message */
363 vtype_msgheaders, /* the message's headers, processed */
364 vtype_msgheaders_raw, /* the message's headers, unprocessed */
365 vtype_localpart, /* extract local part from string */
366 vtype_domain, /* extract domain from string */
367 vtype_string_func, /* value is string returned by given function */
368 vtype_todbsdin, /* value not used; generate BSD inbox tod */
369 vtype_tode, /* value not used; generate tod in epoch format */
370 vtype_todel, /* value not used; generate tod in epoch/usec format */
371 vtype_todf, /* value not used; generate full tod */
372 vtype_todl, /* value not used; generate log tod */
373 vtype_todlf, /* value not used; generate log file datestamp tod */
374 vtype_todzone, /* value not used; generate time zone only */
375 vtype_todzulu, /* value not used; generate zulu tod */
376 vtype_reply, /* value not used; get reply from headers */
377 vtype_pid, /* value not used; result is pid */
378 vtype_host_lookup, /* value not used; get host name */
379 vtype_load_avg, /* value not used; result is int from os_getloadavg */
380 vtype_pspace, /* partition space; value is T/F for spool/log */
381 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
382 vtype_cert /* SSL certificate */
383 #ifndef DISABLE_DKIM
384 ,vtype_dkim /* Lookup of value in DKIM signature */
385 #endif
386 };
387
388 /* Type for main variable table */
389
390 typedef struct {
391 const char *name;
392 enum vtypes type;
393 void *value;
394 } var_entry;
395
396 /* Type for entries pointing to address/length pairs. Not currently
397 in use. */
398
399 typedef struct {
400 uschar **address;
401 int *length;
402 } alblock;
403
404 static uschar * fn_recipients(void);
405
406 /* This table must be kept in alphabetical order. */
407
408 static var_entry var_table[] = {
409 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
410 they will be confused with user-creatable ACL variables. */
411 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
412 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
413 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
414 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
415 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
416 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
417 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
418 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
419 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
420 { "acl_narg", vtype_int, &acl_narg },
421 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
422 { "address_data", vtype_stringptr, &deliver_address_data },
423 { "address_file", vtype_stringptr, &address_file },
424 { "address_pipe", vtype_stringptr, &address_pipe },
425 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
426 { "authenticated_id", vtype_stringptr, &authenticated_id },
427 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
428 { "authentication_failed",vtype_int, &authentication_failed },
429 #ifdef WITH_CONTENT_SCAN
430 { "av_failed", vtype_int, &av_failed },
431 #endif
432 #ifdef EXPERIMENTAL_BRIGHTMAIL
433 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
434 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
435 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
436 { "bmi_deliver", vtype_int, &bmi_deliver },
437 #endif
438 { "body_linecount", vtype_int, &body_linecount },
439 { "body_zerocount", vtype_int, &body_zerocount },
440 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
441 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
442 { "caller_gid", vtype_gid, &real_gid },
443 { "caller_uid", vtype_uid, &real_uid },
444 { "compile_date", vtype_stringptr, &version_date },
445 { "compile_number", vtype_stringptr, &version_cnumber },
446 { "csa_status", vtype_stringptr, &csa_status },
447 #ifdef EXPERIMENTAL_DCC
448 { "dcc_header", vtype_stringptr, &dcc_header },
449 { "dcc_result", vtype_stringptr, &dcc_result },
450 #endif
451 #ifdef WITH_OLD_DEMIME
452 { "demime_errorlevel", vtype_int, &demime_errorlevel },
453 { "demime_reason", vtype_stringptr, &demime_reason },
454 #endif
455 #ifndef DISABLE_DKIM
456 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
457 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
458 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
459 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
460 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
461 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
462 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
463 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
464 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
465 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
466 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
467 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
468 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
469 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
470 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
471 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
472 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
473 { "dkim_signers", vtype_stringptr, &dkim_signers },
474 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
475 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
476 #endif
477 #ifdef EXPERIMENTAL_DMARC
478 { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
479 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
480 { "dmarc_status", vtype_stringptr, &dmarc_status },
481 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
482 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
483 #endif
484 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
485 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
486 { "dnslist_text", vtype_stringptr, &dnslist_text },
487 { "dnslist_value", vtype_stringptr, &dnslist_value },
488 { "domain", vtype_stringptr, &deliver_domain },
489 { "domain_data", vtype_stringptr, &deliver_domain_data },
490 { "exim_gid", vtype_gid, &exim_gid },
491 { "exim_path", vtype_stringptr, &exim_path },
492 { "exim_uid", vtype_uid, &exim_uid },
493 #ifdef WITH_OLD_DEMIME
494 { "found_extension", vtype_stringptr, &found_extension },
495 #endif
496 { "headers_added", vtype_string_func, &fn_hdrs_added },
497 { "home", vtype_stringptr, &deliver_home },
498 { "host", vtype_stringptr, &deliver_host },
499 { "host_address", vtype_stringptr, &deliver_host_address },
500 { "host_data", vtype_stringptr, &host_data },
501 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
502 { "host_lookup_failed", vtype_int, &host_lookup_failed },
503 { "inode", vtype_ino, &deliver_inode },
504 { "interface_address", vtype_stringptr, &interface_address },
505 { "interface_port", vtype_int, &interface_port },
506 { "item", vtype_stringptr, &iterate_item },
507 #ifdef LOOKUP_LDAP
508 { "ldap_dn", vtype_stringptr, &eldap_dn },
509 #endif
510 { "load_average", vtype_load_avg, NULL },
511 { "local_part", vtype_stringptr, &deliver_localpart },
512 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
513 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
514 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
515 { "local_scan_data", vtype_stringptr, &local_scan_data },
516 { "local_user_gid", vtype_gid, &local_user_gid },
517 { "local_user_uid", vtype_uid, &local_user_uid },
518 { "localhost_number", vtype_int, &host_number },
519 { "log_inodes", vtype_pinodes, (void *)FALSE },
520 { "log_space", vtype_pspace, (void *)FALSE },
521 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
522 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
523 #ifdef WITH_CONTENT_SCAN
524 { "malware_name", vtype_stringptr, &malware_name },
525 #endif
526 { "max_received_linelength", vtype_int, &max_received_linelength },
527 { "message_age", vtype_int, &message_age },
528 { "message_body", vtype_msgbody, &message_body },
529 { "message_body_end", vtype_msgbody_end, &message_body_end },
530 { "message_body_size", vtype_int, &message_body_size },
531 { "message_exim_id", vtype_stringptr, &message_id },
532 { "message_headers", vtype_msgheaders, NULL },
533 { "message_headers_raw", vtype_msgheaders_raw, NULL },
534 { "message_id", vtype_stringptr, &message_id },
535 { "message_linecount", vtype_int, &message_linecount },
536 { "message_size", vtype_int, &message_size },
537 #ifdef WITH_CONTENT_SCAN
538 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
539 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
540 { "mime_boundary", vtype_stringptr, &mime_boundary },
541 { "mime_charset", vtype_stringptr, &mime_charset },
542 { "mime_content_description", vtype_stringptr, &mime_content_description },
543 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
544 { "mime_content_id", vtype_stringptr, &mime_content_id },
545 { "mime_content_size", vtype_int, &mime_content_size },
546 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
547 { "mime_content_type", vtype_stringptr, &mime_content_type },
548 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
549 { "mime_filename", vtype_stringptr, &mime_filename },
550 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
551 { "mime_is_multipart", vtype_int, &mime_is_multipart },
552 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
553 { "mime_part_count", vtype_int, &mime_part_count },
554 #endif
555 { "n0", vtype_filter_int, &filter_n[0] },
556 { "n1", vtype_filter_int, &filter_n[1] },
557 { "n2", vtype_filter_int, &filter_n[2] },
558 { "n3", vtype_filter_int, &filter_n[3] },
559 { "n4", vtype_filter_int, &filter_n[4] },
560 { "n5", vtype_filter_int, &filter_n[5] },
561 { "n6", vtype_filter_int, &filter_n[6] },
562 { "n7", vtype_filter_int, &filter_n[7] },
563 { "n8", vtype_filter_int, &filter_n[8] },
564 { "n9", vtype_filter_int, &filter_n[9] },
565 { "original_domain", vtype_stringptr, &deliver_domain_orig },
566 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
567 { "originator_gid", vtype_gid, &originator_gid },
568 { "originator_uid", vtype_uid, &originator_uid },
569 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
570 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
571 { "pid", vtype_pid, NULL },
572 { "primary_hostname", vtype_stringptr, &primary_hostname },
573 #ifdef EXPERIMENTAL_PROXY
574 { "proxy_host_address", vtype_stringptr, &proxy_host_address },
575 { "proxy_host_port", vtype_int, &proxy_host_port },
576 { "proxy_session", vtype_bool, &proxy_session },
577 { "proxy_target_address",vtype_stringptr, &proxy_target_address },
578 { "proxy_target_port", vtype_int, &proxy_target_port },
579 #endif
580 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
581 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
582 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
583 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
584 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
585 { "rcpt_count", vtype_int, &rcpt_count },
586 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
587 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
588 { "received_count", vtype_int, &received_count },
589 { "received_for", vtype_stringptr, &received_for },
590 { "received_ip_address", vtype_stringptr, &interface_address },
591 { "received_port", vtype_int, &interface_port },
592 { "received_protocol", vtype_stringptr, &received_protocol },
593 { "received_time", vtype_int, &received_time },
594 { "recipient_data", vtype_stringptr, &recipient_data },
595 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
596 { "recipients", vtype_string_func, &fn_recipients },
597 { "recipients_count", vtype_int, &recipients_count },
598 #ifdef WITH_CONTENT_SCAN
599 { "regex_match_string", vtype_stringptr, &regex_match_string },
600 #endif
601 { "reply_address", vtype_reply, NULL },
602 { "return_path", vtype_stringptr, &return_path },
603 { "return_size_limit", vtype_int, &bounce_return_size_limit },
604 { "router_name", vtype_stringptr, &router_name },
605 { "runrc", vtype_int, &runrc },
606 { "self_hostname", vtype_stringptr, &self_hostname },
607 { "sender_address", vtype_stringptr, &sender_address },
608 { "sender_address_data", vtype_stringptr, &sender_address_data },
609 { "sender_address_domain", vtype_domain, &sender_address },
610 { "sender_address_local_part", vtype_localpart, &sender_address },
611 { "sender_data", vtype_stringptr, &sender_data },
612 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
613 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
614 { "sender_host_address", vtype_stringptr, &sender_host_address },
615 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
616 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
617 { "sender_host_name", vtype_host_lookup, NULL },
618 { "sender_host_port", vtype_int, &sender_host_port },
619 { "sender_ident", vtype_stringptr, &sender_ident },
620 { "sender_rate", vtype_stringptr, &sender_rate },
621 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
622 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
623 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
624 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
625 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
626 { "sending_port", vtype_int, &sending_port },
627 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
628 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
629 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
630 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
631 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
632 { "sn0", vtype_filter_int, &filter_sn[0] },
633 { "sn1", vtype_filter_int, &filter_sn[1] },
634 { "sn2", vtype_filter_int, &filter_sn[2] },
635 { "sn3", vtype_filter_int, &filter_sn[3] },
636 { "sn4", vtype_filter_int, &filter_sn[4] },
637 { "sn5", vtype_filter_int, &filter_sn[5] },
638 { "sn6", vtype_filter_int, &filter_sn[6] },
639 { "sn7", vtype_filter_int, &filter_sn[7] },
640 { "sn8", vtype_filter_int, &filter_sn[8] },
641 { "sn9", vtype_filter_int, &filter_sn[9] },
642 #ifdef WITH_CONTENT_SCAN
643 { "spam_bar", vtype_stringptr, &spam_bar },
644 { "spam_report", vtype_stringptr, &spam_report },
645 { "spam_score", vtype_stringptr, &spam_score },
646 { "spam_score_int", vtype_stringptr, &spam_score_int },
647 #endif
648 #ifdef EXPERIMENTAL_SPF
649 { "spf_guess", vtype_stringptr, &spf_guess },
650 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
651 { "spf_received", vtype_stringptr, &spf_received },
652 { "spf_result", vtype_stringptr, &spf_result },
653 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
654 #endif
655 { "spool_directory", vtype_stringptr, &spool_directory },
656 { "spool_inodes", vtype_pinodes, (void *)TRUE },
657 { "spool_space", vtype_pspace, (void *)TRUE },
658 #ifdef EXPERIMENTAL_SRS
659 { "srs_db_address", vtype_stringptr, &srs_db_address },
660 { "srs_db_key", vtype_stringptr, &srs_db_key },
661 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
662 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
663 { "srs_recipient", vtype_stringptr, &srs_recipient },
664 { "srs_status", vtype_stringptr, &srs_status },
665 #endif
666 { "thisaddress", vtype_stringptr, &filter_thisaddress },
667
668 /* The non-(in,out) variables are now deprecated */
669 { "tls_bits", vtype_int, &tls_in.bits },
670 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
671 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
672
673 { "tls_in_bits", vtype_int, &tls_in.bits },
674 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
675 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
676 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
677 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
678 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
679 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
680 #if defined(SUPPORT_TLS)
681 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
682 #endif
683 { "tls_out_bits", vtype_int, &tls_out.bits },
684 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
685 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
686 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
687 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
688 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
689 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
690 #if defined(SUPPORT_TLS)
691 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
692 #endif
693
694 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
695 #if defined(SUPPORT_TLS)
696 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
697 #endif
698
699 { "tod_bsdinbox", vtype_todbsdin, NULL },
700 { "tod_epoch", vtype_tode, NULL },
701 { "tod_epoch_l", vtype_todel, NULL },
702 { "tod_full", vtype_todf, NULL },
703 { "tod_log", vtype_todl, NULL },
704 { "tod_logfile", vtype_todlf, NULL },
705 { "tod_zone", vtype_todzone, NULL },
706 { "tod_zulu", vtype_todzulu, NULL },
707 #ifdef EXPERIMENTAL_TPDA
708 { "tpda_defer_errno", vtype_int, &tpda_defer_errno },
709 { "tpda_defer_errstr", vtype_stringptr, &tpda_defer_errstr },
710 { "tpda_delivery_confirmation", vtype_stringptr, &tpda_delivery_confirmation },
711 { "tpda_delivery_domain", vtype_stringptr, &tpda_delivery_domain },
712 { "tpda_delivery_fqdn", vtype_stringptr, &tpda_delivery_fqdn },
713 { "tpda_delivery_ip", vtype_stringptr, &tpda_delivery_ip },
714 { "tpda_delivery_local_part",vtype_stringptr,&tpda_delivery_local_part },
715 { "tpda_delivery_port", vtype_int, &tpda_delivery_port },
716 #endif
717 { "transport_name", vtype_stringptr, &transport_name },
718 { "value", vtype_stringptr, &lookup_value },
719 { "version_number", vtype_stringptr, &version_string },
720 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
721 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
722 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
723 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
724 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
725 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
726 };
727
728 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
729 static uschar var_buffer[256];
730 static BOOL malformed_header;
731
732 /* For textual hashes */
733
734 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
735 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
736 "0123456789";
737
738 enum { HMAC_MD5, HMAC_SHA1 };
739
740 /* For numeric hashes */
741
742 static unsigned int prime[] = {
743 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
744 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
745 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
746
747 /* For printing modes in symbolic form */
748
749 static uschar *mtable_normal[] =
750 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
751
752 static uschar *mtable_setid[] =
753 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
754
755 static uschar *mtable_sticky[] =
756 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
757
758
759
760 /*************************************************
761 * Tables for UTF-8 support *
762 *************************************************/
763
764 /* Table of the number of extra characters, indexed by the first character
765 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
766 0x3d. */
767
768 static uschar utf8_table1[] = {
769 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
770 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
771 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
772 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
773
774 /* These are the masks for the data bits in the first byte of a character,
775 indexed by the number of additional bytes. */
776
777 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
778
779 /* Get the next UTF-8 character, advancing the pointer. */
780
781 #define GETUTF8INC(c, ptr) \
782 c = *ptr++; \
783 if ((c & 0xc0) == 0xc0) \
784 { \
785 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
786 int s = 6*a; \
787 c = (c & utf8_table2[a]) << s; \
788 while (a-- > 0) \
789 { \
790 s -= 6; \
791 c |= (*ptr++ & 0x3f) << s; \
792 } \
793 }
794
795
796 /*************************************************
797 * Binary chop search on a table *
798 *************************************************/
799
800 /* This is used for matching expansion items and operators.
801
802 Arguments:
803 name the name that is being sought
804 table the table to search
805 table_size the number of items in the table
806
807 Returns: the offset in the table, or -1
808 */
809
810 static int
811 chop_match(uschar *name, uschar **table, int table_size)
812 {
813 uschar **bot = table;
814 uschar **top = table + table_size;
815
816 while (top > bot)
817 {
818 uschar **mid = bot + (top - bot)/2;
819 int c = Ustrcmp(name, *mid);
820 if (c == 0) return mid - table;
821 if (c > 0) bot = mid + 1; else top = mid;
822 }
823
824 return -1;
825 }
826
827
828
829 /*************************************************
830 * Check a condition string *
831 *************************************************/
832
833 /* This function is called to expand a string, and test the result for a "true"
834 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
835 forced fail or lookup defer.
836
837 We used to release all store used, but this is not not safe due
838 to ${dlfunc } and ${acl }. In any case expand_string_internal()
839 is reasonably careful to release what it can.
840
841 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
842
843 Arguments:
844 condition the condition string
845 m1 text to be incorporated in panic error
846 m2 ditto
847
848 Returns: TRUE if condition is met, FALSE if not
849 */
850
851 BOOL
852 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
853 {
854 int rc;
855 uschar *ss = expand_string(condition);
856 if (ss == NULL)
857 {
858 if (!expand_string_forcedfail && !search_find_defer)
859 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
860 "for %s %s: %s", condition, m1, m2, expand_string_message);
861 return FALSE;
862 }
863 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
864 strcmpic(ss, US"false") != 0;
865 return rc;
866 }
867
868
869
870
871 /*************************************************
872 * Pseudo-random number generation *
873 *************************************************/
874
875 /* Pseudo-random number generation. The result is not "expected" to be
876 cryptographically strong but not so weak that someone will shoot themselves
877 in the foot using it as a nonce in some email header scheme or whatever
878 weirdness they'll twist this into. The result should ideally handle fork().
879
880 However, if we're stuck unable to provide this, then we'll fall back to
881 appallingly bad randomness.
882
883 If SUPPORT_TLS is defined then this will not be used except as an emergency
884 fallback.
885
886 Arguments:
887 max range maximum
888 Returns a random number in range [0, max-1]
889 */
890
891 #ifdef SUPPORT_TLS
892 # define vaguely_random_number vaguely_random_number_fallback
893 #endif
894 int
895 vaguely_random_number(int max)
896 {
897 #ifdef SUPPORT_TLS
898 # undef vaguely_random_number
899 #endif
900 static pid_t pid = 0;
901 pid_t p2;
902 #if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
903 struct timeval tv;
904 #endif
905
906 p2 = getpid();
907 if (p2 != pid)
908 {
909 if (pid != 0)
910 {
911
912 #ifdef HAVE_ARC4RANDOM
913 /* cryptographically strong randomness, common on *BSD platforms, not
914 so much elsewhere. Alas. */
915 arc4random_stir();
916 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
917 #ifdef HAVE_SRANDOMDEV
918 /* uses random(4) for seeding */
919 srandomdev();
920 #else
921 gettimeofday(&tv, NULL);
922 srandom(tv.tv_sec | tv.tv_usec | getpid());
923 #endif
924 #else
925 /* Poor randomness and no seeding here */
926 #endif
927
928 }
929 pid = p2;
930 }
931
932 #ifdef HAVE_ARC4RANDOM
933 return arc4random() % max;
934 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
935 return random() % max;
936 #else
937 /* This one returns a 16-bit number, definitely not crypto-strong */
938 return random_number(max);
939 #endif
940 }
941
942
943
944
945 /*************************************************
946 * Pick out a name from a string *
947 *************************************************/
948
949 /* If the name is too long, it is silently truncated.
950
951 Arguments:
952 name points to a buffer into which to put the name
953 max is the length of the buffer
954 s points to the first alphabetic character of the name
955 extras chars other than alphanumerics to permit
956
957 Returns: pointer to the first character after the name
958
959 Note: The test for *s != 0 in the while loop is necessary because
960 Ustrchr() yields non-NULL if the character is zero (which is not something
961 I expected). */
962
963 static uschar *
964 read_name(uschar *name, int max, uschar *s, uschar *extras)
965 {
966 int ptr = 0;
967 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
968 {
969 if (ptr < max-1) name[ptr++] = *s;
970 s++;
971 }
972 name[ptr] = 0;
973 return s;
974 }
975
976
977
978 /*************************************************
979 * Pick out the rest of a header name *
980 *************************************************/
981
982 /* A variable name starting $header_ (or just $h_ for those who like
983 abbreviations) might not be the complete header name because headers can
984 contain any printing characters in their names, except ':'. This function is
985 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
986 on the end, if the name was terminated by white space.
987
988 Arguments:
989 name points to a buffer in which the name read so far exists
990 max is the length of the buffer
991 s points to the first character after the name so far, i.e. the
992 first non-alphameric character after $header_xxxxx
993
994 Returns: a pointer to the first character after the header name
995 */
996
997 static uschar *
998 read_header_name(uschar *name, int max, uschar *s)
999 {
1000 int prelen = Ustrchr(name, '_') - name + 1;
1001 int ptr = Ustrlen(name) - prelen;
1002 if (ptr > 0) memmove(name, name+prelen, ptr);
1003 while (mac_isgraph(*s) && *s != ':')
1004 {
1005 if (ptr < max-1) name[ptr++] = *s;
1006 s++;
1007 }
1008 if (*s == ':') s++;
1009 name[ptr++] = ':';
1010 name[ptr] = 0;
1011 return s;
1012 }
1013
1014
1015
1016 /*************************************************
1017 * Pick out a number from a string *
1018 *************************************************/
1019
1020 /* Arguments:
1021 n points to an integer into which to put the number
1022 s points to the first digit of the number
1023
1024 Returns: a pointer to the character after the last digit
1025 */
1026
1027 static uschar *
1028 read_number(int *n, uschar *s)
1029 {
1030 *n = 0;
1031 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1032 return s;
1033 }
1034
1035
1036
1037 /*************************************************
1038 * Extract keyed subfield from a string *
1039 *************************************************/
1040
1041 /* The yield is in dynamic store; NULL means that the key was not found.
1042
1043 Arguments:
1044 key points to the name of the key
1045 s points to the string from which to extract the subfield
1046
1047 Returns: NULL if the subfield was not found, or
1048 a pointer to the subfield's data
1049 */
1050
1051 static uschar *
1052 expand_getkeyed(uschar *key, uschar *s)
1053 {
1054 int length = Ustrlen(key);
1055 while (isspace(*s)) s++;
1056
1057 /* Loop to search for the key */
1058
1059 while (*s != 0)
1060 {
1061 int dkeylength;
1062 uschar *data;
1063 uschar *dkey = s;
1064
1065 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1066 dkeylength = s - dkey;
1067 while (isspace(*s)) s++;
1068 if (*s == '=') while (isspace((*(++s))));
1069
1070 data = string_dequote(&s);
1071 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1072 return data;
1073
1074 while (isspace(*s)) s++;
1075 }
1076
1077 return NULL;
1078 }
1079
1080
1081
1082 static var_entry *
1083 find_var_ent(uschar * name)
1084 {
1085 int first = 0;
1086 int last = var_table_size;
1087
1088 while (last > first)
1089 {
1090 int middle = (first + last)/2;
1091 int c = Ustrcmp(name, var_table[middle].name);
1092
1093 if (c > 0) { first = middle + 1; continue; }
1094 if (c < 0) { last = middle; continue; }
1095 return &var_table[middle];
1096 }
1097 return NULL;
1098 }
1099
1100 /*************************************************
1101 * Extract numbered subfield from string *
1102 *************************************************/
1103
1104 /* Extracts a numbered field from a string that is divided by tokens - for
1105 example a line from /etc/passwd is divided by colon characters. First field is
1106 numbered one. Negative arguments count from the right. Zero returns the whole
1107 string. Returns NULL if there are insufficient tokens in the string
1108
1109 ***WARNING***
1110 Modifies final argument - this is a dynamically generated string, so that's OK.
1111
1112 Arguments:
1113 field number of field to be extracted,
1114 first field = 1, whole string = 0, last field = -1
1115 separators characters that are used to break string into tokens
1116 s points to the string from which to extract the subfield
1117
1118 Returns: NULL if the field was not found,
1119 a pointer to the field's data inside s (modified to add 0)
1120 */
1121
1122 static uschar *
1123 expand_gettokened (int field, uschar *separators, uschar *s)
1124 {
1125 int sep = 1;
1126 int count;
1127 uschar *ss = s;
1128 uschar *fieldtext = NULL;
1129
1130 if (field == 0) return s;
1131
1132 /* Break the line up into fields in place; for field > 0 we stop when we have
1133 done the number of fields we want. For field < 0 we continue till the end of
1134 the string, counting the number of fields. */
1135
1136 count = (field > 0)? field : INT_MAX;
1137
1138 while (count-- > 0)
1139 {
1140 size_t len;
1141
1142 /* Previous field was the last one in the string. For a positive field
1143 number, this means there are not enough fields. For a negative field number,
1144 check that there are enough, and scan back to find the one that is wanted. */
1145
1146 if (sep == 0)
1147 {
1148 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1149 if ((-field) == (INT_MAX - count - 1)) return s;
1150 while (field++ < 0)
1151 {
1152 ss--;
1153 while (ss[-1] != 0) ss--;
1154 }
1155 fieldtext = ss;
1156 break;
1157 }
1158
1159 /* Previous field was not last in the string; save its start and put a
1160 zero at its end. */
1161
1162 fieldtext = ss;
1163 len = Ustrcspn(ss, separators);
1164 sep = ss[len];
1165 ss[len] = 0;
1166 ss += len + 1;
1167 }
1168
1169 return fieldtext;
1170 }
1171
1172
1173 static uschar *
1174 expand_getlistele(int field, uschar * list)
1175 {
1176 uschar * tlist= list;
1177 int sep= 0;
1178 uschar dummy;
1179
1180 if(field<0)
1181 {
1182 for(field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1183 sep= 0;
1184 }
1185 if(field==0) return NULL;
1186 while(--field>0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1187 return string_nextinlist(&list, &sep, NULL, 0);
1188 }
1189
1190
1191 /* Certificate fields, by name. Worry about by-OID later */
1192 /* Names are chosen to not have common prefixes */
1193
1194 #ifdef SUPPORT_TLS
1195 typedef struct
1196 {
1197 uschar * name;
1198 int namelen;
1199 uschar * (*getfn)(void * cert, uschar * mod);
1200 } certfield;
1201 static certfield certfields[] =
1202 { /* linear search; no special order */
1203 { US"version", 7, &tls_cert_version },
1204 { US"serial_number", 13, &tls_cert_serial_number },
1205 { US"subject", 7, &tls_cert_subject },
1206 { US"notbefore", 9, &tls_cert_not_before },
1207 { US"notafter", 8, &tls_cert_not_after },
1208 { US"issuer", 6, &tls_cert_issuer },
1209 { US"signature", 9, &tls_cert_signature },
1210 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1211 { US"subj_altname", 12, &tls_cert_subject_altname },
1212 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1213 { US"crl_uri", 7, &tls_cert_crl_uri },
1214 };
1215
1216 static uschar *
1217 expand_getcertele(uschar * field, uschar * certvar)
1218 {
1219 var_entry * vp;
1220 certfield * cp;
1221
1222 if (!(vp = find_var_ent(certvar)))
1223 {
1224 expand_string_message =
1225 string_sprintf("no variable named \"%s\"", certvar);
1226 return NULL; /* Unknown variable name */
1227 }
1228 /* NB this stops us passing certs around in variable. Might
1229 want to do that in future */
1230 if (vp->type != vtype_cert)
1231 {
1232 expand_string_message =
1233 string_sprintf("\"%s\" is not a certificate", certvar);
1234 return NULL; /* Unknown variable name */
1235 }
1236 if (!*(void **)vp->value)
1237 return NULL;
1238
1239 if (*field >= '0' && *field <= '9')
1240 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1241
1242 for(cp = certfields;
1243 cp < certfields + nelements(certfields);
1244 cp++)
1245 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1246 {
1247 uschar * modifier = *(field += cp->namelen) == ','
1248 ? ++field : NULL;
1249 return (*cp->getfn)( *(void **)vp->value, modifier );
1250 }
1251
1252 expand_string_message =
1253 string_sprintf("bad field selector \"%s\" for certextract", field);
1254 return NULL;
1255 }
1256 #endif /*SUPPORT_TLS*/
1257
1258 /*************************************************
1259 * Extract a substring from a string *
1260 *************************************************/
1261
1262 /* Perform the ${substr or ${length expansion operations.
1263
1264 Arguments:
1265 subject the input string
1266 value1 the offset from the start of the input string to the start of
1267 the output string; if negative, count from the right.
1268 value2 the length of the output string, or negative (-1) for unset
1269 if value1 is positive, unset means "all after"
1270 if value1 is negative, unset means "all before"
1271 len set to the length of the returned string
1272
1273 Returns: pointer to the output string, or NULL if there is an error
1274 */
1275
1276 static uschar *
1277 extract_substr(uschar *subject, int value1, int value2, int *len)
1278 {
1279 int sublen = Ustrlen(subject);
1280
1281 if (value1 < 0) /* count from right */
1282 {
1283 value1 += sublen;
1284
1285 /* If the position is before the start, skip to the start, and adjust the
1286 length. If the length ends up negative, the substring is null because nothing
1287 can precede. This falls out naturally when the length is unset, meaning "all
1288 to the left". */
1289
1290 if (value1 < 0)
1291 {
1292 value2 += value1;
1293 if (value2 < 0) value2 = 0;
1294 value1 = 0;
1295 }
1296
1297 /* Otherwise an unset length => characters before value1 */
1298
1299 else if (value2 < 0)
1300 {
1301 value2 = value1;
1302 value1 = 0;
1303 }
1304 }
1305
1306 /* For a non-negative offset, if the starting position is past the end of the
1307 string, the result will be the null string. Otherwise, an unset length means
1308 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1309
1310 else
1311 {
1312 if (value1 > sublen)
1313 {
1314 value1 = sublen;
1315 value2 = 0;
1316 }
1317 else if (value2 < 0) value2 = sublen;
1318 }
1319
1320 /* Cut the length down to the maximum possible for the offset value, and get
1321 the required characters. */
1322
1323 if (value1 + value2 > sublen) value2 = sublen - value1;
1324 *len = value2;
1325 return subject + value1;
1326 }
1327
1328
1329
1330
1331 /*************************************************
1332 * Old-style hash of a string *
1333 *************************************************/
1334
1335 /* Perform the ${hash expansion operation.
1336
1337 Arguments:
1338 subject the input string (an expanded substring)
1339 value1 the length of the output string; if greater or equal to the
1340 length of the input string, the input string is returned
1341 value2 the number of hash characters to use, or 26 if negative
1342 len set to the length of the returned string
1343
1344 Returns: pointer to the output string, or NULL if there is an error
1345 */
1346
1347 static uschar *
1348 compute_hash(uschar *subject, int value1, int value2, int *len)
1349 {
1350 int sublen = Ustrlen(subject);
1351
1352 if (value2 < 0) value2 = 26;
1353 else if (value2 > Ustrlen(hashcodes))
1354 {
1355 expand_string_message =
1356 string_sprintf("hash count \"%d\" too big", value2);
1357 return NULL;
1358 }
1359
1360 /* Calculate the hash text. We know it is shorter than the original string, so
1361 can safely place it in subject[] (we know that subject is always itself an
1362 expanded substring). */
1363
1364 if (value1 < sublen)
1365 {
1366 int c;
1367 int i = 0;
1368 int j = value1;
1369 while ((c = (subject[j])) != 0)
1370 {
1371 int shift = (c + j++) & 7;
1372 subject[i] ^= (c << shift) | (c >> (8-shift));
1373 if (++i >= value1) i = 0;
1374 }
1375 for (i = 0; i < value1; i++)
1376 subject[i] = hashcodes[(subject[i]) % value2];
1377 }
1378 else value1 = sublen;
1379
1380 *len = value1;
1381 return subject;
1382 }
1383
1384
1385
1386
1387 /*************************************************
1388 * Numeric hash of a string *
1389 *************************************************/
1390
1391 /* Perform the ${nhash expansion operation. The first characters of the
1392 string are treated as most important, and get the highest prime numbers.
1393
1394 Arguments:
1395 subject the input string
1396 value1 the maximum value of the first part of the result
1397 value2 the maximum value of the second part of the result,
1398 or negative to produce only a one-part result
1399 len set to the length of the returned string
1400
1401 Returns: pointer to the output string, or NULL if there is an error.
1402 */
1403
1404 static uschar *
1405 compute_nhash (uschar *subject, int value1, int value2, int *len)
1406 {
1407 uschar *s = subject;
1408 int i = 0;
1409 unsigned long int total = 0; /* no overflow */
1410
1411 while (*s != 0)
1412 {
1413 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1414 total += prime[i--] * (unsigned int)(*s++);
1415 }
1416
1417 /* If value2 is unset, just compute one number */
1418
1419 if (value2 < 0)
1420 {
1421 s = string_sprintf("%d", total % value1);
1422 }
1423
1424 /* Otherwise do a div/mod hash */
1425
1426 else
1427 {
1428 total = total % (value1 * value2);
1429 s = string_sprintf("%d/%d", total/value2, total % value2);
1430 }
1431
1432 *len = Ustrlen(s);
1433 return s;
1434 }
1435
1436
1437
1438
1439
1440 /*************************************************
1441 * Find the value of a header or headers *
1442 *************************************************/
1443
1444 /* Multiple instances of the same header get concatenated, and this function
1445 can also return a concatenation of all the header lines. When concatenating
1446 specific headers that contain lists of addresses, a comma is inserted between
1447 them. Otherwise we use a straight concatenation. Because some messages can have
1448 pathologically large number of lines, there is a limit on the length that is
1449 returned. Also, to avoid massive store use which would result from using
1450 string_cat() as it copies and extends strings, we do a preliminary pass to find
1451 out exactly how much store will be needed. On "normal" messages this will be
1452 pretty trivial.
1453
1454 Arguments:
1455 name the name of the header, without the leading $header_ or $h_,
1456 or NULL if a concatenation of all headers is required
1457 exists_only TRUE if called from a def: test; don't need to build a string;
1458 just return a string that is not "" and not "0" if the header
1459 exists
1460 newsize return the size of memory block that was obtained; may be NULL
1461 if exists_only is TRUE
1462 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1463 other than concatenating, will be done on the header. Also used
1464 for $message_headers_raw.
1465 charset name of charset to translate MIME words to; used only if
1466 want_raw is false; if NULL, no translation is done (this is
1467 used for $bh_ and $bheader_)
1468
1469 Returns: NULL if the header does not exist, else a pointer to a new
1470 store block
1471 */
1472
1473 static uschar *
1474 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1475 uschar *charset)
1476 {
1477 BOOL found = name == NULL;
1478 int comma = 0;
1479 int len = found? 0 : Ustrlen(name);
1480 int i;
1481 uschar *yield = NULL;
1482 uschar *ptr = NULL;
1483
1484 /* Loop for two passes - saves code repetition */
1485
1486 for (i = 0; i < 2; i++)
1487 {
1488 int size = 0;
1489 header_line *h;
1490
1491 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1492 {
1493 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1494 {
1495 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1496 {
1497 int ilen;
1498 uschar *t;
1499
1500 if (exists_only) return US"1"; /* don't need actual string */
1501 found = TRUE;
1502 t = h->text + len; /* text to insert */
1503 if (!want_raw) /* unless wanted raw, */
1504 while (isspace(*t)) t++; /* remove leading white space */
1505 ilen = h->slen - (t - h->text); /* length to insert */
1506
1507 /* Unless wanted raw, remove trailing whitespace, including the
1508 newline. */
1509
1510 if (!want_raw)
1511 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1512
1513 /* Set comma = 1 if handling a single header and it's one of those
1514 that contains an address list, except when asked for raw headers. Only
1515 need to do this once. */
1516
1517 if (!want_raw && name != NULL && comma == 0 &&
1518 Ustrchr("BCFRST", h->type) != NULL)
1519 comma = 1;
1520
1521 /* First pass - compute total store needed; second pass - compute
1522 total store used, including this header. */
1523
1524 size += ilen + comma + 1; /* +1 for the newline */
1525
1526 /* Second pass - concatentate the data, up to a maximum. Note that
1527 the loop stops when size hits the limit. */
1528
1529 if (i != 0)
1530 {
1531 if (size > header_insert_maxlen)
1532 {
1533 ilen -= size - header_insert_maxlen - 1;
1534 comma = 0;
1535 }
1536 Ustrncpy(ptr, t, ilen);
1537 ptr += ilen;
1538
1539 /* For a non-raw header, put in the comma if needed, then add
1540 back the newline we removed above, provided there was some text in
1541 the header. */
1542
1543 if (!want_raw && ilen > 0)
1544 {
1545 if (comma != 0) *ptr++ = ',';
1546 *ptr++ = '\n';
1547 }
1548 }
1549 }
1550 }
1551 }
1552
1553 /* At end of first pass, return NULL if no header found. Then truncate size
1554 if necessary, and get the buffer to hold the data, returning the buffer size.
1555 */
1556
1557 if (i == 0)
1558 {
1559 if (!found) return NULL;
1560 if (size > header_insert_maxlen) size = header_insert_maxlen;
1561 *newsize = size + 1;
1562 ptr = yield = store_get(*newsize);
1563 }
1564 }
1565
1566 /* That's all we do for raw header expansion. */
1567
1568 if (want_raw)
1569 {
1570 *ptr = 0;
1571 }
1572
1573 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1574 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1575 function can return an error with decoded data if the charset translation
1576 fails. If decoding fails, it returns NULL. */
1577
1578 else
1579 {
1580 uschar *decoded, *error;
1581 if (ptr > yield && ptr[-1] == '\n') ptr--;
1582 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1583 *ptr = 0;
1584 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1585 newsize, &error);
1586 if (error != NULL)
1587 {
1588 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1589 " input was: %s\n", error, yield);
1590 }
1591 if (decoded != NULL) yield = decoded;
1592 }
1593
1594 return yield;
1595 }
1596
1597
1598
1599
1600 /*************************************************
1601 * Return list of recipients *
1602 *************************************************/
1603 /* A recipients list is available only during system message filtering,
1604 during ACL processing after DATA, and while expanding pipe commands
1605 generated from a system filter, but not elsewhere. */
1606
1607 static uschar *
1608 fn_recipients(void)
1609 {
1610 if (!enable_dollar_recipients) return NULL; else
1611 {
1612 int size = 128;
1613 int ptr = 0;
1614 int i;
1615 uschar * s = store_get(size);
1616 for (i = 0; i < recipients_count; i++)
1617 {
1618 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1619 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1620 Ustrlen(recipients_list[i].address));
1621 }
1622 s[ptr] = 0; /* string_cat() leaves room */
1623 return s;
1624 }
1625 }
1626
1627
1628 /*************************************************
1629 * Find value of a variable *
1630 *************************************************/
1631
1632 /* The table of variables is kept in alphabetic order, so we can search it
1633 using a binary chop. The "choplen" variable is nothing to do with the binary
1634 chop.
1635
1636 Arguments:
1637 name the name of the variable being sought
1638 exists_only TRUE if this is a def: test; passed on to find_header()
1639 skipping TRUE => skip any processing evaluation; this is not the same as
1640 exists_only because def: may test for values that are first
1641 evaluated here
1642 newsize pointer to an int which is initially zero; if the answer is in
1643 a new memory buffer, *newsize is set to its size
1644
1645 Returns: NULL if the variable does not exist, or
1646 a pointer to the variable's contents, or
1647 something non-NULL if exists_only is TRUE
1648 */
1649
1650 static uschar *
1651 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1652 {
1653 var_entry * vp;
1654 uschar *s, *domain;
1655 uschar **ss;
1656 void * val;
1657
1658 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1659 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1660 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1661 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1662 (this gave backwards compatibility at the changeover). There may be built-in
1663 variables whose names start acl_ but they should never start in this way. This
1664 slightly messy specification is a consequence of the history, needless to say.
1665
1666 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1667 set, in which case give an error. */
1668
1669 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1670 !isalpha(name[5]))
1671 {
1672 tree_node *node =
1673 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1674 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1675 }
1676
1677 /* Handle $auth<n> variables. */
1678
1679 if (Ustrncmp(name, "auth", 4) == 0)
1680 {
1681 uschar *endptr;
1682 int n = Ustrtoul(name + 4, &endptr, 10);
1683 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1684 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1685 }
1686
1687 /* For all other variables, search the table */
1688
1689 if (!(vp = find_var_ent(name)))
1690 return NULL; /* Unknown variable name */
1691
1692 /* Found an existing variable. If in skipping state, the value isn't needed,
1693 and we want to avoid processing (such as looking up the host name). */
1694
1695 if (skipping)
1696 return US"";
1697
1698 val = vp->value;
1699 switch (vp->type)
1700 {
1701 case vtype_filter_int:
1702 if (!filter_running) return NULL;
1703 /* Fall through */
1704 /* VVVVVVVVVVVV */
1705 case vtype_int:
1706 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1707 return var_buffer;
1708
1709 case vtype_ino:
1710 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1711 return var_buffer;
1712
1713 case vtype_gid:
1714 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1715 return var_buffer;
1716
1717 case vtype_uid:
1718 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1719 return var_buffer;
1720
1721 case vtype_bool:
1722 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1723 return var_buffer;
1724
1725 case vtype_stringptr: /* Pointer to string */
1726 s = *((uschar **)(val));
1727 return (s == NULL)? US"" : s;
1728
1729 case vtype_pid:
1730 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1731 return var_buffer;
1732
1733 case vtype_load_avg:
1734 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1735 return var_buffer;
1736
1737 case vtype_host_lookup: /* Lookup if not done so */
1738 if (sender_host_name == NULL && sender_host_address != NULL &&
1739 !host_lookup_failed && host_name_lookup() == OK)
1740 host_build_sender_fullhost();
1741 return (sender_host_name == NULL)? US"" : sender_host_name;
1742
1743 case vtype_localpart: /* Get local part from address */
1744 s = *((uschar **)(val));
1745 if (s == NULL) return US"";
1746 domain = Ustrrchr(s, '@');
1747 if (domain == NULL) return s;
1748 if (domain - s > sizeof(var_buffer) - 1)
1749 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1750 " in string expansion", sizeof(var_buffer));
1751 Ustrncpy(var_buffer, s, domain - s);
1752 var_buffer[domain - s] = 0;
1753 return var_buffer;
1754
1755 case vtype_domain: /* Get domain from address */
1756 s = *((uschar **)(val));
1757 if (s == NULL) return US"";
1758 domain = Ustrrchr(s, '@');
1759 return (domain == NULL)? US"" : domain + 1;
1760
1761 case vtype_msgheaders:
1762 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1763
1764 case vtype_msgheaders_raw:
1765 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1766
1767 case vtype_msgbody: /* Pointer to msgbody string */
1768 case vtype_msgbody_end: /* Ditto, the end of the msg */
1769 ss = (uschar **)(val);
1770 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1771 {
1772 uschar *body;
1773 off_t start_offset = SPOOL_DATA_START_OFFSET;
1774 int len = message_body_visible;
1775 if (len > message_size) len = message_size;
1776 *ss = body = store_malloc(len+1);
1777 body[0] = 0;
1778 if (vp->type == vtype_msgbody_end)
1779 {
1780 struct stat statbuf;
1781 if (fstat(deliver_datafile, &statbuf) == 0)
1782 {
1783 start_offset = statbuf.st_size - len;
1784 if (start_offset < SPOOL_DATA_START_OFFSET)
1785 start_offset = SPOOL_DATA_START_OFFSET;
1786 }
1787 }
1788 lseek(deliver_datafile, start_offset, SEEK_SET);
1789 len = read(deliver_datafile, body, len);
1790 if (len > 0)
1791 {
1792 body[len] = 0;
1793 if (message_body_newlines) /* Separate loops for efficiency */
1794 {
1795 while (len > 0)
1796 { if (body[--len] == 0) body[len] = ' '; }
1797 }
1798 else
1799 {
1800 while (len > 0)
1801 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1802 }
1803 }
1804 }
1805 return (*ss == NULL)? US"" : *ss;
1806
1807 case vtype_todbsdin: /* BSD inbox time of day */
1808 return tod_stamp(tod_bsdin);
1809
1810 case vtype_tode: /* Unix epoch time of day */
1811 return tod_stamp(tod_epoch);
1812
1813 case vtype_todel: /* Unix epoch/usec time of day */
1814 return tod_stamp(tod_epoch_l);
1815
1816 case vtype_todf: /* Full time of day */
1817 return tod_stamp(tod_full);
1818
1819 case vtype_todl: /* Log format time of day */
1820 return tod_stamp(tod_log_bare); /* (without timezone) */
1821
1822 case vtype_todzone: /* Time zone offset only */
1823 return tod_stamp(tod_zone);
1824
1825 case vtype_todzulu: /* Zulu time */
1826 return tod_stamp(tod_zulu);
1827
1828 case vtype_todlf: /* Log file datestamp tod */
1829 return tod_stamp(tod_log_datestamp_daily);
1830
1831 case vtype_reply: /* Get reply address */
1832 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1833 headers_charset);
1834 if (s != NULL) while (isspace(*s)) s++;
1835 if (s == NULL || *s == 0)
1836 {
1837 *newsize = 0; /* For the *s==0 case */
1838 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1839 }
1840 if (s != NULL)
1841 {
1842 uschar *t;
1843 while (isspace(*s)) s++;
1844 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1845 while (t > s && isspace(t[-1])) t--;
1846 *t = 0;
1847 }
1848 return (s == NULL)? US"" : s;
1849
1850 case vtype_string_func:
1851 {
1852 uschar * (*fn)() = val;
1853 return fn();
1854 }
1855
1856 case vtype_pspace:
1857 {
1858 int inodes;
1859 sprintf(CS var_buffer, "%d",
1860 receive_statvfs(val == (void *)TRUE, &inodes));
1861 }
1862 return var_buffer;
1863
1864 case vtype_pinodes:
1865 {
1866 int inodes;
1867 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1868 sprintf(CS var_buffer, "%d", inodes);
1869 }
1870 return var_buffer;
1871
1872 case vtype_cert:
1873 return *(void **)val ? US"<cert>" : US"";
1874
1875 #ifndef DISABLE_DKIM
1876 case vtype_dkim:
1877 return dkim_exim_expand_query((int)(long)val);
1878 #endif
1879
1880 }
1881 }
1882
1883
1884
1885
1886 void
1887 modify_variable(uschar *name, void * value)
1888 {
1889 var_entry * vp;
1890 if ((vp = find_var_ent(name))) vp->value = value;
1891 return; /* Unknown variable name, fail silently */
1892 }
1893
1894
1895
1896
1897
1898 /*************************************************
1899 * Read and expand substrings *
1900 *************************************************/
1901
1902 /* This function is called to read and expand argument substrings for various
1903 expansion items. Some have a minimum requirement that is less than the maximum;
1904 in these cases, the first non-present one is set to NULL.
1905
1906 Arguments:
1907 sub points to vector of pointers to set
1908 n maximum number of substrings
1909 m minimum required
1910 sptr points to current string pointer
1911 skipping the skipping flag
1912 check_end if TRUE, check for final '}'
1913 name name of item, for error message
1914 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
1915 the store.
1916
1917 Returns: 0 OK; string pointer updated
1918 1 curly bracketing error (too few arguments)
1919 2 too many arguments (only if check_end is set); message set
1920 3 other error (expansion failure)
1921 */
1922
1923 static int
1924 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1925 BOOL check_end, uschar *name, BOOL *resetok)
1926 {
1927 int i;
1928 uschar *s = *sptr;
1929
1930 while (isspace(*s)) s++;
1931 for (i = 0; i < n; i++)
1932 {
1933 if (*s != '{')
1934 {
1935 if (i < m) return 1;
1936 sub[i] = NULL;
1937 break;
1938 }
1939 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
1940 if (sub[i] == NULL) return 3;
1941 if (*s++ != '}') return 1;
1942 while (isspace(*s)) s++;
1943 }
1944 if (check_end && *s++ != '}')
1945 {
1946 if (s[-1] == '{')
1947 {
1948 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1949 "(max is %d)", name, n);
1950 return 2;
1951 }
1952 return 1;
1953 }
1954
1955 *sptr = s;
1956 return 0;
1957 }
1958
1959
1960
1961
1962 /*************************************************
1963 * Elaborate message for bad variable *
1964 *************************************************/
1965
1966 /* For the "unknown variable" message, take a look at the variable's name, and
1967 give additional information about possible ACL variables. The extra information
1968 is added on to expand_string_message.
1969
1970 Argument: the name of the variable
1971 Returns: nothing
1972 */
1973
1974 static void
1975 check_variable_error_message(uschar *name)
1976 {
1977 if (Ustrncmp(name, "acl_", 4) == 0)
1978 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1979 (name[4] == 'c' || name[4] == 'm')?
1980 (isalpha(name[5])?
1981 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1982 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1983 ) :
1984 US"user-defined ACL variables must start acl_c or acl_m");
1985 }
1986
1987
1988
1989 /*
1990 Load args from sub array to globals, and call acl_check().
1991 Sub array will be corrupted on return.
1992
1993 Returns: OK access is granted by an ACCEPT verb
1994 DISCARD access is granted by a DISCARD verb
1995 FAIL access is denied
1996 FAIL_DROP access is denied; drop the connection
1997 DEFER can't tell at the moment
1998 ERROR disaster
1999 */
2000 static int
2001 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2002 {
2003 int i;
2004 uschar *tmp;
2005 int sav_narg = acl_narg;
2006 int ret;
2007 extern int acl_where;
2008
2009 if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg);
2010 for (i = 0; i < nsub && sub[i+1]; i++)
2011 {
2012 tmp = acl_arg[i];
2013 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2014 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2015 }
2016 acl_narg = i;
2017 while (i < nsub)
2018 {
2019 sub[i+1] = acl_arg[i];
2020 acl_arg[i++] = NULL;
2021 }
2022
2023 DEBUG(D_expand)
2024 debug_printf("expanding: acl: %s arg: %s%s\n",
2025 sub[0],
2026 acl_narg>0 ? acl_arg[0] : US"<none>",
2027 acl_narg>1 ? " +more" : "");
2028
2029 ret = acl_eval(acl_where, sub[0], user_msgp, &tmp);
2030
2031 for (i = 0; i < nsub; i++)
2032 acl_arg[i] = sub[i+1]; /* restore old args */
2033 acl_narg = sav_narg;
2034
2035 return ret;
2036 }
2037
2038
2039
2040
2041 /*************************************************
2042 * Read and evaluate a condition *
2043 *************************************************/
2044
2045 /*
2046 Arguments:
2047 s points to the start of the condition text
2048 resetok points to a BOOL which is written false if it is unsafe to
2049 free memory. Certain condition types (acl) may have side-effect
2050 allocation which must be preserved.
2051 yield points to a BOOL to hold the result of the condition test;
2052 if NULL, we are just reading through a condition that is
2053 part of an "or" combination to check syntax, or in a state
2054 where the answer isn't required
2055
2056 Returns: a pointer to the first character after the condition, or
2057 NULL after an error
2058 */
2059
2060 static uschar *
2061 eval_condition(uschar *s, BOOL *resetok, BOOL *yield)
2062 {
2063 BOOL testfor = TRUE;
2064 BOOL tempcond, combined_cond;
2065 BOOL *subcondptr;
2066 BOOL sub2_honour_dollar = TRUE;
2067 int i, rc, cond_type, roffset;
2068 int_eximarith_t num[2];
2069 struct stat statbuf;
2070 uschar name[256];
2071 uschar *sub[10];
2072
2073 const pcre *re;
2074 const uschar *rerror;
2075
2076 for (;;)
2077 {
2078 while (isspace(*s)) s++;
2079 if (*s == '!') { testfor = !testfor; s++; } else break;
2080 }
2081
2082 /* Numeric comparisons are symbolic */
2083
2084 if (*s == '=' || *s == '>' || *s == '<')
2085 {
2086 int p = 0;
2087 name[p++] = *s++;
2088 if (*s == '=')
2089 {
2090 name[p++] = '=';
2091 s++;
2092 }
2093 name[p] = 0;
2094 }
2095
2096 /* All other conditions are named */
2097
2098 else s = read_name(name, 256, s, US"_");
2099
2100 /* If we haven't read a name, it means some non-alpha character is first. */
2101
2102 if (name[0] == 0)
2103 {
2104 expand_string_message = string_sprintf("condition name expected, "
2105 "but found \"%.16s\"", s);
2106 return NULL;
2107 }
2108
2109 /* Find which condition we are dealing with, and switch on it */
2110
2111 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
2112 switch(cond_type)
2113 {
2114 /* def: tests for a non-empty variable, or for the existence of a header. If
2115 yield == NULL we are in a skipping state, and don't care about the answer. */
2116
2117 case ECOND_DEF:
2118 if (*s != ':')
2119 {
2120 expand_string_message = US"\":\" expected after \"def\"";
2121 return NULL;
2122 }
2123
2124 s = read_name(name, 256, s+1, US"_");
2125
2126 /* Test for a header's existence. If the name contains a closing brace
2127 character, this may be a user error where the terminating colon has been
2128 omitted. Set a flag to adjust a subsequent error message in this case. */
2129
2130 if (Ustrncmp(name, "h_", 2) == 0 ||
2131 Ustrncmp(name, "rh_", 3) == 0 ||
2132 Ustrncmp(name, "bh_", 3) == 0 ||
2133 Ustrncmp(name, "header_", 7) == 0 ||
2134 Ustrncmp(name, "rheader_", 8) == 0 ||
2135 Ustrncmp(name, "bheader_", 8) == 0)
2136 {
2137 s = read_header_name(name, 256, s);
2138 /* {-for-text-editors */
2139 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2140 if (yield != NULL) *yield =
2141 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
2142 }
2143
2144 /* Test for a variable's having a non-empty value. A non-existent variable
2145 causes an expansion failure. */
2146
2147 else
2148 {
2149 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
2150 if (value == NULL)
2151 {
2152 expand_string_message = (name[0] == 0)?
2153 string_sprintf("variable name omitted after \"def:\"") :
2154 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
2155 check_variable_error_message(name);
2156 return NULL;
2157 }
2158 if (yield != NULL) *yield = (value[0] != 0) == testfor;
2159 }
2160
2161 return s;
2162
2163
2164 /* first_delivery tests for first delivery attempt */
2165
2166 case ECOND_FIRST_DELIVERY:
2167 if (yield != NULL) *yield = deliver_firsttime == testfor;
2168 return s;
2169
2170
2171 /* queue_running tests for any process started by a queue runner */
2172
2173 case ECOND_QUEUE_RUNNING:
2174 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2175 return s;
2176
2177
2178 /* exists: tests for file existence
2179 isip: tests for any IP address
2180 isip4: tests for an IPv4 address
2181 isip6: tests for an IPv6 address
2182 pam: does PAM authentication
2183 radius: does RADIUS authentication
2184 ldapauth: does LDAP authentication
2185 pwcheck: does Cyrus SASL pwcheck authentication
2186 */
2187
2188 case ECOND_EXISTS:
2189 case ECOND_ISIP:
2190 case ECOND_ISIP4:
2191 case ECOND_ISIP6:
2192 case ECOND_PAM:
2193 case ECOND_RADIUS:
2194 case ECOND_LDAPAUTH:
2195 case ECOND_PWCHECK:
2196
2197 while (isspace(*s)) s++;
2198 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2199
2200 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2201 if (sub[0] == NULL) return NULL;
2202 /* {-for-text-editors */
2203 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2204
2205 if (yield == NULL) return s; /* No need to run the test if skipping */
2206
2207 switch(cond_type)
2208 {
2209 case ECOND_EXISTS:
2210 if ((expand_forbid & RDO_EXISTS) != 0)
2211 {
2212 expand_string_message = US"File existence tests are not permitted";
2213 return NULL;
2214 }
2215 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2216 break;
2217
2218 case ECOND_ISIP:
2219 case ECOND_ISIP4:
2220 case ECOND_ISIP6:
2221 rc = string_is_ip_address(sub[0], NULL);
2222 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2223 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2224 break;
2225
2226 /* Various authentication tests - all optionally compiled */
2227
2228 case ECOND_PAM:
2229 #ifdef SUPPORT_PAM
2230 rc = auth_call_pam(sub[0], &expand_string_message);
2231 goto END_AUTH;
2232 #else
2233 goto COND_FAILED_NOT_COMPILED;
2234 #endif /* SUPPORT_PAM */
2235
2236 case ECOND_RADIUS:
2237 #ifdef RADIUS_CONFIG_FILE
2238 rc = auth_call_radius(sub[0], &expand_string_message);
2239 goto END_AUTH;
2240 #else
2241 goto COND_FAILED_NOT_COMPILED;
2242 #endif /* RADIUS_CONFIG_FILE */
2243
2244 case ECOND_LDAPAUTH:
2245 #ifdef LOOKUP_LDAP
2246 {
2247 /* Just to keep the interface the same */
2248 BOOL do_cache;
2249 int old_pool = store_pool;
2250 store_pool = POOL_SEARCH;
2251 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2252 &expand_string_message, &do_cache);
2253 store_pool = old_pool;
2254 }
2255 goto END_AUTH;
2256 #else
2257 goto COND_FAILED_NOT_COMPILED;
2258 #endif /* LOOKUP_LDAP */
2259
2260 case ECOND_PWCHECK:
2261 #ifdef CYRUS_PWCHECK_SOCKET
2262 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2263 goto END_AUTH;
2264 #else
2265 goto COND_FAILED_NOT_COMPILED;
2266 #endif /* CYRUS_PWCHECK_SOCKET */
2267
2268 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2269 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2270 END_AUTH:
2271 if (rc == ERROR || rc == DEFER) return NULL;
2272 *yield = (rc == OK) == testfor;
2273 #endif
2274 }
2275 return s;
2276
2277
2278 /* call ACL (in a conditional context). Accept true, deny false.
2279 Defer is a forced-fail. Anything set by message= goes to $value.
2280 Up to ten parameters are used; we use the braces round the name+args
2281 like the saslauthd condition does, to permit a variable number of args.
2282 See also the expansion-item version EITEM_ACL and the traditional
2283 acl modifier ACLC_ACL.
2284 Since the ACL may allocate new global variables, tell our caller to not
2285 reclaim memory.
2286 */
2287
2288 case ECOND_ACL:
2289 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2290 {
2291 uschar *user_msg;
2292 BOOL cond = FALSE;
2293 int size = 0;
2294 int ptr = 0;
2295
2296 while (isspace(*s)) s++;
2297 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2298
2299 switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1,
2300 &s, yield == NULL, TRUE, US"acl", resetok))
2301 {
2302 case 1: expand_string_message = US"too few arguments or bracketing "
2303 "error for acl";
2304 case 2:
2305 case 3: return NULL;
2306 }
2307
2308 *resetok = FALSE;
2309 if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
2310 {
2311 case OK:
2312 cond = TRUE;
2313 case FAIL:
2314 lookup_value = NULL;
2315 if (user_msg)
2316 {
2317 lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
2318 lookup_value[ptr] = '\0';
2319 }
2320 *yield = cond == testfor;
2321 break;
2322
2323 case DEFER:
2324 expand_string_forcedfail = TRUE;
2325 default:
2326 expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
2327 return NULL;
2328 }
2329 return s;
2330 }
2331
2332
2333 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2334
2335 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2336
2337 However, the last two are optional. That is why the whole set is enclosed
2338 in their own set of braces. */
2339
2340 case ECOND_SASLAUTHD:
2341 #ifndef CYRUS_SASLAUTHD_SOCKET
2342 goto COND_FAILED_NOT_COMPILED;
2343 #else
2344 while (isspace(*s)) s++;
2345 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2346 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd", resetok))
2347 {
2348 case 1: expand_string_message = US"too few arguments or bracketing "
2349 "error for saslauthd";
2350 case 2:
2351 case 3: return NULL;
2352 }
2353 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2354 if (yield != NULL)
2355 {
2356 int rc;
2357 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2358 &expand_string_message);
2359 if (rc == ERROR || rc == DEFER) return NULL;
2360 *yield = (rc == OK) == testfor;
2361 }
2362 return s;
2363 #endif /* CYRUS_SASLAUTHD_SOCKET */
2364
2365
2366 /* symbolic operators for numeric and string comparison, and a number of
2367 other operators, all requiring two arguments.
2368
2369 crypteq: encrypts plaintext and compares against an encrypted text,
2370 using crypt(), crypt16(), MD5 or SHA-1
2371 inlist/inlisti: checks if first argument is in the list of the second
2372 match: does a regular expression match and sets up the numerical
2373 variables if it succeeds
2374 match_address: matches in an address list
2375 match_domain: matches in a domain list
2376 match_ip: matches a host list that is restricted to IP addresses
2377 match_local_part: matches in a local part list
2378 */
2379
2380 case ECOND_MATCH_ADDRESS:
2381 case ECOND_MATCH_DOMAIN:
2382 case ECOND_MATCH_IP:
2383 case ECOND_MATCH_LOCAL_PART:
2384 #ifndef EXPAND_LISTMATCH_RHS
2385 sub2_honour_dollar = FALSE;
2386 #endif
2387 /* FALLTHROUGH */
2388
2389 case ECOND_CRYPTEQ:
2390 case ECOND_INLIST:
2391 case ECOND_INLISTI:
2392 case ECOND_MATCH:
2393
2394 case ECOND_NUM_L: /* Numerical comparisons */
2395 case ECOND_NUM_LE:
2396 case ECOND_NUM_E:
2397 case ECOND_NUM_EE:
2398 case ECOND_NUM_G:
2399 case ECOND_NUM_GE:
2400
2401 case ECOND_STR_LT: /* String comparisons */
2402 case ECOND_STR_LTI:
2403 case ECOND_STR_LE:
2404 case ECOND_STR_LEI:
2405 case ECOND_STR_EQ:
2406 case ECOND_STR_EQI:
2407 case ECOND_STR_GT:
2408 case ECOND_STR_GTI:
2409 case ECOND_STR_GE:
2410 case ECOND_STR_GEI:
2411
2412 for (i = 0; i < 2; i++)
2413 {
2414 /* Sometimes, we don't expand substrings; too many insecure configurations
2415 created using match_address{}{} and friends, where the second param
2416 includes information from untrustworthy sources. */
2417 BOOL honour_dollar = TRUE;
2418 if ((i > 0) && !sub2_honour_dollar)
2419 honour_dollar = FALSE;
2420
2421 while (isspace(*s)) s++;
2422 if (*s != '{')
2423 {
2424 if (i == 0) goto COND_FAILED_CURLY_START;
2425 expand_string_message = string_sprintf("missing 2nd string in {} "
2426 "after \"%s\"", name);
2427 return NULL;
2428 }
2429 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2430 honour_dollar, resetok);
2431 if (sub[i] == NULL) return NULL;
2432 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2433
2434 /* Convert to numerical if required; we know that the names of all the
2435 conditions that compare numbers do not start with a letter. This just saves
2436 checking for them individually. */
2437
2438 if (!isalpha(name[0]) && yield != NULL)
2439 {
2440 if (sub[i][0] == 0)
2441 {
2442 num[i] = 0;
2443 DEBUG(D_expand)
2444 debug_printf("empty string cast to zero for numerical comparison\n");
2445 }
2446 else
2447 {
2448 num[i] = expand_string_integer(sub[i], FALSE);
2449 if (expand_string_message != NULL) return NULL;
2450 }
2451 }
2452 }
2453
2454 /* Result not required */
2455
2456 if (yield == NULL) return s;
2457
2458 /* Do an appropriate comparison */
2459
2460 switch(cond_type)
2461 {
2462 case ECOND_NUM_E:
2463 case ECOND_NUM_EE:
2464 tempcond = (num[0] == num[1]);
2465 break;
2466
2467 case ECOND_NUM_G:
2468 tempcond = (num[0] > num[1]);
2469 break;
2470
2471 case ECOND_NUM_GE:
2472 tempcond = (num[0] >= num[1]);
2473 break;
2474
2475 case ECOND_NUM_L:
2476 tempcond = (num[0] < num[1]);
2477 break;
2478
2479 case ECOND_NUM_LE:
2480 tempcond = (num[0] <= num[1]);
2481 break;
2482
2483 case ECOND_STR_LT:
2484 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2485 break;
2486
2487 case ECOND_STR_LTI:
2488 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2489 break;
2490
2491 case ECOND_STR_LE:
2492 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2493 break;
2494
2495 case ECOND_STR_LEI:
2496 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2497 break;
2498
2499 case ECOND_STR_EQ:
2500 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2501 break;
2502
2503 case ECOND_STR_EQI:
2504 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2505 break;
2506
2507 case ECOND_STR_GT:
2508 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2509 break;
2510
2511 case ECOND_STR_GTI:
2512 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2513 break;
2514
2515 case ECOND_STR_GE:
2516 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2517 break;
2518
2519 case ECOND_STR_GEI:
2520 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2521 break;
2522
2523 case ECOND_MATCH: /* Regular expression match */
2524 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2525 NULL);
2526 if (re == NULL)
2527 {
2528 expand_string_message = string_sprintf("regular expression error in "
2529 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2530 return NULL;
2531 }
2532 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2533 break;
2534
2535 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2536 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2537 goto MATCHED_SOMETHING;
2538
2539 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2540 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2541 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2542 goto MATCHED_SOMETHING;
2543
2544 case ECOND_MATCH_IP: /* Match IP address in a host list */
2545 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2546 {
2547 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2548 sub[0]);
2549 return NULL;
2550 }
2551 else
2552 {
2553 unsigned int *nullcache = NULL;
2554 check_host_block cb;
2555
2556 cb.host_name = US"";
2557 cb.host_address = sub[0];
2558
2559 /* If the host address starts off ::ffff: it is an IPv6 address in
2560 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2561 addresses. */
2562
2563 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2564 cb.host_address + 7 : cb.host_address;
2565
2566 rc = match_check_list(
2567 &sub[1], /* the list */
2568 0, /* separator character */
2569 &hostlist_anchor, /* anchor pointer */
2570 &nullcache, /* cache pointer */
2571 check_host, /* function for testing */
2572 &cb, /* argument for function */
2573 MCL_HOST, /* type of check */
2574 sub[0], /* text for debugging */
2575 NULL); /* where to pass back data */
2576 }
2577 goto MATCHED_SOMETHING;
2578
2579 case ECOND_MATCH_LOCAL_PART:
2580 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2581 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2582 /* Fall through */
2583 /* VVVVVVVVVVVV */
2584 MATCHED_SOMETHING:
2585 switch(rc)
2586 {
2587 case OK:
2588 tempcond = TRUE;
2589 break;
2590
2591 case FAIL:
2592 tempcond = FALSE;
2593 break;
2594
2595 case DEFER:
2596 expand_string_message = string_sprintf("unable to complete match "
2597 "against \"%s\": %s", sub[1], search_error_message);
2598 return NULL;
2599 }
2600
2601 break;
2602
2603 /* Various "encrypted" comparisons. If the second string starts with
2604 "{" then an encryption type is given. Default to crypt() or crypt16()
2605 (build-time choice). */
2606 /* }-for-text-editors */
2607
2608 case ECOND_CRYPTEQ:
2609 #ifndef SUPPORT_CRYPTEQ
2610 goto COND_FAILED_NOT_COMPILED;
2611 #else
2612 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2613 {
2614 int sublen = Ustrlen(sub[1]+5);
2615 md5 base;
2616 uschar digest[16];
2617
2618 md5_start(&base);
2619 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2620
2621 /* If the length that we are comparing against is 24, the MD5 digest
2622 is expressed as a base64 string. This is the way LDAP does it. However,
2623 some other software uses a straightforward hex representation. We assume
2624 this if the length is 32. Other lengths fail. */
2625
2626 if (sublen == 24)
2627 {
2628 uschar *coded = auth_b64encode((uschar *)digest, 16);
2629 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2630 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2631 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
2632 }
2633 else if (sublen == 32)
2634 {
2635 int i;
2636 uschar coded[36];
2637 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2638 coded[32] = 0;
2639 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2640 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2641 tempcond = (strcmpic(coded, sub[1]+5) == 0);
2642 }
2643 else
2644 {
2645 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2646 "fail\n crypted=%s\n", sub[1]+5);
2647 tempcond = FALSE;
2648 }
2649 }
2650
2651 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2652 {
2653 int sublen = Ustrlen(sub[1]+6);
2654 sha1 base;
2655 uschar digest[20];
2656
2657 sha1_start(&base);
2658 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2659
2660 /* If the length that we are comparing against is 28, assume the SHA1
2661 digest is expressed as a base64 string. If the length is 40, assume a
2662 straightforward hex representation. Other lengths fail. */
2663
2664 if (sublen == 28)
2665 {
2666 uschar *coded = auth_b64encode((uschar *)digest, 20);
2667 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2668 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2669 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
2670 }
2671 else if (sublen == 40)
2672 {
2673 int i;
2674 uschar coded[44];
2675 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2676 coded[40] = 0;
2677 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2678 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2679 tempcond = (strcmpic(coded, sub[1]+6) == 0);
2680 }
2681 else
2682 {
2683 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2684 "fail\n crypted=%s\n", sub[1]+6);
2685 tempcond = FALSE;
2686 }
2687 }
2688
2689 else /* {crypt} or {crypt16} and non-{ at start */
2690 /* }-for-text-editors */
2691 {
2692 int which = 0;
2693 uschar *coded;
2694
2695 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2696 {
2697 sub[1] += 7;
2698 which = 1;
2699 }
2700 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2701 {
2702 sub[1] += 9;
2703 which = 2;
2704 }
2705 else if (sub[1][0] == '{') /* }-for-text-editors */
2706 {
2707 expand_string_message = string_sprintf("unknown encryption mechanism "
2708 "in \"%s\"", sub[1]);
2709 return NULL;
2710 }
2711
2712 switch(which)
2713 {
2714 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2715 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2716 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2717 }
2718
2719 #define STR(s) # s
2720 #define XSTR(s) STR(s)
2721 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2722 " subject=%s\n crypted=%s\n",
2723 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2724 coded, sub[1]);
2725 #undef STR
2726 #undef XSTR
2727
2728 /* If the encrypted string contains fewer than two characters (for the
2729 salt), force failure. Otherwise we get false positives: with an empty
2730 string the yield of crypt() is an empty string! */
2731
2732 tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
2733 (Ustrcmp(coded, sub[1]) == 0);
2734 }
2735 break;
2736 #endif /* SUPPORT_CRYPTEQ */
2737
2738 case ECOND_INLIST:
2739 case ECOND_INLISTI:
2740 {
2741 int sep = 0;
2742 uschar *save_iterate_item = iterate_item;
2743 int (*compare)(const uschar *, const uschar *);
2744
2745 tempcond = FALSE;
2746 if (cond_type == ECOND_INLISTI)
2747 compare = strcmpic;
2748 else
2749 compare = (int (*)(const uschar *, const uschar *)) strcmp;
2750
2751 while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
2752 if (compare(sub[0], iterate_item) == 0)
2753 {
2754 tempcond = TRUE;
2755 break;
2756 }
2757 iterate_item = save_iterate_item;
2758 }
2759
2760 } /* Switch for comparison conditions */
2761
2762 *yield = tempcond == testfor;
2763 return s; /* End of comparison conditions */
2764
2765
2766 /* and/or: computes logical and/or of several conditions */
2767
2768 case ECOND_AND:
2769 case ECOND_OR:
2770 subcondptr = (yield == NULL)? NULL : &tempcond;
2771 combined_cond = (cond_type == ECOND_AND);
2772
2773 while (isspace(*s)) s++;
2774 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2775
2776 for (;;)
2777 {
2778 while (isspace(*s)) s++;
2779 /* {-for-text-editors */
2780 if (*s == '}') break;
2781 if (*s != '{') /* }-for-text-editors */
2782 {
2783 expand_string_message = string_sprintf("each subcondition "
2784 "inside an \"%s{...}\" condition must be in its own {}", name);
2785 return NULL;
2786 }
2787
2788 if (!(s = eval_condition(s+1, resetok, subcondptr)))
2789 {
2790 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2791 expand_string_message, name);
2792 return NULL;
2793 }
2794 while (isspace(*s)) s++;
2795
2796 /* {-for-text-editors */
2797 if (*s++ != '}')
2798 {
2799 /* {-for-text-editors */
2800 expand_string_message = string_sprintf("missing } at end of condition "
2801 "inside \"%s\" group", name);
2802 return NULL;
2803 }
2804
2805 if (yield != NULL)
2806 {
2807 if (cond_type == ECOND_AND)
2808 {
2809 combined_cond &= tempcond;
2810 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2811 } /* evaluate any more */
2812 else
2813 {
2814 combined_cond |= tempcond;
2815 if (combined_cond) subcondptr = NULL; /* once true, don't */
2816 } /* evaluate any more */
2817 }
2818 }
2819
2820 if (yield != NULL) *yield = (combined_cond == testfor);
2821 return ++s;
2822
2823
2824 /* forall/forany: iterates a condition with different values */
2825
2826 case ECOND_FORALL:
2827 case ECOND_FORANY:
2828 {
2829 int sep = 0;
2830 uschar *save_iterate_item = iterate_item;
2831
2832 while (isspace(*s)) s++;
2833 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2834 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
2835 if (sub[0] == NULL) return NULL;
2836 /* {-for-text-editors */
2837 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2838
2839 while (isspace(*s)) s++;
2840 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2841
2842 sub[1] = s;
2843
2844 /* Call eval_condition once, with result discarded (as if scanning a
2845 "false" part). This allows us to find the end of the condition, because if
2846 the list it empty, we won't actually evaluate the condition for real. */
2847
2848 if (!(s = eval_condition(sub[1], resetok, NULL)))
2849 {
2850 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2851 expand_string_message, name);
2852 return NULL;
2853 }
2854 while (isspace(*s)) s++;
2855
2856 /* {-for-text-editors */
2857 if (*s++ != '}')
2858 {
2859 /* {-for-text-editors */
2860 expand_string_message = string_sprintf("missing } at end of condition "
2861 "inside \"%s\"", name);
2862 return NULL;
2863 }
2864
2865 if (yield != NULL) *yield = !testfor;
2866 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2867 {
2868 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2869 if (!eval_condition(sub[1], resetok, &tempcond))
2870 {
2871 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2872 expand_string_message, name);
2873 iterate_item = save_iterate_item;
2874 return NULL;
2875 }
2876 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2877 tempcond? "true":"false");
2878
2879 if (yield != NULL) *yield = (tempcond == testfor);
2880 if (tempcond == (cond_type == ECOND_FORANY)) break;
2881 }
2882
2883 iterate_item = save_iterate_item;
2884 return s;
2885 }
2886
2887
2888 /* The bool{} expansion condition maps a string to boolean.
2889 The values supported should match those supported by the ACL condition
2890 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2891 of true/false. Note that Router "condition" rules have a different
2892 interpretation, where general data can be used and only a few values
2893 map to FALSE.
2894 Note that readconf.c boolean matching, for boolean configuration options,
2895 only matches true/yes/false/no.
2896 The bool_lax{} condition matches the Router logic, which is much more
2897 liberal. */
2898 case ECOND_BOOL:
2899 case ECOND_BOOL_LAX:
2900 {
2901 uschar *sub_arg[1];
2902 uschar *t, *t2;
2903 uschar *ourname;
2904 size_t len;
2905 BOOL boolvalue = FALSE;
2906 while (isspace(*s)) s++;
2907 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2908 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
2909 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
2910 {
2911 case 1: expand_string_message = string_sprintf(
2912 "too few arguments or bracketing error for %s",
2913 ourname);
2914 /*FALLTHROUGH*/
2915 case 2:
2916 case 3: return NULL;
2917 }
2918 t = sub_arg[0];
2919 while (isspace(*t)) t++;
2920 len = Ustrlen(t);
2921 if (len)
2922 {
2923 /* trailing whitespace: seems like a good idea to ignore it too */
2924 t2 = t + len - 1;
2925 while (isspace(*t2)) t2--;
2926 if (t2 != (t + len))
2927 {
2928 *++t2 = '\0';
2929 len = t2 - t;
2930 }
2931 }
2932 DEBUG(D_expand)
2933 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2934 /* logic for the lax case from expand_check_condition(), which also does
2935 expands, and the logic is both short and stable enough that there should
2936 be no maintenance burden from replicating it. */
2937 if (len == 0)
2938 boolvalue = FALSE;
2939 else if (*t == '-'
2940 ? Ustrspn(t+1, "0123456789") == len-1
2941 : Ustrspn(t, "0123456789") == len)
2942 {
2943 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
2944 /* expand_check_condition only does a literal string "0" check */
2945 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2946 boolvalue = TRUE;
2947 }
2948 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2949 boolvalue = TRUE;
2950 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2951 boolvalue = FALSE;
2952 else if (cond_type == ECOND_BOOL_LAX)
2953 boolvalue = TRUE;
2954 else
2955 {
2956 expand_string_message = string_sprintf("unrecognised boolean "
2957 "value \"%s\"", t);
2958 return NULL;
2959 }
2960 if (yield != NULL) *yield = (boolvalue == testfor);
2961 return s;
2962 }
2963
2964 /* Unknown condition */
2965
2966 default:
2967 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2968 return NULL;
2969 } /* End switch on condition type */
2970
2971 /* Missing braces at start and end of data */
2972
2973 COND_FAILED_CURLY_START:
2974 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2975 return NULL;
2976
2977 COND_FAILED_CURLY_END:
2978 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2979 name);
2980 return NULL;
2981
2982 /* A condition requires code that is not compiled */
2983
2984 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2985 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2986 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2987 COND_FAILED_NOT_COMPILED:
2988 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2989 name);
2990 return NULL;
2991 #endif
2992 }
2993
2994
2995
2996
2997 /*************************************************
2998 * Save numerical variables *
2999 *************************************************/
3000
3001 /* This function is called from items such as "if" that want to preserve and
3002 restore the numbered variables.
3003
3004 Arguments:
3005 save_expand_string points to an array of pointers to set
3006 save_expand_nlength points to an array of ints for the lengths
3007
3008 Returns: the value of expand max to save
3009 */
3010
3011 static int
3012 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3013 {
3014 int i;
3015 for (i = 0; i <= expand_nmax; i++)
3016 {
3017 save_expand_nstring[i] = expand_nstring[i];
3018 save_expand_nlength[i] = expand_nlength[i];
3019 }
3020 return expand_nmax;
3021 }
3022
3023
3024
3025 /*************************************************
3026 * Restore numerical variables *
3027 *************************************************/
3028
3029 /* This function restored saved values of numerical strings.
3030
3031 Arguments:
3032 save_expand_nmax the number of strings to restore
3033 save_expand_string points to an array of pointers
3034 save_expand_nlength points to an array of ints
3035
3036 Returns: nothing
3037 */
3038
3039 static void
3040 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3041 int *save_expand_nlength)
3042 {
3043 int i;
3044 expand_nmax = save_expand_nmax;
3045 for (i = 0; i <= expand_nmax; i++)
3046 {
3047 expand_nstring[i] = save_expand_nstring[i];
3048 expand_nlength[i] = save_expand_nlength[i];
3049 }
3050 }
3051
3052
3053
3054
3055
3056 /*************************************************
3057 * Handle yes/no substrings *
3058 *************************************************/
3059
3060 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3061 alternative substrings that depend on whether or not the condition was true,
3062 or the lookup or extraction succeeded. The substrings always have to be
3063 expanded, to check their syntax, but "skipping" is set when the result is not
3064 needed - this avoids unnecessary nested lookups.
3065
3066 Arguments:
3067 skipping TRUE if we were skipping when this item was reached
3068 yes TRUE if the first string is to be used, else use the second
3069 save_lookup a value to put back into lookup_value before the 2nd expansion
3070 sptr points to the input string pointer
3071 yieldptr points to the output string pointer
3072 sizeptr points to the output string size
3073 ptrptr points to the output string pointer
3074 type "lookup" or "if" or "extract" or "run", for error message
3075 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3076 the store.
3077
3078 Returns: 0 OK; lookup_value has been reset to save_lookup
3079 1 expansion failed
3080 2 expansion failed because of bracketing error
3081 */
3082
3083 static int
3084 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
3085 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type, BOOL *resetok)
3086 {
3087 int rc = 0;
3088 uschar *s = *sptr; /* Local value */
3089 uschar *sub1, *sub2;
3090
3091 /* If there are no following strings, we substitute the contents of $value for
3092 lookups and for extractions in the success case. For the ${if item, the string
3093 "true" is substituted. In the fail case, nothing is substituted for all three
3094 items. */
3095
3096 while (isspace(*s)) s++;
3097 if (*s == '}')
3098 {
3099 if (type[0] == 'i')
3100 {
3101 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
3102 }
3103 else
3104 {
3105 if (yes && lookup_value != NULL)
3106 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
3107 Ustrlen(lookup_value));
3108 lookup_value = save_lookup;
3109 }
3110 s++;
3111 goto RETURN;
3112 }
3113
3114 /* The first following string must be braced. */
3115
3116 if (*s++ != '{') goto FAILED_CURLY;
3117
3118 /* Expand the first substring. Forced failures are noticed only if we actually
3119 want this string. Set skipping in the call in the fail case (this will always
3120 be the case if we were already skipping). */
3121
3122 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
3123 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
3124 expand_string_forcedfail = FALSE;
3125 if (*s++ != '}') goto FAILED_CURLY;
3126
3127 /* If we want the first string, add it to the output */
3128
3129 if (yes)
3130 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
3131
3132 /* If this is called from a lookup or an extract, we want to restore $value to
3133 what it was at the start of the item, so that it has this value during the
3134 second string expansion. For the call from "if" or "run" to this function,
3135 save_lookup is set to lookup_value, so that this statement does nothing. */
3136
3137 lookup_value = save_lookup;
3138
3139 /* There now follows either another substring, or "fail", or nothing. This
3140 time, forced failures are noticed only if we want the second string. We must
3141 set skipping in the nested call if we don't want this string, or if we were
3142 already skipping. */
3143
3144 while (isspace(*s)) s++;
3145 if (*s == '{')
3146 {
3147 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
3148 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
3149 expand_string_forcedfail = FALSE;
3150 if (*s++ != '}') goto FAILED_CURLY;
3151
3152 /* If we want the second string, add it to the output */
3153
3154 if (!yes)
3155 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
3156 }
3157
3158 /* If there is no second string, but the word "fail" is present when the use of
3159 the second string is wanted, set a flag indicating it was a forced failure
3160 rather than a syntactic error. Swallow the terminating } in case this is nested
3161 inside another lookup or if or extract. */
3162
3163 else if (*s != '}')
3164 {
3165 uschar name[256];
3166 s = read_name(name, sizeof(name), s, US"_");
3167 if (Ustrcmp(name, "fail") == 0)
3168 {
3169 if (!yes && !skipping)
3170 {
3171 while (isspace(*s)) s++;
3172 if (*s++ != '}') goto FAILED_CURLY;
3173 expand_string_message =
3174 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3175 expand_string_forcedfail = TRUE;
3176 goto FAILED;
3177 }
3178 }
3179 else
3180 {
3181 expand_string_message =
3182 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3183 goto FAILED;
3184 }
3185 }
3186
3187 /* All we have to do now is to check on the final closing brace. */
3188
3189 while (isspace(*s)) s++;
3190 if (*s++ == '}') goto RETURN;
3191
3192 /* Get here if there is a bracketing failure */
3193
3194 FAILED_CURLY:
3195 rc++;
3196
3197 /* Get here for other failures */
3198
3199 FAILED:
3200 rc++;
3201
3202 /* Update the input pointer value before returning */
3203
3204 RETURN:
3205 *sptr = s;
3206 return rc;
3207 }
3208
3209
3210
3211
3212 /*************************************************
3213 * Handle MD5 or SHA-1 computation for HMAC *
3214 *************************************************/
3215
3216 /* These are some wrapping functions that enable the HMAC code to be a bit
3217 cleaner. A good compiler will spot the tail recursion.
3218
3219 Arguments:
3220 type HMAC_MD5 or HMAC_SHA1
3221 remaining are as for the cryptographic hash functions
3222
3223 Returns: nothing
3224 */
3225
3226 static void
3227 chash_start(int type, void *base)
3228 {
3229 if (type == HMAC_MD5)
3230 md5_start((md5 *)base);
3231 else
3232 sha1_start((sha1 *)base);
3233 }
3234
3235 static void
3236 chash_mid(int type, void *base, uschar *string)
3237 {
3238 if (type == HMAC_MD5)
3239 md5_mid((md5 *)base, string);
3240 else
3241 sha1_mid((sha1 *)base, string);
3242 }
3243
3244 static void
3245 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3246 {
3247 if (type == HMAC_MD5)
3248 md5_end((md5 *)base, string, length, digest);
3249 else
3250 sha1_end((sha1 *)base, string, length, digest);
3251 }
3252
3253
3254
3255
3256
3257 /********************************************************
3258 * prvs: Get last three digits of days since Jan 1, 1970 *
3259 ********************************************************/
3260
3261 /* This is needed to implement the "prvs" BATV reverse
3262 path signing scheme
3263
3264 Argument: integer "days" offset to add or substract to
3265 or from the current number of days.
3266
3267 Returns: pointer to string containing the last three
3268 digits of the number of days since Jan 1, 1970,
3269 modified by the offset argument, NULL if there
3270 was an error in the conversion.
3271
3272 */
3273
3274 static uschar *
3275 prvs_daystamp(int day_offset)
3276 {
3277 uschar *days = store_get(32); /* Need at least 24 for cases */
3278 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3279 (time(NULL) + day_offset*86400)/86400);
3280 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3281 }
3282
3283
3284
3285 /********************************************************
3286 * prvs: perform HMAC-SHA1 computation of prvs bits *
3287 ********************************************************/
3288
3289 /* This is needed to implement the "prvs" BATV reverse
3290 path signing scheme
3291
3292 Arguments:
3293 address RFC2821 Address to use
3294 key The key to use (must be less than 64 characters
3295 in size)
3296 key_num Single-digit key number to use. Defaults to
3297 '0' when NULL.
3298
3299 Returns: pointer to string containing the first three
3300 bytes of the final hash in hex format, NULL if
3301 there was an error in the process.
3302 */
3303
3304 static uschar *
3305 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3306 {
3307 uschar *hash_source, *p;
3308 int size = 0,offset = 0,i;
3309 sha1 sha1_base;
3310 void *use_base = &sha1_base;
3311 uschar innerhash[20];
3312 uschar finalhash[20];
3313 uschar innerkey[64];
3314 uschar outerkey[64];
3315 uschar *finalhash_hex = store_get(40);
3316
3317 if (key_num == NULL)
3318 key_num = US"0";
3319
3320 if (Ustrlen(key) > 64)
3321 return NULL;
3322
3323 hash_source = string_cat(NULL,&size,&offset,key_num,1);
3324 string_cat(hash_source,&size,&offset,daystamp,3);
3325 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3326 hash_source[offset] = '\0';
3327
3328 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3329
3330 memset(innerkey, 0x36, 64);
3331 memset(outerkey, 0x5c, 64);
3332
3333 for (i = 0; i < Ustrlen(key); i++)
3334 {
3335 innerkey[i] ^= key[i];
3336 outerkey[i] ^= key[i];
3337 }
3338
3339 chash_start(HMAC_SHA1, use_base);
3340 chash_mid(HMAC_SHA1, use_base, innerkey);
3341 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3342
3343 chash_start(HMAC_SHA1, use_base);
3344 chash_mid(HMAC_SHA1, use_base, outerkey);
3345 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3346
3347 p = finalhash_hex;
3348 for (i = 0; i < 3; i++)
3349 {
3350 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3351 *p++ = hex_digits[finalhash[i] & 0x0f];
3352 }
3353 *p = '\0';
3354
3355 return finalhash_hex;
3356 }
3357
3358
3359
3360
3361 /*************************************************
3362 * Join a file onto the output string *
3363 *************************************************/
3364