projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use custom variables for ACL args, up to nine. Add an arg-count variable.
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2012 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL, BOOL);
17
18 #ifdef STAND_ALONE
19 #ifndef SUPPORT_CRYPTEQ
20 #define SUPPORT_CRYPTEQ
21 #endif
22 #endif
23
24 #ifdef LOOKUP_LDAP
25 #include "lookups/ldap.h"
26 #endif
27
28 #ifdef SUPPORT_CRYPTEQ
29 #ifdef CRYPT_H
30 #include <crypt.h>
31 #endif
32 #ifndef HAVE_CRYPT16
33 extern char* crypt16(char*, char*);
34 #endif
35 #endif
36
37 /* The handling of crypt16() is a mess. I will record below the analysis of the
38 mess that was sent to me. We decided, however, to make changing this very low
39 priority, because in practice people are moving away from the crypt()
40 algorithms nowadays, so it doesn't seem worth it.
41
42 <quote>
43 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44 the first 8 characters of the password using a 20-round version of crypt
45 (standard crypt does 25 rounds). It then crypts the next 8 characters,
46 or an empty block if the password is less than 9 characters, using a
47 20-round version of crypt and the same salt as was used for the first
48 block. Charaters after the first 16 are ignored. It always generates
49 a 16-byte hash, which is expressed together with the salt as a string
50 of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56 and OSF/1. This is the same as the standard crypt if given a password
57 of 8 characters or less. If given more, it first does the same as crypt
58 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59 using as salt the first two base 64 digits from the first hash block.
60 If the password is more than 16 characters then it crypts the 17th to 24th
61 characters using as salt the first two base 64 digits from the second hash
62 block. And so on: I've seen references to it cutting off the password at
63 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70 Exim has something it calls "crypt16". It will either use a native
71 crypt16 or its own implementation. A native crypt16 will presumably
72 be the one that I called "crypt16" above. The internal "crypt16"
73 function, however, is a two-block-maximum implementation of what I called
74 "bigcrypt". The documentation matches the internal code.
75
76 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77 that crypt16 and bigcrypt were different things.
78
79 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80 to whatever it is using under that name. This unfortunately sets a
81 precedent for using "{crypt16}" to identify two incompatible algorithms
82 whose output can't be distinguished. With "{crypt16}" thus rendered
83 ambiguous, I suggest you deprecate it and invent two new identifiers
84 for the two algorithms.
85
86 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87 of the password separately means they can be cracked separately, so
88 the double-length hash only doubles the cracking effort instead of
89 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90 bcrypt ({CRYPT}$2a$).
91 </quote>
92 */
93
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"dlfunc",
107 US"extract",
108 US"filter",
109 US"hash",
110 US"hmac",
111 US"if",
112 US"length",
113 US"lookup",
114 US"map",
115 US"nhash",
116 US"perl",
117 US"prvs",
118 US"prvscheck",
119 US"readfile",
120 US"readsocket",
121 US"reduce",
122 US"run",
123 US"sg",
124 US"substr",
125 US"tr" };
126
127 enum {
128 EITEM_ACL,
129 EITEM_DLFUNC,
130 EITEM_EXTRACT,
131 EITEM_FILTER,
132 EITEM_HASH,
133 EITEM_HMAC,
134 EITEM_IF,
135 EITEM_LENGTH,
136 EITEM_LOOKUP,
137 EITEM_MAP,
138 EITEM_NHASH,
139 EITEM_PERL,
140 EITEM_PRVS,
141 EITEM_PRVSCHECK,
142 EITEM_READFILE,
143 EITEM_READSOCK,
144 EITEM_REDUCE,
145 EITEM_RUN,
146 EITEM_SG,
147 EITEM_SUBSTR,
148 EITEM_TR };
149
150 /* Tables of operator names, and corresponding switch numbers. The names must be
151 in alphabetical order. There are two tables, because underscore is used in some
152 cases to introduce arguments, whereas for other it is part of the name. This is
153 an historical mis-design. */
154
155 static uschar *op_table_underscore[] = {
156 US"from_utf8",
157 US"local_part",
158 US"quote_local_part",
159 US"reverse_ip",
160 US"time_eval",
161 US"time_interval"};
162
163 enum {
164 EOP_FROM_UTF8,
165 EOP_LOCAL_PART,
166 EOP_QUOTE_LOCAL_PART,
167 EOP_REVERSE_IP,
168 EOP_TIME_EVAL,
169 EOP_TIME_INTERVAL };
170
171 static uschar *op_table_main[] = {
172 US"address",
173 US"addresses",
174 US"base62",
175 US"base62d",
176 US"domain",
177 US"escape",
178 US"eval",
179 US"eval10",
180 US"expand",
181 US"h",
182 US"hash",
183 US"hex2b64",
184 US"l",
185 US"lc",
186 US"length",
187 US"listcount",
188 US"listnamed",
189 US"mask",
190 US"md5",
191 US"nh",
192 US"nhash",
193 US"quote",
194 US"randint",
195 US"rfc2047",
196 US"rfc2047d",
197 US"rxquote",
198 US"s",
199 US"sha1",
200 US"stat",
201 US"str2b64",
202 US"strlen",
203 US"substr",
204 US"uc" };
205
206 enum {
207 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
208 EOP_ADDRESSES,
209 EOP_BASE62,
210 EOP_BASE62D,
211 EOP_DOMAIN,
212 EOP_ESCAPE,
213 EOP_EVAL,
214 EOP_EVAL10,
215 EOP_EXPAND,
216 EOP_H,
217 EOP_HASH,
218 EOP_HEX2B64,
219 EOP_L,
220 EOP_LC,
221 EOP_LENGTH,
222 EOP_LISTCOUNT,
223 EOP_LISTNAMED,
224 EOP_MASK,
225 EOP_MD5,
226 EOP_NH,
227 EOP_NHASH,
228 EOP_QUOTE,
229 EOP_RANDINT,
230 EOP_RFC2047,
231 EOP_RFC2047D,
232 EOP_RXQUOTE,
233 EOP_S,
234 EOP_SHA1,
235 EOP_STAT,
236 EOP_STR2B64,
237 EOP_STRLEN,
238 EOP_SUBSTR,
239 EOP_UC };
240
241
242 /* Table of condition names, and corresponding switch numbers. The names must
243 be in alphabetical order. */
244
245 static uschar *cond_table[] = {
246 US"<",
247 US"<=",
248 US"=",
249 US"==", /* Backward compatibility */
250 US">",
251 US">=",
252 US"and",
253 US"bool",
254 US"bool_lax",
255 US"crypteq",
256 US"def",
257 US"eq",
258 US"eqi",
259 US"exists",
260 US"first_delivery",
261 US"forall",
262 US"forany",
263 US"ge",
264 US"gei",
265 US"gt",
266 US"gti",
267 US"inlist",
268 US"inlisti",
269 US"isip",
270 US"isip4",
271 US"isip6",
272 US"ldapauth",
273 US"le",
274 US"lei",
275 US"lt",
276 US"lti",
277 US"match",
278 US"match_address",
279 US"match_domain",
280 US"match_ip",
281 US"match_local_part",
282 US"or",
283 US"pam",
284 US"pwcheck",
285 US"queue_running",
286 US"radius",
287 US"saslauthd"
288 };
289
290 enum {
291 ECOND_NUM_L,
292 ECOND_NUM_LE,
293 ECOND_NUM_E,
294 ECOND_NUM_EE,
295 ECOND_NUM_G,
296 ECOND_NUM_GE,
297 ECOND_AND,
298 ECOND_BOOL,
299 ECOND_BOOL_LAX,
300 ECOND_CRYPTEQ,
301 ECOND_DEF,
302 ECOND_STR_EQ,
303 ECOND_STR_EQI,
304 ECOND_EXISTS,
305 ECOND_FIRST_DELIVERY,
306 ECOND_FORALL,
307 ECOND_FORANY,
308 ECOND_STR_GE,
309 ECOND_STR_GEI,
310 ECOND_STR_GT,
311 ECOND_STR_GTI,
312 ECOND_INLIST,
313 ECOND_INLISTI,
314 ECOND_ISIP,
315 ECOND_ISIP4,
316 ECOND_ISIP6,
317 ECOND_LDAPAUTH,
318 ECOND_STR_LE,
319 ECOND_STR_LEI,
320 ECOND_STR_LT,
321 ECOND_STR_LTI,
322 ECOND_MATCH,
323 ECOND_MATCH_ADDRESS,
324 ECOND_MATCH_DOMAIN,
325 ECOND_MATCH_IP,
326 ECOND_MATCH_LOCAL_PART,
327 ECOND_OR,
328 ECOND_PAM,
329 ECOND_PWCHECK,
330 ECOND_QUEUE_RUNNING,
331 ECOND_RADIUS,
332 ECOND_SASLAUTHD
333 };
334
335
336 /* Type for main variable table */
337
338 typedef struct {
339 const char *name;
340 int type;
341 void *value;
342 } var_entry;
343
344 /* Type for entries pointing to address/length pairs. Not currently
345 in use. */
346
347 typedef struct {
348 uschar **address;
349 int *length;
350 } alblock;
351
352 /* Types of table entry */
353
354 enum {
355 vtype_int, /* value is address of int */
356 vtype_filter_int, /* ditto, but recognized only when filtering */
357 vtype_ino, /* value is address of ino_t (not always an int) */
358 vtype_uid, /* value is address of uid_t (not always an int) */
359 vtype_gid, /* value is address of gid_t (not always an int) */
360 vtype_bool, /* value is address of bool */
361 vtype_stringptr, /* value is address of pointer to string */
362 vtype_msgbody, /* as stringptr, but read when first required */
363 vtype_msgbody_end, /* ditto, the end of the message */
364 vtype_msgheaders, /* the message's headers, processed */
365 vtype_msgheaders_raw, /* the message's headers, unprocessed */
366 vtype_localpart, /* extract local part from string */
367 vtype_domain, /* extract domain from string */
368 vtype_recipients, /* extract recipients from recipients list */
369 /* (available only in system filters, ACLs, and */
370 /* local_scan()) */
371 vtype_todbsdin, /* value not used; generate BSD inbox tod */
372 vtype_tode, /* value not used; generate tod in epoch format */
373 vtype_todel, /* value not used; generate tod in epoch/usec format */
374 vtype_todf, /* value not used; generate full tod */
375 vtype_todl, /* value not used; generate log tod */
376 vtype_todlf, /* value not used; generate log file datestamp tod */
377 vtype_todzone, /* value not used; generate time zone only */
378 vtype_todzulu, /* value not used; generate zulu tod */
379 vtype_reply, /* value not used; get reply from headers */
380 vtype_pid, /* value not used; result is pid */
381 vtype_host_lookup, /* value not used; get host name */
382 vtype_load_avg, /* value not used; result is int from os_getloadavg */
383 vtype_pspace, /* partition space; value is T/F for spool/log */
384 vtype_pinodes /* partition inodes; value is T/F for spool/log */
385 #ifndef DISABLE_DKIM
386 ,vtype_dkim /* Lookup of value in DKIM signature */
387 #endif
388 };
389
390 /* This table must be kept in alphabetical order. */
391
392 static var_entry var_table[] = {
393 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
394 they will be confused with user-creatable ACL variables. */
395 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
396 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
397 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
398 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
399 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
400 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
401 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
402 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
403 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
404 { "acl_narg", vtype_int, &acl_narg },
405 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
406 { "address_data", vtype_stringptr, &deliver_address_data },
407 { "address_file", vtype_stringptr, &address_file },
408 { "address_pipe", vtype_stringptr, &address_pipe },
409 { "authenticated_id", vtype_stringptr, &authenticated_id },
410 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
411 { "authentication_failed",vtype_int, &authentication_failed },
412 #ifdef WITH_CONTENT_SCAN
413 { "av_failed", vtype_int, &av_failed },
414 #endif
415 #ifdef EXPERIMENTAL_BRIGHTMAIL
416 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
417 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
418 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
419 { "bmi_deliver", vtype_int, &bmi_deliver },
420 #endif
421 { "body_linecount", vtype_int, &body_linecount },
422 { "body_zerocount", vtype_int, &body_zerocount },
423 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
424 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
425 { "caller_gid", vtype_gid, &real_gid },
426 { "caller_uid", vtype_uid, &real_uid },
427 { "compile_date", vtype_stringptr, &version_date },
428 { "compile_number", vtype_stringptr, &version_cnumber },
429 { "csa_status", vtype_stringptr, &csa_status },
430 #ifdef EXPERIMENTAL_DCC
431 { "dcc_header", vtype_stringptr, &dcc_header },
432 { "dcc_result", vtype_stringptr, &dcc_result },
433 #endif
434 #ifdef WITH_OLD_DEMIME
435 { "demime_errorlevel", vtype_int, &demime_errorlevel },
436 { "demime_reason", vtype_stringptr, &demime_reason },
437 #endif
438 #ifndef DISABLE_DKIM
439 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
440 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
441 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
442 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
443 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
444 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
445 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
446 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
447 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
448 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
449 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
450 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
451 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
452 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
453 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
454 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
455 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
456 { "dkim_signers", vtype_stringptr, &dkim_signers },
457 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
458 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
459 #endif
460 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
461 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
462 { "dnslist_text", vtype_stringptr, &dnslist_text },
463 { "dnslist_value", vtype_stringptr, &dnslist_value },
464 { "domain", vtype_stringptr, &deliver_domain },
465 { "domain_data", vtype_stringptr, &deliver_domain_data },
466 { "exim_gid", vtype_gid, &exim_gid },
467 { "exim_path", vtype_stringptr, &exim_path },
468 { "exim_uid", vtype_uid, &exim_uid },
469 #ifdef WITH_OLD_DEMIME
470 { "found_extension", vtype_stringptr, &found_extension },
471 #endif
472 { "home", vtype_stringptr, &deliver_home },
473 { "host", vtype_stringptr, &deliver_host },
474 { "host_address", vtype_stringptr, &deliver_host_address },
475 { "host_data", vtype_stringptr, &host_data },
476 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
477 { "host_lookup_failed", vtype_int, &host_lookup_failed },
478 { "inode", vtype_ino, &deliver_inode },
479 { "interface_address", vtype_stringptr, &interface_address },
480 { "interface_port", vtype_int, &interface_port },
481 { "item", vtype_stringptr, &iterate_item },
482 #ifdef LOOKUP_LDAP
483 { "ldap_dn", vtype_stringptr, &eldap_dn },
484 #endif
485 { "load_average", vtype_load_avg, NULL },
486 { "local_part", vtype_stringptr, &deliver_localpart },
487 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
488 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
489 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
490 { "local_scan_data", vtype_stringptr, &local_scan_data },
491 { "local_user_gid", vtype_gid, &local_user_gid },
492 { "local_user_uid", vtype_uid, &local_user_uid },
493 { "localhost_number", vtype_int, &host_number },
494 { "log_inodes", vtype_pinodes, (void *)FALSE },
495 { "log_space", vtype_pspace, (void *)FALSE },
496 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
497 #ifdef WITH_CONTENT_SCAN
498 { "malware_name", vtype_stringptr, &malware_name },
499 #endif
500 { "max_received_linelength", vtype_int, &max_received_linelength },
501 { "message_age", vtype_int, &message_age },
502 { "message_body", vtype_msgbody, &message_body },
503 { "message_body_end", vtype_msgbody_end, &message_body_end },
504 { "message_body_size", vtype_int, &message_body_size },
505 { "message_exim_id", vtype_stringptr, &message_id },
506 { "message_headers", vtype_msgheaders, NULL },
507 { "message_headers_raw", vtype_msgheaders_raw, NULL },
508 { "message_id", vtype_stringptr, &message_id },
509 { "message_linecount", vtype_int, &message_linecount },
510 { "message_size", vtype_int, &message_size },
511 #ifdef WITH_CONTENT_SCAN
512 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
513 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
514 { "mime_boundary", vtype_stringptr, &mime_boundary },
515 { "mime_charset", vtype_stringptr, &mime_charset },
516 { "mime_content_description", vtype_stringptr, &mime_content_description },
517 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
518 { "mime_content_id", vtype_stringptr, &mime_content_id },
519 { "mime_content_size", vtype_int, &mime_content_size },
520 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
521 { "mime_content_type", vtype_stringptr, &mime_content_type },
522 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
523 { "mime_filename", vtype_stringptr, &mime_filename },
524 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
525 { "mime_is_multipart", vtype_int, &mime_is_multipart },
526 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
527 { "mime_part_count", vtype_int, &mime_part_count },
528 #endif
529 { "n0", vtype_filter_int, &filter_n[0] },
530 { "n1", vtype_filter_int, &filter_n[1] },
531 { "n2", vtype_filter_int, &filter_n[2] },
532 { "n3", vtype_filter_int, &filter_n[3] },
533 { "n4", vtype_filter_int, &filter_n[4] },
534 { "n5", vtype_filter_int, &filter_n[5] },
535 { "n6", vtype_filter_int, &filter_n[6] },
536 { "n7", vtype_filter_int, &filter_n[7] },
537 { "n8", vtype_filter_int, &filter_n[8] },
538 { "n9", vtype_filter_int, &filter_n[9] },
539 { "original_domain", vtype_stringptr, &deliver_domain_orig },
540 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
541 { "originator_gid", vtype_gid, &originator_gid },
542 { "originator_uid", vtype_uid, &originator_uid },
543 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
544 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
545 { "pid", vtype_pid, NULL },
546 { "primary_hostname", vtype_stringptr, &primary_hostname },
547 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
548 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
549 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
550 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
551 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
552 { "rcpt_count", vtype_int, &rcpt_count },
553 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
554 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
555 { "received_count", vtype_int, &received_count },
556 { "received_for", vtype_stringptr, &received_for },
557 { "received_ip_address", vtype_stringptr, &interface_address },
558 { "received_port", vtype_int, &interface_port },
559 { "received_protocol", vtype_stringptr, &received_protocol },
560 { "received_time", vtype_int, &received_time },
561 { "recipient_data", vtype_stringptr, &recipient_data },
562 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
563 { "recipients", vtype_recipients, NULL },
564 { "recipients_count", vtype_int, &recipients_count },
565 #ifdef WITH_CONTENT_SCAN
566 { "regex_match_string", vtype_stringptr, &regex_match_string },
567 #endif
568 { "reply_address", vtype_reply, NULL },
569 { "return_path", vtype_stringptr, &return_path },
570 { "return_size_limit", vtype_int, &bounce_return_size_limit },
571 { "runrc", vtype_int, &runrc },
572 { "self_hostname", vtype_stringptr, &self_hostname },
573 { "sender_address", vtype_stringptr, &sender_address },
574 { "sender_address_data", vtype_stringptr, &sender_address_data },
575 { "sender_address_domain", vtype_domain, &sender_address },
576 { "sender_address_local_part", vtype_localpart, &sender_address },
577 { "sender_data", vtype_stringptr, &sender_data },
578 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
579 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
580 { "sender_host_address", vtype_stringptr, &sender_host_address },
581 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
582 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
583 { "sender_host_name", vtype_host_lookup, NULL },
584 { "sender_host_port", vtype_int, &sender_host_port },
585 { "sender_ident", vtype_stringptr, &sender_ident },
586 { "sender_rate", vtype_stringptr, &sender_rate },
587 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
588 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
589 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
590 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
591 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
592 { "sending_port", vtype_int, &sending_port },
593 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
594 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
595 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
596 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
597 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
598 { "sn0", vtype_filter_int, &filter_sn[0] },
599 { "sn1", vtype_filter_int, &filter_sn[1] },
600 { "sn2", vtype_filter_int, &filter_sn[2] },
601 { "sn3", vtype_filter_int, &filter_sn[3] },
602 { "sn4", vtype_filter_int, &filter_sn[4] },
603 { "sn5", vtype_filter_int, &filter_sn[5] },
604 { "sn6", vtype_filter_int, &filter_sn[6] },
605 { "sn7", vtype_filter_int, &filter_sn[7] },
606 { "sn8", vtype_filter_int, &filter_sn[8] },
607 { "sn9", vtype_filter_int, &filter_sn[9] },
608 #ifdef WITH_CONTENT_SCAN
609 { "spam_bar", vtype_stringptr, &spam_bar },
610 { "spam_report", vtype_stringptr, &spam_report },
611 { "spam_score", vtype_stringptr, &spam_score },
612 { "spam_score_int", vtype_stringptr, &spam_score_int },
613 #endif
614 #ifdef EXPERIMENTAL_SPF
615 { "spf_guess", vtype_stringptr, &spf_guess },
616 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
617 { "spf_received", vtype_stringptr, &spf_received },
618 { "spf_result", vtype_stringptr, &spf_result },
619 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
620 #endif
621 { "spool_directory", vtype_stringptr, &spool_directory },
622 { "spool_inodes", vtype_pinodes, (void *)TRUE },
623 { "spool_space", vtype_pspace, (void *)TRUE },
624 #ifdef EXPERIMENTAL_SRS
625 { "srs_db_address", vtype_stringptr, &srs_db_address },
626 { "srs_db_key", vtype_stringptr, &srs_db_key },
627 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
628 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
629 { "srs_recipient", vtype_stringptr, &srs_recipient },
630 { "srs_status", vtype_stringptr, &srs_status },
631 #endif
632 { "thisaddress", vtype_stringptr, &filter_thisaddress },
633
634 /* The non-(in,out) variables are now deprecated */
635 { "tls_bits", vtype_int, &tls_in.bits },
636 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
637 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
638
639 { "tls_in_bits", vtype_int, &tls_in.bits },
640 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
641 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
642 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
643 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
644 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
645 #endif
646 { "tls_out_bits", vtype_int, &tls_out.bits },
647 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
648 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
649 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
650 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
651 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
652 #endif
653
654 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
655 #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
656 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
657 #endif
658
659 { "tod_bsdinbox", vtype_todbsdin, NULL },
660 { "tod_epoch", vtype_tode, NULL },
661 { "tod_epoch_l", vtype_todel, NULL },
662 { "tod_full", vtype_todf, NULL },
663 { "tod_log", vtype_todl, NULL },
664 { "tod_logfile", vtype_todlf, NULL },
665 { "tod_zone", vtype_todzone, NULL },
666 { "tod_zulu", vtype_todzulu, NULL },
667 { "value", vtype_stringptr, &lookup_value },
668 { "version_number", vtype_stringptr, &version_string },
669 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
670 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
671 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
672 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
673 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
674 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
675 };
676
677 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
678 static uschar var_buffer[256];
679 static BOOL malformed_header;
680
681 /* For textual hashes */
682
683 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
684 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
685 "0123456789";
686
687 enum { HMAC_MD5, HMAC_SHA1 };
688
689 /* For numeric hashes */
690
691 static unsigned int prime[] = {
692 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
693 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
694 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
695
696 /* For printing modes in symbolic form */
697
698 static uschar *mtable_normal[] =
699 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
700
701 static uschar *mtable_setid[] =
702 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
703
704 static uschar *mtable_sticky[] =
705 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
706
707
708
709 /*************************************************
710 * Tables for UTF-8 support *
711 *************************************************/
712
713 /* Table of the number of extra characters, indexed by the first character
714 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
715 0x3d. */
716
717 static uschar utf8_table1[] = {
718 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
719 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
720 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
721 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
722
723 /* These are the masks for the data bits in the first byte of a character,
724 indexed by the number of additional bytes. */
725
726 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
727
728 /* Get the next UTF-8 character, advancing the pointer. */
729
730 #define GETUTF8INC(c, ptr) \
731 c = *ptr++; \
732 if ((c & 0xc0) == 0xc0) \
733 { \
734 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
735 int s = 6*a; \
736 c = (c & utf8_table2[a]) << s; \
737 while (a-- > 0) \
738 { \
739 s -= 6; \
740 c |= (*ptr++ & 0x3f) << s; \
741 } \
742 }
743
744
745 /*************************************************
746 * Binary chop search on a table *
747 *************************************************/
748
749 /* This is used for matching expansion items and operators.
750
751 Arguments:
752 name the name that is being sought
753 table the table to search
754 table_size the number of items in the table
755
756 Returns: the offset in the table, or -1
757 */
758
759 static int
760 chop_match(uschar *name, uschar **table, int table_size)
761 {
762 uschar **bot = table;
763 uschar **top = table + table_size;
764
765 while (top > bot)
766 {
767 uschar **mid = bot + (top - bot)/2;
768 int c = Ustrcmp(name, *mid);
769 if (c == 0) return mid - table;
770 if (c > 0) bot = mid + 1; else top = mid;
771 }
772
773 return -1;
774 }
775
776
777
778 /*************************************************
779 * Check a condition string *
780 *************************************************/
781
782 /* This function is called to expand a string, and test the result for a "true"
783 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
784 forced fail or lookup defer. All store used by the function can be released on
785 exit.
786
787 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
788
789 Arguments:
790 condition the condition string
791 m1 text to be incorporated in panic error
792 m2 ditto
793
794 Returns: TRUE if condition is met, FALSE if not
795 */
796
797 BOOL
798 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
799 {
800 int rc;
801 void *reset_point = store_get(0);
802 uschar *ss = expand_string(condition);
803 if (ss == NULL)
804 {
805 if (!expand_string_forcedfail && !search_find_defer)
806 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
807 "for %s %s: %s", condition, m1, m2, expand_string_message);
808 return FALSE;
809 }
810 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
811 strcmpic(ss, US"false") != 0;
812 store_reset(reset_point);
813 return rc;
814 }
815
816
817
818
819 /*************************************************
820 * Pseudo-random number generation *
821 *************************************************/
822
823 /* Pseudo-random number generation. The result is not "expected" to be
824 cryptographically strong but not so weak that someone will shoot themselves
825 in the foot using it as a nonce in some email header scheme or whatever
826 weirdness they'll twist this into. The result should ideally handle fork().
827
828 However, if we're stuck unable to provide this, then we'll fall back to
829 appallingly bad randomness.
830
831 If SUPPORT_TLS is defined then this will not be used except as an emergency
832 fallback.
833
834 Arguments:
835 max range maximum
836 Returns a random number in range [0, max-1]
837 */
838
839 #ifdef SUPPORT_TLS
840 # define vaguely_random_number vaguely_random_number_fallback
841 #endif
842 int
843 vaguely_random_number(int max)
844 {
845 #ifdef SUPPORT_TLS
846 # undef vaguely_random_number
847 #endif
848 static pid_t pid = 0;
849 pid_t p2;
850 #if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
851 struct timeval tv;
852 #endif
853
854 p2 = getpid();
855 if (p2 != pid)
856 {
857 if (pid != 0)
858 {
859
860 #ifdef HAVE_ARC4RANDOM
861 /* cryptographically strong randomness, common on *BSD platforms, not
862 so much elsewhere. Alas. */
863 arc4random_stir();
864 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
865 #ifdef HAVE_SRANDOMDEV
866 /* uses random(4) for seeding */
867 srandomdev();
868 #else
869 gettimeofday(&tv, NULL);
870 srandom(tv.tv_sec | tv.tv_usec | getpid());
871 #endif
872 #else
873 /* Poor randomness and no seeding here */
874 #endif
875
876 }
877 pid = p2;
878 }
879
880 #ifdef HAVE_ARC4RANDOM
881 return arc4random() % max;
882 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
883 return random() % max;
884 #else
885 /* This one returns a 16-bit number, definitely not crypto-strong */
886 return random_number(max);
887 #endif
888 }
889
890
891
892
893 /*************************************************
894 * Pick out a name from a string *
895 *************************************************/
896
897 /* If the name is too long, it is silently truncated.
898
899 Arguments:
900 name points to a buffer into which to put the name
901 max is the length of the buffer
902 s points to the first alphabetic character of the name
903 extras chars other than alphanumerics to permit
904
905 Returns: pointer to the first character after the name
906
907 Note: The test for *s != 0 in the while loop is necessary because
908 Ustrchr() yields non-NULL if the character is zero (which is not something
909 I expected). */
910
911 static uschar *
912 read_name(uschar *name, int max, uschar *s, uschar *extras)
913 {
914 int ptr = 0;
915 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
916 {
917 if (ptr < max-1) name[ptr++] = *s;
918 s++;
919 }
920 name[ptr] = 0;
921 return s;
922 }
923
924
925
926 /*************************************************
927 * Pick out the rest of a header name *
928 *************************************************/
929
930 /* A variable name starting $header_ (or just $h_ for those who like
931 abbreviations) might not be the complete header name because headers can
932 contain any printing characters in their names, except ':'. This function is
933 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
934 on the end, if the name was terminated by white space.
935
936 Arguments:
937 name points to a buffer in which the name read so far exists
938 max is the length of the buffer
939 s points to the first character after the name so far, i.e. the
940 first non-alphameric character after $header_xxxxx
941
942 Returns: a pointer to the first character after the header name
943 */
944
945 static uschar *
946 read_header_name(uschar *name, int max, uschar *s)
947 {
948 int prelen = Ustrchr(name, '_') - name + 1;
949 int ptr = Ustrlen(name) - prelen;
950 if (ptr > 0) memmove(name, name+prelen, ptr);
951 while (mac_isgraph(*s) && *s != ':')
952 {
953 if (ptr < max-1) name[ptr++] = *s;
954 s++;
955 }
956 if (*s == ':') s++;
957 name[ptr++] = ':';
958 name[ptr] = 0;
959 return s;
960 }
961
962
963
964 /*************************************************
965 * Pick out a number from a string *
966 *************************************************/
967
968 /* Arguments:
969 n points to an integer into which to put the number
970 s points to the first digit of the number
971
972 Returns: a pointer to the character after the last digit
973 */
974
975 static uschar *
976 read_number(int *n, uschar *s)
977 {
978 *n = 0;
979 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
980 return s;
981 }
982
983
984
985 /*************************************************
986 * Extract keyed subfield from a string *
987 *************************************************/
988
989 /* The yield is in dynamic store; NULL means that the key was not found.
990
991 Arguments:
992 key points to the name of the key
993 s points to the string from which to extract the subfield
994
995 Returns: NULL if the subfield was not found, or
996 a pointer to the subfield's data
997 */
998
999 static uschar *
1000 expand_getkeyed(uschar *key, uschar *s)
1001 {
1002 int length = Ustrlen(key);
1003 while (isspace(*s)) s++;
1004
1005 /* Loop to search for the key */
1006
1007 while (*s != 0)
1008 {
1009 int dkeylength;
1010 uschar *data;
1011 uschar *dkey = s;
1012
1013 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
1014 dkeylength = s - dkey;
1015 while (isspace(*s)) s++;
1016 if (*s == '=') while (isspace((*(++s))));
1017
1018 data = string_dequote(&s);
1019 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1020 return data;
1021
1022 while (isspace(*s)) s++;
1023 }
1024
1025 return NULL;
1026 }
1027
1028
1029
1030
1031 /*************************************************
1032 * Extract numbered subfield from string *
1033 *************************************************/
1034
1035 /* Extracts a numbered field from a string that is divided by tokens - for
1036 example a line from /etc/passwd is divided by colon characters. First field is
1037 numbered one. Negative arguments count from the right. Zero returns the whole
1038 string. Returns NULL if there are insufficient tokens in the string
1039
1040 ***WARNING***
1041 Modifies final argument - this is a dynamically generated string, so that's OK.
1042
1043 Arguments:
1044 field number of field to be extracted,
1045 first field = 1, whole string = 0, last field = -1
1046 separators characters that are used to break string into tokens
1047 s points to the string from which to extract the subfield
1048
1049 Returns: NULL if the field was not found,
1050 a pointer to the field's data inside s (modified to add 0)
1051 */
1052
1053 static uschar *
1054 expand_gettokened (int field, uschar *separators, uschar *s)
1055 {
1056 int sep = 1;
1057 int count;
1058 uschar *ss = s;
1059 uschar *fieldtext = NULL;
1060
1061 if (field == 0) return s;
1062
1063 /* Break the line up into fields in place; for field > 0 we stop when we have
1064 done the number of fields we want. For field < 0 we continue till the end of
1065 the string, counting the number of fields. */
1066
1067 count = (field > 0)? field : INT_MAX;
1068
1069 while (count-- > 0)
1070 {
1071 size_t len;
1072
1073 /* Previous field was the last one in the string. For a positive field
1074 number, this means there are not enough fields. For a negative field number,
1075 check that there are enough, and scan back to find the one that is wanted. */
1076
1077 if (sep == 0)
1078 {
1079 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1080 if ((-field) == (INT_MAX - count - 1)) return s;
1081 while (field++ < 0)
1082 {
1083 ss--;
1084 while (ss[-1] != 0) ss--;
1085 }
1086 fieldtext = ss;
1087 break;
1088 }
1089
1090 /* Previous field was not last in the string; save its start and put a
1091 zero at its end. */
1092
1093 fieldtext = ss;
1094 len = Ustrcspn(ss, separators);
1095 sep = ss[len];
1096 ss[len] = 0;
1097 ss += len + 1;
1098 }
1099
1100 return fieldtext;
1101 }
1102
1103
1104
1105 /*************************************************
1106 * Extract a substring from a string *
1107 *************************************************/
1108
1109 /* Perform the ${substr or ${length expansion operations.
1110
1111 Arguments:
1112 subject the input string
1113 value1 the offset from the start of the input string to the start of
1114 the output string; if negative, count from the right.
1115 value2 the length of the output string, or negative (-1) for unset
1116 if value1 is positive, unset means "all after"
1117 if value1 is negative, unset means "all before"
1118 len set to the length of the returned string
1119
1120 Returns: pointer to the output string, or NULL if there is an error
1121 */
1122
1123 static uschar *
1124 extract_substr(uschar *subject, int value1, int value2, int *len)
1125 {
1126 int sublen = Ustrlen(subject);
1127
1128 if (value1 < 0) /* count from right */
1129 {
1130 value1 += sublen;
1131
1132 /* If the position is before the start, skip to the start, and adjust the
1133 length. If the length ends up negative, the substring is null because nothing
1134 can precede. This falls out naturally when the length is unset, meaning "all
1135 to the left". */
1136
1137 if (value1 < 0)
1138 {
1139 value2 += value1;
1140 if (value2 < 0) value2 = 0;
1141 value1 = 0;
1142 }
1143
1144 /* Otherwise an unset length => characters before value1 */
1145
1146 else if (value2 < 0)
1147 {
1148 value2 = value1;
1149 value1 = 0;
1150 }
1151 }
1152
1153 /* For a non-negative offset, if the starting position is past the end of the
1154 string, the result will be the null string. Otherwise, an unset length means
1155 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1156
1157 else
1158 {
1159 if (value1 > sublen)
1160 {
1161 value1 = sublen;
1162 value2 = 0;
1163 }
1164 else if (value2 < 0) value2 = sublen;
1165 }
1166
1167 /* Cut the length down to the maximum possible for the offset value, and get
1168 the required characters. */
1169
1170 if (value1 + value2 > sublen) value2 = sublen - value1;
1171 *len = value2;
1172 return subject + value1;
1173 }
1174
1175
1176
1177
1178 /*************************************************
1179 * Old-style hash of a string *
1180 *************************************************/
1181
1182 /* Perform the ${hash expansion operation.
1183
1184 Arguments:
1185 subject the input string (an expanded substring)
1186 value1 the length of the output string; if greater or equal to the
1187 length of the input string, the input string is returned
1188 value2 the number of hash characters to use, or 26 if negative
1189 len set to the length of the returned string
1190
1191 Returns: pointer to the output string, or NULL if there is an error
1192 */
1193
1194 static uschar *
1195 compute_hash(uschar *subject, int value1, int value2, int *len)
1196 {
1197 int sublen = Ustrlen(subject);
1198
1199 if (value2 < 0) value2 = 26;
1200 else if (value2 > Ustrlen(hashcodes))
1201 {
1202 expand_string_message =
1203 string_sprintf("hash count \"%d\" too big", value2);
1204 return NULL;
1205 }
1206
1207 /* Calculate the hash text. We know it is shorter than the original string, so
1208 can safely place it in subject[] (we know that subject is always itself an
1209 expanded substring). */
1210
1211 if (value1 < sublen)
1212 {
1213 int c;
1214 int i = 0;
1215 int j = value1;
1216 while ((c = (subject[j])) != 0)
1217 {
1218 int shift = (c + j++) & 7;
1219 subject[i] ^= (c << shift) | (c >> (8-shift));
1220 if (++i >= value1) i = 0;
1221 }
1222 for (i = 0; i < value1; i++)
1223 subject[i] = hashcodes[(subject[i]) % value2];
1224 }
1225 else value1 = sublen;
1226
1227 *len = value1;
1228 return subject;
1229 }
1230
1231
1232
1233
1234 /*************************************************
1235 * Numeric hash of a string *
1236 *************************************************/
1237
1238 /* Perform the ${nhash expansion operation. The first characters of the
1239 string are treated as most important, and get the highest prime numbers.
1240
1241 Arguments:
1242 subject the input string
1243 value1 the maximum value of the first part of the result
1244 value2 the maximum value of the second part of the result,
1245 or negative to produce only a one-part result
1246 len set to the length of the returned string
1247
1248 Returns: pointer to the output string, or NULL if there is an error.
1249 */
1250
1251 static uschar *
1252 compute_nhash (uschar *subject, int value1, int value2, int *len)
1253 {
1254 uschar *s = subject;
1255 int i = 0;
1256 unsigned long int total = 0; /* no overflow */
1257
1258 while (*s != 0)
1259 {
1260 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1261 total += prime[i--] * (unsigned int)(*s++);
1262 }
1263
1264 /* If value2 is unset, just compute one number */
1265
1266 if (value2 < 0)
1267 {
1268 s = string_sprintf("%d", total % value1);
1269 }
1270
1271 /* Otherwise do a div/mod hash */
1272
1273 else
1274 {
1275 total = total % (value1 * value2);
1276 s = string_sprintf("%d/%d", total/value2, total % value2);
1277 }
1278
1279 *len = Ustrlen(s);
1280 return s;
1281 }
1282
1283
1284
1285
1286
1287 /*************************************************
1288 * Find the value of a header or headers *
1289 *************************************************/
1290
1291 /* Multiple instances of the same header get concatenated, and this function
1292 can also return a concatenation of all the header lines. When concatenating
1293 specific headers that contain lists of addresses, a comma is inserted between
1294 them. Otherwise we use a straight concatenation. Because some messages can have
1295 pathologically large number of lines, there is a limit on the length that is
1296 returned. Also, to avoid massive store use which would result from using
1297 string_cat() as it copies and extends strings, we do a preliminary pass to find
1298 out exactly how much store will be needed. On "normal" messages this will be
1299 pretty trivial.
1300
1301 Arguments:
1302 name the name of the header, without the leading $header_ or $h_,
1303 or NULL if a concatenation of all headers is required
1304 exists_only TRUE if called from a def: test; don't need to build a string;
1305 just return a string that is not "" and not "0" if the header
1306 exists
1307 newsize return the size of memory block that was obtained; may be NULL
1308 if exists_only is TRUE
1309 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1310 other than concatenating, will be done on the header. Also used
1311 for $message_headers_raw.
1312 charset name of charset to translate MIME words to; used only if
1313 want_raw is false; if NULL, no translation is done (this is
1314 used for $bh_ and $bheader_)
1315
1316 Returns: NULL if the header does not exist, else a pointer to a new
1317 store block
1318 */
1319
1320 static uschar *
1321 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1322 uschar *charset)
1323 {
1324 BOOL found = name == NULL;
1325 int comma = 0;
1326 int len = found? 0 : Ustrlen(name);
1327 int i;
1328 uschar *yield = NULL;
1329 uschar *ptr = NULL;
1330
1331 /* Loop for two passes - saves code repetition */
1332
1333 for (i = 0; i < 2; i++)
1334 {
1335 int size = 0;
1336 header_line *h;
1337
1338 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1339 {
1340 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1341 {
1342 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1343 {
1344 int ilen;
1345 uschar *t;
1346
1347 if (exists_only) return US"1"; /* don't need actual string */
1348 found = TRUE;
1349 t = h->text + len; /* text to insert */
1350 if (!want_raw) /* unless wanted raw, */
1351 while (isspace(*t)) t++; /* remove leading white space */
1352 ilen = h->slen - (t - h->text); /* length to insert */
1353
1354 /* Unless wanted raw, remove trailing whitespace, including the
1355 newline. */
1356
1357 if (!want_raw)
1358 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1359
1360 /* Set comma = 1 if handling a single header and it's one of those
1361 that contains an address list, except when asked for raw headers. Only
1362 need to do this once. */
1363
1364 if (!want_raw && name != NULL && comma == 0 &&
1365 Ustrchr("BCFRST", h->type) != NULL)
1366 comma = 1;
1367
1368 /* First pass - compute total store needed; second pass - compute
1369 total store used, including this header. */
1370
1371 size += ilen + comma + 1; /* +1 for the newline */
1372
1373 /* Second pass - concatentate the data, up to a maximum. Note that
1374 the loop stops when size hits the limit. */
1375
1376 if (i != 0)
1377 {
1378 if (size > header_insert_maxlen)
1379 {
1380 ilen -= size - header_insert_maxlen - 1;
1381 comma = 0;
1382 }
1383 Ustrncpy(ptr, t, ilen);
1384 ptr += ilen;
1385
1386 /* For a non-raw header, put in the comma if needed, then add
1387 back the newline we removed above, provided there was some text in
1388 the header. */
1389
1390 if (!want_raw && ilen > 0)
1391 {
1392 if (comma != 0) *ptr++ = ',';
1393 *ptr++ = '\n';
1394 }
1395 }
1396 }
1397 }
1398 }
1399
1400 /* At end of first pass, return NULL if no header found. Then truncate size
1401 if necessary, and get the buffer to hold the data, returning the buffer size.
1402 */
1403
1404 if (i == 0)
1405 {
1406 if (!found) return NULL;
1407 if (size > header_insert_maxlen) size = header_insert_maxlen;
1408 *newsize = size + 1;
1409 ptr = yield = store_get(*newsize);
1410 }
1411 }
1412
1413 /* That's all we do for raw header expansion. */
1414
1415 if (want_raw)
1416 {
1417 *ptr = 0;
1418 }
1419
1420 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1421 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1422 function can return an error with decoded data if the charset translation
1423 fails. If decoding fails, it returns NULL. */
1424
1425 else
1426 {
1427 uschar *decoded, *error;
1428 if (ptr > yield && ptr[-1] == '\n') ptr--;
1429 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1430 *ptr = 0;
1431 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1432 newsize, &error);
1433 if (error != NULL)
1434 {
1435 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1436 " input was: %s\n", error, yield);
1437 }
1438 if (decoded != NULL) yield = decoded;
1439 }
1440
1441 return yield;
1442 }
1443
1444
1445
1446
1447 /*************************************************
1448 * Find value of a variable *
1449 *************************************************/
1450
1451 /* The table of variables is kept in alphabetic order, so we can search it
1452 using a binary chop. The "choplen" variable is nothing to do with the binary
1453 chop.
1454
1455 Arguments:
1456 name the name of the variable being sought
1457 exists_only TRUE if this is a def: test; passed on to find_header()
1458 skipping TRUE => skip any processing evaluation; this is not the same as
1459 exists_only because def: may test for values that are first
1460 evaluated here
1461 newsize pointer to an int which is initially zero; if the answer is in
1462 a new memory buffer, *newsize is set to its size
1463
1464 Returns: NULL if the variable does not exist, or
1465 a pointer to the variable's contents, or
1466 something non-NULL if exists_only is TRUE
1467 */
1468
1469 static uschar *
1470 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1471 {
1472 int first = 0;
1473 int last = var_table_size;
1474
1475 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1476 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1477 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1478 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1479 (this gave backwards compatibility at the changeover). There may be built-in
1480 variables whose names start acl_ but they should never start in this way. This
1481 slightly messy specification is a consequence of the history, needless to say.
1482
1483 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1484 set, in which case give an error. */
1485
1486 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1487 !isalpha(name[5]))
1488 {
1489 tree_node *node =
1490 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1491 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1492 }
1493
1494 /* Handle $auth<n> variables. */
1495
1496 if (Ustrncmp(name, "auth", 4) == 0)
1497 {
1498 uschar *endptr;
1499 int n = Ustrtoul(name + 4, &endptr, 10);
1500 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1501 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1502 }
1503
1504 /* For all other variables, search the table */
1505
1506 while (last > first)
1507 {
1508 uschar *s, *domain;
1509 uschar **ss;
1510 int middle = (first + last)/2;
1511 int c = Ustrcmp(name, var_table[middle].name);
1512
1513 if (c > 0) { first = middle + 1; continue; }
1514 if (c < 0) { last = middle; continue; }
1515
1516 /* Found an existing variable. If in skipping state, the value isn't needed,
1517 and we want to avoid processing (such as looking up the host name). */
1518
1519 if (skipping) return US"";
1520
1521 switch (var_table[middle].type)
1522 {
1523 case vtype_filter_int:
1524 if (!filter_running) return NULL;
1525 /* Fall through */
1526 /* VVVVVVVVVVVV */
1527 case vtype_int:
1528 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1529 return var_buffer;
1530
1531 case vtype_ino:
1532 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1533 return var_buffer;
1534
1535 case vtype_gid:
1536 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1537 return var_buffer;
1538
1539 case vtype_uid:
1540 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1541 return var_buffer;
1542
1543 case vtype_bool:
1544 sprintf(CS var_buffer, "%s", *(BOOL *)(var_table[middle].value) ? "yes" : "no"); /* bool */
1545 return var_buffer;
1546
1547 case vtype_stringptr: /* Pointer to string */
1548 s = *((uschar **)(var_table[middle].value));
1549 return (s == NULL)? US"" : s;
1550
1551 case vtype_pid:
1552 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1553 return var_buffer;
1554
1555 case vtype_load_avg:
1556 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1557 return var_buffer;
1558
1559 case vtype_host_lookup: /* Lookup if not done so */
1560 if (sender_host_name == NULL && sender_host_address != NULL &&
1561 !host_lookup_failed && host_name_lookup() == OK)
1562 host_build_sender_fullhost();
1563 return (sender_host_name == NULL)? US"" : sender_host_name;
1564
1565 case vtype_localpart: /* Get local part from address */
1566 s = *((uschar **)(var_table[middle].value));
1567 if (s == NULL) return US"";
1568 domain = Ustrrchr(s, '@');
1569 if (domain == NULL) return s;
1570 if (domain - s > sizeof(var_buffer) - 1)
1571 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1572 " in string expansion", sizeof(var_buffer));
1573 Ustrncpy(var_buffer, s, domain - s);
1574 var_buffer[domain - s] = 0;
1575 return var_buffer;
1576
1577 case vtype_domain: /* Get domain from address */
1578 s = *((uschar **)(var_table[middle].value));
1579 if (s == NULL) return US"";
1580 domain = Ustrrchr(s, '@');
1581 return (domain == NULL)? US"" : domain + 1;
1582
1583 case vtype_msgheaders:
1584 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1585
1586 case vtype_msgheaders_raw:
1587 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1588
1589 case vtype_msgbody: /* Pointer to msgbody string */
1590 case vtype_msgbody_end: /* Ditto, the end of the msg */
1591 ss = (uschar **)(var_table[middle].value);
1592 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1593 {
1594 uschar *body;
1595 off_t start_offset = SPOOL_DATA_START_OFFSET;
1596 int len = message_body_visible;
1597 if (len > message_size) len = message_size;
1598 *ss = body = store_malloc(len+1);
1599 body[0] = 0;
1600 if (var_table[middle].type == vtype_msgbody_end)
1601 {
1602 struct stat statbuf;
1603 if (fstat(deliver_datafile, &statbuf) == 0)
1604 {
1605 start_offset = statbuf.st_size - len;
1606 if (start_offset < SPOOL_DATA_START_OFFSET)
1607 start_offset = SPOOL_DATA_START_OFFSET;
1608 }
1609 }
1610 lseek(deliver_datafile, start_offset, SEEK_SET);
1611 len = read(deliver_datafile, body, len);
1612 if (len > 0)
1613 {
1614 body[len] = 0;
1615 if (message_body_newlines) /* Separate loops for efficiency */
1616 {
1617 while (len > 0)
1618 { if (body[--len] == 0) body[len] = ' '; }
1619 }
1620 else
1621 {
1622 while (len > 0)
1623 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1624 }
1625 }
1626 }
1627 return (*ss == NULL)? US"" : *ss;
1628
1629 case vtype_todbsdin: /* BSD inbox time of day */
1630 return tod_stamp(tod_bsdin);
1631
1632 case vtype_tode: /* Unix epoch time of day */
1633 return tod_stamp(tod_epoch);
1634
1635 case vtype_todel: /* Unix epoch/usec time of day */
1636 return tod_stamp(tod_epoch_l);
1637
1638 case vtype_todf: /* Full time of day */
1639 return tod_stamp(tod_full);
1640
1641 case vtype_todl: /* Log format time of day */
1642 return tod_stamp(tod_log_bare); /* (without timezone) */
1643
1644 case vtype_todzone: /* Time zone offset only */
1645 return tod_stamp(tod_zone);
1646
1647 case vtype_todzulu: /* Zulu time */
1648 return tod_stamp(tod_zulu);
1649
1650 case vtype_todlf: /* Log file datestamp tod */
1651 return tod_stamp(tod_log_datestamp_daily);
1652
1653 case vtype_reply: /* Get reply address */
1654 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1655 headers_charset);
1656 if (s != NULL) while (isspace(*s)) s++;
1657 if (s == NULL || *s == 0)
1658 {
1659 *newsize = 0; /* For the *s==0 case */
1660 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1661 }
1662 if (s != NULL)
1663 {
1664 uschar *t;
1665 while (isspace(*s)) s++;
1666 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1667 while (t > s && isspace(t[-1])) t--;
1668 *t = 0;
1669 }
1670 return (s == NULL)? US"" : s;
1671
1672 /* A recipients list is available only during system message filtering,
1673 during ACL processing after DATA, and while expanding pipe commands
1674 generated from a system filter, but not elsewhere. */
1675
1676 case vtype_recipients:
1677 if (!enable_dollar_recipients) return NULL; else
1678 {
1679 int size = 128;
1680 int ptr = 0;
1681 int i;
1682 s = store_get(size);
1683 for (i = 0; i < recipients_count; i++)
1684 {
1685 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1686 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1687 Ustrlen(recipients_list[i].address));
1688 }
1689 s[ptr] = 0; /* string_cat() leaves room */
1690 }
1691 return s;
1692
1693 case vtype_pspace:
1694 {
1695 int inodes;
1696 sprintf(CS var_buffer, "%d",
1697 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1698 }
1699 return var_buffer;
1700
1701 case vtype_pinodes:
1702 {
1703 int inodes;
1704 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1705 sprintf(CS var_buffer, "%d", inodes);
1706 }
1707 return var_buffer;
1708
1709 #ifndef DISABLE_DKIM
1710 case vtype_dkim:
1711 return dkim_exim_expand_query((int)(long)var_table[middle].value);
1712 #endif
1713
1714 }
1715 }
1716
1717 return NULL; /* Unknown variable name */
1718 }
1719
1720
1721
1722
1723 void
1724 modify_variable(uschar *name, void * value)
1725 {
1726 int first = 0;
1727 int last = var_table_size;
1728
1729 while (last > first)
1730 {
1731 int middle = (first + last)/2;
1732 int c = Ustrcmp(name, var_table[middle].name);
1733
1734 if (c > 0) { first = middle + 1; continue; }
1735 if (c < 0) { last = middle; continue; }
1736
1737 /* Found an existing variable; change the item it refers to */
1738 var_table[middle].value = value;
1739 return;
1740 }
1741 return; /* Unknown variable name, fail silently */
1742 }
1743
1744
1745
1746
1747
1748 /*************************************************
1749 * Read and expand substrings *
1750 *************************************************/
1751
1752 /* This function is called to read and expand argument substrings for various
1753 expansion items. Some have a minimum requirement that is less than the maximum;
1754 in these cases, the first non-present one is set to NULL.
1755
1756 Arguments:
1757 sub points to vector of pointers to set
1758 n maximum number of substrings
1759 m minimum required
1760 sptr points to current string pointer
1761 skipping the skipping flag
1762 check_end if TRUE, check for final '}'
1763 name name of item, for error message
1764
1765 Returns: 0 OK; string pointer updated
1766 1 curly bracketing error (too few arguments)
1767 2 too many arguments (only if check_end is set); message set
1768 3 other error (expansion failure)
1769 */
1770
1771 static int
1772 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1773 BOOL check_end, uschar *name)
1774 {
1775 int i;
1776 uschar *s = *sptr;
1777
1778 while (isspace(*s)) s++;
1779 for (i = 0; i < n; i++)
1780 {
1781 if (*s != '{')
1782 {
1783 if (i < m) return 1;
1784 sub[i] = NULL;
1785 break;
1786 }
1787 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
1788 if (sub[i] == NULL) return 3;
1789 if (*s++ != '}') return 1;
1790 while (isspace(*s)) s++;
1791 }
1792 if (check_end && *s++ != '}')
1793 {
1794 if (s[-1] == '{')
1795 {
1796 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1797 "(max is %d)", name, n);
1798 return 2;
1799 }
1800 return 1;
1801 }
1802
1803 *sptr = s;
1804 return 0;
1805 }
1806
1807
1808
1809
1810 /*************************************************
1811 * Elaborate message for bad variable *
1812 *************************************************/
1813
1814 /* For the "unknown variable" message, take a look at the variable's name, and
1815 give additional information about possible ACL variables. The extra information
1816 is added on to expand_string_message.
1817
1818 Argument: the name of the variable
1819 Returns: nothing
1820 */
1821
1822 static void
1823 check_variable_error_message(uschar *name)
1824 {
1825 if (Ustrncmp(name, "acl_", 4) == 0)
1826 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1827 (name[4] == 'c' || name[4] == 'm')?
1828 (isalpha(name[5])?
1829 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1830 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1831 ) :
1832 US"user-defined ACL variables must start acl_c or acl_m");
1833 }
1834
1835
1836
1837 /*************************************************
1838 * Read and evaluate a condition *
1839 *************************************************/
1840
1841 /*
1842 Arguments:
1843 s points to the start of the condition text
1844 yield points to a BOOL to hold the result of the condition test;
1845 if NULL, we are just reading through a condition that is
1846 part of an "or" combination to check syntax, or in a state
1847 where the answer isn't required
1848
1849 Returns: a pointer to the first character after the condition, or
1850 NULL after an error
1851 */
1852
1853 static uschar *
1854 eval_condition(uschar *s, BOOL *yield)
1855 {
1856 BOOL testfor = TRUE;
1857 BOOL tempcond, combined_cond;
1858 BOOL *subcondptr;
1859 BOOL sub2_honour_dollar = TRUE;
1860 int i, rc, cond_type, roffset;
1861 int_eximarith_t num[2];
1862 struct stat statbuf;
1863 uschar name[256];
1864 uschar *sub[4];
1865
1866 const pcre *re;
1867 const uschar *rerror;
1868
1869 for (;;)
1870 {
1871 while (isspace(*s)) s++;
1872 if (*s == '!') { testfor = !testfor; s++; } else break;
1873 }
1874
1875 /* Numeric comparisons are symbolic */
1876
1877 if (*s == '=' || *s == '>' || *s == '<')
1878 {
1879 int p = 0;
1880 name[p++] = *s++;
1881 if (*s == '=')
1882 {
1883 name[p++] = '=';
1884 s++;
1885 }
1886 name[p] = 0;
1887 }
1888
1889 /* All other conditions are named */
1890
1891 else s = read_name(name, 256, s, US"_");
1892
1893 /* If we haven't read a name, it means some non-alpha character is first. */
1894
1895 if (name[0] == 0)
1896 {
1897 expand_string_message = string_sprintf("condition name expected, "
1898 "but found \"%.16s\"", s);
1899 return NULL;
1900 }
1901
1902 /* Find which condition we are dealing with, and switch on it */
1903
1904 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1905 switch(cond_type)
1906 {
1907 /* def: tests for a non-empty variable, or for the existence of a header. If
1908 yield == NULL we are in a skipping state, and don't care about the answer. */
1909
1910 case ECOND_DEF:
1911 if (*s != ':')
1912 {
1913 expand_string_message = US"\":\" expected after \"def\"";
1914 return NULL;
1915 }
1916
1917 s = read_name(name, 256, s+1, US"_");
1918
1919 /* Test for a header's existence. If the name contains a closing brace
1920 character, this may be a user error where the terminating colon has been
1921 omitted. Set a flag to adjust a subsequent error message in this case. */
1922
1923 if (Ustrncmp(name, "h_", 2) == 0 ||
1924 Ustrncmp(name, "rh_", 3) == 0 ||
1925 Ustrncmp(name, "bh_", 3) == 0 ||
1926 Ustrncmp(name, "header_", 7) == 0 ||
1927 Ustrncmp(name, "rheader_", 8) == 0 ||
1928 Ustrncmp(name, "bheader_", 8) == 0)
1929 {
1930 s = read_header_name(name, 256, s);
1931 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
1932 if (yield != NULL) *yield =
1933 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1934 }
1935
1936 /* Test for a variable's having a non-empty value. A non-existent variable
1937 causes an expansion failure. */
1938
1939 else
1940 {
1941 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1942 if (value == NULL)
1943 {
1944 expand_string_message = (name[0] == 0)?
1945 string_sprintf("variable name omitted after \"def:\"") :
1946 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1947 check_variable_error_message(name);
1948 return NULL;
1949 }
1950 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1951 }
1952
1953 return s;
1954
1955
1956 /* first_delivery tests for first delivery attempt */
1957
1958 case ECOND_FIRST_DELIVERY:
1959 if (yield != NULL) *yield = deliver_firsttime == testfor;
1960 return s;
1961
1962
1963 /* queue_running tests for any process started by a queue runner */
1964
1965 case ECOND_QUEUE_RUNNING:
1966 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1967 return s;
1968
1969
1970 /* exists: tests for file existence
1971 isip: tests for any IP address
1972 isip4: tests for an IPv4 address
1973 isip6: tests for an IPv6 address
1974 pam: does PAM authentication
1975 radius: does RADIUS authentication
1976 ldapauth: does LDAP authentication
1977 pwcheck: does Cyrus SASL pwcheck authentication
1978 */
1979
1980 case ECOND_EXISTS:
1981 case ECOND_ISIP:
1982 case ECOND_ISIP4:
1983 case ECOND_ISIP6:
1984 case ECOND_PAM:
1985 case ECOND_RADIUS:
1986 case ECOND_LDAPAUTH:
1987 case ECOND_PWCHECK:
1988
1989 while (isspace(*s)) s++;
1990 if (*s != '{') goto COND_FAILED_CURLY_START;
1991
1992 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE);
1993 if (sub[0] == NULL) return NULL;
1994 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1995
1996 if (yield == NULL) return s; /* No need to run the test if skipping */
1997
1998 switch(cond_type)
1999 {
2000 case ECOND_EXISTS:
2001 if ((expand_forbid & RDO_EXISTS) != 0)
2002 {
2003 expand_string_message = US"File existence tests are not permitted";
2004 return NULL;
2005 }
2006 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2007 break;
2008
2009 case ECOND_ISIP:
2010 case ECOND_ISIP4:
2011 case ECOND_ISIP6:
2012 rc = string_is_ip_address(sub[0], NULL);
2013 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2014 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2015 break;
2016
2017 /* Various authentication tests - all optionally compiled */
2018
2019 case ECOND_PAM:
2020 #ifdef SUPPORT_PAM
2021 rc = auth_call_pam(sub[0], &expand_string_message);
2022 goto END_AUTH;
2023 #else
2024 goto COND_FAILED_NOT_COMPILED;
2025 #endif /* SUPPORT_PAM */
2026
2027 case ECOND_RADIUS:
2028 #ifdef RADIUS_CONFIG_FILE
2029 rc = auth_call_radius(sub[0], &expand_string_message);
2030 goto END_AUTH;
2031 #else
2032 goto COND_FAILED_NOT_COMPILED;
2033 #endif /* RADIUS_CONFIG_FILE */
2034
2035 case ECOND_LDAPAUTH:
2036 #ifdef LOOKUP_LDAP
2037 {
2038 /* Just to keep the interface the same */
2039 BOOL do_cache;
2040 int old_pool = store_pool;
2041 store_pool = POOL_SEARCH;
2042 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2043 &expand_string_message, &do_cache);
2044 store_pool = old_pool;
2045 }
2046 goto END_AUTH;
2047 #else
2048 goto COND_FAILED_NOT_COMPILED;
2049 #endif /* LOOKUP_LDAP */
2050
2051 case ECOND_PWCHECK:
2052 #ifdef CYRUS_PWCHECK_SOCKET
2053 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2054 goto END_AUTH;
2055 #else
2056 goto COND_FAILED_NOT_COMPILED;
2057 #endif /* CYRUS_PWCHECK_SOCKET */
2058
2059 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2060 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2061 END_AUTH:
2062 if (rc == ERROR || rc == DEFER) return NULL;
2063 *yield = (rc == OK) == testfor;
2064 #endif
2065 }
2066 return s;
2067
2068
2069 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2070
2071 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
2072
2073 However, the last two are optional. That is why the whole set is enclosed
2074 in their own set or braces. */
2075
2076 case ECOND_SASLAUTHD:
2077 #ifndef CYRUS_SASLAUTHD_SOCKET
2078 goto COND_FAILED_NOT_COMPILED;
2079 #else
2080 while (isspace(*s)) s++;
2081 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2082 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
2083 {
2084 case 1: expand_string_message = US"too few arguments or bracketing "
2085 "error for saslauthd";
2086 case 2:
2087 case 3: return NULL;
2088 }
2089 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2090 if (yield != NULL)
2091 {
2092 int rc;
2093 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2094 &expand_string_message);
2095 if (rc == ERROR || rc == DEFER) return NULL;
2096 *yield = (rc == OK) == testfor;
2097 }
2098 return s;
2099 #endif /* CYRUS_SASLAUTHD_SOCKET */
2100
2101
2102 /* symbolic operators for numeric and string comparison, and a number of
2103 other operators, all requiring two arguments.
2104
2105 crypteq: encrypts plaintext and compares against an encrypted text,
2106 using crypt(), crypt16(), MD5 or SHA-1
2107 inlist/inlisti: checks if first argument is in the list of the second
2108 match: does a regular expression match and sets up the numerical
2109 variables if it succeeds
2110 match_address: matches in an address list
2111 match_domain: matches in a domain list
2112 match_ip: matches a host list that is restricted to IP addresses
2113 match_local_part: matches in a local part list
2114 */
2115
2116 case ECOND_MATCH_ADDRESS:
2117 case ECOND_MATCH_DOMAIN:
2118 case ECOND_MATCH_IP:
2119 case ECOND_MATCH_LOCAL_PART:
2120 #ifndef EXPAND_LISTMATCH_RHS
2121 sub2_honour_dollar = FALSE;
2122 #endif
2123 /* FALLTHROUGH */
2124
2125 case ECOND_CRYPTEQ:
2126 case ECOND_INLIST:
2127 case ECOND_INLISTI:
2128 case ECOND_MATCH:
2129
2130 case ECOND_NUM_L: /* Numerical comparisons */
2131 case ECOND_NUM_LE:
2132 case ECOND_NUM_E:
2133 case ECOND_NUM_EE:
2134 case ECOND_NUM_G:
2135 case ECOND_NUM_GE:
2136
2137 case ECOND_STR_LT: /* String comparisons */
2138 case ECOND_STR_LTI:
2139 case ECOND_STR_LE:
2140 case ECOND_STR_LEI:
2141 case ECOND_STR_EQ:
2142 case ECOND_STR_EQI:
2143 case ECOND_STR_GT:
2144 case ECOND_STR_GTI:
2145 case ECOND_STR_GE:
2146 case ECOND_STR_GEI:
2147
2148 for (i = 0; i < 2; i++)
2149 {
2150 /* Sometimes, we don't expand substrings; too many insecure configurations
2151 created using match_address{}{} and friends, where the second param
2152 includes information from untrustworthy sources. */
2153 BOOL honour_dollar = TRUE;
2154 if ((i > 0) && !sub2_honour_dollar)
2155 honour_dollar = FALSE;
2156
2157 while (isspace(*s)) s++;
2158 if (*s != '{')
2159 {
2160 if (i == 0) goto COND_FAILED_CURLY_START;
2161 expand_string_message = string_sprintf("missing 2nd string in {} "
2162 "after \"%s\"", name);
2163 return NULL;
2164 }
2165 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2166 honour_dollar);
2167 if (sub[i] == NULL) return NULL;
2168 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2169
2170 /* Convert to numerical if required; we know that the names of all the
2171 conditions that compare numbers do not start with a letter. This just saves
2172 checking for them individually. */
2173
2174 if (!isalpha(name[0]) && yield != NULL)
2175 {
2176 if (sub[i][0] == 0)
2177 {
2178 num[i] = 0;
2179 DEBUG(D_expand)
2180 debug_printf("empty string cast to zero for numerical comparison\n");
2181 }
2182 else
2183 {
2184 num[i] = expand_string_integer(sub[i], FALSE);
2185 if (expand_string_message != NULL) return NULL;
2186 }
2187 }
2188 }
2189
2190 /* Result not required */
2191
2192 if (yield == NULL) return s;
2193
2194 /* Do an appropriate comparison */
2195
2196 switch(cond_type)
2197 {
2198 case ECOND_NUM_E:
2199 case ECOND_NUM_EE:
2200 *yield = (num[0] == num[1]) == testfor;
2201 break;
2202
2203 case ECOND_NUM_G:
2204 *yield = (num[0] > num[1]) == testfor;
2205 break;
2206
2207 case ECOND_NUM_GE:
2208 *yield = (num[0] >= num[1]) == testfor;
2209 break;
2210
2211 case ECOND_NUM_L:
2212 *yield = (num[0] < num[1]) == testfor;
2213 break;
2214
2215 case ECOND_NUM_LE:
2216 *yield = (num[0] <= num[1]) == testfor;
2217 break;
2218
2219 case ECOND_STR_LT:
2220 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
2221 break;
2222
2223 case ECOND_STR_LTI:
2224 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
2225 break;
2226
2227 case ECOND_STR_LE:
2228 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
2229 break;
2230
2231 case ECOND_STR_LEI:
2232 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
2233 break;
2234
2235 case ECOND_STR_EQ:
2236 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
2237 break;
2238
2239 case ECOND_STR_EQI:
2240 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
2241 break;
2242
2243 case ECOND_STR_GT:
2244 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
2245 break;
2246
2247 case ECOND_STR_GTI:
2248 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
2249 break;
2250
2251 case ECOND_STR_GE:
2252 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2253 break;
2254
2255 case ECOND_STR_GEI:
2256 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2257 break;
2258
2259 case ECOND_MATCH: /* Regular expression match */
2260 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2261 NULL);
2262 if (re == NULL)
2263 {
2264 expand_string_message = string_sprintf("regular expression error in "
2265 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2266 return NULL;
2267 }
2268 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2269 break;
2270
2271 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2272 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2273 goto MATCHED_SOMETHING;
2274
2275 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2276 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2277 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2278 goto MATCHED_SOMETHING;
2279
2280 case ECOND_MATCH_IP: /* Match IP address in a host list */
2281 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2282 {
2283 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2284 sub[0]);
2285 return NULL;
2286 }
2287 else
2288 {
2289 unsigned int *nullcache = NULL;
2290 check_host_block cb;
2291
2292 cb.host_name = US"";
2293 cb.host_address = sub[0];
2294
2295 /* If the host address starts off ::ffff: it is an IPv6 address in
2296 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2297 addresses. */
2298
2299 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2300 cb.host_address + 7 : cb.host_address;
2301
2302 rc = match_check_list(
2303 &sub[1], /* the list */
2304 0, /* separator character */
2305 &hostlist_anchor, /* anchor pointer */
2306 &nullcache, /* cache pointer */
2307 check_host, /* function for testing */
2308 &cb, /* argument for function */
2309 MCL_HOST, /* type of check */
2310 sub[0], /* text for debugging */
2311 NULL); /* where to pass back data */
2312 }
2313 goto MATCHED_SOMETHING;
2314
2315 case ECOND_MATCH_LOCAL_PART:
2316 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2317 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2318 /* Fall through */
2319 /* VVVVVVVVVVVV */
2320 MATCHED_SOMETHING:
2321 switch(rc)
2322 {
2323 case OK:
2324 *yield = testfor;
2325 break;
2326
2327 case FAIL:
2328 *yield = !testfor;
2329 break;
2330
2331 case DEFER:
2332 expand_string_message = string_sprintf("unable to complete match "
2333 "against \"%s\": %s", sub[1], search_error_message);
2334 return NULL;
2335 }
2336
2337 break;
2338
2339 /* Various "encrypted" comparisons. If the second string starts with
2340 "{" then an encryption type is given. Default to crypt() or crypt16()
2341 (build-time choice). */
2342
2343 case ECOND_CRYPTEQ:
2344 #ifndef SUPPORT_CRYPTEQ
2345 goto COND_FAILED_NOT_COMPILED;
2346 #else
2347 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2348 {
2349 int sublen = Ustrlen(sub[1]+5);
2350 md5 base;
2351 uschar digest[16];
2352
2353 md5_start(&base);
2354 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2355
2356 /* If the length that we are comparing against is 24, the MD5 digest
2357 is expressed as a base64 string. This is the way LDAP does it. However,
2358 some other software uses a straightforward hex representation. We assume
2359 this if the length is 32. Other lengths fail. */
2360
2361 if (sublen == 24)
2362 {
2363 uschar *coded = auth_b64encode((uschar *)digest, 16);
2364 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2365 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2366 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2367 }
2368 else if (sublen == 32)
2369 {
2370 int i;
2371 uschar coded[36];
2372 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2373 coded[32] = 0;
2374 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2375 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2376 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2377 }
2378 else
2379 {
2380 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2381 "fail\n crypted=%s\n", sub[1]+5);
2382 *yield = !testfor;
2383 }
2384 }
2385
2386 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2387 {
2388 int sublen = Ustrlen(sub[1]+6);
2389 sha1 base;
2390 uschar digest[20];
2391
2392 sha1_start(&base);
2393 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2394
2395 /* If the length that we are comparing against is 28, assume the SHA1
2396 digest is expressed as a base64 string. If the length is 40, assume a
2397 straightforward hex representation. Other lengths fail. */
2398
2399 if (sublen == 28)
2400 {
2401 uschar *coded = auth_b64encode((uschar *)digest, 20);
2402 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2403 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2404 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2405 }
2406 else if (sublen == 40)
2407 {
2408 int i;
2409 uschar coded[44];
2410 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2411 coded[40] = 0;
2412 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2413 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2414 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2415 }
2416 else
2417 {
2418 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2419 "fail\n crypted=%s\n", sub[1]+6);
2420 *yield = !testfor;
2421 }
2422 }
2423
2424 else /* {crypt} or {crypt16} and non-{ at start */
2425 /* }-for-text-editors */
2426 {
2427 int which = 0;
2428 uschar *coded;
2429
2430 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2431 {
2432 sub[1] += 7;
2433 which = 1;
2434 }
2435 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2436 {
2437 sub[1] += 9;
2438 which = 2;
2439 }
2440 else if (sub[1][0] == '{')
2441 {
2442 expand_string_message = string_sprintf("unknown encryption mechanism "
2443 "in \"%s\"", sub[1]);
2444 return NULL;
2445 }
2446
2447 switch(which)
2448 {
2449 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2450 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2451 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2452 }
2453
2454 #define STR(s) # s
2455 #define XSTR(s) STR(s)
2456 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2457 " subject=%s\n crypted=%s\n",
2458 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2459 coded, sub[1]);
2460 #undef STR
2461 #undef XSTR
2462
2463 /* If the encrypted string contains fewer than two characters (for the
2464 salt), force failure. Otherwise we get false positives: with an empty
2465 string the yield of crypt() is an empty string! */
2466
2467 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2468 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2469 }
2470 break;
2471 #endif /* SUPPORT_CRYPTEQ */
2472
2473 case ECOND_INLIST:
2474 case ECOND_INLISTI:
2475 {
2476 int sep = 0;
2477 BOOL found = FALSE;
2478 uschar *save_iterate_item = iterate_item;
2479 int (*compare)(const uschar *, const uschar *);
2480
2481 if (cond_type == ECOND_INLISTI)
2482 compare = strcmpic;
2483 else
2484 compare = (int (*)(const uschar *, const uschar *)) strcmp;
2485
2486 while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
2487 if (compare(sub[0], iterate_item) == 0)
2488 {
2489 found = TRUE;
2490 break;
2491 }
2492 iterate_item = save_iterate_item;
2493 *yield = found;
2494 }
2495
2496 } /* Switch for comparison conditions */
2497
2498 return s; /* End of comparison conditions */
2499
2500
2501 /* and/or: computes logical and/or of several conditions */
2502
2503 case ECOND_AND:
2504 case ECOND_OR:
2505 subcondptr = (yield == NULL)? NULL : &tempcond;
2506 combined_cond = (cond_type == ECOND_AND);
2507
2508 while (isspace(*s)) s++;
2509 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2510
2511 for (;;)
2512 {
2513 while (isspace(*s)) s++;
2514 if (*s == '}') break;
2515 if (*s != '{')
2516 {
2517 expand_string_message = string_sprintf("each subcondition "
2518 "inside an \"%s{...}\" condition must be in its own {}", name);
2519 return NULL;
2520 }
2521
2522 s = eval_condition(s+1, subcondptr);
2523 if (s == NULL)
2524 {
2525 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2526 expand_string_message, name);
2527 return NULL;
2528 }
2529 while (isspace(*s)) s++;
2530
2531 if (*s++ != '}')
2532 {
2533 expand_string_message = string_sprintf("missing } at end of condition "
2534 "inside \"%s\" group", name);
2535 return NULL;
2536 }
2537
2538 if (yield != NULL)
2539 {
2540 if (cond_type == ECOND_AND)
2541 {
2542 combined_cond &= tempcond;
2543 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2544 } /* evaluate any more */
2545 else
2546 {
2547 combined_cond |= tempcond;
2548 if (combined_cond) subcondptr = NULL; /* once true, don't */
2549 } /* evaluate any more */
2550 }
2551 }
2552
2553 if (yield != NULL) *yield = (combined_cond == testfor);
2554 return ++s;
2555
2556
2557 /* forall/forany: iterates a condition with different values */
2558
2559 case ECOND_FORALL:
2560 case ECOND_FORANY:
2561 {
2562 int sep = 0;
2563 uschar *save_iterate_item = iterate_item;
2564
2565 while (isspace(*s)) s++;
2566 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2567 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE);
2568 if (sub[0] == NULL) return NULL;
2569 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2570
2571 while (isspace(*s)) s++;
2572 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2573
2574 sub[1] = s;
2575
2576 /* Call eval_condition once, with result discarded (as if scanning a
2577 "false" part). This allows us to find the end of the condition, because if
2578 the list it empty, we won't actually evaluate the condition for real. */
2579
2580 s = eval_condition(sub[1], NULL);
2581 if (s == NULL)
2582 {
2583 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2584 expand_string_message, name);
2585 return NULL;
2586 }
2587 while (isspace(*s)) s++;
2588
2589 if (*s++ != '}')
2590 {
2591 expand_string_message = string_sprintf("missing } at end of condition "
2592 "inside \"%s\"", name);
2593 return NULL;
2594 }
2595
2596 if (yield != NULL) *yield = !testfor;
2597 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2598 {
2599 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2600 if (eval_condition(sub[1], &tempcond) == NULL)
2601 {
2602 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2603 expand_string_message, name);
2604 iterate_item = save_iterate_item;
2605 return NULL;
2606 }
2607 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2608 tempcond? "true":"false");
2609
2610 if (yield != NULL) *yield = (tempcond == testfor);
2611 if (tempcond == (cond_type == ECOND_FORANY)) break;
2612 }
2613
2614 iterate_item = save_iterate_item;
2615 return s;
2616 }
2617
2618
2619 /* The bool{} expansion condition maps a string to boolean.
2620 The values supported should match those supported by the ACL condition
2621 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2622 of true/false. Note that Router "condition" rules have a different
2623 interpretation, where general data can be used and only a few values
2624 map to FALSE.
2625 Note that readconf.c boolean matching, for boolean configuration options,
2626 only matches true/yes/false/no.
2627 The bool_lax{} condition matches the Router logic, which is much more
2628 liberal. */
2629 case ECOND_BOOL:
2630 case ECOND_BOOL_LAX:
2631 {
2632 uschar *sub_arg[1];
2633 uschar *t, *t2;
2634 uschar *ourname;
2635 size_t len;
2636 BOOL boolvalue = FALSE;
2637 while (isspace(*s)) s++;
2638 if (*s != '{') goto COND_FAILED_CURLY_START;
2639 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
2640 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname))
2641 {
2642 case 1: expand_string_message = string_sprintf(
2643 "too few arguments or bracketing error for %s",
2644 ourname);
2645 /*FALLTHROUGH*/
2646 case 2:
2647 case 3: return NULL;
2648 }
2649 t = sub_arg[0];
2650 while (isspace(*t)) t++;
2651 len = Ustrlen(t);
2652 if (len)
2653 {
2654 /* trailing whitespace: seems like a good idea to ignore it too */
2655 t2 = t + len - 1;
2656 while (isspace(*t2)) t2--;
2657 if (t2 != (t + len))
2658 {
2659 *++t2 = '\0';
2660 len = t2 - t;
2661 }
2662 }
2663 DEBUG(D_expand)
2664 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2665 /* logic for the lax case from expand_check_condition(), which also does
2666 expands, and the logic is both short and stable enough that there should
2667 be no maintenance burden from replicating it. */
2668 if (len == 0)
2669 boolvalue = FALSE;
2670 else if (Ustrspn(t, "0123456789") == len)
2671 {
2672 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
2673 /* expand_check_condition only does a literal string "0" check */
2674 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2675 boolvalue = TRUE;
2676 }
2677 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2678 boolvalue = TRUE;
2679 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2680 boolvalue = FALSE;
2681 else if (cond_type == ECOND_BOOL_LAX)
2682 boolvalue = TRUE;
2683 else
2684 {
2685 expand_string_message = string_sprintf("unrecognised boolean "
2686 "value \"%s\"", t);
2687 return NULL;
2688 }
2689 if (yield != NULL) *yield = (boolvalue == testfor);
2690 return s;
2691 }
2692
2693 /* Unknown condition */
2694
2695 default:
2696 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2697 return NULL;
2698 } /* End switch on condition type */
2699
2700 /* Missing braces at start and end of data */
2701
2702 COND_FAILED_CURLY_START:
2703 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2704 return NULL;
2705
2706 COND_FAILED_CURLY_END:
2707 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2708 name);
2709 return NULL;
2710
2711 /* A condition requires code that is not compiled */
2712
2713 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2714 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2715 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2716 COND_FAILED_NOT_COMPILED:
2717 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2718 name);
2719 return NULL;
2720 #endif
2721 }
2722
2723
2724
2725
2726 /*************************************************
2727 * Save numerical variables *
2728 *************************************************/
2729
2730 /* This function is called from items such as "if" that want to preserve and
2731 restore the numbered variables.
2732
2733 Arguments:
2734 save_expand_string points to an array of pointers to set
2735 save_expand_nlength points to an array of ints for the lengths
2736
2737 Returns: the value of expand max to save
2738 */
2739
2740 static int
2741 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2742 {
2743 int i;
2744 for (i = 0; i <= expand_nmax; i++)
2745 {
2746 save_expand_nstring[i] = expand_nstring[i];
2747 save_expand_nlength[i] = expand_nlength[i];
2748 }
2749 return expand_nmax;
2750 }
2751
2752
2753
2754 /*************************************************
2755 * Restore numerical variables *
2756 *************************************************/
2757
2758 /* This function restored saved values of numerical strings.
2759
2760 Arguments:
2761 save_expand_nmax the number of strings to restore
2762 save_expand_string points to an array of pointers
2763 save_expand_nlength points to an array of ints
2764
2765 Returns: nothing
2766 */
2767
2768 static void
2769 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2770 int *save_expand_nlength)
2771 {
2772 int i;
2773 expand_nmax = save_expand_nmax;
2774 for (i = 0; i <= expand_nmax; i++)
2775 {
2776 expand_nstring[i] = save_expand_nstring[i];
2777 expand_nlength[i] = save_expand_nlength[i];
2778 }
2779 }
2780
2781
2782
2783
2784
2785 /*************************************************
2786 * Handle yes/no substrings *
2787 *************************************************/
2788
2789 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2790 alternative substrings that depend on whether or not the condition was true,
2791 or the lookup or extraction succeeded. The substrings always have to be
2792 expanded, to check their syntax, but "skipping" is set when the result is not
2793 needed - this avoids unnecessary nested lookups.
2794
2795 Arguments:
2796 skipping TRUE if we were skipping when this item was reached
2797 yes TRUE if the first string is to be used, else use the second
2798 save_lookup a value to put back into lookup_value before the 2nd expansion
2799 sptr points to the input string pointer
2800 yieldptr points to the output string pointer
2801 sizeptr points to the output string size
2802 ptrptr points to the output string pointer
2803 type "lookup" or "if" or "extract" or "run", for error message
2804
2805 Returns: 0 OK; lookup_value has been reset to save_lookup
2806 1 expansion failed
2807 2 expansion failed because of bracketing error
2808 */
2809
2810 static int
2811 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2812 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2813 {
2814 int rc = 0;
2815 uschar *s = *sptr; /* Local value */
2816 uschar *sub1, *sub2;
2817
2818 /* If there are no following strings, we substitute the contents of $value for
2819 lookups and for extractions in the success case. For the ${if item, the string
2820 "true" is substituted. In the fail case, nothing is substituted for all three
2821 items. */
2822
2823 while (isspace(*s)) s++;
2824 if (*s == '}')
2825 {
2826 if (type[0] == 'i')
2827 {
2828 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2829 }
2830 else
2831 {
2832 if (yes && lookup_value != NULL)
2833 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2834 Ustrlen(lookup_value));
2835 lookup_value = save_lookup;
2836 }
2837 s++;
2838 goto RETURN;
2839 }
2840
2841 /* The first following string must be braced. */
2842
2843 if (*s++ != '{') goto FAILED_CURLY;
2844
2845 /* Expand the first substring. Forced failures are noticed only if we actually
2846 want this string. Set skipping in the call in the fail case (this will always
2847 be the case if we were already skipping). */
2848
2849 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE);
2850 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2851 expand_string_forcedfail = FALSE;
2852 if (*s++ != '}') goto FAILED_CURLY;
2853
2854 /* If we want the first string, add it to the output */
2855
2856 if (yes)
2857 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2858
2859 /* If this is called from a lookup or an extract, we want to restore $value to
2860 what it was at the start of the item, so that it has this value during the
2861 second string expansion. For the call from "if" or "run" to this function,
2862 save_lookup is set to lookup_value, so that this statement does nothing. */
2863
2864 lookup_value = save_lookup;
2865
2866 /* There now follows either another substring, or "fail", or nothing. This
2867 time, forced failures are noticed only if we want the second string. We must
2868 set skipping in the nested call if we don't want this string, or if we were
2869 already skipping. */
2870
2871 while (isspace(*s)) s++;
2872 if (*s == '{')
2873 {
2874 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE);
2875 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2876 expand_string_forcedfail = FALSE;
2877 if (*s++ != '}') goto FAILED_CURLY;
2878
2879 /* If we want the second string, add it to the output */
2880
2881 if (!yes)
2882 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2883 }
2884
2885 /* If there is no second string, but the word "fail" is present when the use of
2886 the second string is wanted, set a flag indicating it was a forced failure
2887 rather than a syntactic error. Swallow the terminating } in case this is nested
2888 inside another lookup or if or extract. */
2889
2890 else if (*s != '}')
2891 {
2892 uschar name[256];
2893 s = read_name(name, sizeof(name), s, US"_");
2894 if (Ustrcmp(name, "fail") == 0)
2895 {
2896 if (!yes && !skipping)
2897 {
2898 while (isspace(*s)) s++;
2899 if (*s++ != '}') goto FAILED_CURLY;
2900 expand_string_message =
2901 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2902 expand_string_forcedfail = TRUE;
2903 goto FAILED;
2904 }
2905 }
2906 else
2907 {
2908 expand_string_message =
2909 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2910 goto FAILED;
2911 }
2912 }
2913
2914 /* All we have to do now is to check on the final closing brace. */
2915
2916 while (isspace(*s)) s++;
2917 if (*s++ == '}') goto RETURN;
2918
2919 /* Get here if there is a bracketing failure */
2920
2921 FAILED_CURLY:
2922 rc++;
2923
2924 /* Get here for other failures */
2925
2926 FAILED:
2927 rc++;
2928
2929 /* Update the input pointer value before returning */
2930
2931 RETURN:
2932 *sptr = s;
2933 return rc;
2934 }
2935
2936
2937
2938
2939 /*************************************************
2940 * Handle MD5 or SHA-1 computation for HMAC *
2941 *************************************************/
2942
2943 /* These are some wrapping functions that enable the HMAC code to be a bit
2944 cleaner. A good compiler will spot the tail recursion.
2945
2946 Arguments:
2947 type HMAC_MD5 or HMAC_SHA1
2948 remaining are as for the cryptographic hash functions
2949
2950 Returns: nothing
2951 */
2952
2953 static void
2954 chash_start(int type, void *base)
2955 {
2956 if (type == HMAC_MD5)
2957 md5_start((md5 *)base);
2958 else
2959 sha1_start((sha1 *)base);
2960 }
2961
2962 static void
2963 chash_mid(int type, void *base, uschar *string)
2964 {
2965 if (type == HMAC_MD5)
2966 md5_mid((md5 *)base, string);
2967 else
2968 sha1_mid((sha1 *)base, string);
2969 }
2970
2971 static void
2972 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2973 {
2974 if (type == HMAC_MD5)
2975 md5_end((md5 *)base, string, length, digest);
2976 else
2977 sha1_end((sha1 *)base, string, length, digest);
2978 }
2979
2980
2981
2982
2983
2984 /********************************************************
2985 * prvs: Get last three digits of days since Jan 1, 1970 *
2986 ********************************************************/
2987
2988 /* This is needed to implement the "prvs" BATV reverse
2989 path signing scheme
2990
2991 Argument: integer "days" offset to add or substract to
2992 or from the current number of days.
2993
2994 Returns: pointer to string containing the last three
2995 digits of the number of days since Jan 1, 1970,
2996 modified by the offset argument, NULL if there
2997 was an error in the conversion.
2998
2999 */
3000
3001 static uschar *
3002 prvs_daystamp(int day_offset)
3003 {
3004 uschar *days = store_get(32); /* Need at least 24 for cases */
3005 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3006 (time(NULL) + day_offset*86400)/86400);
3007 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3008 }
3009
3010
3011
3012 /********************************************************
3013 * prvs: perform HMAC-SHA1 computation of prvs bits *
3014 ********************************************************/
3015
3016 /* This is needed to implement the "prvs" BATV reverse
3017 path signing scheme
3018
3019 Arguments:
3020 address RFC2821 Address to use
3021 key The key to use (must be less than 64 characters
3022 in size)
3023 key_num Single-digit key number to use. Defaults to
3024 '0' when NULL.
3025
3026 Returns: pointer to string containing the first three
3027 bytes of the final hash in hex format, NULL if
3028 there was an error in the process.
3029 */
3030
3031 static uschar *
3032 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3033 {
3034 uschar *hash_source, *p;
3035 int size = 0,offset = 0,i;
3036 sha1 sha1_base;
3037 void *use_base = &sha1_base;
3038 uschar innerhash[20];
3039 uschar finalhash[20];
3040 uschar innerkey[64];
3041 uschar outerkey[64];
3042 uschar *finalhash_hex = store_get(40);
3043
3044 if (key_num == NULL)
3045 key_num = US"0";
3046
3047 if (Ustrlen(key) > 64)
3048 return NULL;
3049
3050 hash_source = string_cat(NULL,&size,&offset,key_num,1);
3051 string_cat(hash_source,&size,&offset,daystamp,3);
3052 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
3053 hash_source[offset] = '\0';
3054
3055 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
3056
3057 memset(innerkey, 0x36, 64);
3058 memset(outerkey, 0x5c, 64);
3059
3060 for (i = 0; i < Ustrlen(key); i++)
3061 {
3062 innerkey[i] ^= key[i];
3063 outerkey[i] ^= key[i];
3064 }
3065
3066 chash_start(HMAC_SHA1, use_base);
3067 chash_mid(HMAC_SHA1, use_base, innerkey);
3068 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
3069
3070 chash_start(HMAC_SHA1, use_base);
3071 chash_mid(HMAC_SHA1, use_base, outerkey);
3072 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
3073
3074 p = finalhash_hex;
3075 for (i = 0; i < 3; i++)
3076 {
3077 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3078 *p++ = hex_digits[finalhash[i] & 0x0f];
3079 }
3080 *p = '\0';
3081
3082 return finalhash_hex;
3083 }
3084
3085
3086
3087
3088 /*************************************************
3089 * Join a file onto the output string *
3090 *************************************************/
3091
3092 /* This is used for readfile and after a run expansion. It joins the contents
3093 of a file onto the output string, globally replacing newlines with a given
3094 string (optionally). The file is closed at the end.
3095
3096 Arguments:
3097 f the FILE
3098 yield pointer to the expandable string
3099 sizep pointer to the current size
3100 ptrp pointer to the current position
3101 eol newline replacement string, or NULL
3102
3103 Returns: new value of string pointer
3104 */
3105
3106 static uschar *
3107 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
3108 {
3109 int eollen;
3110 uschar buffer[1024];
3111
3112 eollen = (eol == NULL)? 0 : Ustrlen(eol);
3113
3114 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
3115 {
3116 int len = Ustrlen(buffer);
3117 if (eol != NULL && buffer[len-1] == '\n') len--;
3118 yield = string_cat(yield, sizep, ptrp, buffer, len);
3119 if (buffer[len] != 0)
3120 yield = string_cat(yield, sizep, ptrp, eol, eollen);
3121 }
3122
3123 if (yield != NULL) yield[*ptrp] = 0;
3124
3125 return yield;
3126 }
3127
3128
3129
3130
3131 /*************************************************
3132 * Evaluate numeric expression *
3133 *************************************************/
3134
3135 /* This is a set of mutually recursive functions that evaluate an arithmetic
3136 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3137 these functions that is called from elsewhere is eval_expr, whose interface is:
3138
3139 Arguments:
3140 sptr pointer to the pointer to the string - gets updated
3141 decimal TRUE if numbers are to be assumed decimal
3142 error pointer to where to put an error message - must be NULL on input
3143 endket TRUE if ')' must terminate - FALSE for external call
3144
3145 Returns: on success: the value of the expression, with *error still NULL
3146 on failure: an undefined value, with *error = a message
3147 */
3148
3149 static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
3150
3151
3152 static int_eximarith_t
3153 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3154 {
3155 uschar *s = *sptr;
3156 int_eximarith_t x = eval_op_or(&s, decimal, error);
3157 if (*error == NULL)
3158 {
3159 if (endket)
3160 {
3161 if (*s != ')')
3162 *error = US"expecting closing parenthesis";
3163 else
3164 while (isspace(*(++s)));
3165 }
3166 else if (*s != 0) *error = US"expecting operator";
3167 }
3168 *sptr = s;
3169 return x;
3170 }
3171
3172
3173 static int_eximarith_t
3174 eval_number(uschar **sptr, BOOL decimal, uschar **error)
3175 {
3176 register int c;
3177 int_eximarith_t n;
3178 uschar *s = *sptr;
3179 while (isspace(*s)) s++;
3180 c = *s;
3181 if (isdigit(c))
3182 {
3183 int count;
3184 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
3185 s += count;
3186 switch (tolower(*s))
3187 {
3188 default: break;
3189 case 'k': n *= 1024; s++; break;
3190 case 'm': n *= 1024*1024; s++; break;
3191 case 'g': n *= 1024*1024*1024; s++; break;
3192 }
3193 while (isspace (*s)) s++;
3194 }
3195 else if (c == '(')
3196 {
3197 s++;
3198 n = eval_expr(&s, decimal, error, 1);
3199 }
3200 else
3201 {
3202 *error = US"expecting number or opening parenthesis";
3203 n = 0;
3204 }
3205 *sptr = s;
3206 return n;
3207 }
3208
3209
3210 static int_eximarith_t
3211 eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3212 {
3213 uschar *s = *sptr;
3214 int_eximarith_t x;
3215 while (isspace(*s)) s++;
3216 if (*s == '+' || *s == '-' || *s == '~')
3217 {
3218 int op = *s++;
3219 x = eval_op_unary(&s, decimal, error);
3220 if (op == '-') x = -x;
3221 else if (op == '~') x = ~x;
3222 }
3223 else
3224 {
3225 x = eval_number(&s, decimal, error);
3226 }
3227 *sptr = s;
3228 return x;
3229 }
3230
3231
3232 static int_eximarith_t
3233 eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
3234 {
3235 uschar *s = *sptr;
3236 int_eximarith_t x = eval_op_unary(&s, decimal, error);
3237 if (*error == NULL)
3238 {
3239 while (*s == '*' || *s == '/' || *s == '%')
3240 {
3241 int op = *s++;
3242 int_eximarith_t y = eval_op_unary(&s, decimal, error);
3243 if (*error != NULL) break;
3244 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3245 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3246 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3247 * -N*M is INT_MIN will yielf INT_MIN.
3248 * Since we don't support floating point, this is somewhat simpler.
3249 * Ideally, we'd return an error, but since we overflow for all other
3250 * arithmetic, consistency suggests otherwise, but what's the correct value
3251 * to use? There is none.
3252 * The C standard guarantees overflow for unsigned arithmetic but signed
3253 * overflow invokes undefined behaviour; in practice, this is overflow
3254 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3255 * that long/longlong larger than int are available, or we could just work
3256 * with larger types. We should consider whether to guarantee 32bit eval
3257 * and 64-bit working variables, with errors returned. For now ...
3258 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3259 * can just let the other invalid results occur otherwise, as they have
3260 * until now. For this one case, we can coerce.
3261 */
3262 if (y == -1 && x == LLONG_MIN && op != '*')
3263 {
3264 DEBUG(D_expand)
3265 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
3266 LLONG_MIN, op, LLONG_MAX);
3267 x = LLONG_MAX;
3268 continue;
3269 }
3270 if (op == '*')
3271 x *= y;
3272 else
3273 {
3274 if (y == 0)
3275 {
3276 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3277 x = 0;
3278 break;
3279 }
3280 if (op == '/')
3281 x /= y;
3282 else
3283 x %= y;
3284 }
3285 }
3286 }
3287 *sptr = s;
3288 return x;
3289 }
3290
3291
3292 static int_eximarith_t
3293 eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3294 {
3295 uschar *s = *sptr;
3296 int_eximarith_t x = eval_op_mult(&s, decimal, error);
3297 if (*error == NULL)
3298 {
3299 while (*s == '+' || *s == '-')
3300 {
3301 int op = *s++;
3302 int_eximarith_t y = eval_op_mult(&s, decimal, error);
3303 if (*error != NULL) break;
3304 if (op == '+') x += y; else x -= y;
3305 }
3306 }
3307 *sptr = s;
3308 return x;
3309 }
3310
3311
3312 static int_eximarith_t
3313 eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3314 {
3315 uschar *s = *sptr;
3316 int_eximarith_t x = eval_op_sum(&s, decimal, error);
3317 if (*error == NULL)
3318 {
3319 while ((*s == '<' || *s == '>') && s[1] == s[0])
3320 {
3321 int_eximarith_t y;
3322 int op = *s++;
3323 s++;
3324 y = eval_op_sum(&s, decimal, error);
3325 if (*error != NULL) break;
3326 if (op == '<') x <<= y; else x >>= y;
3327 }
3328 }
3329 *sptr = s;
3330 return x;
3331 }
3332
3333
3334 static int_eximarith_t
3335 eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3336 {
3337 uschar *s = *sptr;
3338 int_eximarith_t x = eval_op_shift(&s, decimal, error);
3339 if (*error == NULL)
3340 {
3341 while (*s == '&')
3342 {
3343 int_eximarith_t y;
3344 s++;
3345 y = eval_op_shift(&s, decimal, error);
3346 if (*error != NULL) break;
3347 x &= y;
3348 }
3349 }
3350 *sptr = s;
3351 return x;
3352 }
3353
3354
3355 static int_eximarith_t
3356 eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3357 {
3358 uschar *s = *sptr;
3359 int_eximarith_t x = eval_op_and(&s, decimal, error);
3360 if (*error == NULL)
3361 {
3362 while (*s == '^')
3363 {
3364 int_eximarith_t y;
3365 s++;
3366 y = eval_op_and(&s, decimal, error);
3367 if (*error != NULL) break;
3368 x ^= y;
3369 }
3370 }
3371 *sptr = s;
3372 return x;
3373 }
3374
3375
3376 static int_eximarith_t
3377 eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3378 {
3379 uschar *s = *sptr;
3380 int_eximarith_t x = eval_op_xor(&s, decimal, error);
3381 if (*error == NULL)
3382 {
3383 while (*s == '|')
3384 {
3385 int_eximarith_t y;
3386 s++;
3387 y = eval_op_xor(&s, decimal, error);
3388 if (*error != NULL) break;
3389 x |= y;
3390 }
3391 }
3392 *sptr = s;
3393 return x;
3394 }
3395
3396
3397
3398 /*************************************************
3399 * Expand string *
3400 *************************************************/
3401
3402 /* Returns either an unchanged string, or the expanded string in stacking pool
3403 store. Interpreted sequences are:
3404
3405 \... normal escaping rules
3406 $name substitutes the variable
3407 ${name} ditto
3408 ${op:string} operates on the expanded string value
3409 ${item{arg1}{arg2}...} expands the args and then does the business
3410 some literal args are not enclosed in {}
3411
3412 There are now far too many operators and item types to make it worth listing
3413 them here in detail any more.
3414
3415 We use an internal routine recursively to handle embedded substrings. The
3416 external function follows. The yield is NULL if the expansion failed, and there
3417 are two cases: if something collapsed syntactically, or if "fail" was given
3418 as the action on a lookup failure. These can be distinguised by looking at the
3419 variable expand_string_forcedfail, which is TRUE in the latter case.
3420
3421 The skipping flag is set true when expanding a substring that isn't actually
3422 going to be used (after "if" or "lookup") and it prevents lookups from
3423 happening lower down.
3424
3425 Store usage: At start, a store block of the length of the input plus 64
3426 is obtained. This is expanded as necessary by string_cat(), which might have to
3427 get a new block, or might be able to expand the original. At the end of the
3428 function we can release any store above that portion of the yield block that
3429 was actually used. In many cases this will be optimal.
3430
3431 However: if the first item in the expansion is a variable name or header name,
3432 we reset the store before processing it; if the result is in fresh store, we
3433 use that without copying. This is helpful for expanding strings like
3434 $message_headers which can get very long.
3435
3436 There's a problem if a ${dlfunc item has side-effects that cause allocation,
3437 since resetting the store at the end of the expansion will free store that was
3438 allocated by the plugin code as well as the slop after the expanded string. So
3439 we skip any resets if ${dlfunc has been used. This is an unfortunate
3440 consequence of string expansion becoming too powerful.
3441
3442 Arguments:
3443 string the string to be expanded
3444 ket_ends true if expansion is to stop at }
3445 left if not NULL, a pointer to the first character after the
3446 expansion is placed here (typically used with ket_ends)
3447 skipping TRUE for recursive calls when the value isn't actually going
3448 to be used (to allow for optimisation)
3449 honour_dollar TRUE if $ is to be expanded,
3450 FALSE if it's just another character
3451
3452 Returns: NULL if expansion fails:
3453 expand_string_forcedfail is set TRUE if failure was forced
3454 expand_string_message contains a textual error message
3455 a pointer to the expanded string on success
3456 */
3457
3458 static uschar *
3459 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
3460 BOOL skipping, BOOL honour_dollar)
3461 {
3462 int ptr = 0;
3463 int size = Ustrlen(string)+ 64;
3464 int item_type;
3465 uschar *yield = store_get(size);
3466 uschar *s = string;
3467 uschar *save_expand_nstring[EXPAND_MAXN+1];
3468 int save_expand_nlength[EXPAND_MAXN+1];
3469 BOOL resetok = TRUE;
3470
3471 expand_string_forcedfail = FALSE;
3472 expand_string_message = US"";
3473
3474 while (*s != 0)
3475 {
3476 uschar *value;
3477 uschar name[256];
3478
3479 /* \ escapes the next character, which must exist, or else
3480 the expansion fails. There's a special escape, \N, which causes
3481 copying of the subject verbatim up to the next \N. Otherwise,
3482 the escapes are the standard set. */
3483
3484 if (*s == '\\')
3485 {
3486 if (s[1] == 0)
3487 {
3488 expand_string_message = US"\\ at end of string";
3489 goto EXPAND_FAILED;
3490 }
3491
3492 if (s[1] == 'N')
3493 {
3494 uschar *t = s + 2;
3495 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3496 yield = string_cat(yield, &size, &ptr, t, s - t);
3497 if (*s != 0) s += 2;
3498 }
3499
3500 else
3501 {
3502 uschar ch[1];
3503 ch[0] = string_interpret_escape(&s);
3504 s++;
3505 yield = string_cat(yield, &size, &ptr, ch, 1);
3506 }
3507
3508 continue;
3509 }
3510
3511 /* Anything other than $ is just copied verbatim, unless we are
3512 looking for a terminating } character. */
3513
3514 if (ket_ends && *s == '}') break;
3515
3516 if (*s != '$' || !honour_dollar)
3517 {
3518 yield = string_cat(yield, &size, &ptr, s++, 1);
3519 continue;
3520 }
3521
3522 /* No { after the $ - must be a plain name or a number for string
3523 match variable. There has to be a fudge for variables that are the
3524 names of header fields preceded by "$header_" because header field
3525 names can contain any printing characters except space and colon.
3526 For those that don't like typing this much, "$h_" is a synonym for
3527 "$header_". A non-existent header yields a NULL value; nothing is
3528 inserted. */
3529
3530 if (isalpha((*(++s))))
3531 {
3532 int len;
3533 int newsize = 0;
3534
3535 s = read_name(name, sizeof(name), s, US"_");
3536
3537 /* If this is the first thing to be expanded, release the pre-allocated
3538 buffer. */
3539
3540 if (ptr == 0 && yield != NULL)
3541 {
3542 if (resetok) store_reset(yield);
3543 yield = NULL;
3544 size = 0;
3545 }
3546
3547 /* Header */
3548
3549 if (Ustrncmp(name, "h_", 2) == 0 ||
3550 Ustrncmp(name, "rh_", 3) == 0 ||
3551 Ustrncmp(name, "bh_", 3) == 0 ||
3552 Ustrncmp(name, "header_", 7) == 0 ||
3553 Ustrncmp(name, "rheader_", 8) == 0 ||
3554 Ustrncmp(name, "bheader_", 8) == 0)
3555 {
3556 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3557 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3558 s = read_header_name(name, sizeof(name), s);
3559 value = find_header(name, FALSE, &newsize, want_raw, charset);
3560
3561 /* If we didn't find the header, and the header contains a closing brace
3562 character, this may be a user error where the terminating colon
3563 has been omitted. Set a flag to adjust the error message in this case.
3564 But there is no error here - nothing gets inserted. */
3565
3566 if (value == NULL)
3567 {
3568 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3569 continue;
3570 }
3571 }
3572
3573 /* Variable */
3574
3575 else
3576 {
3577 value = find_variable(name, FALSE, skipping, &newsize);
3578 if (value == NULL)
3579 {
3580 expand_string_message =
3581 string_sprintf("unknown variable name \"%s\"", name);
3582 check_variable_error_message(name);
3583 goto EXPAND_FAILED;
3584 }
3585 }
3586
3587 /* If the data is known to be in a new buffer, newsize will be set to the
3588 size of that buffer. If this is the first thing in an expansion string,
3589 yield will be NULL; just point it at the new store instead of copying. Many
3590 expansion strings contain just one reference, so this is a useful
3591 optimization, especially for humungous headers. */
3592
3593 len = Ustrlen(value);
3594 if (yield == NULL && newsize != 0)
3595 {
3596 yield = value;
3597 size = newsize;
3598 ptr = len;
3599 }
3600 else yield = string_cat(yield, &size, &ptr, value, len);
3601
3602 continue;
3603 }
3604
3605 if (isdigit(*s))
3606 {
3607 int n;
3608 s = read_number(&n, s);
3609 if (n >= 0 && n <= expand_nmax)
3610 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3611 expand_nlength[n]);
3612 continue;
3613 }
3614
3615 /* Otherwise, if there's no '{' after $ it's an error. */
3616
3617 if (*s != '{')
3618 {
3619 expand_string_message = US"$ not followed by letter, digit, or {";
3620 goto EXPAND_FAILED;
3621 }
3622
3623 /* After { there can be various things, but they all start with
3624 an initial word, except for a number for a string match variable. */
3625
3626 if (isdigit((*(++s))))
3627 {
3628 int n;
3629 s = read_number(&n, s);
3630 if (*s++ != '}')
3631 {
3632 expand_string_message = US"} expected after number";
3633 goto EXPAND_FAILED;
3634 }
3635 if (n >= 0 && n <= expand_nmax)
3636 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3637 expand_nlength[n]);
3638 continue;
3639 }
3640
3641 if (!isalpha(*s))
3642 {
3643 expand_string_message = US"letter or digit expected after ${";
3644 goto EXPAND_FAILED;
3645 }
3646
3647 /* Allow "-" in names to cater for substrings with negative
3648 arguments. Since we are checking for known names after { this is
3649 OK. */
3650
3651 s = read_name(name, sizeof(name), s, US"_-");
3652 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3653
3654 switch(item_type)
3655 {
3656 /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
3657 If the ACL returns acceptance we return content set by "message ="
3658 There is currently no limit on recursion; this would have us call
3659 acl_check_internal() directly and get a current level from somewhere.
3660 */
3661
3662 case EITEM_ACL:
3663 {
3664 int rc;
3665 uschar *sub[10]; /* name + arg1-arg9, must match number of acl_arg[] */
3666 uschar *new_yield;
3667 uschar *user_msg;
3668 uschar *log_msg;
3669 switch(read_subs(sub, 10, 1, &s, skipping, TRUE, US"acl"))
3670 {
3671 case 1: goto EXPAND_FAILED_CURLY;
3672 case 2:
3673 case 3: goto EXPAND_FAILED;
3674 }
3675 if (skipping) continue;
3676
3677 for (rc = 1; rc < sizeof(sub)/sizeof(*sub) && sub[rc]; rc++)
3678 acl_arg[rc-1] = sub[rc];
3679 acl_narg = rc-1;
3680 while (rc < sizeof(sub)/sizeof(*sub))
3681 acl_arg[rc++ - 1] = NULL;
3682
3683 DEBUG(D_expand)
3684 debug_printf("expanding: acl: %s arg: %s%s\n",
3685 sub[0],
3686 acl_narg>0 ? sub[1] : US"<none>",
3687 acl_narg>1 ? " +more" : "");
3688
3689 switch(rc = acl_check(ACL_WHERE_EXPANSION, NULL, sub[0], &user_msg, &log_msg))
3690 {
3691 case OK:
3692 if (user_msg)
3693 yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
3694 continue;
3695 case DEFER:
3696 continue;
3697 default:
3698 expand_string_message = string_sprintf("acl \"%s\" did not accept", sub[0]);
3699 goto EXPAND_FAILED;
3700 }
3701 }
3702
3703 /* Handle conditionals - preserve the values of the numerical expansion
3704 variables in case they get changed by a regular expression match in the
3705 condition. If not, they retain their external settings. At the end
3706 of this "if" section, they get restored to their previous values. */
3707
3708 case EITEM_IF:
3709 {
3710 BOOL cond = FALSE;
3711 uschar *next_s;
3712 int save_expand_nmax =
3713 save_expand_strings(save_expand_nstring, save_expand_nlength);
3714
3715 while (isspace(*s)) s++;
3716 next_s = eval_condition(s, skipping? NULL : &cond);
3717 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3718
3719 DEBUG(D_expand)
3720 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3721 cond? "true" : "false");
3722
3723 s = next_s;
3724
3725 /* The handling of "yes" and "no" result strings is now in a separate
3726 function that is also used by ${lookup} and ${extract} and ${run}. */
3727
3728 switch(process_yesno(
3729 skipping, /* were previously skipping */
3730 cond, /* success/failure indicator */
3731 lookup_value, /* value to reset for string2 */
3732 &s, /* input pointer */
3733 &yield, /* output pointer */
3734 &size, /* output size */
3735 &ptr, /* output current point */
3736 US"if")) /* condition type */
3737 {
3738 case 1: goto EXPAND_FAILED; /* when all is well, the */
3739 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3740 }
3741
3742 /* Restore external setting of expansion variables for continuation
3743 at this level. */
3744
3745 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3746 save_expand_nlength);
3747 continue;
3748 }
3749
3750 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3751 expanding an internal string that isn't actually going to be used. All we
3752 need to do is check the syntax, so don't do a lookup at all. Preserve the
3753 values of the numerical expansion variables in case they get changed by a
3754 partial lookup. If not, they retain their external settings. At the end
3755 of this "lookup" section, they get restored to their previous values. */
3756
3757 case EITEM_LOOKUP:
3758 {
3759 int stype, partial, affixlen, starflags;
3760 int expand_setup = 0;
3761 int nameptr = 0;
3762 uschar *key, *filename, *affix;
3763 uschar *save_lookup_value = lookup_value;
3764 int save_expand_nmax =
3765 save_expand_strings(save_expand_nstring, save_expand_nlength);
3766
3767 if ((expand_forbid & RDO_LOOKUP) != 0)
3768 {
3769 expand_string_message = US"lookup expansions are not permitted";
3770 goto EXPAND_FAILED;
3771 }
3772
3773 /* Get the key we are to look up for single-key+file style lookups.
3774 Otherwise set the key NULL pro-tem. */
3775
3776 while (isspace(*s)) s++;
3777 if (*s == '{')
3778 {
3779 key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
3780 if (key == NULL) goto EXPAND_FAILED;
3781 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3782 while (isspace(*s)) s++;
3783 }
3784 else key = NULL;
3785
3786 /* Find out the type of database */
3787
3788 if (!isalpha(*s))
3789 {
3790 expand_string_message = US"missing lookup type";
3791 goto EXPAND_FAILED;
3792 }
3793
3794 /* The type is a string that may contain special characters of various
3795 kinds. Allow everything except space or { to appear; the actual content
3796 is checked by search_findtype_partial. */
3797
3798 while (*s != 0 && *s != '{' && !isspace(*s))
3799 {
3800 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3801 s++;
3802 }
3803 name[nameptr] = 0;
3804 while (isspace(*s)) s++;
3805
3806 /* Now check for the individual search type and any partial or default
3807 options. Only those types that are actually in the binary are valid. */
3808
3809 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3810 &starflags);
3811 if (stype < 0)
3812 {
3813 expand_string_message = search_error_message;
3814 goto EXPAND_FAILED;
3815 }
3816
3817 /* Check that a key was provided for those lookup types that need it,
3818 and was not supplied for those that use the query style. */
3819
3820 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
3821 {
3822 if (key == NULL)
3823 {
3824 expand_string_message = string_sprintf("missing {key} for single-"
3825 "key \"%s\" lookup", name);
3826 goto EXPAND_FAILED;
3827 }
3828 }
3829 else
3830 {
3831 if (key != NULL)
3832 {
3833 expand_string_message = string_sprintf("a single key was given for "
3834 "lookup type \"%s\", which is not a single-key lookup type", name);
3835 goto EXPAND_FAILED;
3836 }
3837 }
3838
3839 /* Get the next string in brackets and expand it. It is the file name for
3840 single-key+file lookups, and the whole query otherwise. In the case of
3841 queries that also require a file name (e.g. sqlite), the file name comes
3842 first. */
3843
3844 if (*s != '{') goto EXPAND_FAILED_CURLY;
3845 filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
3846 if (filename == NULL) goto EXPAND_FAILED;
3847 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3848 while (isspace(*s)) s++;
3849
3850 /* If this isn't a single-key+file lookup, re-arrange the variables
3851 to be appropriate for the search_ functions. For query-style lookups,
3852 there is just a "key", and no file name. For the special query-style +
3853 file types, the query (i.e. "key") starts with a file name. */
3854
3855 if (key == NULL)
3856 {
3857 while (isspace(*filename)) filename++;
3858 key = filename;
3859
3860 if (mac_islookup(stype, lookup_querystyle))
3861 {
3862 filename = NULL;
3863 }
3864 else
3865 {
3866 if (*filename != '/')
3867 {
3868 expand_string_message = string_sprintf(
3869 "absolute file name expected for \"%s\" lookup", name);
3870 goto EXPAND_FAILED;
3871 }
3872 while (*key != 0 && !isspace(*key)) key++;
3873 if (*key != 0) *key++ = 0;
3874 }
3875 }
3876
3877 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3878 the entry was not found. Note that there is no search_close() function.
3879 Files are left open in case of re-use. At suitable places in higher logic,
3880 search_tidyup() is called to tidy all open files. This can save opening
3881 the same file several times. However, files may also get closed when
3882 others are opened, if too many are open at once. The rule is that a
3883 handle should not be used after a second search_open().
3884
3885 Request that a partial search sets up $1 and maybe $2 by passing
3886 expand_setup containing zero. If its value changes, reset expand_nmax,
3887 since new variables will have been set. Note that at the end of this
3888 "lookup" section, the old numeric variables are restored. */
3889
3890 if (skipping)
3891 lookup_value = NULL;
3892 else
3893 {
3894 void *handle = search_open(filename, stype, 0, NULL, NULL);
3895 if (handle == NULL)
3896 {
3897 expand_string_message = search_error_message;
3898 goto EXPAND_FAILED;
3899 }
3900 lookup_value = search_find(handle, filename, key, partial, affix,
3901 affixlen, starflags, &expand_setup);
3902 if (search_find_defer)
3903 {
3904 expand_string_message =
3905 string_sprintf("lookup of \"%s\" gave DEFER: %s",
3906 string_printing2(key, FALSE), search_error_message);
3907 goto EXPAND_FAILED;
3908 }
3909 if (expand_setup > 0) expand_nmax = expand_setup;
3910 }
3911
3912 /* The handling of "yes" and "no" result strings is now in a separate
3913 function that is also used by ${if} and ${extract}. */
3914
3915 switch(process_yesno(
3916 skipping, /* were previously skipping */
3917 lookup_value != NULL, /* success/failure indicator */
3918 save_lookup_value, /* value to reset for string2 */
3919 &s, /* input pointer */
3920 &yield, /* output pointer */
3921 &size, /* output size */
3922 &ptr, /* output current point */
3923 US"lookup")) /* condition type */
3924 {
3925 case 1: goto EXPAND_FAILED; /* when all is well, the */
3926 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3927 }
3928
3929 /* Restore external setting of expansion variables for carrying on
3930 at this level, and continue. */
3931
3932 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3933 save_expand_nlength);
3934 continue;
3935 }
3936
3937 /* If Perl support is configured, handle calling embedded perl subroutines,
3938 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3939 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3940 arguments (defined below). */
3941
3942 #define EXIM_PERL_MAX_ARGS 8
3943
3944 case EITEM_PERL:
3945 #ifndef EXIM_PERL
3946 expand_string_message = US"\"${perl\" encountered, but this facility "
3947 "is not included in this binary";
3948 goto EXPAND_FAILED;
3949
3950 #else /* EXIM_PERL */
3951 {
3952 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3953 uschar *new_yield;
3954
3955 if ((expand_forbid & RDO_PERL) != 0)
3956 {
3957 expand_string_message = US"Perl calls are not permitted";
3958 goto EXPAND_FAILED;
3959 }
3960
3961 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3962 US"perl"))
3963 {
3964 case 1: goto EXPAND_FAILED_CURLY;
3965 case 2:
3966 case 3: goto EXPAND_FAILED;
3967 }
3968
3969 /* If skipping, we don't actually do anything */
3970
3971 if (skipping) continue;
3972
3973 /* Start the interpreter if necessary */
3974
3975 if (!opt_perl_started)
3976 {
3977 uschar *initerror;
3978 if (opt_perl_startup == NULL)
3979 {
3980 expand_string_message = US"A setting of perl_startup is needed when "
3981 "using the Perl interpreter";
3982 goto EXPAND_FAILED;
3983 }
3984 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3985 initerror = init_perl(opt_perl_startup);
3986 if (initerror != NULL)
3987 {
3988 expand_string_message =
3989 string_sprintf("error in perl_startup code: %s\n", initerror);
3990 goto EXPAND_FAILED;
3991 }
3992 opt_perl_started = TRUE;
3993 }
3994
3995 /* Call the function */
3996
3997 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3998 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3999 sub_arg[0], sub_arg + 1);
4000
4001 /* NULL yield indicates failure; if the message pointer has been set to
4002 NULL, the yield was undef, indicating a forced failure. Otherwise the
4003 message will indicate some kind of Perl error. */
4004
4005 if (new_yield == NULL)
4006 {
4007 if (expand_string_message == NULL)
4008 {
4009 expand_string_message =
4010 string_sprintf("Perl subroutine \"%s\" returned undef to force "
4011 "failure", sub_arg[0]);
4012 expand_string_forcedfail = TRUE;
4013 }
4014 goto EXPAND_FAILED;
4015 }
4016
4017 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
4018 set during a callback from Perl. */
4019
4020 expand_string_forcedfail = FALSE;
4021 yield = new_yield;
4022 continue;
4023 }
4024 #endif /* EXIM_PERL */
4025
4026 /* Transform email address to "prvs" scheme to use
4027 as BATV-signed return path */
4028
4029 case EITEM_PRVS:
4030 {
4031 uschar *sub_arg[3];
4032 uschar *p,*domain;
4033
4034 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
4035 {
4036 case 1: goto EXPAND_FAILED_CURLY;
4037 case 2:
4038 case 3: goto EXPAND_FAILED;
4039 }
4040
4041 /* If skipping, we don't actually do anything */
4042 if (skipping) continue;
4043
4044 /* sub_arg[0] is the address */
4045 domain = Ustrrchr(sub_arg[0],'@');
4046 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
4047 {
4048 expand_string_message = US"prvs first argument must be a qualified email address";
4049 goto EXPAND_FAILED;
4050 }
4051
4052 /* Calculate the hash. The second argument must be a single-digit
4053 key number, or unset. */
4054
4055 if (sub_arg[2] != NULL &&
4056 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
4057 {
4058 expand_string_message = US"prvs second argument must be a single digit";
4059 goto EXPAND_FAILED;
4060 }
4061
4062 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
4063 if (p == NULL)
4064 {
4065 expand_string_message = US"prvs hmac-sha1 conversion failed";
4066 goto EXPAND_FAILED;
4067 }
4068
4069 /* Now separate the domain from the local part */
4070 *domain++ = '\0';
4071
4072 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
4073 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
4074 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
4075 string_cat(yield,&size,&ptr,p,6);
4076 string_cat(yield,&size,&ptr,US"=",1);
4077 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4078 string_cat(yield,&size,&ptr,US"@",1);
4079 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
4080
4081 continue;
4082 }
4083
4084 /* Check a prvs-encoded address for validity */
4085
4086 case EITEM_PRVSCHECK:
4087 {
4088 uschar *sub_arg[3];
4089 int mysize = 0, myptr = 0;
4090 const pcre *re;
4091 uschar *p;
4092
4093 /* TF: Ugliness: We want to expand parameter 1 first, then set
4094 up expansion variables that are used in the expansion of
4095 parameter 2. So we clone the string for the first
4096 expansion, where we only expand parameter 1.
4097
4098 PH: Actually, that isn't necessary. The read_subs() function is
4099 designed to work this way for the ${if and ${lookup expansions. I've
4100 tidied the code.
4101 */
4102
4103 /* Reset expansion variables */
4104 prvscheck_result = NULL;
4105 prvscheck_address = NULL;
4106 prvscheck_keynum = NULL;
4107
4108 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
4109 {
4110 case 1: goto EXPAND_FAILED_CURLY;
4111 case 2:
4112 case 3: goto EXPAND_FAILED;
4113 }
4114
4115 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
4116 TRUE,FALSE);
4117
4118 if (regex_match_and_setup(re,sub_arg[0],0,-1))
4119 {
4120 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
4121 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
4122 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
4123 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
4124 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
4125
4126 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
4127 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
4128 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
4129 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
4130 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
4131
4132 /* Set up expansion variables */
4133 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
4134 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
4135 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
4136 prvscheck_address[myptr] = '\0';
4137 prvscheck_keynum = string_copy(key_num);
4138
4139 /* Now expand the second argument */
4140 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
4141 {
4142 case 1: goto EXPAND_FAILED_CURLY;
4143 case 2:
4144 case 3: goto EXPAND_FAILED;
4145 }
4146
4147 /* Now we have the key and can check the address. */
4148
4149 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
4150 daystamp);
4151
4152 if (p == NULL)
4153 {
4154 expand_string_message = US"hmac-sha1 conversion failed";
4155 goto EXPAND_FAILED;
4156 }
4157
4158 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
4159 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
4160
4161 if (Ustrcmp(p,hash) == 0)
4162 {
4163 /* Success, valid BATV address. Now check the expiry date. */
4164 uschar *now = prvs_daystamp(0);
4165 unsigned int inow = 0,iexpire = 1;
4166
4167 (void)sscanf(CS now,"%u",&inow);
4168 (void)sscanf(CS daystamp,"%u",&iexpire);
4169
4170 /* When "iexpire" is < 7, a "flip" has occured.
4171 Adjust "inow" accordingly. */
4172 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
4173
4174 if (iexpire >= inow)
4175 {
4176 prvscheck_result = US"1";
4177 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
4178 }
4179 else
4180 {
4181 prvscheck_result = NULL;
4182 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
4183 }
4184 }
4185 else
4186 {
4187 prvscheck_result = NULL;
4188 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
4189 }
4190
4191 /* Now expand the final argument. We leave this till now so that
4192 it can include $prvscheck_result. */
4193
4194 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
4195 {
4196 case 1: goto EXPAND_FAILED_CURLY;
4197 case 2:
4198 case 3: goto EXPAND_FAILED;
4199 }
4200
4201 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
4202 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
4203 else
4204 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4205
4206 /* Reset the "internal" variables afterwards, because they are in
4207 dynamic store that will be reclaimed if the expansion succeeded. */
4208
4209 prvscheck_address = NULL;
4210 prvscheck_keynum = NULL;
4211 }
4212 else
4213 {
4214 /* Does not look like a prvs encoded address, return the empty string.
4215 We need to make sure all subs are expanded first, so as to skip over
4216 the entire item. */
4217
4218 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
4219 {
4220 case 1: goto EXPAND_FAILED_CURLY;
4221 case 2:
4222 case 3: goto EXPAND_FAILED;
4223 }
4224 }
4225
4226 continue;
4227 }
4228
4229 /* Handle "readfile" to insert an entire file */
4230
4231 case EITEM_READFILE:
4232 {
4233 FILE *f;
4234 uschar *sub_arg[2];
4235
4236 if ((expand_forbid & RDO_READFILE) != 0)
4237 {
4238 expand_string_message = US"file insertions are not permitted";
4239 goto EXPAND_FAILED;
4240 }
4241
4242 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
4243 {
4244 case 1: goto EXPAND_FAILED_CURLY;
4245 case 2:
4246 case 3: goto EXPAND_FAILED;
4247 }
4248
4249 /* If skipping, we don't actually do anything */
4250
4251 if (skipping) continue;
4252
4253 /* Open the file and read it */
4254
4255 f = Ufopen(sub_arg[0], "rb");
4256 if (f == NULL)
4257 {
4258 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4259 goto EXPAND_FAILED;
4260 }
4261
4262 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
4263 (void)fclose(f);
4264 continue;
4265 }
4266
4267 /* Handle "readsocket" to insert data from a Unix domain socket */
4268
4269 case EITEM_READSOCK:
4270 {
4271 int fd;
4272 int timeout = 5;
4273 int save_ptr = ptr;
4274 FILE *f;
4275 struct sockaddr_un sockun; /* don't call this "sun" ! */
4276 uschar *arg;
4277 uschar *sub_arg[4];
4278
4279 if ((expand_forbid & RDO_READSOCK) != 0)
4280 {
4281 expand_string_message = US"socket insertions are not permitted";
4282 goto EXPAND_FAILED;
4283 }
4284
4285 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4286 because there may be a string for expansion on failure. */
4287
4288 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
4289 {
4290 case 1: goto EXPAND_FAILED_CURLY;
4291 case 2: /* Won't occur: no end check */
4292 case 3: goto EXPAND_FAILED;
4293 }
4294
4295 /* Sort out timeout, if given */
4296
4297 if (sub_arg[2] != NULL)
4298 {
4299 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
4300 if (timeout < 0)
4301 {
4302 expand_string_message = string_sprintf("bad time value %s",
4303 sub_arg[2]);
4304 goto EXPAND_FAILED;
4305 }
4306 }
4307 else sub_arg[3] = NULL; /* No eol if no timeout */
4308
4309 /* If skipping, we don't actually do anything. Otherwise, arrange to
4310 connect to either an IP or a Unix socket. */
4311
4312 if (!skipping)
4313 {
4314 /* Handle an IP (internet) domain */
4315
4316 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
4317 {
4318 BOOL connected = FALSE;
4319 int namelen, port;
4320 host_item shost;
4321 host_item *h;
4322 uschar *server_name = sub_arg[0] + 5;
4323 uschar *port_name = Ustrrchr(server_name, ':');
4324
4325 /* Sort out the port */
4326
4327 if (port_name == NULL)
4328 {
4329 expand_string_message =
4330 string_sprintf("missing port for readsocket %s", sub_arg[0]);
4331 goto EXPAND_FAILED;
4332 }
4333 *port_name++ = 0; /* Terminate server name */
4334
4335 if (isdigit(*port_name))
4336 {
4337 uschar *end;
4338 port = Ustrtol(port_name, &end, 0);
4339 if (end != port_name + Ustrlen(port_name))
4340 {
4341 expand_string_message =
4342 string_sprintf("invalid port number %s", port_name);
4343 goto EXPAND_FAILED;
4344 }
4345 }
4346 else
4347 {
4348 struct servent *service_info = getservbyname(CS port_name, "tcp");
4349 if (service_info == NULL)
4350 {
4351 expand_string_message = string_sprintf("unknown port \"%s\"",
4352 port_name);
4353 goto EXPAND_FAILED;
4354 }
4355 port = ntohs(service_info->s_port);
4356 }
4357
4358 /* Sort out the server. */
4359
4360 shost.next = NULL;
4361 shost.address = NULL;
4362 shost.port = port;
4363 shost.mx = -1;
4364
4365 namelen = Ustrlen(server_name);
4366
4367 /* Anything enclosed in [] must be an IP address. */
4368
4369 if (server_name[0] == '[' &&
4370 server_name[namelen - 1] == ']')
4371 {
4372 server_name[namelen - 1] = 0;
4373 server_name++;
4374 if (string_is_ip_address(server_name, NULL) == 0)
4375 {
4376 expand_string_message =
4377 string_sprintf("malformed IP address \"%s\"", server_name);
4378 goto EXPAND_FAILED;
4379 }
4380 shost.name = shost.address = server_name;
4381 }
4382
4383 /* Otherwise check for an unadorned IP address */
4384
4385 else if (string_is_ip_address(server_name, NULL) != 0)
4386 shost.name = shost.address = server_name;
4387
4388 /* Otherwise lookup IP address(es) from the name */
4389
4390 else
4391 {
4392 shost.name = server_name;
4393 if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
4394 FALSE) != HOST_FOUND)
4395 {
4396 expand_string_message =
4397 string_sprintf("no IP address found for host %s", shost.name);
4398 goto EXPAND_FAILED;
4399 }
4400 }
4401
4402 /* Try to connect to the server - test each IP till one works */
4403
4404 for (h = &shost; h != NULL; h = h->next)
4405 {
4406 int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
4407 if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
4408 {
4409 expand_string_message = string_sprintf("failed to create socket: "
4410 "%s", strerror(errno));
4411 goto SOCK_FAIL;
4412 }
4413
4414 if (ip_connect(fd, af, h->address, port, timeout) == 0)
4415 {
4416 connected = TRUE;
4417 break;
4418 }
4419 }
4420
4421 if (!connected)
4422 {
4423 expand_string_message = string_sprintf("failed to connect to "
4424 "socket %s: couldn't connect to any host", sub_arg[0],
4425 strerror(errno));
4426 goto SOCK_FAIL;
4427 }
4428 }
4429
4430 /* Handle a Unix domain socket */
4431
4432 else
4433 {
4434 int rc;
4435 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4436 {
4437 expand_string_message = string_sprintf("failed to create socket: %s",
4438 strerror(errno));
4439 goto SOCK_FAIL;
4440 }
4441
4442 sockun.sun_family = AF_UNIX;
4443 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4444 sub_arg[0]);
4445
4446 sigalrm_seen = FALSE;
4447 alarm(timeout);
4448 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4449 alarm(0);
4450 if (sigalrm_seen)
4451 {
4452 expand_string_message = US "socket connect timed out";
4453 goto SOCK_FAIL;
4454 }
4455 if (rc < 0)
4456 {
4457 expand_string_message = string_sprintf("failed to connect to socket "
4458 "%s: %s", sub_arg[0], strerror(errno));
4459 goto SOCK_FAIL;
4460 }
4461 }
4462
4463 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4464
4465 /* Write the request string, if not empty */
4466
4467 if (sub_arg[1][0] != 0)
4468 {
4469 int len = Ustrlen(sub_arg[1]);
4470 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4471 sub_arg[1]);
4472 if (write(fd, sub_arg[1], len) != len)
4473 {
4474 expand_string_message = string_sprintf("request write to socket "
4475 "failed: %s", strerror(errno));
4476 goto SOCK_FAIL;
4477 }
4478 }
4479
4480 /* Shut down the sending side of the socket. This helps some servers to
4481 recognise that it is their turn to do some work. Just in case some
4482 system doesn't have this function, make it conditional. */
4483
4484 #ifdef SHUT_WR
4485 shutdown(fd, SHUT_WR);
4486 #endif
4487
4488 /* Now we need to read from the socket, under a timeout. The function
4489 that reads a file can be used. */
4490
4491 f = fdopen(fd, "rb");
4492 sigalrm_seen = FALSE;
4493 alarm(timeout);
4494 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4495 alarm(0);
4496 (void)fclose(f);
4497
4498 /* After a timeout, we restore the pointer in the result, that is,
4499 make sure we add nothing from the socket. */
4500
4501 if (sigalrm_seen)
4502 {
4503 ptr = save_ptr;
4504 expand_string_message = US "socket read timed out";
4505 goto SOCK_FAIL;
4506 }
4507 }
4508
4509 /* The whole thing has worked (or we were skipping). If there is a
4510 failure string following, we need to skip it. */
4511
4512 if (*s == '{')
4513 {
4514 if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE) == NULL)
4515 goto EXPAND_FAILED;
4516 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4517 while (isspace(*s)) s++;
4518 }
4519 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4520 continue;
4521
4522 /* Come here on failure to create socket, connect socket, write to the
4523 socket, or timeout on reading. If another substring follows, expand and
4524 use it. Otherwise, those conditions give expand errors. */
4525
4526 SOCK_FAIL:
4527 if (*s != '{') goto EXPAND_FAILED;
4528 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
4529 arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE);
4530 if (arg == NULL) goto EXPAND_FAILED;
4531 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4532 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4533 while (isspace(*s)) s++;
4534 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4535 continue;
4536 }
4537
4538 /* Handle "run" to execute a program. */
4539
4540 case EITEM_RUN:
4541 {
4542 FILE *f;
4543 uschar *arg;
4544 uschar **argv;
4545 pid_t pid;
4546 int fd_in, fd_out;
4547 int lsize = 0;
4548 int lptr = 0;
4549
4550 if ((expand_forbid & RDO_RUN) != 0)
4551 {
4552 expand_string_message = US"running a command is not permitted";
4553 goto EXPAND_FAILED;
4554 }
4555
4556 while (isspace(*s)) s++;
4557 if (*s != '{') goto EXPAND_FAILED_CURLY;
4558 arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
4559 if (arg == NULL) goto EXPAND_FAILED;
4560 while (isspace(*s)) s++;
4561 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4562
4563 if (skipping) /* Just pretend it worked when we're skipping */
4564 {
4565 runrc = 0;
4566 }
4567 else
4568 {
4569 if (!transport_set_up_command(&argv, /* anchor for arg list */
4570 arg, /* raw command */
4571 FALSE, /* don't expand the arguments */
4572 0, /* not relevant when... */
4573 NULL, /* no transporting address */
4574 US"${run} expansion", /* for error messages */
4575 &expand_string_message)) /* where to put error message */
4576 {
4577 goto EXPAND_FAILED;
4578 }
4579
4580 /* Create the child process, making it a group leader. */
4581
4582 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
4583
4584 if (pid < 0)
4585 {
4586 expand_string_message =
4587 string_sprintf("couldn't create child process: %s", strerror(errno));
4588 goto EXPAND_FAILED;
4589 }
4590
4591 /* Nothing is written to the standard input. */
4592
4593 (void)close(fd_in);
4594
4595 /* Read the pipe to get the command's output into $value (which is kept
4596 in lookup_value). Read during execution, so that if the output exceeds
4597 the OS pipe buffer limit, we don't block forever. */
4598
4599 f = fdopen(fd_out, "rb");
4600 sigalrm_seen = FALSE;
4601 alarm(60);
4602 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4603 alarm(0);
4604 (void)fclose(f);
4605
4606 /* Wait for the process to finish, applying the timeout, and inspect its
4607 return code for serious disasters. Simple non-zero returns are passed on.
4608 */
4609
4610 if (sigalrm_seen == TRUE || (runrc = child_close(pid, 30)) < 0)
4611 {
4612 if (sigalrm_seen == TRUE || runrc == -256)
4613 {
4614 expand_string_message = string_sprintf("command timed out");
4615 killpg(pid, SIGKILL); /* Kill the whole process group */
4616 }
4617
4618 else if (runrc == -257)
4619 expand_string_message = string_sprintf("wait() failed: %s",
4620 strerror(errno));
4621
4622 else
4623 expand_string_message = string_sprintf("command killed by signal %d",
4624 -runrc);
4625
4626 goto EXPAND_FAILED;
4627 }
4628 }
4629
4630 /* Process the yes/no strings; $value may be useful in both cases */
4631
4632 switch(process_yesno(
4633 skipping, /* were previously skipping */
4634 runrc == 0, /* success/failure indicator */
4635 lookup_value, /* value to reset for string2 */
4636 &s, /* input pointer */
4637 &yield, /* output pointer */
4638 &size, /* output size */
4639 &ptr, /* output current point */
4640 US"run")) /* condition type */
4641 {
4642 case 1: goto EXPAND_FAILED; /* when all is well, the */
4643 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4644 }
4645
4646 continue;
4647 }
4648
4649 /* Handle character translation for "tr" */
4650
4651 case EITEM_TR:
4652 {
4653 int oldptr = ptr;
4654 int o2m;
4655 uschar *sub[3];
4656
4657 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
4658 {
4659 case 1: goto EXPAND_FAILED_CURLY;
4660 case 2:
4661 case 3: goto EXPAND_FAILED;
4662 }
4663
4664 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4665 o2m = Ustrlen(sub[2]) - 1;
4666
4667 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4668 {
4669 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4670 if (m != NULL)
4671 {
4672 int o = m - sub[1];
4673 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4674 }
4675 }
4676
4677 continue;
4678 }
4679
4680 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4681 expanded arguments. */
4682
4683 case EITEM_HASH:
4684 case EITEM_LENGTH:
4685 case EITEM_NHASH:
4686 case EITEM_SUBSTR:
4687 {
4688 int i;
4689 int len;
4690 uschar *ret;
4691 int val[2] = { 0, -1 };
4692 uschar *sub[3];
4693
4694 /* "length" takes only 2 arguments whereas the others take 2 or 3.
4695 Ensure that sub[2] is set in the ${length case. */
4696
4697 sub[2] = NULL;
4698 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
4699 TRUE, name))
4700 {
4701 case 1: goto EXPAND_FAILED_CURLY;
4702 case 2:
4703 case 3: goto EXPAND_FAILED;
4704 }
4705
4706 /* Juggle the arguments if there are only two of them: always move the
4707 string to the last position and make ${length{n}{str}} equivalent to
4708 ${substr{0}{n}{str}}. See the defaults for val[] above. */
4709
4710 if (sub[2] == NULL)
4711 {
4712 sub[2] = sub[1];
4713 sub[1] = NULL;
4714 if (item_type == EITEM_LENGTH)
4715 {
4716 sub[1] = sub[0];
4717 sub[0] = NULL;
4718 }
4719 }
4720
4721 for (i = 0; i < 2; i++)
4722 {
4723 if (sub[i] == NULL) continue;
4724 val[i] = (int)Ustrtol(sub[i], &ret, 10);
4725 if (*ret != 0 || (i != 0 && val[i] < 0))
4726 {
4727 expand_string_message = string_sprintf("\"%s\" is not a%s number "
4728 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
4729 goto EXPAND_FAILED;
4730 }
4731 }
4732
4733 ret =
4734 (item_type == EITEM_HASH)?
4735 compute_hash(sub[2], val[0], val[1], &len) :
4736 (item_type == EITEM_NHASH)?
4737 compute_nhash(sub[2], val[0], val[1], &len) :
4738 extract_substr(sub[2], val[0], val[1], &len);
4739
4740 if (ret == NULL) goto EXPAND_FAILED;
4741 yield = string_cat(yield, &size, &ptr, ret, len);
4742 continue;
4743 }
4744
4745 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
4746 This code originally contributed by Steve Haslam. It currently supports
4747 the use of MD5 and SHA-1 hashes.
4748
4749 We need some workspace that is large enough to handle all the supported
4750 hash types. Use macros to set the sizes rather than be too elaborate. */
4751
4752 #define MAX_HASHLEN 20
4753 #define MAX_HASHBLOCKLEN 64
4754
4755 case EITEM_HMAC:
4756 {
4757 uschar *sub[3];
4758 md5 md5_base;
4759 sha1 sha1_base;
4760 void *use_base;
4761 int type, i;
4762 int hashlen; /* Number of octets for the hash algorithm's output */
4763 int hashblocklen; /* Number of octets the hash algorithm processes */
4764 uschar *keyptr, *p;
4765 unsigned int keylen;
4766
4767 uschar keyhash[MAX_HASHLEN];
4768 uschar innerhash[MAX_HASHLEN];
4769 uschar finalhash[MAX_HASHLEN];
4770 uschar finalhash_hex[2*MAX_HASHLEN];
4771 uschar innerkey[MAX_HASHBLOCKLEN];
4772 uschar outerkey[MAX_HASHBLOCKLEN];
4773
4774 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
4775 {
4776 case 1: goto EXPAND_FAILED_CURLY;
4777 case 2:
4778 case 3: goto EXPAND_FAILED;
4779 }
4780
4781 if (Ustrcmp(sub[0], "md5") == 0)
4782 {
4783 type = HMAC_MD5;
4784 use_base = &md5_base;
4785 hashlen = 16;
4786 hashblocklen = 64;
4787 }
4788 else if (Ustrcmp(sub[0], "sha1") == 0)
4789 {
4790 type = HMAC_SHA1;
4791 use_base = &sha1_base;
4792 hashlen = 20;
4793 hashblocklen = 64;
4794 }
4795 else
4796 {
4797 expand_string_message =
4798 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
4799 goto EXPAND_FAILED;
4800 }
4801
4802 keyptr = sub[1];
4803 keylen = Ustrlen(keyptr);
4804
4805 /* If the key is longer than the hash block length, then hash the key
4806 first */
4807
4808 if (keylen > hashblocklen)
4809 {
4810 chash_start(type, use_base);
4811 chash_end(type, use_base, keyptr, keylen, keyhash);
4812 keyptr = keyhash;
4813 keylen = hashlen;
4814 }
4815
4816 /* Now make the inner and outer key values */
4817
4818 memset(innerkey, 0x36, hashblocklen);
4819 memset(outerkey, 0x5c, hashblocklen);
4820
4821 for (i = 0; i < keylen; i++)
4822 {
4823 innerkey[i] ^= keyptr[i];
4824 outerkey[i] ^= keyptr[i];
4825 }
4826
4827 /* Now do the hashes */
4828
4829 chash_start(type, use_base);
4830 chash_mid(type, use_base, innerkey);
4831 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
4832
4833 chash_start(type, use_base);
4834 chash_mid(type, use_base, outerkey);
4835 chash_end(type, use_base, innerhash, hashlen, finalhash);
4836
4837 /* Encode the final hash as a hex string */
4838
4839 p = finalhash_hex;
4840 for (i = 0; i < hashlen; i++)
4841 {
4842 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
4843 *p++ = hex_digits[finalhash[i] & 0x0f];
4844 }
4845
4846 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
4847 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
4848
4849 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
4850 }
4851
4852 continue;
4853
4854 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
4855 We have to save the numerical variables and restore them afterwards. */
4856
4857 case EITEM_SG:
4858 {
4859 const pcre *re;
4860 int moffset, moffsetextra, slen;
4861 int roffset;
4862 int emptyopt;
4863 const uschar *rerror;
4864 uschar *subject;
4865 uschar *sub[3];
4866 int save_expand_nmax =
4867 save_expand_strings(save_expand_nstring, save_expand_nlength);
4868
4869 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
4870 {
4871 case 1: goto EXPAND_FAILED_CURLY;
4872 case 2:
4873 case 3: goto EXPAND_FAILED;
4874 }
4875
4876 /* Compile the regular expression */
4877
4878 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
4879 NULL);
4880
4881 if (re == NULL)
4882 {
4883 expand_string_message = string_sprintf("regular expression error in "
4884 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
4885 goto EXPAND_FAILED;
4886 }
4887
4888 /* Now run a loop to do the substitutions as often as necessary. It ends
4889 when there are no more matches. Take care over matches of the null string;
4890 do the same thing as Perl does. */
4891
4892 subject = sub[0];
4893 slen = Ustrlen(sub[0]);
4894 moffset = moffsetextra = 0;
4895 emptyopt = 0;
4896
4897 for (;;)
4898 {
4899 int ovector[3*(EXPAND_MAXN+1)];
4900 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
4901 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
4902 int nn;
4903 uschar *insert;
4904
4905 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
4906 is not necessarily the end. We want to repeat the match from one
4907 character further along, but leaving the basic offset the same (for
4908 copying below). We can't be at the end of the string - that was checked
4909 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
4910 finished; copy the remaining string and end the loop. */
4911
4912 if (n < 0)
4913 {
4914 if (emptyopt != 0)
4915 {
4916 moffsetextra = 1;
4917 emptyopt = 0;
4918 continue;
4919 }
4920 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
4921 break;
4922 }
4923
4924 /* Match - set up for expanding the replacement. */
4925
4926 if (n == 0) n = EXPAND_MAXN + 1;
4927 expand_nmax = 0;
4928 for (nn = 0; nn < n*2; nn += 2)
4929 {
4930 expand_nstring[expand_nmax] = subject + ovector[nn];
4931 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4932 }
4933 expand_nmax--;
4934
4935 /* Copy the characters before the match, plus the expanded insertion. */
4936
4937 yield = string_cat(yield, &size, &ptr, subject + moffset,
4938 ovector[0] - moffset);
4939 insert = expand_string(sub[2]);
4940 if (insert == NULL) goto EXPAND_FAILED;
4941 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
4942
4943 moffset = ovector[1];
4944 moffsetextra = 0;
4945 emptyopt = 0;
4946
4947 /* If we have matched an empty string, first check to see if we are at
4948 the end of the subject. If so, the loop is over. Otherwise, mimic
4949 what Perl's /g options does. This turns out to be rather cunning. First
4950 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
4951 string at the same point. If this fails (picked up above) we advance to
4952 the next character. */
4953
4954 if (ovector[0] == ovector[1])
4955 {
4956 if (ovector[0] == slen) break;
4957 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
4958 }
4959 }
4960
4961 /* All done - restore numerical variables. */
4962
4963 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4964 save_expand_nlength);
4965 continue;
4966 }
4967
4968 /* Handle keyed and numbered substring extraction. If the first argument
4969 consists entirely of digits, then a numerical extraction is assumed. */
4970
4971 case EITEM_EXTRACT:
4972 {
4973 int i;
4974 int j = 2;
4975 int field_number = 1;
4976 BOOL field_number_set = FALSE;
4977 uschar *save_lookup_value = lookup_value;
4978 uschar *sub[3];
4979 int save_expand_nmax =
4980 save_expand_strings(save_expand_nstring, save_expand_nlength);
4981
4982 /* Read the arguments */
4983
4984 for (i = 0; i < j; i++)
4985 {
4986 while (isspace(*s)) s++;
4987 if (*s == '{')
4988 {
4989 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
4990 if (sub[i] == NULL) goto EXPAND_FAILED;
4991 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4992
4993 /* After removal of leading and trailing white space, the first
4994 argument must not be empty; if it consists entirely of digits
4995 (optionally preceded by a minus sign), this is a numerical
4996 extraction, and we expect 3 arguments. */
4997
4998 if (i == 0)
4999 {
5000 int len;
5001 int x = 0;
5002 uschar *p = sub[0];
5003
5004 while (isspace(*p)) p++;
5005 sub[0] = p;
5006
5007 len = Ustrlen(p);
5008 while (len > 0 && isspace(p[len-1])) len--;
5009 p[len] = 0;
5010
5011 if (*p == 0 && !skipping)
5012 {
5013 expand_string_message = US"first argument of \"extract\" must "
5014 "not be empty";
5015 goto EXPAND_FAILED;
5016 }
5017
5018 if (*p == '-')
5019 {
5020 field_number = -1;
5021 p++;
5022 }
5023 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
5024 if (*p == 0)
5025 {
5026 field_number *= x;
5027 j = 3; /* Need 3 args */
5028 field_number_set = TRUE;
5029 }
5030 }
5031 }
5032 else goto EXPAND_FAILED_CURLY;
5033 }
5034
5035 /* Extract either the numbered or the keyed substring into $value. If
5036 skipping, just pretend the extraction failed. */
5037
5038 lookup_value = skipping? NULL : field_number_set?
5039 expand_gettokened(field_number, sub[1], sub[2]) :
5040 expand_getkeyed(sub[0], sub[1]);
5041
5042 /* If no string follows, $value gets substituted; otherwise there can
5043 be yes/no strings, as for lookup or if. */
5044
5045 switch(process_yesno(
5046 skipping, /* were previously skipping */
5047 lookup_value != NULL, /* success/failure indicator */
5048 save_lookup_value, /* value to reset for string2 */
5049 &s, /* input pointer */
5050 &yield, /* output pointer */
5051 &size, /* output size */
5052 &ptr, /* output current point */
5053 US"extract")) /* condition type */
5054 {
5055 case 1: goto EXPAND_FAILED; /* when all is well, the */
5056 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
5057 }
5058
5059 /* All done - restore numerical variables. */
5060
5061 restore_expand_strings(save_expand_nmax, save_expand_nstring,
5062 save_expand_nlength);
5063
5064 continue;
5065 }
5066
5067
5068 /* Handle list operations */
5069
5070 case EITEM_FILTER:
5071 case EITEM_MAP:
5072 case EITEM_REDUCE:
5073 {
5074 int sep = 0;
5075 int save_ptr = ptr;
5076 uschar outsep[2] = { '\0', '\0' };
5077 uschar *list, *expr, *temp;
5078 uschar *save_iterate_item = iterate_item;
5079 uschar *save_lookup_value = lookup_value;
5080
5081 while (isspace(*s)) s++;
5082 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5083
5084 list = expand_string_internal(s, TRUE, &s, skipping, TRUE);
5085 if (list == NULL) goto EXPAND_FAILED;
5086 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5087
5088 if (item_type == EITEM_REDUCE)
5089 {
5090 while (isspace(*s)) s++;
5091 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5092 temp = expand_string_internal(s, TRUE, &s, skipping, TRUE);
5093 if (temp == NULL) goto EXPAND_FAILED;
5094 lookup_value = temp;
5095 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
5096 }
5097
5098 while (isspace(*s)) s++;
5099 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
5100
5101 expr = s;
5102
5103 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
5104 if scanning a "false" part). This allows us to find the end of the
5105 condition, because if the list is empty, we won't actually evaluate the
5106 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
5107 the normal internal expansion function. */
5108
5109 if (item_type == EITEM_FILTER)
5110 {
5111 temp = eval_condition(expr, NULL);
5112 if (temp != NULL) s = temp;
5113 }
5114 else
5115 {
5116 temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE);
5117 }
5118
5119 if (temp == NULL)
5120 {
5121 expand_string_message = string_sprintf("%s inside \"%s\" item",
5122 expand_string_message, name);
5123 goto EXPAND_FAILED;
5124 }
5125
5126 while (isspace(*s)) s++;
5127 if (*s++ != '}')
5128 {
5129 expand_string_message = string_sprintf("missing } at end of condition "
5130 "or expression inside \"%s\"", name);
5131 goto EXPAND_FAILED;
5132 }
5133
5134 while (isspace(*s)) s++;
5135 if (*s++ != '}')
5136 {
5137 expand_string_message = string_sprintf("missing } at end of \"%s\"",
5138 name);
5139 goto EXPAND_FAILED;
5140 }
5141
5142 /* If we are skipping, we can now just move on to the next item. When
5143 processing for real, we perform the iteration. */
5144
5145 if (skipping) continue;
5146 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
5147 {
5148 *outsep = (uschar)sep; /* Separator as a string */
5149
5150 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
5151
5152 if (item_type == EITEM_FILTER)
5153 {
5154 BOOL condresult;
5155 if (eval_condition(expr, &condresult) == NULL)
5156 {
5157 iterate_item = save_iterate_item;
5158 lookup_value = save_lookup_value;
5159 expand_string_message = string_sprintf("%s inside \"%s\" condition",
5160 expand_string_message, name);
5161 goto EXPAND_FAILED;
5162 }
5163 DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
5164 condresult? "true":"false");
5165 if (condresult)
5166 temp = iterate_item; /* TRUE => include this item */
5167 else
5168 continue; /* FALSE => skip this item */
5169 }
5170
5171 /* EITEM_MAP and EITEM_REDUCE */
5172
5173 else
5174 {
5175 temp = expand_string_internal(expr, TRUE, NULL, skipping, TRUE);
5176 if (temp == NULL)
5177 {
5178 iterate_item = save_iterate_item;
5179 expand_string_message = string_sprintf("%s inside \"%s\" item",
5180 expand_string_message, name);
5181 goto EXPAND_FAILED;
5182 }
5183 if (item_type == EITEM_REDUCE)
5184 {
5185 lookup_value = temp; /* Update the value of $value */
5186 continue; /* and continue the iteration */
5187 }
5188 }
5189
5190 /* We reach here for FILTER if the condition is true, always for MAP,
5191 and never for REDUCE. The value in "temp" is to be added to the output
5192 list that is being created, ensuring that any occurrences of the
5193 separator character are doubled. Unless we are dealing with the first
5194 item of the output list, add in a space if the new item begins with the
5195 separator character, or is an empty string. */
5196
5197 if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
5198 yield = string_cat(yield, &size, &ptr, US" ", 1);
5199
5200 /* Add the string in "temp" to the output list that we are building,
5201 This is done in chunks by searching for the separator character. */
5202
5203 for (;;)
5204 {
5205 size_t seglen = Ustrcspn(temp, outsep);
5206 yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
5207
5208 /* If we got to the end of the string we output one character
5209 too many; backup and end the loop. Otherwise arrange to double the
5210 separator. */
5211
5212 if (temp[seglen] == '\0') { ptr--; break; }
5213 yield = string_cat(yield, &size, &ptr, outsep, 1);
5214 temp += seglen + 1;
5215 }
5216
5217 /* Output a separator after the string: we will remove the redundant
5218 final one at the end. */
5219
5220 yield = string_cat(yield, &size, &ptr, outsep, 1);
5221 } /* End of iteration over the list loop */
5222
5223 /* REDUCE has generated no output above: output the final value of
5224 $value. */
5225
5226 if (item_type == EITEM_REDUCE)
5227 {
5228 yield = string_cat(yield, &size, &ptr, lookup_value,
5229 Ustrlen(lookup_value));
5230 lookup_value = save_lookup_value; /* Restore $value */
5231 }
5232
5233 /* FILTER and MAP generate lists: if they have generated anything, remove
5234 the redundant final separator. Even though an empty item at the end of a
5235 list does not count, this is tidier. */
5236
5237 else if (ptr != save_ptr) ptr--;
5238
5239 /* Restore preserved $item */
5240
5241 iterate_item = save_iterate_item;
5242 continue;
5243 }
5244
5245
5246 /* If ${dlfunc support is configured, handle calling dynamically-loaded
5247 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
5248 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
5249 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
5250
5251 #define EXPAND_DLFUNC_MAX_ARGS 8
5252
5253 case EITEM_DLFUNC:
5254 #ifndef EXPAND_DLFUNC
5255 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
5256 "is not included in this binary";
5257 goto EXPAND_FAILED;
5258
5259 #else /* EXPAND_DLFUNC */
5260 {
5261 tree_node *t;
5262 exim_dlfunc_t *func;
5263 uschar *result;
5264 int status, argc;
5265 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
5266
5267 if ((expand_forbid & RDO_DLFUNC) != 0)
5268 {
5269 expand_string_message =
5270 US"dynamically-loaded functions are not permitted";
5271 goto EXPAND_FAILED;
5272 }
5273
5274 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
5275 TRUE, US"dlfunc"))
5276 {
5277 case 1: goto EXPAND_FAILED_CURLY;
5278 case 2:
5279 case 3: goto EXPAND_FAILED;
5280 }
5281
5282 /* If skipping, we don't actually do anything */
5283
5284 if (skipping) continue;
5285
5286 /* Look up the dynamically loaded object handle in the tree. If it isn't
5287 found, dlopen() the file and put the handle in the tree for next time. */
5288
5289 t = tree_search(dlobj_anchor, argv[0]);
5290 if (t == NULL)
5291 {
5292 void *handle = dlopen(CS argv[0], RTLD_LAZY);
5293 if (handle == NULL)
5294 {
5295 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
5296 argv[0], dlerror());
5297 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5298 goto EXPAND_FAILED;
5299 }
5300 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
5301 Ustrcpy(t->name, argv[0]);
5302 t->data.ptr = handle;
5303 (void)tree_insertnode(&dlobj_anchor, t);
5304 }
5305
5306 /* Having obtained the dynamically loaded object handle, look up the
5307 function pointer. */
5308
5309 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
5310 if (func == NULL)
5311 {
5312 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
5313 "%s", argv[1], argv[0], dlerror());
5314 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5315 goto EXPAND_FAILED;
5316 }
5317
5318 /* Call the function and work out what to do with the result. If it
5319 returns OK, we have a replacement string; if it returns DEFER then
5320 expansion has failed in a non-forced manner; if it returns FAIL then
5321 failure was forced; if it returns ERROR or any other value there's a
5322 problem, so panic slightly. In any case, assume that the function has
5323 side-effects on the store that must be preserved. */
5324
5325 resetok = FALSE;
5326 result = NULL;
5327 for (argc = 0; argv[argc] != NULL; argc++);
5328 status = func(&result, argc - 2, &argv[2]);
5329 if(status == OK)
5330 {
5331 if (result == NULL) result = US"";
5332 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
5333 continue;
5334 }
5335 else
5336 {
5337 expand_string_message = result == NULL ? US"(no message)" : result;
5338 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
5339 else if(status != FAIL)
5340 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
5341 argv[0], argv[1], status, expand_string_message);
5342 goto EXPAND_FAILED;
5343 }
5344 }
5345 #endif /* EXPAND_DLFUNC */
5346 }
5347
5348 /* Control reaches here if the name is not recognized as one of the more
5349 complicated expansion items. Check for the "operator" syntax (name terminated
5350 by a colon). Some of the operators have arguments, separated by _ from the
5351 name. */
5352
5353 if (*s == ':')
5354 {
5355 int c;
5356 uschar *arg = NULL;
5357 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE);
5358 if (sub == NULL) goto EXPAND_FAILED;
5359 s++;
5360
5361 /* Owing to an historical mis-design, an underscore may be part of the
5362 operator name, or it may introduce arguments. We therefore first scan the
5363 table of names that contain underscores. If there is no match, we cut off
5364 the arguments and then scan the main table. */
5365
5366 c = chop_match(name, op_table_underscore,
5367 sizeof(op_table_underscore)/sizeof(uschar *));
5368
5369 if (c < 0)
5370 {
5371 arg = Ustrchr(name, '_');
5372 if (arg != NULL) *arg = 0;
5373 c = chop_match(name, op_table_main,
5374 sizeof(op_table_main)/sizeof(uschar *));
5375 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
5376 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
5377 }
5378
5379 /* If we are skipping, we don't need to perform the operation at all.
5380 This matters for operations like "mask", because the data may not be
5381 in the correct format when skipping. For example, the expression may test
5382 for the existence of $sender_host_address before trying to mask it. For
5383 other operations, doing them may not fail, but it is a waste of time. */
5384
5385 if (skipping && c >= 0) continue;
5386
5387 /* Otherwise, switch on the operator type */
5388
5389 switch(c)
5390 {
5391 case EOP_BASE62:
5392 {
5393 uschar *t;
5394 unsigned long int n = Ustrtoul(sub, &t, 10);
5395 if (*t != 0)
5396 {
5397 expand_string_message = string_sprintf("argument for base62 "
5398 "operator is \"%s\", which is not a decimal number", sub);
5399 goto EXPAND_FAILED;
5400 }
5401 t = string_base62(n);
5402 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5403 continue;
5404 }
5405
5406 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
5407
5408 case EOP_BASE62D:
5409 {
5410 uschar buf[16];
5411 uschar *tt = sub;
5412 unsigned long int n = 0;
5413 while (*tt != 0)
5414 {
5415 uschar *t = Ustrchr(base62_chars, *tt++);
5416 if (t == NULL)
5417 {
5418 expand_string_message = string_sprintf("argument for base62d "
5419 "operator is \"%s\", which is not a base %d number", sub,
5420 BASE_62);
5421 goto EXPAND_FAILED;
5422 }
5423 n = n * BASE_62 + (t - base62_chars);
5424 }
5425 (void)sprintf(CS buf, "%ld", n);
5426 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
5427 continue;
5428 }
5429
5430 case EOP_EXPAND:
5431 {
5432 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE);
5433 if (expanded == NULL)
5434 {
5435 expand_string_message =
5436 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
5437 expand_string_message);
5438 goto EXPAND_FAILED;
5439 }
5440 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
5441 continue;
5442 }
5443
5444 case EOP_LC:
5445 {
5446 int count = 0;
5447 uschar *t = sub - 1;
5448 while (*(++t) != 0) { *t = tolower(*t); count++; }
5449 yield = string_cat(yield, &size, &ptr, sub, count);
5450 continue;
5451 }
5452
5453 case EOP_UC:
5454 {
5455 int count = 0;
5456 uschar *t = sub - 1;
5457 while (*(++t) != 0) { *t = toupper(*t); count++; }
5458 yield = string_cat(yield, &size, &ptr, sub, count);
5459 continue;
5460 }
5461
5462 case EOP_MD5:
5463 {
5464 md5 base;
5465 uschar digest[16];
5466 int j;
5467 char st[33];
5468 md5_start(&base);
5469 md5_end(&base, sub, Ustrlen(sub), digest);
5470 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
5471 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5472 continue;
5473 }
5474
5475 case EOP_SHA1:
5476 {
5477 sha1 base;
5478 uschar digest[20];
5479 int j;
5480 char st[41];
5481 sha1_start(&base);
5482 sha1_end(&base, sub, Ustrlen(sub), digest);
5483 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
5484 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5485 continue;
5486 }
5487
5488 /* Convert hex encoding to base64 encoding */
5489
5490 case EOP_HEX2B64:
5491 {
5492 int c = 0;
5493 int b = -1;
5494 uschar *in = sub;
5495 uschar *out = sub;
5496 uschar *enc;
5497
5498 for (enc = sub; *enc != 0; enc++)
5499 {
5500 if (!isxdigit(*enc))
5501 {
5502 expand_string_message = string_sprintf("\"%s\" is not a hex "
5503 "string", sub);
5504 goto EXPAND_FAILED;
5505 }
5506 c++;
5507 }
5508
5509 if ((c & 1) != 0)
5510 {
5511 expand_string_message = string_sprintf("\"%s\" contains an odd "
5512 "number of characters", sub);
5513 goto EXPAND_FAILED;
5514 }
5515
5516 while ((c = *in++) != 0)
5517 {
5518 if (isdigit(c)) c -= '0';
5519 else c = toupper(c) - 'A' + 10;
5520 if (b == -1)
5521 {
5522 b = c << 4;
5523 }
5524 else
5525 {
5526 *out++ = b | c;
5527 b = -1;
5528 }
5529 }
5530
5531 enc = auth_b64encode(sub, out - sub);
5532 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
5533 continue;
5534 }
5535
5536 /* count the number of list elements */
5537
5538 case EOP_LISTCOUNT:
5539 {
5540 int cnt = 0;
5541 int sep = 0;
5542 uschar * cp;
5543 uschar buffer[256];
5544
5545 while (string_nextinlist(&sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
5546 cp = string_sprintf("%d", cnt);
5547 yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
5548 continue;
5549 }
5550
5551 /* expand a named list given the name */
5552 /* handles nested named lists; requotes as colon-sep list */
5553
5554 case EOP_LISTNAMED:
5555 {
5556 tree_node *t = NULL;
5557 uschar * list;
5558 int sep = 0;
5559 uschar * item;
5560 uschar * suffix = "";
5561 BOOL needsep = FALSE;
5562 uschar buffer[256];
5563
5564 if (*sub == '+') sub++;
5565 if (arg == NULL) /* no-argument version */
5566 {
5567 if (!(t = tree_search(addresslist_anchor, sub)) &&
5568 !(t = tree_search(domainlist_anchor, sub)) &&
5569 !(t = tree_search(hostlist_anchor, sub)))
5570 t = tree_search(localpartlist_anchor, sub);
5571 }
5572 else switch(*arg) /* specific list-type version */
5573 {
5574 case 'a': t = tree_search(addresslist_anchor, sub); suffix = "_a"; break;
5575 case 'd': t = tree_search(domainlist_anchor, sub); suffix = "_d"; break;
5576 case 'h': t = tree_search(hostlist_anchor, sub); suffix = "_h"; break;
5577 case 'l': t = tree_search(localpartlist_anchor, sub); suffix = "_l"; break;
5578 default:
5579 expand_string_message = string_sprintf("bad suffix on \"list\" operator");
5580 goto EXPAND_FAILED;
5581 }
5582
5583 if(!t)
5584 {
5585 expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
5586 sub, !arg?""
5587 : *arg=='a'?"address "
5588 : *arg=='d'?"domain "
5589 : *arg=='h'?"host "
5590 : *arg=='l'?"localpart "
5591 : 0);
5592 goto EXPAND_FAILED;
5593 }
5594
5595 list = ((namedlist_block *)(t->data.ptr))->string;
5596
5597 while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
5598 {
5599 uschar * buf = US" : ";
5600 if (needsep)
5601 yield = string_cat(yield, &size, &ptr, buf, 3);
5602 else
5603 needsep = TRUE;
5604
5605 if (*item == '+') /* list item is itself a named list */
5606 {
5607 uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
5608 item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE);
5609 }
5610 else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
5611 {
5612 char * cp;
5613 char tok[3];
5614 tok[0] = sep; tok[1] = ':'; tok[2] = 0;
5615 while ((cp= strpbrk((const char *)item, tok)))
5616 {
5617 yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
5618 if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
5619 {
5620 yield = string_cat(yield, &size, &ptr, US"::", 2);
5621 item = cp;
5622 }
5623 else /* sep in item; should already be doubled; emit once */
5624 {
5625 yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
5626 if (*cp == sep) cp++;
5627 item = cp;
5628 }
5629 }
5630 }
5631 yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
5632 }
5633 continue;
5634 }
5635
5636 /* mask applies a mask to an IP address; for example the result of
5637 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
5638
5639 case EOP_MASK:
5640 {
5641 int count;
5642 uschar *endptr;
5643 int binary[4];
5644 int mask, maskoffset;
5645 int type = string_is_ip_address(sub, &maskoffset);
5646 uschar buffer[64];
5647
5648 if (type == 0)
5649 {
5650 expand_string_message = string_sprintf("\"%s\" is not an IP address",
5651 sub);
5652 goto EXPAND_FAILED;
5653 }
5654
5655 if (maskoffset == 0)
5656 {
5657 expand_string_message = string_sprintf("missing mask value in \"%s\"",
5658 sub);
5659 goto EXPAND_FAILED;
5660 }
5661
5662 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
5663
5664 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
5665 {
5666 expand_string_message = string_sprintf("mask value too big in \"%s\"",
5667 sub);
5668 goto EXPAND_FAILED;
5669 }
5670
5671 /* Convert the address to binary integer(s) and apply the mask */
5672
5673 sub[maskoffset] = 0;
5674 count = host_aton(sub, binary);
5675 host_mask(count, binary, mask);
5676
5677 /* Convert to masked textual format and add to output. */
5678
5679 yield = string_cat(yield, &size, &ptr, buffer,
5680 host_nmtoa(count, binary, mask, buffer, '.'));
5681 continue;
5682 }
5683
5684 case EOP_ADDRESS:
5685 case EOP_LOCAL_PART:
5686 case EOP_DOMAIN:
5687 {
5688 uschar *error;
5689 int start, end, domain;
5690 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
5691 FALSE);
5692 if (t != NULL)
5693 {
5694 if (c != EOP_DOMAIN)
5695 {
5696 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
5697 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
5698 }
5699 else if (domain != 0)
5700 {
5701 domain += start;
5702 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
5703 }
5704 }
5705 continue;
5706 }
5707
5708 case EOP_ADDRESSES:
5709 {
5710 uschar outsep[2] = { ':', '\0' };
5711 uschar *address, *error;
5712 int save_ptr = ptr;
5713 int start, end, domain; /* Not really used */
5714
5715 while (isspace(*sub)) sub++;
5716 if (*sub == '>') { *outsep = *++sub; ++sub; }
5717 parse_allow_group = TRUE;
5718
5719 for (;;)
5720 {
5721 uschar *p = parse_find_address_end(sub, FALSE);
5722 uschar saveend = *p;
5723 *p = '\0';
5724 address = parse_extract_address(sub, &error, &start, &end, &domain,
5725 FALSE);
5726 *p = saveend;
5727
5728 /* Add the address to the output list that we are building. This is
5729 done in chunks by searching for the separator character. At the
5730 start, unless we are dealing with the first address of the output
5731 list, add in a space if the new address begins with the separator
5732 character, or is an empty string. */
5733
5734 if (address != NULL)
5735 {
5736 if (ptr != save_ptr && address[0] == *outsep)
5737 yield = string_cat(yield, &size, &ptr, US" ", 1);
5738
5739 for (;;)
5740 {
5741 size_t seglen = Ustrcspn(address, outsep);
5742 yield = string_cat(yield, &size, &ptr, address, seglen + 1);
5743
5744 /* If we got to the end of the string we output one character
5745 too many. */
5746
5747 if (address[seglen] == '\0') { ptr--; break; }
5748 yield = string_cat(yield, &size, &ptr, outsep, 1);
5749 address += seglen + 1;
5750 }
5751
5752 /* Output a separator after the string: we will remove the
5753 redundant final one at the end. */
5754
5755 yield = string_cat(yield, &size, &ptr, outsep, 1);
5756 }
5757
5758 if (saveend == '\0') break;
5759 sub = p + 1;
5760 }
5761
5762 /* If we have generated anything, remove the redundant final
5763 separator. */
5764
5765 if (ptr != save_ptr) ptr--;
5766 parse_allow_group = FALSE;
5767 continue;
5768 }
5769
5770
5771 /* quote puts a string in quotes if it is empty or contains anything
5772 other than alphamerics, underscore, dot, or hyphen.
5773
5774 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
5775 be quoted in order to be a valid local part.
5776
5777 In both cases, newlines and carriage returns are converted into \n and \r
5778 respectively */
5779
5780 case EOP_QUOTE:
5781 case EOP_QUOTE_LOCAL_PART:
5782 if (arg == NULL)
5783 {
5784 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
5785 uschar *t = sub - 1;
5786
5787 if (c == EOP_QUOTE)
5788 {
5789 while (!needs_quote && *(++t) != 0)
5790 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
5791 }
5792 else /* EOP_QUOTE_LOCAL_PART */
5793 {
5794 while (!needs_quote && *(++t) != 0)
5795 needs_quote = !isalnum(*t) &&
5796 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
5797 (*t != '.' || t == sub || t[1] == 0);
5798 }
5799
5800 if (needs_quote)
5801 {
5802 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5803 t = sub - 1;
5804 while (*(++t) != 0)
5805 {
5806 if (*t == '\n')
5807 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
5808 else if (*t == '\r')
5809 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
5810 else
5811 {
5812 if (*t == '\\' || *t == '"')
5813 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5814 yield = string_cat(yield, &size, &ptr, t, 1);
5815 }
5816 }
5817 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5818 }
5819 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5820 continue;
5821 }
5822
5823 /* quote_lookuptype does lookup-specific quoting */
5824
5825 else
5826 {
5827 int n;
5828 uschar *opt = Ustrchr(arg, '_');
5829
5830 if (opt != NULL) *opt++ = 0;
5831
5832 n = search_findtype(arg, Ustrlen(arg));
5833 if (n < 0)
5834 {
5835 expand_string_message = search_error_message;
5836 goto EXPAND_FAILED;
5837 }
5838
5839 if (lookup_list[n]->quote != NULL)
5840 sub = (lookup_list[n]->quote)(sub, opt);
5841 else if (opt != NULL) sub = NULL;
5842
5843 if (sub == NULL)
5844 {
5845 expand_string_message = string_sprintf(
5846 "\"%s\" unrecognized after \"${quote_%s\"",
5847 opt, arg);
5848 goto EXPAND_FAILED;
5849 }
5850
5851 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5852 continue;
5853 }
5854
5855 /* rx quote sticks in \ before any non-alphameric character so that
5856 the insertion works in a regular expression. */
5857
5858 case EOP_RXQUOTE:
5859 {
5860 uschar *t = sub - 1;
5861 while (*(++t) != 0)
5862 {
5863 if (!isalnum(*t))
5864 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5865 yield = string_cat(yield, &size, &ptr, t, 1);
5866 }
5867 continue;
5868 }
5869
5870 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
5871 prescribed by the RFC, if there are characters that need to be encoded */
5872
5873 case EOP_RFC2047:
5874 {
5875 uschar buffer[2048];
5876 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
5877 buffer, sizeof(buffer), FALSE);
5878 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
5879 continue;
5880 }
5881
5882 /* RFC 2047 decode */
5883
5884 case EOP_RFC2047D:
5885 {
5886 int len;
5887 uschar *error;
5888 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
5889 headers_charset, '?', &len, &error);
5890 if (error != NULL)
5891 {
5892 expand_string_message = error;
5893 goto EXPAND_FAILED;
5894 }
5895 yield = string_cat(yield, &size, &ptr, decoded, len);
5896 continue;
5897 }
5898
5899 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
5900 underscores */
5901
5902 case EOP_FROM_UTF8:
5903 {
5904 while (*sub != 0)
5905 {
5906 int c;
5907 uschar buff[4];
5908 GETUTF8INC(c, sub);
5909 if (c > 255) c = '_';
5910 buff[0] = c;
5911 yield = string_cat(yield, &size, &ptr, buff, 1);
5912 }
5913 continue;
5914 }
5915
5916 /* escape turns all non-printing characters into escape sequences. */
5917
5918 case EOP_ESCAPE:
5919 {
5920 uschar *t = string_printing(sub);
5921 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5922 continue;
5923 }
5924
5925 /* Handle numeric expression evaluation */
5926
5927 case EOP_EVAL:
5928 case EOP_EVAL10:
5929 {
5930 uschar *save_sub = sub;
5931 uschar *error = NULL;
5932 int_eximarith_t n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
5933 if (error != NULL)
5934 {
5935 expand_string_message = string_sprintf("error in expression "
5936 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
5937 save_sub);
5938 goto EXPAND_FAILED;
5939 }
5940 sprintf(CS var_buffer, PR_EXIM_ARITH, n);
5941 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5942 continue;
5943 }
5944
5945 /* Handle time period formating */
5946
5947 case EOP_TIME_EVAL:
5948 {
5949 int n = readconf_readtime(sub, 0, FALSE);
5950 if (n < 0)
5951 {
5952 expand_string_message = string_sprintf("string \"%s\" is not an "
5953 "Exim time interval in \"%s\" operator", sub, name);
5954 goto EXPAND_FAILED;
5955 }
5956 sprintf(CS var_buffer, "%d", n);
5957 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5958 continue;
5959 }
5960
5961 case EOP_TIME_INTERVAL:
5962 {
5963 int n;
5964 uschar *t = read_number(&n, sub);
5965 if (*t != 0) /* Not A Number*/
5966 {
5967 expand_string_message = string_sprintf("string \"%s\" is not a "
5968 "positive number in \"%s\" operator", sub, name);
5969 goto EXPAND_FAILED;
5970 }
5971 t = readconf_printtime(n);
5972 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5973 continue;
5974 }
5975
5976 /* Convert string to base64 encoding */
5977
5978 case EOP_STR2B64:
5979 {
5980 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
5981 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
5982 continue;
5983 }
5984
5985 /* strlen returns the length of the string */
5986
5987 case EOP_STRLEN:
5988 {
5989 uschar buff[24];
5990 (void)sprintf(CS buff, "%d", Ustrlen(sub));
5991 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
5992 continue;
5993 }
5994
5995 /* length_n or l_n takes just the first n characters or the whole string,
5996 whichever is the shorter;
5997
5998 substr_m_n, and s_m_n take n characters from offset m; negative m take
5999 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
6000 takes the rest, either to the right or to the left.
6001
6002 hash_n or h_n makes a hash of length n from the string, yielding n
6003 characters from the set a-z; hash_n_m makes a hash of length n, but
6004 uses m characters from the set a-zA-Z0-9.
6005
6006 nhash_n returns a single number between 0 and n-1 (in text form), while
6007 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
6008 between 0 and n-1 and the second between 0 and m-1. */
6009
6010 case EOP_LENGTH:
6011 case EOP_L:
6012 case EOP_SUBSTR:
6013 case EOP_S:
6014 case EOP_HASH:
6015 case EOP_H:
6016 case EOP_NHASH:
6017 case EOP_NH:
6018 {
6019 int sign = 1;
6020 int value1 = 0;
6021 int value2 = -1;
6022 int *pn;
6023 int len;
6024 uschar *ret;
6025
6026 if (arg == NULL)
6027 {
6028 expand_string_message = string_sprintf("missing values after %s",
6029 name);
6030 goto EXPAND_FAILED;
6031 }
6032
6033 /* "length" has only one argument, effectively being synonymous with
6034 substr_0_n. */
6035
6036 if (c == EOP_LENGTH || c == EOP_L)
6037 {
6038 pn = &value2;
6039 value2 = 0;
6040 }
6041
6042 /* The others have one or two arguments; for "substr" the first may be
6043 negative. The second being negative means "not supplied". */
6044
6045 else
6046 {
6047 pn = &value1;
6048 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
6049 }
6050
6051 /* Read up to two numbers, separated by underscores */
6052
6053 ret = arg;
6054 while (*arg != 0)
6055 {
6056 if (arg != ret && *arg == '_' && pn == &value1)
6057 {
6058 pn = &value2;
6059 value2 = 0;
6060 if (arg[1] != 0) arg++;
6061 }
6062 else if (!isdigit(*arg))
6063 {
6064 expand_string_message =
6065 string_sprintf("non-digit after underscore in \"%s\"", name);
6066 goto EXPAND_FAILED;
6067 }
6068 else *pn = (*pn)*10 + *arg++ - '0';
6069 }
6070 value1 *= sign;
6071
6072 /* Perform the required operation */
6073
6074 ret =
6075 (c == EOP_HASH || c == EOP_H)?
6076 compute_hash(sub, value1, value2, &len) :
6077 (c == EOP_NHASH || c == EOP_NH)?
6078 compute_nhash(sub, value1, value2, &len) :
6079 extract_substr(sub, value1, value2, &len);
6080
6081 if (ret == NULL) goto EXPAND_FAILED;
6082 yield = string_cat(yield, &size, &ptr, ret, len);
6083 continue;
6084 }
6085
6086 /* Stat a path */
6087
6088 case EOP_STAT:
6089 {
6090 uschar *s;
6091 uschar smode[12];
6092 uschar **modetable[3];
6093 int i;
6094 mode_t mode;
6095 struct stat st;
6096
6097 if ((expand_forbid & RDO_EXISTS) != 0)
6098 {
6099 expand_string_message = US"Use of the stat() expansion is not permitted";
6100 goto EXPAND_FAILED;
6101 }
6102
6103 if (stat(CS sub, &st) < 0)
6104 {
6105 expand_string_message = string_sprintf("stat(%s) failed: %s",
6106 sub, strerror(errno));
6107 goto EXPAND_FAILED;
6108 }
6109 mode = st.st_mode;
6110 switch (mode & S_IFMT)
6111 {
6112 case S_IFIFO: smode[0] = 'p'; break;
6113 case S_IFCHR: smode[0] = 'c'; break;
6114 case S_IFDIR: smode[0] = 'd'; break;
6115 case S_IFBLK: smode[0] = 'b'; break;
6116 case S_IFREG: smode[0] = '-'; break;
6117 default: smode[0] = '?'; break;
6118 }
6119
6120 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
6121 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
6122 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
6123
6124 for (i = 0; i < 3; i++)
6125 {
6126 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
6127 mode >>= 3;
6128 }
6129
6130 smode[10] = 0;
6131 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
6132 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
6133 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
6134 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
6135 (long)st.st_gid, st.st_size, (long)st.st_atime,
6136 (long)st.st_mtime, (long)st.st_ctime);
6137 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6138 continue;
6139 }
6140
6141 /* vaguely random number less than N */
6142
6143 case EOP_RANDINT:
6144 {
6145 int_eximarith_t max;
6146 uschar *s;
6147
6148 max = expand_string_integer(sub, TRUE);
6149 if (expand_string_message != NULL)
6150 goto EXPAND_FAILED;
6151 s = string_sprintf("%d", vaguely_random_number((int)max));
6152 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
6153 continue;
6154 }
6155
6156 /* Reverse IP, including IPv6 to dotted-nibble */
6157
6158 case EOP_REVERSE_IP:
6159 {
6160 int family, maskptr;
6161 uschar reversed[128];
6162
6163 family = string_is_ip_address(sub, &maskptr);
6164 if (family == 0)
6165 {
6166 expand_string_message = string_sprintf(
6167 "reverse_ip() not given an IP address [%s]", sub);
6168 goto EXPAND_FAILED;
6169 }
6170 invert_address(reversed, sub);
6171 yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed));
6172 continue;
6173 }
6174
6175 /* Unknown operator */
6176
6177 default:
6178 expand_string_message =
6179 string_sprintf("unknown expansion operator \"%s\"", name);
6180 goto EXPAND_FAILED;
6181 }
6182 }
6183
6184 /* Handle a plain name. If this is the first thing in the expansion, release
6185 the pre-allocated buffer. If the result data is known to be in a new buffer,
6186 newsize will be set to the size of that buffer, and we can just point at that
6187 store instead of copying. Many expansion strings contain just one reference,
6188 so this is a useful optimization, especially for humungous headers
6189 ($message_headers). */
6190
6191 if (*s++ == '}')
6192 {
6193 int len;
6194 int newsize = 0;
6195 if (ptr == 0)
6196 {
6197 if (resetok) store_reset(yield);
6198 yield = NULL;
6199 size = 0;
6200 }
6201 value = find_variable(name, FALSE, skipping, &newsize);
6202 if (value == NULL)
6203 {
6204 expand_string_message =
6205 string_sprintf("unknown variable in \"${%s}\"", name);
6206 check_variable_error_message(name);
6207 goto EXPAND_FAILED;
6208 }
6209 len = Ustrlen(value);
6210 if (yield == NULL && newsize != 0)
6211 {
6212 yield = value;
6213 size = newsize;
6214 ptr = len;
6215 }
6216 else yield = string_cat(yield, &size, &ptr, value, len);
6217 continue;
6218 }
6219
6220 /* Else there's something wrong */
6221
6222 expand_string_message =
6223 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
6224 "in a variable reference)", name);
6225 goto EXPAND_FAILED;
6226 }
6227
6228 /* If we hit the end of the string when ket_ends is set, there is a missing
6229 terminating brace. */
6230
6231 if (ket_ends && *s == 0)
6232 {
6233 expand_string_message = malformed_header?
6234 US"missing } at end of string - could be header name not terminated by colon"
6235 :
6236 US"missing } at end of string";
6237 goto EXPAND_FAILED;
6238 }
6239
6240 /* Expansion succeeded; yield may still be NULL here if nothing was actually
6241 added to the string. If so, set up an empty string. Add a terminating zero. If
6242 left != NULL, return a pointer to the terminator. */
6243
6244 if (yield == NULL) yield = store_get(1);
6245 yield[ptr] = 0;
6246 if (left != NULL) *left = s;
6247
6248 /* Any stacking store that was used above the final string is no longer needed.
6249 In many cases the final string will be the first one that was got and so there
6250 will be optimal store usage. */
6251
6252 if (resetok) store_reset(yield + ptr + 1);
6253 DEBUG(D_expand)
6254 {
6255 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
6256 yield);
6257 if (skipping) debug_printf("skipping: result is not used\n");
6258 }
6259 return yield;
6260
6261 /* This is the failure exit: easiest to program with a goto. We still need
6262 to update the pointer to the terminator, for cases of nested calls with "fail".
6263 */
6264
6265 EXPAND_FAILED_CURLY:
6266 expand_string_message = malformed_header?
6267 US"missing or misplaced { or } - could be header name not terminated by colon"
6268 :
6269 US"missing or misplaced { or }";
6270
6271 /* At one point, Exim reset the store to yield (if yield was not NULL), but
6272 that is a bad idea, because expand_string_message is in dynamic store. */
6273
6274 EXPAND_FAILED:
6275 if (left != NULL) *left = s;
6276 DEBUG(D_expand)
6277 {
6278 debug_printf("failed to expand: %s\n", string);
6279 debug_printf(" error message: %s\n", expand_string_message);
6280 if (expand_string_forcedfail) debug_printf("failure was forced\n");
6281 }
6282 return NULL;
6283 }
6284
6285
6286 /* This is the external function call. Do a quick check for any expansion
6287 metacharacters, and if there are none, just return the input string.
6288
6289 Argument: the string to be expanded
6290 Returns: the expanded string, or NULL if expansion failed; if failure was
6291 due to a lookup deferring, search_find_defer will be TRUE
6292 */
6293
6294 uschar *
6295 expand_string(uschar *string)
6296 {
6297 search_find_defer = FALSE;
6298 malformed_header = FALSE;
6299 return (Ustrpbrk(string, "$\\") == NULL)? string :
6300 expand_string_internal(string, FALSE, NULL, FALSE, TRUE);
6301 }
6302
6303
6304
6305 /*************************************************
6306 * Expand and copy *
6307 *************************************************/
6308
6309 /* Now and again we want to expand a string and be sure that the result is in a
6310 new bit of store. This function does that.
6311
6312 Argument: the string to be expanded
6313 Returns: the expanded string, always in a new bit of store, or NULL
6314 */
6315
6316 uschar *
6317 expand_string_copy(uschar *string)
6318 {
6319 uschar *yield = expand_string(string);
6320 if (yield == string) yield = string_copy(string);
6321 return yield;
6322 }
6323
6324
6325
6326 /*************************************************
6327 * Expand and interpret as an integer *
6328 *************************************************/
6329
6330 /* Expand a string, and convert the result into an integer.
6331
6332 Arguments:
6333 string the string to be expanded
6334 isplus TRUE if a non-negative number is expected
6335
6336 Returns: the integer value, or
6337 -1 for an expansion error ) in both cases, message in
6338 -2 for an integer interpretation error ) expand_string_message
6339 expand_string_message is set NULL for an OK integer
6340 */
6341
6342 int_eximarith_t
6343 expand_string_integer(uschar *string, BOOL isplus)
6344 {
6345 int_eximarith_t value;
6346 uschar *s = expand_string(string);
6347 uschar *msg = US"invalid integer \"%s\"";
6348 uschar *endptr;
6349
6350 /* If expansion failed, expand_string_message will be set. */
6351
6352 if (s == NULL) return -1;
6353
6354 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
6355 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
6356 systems, so we set it zero ourselves. */
6357
6358 errno = 0;
6359 expand_string_message = NULL; /* Indicates no error */
6360
6361 /* Before Exim 4.64, strings consisting entirely of whitespace compared
6362 equal to 0. Unfortunately, people actually relied upon that, so preserve
6363 the behaviour explicitly. Stripping leading whitespace is a harmless
6364 noop change since strtol skips it anyway (provided that there is a number
6365 to find at all). */
6366 if (isspace(*s))
6367 {
6368 while (isspace(*s)) ++s;
6369 if (*s == '\0')
6370 {
6371 DEBUG(D_expand)
6372 debug_printf("treating blank string as number 0\n");
6373 return 0;
6374 }
6375 }
6376
6377 value = strtoll(CS s, CSS &endptr, 10);
6378
6379 if (endptr == s)
6380 {
6381 msg = US"integer expected but \"%s\" found";
6382 }
6383 else if (value < 0 && isplus)
6384 {
6385 msg = US"non-negative integer expected but \"%s\" found";
6386 }
6387 else
6388 {
6389 switch (tolower(*endptr))
6390 {
6391 default:
6392 break;
6393 case 'k':
6394 if (value > LLONG_MAX/1024 || value < LLONG_MIN/1024) errno = ERANGE;
6395 else value *= 1024;
6396 endptr++;
6397 break;
6398 case 'm':
6399 if (value > LLONG_MAX/(1024*1024) || value < LLONG_MIN/(1024*1024)) errno = ERANGE;
6400 else value *= 1024*1024;
6401 endptr++;
6402 break;
6403 case 'g':
6404 if (value > LLONG_MAX/(1024*1024*1024) || value < LLONG_MIN/(1024*1024*1024)) errno = ERANGE;
6405 else value *= 1024*1024*1024;
6406 endptr++;
6407 break;
6408 }
6409 if (errno == ERANGE)
6410 msg = US"absolute value of integer \"%s\" is too large (overflow)";
6411 else
6412 {
6413 while (isspace(*endptr)) endptr++;
6414 if (*endptr == 0) return (int)value;
6415 }
6416 }
6417
6418 expand_string_message = string_sprintf(CS msg, s);
6419 return -2;
6420 }
6421
6422
6423 /*************************************************
6424 **************************************************
6425 * Stand-alone test program *
6426 **************************************************
6427 *************************************************/
6428
6429 #ifdef STAND_ALONE
6430
6431
6432 BOOL
6433 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
6434 {
6435 int ovector[3*(EXPAND_MAXN+1)];
6436 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
6437 ovector, sizeof(ovector)/sizeof(int));
6438 BOOL yield = n >= 0;
6439 if (n == 0) n = EXPAND_MAXN + 1;
6440 if (yield)
6441 {
6442 int nn;
6443 expand_nmax = (setup < 0)? 0 : setup + 1;
6444 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
6445 {
6446 expand_nstring[expand_nmax] = subject + ovector[nn];
6447 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
6448 }
6449 expand_nmax--;
6450 }
6451 return yield;
6452 }
6453
6454
6455 int main(int argc, uschar **argv)
6456 {
6457 int i;
6458 uschar buffer[1024];
6459
6460 debug_selector = D_v;
6461 debug_file = stderr;
6462 debug_fd = fileno(debug_file);
6463 big_buffer = malloc(big_buffer_size);
6464
6465 for (i = 1; i < argc; i++)
6466 {
6467 if (argv[i][0] == '+')
6468 {
6469 debug_trace_memory = 2;
6470 argv[i]++;
6471 }
6472 if (isdigit(argv[i][0]))
6473 debug_selector = Ustrtol(argv[i], NULL, 0);
6474 else
6475 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
6476 Ustrlen(argv[i]))
6477 {
6478 #ifdef LOOKUP_LDAP
6479 eldap_default_servers = argv[i];
6480 #endif
6481 #ifdef LOOKUP_MYSQL
6482 mysql_servers = argv[i];
6483 #endif
6484 #ifdef LOOKUP_PGSQL
6485 pgsql_servers = argv[i];
6486 #endif
6487 }
6488 #ifdef EXIM_PERL
6489 else opt_perl_startup = argv[i];
6490 #endif
6491 }
6492
6493 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
6494
6495 expand_nstring[1] = US"string 1....";
6496 expand_nlength[1] = 8;
6497 expand_nmax = 1;
6498
6499 #ifdef EXIM_PERL
6500 if (opt_perl_startup != NULL)
6501 {
6502 uschar *errstr;
6503 printf("Starting Perl interpreter\n");
6504 errstr = init_perl(opt_perl_startup);
6505 if (errstr != NULL)
6506 {
6507 printf("** error in perl_startup code: %s\n", errstr);
6508 return EXIT_FAILURE;
6509 }
6510 }
6511 #endif /* EXIM_PERL */
6512
6513 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
6514 {
6515 void *reset_point = store_get(0);
6516 uschar *yield = expand_string(buffer);
6517 if (yield != NULL)
6518 {
6519 printf("%s\n", yield);
6520 store_reset(reset_point);
6521 }
6522 else
6523 {
6524 if (search_find_defer) printf("search_find deferred\n");
6525 printf("Failed: %s\n", expand_string_message);
6526 if (expand_string_forcedfail) printf("Forced failure\n");
6527 printf("\n");
6528 }
6529 }
6530
6531 search_tidyup();
6532
6533 return 0;
6534 }
6535
6536 #endif
6537
6538 /* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.