b0c1d5340fd6aabac277963d86ba5d0b34d07c4d
[exim.git] / src / src / expand.c
1 /* $Cambridge: exim/src/src/expand.c,v 1.22 2005/05/23 16:58:56 fanf2 Exp $ */
2
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
6
7 /* Copyright (c) University of Cambridge 1995 - 2005 */
8 /* See the file NOTICE for conditions of use and distribution. */
9
10
11 /* Functions for handling string expansion. */
12
13
14 #include "exim.h"
15
16 #ifdef STAND_ALONE
17 #ifndef SUPPORT_CRYPTEQ
18 #define SUPPORT_CRYPTEQ
19 #endif
20 #endif
21
22 #ifdef SUPPORT_CRYPTEQ
23 #ifdef CRYPT_H
24 #include <crypt.h>
25 #endif
26 #ifndef HAVE_CRYPT16
27 extern char* crypt16(char*, char*);
28 #endif
29 #endif
30
31 #ifdef LOOKUP_LDAP
32 #include "lookups/ldap.h"
33 #endif
34
35
36
37 /* Recursively called function */
38
39 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
40
41
42
43 /*************************************************
44 * Local statics and tables *
45 *************************************************/
46
47 /* Table of item names, and corresponding switch numbers. The names must be in
48 alphabetical order. */
49
50 static uschar *item_table[] = {
51 US"dlfunc",
52 US"extract",
53 US"hash",
54 US"hmac",
55 US"if",
56 US"length",
57 US"lookup",
58 US"nhash",
59 US"perl",
60 US"readfile",
61 US"readsocket",
62 US"run",
63 US"sg",
64 US"substr",
65 US"tr" };
66
67 enum {
68 EITEM_DLFUNC,
69 EITEM_EXTRACT,
70 EITEM_HASH,
71 EITEM_HMAC,
72 EITEM_IF,
73 EITEM_LENGTH,
74 EITEM_LOOKUP,
75 EITEM_NHASH,
76 EITEM_PERL,
77 EITEM_READFILE,
78 EITEM_READSOCK,
79 EITEM_RUN,
80 EITEM_SG,
81 EITEM_SUBSTR,
82 EITEM_TR };
83
84 /* Tables of operator names, and corresponding switch numbers. The names must be
85 in alphabetical order. There are two tables, because underscore is used in some
86 cases to introduce arguments, whereas for other it is part of the name. This is
87 an historical mis-design. */
88
89 static uschar *op_table_underscore[] = {
90 US"from_utf8",
91 US"local_part",
92 US"quote_local_part",
93 US"time_interval"};
94
95 enum {
96 EOP_FROM_UTF8,
97 EOP_LOCAL_PART,
98 EOP_QUOTE_LOCAL_PART,
99 EOP_TIME_INTERVAL };
100
101 static uschar *op_table_main[] = {
102 US"address",
103 US"base62",
104 US"base62d",
105 US"domain",
106 US"escape",
107 US"eval",
108 US"eval10",
109 US"expand",
110 US"h",
111 US"hash",
112 US"hex2b64",
113 US"l",
114 US"lc",
115 US"length",
116 US"mask",
117 US"md5",
118 US"nh",
119 US"nhash",
120 US"quote",
121 US"rfc2047",
122 US"rxquote",
123 US"s",
124 US"sha1",
125 US"stat",
126 US"str2b64",
127 US"strlen",
128 US"substr",
129 US"uc" };
130
131 enum {
132 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
133 EOP_BASE62,
134 EOP_BASE62D,
135 EOP_DOMAIN,
136 EOP_ESCAPE,
137 EOP_EVAL,
138 EOP_EVAL10,
139 EOP_EXPAND,
140 EOP_H,
141 EOP_HASH,
142 EOP_HEX2B64,
143 EOP_L,
144 EOP_LC,
145 EOP_LENGTH,
146 EOP_MASK,
147 EOP_MD5,
148 EOP_NH,
149 EOP_NHASH,
150 EOP_QUOTE,
151 EOP_RFC2047,
152 EOP_RXQUOTE,
153 EOP_S,
154 EOP_SHA1,
155 EOP_STAT,
156 EOP_STR2B64,
157 EOP_STRLEN,
158 EOP_SUBSTR,
159 EOP_UC };
160
161
162 /* Table of condition names, and corresponding switch numbers. The names must
163 be in alphabetical order. */
164
165 static uschar *cond_table[] = {
166 US"<",
167 US"<=",
168 US"=",
169 US"==", /* Backward compatibility */
170 US">",
171 US">=",
172 US"and",
173 US"crypteq",
174 US"def",
175 US"eq",
176 US"eqi",
177 US"exists",
178 US"first_delivery",
179 US"ge",
180 US"gei",
181 US"gt",
182 US"gti",
183 US"isip",
184 US"isip4",
185 US"isip6",
186 US"ldapauth",
187 US"le",
188 US"lei",
189 US"lt",
190 US"lti",
191 US"match",
192 US"match_address",
193 US"match_domain",
194 US"match_local_part",
195 US"or",
196 US"pam",
197 US"pwcheck",
198 US"queue_running",
199 US"radius",
200 US"saslauthd"
201 };
202
203 enum {
204 ECOND_NUM_L,
205 ECOND_NUM_LE,
206 ECOND_NUM_E,
207 ECOND_NUM_EE,
208 ECOND_NUM_G,
209 ECOND_NUM_GE,
210 ECOND_AND,
211 ECOND_CRYPTEQ,
212 ECOND_DEF,
213 ECOND_STR_EQ,
214 ECOND_STR_EQI,
215 ECOND_EXISTS,
216 ECOND_FIRST_DELIVERY,
217 ECOND_STR_GE,
218 ECOND_STR_GEI,
219 ECOND_STR_GT,
220 ECOND_STR_GTI,
221 ECOND_ISIP,
222 ECOND_ISIP4,
223 ECOND_ISIP6,
224 ECOND_LDAPAUTH,
225 ECOND_STR_LE,
226 ECOND_STR_LEI,
227 ECOND_STR_LT,
228 ECOND_STR_LTI,
229 ECOND_MATCH,
230 ECOND_MATCH_ADDRESS,
231 ECOND_MATCH_DOMAIN,
232 ECOND_MATCH_LOCAL_PART,
233 ECOND_OR,
234 ECOND_PAM,
235 ECOND_PWCHECK,
236 ECOND_QUEUE_RUNNING,
237 ECOND_RADIUS,
238 ECOND_SASLAUTHD
239 };
240
241
242 /* Type for main variable table */
243
244 typedef struct {
245 char *name;
246 int type;
247 void *value;
248 } var_entry;
249
250 /* Type for entries pointing to address/length pairs. Not currently
251 in use. */
252
253 typedef struct {
254 uschar **address;
255 int *length;
256 } alblock;
257
258 /* Types of table entry */
259
260 enum {
261 vtype_int, /* value is address of int */
262 vtype_filter_int, /* ditto, but recognized only when filtering */
263 vtype_ino, /* value is address of ino_t (not always an int) */
264 vtype_uid, /* value is address of uid_t (not always an int) */
265 vtype_gid, /* value is address of gid_t (not always an int) */
266 vtype_stringptr, /* value is address of pointer to string */
267 vtype_msgbody, /* as stringptr, but read when first required */
268 vtype_msgbody_end, /* ditto, the end of the message */
269 vtype_msgheaders, /* the message's headers */
270 vtype_localpart, /* extract local part from string */
271 vtype_domain, /* extract domain from string */
272 vtype_recipients, /* extract recipients from recipients list */
273 /* (enabled only during system filtering */
274 vtype_todbsdin, /* value not used; generate BSD inbox tod */
275 vtype_tode, /* value not used; generate tod in epoch format */
276 vtype_todf, /* value not used; generate full tod */
277 vtype_todl, /* value not used; generate log tod */
278 vtype_todlf, /* value not used; generate log file datestamp tod */
279 vtype_todzone, /* value not used; generate time zone only */
280 vtype_todzulu, /* value not used; generate zulu tod */
281 vtype_reply, /* value not used; get reply from headers */
282 vtype_pid, /* value not used; result is pid */
283 vtype_host_lookup, /* value not used; get host name */
284 vtype_load_avg, /* value not used; result is int from os_getloadavg */
285 vtype_pspace, /* partition space; value is T/F for spool/log */
286 vtype_pinodes /* partition inodes; value is T/F for spool/log */
287 #ifdef EXPERIMENTAL_DOMAINKEYS
288 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
289 #endif
290 };
291
292 /* This table must be kept in alphabetical order. */
293
294 static var_entry var_table[] = {
295 { "acl_c0", vtype_stringptr, &acl_var[0] },
296 { "acl_c1", vtype_stringptr, &acl_var[1] },
297 { "acl_c2", vtype_stringptr, &acl_var[2] },
298 { "acl_c3", vtype_stringptr, &acl_var[3] },
299 { "acl_c4", vtype_stringptr, &acl_var[4] },
300 { "acl_c5", vtype_stringptr, &acl_var[5] },
301 { "acl_c6", vtype_stringptr, &acl_var[6] },
302 { "acl_c7", vtype_stringptr, &acl_var[7] },
303 { "acl_c8", vtype_stringptr, &acl_var[8] },
304 { "acl_c9", vtype_stringptr, &acl_var[9] },
305 { "acl_m0", vtype_stringptr, &acl_var[10] },
306 { "acl_m1", vtype_stringptr, &acl_var[11] },
307 { "acl_m2", vtype_stringptr, &acl_var[12] },
308 { "acl_m3", vtype_stringptr, &acl_var[13] },
309 { "acl_m4", vtype_stringptr, &acl_var[14] },
310 { "acl_m5", vtype_stringptr, &acl_var[15] },
311 { "acl_m6", vtype_stringptr, &acl_var[16] },
312 { "acl_m7", vtype_stringptr, &acl_var[17] },
313 { "acl_m8", vtype_stringptr, &acl_var[18] },
314 { "acl_m9", vtype_stringptr, &acl_var[19] },
315 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
316 { "address_data", vtype_stringptr, &deliver_address_data },
317 { "address_file", vtype_stringptr, &address_file },
318 { "address_pipe", vtype_stringptr, &address_pipe },
319 { "authenticated_id", vtype_stringptr, &authenticated_id },
320 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
321 { "authentication_failed",vtype_int, &authentication_failed },
322 #ifdef EXPERIMENTAL_BRIGHTMAIL
323 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
324 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
325 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
326 { "bmi_deliver", vtype_int, &bmi_deliver },
327 #endif
328 { "body_linecount", vtype_int, &body_linecount },
329 { "body_zerocount", vtype_int, &body_zerocount },
330 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
331 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
332 { "caller_gid", vtype_gid, &real_gid },
333 { "caller_uid", vtype_uid, &real_uid },
334 { "compile_date", vtype_stringptr, &version_date },
335 { "compile_number", vtype_stringptr, &version_cnumber },
336 { "csa_status", vtype_stringptr, &csa_status },
337 #ifdef WITH_OLD_DEMIME
338 { "demime_errorlevel", vtype_int, &demime_errorlevel },
339 { "demime_reason", vtype_stringptr, &demime_reason },
340 #endif
341 #ifdef EXPERIMENTAL_DOMAINKEYS
342 { "dk_domain", vtype_stringptr, &dk_signing_domain },
343 { "dk_is_signed", vtype_dk_verify, NULL },
344 { "dk_result", vtype_dk_verify, NULL },
345 { "dk_selector", vtype_stringptr, &dk_signing_selector },
346 { "dk_sender", vtype_dk_verify, NULL },
347 { "dk_sender_domain", vtype_dk_verify, NULL },
348 { "dk_sender_local_part",vtype_dk_verify, NULL },
349 { "dk_sender_source", vtype_dk_verify, NULL },
350 { "dk_signsall", vtype_dk_verify, NULL },
351 { "dk_status", vtype_dk_verify, NULL },
352 { "dk_testing", vtype_dk_verify, NULL },
353 #endif
354 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
355 { "dnslist_text", vtype_stringptr, &dnslist_text },
356 { "dnslist_value", vtype_stringptr, &dnslist_value },
357 { "domain", vtype_stringptr, &deliver_domain },
358 { "domain_data", vtype_stringptr, &deliver_domain_data },
359 { "exim_gid", vtype_gid, &exim_gid },
360 { "exim_path", vtype_stringptr, &exim_path },
361 { "exim_uid", vtype_uid, &exim_uid },
362 #ifdef WITH_OLD_DEMIME
363 { "found_extension", vtype_stringptr, &found_extension },
364 #endif
365 { "home", vtype_stringptr, &deliver_home },
366 { "host", vtype_stringptr, &deliver_host },
367 { "host_address", vtype_stringptr, &deliver_host_address },
368 { "host_data", vtype_stringptr, &host_data },
369 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
370 { "host_lookup_failed", vtype_int, &host_lookup_failed },
371 { "inode", vtype_ino, &deliver_inode },
372 { "interface_address", vtype_stringptr, &interface_address },
373 { "interface_port", vtype_int, &interface_port },
374 #ifdef LOOKUP_LDAP
375 { "ldap_dn", vtype_stringptr, &eldap_dn },
376 #endif
377 { "load_average", vtype_load_avg, NULL },
378 { "local_part", vtype_stringptr, &deliver_localpart },
379 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
380 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
381 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
382 { "local_scan_data", vtype_stringptr, &local_scan_data },
383 { "local_user_gid", vtype_gid, &local_user_gid },
384 { "local_user_uid", vtype_uid, &local_user_uid },
385 { "localhost_number", vtype_int, &host_number },
386 { "log_inodes", vtype_pinodes, (void *)FALSE },
387 { "log_space", vtype_pspace, (void *)FALSE },
388 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
389 #ifdef WITH_CONTENT_SCAN
390 { "malware_name", vtype_stringptr, &malware_name },
391 #endif
392 { "message_age", vtype_int, &message_age },
393 { "message_body", vtype_msgbody, &message_body },
394 { "message_body_end", vtype_msgbody_end, &message_body_end },
395 { "message_body_size", vtype_int, &message_body_size },
396 { "message_headers", vtype_msgheaders, NULL },
397 { "message_id", vtype_stringptr, &message_id },
398 { "message_linecount", vtype_int, &message_linecount },
399 { "message_size", vtype_int, &message_size },
400 #ifdef WITH_CONTENT_SCAN
401 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
402 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
403 { "mime_boundary", vtype_stringptr, &mime_boundary },
404 { "mime_charset", vtype_stringptr, &mime_charset },
405 { "mime_content_description", vtype_stringptr, &mime_content_description },
406 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
407 { "mime_content_id", vtype_stringptr, &mime_content_id },
408 { "mime_content_size", vtype_int, &mime_content_size },
409 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
410 { "mime_content_type", vtype_stringptr, &mime_content_type },
411 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
412 { "mime_filename", vtype_stringptr, &mime_filename },
413 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
414 { "mime_is_multipart", vtype_int, &mime_is_multipart },
415 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
416 { "mime_part_count", vtype_int, &mime_part_count },
417 #endif
418 { "n0", vtype_filter_int, &filter_n[0] },
419 { "n1", vtype_filter_int, &filter_n[1] },
420 { "n2", vtype_filter_int, &filter_n[2] },
421 { "n3", vtype_filter_int, &filter_n[3] },
422 { "n4", vtype_filter_int, &filter_n[4] },
423 { "n5", vtype_filter_int, &filter_n[5] },
424 { "n6", vtype_filter_int, &filter_n[6] },
425 { "n7", vtype_filter_int, &filter_n[7] },
426 { "n8", vtype_filter_int, &filter_n[8] },
427 { "n9", vtype_filter_int, &filter_n[9] },
428 { "original_domain", vtype_stringptr, &deliver_domain_orig },
429 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
430 { "originator_gid", vtype_gid, &originator_gid },
431 { "originator_uid", vtype_uid, &originator_uid },
432 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
433 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
434 { "pid", vtype_pid, NULL },
435 { "primary_hostname", vtype_stringptr, &primary_hostname },
436 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
437 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
438 { "rcpt_count", vtype_int, &rcpt_count },
439 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
440 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
441 { "received_count", vtype_int, &received_count },
442 { "received_for", vtype_stringptr, &received_for },
443 { "received_protocol", vtype_stringptr, &received_protocol },
444 { "received_time", vtype_int, &received_time },
445 { "recipient_data", vtype_stringptr, &recipient_data },
446 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
447 { "recipients", vtype_recipients, NULL },
448 { "recipients_count", vtype_int, &recipients_count },
449 #ifdef WITH_CONTENT_SCAN
450 { "regex_match_string", vtype_stringptr, &regex_match_string },
451 #endif
452 { "reply_address", vtype_reply, NULL },
453 { "return_path", vtype_stringptr, &return_path },
454 { "return_size_limit", vtype_int, &bounce_return_size_limit },
455 { "runrc", vtype_int, &runrc },
456 { "self_hostname", vtype_stringptr, &self_hostname },
457 { "sender_address", vtype_stringptr, &sender_address },
458 { "sender_address_data", vtype_stringptr, &sender_address_data },
459 { "sender_address_domain", vtype_domain, &sender_address },
460 { "sender_address_local_part", vtype_localpart, &sender_address },
461 { "sender_data", vtype_stringptr, &sender_data },
462 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
463 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
464 { "sender_host_address", vtype_stringptr, &sender_host_address },
465 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
466 { "sender_host_name", vtype_host_lookup, NULL },
467 { "sender_host_port", vtype_int, &sender_host_port },
468 { "sender_ident", vtype_stringptr, &sender_ident },
469 { "sender_rate", vtype_stringptr, &sender_rate },
470 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
471 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
472 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
473 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
474 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
475 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
476 { "sn0", vtype_filter_int, &filter_sn[0] },
477 { "sn1", vtype_filter_int, &filter_sn[1] },
478 { "sn2", vtype_filter_int, &filter_sn[2] },
479 { "sn3", vtype_filter_int, &filter_sn[3] },
480 { "sn4", vtype_filter_int, &filter_sn[4] },
481 { "sn5", vtype_filter_int, &filter_sn[5] },
482 { "sn6", vtype_filter_int, &filter_sn[6] },
483 { "sn7", vtype_filter_int, &filter_sn[7] },
484 { "sn8", vtype_filter_int, &filter_sn[8] },
485 { "sn9", vtype_filter_int, &filter_sn[9] },
486 #ifdef WITH_CONTENT_SCAN
487 { "spam_bar", vtype_stringptr, &spam_bar },
488 { "spam_report", vtype_stringptr, &spam_report },
489 { "spam_score", vtype_stringptr, &spam_score },
490 { "spam_score_int", vtype_stringptr, &spam_score_int },
491 #endif
492 #ifdef EXPERIMENTAL_SPF
493 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
494 { "spf_received", vtype_stringptr, &spf_received },
495 { "spf_result", vtype_stringptr, &spf_result },
496 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
497 #endif
498 { "spool_directory", vtype_stringptr, &spool_directory },
499 { "spool_inodes", vtype_pinodes, (void *)TRUE },
500 { "spool_space", vtype_pspace, (void *)TRUE },
501 #ifdef EXPERIMENTAL_SRS
502 { "srs_db_address", vtype_stringptr, &srs_db_address },
503 { "srs_db_key", vtype_stringptr, &srs_db_key },
504 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
505 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
506 { "srs_recipient", vtype_stringptr, &srs_recipient },
507 { "srs_status", vtype_stringptr, &srs_status },
508 #endif
509 { "thisaddress", vtype_stringptr, &filter_thisaddress },
510 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
511 { "tls_cipher", vtype_stringptr, &tls_cipher },
512 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
513 { "tod_bsdinbox", vtype_todbsdin, NULL },
514 { "tod_epoch", vtype_tode, NULL },
515 { "tod_full", vtype_todf, NULL },
516 { "tod_log", vtype_todl, NULL },
517 { "tod_logfile", vtype_todlf, NULL },
518 { "tod_zone", vtype_todzone, NULL },
519 { "tod_zulu", vtype_todzulu, NULL },
520 { "value", vtype_stringptr, &lookup_value },
521 { "version_number", vtype_stringptr, &version_string },
522 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
523 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
524 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
525 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
526 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
527 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
528 };
529
530 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
531 static uschar var_buffer[256];
532 static BOOL malformed_header;
533
534 /* For textual hashes */
535
536 static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
537 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
538 "0123456789";
539
540 enum { HMAC_MD5, HMAC_SHA1 };
541
542 /* For numeric hashes */
543
544 static unsigned int prime[] = {
545 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
546 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
547 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
548
549 /* For printing modes in symbolic form */
550
551 static uschar *mtable_normal[] =
552 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
553
554 static uschar *mtable_setid[] =
555 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
556
557 static uschar *mtable_sticky[] =
558 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
559
560
561
562 /*************************************************
563 * Tables for UTF-8 support *
564 *************************************************/
565
566 /* Table of the number of extra characters, indexed by the first character
567 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
568 0x3d. */
569
570 static uschar utf8_table1[] = {
571 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
572 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
573 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
574 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
575
576 /* These are the masks for the data bits in the first byte of a character,
577 indexed by the number of additional bytes. */
578
579 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
580
581 /* Get the next UTF-8 character, advancing the pointer. */
582
583 #define GETUTF8INC(c, ptr) \
584 c = *ptr++; \
585 if ((c & 0xc0) == 0xc0) \
586 { \
587 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
588 int s = 6*a; \
589 c = (c & utf8_table2[a]) << s; \
590 while (a-- > 0) \
591 { \
592 s -= 6; \
593 c |= (*ptr++ & 0x3f) << s; \
594 } \
595 }
596
597
598 /*************************************************
599 * Binary chop search on a table *
600 *************************************************/
601
602 /* This is used for matching expansion items and operators.
603
604 Arguments:
605 name the name that is being sought
606 table the table to search
607 table_size the number of items in the table
608
609 Returns: the offset in the table, or -1
610 */
611
612 static int
613 chop_match(uschar *name, uschar **table, int table_size)
614 {
615 uschar **bot = table;
616 uschar **top = table + table_size;
617
618 while (top > bot)
619 {
620 uschar **mid = bot + (top - bot)/2;
621 int c = Ustrcmp(name, *mid);
622 if (c == 0) return mid - table;
623 if (c > 0) bot = mid + 1; else top = mid;
624 }
625
626 return -1;
627 }
628
629
630
631 /*************************************************
632 * Check a condition string *
633 *************************************************/
634
635 /* This function is called to expand a string, and test the result for a "true"
636 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
637 forced fail or lookup defer. All store used by the function can be released on
638 exit.
639
640 Arguments:
641 condition the condition string
642 m1 text to be incorporated in panic error
643 m2 ditto
644
645 Returns: TRUE if condition is met, FALSE if not
646 */
647
648 BOOL
649 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
650 {
651 int rc;
652 void *reset_point = store_get(0);
653 uschar *ss = expand_string(condition);
654 if (ss == NULL)
655 {
656 if (!expand_string_forcedfail && !search_find_defer)
657 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
658 "for %s %s: %s", condition, m1, m2, expand_string_message);
659 return FALSE;
660 }
661 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
662 strcmpic(ss, US"false") != 0;
663 store_reset(reset_point);
664 return rc;
665 }
666
667
668
669 /*************************************************
670 * Pick out a name from a string *
671 *************************************************/
672
673 /* If the name is too long, it is silently truncated.
674
675 Arguments:
676 name points to a buffer into which to put the name
677 max is the length of the buffer
678 s points to the first alphabetic character of the name
679 extras chars other than alphanumerics to permit
680
681 Returns: pointer to the first character after the name
682
683 Note: The test for *s != 0 in the while loop is necessary because
684 Ustrchr() yields non-NULL if the character is zero (which is not something
685 I expected). */
686
687 static uschar *
688 read_name(uschar *name, int max, uschar *s, uschar *extras)
689 {
690 int ptr = 0;
691 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
692 {
693 if (ptr < max-1) name[ptr++] = *s;
694 s++;
695 }
696 name[ptr] = 0;
697 return s;
698 }
699
700
701
702 /*************************************************
703 * Pick out the rest of a header name *
704 *************************************************/
705
706 /* A variable name starting $header_ (or just $h_ for those who like
707 abbreviations) might not be the complete header name because headers can
708 contain any printing characters in their names, except ':'. This function is
709 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
710 on the end, if the name was terminated by white space.
711
712 Arguments:
713 name points to a buffer in which the name read so far exists
714 max is the length of the buffer
715 s points to the first character after the name so far, i.e. the
716 first non-alphameric character after $header_xxxxx
717
718 Returns: a pointer to the first character after the header name
719 */
720
721 static uschar *
722 read_header_name(uschar *name, int max, uschar *s)
723 {
724 int prelen = Ustrchr(name, '_') - name + 1;
725 int ptr = Ustrlen(name) - prelen;
726 if (ptr > 0) memmove(name, name+prelen, ptr);
727 while (mac_isgraph(*s) && *s != ':')
728 {
729 if (ptr < max-1) name[ptr++] = *s;
730 s++;
731 }
732 if (*s == ':') s++;
733 name[ptr++] = ':';
734 name[ptr] = 0;
735 return s;
736 }
737
738
739
740 /*************************************************
741 * Pick out a number from a string *
742 *************************************************/
743
744 /* Arguments:
745 n points to an integer into which to put the number
746 s points to the first digit of the number
747
748 Returns: a pointer to the character after the last digit
749 */
750
751 static uschar *
752 read_number(int *n, uschar *s)
753 {
754 *n = 0;
755 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
756 return s;
757 }
758
759
760
761 /*************************************************
762 * Extract keyed subfield from a string *
763 *************************************************/
764
765 /* The yield is in dynamic store; NULL means that the key was not found.
766
767 Arguments:
768 key points to the name of the key
769 s points to the string from which to extract the subfield
770
771 Returns: NULL if the subfield was not found, or
772 a pointer to the subfield's data
773 */
774
775 static uschar *
776 expand_getkeyed(uschar *key, uschar *s)
777 {
778 int length = Ustrlen(key);
779 while (isspace(*s)) s++;
780
781 /* Loop to search for the key */
782
783 while (*s != 0)
784 {
785 int dkeylength;
786 uschar *data;
787 uschar *dkey = s;
788
789 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
790 dkeylength = s - dkey;
791 while (isspace(*s)) s++;
792 if (*s == '=') while (isspace((*(++s))));
793
794 data = string_dequote(&s);
795 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
796 return data;
797
798 while (isspace(*s)) s++;
799 }
800
801 return NULL;
802 }
803
804
805
806
807 /*************************************************
808 * Extract numbered subfield from string *
809 *************************************************/
810
811 /* Extracts a numbered field from a string that is divided by tokens - for
812 example a line from /etc/passwd is divided by colon characters. First field is
813 numbered one. Negative arguments count from the right. Zero returns the whole
814 string. Returns NULL if there are insufficient tokens in the string
815
816 ***WARNING***
817 Modifies final argument - this is a dynamically generated string, so that's OK.
818
819 Arguments:
820 field number of field to be extracted,
821 first field = 1, whole string = 0, last field = -1
822 separators characters that are used to break string into tokens
823 s points to the string from which to extract the subfield
824
825 Returns: NULL if the field was not found,
826 a pointer to the field's data inside s (modified to add 0)
827 */
828
829 static uschar *
830 expand_gettokened (int field, uschar *separators, uschar *s)
831 {
832 int sep = 1;
833 int count;
834 uschar *ss = s;
835 uschar *fieldtext = NULL;
836
837 if (field == 0) return s;
838
839 /* Break the line up into fields in place; for field > 0 we stop when we have
840 done the number of fields we want. For field < 0 we continue till the end of
841 the string, counting the number of fields. */
842
843 count = (field > 0)? field : INT_MAX;
844
845 while (count-- > 0)
846 {
847 size_t len;
848
849 /* Previous field was the last one in the string. For a positive field
850 number, this means there are not enough fields. For a negative field number,
851 check that there are enough, and scan back to find the one that is wanted. */
852
853 if (sep == 0)
854 {
855 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
856 if ((-field) == (INT_MAX - count - 1)) return s;
857 while (field++ < 0)
858 {
859 ss--;
860 while (ss[-1] != 0) ss--;
861 }
862 fieldtext = ss;
863 break;
864 }
865
866 /* Previous field was not last in the string; save its start and put a
867 zero at its end. */
868
869 fieldtext = ss;
870 len = Ustrcspn(ss, separators);
871 sep = ss[len];
872 ss[len] = 0;
873 ss += len + 1;
874 }
875
876 return fieldtext;
877 }
878
879
880
881 /*************************************************
882 * Extract a substring from a string *
883 *************************************************/
884
885 /* Perform the ${substr or ${length expansion operations.
886
887 Arguments:
888 subject the input string
889 value1 the offset from the start of the input string to the start of
890 the output string; if negative, count from the right.
891 value2 the length of the output string, or negative (-1) for unset
892 if value1 is positive, unset means "all after"
893 if value1 is negative, unset means "all before"
894 len set to the length of the returned string
895
896 Returns: pointer to the output string, or NULL if there is an error
897 */
898
899 static uschar *
900 extract_substr(uschar *subject, int value1, int value2, int *len)
901 {
902 int sublen = Ustrlen(subject);
903
904 if (value1 < 0) /* count from right */
905 {
906 value1 += sublen;
907
908 /* If the position is before the start, skip to the start, and adjust the
909 length. If the length ends up negative, the substring is null because nothing
910 can precede. This falls out naturally when the length is unset, meaning "all
911 to the left". */
912
913 if (value1 < 0)
914 {
915 value2 += value1;
916 if (value2 < 0) value2 = 0;
917 value1 = 0;
918 }
919
920 /* Otherwise an unset length => characters before value1 */
921
922 else if (value2 < 0)
923 {
924 value2 = value1;
925 value1 = 0;
926 }
927 }
928
929 /* For a non-negative offset, if the starting position is past the end of the
930 string, the result will be the null string. Otherwise, an unset length means
931 "rest"; just set it to the maximum - it will be cut down below if necessary. */
932
933 else
934 {
935 if (value1 > sublen)
936 {
937 value1 = sublen;
938 value2 = 0;
939 }
940 else if (value2 < 0) value2 = sublen;
941 }
942
943 /* Cut the length down to the maximum possible for the offset value, and get
944 the required characters. */
945
946 if (value1 + value2 > sublen) value2 = sublen - value1;
947 *len = value2;
948 return subject + value1;
949 }
950
951
952
953
954 /*************************************************
955 * Old-style hash of a string *
956 *************************************************/
957
958 /* Perform the ${hash expansion operation.
959
960 Arguments:
961 subject the input string (an expanded substring)
962 value1 the length of the output string; if greater or equal to the
963 length of the input string, the input string is returned
964 value2 the number of hash characters to use, or 26 if negative
965 len set to the length of the returned string
966
967 Returns: pointer to the output string, or NULL if there is an error
968 */
969
970 static uschar *
971 compute_hash(uschar *subject, int value1, int value2, int *len)
972 {
973 int sublen = Ustrlen(subject);
974
975 if (value2 < 0) value2 = 26;
976 else if (value2 > Ustrlen(hashcodes))
977 {
978 expand_string_message =
979 string_sprintf("hash count \"%d\" too big", value2);
980 return NULL;
981 }
982
983 /* Calculate the hash text. We know it is shorter than the original string, so
984 can safely place it in subject[] (we know that subject is always itself an
985 expanded substring). */
986
987 if (value1 < sublen)
988 {
989 int c;
990 int i = 0;
991 int j = value1;
992 while ((c = (subject[j])) != 0)
993 {
994 int shift = (c + j++) & 7;
995 subject[i] ^= (c << shift) | (c >> (8-shift));
996 if (++i >= value1) i = 0;
997 }
998 for (i = 0; i < value1; i++)
999 subject[i] = hashcodes[(subject[i]) % value2];
1000 }
1001 else value1 = sublen;
1002
1003 *len = value1;
1004 return subject;
1005 }
1006
1007
1008
1009
1010 /*************************************************
1011 * Numeric hash of a string *
1012 *************************************************/
1013
1014 /* Perform the ${nhash expansion operation. The first characters of the
1015 string are treated as most important, and get the highest prime numbers.
1016
1017 Arguments:
1018 subject the input string
1019 value1 the maximum value of the first part of the result
1020 value2 the maximum value of the second part of the result,
1021 or negative to produce only a one-part result
1022 len set to the length of the returned string
1023
1024 Returns: pointer to the output string, or NULL if there is an error.
1025 */
1026
1027 static uschar *
1028 compute_nhash (uschar *subject, int value1, int value2, int *len)
1029 {
1030 uschar *s = subject;
1031 int i = 0;
1032 unsigned long int total = 0; /* no overflow */
1033
1034 while (*s != 0)
1035 {
1036 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1037 total += prime[i--] * (unsigned int)(*s++);
1038 }
1039
1040 /* If value2 is unset, just compute one number */
1041
1042 if (value2 < 0)
1043 {
1044 s = string_sprintf("%d", total % value1);
1045 }
1046
1047 /* Otherwise do a div/mod hash */
1048
1049 else
1050 {
1051 total = total % (value1 * value2);
1052 s = string_sprintf("%d/%d", total/value2, total % value2);
1053 }
1054
1055 *len = Ustrlen(s);
1056 return s;
1057 }
1058
1059
1060
1061
1062
1063 /*************************************************
1064 * Find the value of a header or headers *
1065 *************************************************/
1066
1067 /* Multiple instances of the same header get concatenated, and this function
1068 can also return a concatenation of all the header lines. When concatenating
1069 specific headers that contain lists of addresses, a comma is inserted between
1070 them. Otherwise we use a straight concatenation. Because some messages can have
1071 pathologically large number of lines, there is a limit on the length that is
1072 returned. Also, to avoid massive store use which would result from using
1073 string_cat() as it copies and extends strings, we do a preliminary pass to find
1074 out exactly how much store will be needed. On "normal" messages this will be
1075 pretty trivial.
1076
1077 Arguments:
1078 name the name of the header, without the leading $header_ or $h_,
1079 or NULL if a concatenation of all headers is required
1080 exists_only TRUE if called from a def: test; don't need to build a string;
1081 just return a string that is not "" and not "0" if the header
1082 exists
1083 newsize return the size of memory block that was obtained; may be NULL
1084 if exists_only is TRUE
1085 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1086 other than concatenating, will be done on the header
1087 charset name of charset to translate MIME words to; used only if
1088 want_raw is false; if NULL, no translation is done (this is
1089 used for $bh_ and $bheader_)
1090
1091 Returns: NULL if the header does not exist, else a pointer to a new
1092 store block
1093 */
1094
1095 static uschar *
1096 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1097 uschar *charset)
1098 {
1099 BOOL found = name == NULL;
1100 int comma = 0;
1101 int len = found? 0 : Ustrlen(name);
1102 int i;
1103 uschar *yield = NULL;
1104 uschar *ptr = NULL;
1105
1106 /* Loop for two passes - saves code repetition */
1107
1108 for (i = 0; i < 2; i++)
1109 {
1110 int size = 0;
1111 header_line *h;
1112
1113 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1114 {
1115 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1116 {
1117 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1118 {
1119 int ilen;
1120 uschar *t;
1121
1122 if (exists_only) return US"1"; /* don't need actual string */
1123 found = TRUE;
1124 t = h->text + len; /* text to insert */
1125 if (!want_raw) /* unless wanted raw, */
1126 while (isspace(*t)) t++; /* remove leading white space */
1127 ilen = h->slen - (t - h->text); /* length to insert */
1128
1129 /* Set comma = 1 if handling a single header and it's one of those
1130 that contains an address list, except when asked for raw headers. Only
1131 need to do this once. */
1132
1133 if (!want_raw && name != NULL && comma == 0 &&
1134 Ustrchr("BCFRST", h->type) != NULL)
1135 comma = 1;
1136
1137 /* First pass - compute total store needed; second pass - compute
1138 total store used, including this header. */
1139
1140 size += ilen + comma;
1141
1142 /* Second pass - concatentate the data, up to a maximum. Note that
1143 the loop stops when size hits the limit. */
1144
1145 if (i != 0)
1146 {
1147 if (size > header_insert_maxlen)
1148 {
1149 ilen -= size - header_insert_maxlen;
1150 comma = 0;
1151 }
1152 Ustrncpy(ptr, t, ilen);
1153 ptr += ilen;
1154 if (comma != 0 && ilen > 0)
1155 {
1156 ptr[-1] = ',';
1157 *ptr++ = '\n';
1158 }
1159 }
1160 }
1161 }
1162 }
1163
1164 /* At end of first pass, truncate size if necessary, and get the buffer
1165 to hold the data, returning the buffer size. */
1166
1167 if (i == 0)
1168 {
1169 if (!found) return NULL;
1170 if (size > header_insert_maxlen) size = header_insert_maxlen;
1171 *newsize = size + 1;
1172 ptr = yield = store_get(*newsize);
1173 }
1174 }
1175
1176 /* Remove a redundant added comma if present */
1177
1178 if (comma != 0 && ptr > yield) ptr -= 2;
1179
1180 /* That's all we do for raw header expansion. */
1181
1182 if (want_raw)
1183 {
1184 *ptr = 0;
1185 }
1186
1187 /* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
1188 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1189 function can return an error with decoded data if the charset translation
1190 fails. If decoding fails, it returns NULL. */
1191
1192 else
1193 {
1194 uschar *decoded, *error;
1195 while (ptr > yield && isspace(ptr[-1])) ptr--;
1196 *ptr = 0;
1197 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1198 if (error != NULL)
1199 {
1200 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1201 " input was: %s\n", error, yield);
1202 }
1203 if (decoded != NULL) yield = decoded;
1204 }
1205
1206 return yield;
1207 }
1208
1209
1210
1211
1212 /*************************************************
1213 * Find value of a variable *
1214 *************************************************/
1215
1216 /* The table of variables is kept in alphabetic order, so we can search it
1217 using a binary chop. The "choplen" variable is nothing to do with the binary
1218 chop.
1219
1220 Arguments:
1221 name the name of the variable being sought
1222 exists_only TRUE if this is a def: test; passed on to find_header()
1223 skipping TRUE => skip any processing evaluation; this is not the same as
1224 exists_only because def: may test for values that are first
1225 evaluated here
1226 newsize pointer to an int which is initially zero; if the answer is in
1227 a new memory buffer, *newsize is set to its size
1228
1229 Returns: NULL if the variable does not exist, or
1230 a pointer to the variable's contents, or
1231 something non-NULL if exists_only is TRUE
1232 */
1233
1234 static uschar *
1235 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1236 {
1237 int first = 0;
1238 int last = var_table_size;
1239
1240 while (last > first)
1241 {
1242 uschar *s, *domain;
1243 uschar **ss;
1244 int middle = (first + last)/2;
1245 int c = Ustrcmp(name, var_table[middle].name);
1246
1247 if (c > 0) { first = middle + 1; continue; }
1248 if (c < 0) { last = middle; continue; }
1249
1250 /* Found an existing variable. If in skipping state, the value isn't needed,
1251 and we want to avoid processing (such as looking up up the host name). */
1252
1253 if (skipping) return US"";
1254
1255 switch (var_table[middle].type)
1256 {
1257 case vtype_filter_int:
1258 if (!filter_running) return NULL;
1259 /* Fall through */
1260
1261 #ifdef EXPERIMENTAL_DOMAINKEYS
1262
1263 case vtype_dk_verify:
1264 if (dk_verify_block == NULL) return US"";
1265 s = NULL;
1266 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1267 s = dk_verify_block->result_string;
1268 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1269 s = dk_verify_block->address;
1270 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1271 s = dk_verify_block->domain;
1272 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1273 s = dk_verify_block->local_part;
1274
1275 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1276 switch(dk_verify_block->address_source) {
1277 case DK_EXIM_ADDRESS_NONE: s = "0"; break;
1278 case DK_EXIM_ADDRESS_FROM_FROM: s = "from"; break;
1279 case DK_EXIM_ADDRESS_FROM_SENDER: s = "sender"; break;
1280 }
1281
1282 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1283 switch(dk_verify_block->result) {
1284 case DK_EXIM_RESULT_ERR: s = "error"; break;
1285 case DK_EXIM_RESULT_BAD_FORMAT: s = "bad format"; break;
1286 case DK_EXIM_RESULT_NO_KEY: s = "no key"; break;
1287 case DK_EXIM_RESULT_NO_SIGNATURE: s = "no signature"; break;
1288 case DK_EXIM_RESULT_REVOKED: s = "revoked"; break;
1289 case DK_EXIM_RESULT_NON_PARTICIPANT: s = "non-participant"; break;
1290 case DK_EXIM_RESULT_GOOD: s = "good"; break;
1291 case DK_EXIM_RESULT_BAD: s = "bad"; break;
1292 }
1293
1294 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
1295 s = (dk_verify_block->signsall)? "1" : "0";
1296
1297 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
1298 s = (dk_verify_block->testing)? "1" : "0";
1299
1300 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
1301 s = (dk_verify_block->is_signed)? "1" : "0";
1302
1303 return (s == NULL)? US"" : s;
1304 #endif
1305
1306 case vtype_int:
1307 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1308 return var_buffer;
1309
1310 case vtype_ino:
1311 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1312 return var_buffer;
1313
1314 case vtype_gid:
1315 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1316 return var_buffer;
1317
1318 case vtype_uid:
1319 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1320 return var_buffer;
1321
1322 case vtype_stringptr: /* Pointer to string */
1323 s = *((uschar **)(var_table[middle].value));
1324 return (s == NULL)? US"" : s;
1325
1326 case vtype_pid:
1327 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1328 return var_buffer;
1329
1330 case vtype_load_avg:
1331 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1332 return var_buffer;
1333
1334 case vtype_host_lookup: /* Lookup if not done so */
1335 if (sender_host_name == NULL && sender_host_address != NULL &&
1336 !host_lookup_failed && host_name_lookup() == OK)
1337 host_build_sender_fullhost();
1338 return (sender_host_name == NULL)? US"" : sender_host_name;
1339
1340 case vtype_localpart: /* Get local part from address */
1341 s = *((uschar **)(var_table[middle].value));
1342 if (s == NULL) return US"";
1343 domain = Ustrrchr(s, '@');
1344 if (domain == NULL) return s;
1345 if (domain - s > sizeof(var_buffer) - 1)
1346 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1347 "string expansion", sizeof(var_buffer));
1348 Ustrncpy(var_buffer, s, domain - s);
1349 var_buffer[domain - s] = 0;
1350 return var_buffer;
1351
1352 case vtype_domain: /* Get domain from address */
1353 s = *((uschar **)(var_table[middle].value));
1354 if (s == NULL) return US"";
1355 domain = Ustrrchr(s, '@');
1356 return (domain == NULL)? US"" : domain + 1;
1357
1358 case vtype_msgheaders:
1359 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1360
1361 case vtype_msgbody: /* Pointer to msgbody string */
1362 case vtype_msgbody_end: /* Ditto, the end of the msg */
1363 ss = (uschar **)(var_table[middle].value);
1364 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1365 {
1366 uschar *body;
1367 int start_offset = SPOOL_DATA_START_OFFSET;
1368 int len = message_body_visible;
1369 if (len > message_size) len = message_size;
1370 *ss = body = store_malloc(len+1);
1371 body[0] = 0;
1372 if (var_table[middle].type == vtype_msgbody_end)
1373 {
1374 struct stat statbuf;
1375 if (fstat(deliver_datafile, &statbuf) == 0)
1376 {
1377 start_offset = statbuf.st_size - len;
1378 if (start_offset < SPOOL_DATA_START_OFFSET)
1379 start_offset = SPOOL_DATA_START_OFFSET;
1380 }
1381 }
1382 lseek(deliver_datafile, start_offset, SEEK_SET);
1383 len = read(deliver_datafile, body, len);
1384 if (len > 0)
1385 {
1386 body[len] = 0;
1387 while (len > 0)
1388 {
1389 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1390 }
1391 }
1392 }
1393 return (*ss == NULL)? US"" : *ss;
1394
1395 case vtype_todbsdin: /* BSD inbox time of day */
1396 return tod_stamp(tod_bsdin);
1397
1398 case vtype_tode: /* Unix epoch time of day */
1399 return tod_stamp(tod_epoch);
1400
1401 case vtype_todf: /* Full time of day */
1402 return tod_stamp(tod_full);
1403
1404 case vtype_todl: /* Log format time of day */
1405 return tod_stamp(tod_log_bare); /* (without timezone) */
1406
1407 case vtype_todzone: /* Time zone offset only */
1408 return tod_stamp(tod_zone);
1409
1410 case vtype_todzulu: /* Zulu time */
1411 return tod_stamp(tod_zulu);
1412
1413 case vtype_todlf: /* Log file datestamp tod */
1414 return tod_stamp(tod_log_datestamp);
1415
1416 case vtype_reply: /* Get reply address */
1417 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1418 headers_charset);
1419 if (s == NULL || *s == 0)
1420 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1421 return (s == NULL)? US"" : s;
1422
1423 /* A recipients list is available only during system message filtering,
1424 during ACL processing after DATA, and while expanding pipe commands
1425 generated from a system filter, but not elsewhere. */
1426
1427 case vtype_recipients:
1428 if (!enable_dollar_recipients) return NULL; else
1429 {
1430 int size = 128;
1431 int ptr = 0;
1432 int i;
1433 s = store_get(size);
1434 for (i = 0; i < recipients_count; i++)
1435 {
1436 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1437 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1438 Ustrlen(recipients_list[i].address));
1439 }
1440 s[ptr] = 0; /* string_cat() leaves room */
1441 }
1442 return s;
1443
1444 case vtype_pspace:
1445 {
1446 int inodes;
1447 sprintf(CS var_buffer, "%d",
1448 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1449 }
1450 return var_buffer;
1451
1452 case vtype_pinodes:
1453 {
1454 int inodes;
1455 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1456 sprintf(CS var_buffer, "%d", inodes);
1457 }
1458 return var_buffer;
1459 }
1460 }
1461
1462 return NULL; /* Unknown variable name */
1463 }
1464
1465
1466
1467
1468 /*************************************************
1469 * Read and expand substrings *
1470 *************************************************/
1471
1472 /* This function is called to read and expand argument substrings for various
1473 expansion items. Some have a minimum requirement that is less than the maximum;
1474 in these cases, the first non-present one is set to NULL.
1475
1476 Arguments:
1477 sub points to vector of pointers to set
1478 n maximum number of substrings
1479 m minimum required
1480 sptr points to current string pointer
1481 skipping the skipping flag
1482 check_end if TRUE, check for final '}'
1483 name name of item, for error message
1484
1485 Returns: 0 OK; string pointer updated
1486 1 curly bracketing error (too few arguments)
1487 2 too many arguments (only if check_end is set); message set
1488 3 other error (expansion failure)
1489 */
1490
1491 static int
1492 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1493 BOOL check_end, uschar *name)
1494 {
1495 int i;
1496 uschar *s = *sptr;
1497
1498 while (isspace(*s)) s++;
1499 for (i = 0; i < n; i++)
1500 {
1501 if (*s != '{')
1502 {
1503 if (i < m) return 1;
1504 sub[i] = NULL;
1505 break;
1506 }
1507 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1508 if (sub[i] == NULL) return 3;
1509 if (*s++ != '}') return 1;
1510 while (isspace(*s)) s++;
1511 }
1512 if (check_end && *s++ != '}')
1513 {
1514 if (s[-1] == '{')
1515 {
1516 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1517 "(max is %d)", name, n);
1518 return 2;
1519 }
1520 return 1;
1521 }
1522
1523 *sptr = s;
1524 return 0;
1525 }
1526
1527
1528
1529
1530 /*************************************************
1531 * Read and evaluate a condition *
1532 *************************************************/
1533
1534 /*
1535 Arguments:
1536 s points to the start of the condition text
1537 yield points to a BOOL to hold the result of the condition test;
1538 if NULL, we are just reading through a condition that is
1539 part of an "or" combination to check syntax, or in a state
1540 where the answer isn't required
1541
1542 Returns: a pointer to the first character after the condition, or
1543 NULL after an error
1544 */
1545
1546 static uschar *
1547 eval_condition(uschar *s, BOOL *yield)
1548 {
1549 BOOL testfor = TRUE;
1550 BOOL tempcond, combined_cond;
1551 BOOL *subcondptr;
1552 int i, rc, cond_type, roffset;
1553 int num[2];
1554 struct stat statbuf;
1555 uschar name[256];
1556 uschar *sub[4];
1557
1558 const pcre *re;
1559 const uschar *rerror;
1560
1561 for (;;)
1562 {
1563 while (isspace(*s)) s++;
1564 if (*s == '!') { testfor = !testfor; s++; } else break;
1565 }
1566
1567 /* Numeric comparisons are symbolic */
1568
1569 if (*s == '=' || *s == '>' || *s == '<')
1570 {
1571 int p = 0;
1572 name[p++] = *s++;
1573 if (*s == '=')
1574 {
1575 name[p++] = '=';
1576 s++;
1577 }
1578 name[p] = 0;
1579 }
1580
1581 /* All other conditions are named */
1582
1583 else s = read_name(name, 256, s, US"_");
1584
1585 /* If we haven't read a name, it means some non-alpha character is first. */
1586
1587 if (name[0] == 0)
1588 {
1589 expand_string_message = string_sprintf("condition name expected, "
1590 "but found \"%.16s\"", s);
1591 return NULL;
1592 }
1593
1594 /* Find which condition we are dealing with, and switch on it */
1595
1596 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1597 switch(cond_type)
1598 {
1599 /* def: tests for a non-zero or non-NULL variable, or for an existing
1600 header */
1601
1602 case ECOND_DEF:
1603 if (*s != ':')
1604 {
1605 expand_string_message = US"\":\" expected after \"def\"";
1606 return NULL;
1607 }
1608
1609 s = read_name(name, 256, s+1, US"_");
1610
1611 /* Test for a header's existence */
1612
1613 if (Ustrncmp(name, "h_", 2) == 0 ||
1614 Ustrncmp(name, "rh_", 3) == 0 ||
1615 Ustrncmp(name, "bh_", 3) == 0 ||
1616 Ustrncmp(name, "header_", 7) == 0 ||
1617 Ustrncmp(name, "rheader_", 8) == 0 ||
1618 Ustrncmp(name, "bheader_", 8) == 0)
1619 {
1620 s = read_header_name(name, 256, s);
1621 if (yield != NULL) *yield =
1622 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1623 }
1624
1625 /* Test for a variable's having a non-empty value. If yield == NULL we
1626 are in a skipping state, and don't care about the answer. */
1627
1628 else
1629 {
1630 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1631 if (value == NULL)
1632 {
1633 expand_string_message = (name[0] == 0)?
1634 string_sprintf("variable name omitted after \"def:\"") :
1635 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1636 return NULL;
1637 }
1638 if (yield != NULL)
1639 *yield = (value[0] != 0 && Ustrcmp(value, "0") != 0) == testfor;
1640 }
1641
1642 return s;
1643
1644
1645 /* first_delivery tests for first delivery attempt */
1646
1647 case ECOND_FIRST_DELIVERY:
1648 if (yield != NULL) *yield = deliver_firsttime == testfor;
1649 return s;
1650
1651
1652 /* queue_running tests for any process started by a queue runner */
1653
1654 case ECOND_QUEUE_RUNNING:
1655 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1656 return s;
1657
1658
1659 /* exists: tests for file existence
1660 isip: tests for any IP address
1661 isip4: tests for an IPv4 address
1662 isip6: tests for an IPv6 address
1663 pam: does PAM authentication
1664 radius: does RADIUS authentication
1665 ldapauth: does LDAP authentication
1666 pwcheck: does Cyrus SASL pwcheck authentication
1667 */
1668
1669 case ECOND_EXISTS:
1670 case ECOND_ISIP:
1671 case ECOND_ISIP4:
1672 case ECOND_ISIP6:
1673 case ECOND_PAM:
1674 case ECOND_RADIUS:
1675 case ECOND_LDAPAUTH:
1676 case ECOND_PWCHECK:
1677
1678 while (isspace(*s)) s++;
1679 if (*s != '{') goto COND_FAILED_CURLY_START;
1680
1681 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1682 if (sub[0] == NULL) return NULL;
1683 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1684
1685 if (yield == NULL) return s; /* No need to run the test if skipping */
1686
1687 switch(cond_type)
1688 {
1689 case ECOND_EXISTS:
1690 if ((expand_forbid & RDO_EXISTS) != 0)
1691 {
1692 expand_string_message = US"File existence tests are not permitted";
1693 return NULL;
1694 }
1695 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1696 break;
1697
1698 case ECOND_ISIP:
1699 case ECOND_ISIP4:
1700 case ECOND_ISIP6:
1701 rc = string_is_ip_address(sub[0], NULL);
1702 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1703 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1704 break;
1705
1706 /* Various authentication tests - all optionally compiled */
1707
1708 case ECOND_PAM:
1709 #ifdef SUPPORT_PAM
1710 rc = auth_call_pam(sub[0], &expand_string_message);
1711 goto END_AUTH;
1712 #else
1713 goto COND_FAILED_NOT_COMPILED;
1714 #endif /* SUPPORT_PAM */
1715
1716 case ECOND_RADIUS:
1717 #ifdef RADIUS_CONFIG_FILE
1718 rc = auth_call_radius(sub[0], &expand_string_message);
1719 goto END_AUTH;
1720 #else
1721 goto COND_FAILED_NOT_COMPILED;
1722 #endif /* RADIUS_CONFIG_FILE */
1723
1724 case ECOND_LDAPAUTH:
1725 #ifdef LOOKUP_LDAP
1726 {
1727 /* Just to keep the interface the same */
1728 BOOL do_cache;
1729 int old_pool = store_pool;
1730 store_pool = POOL_SEARCH;
1731 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1732 &expand_string_message, &do_cache);
1733 store_pool = old_pool;
1734 }
1735 goto END_AUTH;
1736 #else
1737 goto COND_FAILED_NOT_COMPILED;
1738 #endif /* LOOKUP_LDAP */
1739
1740 case ECOND_PWCHECK:
1741 #ifdef CYRUS_PWCHECK_SOCKET
1742 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1743 goto END_AUTH;
1744 #else
1745 goto COND_FAILED_NOT_COMPILED;
1746 #endif /* CYRUS_PWCHECK_SOCKET */
1747
1748 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1749 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1750 END_AUTH:
1751 if (rc == ERROR || rc == DEFER) return NULL;
1752 *yield = (rc == OK) == testfor;
1753 #endif
1754 }
1755 return s;
1756
1757
1758 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1759
1760 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1761
1762 However, the last two are optional. That is why the whole set is enclosed
1763 in their own set or braces. */
1764
1765 case ECOND_SASLAUTHD:
1766 #ifndef CYRUS_SASLAUTHD_SOCKET
1767 goto COND_FAILED_NOT_COMPILED;
1768 #else
1769 while (isspace(*s)) s++;
1770 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1771 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1772 {
1773 case 1: expand_string_message = US"too few arguments or bracketing "
1774 "error for saslauthd";
1775 case 2:
1776 case 3: return NULL;
1777 }
1778 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1779 if (yield != NULL)
1780 {
1781 int rc;
1782 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1783 &expand_string_message);
1784 if (rc == ERROR || rc == DEFER) return NULL;
1785 *yield = (rc == OK) == testfor;
1786 }
1787 return s;
1788 #endif /* CYRUS_SASLAUTHD_SOCKET */
1789
1790
1791 /* symbolic operators for numeric and string comparison, and a number of
1792 other operators, all requiring two arguments.
1793
1794 match: does a regular expression match and sets up the numerical
1795 variables if it succeeds
1796 match_address: matches in an address list
1797 match_domain: matches in a domain list
1798 match_local_part: matches in a local part list
1799 crypteq: encrypts plaintext and compares against an encrypted text,
1800 using crypt(), crypt16(), MD5 or SHA-1
1801 */
1802
1803 case ECOND_MATCH:
1804 case ECOND_MATCH_ADDRESS:
1805 case ECOND_MATCH_DOMAIN:
1806 case ECOND_MATCH_LOCAL_PART:
1807 case ECOND_CRYPTEQ:
1808
1809 case ECOND_NUM_L: /* Numerical comparisons */
1810 case ECOND_NUM_LE:
1811 case ECOND_NUM_E:
1812 case ECOND_NUM_EE:
1813 case ECOND_NUM_G:
1814 case ECOND_NUM_GE:
1815
1816 case ECOND_STR_LT: /* String comparisons */
1817 case ECOND_STR_LTI:
1818 case ECOND_STR_LE:
1819 case ECOND_STR_LEI:
1820 case ECOND_STR_EQ:
1821 case ECOND_STR_EQI:
1822 case ECOND_STR_GT:
1823 case ECOND_STR_GTI:
1824 case ECOND_STR_GE:
1825 case ECOND_STR_GEI:
1826
1827 for (i = 0; i < 2; i++)
1828 {
1829 while (isspace(*s)) s++;
1830 if (*s != '{')
1831 {
1832 if (i == 0) goto COND_FAILED_CURLY_START;
1833 expand_string_message = string_sprintf("missing 2nd string in {} "
1834 "after \"%s\"", name);
1835 return NULL;
1836 }
1837 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1838 if (sub[i] == NULL) return NULL;
1839 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1840
1841 /* Convert to numerical if required; we know that the names of all the
1842 conditions that compare numbers do not start with a letter. This just saves
1843 checking for them individually. */
1844
1845 if (!isalpha(name[0]))
1846 {
1847 uschar *endptr;
1848 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1849 if (tolower(*endptr) == 'k')
1850 {
1851 num[i] *= 1024;
1852 endptr++;
1853 }
1854 else if (tolower(*endptr) == 'm')
1855 {
1856 num[i] *= 1024*1024;
1857 endptr++;
1858 }
1859 while (isspace(*endptr)) endptr++;
1860 if (*endptr != 0)
1861 {
1862 expand_string_message = string_sprintf("\"%s\" is not a number",
1863 sub[i]);
1864 return NULL;
1865 }
1866 }
1867 }
1868
1869 /* Result not required */
1870
1871 if (yield == NULL) return s;
1872
1873 /* Do an appropriate comparison */
1874
1875 switch(cond_type)
1876 {
1877 case ECOND_NUM_E:
1878 case ECOND_NUM_EE:
1879 *yield = (num[0] == num[1]) == testfor;
1880 break;
1881
1882 case ECOND_NUM_G:
1883 *yield = (num[0] > num[1]) == testfor;
1884 break;
1885
1886 case ECOND_NUM_GE:
1887 *yield = (num[0] >= num[1]) == testfor;
1888 break;
1889
1890 case ECOND_NUM_L:
1891 *yield = (num[0] < num[1]) == testfor;
1892 break;
1893
1894 case ECOND_NUM_LE:
1895 *yield = (num[0] <= num[1]) == testfor;
1896 break;
1897
1898 case ECOND_STR_LT:
1899 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1900 break;
1901
1902 case ECOND_STR_LTI:
1903 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1904 break;
1905
1906 case ECOND_STR_LE:
1907 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1908 break;
1909
1910 case ECOND_STR_LEI:
1911 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1912 break;
1913
1914 case ECOND_STR_EQ:
1915 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1916 break;
1917
1918 case ECOND_STR_EQI:
1919 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1920 break;
1921
1922 case ECOND_STR_GT:
1923 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1924 break;
1925
1926 case ECOND_STR_GTI:
1927 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1928 break;
1929
1930 case ECOND_STR_GE:
1931 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1932 break;
1933
1934 case ECOND_STR_GEI:
1935 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1936 break;
1937
1938 case ECOND_MATCH: /* Regular expression match */
1939 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1940 NULL);
1941 if (re == NULL)
1942 {
1943 expand_string_message = string_sprintf("regular expression error in "
1944 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1945 return NULL;
1946 }
1947 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1948 break;
1949
1950 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1951 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1952 goto MATCHED_SOMETHING;
1953
1954 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1955 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1956 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1957 goto MATCHED_SOMETHING;
1958
1959 case ECOND_MATCH_LOCAL_PART:
1960 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1961 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1962 /* Fall through */
1963
1964 MATCHED_SOMETHING:
1965 switch(rc)
1966 {
1967 case OK:
1968 *yield = testfor;
1969 break;
1970
1971 case FAIL:
1972 *yield = !testfor;
1973 break;
1974
1975 case DEFER:
1976 expand_string_message = string_sprintf("unable to complete match "
1977 "against \"%s\": %s", sub[1], search_error_message);
1978 return NULL;
1979 }
1980
1981 break;
1982
1983 /* Various "encrypted" comparisons. If the second string starts with
1984 "{" then an encryption type is given. Default to crypt() or crypt16()
1985 (build-time choice). */
1986
1987 case ECOND_CRYPTEQ:
1988 #ifndef SUPPORT_CRYPTEQ
1989 goto COND_FAILED_NOT_COMPILED;
1990 #else
1991 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1992 {
1993 int sublen = Ustrlen(sub[1]+5);
1994 md5 base;
1995 uschar digest[16];
1996
1997 md5_start(&base);
1998 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1999
2000 /* If the length that we are comparing against is 24, the MD5 digest
2001 is expressed as a base64 string. This is the way LDAP does it. However,
2002 some other software uses a straightforward hex representation. We assume
2003 this if the length is 32. Other lengths fail. */
2004
2005 if (sublen == 24)
2006 {
2007 uschar *coded = auth_b64encode((uschar *)digest, 16);
2008 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2009 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2010 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2011 }
2012 else if (sublen == 32)
2013 {
2014 int i;
2015 uschar coded[36];
2016 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2017 coded[32] = 0;
2018 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2019 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2020 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2021 }
2022 else
2023 {
2024 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2025 "fail\n crypted=%s\n", sub[1]+5);
2026 *yield = !testfor;
2027 }
2028 }
2029
2030 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2031 {
2032 int sublen = Ustrlen(sub[1]+6);
2033 sha1 base;
2034 uschar digest[20];
2035
2036 sha1_start(&base);
2037 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2038
2039 /* If the length that we are comparing against is 28, assume the SHA1
2040 digest is expressed as a base64 string. If the length is 40, assume a
2041 straightforward hex representation. Other lengths fail. */
2042
2043 if (sublen == 28)
2044 {
2045 uschar *coded = auth_b64encode((uschar *)digest, 20);
2046 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2047 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2048 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2049 }
2050 else if (sublen == 40)
2051 {
2052 int i;
2053 uschar coded[44];
2054 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2055 coded[40] = 0;
2056 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2057 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2058 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2059 }
2060 else
2061 {
2062 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2063 "fail\n crypted=%s\n", sub[1]+6);
2064 *yield = !testfor;
2065 }
2066 }
2067
2068 else /* {crypt} or {crypt16} and non-{ at start */
2069 {
2070 int which = 0;
2071 uschar *coded;
2072
2073 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2074 {
2075 sub[1] += 7;
2076 which = 1;
2077 }
2078 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2079 {
2080 sub[1] += 9;
2081 which = 2;
2082 }
2083 else if (sub[1][0] == '{')
2084 {
2085 expand_string_message = string_sprintf("unknown encryption mechanism "
2086 "in \"%s\"", sub[1]);
2087 return NULL;
2088 }
2089
2090 switch(which)
2091 {
2092 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2093 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2094 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2095 }
2096
2097 #define STR(s) # s
2098 #define XSTR(s) STR(s)
2099 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2100 " subject=%s\n crypted=%s\n",
2101 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2102 coded, sub[1]);
2103 #undef STR
2104 #undef XSTR
2105
2106 /* If the encrypted string contains fewer than two characters (for the
2107 salt), force failure. Otherwise we get false positives: with an empty
2108 string the yield of crypt() is an empty string! */
2109
2110 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2111 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2112 }
2113 break;
2114 #endif /* SUPPORT_CRYPTEQ */
2115 } /* Switch for comparison conditions */
2116
2117 return s; /* End of comparison conditions */
2118
2119
2120 /* and/or: computes logical and/or of several conditions */
2121
2122 case ECOND_AND:
2123 case ECOND_OR:
2124 subcondptr = (yield == NULL)? NULL : &tempcond;
2125 combined_cond = (cond_type == ECOND_AND);
2126
2127 while (isspace(*s)) s++;
2128 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2129
2130 for (;;)
2131 {
2132 while (isspace(*s)) s++;
2133 if (*s == '}') break;
2134 if (*s != '{')
2135 {
2136 expand_string_message = string_sprintf("each subcondition "
2137 "inside an \"%s{...}\" condition must be in its own {}", name);
2138 return NULL;
2139 }
2140
2141 s = eval_condition(s+1, subcondptr);
2142 if (s == NULL)
2143 {
2144 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2145 expand_string_message, name);
2146 return NULL;
2147 }
2148 while (isspace(*s)) s++;
2149
2150 if (*s++ != '}')
2151 {
2152 expand_string_message = string_sprintf("missing } at end of condition "
2153 "inside \"%s\" group", name);
2154 return NULL;
2155 }
2156
2157 if (yield != NULL)
2158 {
2159 if (cond_type == ECOND_AND)
2160 {
2161 combined_cond &= tempcond;
2162 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2163 } /* evaluate any more */
2164 else
2165 {
2166 combined_cond |= tempcond;
2167 if (combined_cond) subcondptr = NULL; /* once true, don't */
2168 } /* evaluate any more */
2169 }
2170 }
2171
2172 if (yield != NULL) *yield = (combined_cond == testfor);
2173 return ++s;
2174
2175
2176 /* Unknown condition */
2177
2178 default:
2179 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2180 return NULL;
2181 } /* End switch on condition type */
2182
2183 /* Missing braces at start and end of data */
2184
2185 COND_FAILED_CURLY_START:
2186 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2187 return NULL;
2188
2189 COND_FAILED_CURLY_END:
2190 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2191 name);
2192 return NULL;
2193
2194 /* A condition requires code that is not compiled */
2195
2196 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2197 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2198 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2199 COND_FAILED_NOT_COMPILED:
2200 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2201 name);
2202 return NULL;
2203 #endif
2204 }
2205
2206
2207
2208
2209 /*************************************************
2210 * Save numerical variables *
2211 *************************************************/
2212
2213 /* This function is called from items such as "if" that want to preserve and
2214 restore the numbered variables.
2215
2216 Arguments:
2217 save_expand_string points to an array of pointers to set
2218 save_expand_nlength points to an array of ints for the lengths
2219
2220 Returns: the value of expand max to save
2221 */
2222
2223 static int
2224 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2225 {
2226 int i;
2227 for (i = 0; i <= expand_nmax; i++)
2228 {
2229 save_expand_nstring[i] = expand_nstring[i];
2230 save_expand_nlength[i] = expand_nlength[i];
2231 }
2232 return expand_nmax;
2233 }
2234
2235
2236
2237 /*************************************************
2238 * Restore numerical variables *
2239 *************************************************/
2240
2241 /* This function restored saved values of numerical strings.
2242
2243 Arguments:
2244 save_expand_nmax the number of strings to restore
2245 save_expand_string points to an array of pointers
2246 save_expand_nlength points to an array of ints
2247
2248 Returns: nothing
2249 */
2250
2251 static void
2252 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2253 int *save_expand_nlength)
2254 {
2255 int i;
2256 expand_nmax = save_expand_nmax;
2257 for (i = 0; i <= expand_nmax; i++)
2258 {
2259 expand_nstring[i] = save_expand_nstring[i];
2260 expand_nlength[i] = save_expand_nlength[i];
2261 }
2262 }
2263
2264
2265
2266
2267
2268 /*************************************************
2269 * Handle yes/no substrings *
2270 *************************************************/
2271
2272 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2273 alternative substrings that depend on whether or not the condition was true,
2274 or the lookup or extraction succeeded. The substrings always have to be
2275 expanded, to check their syntax, but "skipping" is set when the result is not
2276 needed - this avoids unnecessary nested lookups.
2277
2278 Arguments:
2279 skipping TRUE if we were skipping when this item was reached
2280 yes TRUE if the first string is to be used, else use the second
2281 save_lookup a value to put back into lookup_value before the 2nd expansion
2282 sptr points to the input string pointer
2283 yieldptr points to the output string pointer
2284 sizeptr points to the output string size
2285 ptrptr points to the output string pointer
2286 type "lookup" or "if" or "extract" or "run", for error message
2287
2288 Returns: 0 OK; lookup_value has been reset to save_lookup
2289 1 expansion failed
2290 2 expansion failed because of bracketing error
2291 */
2292
2293 static int
2294 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2295 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2296 {
2297 int rc = 0;
2298 uschar *s = *sptr; /* Local value */
2299 uschar *sub1, *sub2;
2300
2301 /* If there are no following strings, we substitute the contents of $value for
2302 lookups and for extractions in the success case. For the ${if item, the string
2303 "true" is substituted. In the fail case, nothing is substituted for all three
2304 items. */
2305
2306 while (isspace(*s)) s++;
2307 if (*s == '}')
2308 {
2309 if (type[0] == 'i')
2310 {
2311 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2312 }
2313 else
2314 {
2315 if (yes && lookup_value != NULL)
2316 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2317 Ustrlen(lookup_value));
2318 lookup_value = save_lookup;
2319 }
2320 s++;
2321 goto RETURN;
2322 }
2323
2324 /* Expand the first substring. Forced failures are noticed only if we actually
2325 want this string. Set skipping in the call in the fail case (this will always
2326 be the case if we were already skipping). */
2327
2328 sub1 = expand_string_internal(s+1, TRUE, &s, !yes);
2329 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2330 expand_string_forcedfail = FALSE;
2331 if (*s++ != '}') goto FAILED_CURLY;
2332
2333 /* If we want the first string, add it to the output */
2334
2335 if (yes)
2336 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2337
2338 /* If this is called from a lookup or an extract, we want to restore $value to
2339 what it was at the start of the item, so that it has this value during the
2340 second string expansion. For the call from "if" or "run" to this function,
2341 save_lookup is set to lookup_value, so that this statement does nothing. */
2342
2343 lookup_value = save_lookup;
2344
2345 /* There now follows either another substring, or "fail", or nothing. This
2346 time, forced failures are noticed only if we want the second string. We must
2347 set skipping in the nested call if we don't want this string, or if we were
2348 already skipping. */
2349
2350 while (isspace(*s)) s++;
2351 if (*s == '{')
2352 {
2353 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2354 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2355 expand_string_forcedfail = FALSE;
2356 if (*s++ != '}') goto FAILED_CURLY;
2357
2358 /* If we want the second string, add it to the output */
2359
2360 if (!yes)
2361 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2362 }
2363
2364 /* If there is no second string, but the word "fail" is present when the use of
2365 the second string is wanted, set a flag indicating it was a forced failure
2366 rather than a syntactic error. Swallow the terminating } in case this is nested
2367 inside another lookup or if or extract. */
2368
2369 else if (*s != '}')
2370 {
2371 uschar name[256];
2372 s = read_name(name, sizeof(name), s, US"_");
2373 if (Ustrcmp(name, "fail") == 0)
2374 {
2375 if (!yes && !skipping)
2376 {
2377 while (isspace(*s)) s++;
2378 if (*s++ != '}') goto FAILED_CURLY;
2379 expand_string_message =
2380 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2381 expand_string_forcedfail = TRUE;
2382 goto FAILED;
2383 }
2384 }
2385 else
2386 {
2387 expand_string_message =
2388 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2389 goto FAILED;
2390 }
2391 }
2392
2393 /* All we have to do now is to check on the final closing brace. */
2394
2395 while (isspace(*s)) s++;
2396 if (*s++ == '}') goto RETURN;
2397
2398 /* Get here if there is a bracketing failure */
2399
2400 FAILED_CURLY:
2401 rc++;
2402
2403 /* Get here for other failures */
2404
2405 FAILED:
2406 rc++;
2407
2408 /* Update the input pointer value before returning */
2409
2410 RETURN:
2411 *sptr = s;
2412 return rc;
2413 }
2414
2415
2416
2417
2418
2419
2420 /*************************************************
2421 * Handle MD5 or SHA-1 computation for HMAC *
2422 *************************************************/
2423
2424 /* These are some wrapping functions that enable the HMAC code to be a bit
2425 cleaner. A good compiler will spot the tail recursion.
2426
2427 Arguments:
2428 type HMAC_MD5 or HMAC_SHA1
2429 remaining are as for the cryptographic hash functions
2430
2431 Returns: nothing
2432 */
2433
2434 static void
2435 chash_start(int type, void *base)
2436 {
2437 if (type == HMAC_MD5)
2438 md5_start((md5 *)base);
2439 else
2440 sha1_start((sha1 *)base);
2441 }
2442
2443 static void
2444 chash_mid(int type, void *base, uschar *string)
2445 {
2446 if (type == HMAC_MD5)
2447 md5_mid((md5 *)base, string);
2448 else
2449 sha1_mid((sha1 *)base, string);
2450 }
2451
2452 static void
2453 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2454 {
2455 if (type == HMAC_MD5)
2456 md5_end((md5 *)base, string, length, digest);
2457 else
2458 sha1_end((sha1 *)base, string, length, digest);
2459 }
2460
2461
2462
2463
2464
2465 /*************************************************
2466 * Join a file onto the output string *
2467 *************************************************/
2468
2469 /* This is used for readfile and after a run expansion. It joins the contents
2470 of a file onto the output string, globally replacing newlines with a given
2471 string (optionally). The file is closed at the end.
2472
2473 Arguments:
2474 f the FILE
2475 yield pointer to the expandable string
2476 sizep pointer to the current size
2477 ptrp pointer to the current position
2478 eol newline replacement string, or NULL
2479
2480 Returns: new value of string pointer
2481 */
2482
2483 static uschar *
2484 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2485 {
2486 int eollen;
2487 uschar buffer[1024];
2488
2489 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2490
2491 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2492 {
2493 int len = Ustrlen(buffer);
2494 if (eol != NULL && buffer[len-1] == '\n') len--;
2495 yield = string_cat(yield, sizep, ptrp, buffer, len);
2496 if (buffer[len] != 0)
2497 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2498 }
2499
2500 if (yield != NULL) yield[*ptrp] = 0;
2501
2502 return yield;
2503 }
2504
2505
2506
2507
2508 /*************************************************
2509 * Evaluate numeric expression *
2510 *************************************************/
2511
2512 /* This is a set of mutually recursive functions that evaluate a simple
2513 arithmetic expression involving only + - * / and parentheses. The only one that
2514 is called from elsewhere is eval_expr, whose interface is:
2515
2516 Arguments:
2517 sptr pointer to the pointer to the string - gets updated
2518 decimal TRUE if numbers are to be assumed decimal
2519 error pointer to where to put an error message - must be NULL on input
2520 endket TRUE if ')' must terminate - FALSE for external call
2521
2522
2523 Returns: on success: the value of the expression, with *error still NULL
2524 on failure: an undefined value, with *error = a message
2525 */
2526
2527 static int eval_sumterm(uschar **, BOOL, uschar **);
2528
2529 static int
2530 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2531 {
2532 uschar *s = *sptr;
2533 int x = eval_sumterm(&s, decimal, error);
2534 if (*error == NULL)
2535 {
2536 while (*s == '+' || *s == '-')
2537 {
2538 int op = *s++;
2539 int y = eval_sumterm(&s, decimal, error);
2540 if (*error != NULL) break;
2541 if (op == '+') x += y; else x -= y;
2542 }
2543 if (*error == NULL)
2544 {
2545 if (endket)
2546 {
2547 if (*s != ')')
2548 *error = US"expecting closing parenthesis";
2549 else
2550 while (isspace(*(++s)));
2551 }
2552 else if (*s != 0) *error = US"expecting + or -";
2553 }
2554 }
2555
2556 *sptr = s;
2557 return x;
2558 }
2559
2560 static int
2561 eval_term(uschar **sptr, BOOL decimal, uschar **error)
2562 {
2563 register int c;
2564 int n;
2565 uschar *s = *sptr;
2566 while (isspace(*s)) s++;
2567 c = *s;
2568 if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2569 {
2570 int count;
2571 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2572 s += count;
2573 if (tolower(*s) == 'k') { n *= 1024; s++; }
2574 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2575 while (isspace (*s)) s++;
2576 }
2577 else if (c == '(')
2578 {
2579 s++;
2580 n = eval_expr(&s, decimal, error, 1);
2581 }
2582 else
2583 {
2584 *error = US"expecting number or opening parenthesis";
2585 n = 0;
2586 }
2587 *sptr = s;
2588 return n;
2589 }
2590
2591 static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2592 {
2593 uschar *s = *sptr;
2594 int x = eval_term(&s, decimal, error);
2595 if (*error == NULL)
2596 {
2597 while (*s == '*' || *s == '/')
2598 {
2599 int op = *s++;
2600 int y = eval_term(&s, decimal, error);
2601 if (*error != NULL) break;
2602 if (op == '*') x *= y; else x /= y;
2603 }
2604 }
2605 *sptr = s;
2606 return x;
2607 }
2608
2609
2610
2611
2612 /*************************************************
2613 * Expand string *
2614 *************************************************/
2615
2616 /* Returns either an unchanged string, or the expanded string in stacking pool
2617 store. Interpreted sequences are:
2618
2619 \... normal escaping rules
2620 $name substitutes the variable
2621 ${name} ditto
2622 ${op:string} operates on the expanded string value
2623 ${item{arg1}{arg2}...} expands the args and then does the business
2624 some literal args are not enclosed in {}
2625
2626 There are now far too many operators and item types to make it worth listing
2627 them here in detail any more.
2628
2629 We use an internal routine recursively to handle embedded substrings. The
2630 external function follows. The yield is NULL if the expansion failed, and there
2631 are two cases: if something collapsed syntactically, or if "fail" was given
2632 as the action on a lookup failure. These can be distinguised by looking at the
2633 variable expand_string_forcedfail, which is TRUE in the latter case.
2634
2635 The skipping flag is set true when expanding a substring that isn't actually
2636 going to be used (after "if" or "lookup") and it prevents lookups from
2637 happening lower down.
2638
2639 Store usage: At start, a store block of the length of the input plus 64
2640 is obtained. This is expanded as necessary by string_cat(), which might have to
2641 get a new block, or might be able to expand the original. At the end of the
2642 function we can release any store above that portion of the yield block that
2643 was actually used. In many cases this will be optimal.
2644
2645 However: if the first item in the expansion is a variable name or header name,
2646 we reset the store before processing it; if the result is in fresh store, we
2647 use that without copying. This is helpful for expanding strings like
2648 $message_headers which can get very long.
2649
2650 Arguments:
2651 string the string to be expanded
2652 ket_ends true if expansion is to stop at }
2653 left if not NULL, a pointer to the first character after the
2654 expansion is placed here (typically used with ket_ends)
2655 skipping TRUE for recursive calls when the value isn't actually going
2656 to be used (to allow for optimisation)
2657
2658 Returns: NULL if expansion fails:
2659 expand_string_forcedfail is set TRUE if failure was forced
2660 expand_string_message contains a textual error message
2661 a pointer to the expanded string on success
2662 */
2663
2664 static uschar *
2665 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2666 BOOL skipping)
2667 {
2668 int ptr = 0;
2669 int size = Ustrlen(string)+ 64;
2670 int item_type;
2671 uschar *yield = store_get(size);
2672 uschar *s = string;
2673 uschar *save_expand_nstring[EXPAND_MAXN+1];
2674 int save_expand_nlength[EXPAND_MAXN+1];
2675
2676 expand_string_forcedfail = FALSE;
2677 expand_string_message = US"";
2678
2679 while (*s != 0)
2680 {
2681 uschar *value;
2682 uschar name[256];
2683
2684 /* \ escapes the next character, which must exist, or else
2685 the expansion fails. There's a special escape, \N, which causes
2686 copying of the subject verbatim up to the next \N. Otherwise,
2687 the escapes are the standard set. */
2688
2689 if (*s == '\\')
2690 {
2691 if (s[1] == 0)
2692 {
2693 expand_string_message = US"\\ at end of string";
2694 goto EXPAND_FAILED;
2695 }
2696
2697 if (s[1] == 'N')
2698 {
2699 uschar *t = s + 2;
2700 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2701 yield = string_cat(yield, &size, &ptr, t, s - t);
2702 if (*s != 0) s += 2;
2703 }
2704
2705 else
2706 {
2707 uschar ch[1];
2708 ch[0] = string_interpret_escape(&s);
2709 s++;
2710 yield = string_cat(yield, &size, &ptr, ch, 1);
2711 }
2712
2713 continue;
2714 }
2715
2716 /* Anything other than $ is just copied verbatim, unless we are
2717 looking for a terminating } character. */
2718
2719 if (ket_ends && *s == '}') break;
2720
2721 if (*s != '$')
2722 {
2723 yield = string_cat(yield, &size, &ptr, s++, 1);
2724 continue;
2725 }
2726
2727 /* No { after the $ - must be a plain name or a number for string
2728 match variable. There has to be a fudge for variables that are the
2729 names of header fields preceded by "$header_" because header field
2730 names can contain any printing characters except space and colon.
2731 For those that don't like typing this much, "$h_" is a synonym for
2732 "$header_". A non-existent header yields a NULL value; nothing is
2733 inserted. */
2734
2735 if (isalpha((*(++s))))
2736 {
2737 int len;
2738 int newsize = 0;
2739
2740 s = read_name(name, sizeof(name), s, US"_");
2741
2742 /* If this is the first thing to be expanded, release the pre-allocated
2743 buffer. */
2744
2745 if (ptr == 0 && yield != NULL)
2746 {
2747 store_reset(yield);
2748 yield = NULL;
2749 size = 0;
2750 }
2751
2752 /* Header */
2753
2754 if (Ustrncmp(name, "h_", 2) == 0 ||
2755 Ustrncmp(name, "rh_", 3) == 0 ||
2756 Ustrncmp(name, "bh_", 3) == 0 ||
2757 Ustrncmp(name, "header_", 7) == 0 ||
2758 Ustrncmp(name, "rheader_", 8) == 0 ||
2759 Ustrncmp(name, "bheader_", 8) == 0)
2760 {
2761 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2762 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2763 s = read_header_name(name, sizeof(name), s);
2764 value = find_header(name, FALSE, &newsize, want_raw, charset);
2765
2766 /* If we didn't find the header, and the header contains a closing brace
2767 characters, this may be a user error where the terminating colon
2768 has been omitted. Set a flag to adjust the error message in this case.
2769 But there is no error here - nothing gets inserted. */
2770
2771 if (value == NULL)
2772 {
2773 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2774 continue;
2775 }
2776 }
2777
2778 /* Variable */
2779
2780 else
2781 {
2782 value = find_variable(name, FALSE, skipping, &newsize);
2783 if (value == NULL)
2784 {
2785 expand_string_message =
2786 string_sprintf("unknown variable name \"%s\"", name);
2787 goto EXPAND_FAILED;
2788 }
2789 }
2790
2791 /* If the data is known to be in a new buffer, newsize will be set to the
2792 size of that buffer. If this is the first thing in an expansion string,
2793 yield will be NULL; just point it at the new store instead of copying. Many
2794 expansion strings contain just one reference, so this is a useful
2795 optimization, especially for humungous headers. */
2796
2797 len = Ustrlen(value);
2798 if (yield == NULL && newsize != 0)
2799 {
2800 yield = value;
2801 size = newsize;
2802 ptr = len;
2803 }
2804 else yield = string_cat(yield, &size, &ptr, value, len);
2805
2806 continue;
2807 }
2808
2809 if (isdigit(*s))
2810 {
2811 int n;
2812 s = read_number(&n, s);
2813 if (n >= 0 && n <= expand_nmax)
2814 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2815 expand_nlength[n]);
2816 continue;
2817 }
2818
2819 /* Otherwise, if there's no '{' after $ it's an error. */
2820
2821 if (*s != '{')
2822 {
2823 expand_string_message = US"$ not followed by letter, digit, or {";
2824 goto EXPAND_FAILED;
2825 }
2826
2827 /* After { there can be various things, but they all start with
2828 an initial word, except for a number for a string match variable. */
2829
2830 if (isdigit((*(++s))))
2831 {
2832 int n;
2833 s = read_number(&n, s);
2834 if (*s++ != '}')
2835 {
2836 expand_string_message = US"} expected after number";
2837 goto EXPAND_FAILED;
2838 }
2839 if (n >= 0 && n <= expand_nmax)
2840 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2841 expand_nlength[n]);
2842 continue;
2843 }
2844
2845 if (!isalpha(*s))
2846 {
2847 expand_string_message = US"letter or digit expected after ${";
2848 goto EXPAND_FAILED;
2849 }
2850
2851 /* Allow "-" in names to cater for substrings with negative
2852 arguments. Since we are checking for known names after { this is
2853 OK. */
2854
2855 s = read_name(name, sizeof(name), s, US"_-");
2856 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2857
2858 switch(item_type)
2859 {
2860 /* Handle conditionals - preserve the values of the numerical expansion
2861 variables in case they get changed by a regular expression match in the
2862 condition. If not, they retain their external settings. At the end
2863 of this "if" section, they get restored to their previous values. */
2864
2865 case EITEM_IF:
2866 {
2867 BOOL cond = FALSE;
2868 uschar *next_s;
2869 int save_expand_nmax =
2870 save_expand_strings(save_expand_nstring, save_expand_nlength);
2871
2872 while (isspace(*s)) s++;
2873 next_s = eval_condition(s, skipping? NULL : &cond);
2874 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2875
2876 DEBUG(D_expand)
2877 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2878 cond? "true" : "false");
2879
2880 s = next_s;
2881
2882 /* The handling of "yes" and "no" result strings is now in a separate
2883 function that is also used by ${lookup} and ${extract} and ${run}. */
2884
2885 switch(process_yesno(
2886 skipping, /* were previously skipping */
2887 cond, /* success/failure indicator */
2888 lookup_value, /* value to reset for string2 */
2889 &s, /* input pointer */
2890 &yield, /* output pointer */
2891 &size, /* output size */
2892 &ptr, /* output current point */
2893 US"if")) /* condition type */
2894 {
2895 case 1: goto EXPAND_FAILED; /* when all is well, the */
2896 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2897 }
2898
2899 /* Restore external setting of expansion variables for continuation
2900 at this level. */
2901
2902 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2903 save_expand_nlength);
2904 continue;
2905 }
2906
2907 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
2908 expanding an internal string that isn't actually going to be used. All we
2909 need to do is check the syntax, so don't do a lookup at all. Preserve the
2910 values of the numerical expansion variables in case they get changed by a
2911 partial lookup. If not, they retain their external settings. At the end
2912 of this "lookup" section, they get restored to their previous values. */
2913
2914 case EITEM_LOOKUP:
2915 {
2916 int stype, partial, affixlen, starflags;
2917 int expand_setup = 0;
2918 int nameptr = 0;
2919 uschar *key, *filename, *affix;
2920 uschar *save_lookup_value = lookup_value;
2921 int save_expand_nmax =
2922 save_expand_strings(save_expand_nstring, save_expand_nlength);
2923
2924 if ((expand_forbid & RDO_LOOKUP) != 0)
2925 {
2926 expand_string_message = US"lookup expansions are not permitted";
2927 goto EXPAND_FAILED;
2928 }
2929
2930 /* Get the key we are to look up for single-key+file style lookups.
2931 Otherwise set the key NULL pro-tem. */
2932
2933 while (isspace(*s)) s++;
2934 if (*s == '{')
2935 {
2936 key = expand_string_internal(s+1, TRUE, &s, skipping);
2937 if (key == NULL) goto EXPAND_FAILED;
2938 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2939 while (isspace(*s)) s++;
2940 }
2941 else key = NULL;
2942
2943 /* Find out the type of database */
2944
2945 if (!isalpha(*s))
2946 {
2947 expand_string_message = US"missing lookup type";
2948 goto EXPAND_FAILED;
2949 }
2950
2951 /* The type is a string that may contain special characters of various
2952 kinds. Allow everything except space or { to appear; the actual content
2953 is checked by search_findtype_partial. */
2954
2955 while (*s != 0 && *s != '{' && !isspace(*s))
2956 {
2957 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
2958 s++;
2959 }
2960 name[nameptr] = 0;
2961 while (isspace(*s)) s++;
2962
2963 /* Now check for the individual search type and any partial or default
2964 options. Only those types that are actually in the binary are valid. */
2965
2966 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
2967 &starflags);
2968 if (stype < 0)
2969 {
2970 expand_string_message = search_error_message;
2971 goto EXPAND_FAILED;
2972 }
2973
2974 /* Check that a key was provided for those lookup types that need it,
2975 and was not supplied for those that use the query style. */
2976
2977 if (!mac_islookup(stype, lookup_querystyle))
2978 {
2979 if (key == NULL)
2980 {
2981 expand_string_message = string_sprintf("missing {key} for single-"
2982 "key \"%s\" lookup", name);
2983 goto EXPAND_FAILED;
2984 }
2985 }
2986 else
2987 {
2988 if (key != NULL)
2989 {
2990 expand_string_message = string_sprintf("a single key was given for "
2991 "lookup type \"%s\", which is not a single-key lookup type", name);
2992 goto EXPAND_FAILED;
2993 }
2994 }
2995
2996 /* Get the next string in brackets and expand it. It is the file name for
2997 single-key+file lookups, and the whole query otherwise. */
2998
2999 if (*s != '{') goto EXPAND_FAILED_CURLY;
3000 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3001 if (filename == NULL) goto EXPAND_FAILED;
3002 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3003 while (isspace(*s)) s++;
3004
3005 /* If this isn't a single-key+file lookup, re-arrange the variables
3006 to be appropriate for the search_ functions. */
3007
3008 if (key == NULL)
3009 {
3010 key = filename;
3011 filename = NULL;
3012 }
3013
3014 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3015 the entry was not found. Note that there is no search_close() function.
3016 Files are left open in case of re-use. At suitable places in higher logic,
3017 search_tidyup() is called to tidy all open files. This can save opening
3018 the same file several times. However, files may also get closed when
3019 others are opened, if too many are open at once. The rule is that a
3020 handle should not be used after a second search_open().
3021
3022 Request that a partial search sets up $1 and maybe $2 by passing
3023 expand_setup containing zero. If its value changes, reset expand_nmax,
3024 since new variables will have been set. Note that at the end of this
3025 "lookup" section, the old numeric variables are restored. */
3026
3027 if (skipping)
3028 lookup_value = NULL;
3029 else
3030 {
3031 void *handle = search_open(filename, stype, 0, NULL, NULL);
3032 if (handle == NULL)
3033 {
3034 expand_string_message = search_error_message;
3035 goto EXPAND_FAILED;
3036 }
3037 lookup_value = search_find(handle, filename, key, partial, affix,
3038 affixlen, starflags, &expand_setup);
3039 if (search_find_defer)
3040 {
3041 expand_string_message =
3042 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3043 search_error_message);
3044 goto EXPAND_FAILED;
3045 }
3046 if (expand_setup > 0) expand_nmax = expand_setup;
3047 }
3048
3049 /* The handling of "yes" and "no" result strings is now in a separate
3050 function that is also used by ${if} and ${extract}. */
3051
3052 switch(process_yesno(
3053 skipping, /* were previously skipping */
3054 lookup_value != NULL, /* success/failure indicator */
3055 save_lookup_value, /* value to reset for string2 */
3056 &s, /* input pointer */
3057 &yield, /* output pointer */
3058 &size, /* output size */
3059 &ptr, /* output current point */
3060 US"lookup")) /* condition type */
3061 {
3062 case 1: goto EXPAND_FAILED; /* when all is well, the */
3063 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3064 }
3065
3066 /* Restore external setting of expansion variables for carrying on
3067 at this level, and continue. */
3068
3069 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3070 save_expand_nlength);
3071 continue;
3072 }
3073
3074 /* If Perl support is configured, handle calling embedded perl subroutines,
3075 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3076 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3077 arguments (defined below). */
3078
3079 #define EXIM_PERL_MAX_ARGS 8
3080
3081 case EITEM_PERL:
3082 #ifndef EXIM_PERL
3083 expand_string_message = US"\"${perl\" encountered, but this facility "
3084 "is not included in this binary";
3085 goto EXPAND_FAILED;
3086
3087 #else /* EXIM_PERL */
3088 {
3089 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3090 uschar *new_yield;
3091
3092 if ((expand_forbid & RDO_PERL) != 0)
3093 {
3094 expand_string_message = US"Perl calls are not permitted";
3095 goto EXPAND_FAILED;
3096 }
3097
3098 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3099 US"perl"))
3100 {
3101 case 1: goto EXPAND_FAILED_CURLY;
3102 case 2:
3103 case 3: goto EXPAND_FAILED;
3104 }
3105
3106 /* If skipping, we don't actually do anything */
3107
3108 if (skipping) continue;
3109
3110 /* Start the interpreter if necessary */
3111
3112 if (!opt_perl_started)
3113 {
3114 uschar *initerror;
3115 if (opt_perl_startup == NULL)
3116 {
3117 expand_string_message = US"A setting of perl_startup is needed when "
3118 "using the Perl interpreter";
3119 goto EXPAND_FAILED;
3120 }
3121 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3122 initerror = init_perl(opt_perl_startup);
3123 if (initerror != NULL)
3124 {
3125 expand_string_message =
3126 string_sprintf("error in perl_startup code: %s\n", initerror);
3127 goto EXPAND_FAILED;
3128 }
3129 opt_perl_started = TRUE;
3130 }
3131
3132 /* Call the function */
3133
3134 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3135 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3136 sub_arg[0], sub_arg + 1);
3137
3138 /* NULL yield indicates failure; if the message pointer has been set to
3139 NULL, the yield was undef, indicating a forced failure. Otherwise the
3140 message will indicate some kind of Perl error. */
3141
3142 if (new_yield == NULL)
3143 {
3144 if (expand_string_message == NULL)
3145 {
3146 expand_string_message =
3147 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3148 "failure", sub_arg[0]);
3149 expand_string_forcedfail = TRUE;
3150 }
3151 goto EXPAND_FAILED;
3152 }
3153
3154 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3155 set during a callback from Perl. */
3156
3157 expand_string_forcedfail = FALSE;
3158 yield = new_yield;
3159 continue;
3160 }
3161 #endif /* EXIM_PERL */
3162
3163 /* Handle "readfile" to insert an entire file */
3164
3165 case EITEM_READFILE:
3166 {
3167 FILE *f;
3168 uschar *sub_arg[2];
3169
3170 if ((expand_forbid & RDO_READFILE) != 0)
3171 {
3172 expand_string_message = US"file insertions are not permitted";
3173 goto EXPAND_FAILED;
3174 }
3175
3176 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3177 {
3178 case 1: goto EXPAND_FAILED_CURLY;
3179 case 2:
3180 case 3: goto EXPAND_FAILED;
3181 }
3182
3183 /* If skipping, we don't actually do anything */
3184
3185 if (skipping) continue;
3186
3187 /* Open the file and read it */
3188
3189 f = Ufopen(sub_arg[0], "rb");
3190 if (f == NULL)
3191 {
3192 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3193 goto EXPAND_FAILED;
3194 }
3195
3196 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3197 fclose(f);
3198 continue;
3199 }
3200
3201 /* Handle "readsocket" to insert data from a Unix domain socket */
3202
3203 case EITEM_READSOCK:
3204 {
3205 int fd;
3206 int timeout = 5;
3207 int save_ptr = ptr;
3208 FILE *f;
3209 struct sockaddr_un sockun; /* don't call this "sun" ! */
3210 uschar *arg;
3211 uschar *sub_arg[4];
3212
3213 if ((expand_forbid & RDO_READSOCK) != 0)
3214 {
3215 expand_string_message = US"socket insertions are not permitted";
3216 goto EXPAND_FAILED;
3217 }
3218
3219 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3220 because there may be a string for expansion on failure. */
3221
3222 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3223 {
3224 case 1: goto EXPAND_FAILED_CURLY;
3225 case 2: /* Won't occur: no end check */
3226 case 3: goto EXPAND_FAILED;
3227 }
3228
3229 /* Sort out timeout, if given */
3230
3231 if (sub_arg[2] != NULL)
3232 {
3233 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3234 if (timeout < 0)
3235 {
3236 expand_string_message = string_sprintf("bad time value %s",
3237 sub_arg[2]);
3238 goto EXPAND_FAILED;
3239 }
3240 }
3241 else sub_arg[3] = NULL; /* No eol if no timeout */
3242
3243 /* If skipping, we don't actually do anything */
3244
3245 if (!skipping)
3246 {
3247 /* Make a connection to the socket */
3248
3249 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3250 {
3251 expand_string_message = string_sprintf("failed to create socket: %s",
3252 strerror(errno));
3253 goto SOCK_FAIL;
3254 }
3255
3256 sockun.sun_family = AF_UNIX;
3257 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3258 sub_arg[0]);
3259 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3260 {
3261 expand_string_message = string_sprintf("failed to connect to socket "
3262 "%s: %s", sub_arg[0], strerror(errno));
3263 goto SOCK_FAIL;
3264 }
3265 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3266
3267 /* Write the request string, if not empty */
3268
3269 if (sub_arg[1][0] != 0)
3270 {
3271 int len = Ustrlen(sub_arg[1]);
3272 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3273 sub_arg[1]);
3274 if (write(fd, sub_arg[1], len) != len)
3275 {
3276 expand_string_message = string_sprintf("request write to socket "
3277 "failed: %s", strerror(errno));
3278 goto SOCK_FAIL;
3279 }
3280 }
3281
3282 /* Now we need to read from the socket, under a timeout. The function
3283 that reads a file can be used. */
3284
3285 f = fdopen(fd, "rb");
3286 sigalrm_seen = FALSE;
3287 alarm(timeout);
3288 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3289 alarm(0);
3290 fclose(f);
3291
3292 /* After a timeout, we restore the pointer in the result, that is,
3293 make sure we add nothing from the socket. */
3294
3295 if (sigalrm_seen)
3296 {
3297 ptr = save_ptr;
3298 expand_string_message = US"socket read timed out";
3299 goto SOCK_FAIL;
3300 }
3301 }
3302
3303 /* The whole thing has worked (or we were skipping). If there is a
3304 failure string following, we need to skip it. */
3305
3306 if (*s == '{')
3307 {
3308 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3309 goto EXPAND_FAILED;
3310 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3311 while (isspace(*s)) s++;
3312 }
3313 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3314 continue;
3315
3316 /* Come here on failure to create socket, connect socket, write to the
3317 socket, or timeout on reading. If another substring follows, expand and
3318 use it. Otherwise, those conditions give expand errors. */
3319
3320 SOCK_FAIL:
3321 if (*s != '{') goto EXPAND_FAILED;
3322 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3323 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3324 if (arg == NULL) goto EXPAND_FAILED;
3325 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3326 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3327 while (isspace(*s)) s++;
3328 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3329 continue;
3330 }
3331
3332 /* Handle "run" to execute a program. */
3333
3334 case EITEM_RUN:
3335 {
3336 FILE *f;
3337 uschar *arg;
3338 uschar **argv;
3339 pid_t pid;
3340 int fd_in, fd_out;
3341 int lsize = 0;
3342 int lptr = 0;
3343
3344 if ((expand_forbid & RDO_RUN) != 0)
3345 {
3346 expand_string_message = US"running a command is not permitted";
3347 goto EXPAND_FAILED;
3348 }
3349
3350 while (isspace(*s)) s++;
3351 if (*s != '{') goto EXPAND_FAILED_CURLY;
3352 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3353 if (arg == NULL) goto EXPAND_FAILED;
3354 while (isspace(*s)) s++;
3355 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3356
3357 if (skipping) /* Just pretend it worked when we're skipping */
3358 {
3359 runrc = 0;
3360 }
3361 else
3362 {
3363 if (!transport_set_up_command(&argv, /* anchor for arg list */
3364 arg, /* raw command */
3365 FALSE, /* don't expand the arguments */
3366 0, /* not relevant when... */
3367 NULL, /* no transporting address */
3368 US"${run} expansion", /* for error messages */
3369 &expand_string_message)) /* where to put error message */
3370 {
3371 goto EXPAND_FAILED;
3372 }
3373
3374 /* Create the child process, making it a group leader. */
3375
3376 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3377
3378 if (pid < 0)
3379 {
3380 expand_string_message =
3381 string_sprintf("couldn't create child process: %s", strerror(errno));
3382 goto EXPAND_FAILED;
3383 }
3384
3385 /* Nothing is written to the standard input. */
3386
3387 close(fd_in);
3388
3389 /* Wait for the process to finish, applying the timeout, and inspect its
3390 return code for serious disasters. Simple non-zero returns are passed on.
3391 */
3392
3393 if ((runrc = child_close(pid, 60)) < 0)
3394 {
3395 if (runrc == -256)
3396 {
3397 expand_string_message = string_sprintf("command timed out");
3398 killpg(pid, SIGKILL); /* Kill the whole process group */
3399 }
3400
3401 else if (runrc == -257)
3402 expand_string_message = string_sprintf("wait() failed: %s",
3403 strerror(errno));
3404
3405 else
3406 expand_string_message = string_sprintf("command killed by signal %d",
3407 -runrc);
3408
3409 goto EXPAND_FAILED;
3410 }
3411
3412 /* Read the pipe to get the command's output into $value (which is kept
3413 in lookup_value). */
3414
3415 f = fdopen(fd_out, "rb");
3416 lookup_value = NULL;
3417 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
3418 fclose(f);
3419 }
3420
3421 /* Process the yes/no strings; $value may be useful in both cases */
3422
3423 switch(process_yesno(
3424 skipping, /* were previously skipping */
3425 runrc == 0, /* success/failure indicator */
3426 lookup_value, /* value to reset for string2 */
3427 &s, /* input pointer */
3428 &yield, /* output pointer */
3429 &size, /* output size */
3430 &ptr, /* output current point */
3431 US"run")) /* condition type */
3432 {
3433 case 1: goto EXPAND_FAILED; /* when all is well, the */
3434 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3435 }
3436
3437 continue;
3438 }
3439
3440 /* Handle character translation for "tr" */
3441
3442 case EITEM_TR:
3443 {
3444 int oldptr = ptr;
3445 int o2m;
3446 uschar *sub[3];
3447
3448 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
3449 {
3450 case 1: goto EXPAND_FAILED_CURLY;
3451 case 2:
3452 case 3: goto EXPAND_FAILED;
3453 }
3454
3455 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
3456 o2m = Ustrlen(sub[2]) - 1;
3457
3458 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
3459 {
3460 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
3461 if (m != NULL)
3462 {
3463 int o = m - sub[1];
3464 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
3465 }
3466 }
3467
3468 continue;
3469 }
3470
3471 /* Handle "hash", "length", "nhash", and "substr" when they are given with
3472 expanded arguments. */
3473
3474 case EITEM_HASH:
3475 case EITEM_LENGTH:
3476 case EITEM_NHASH:
3477 case EITEM_SUBSTR:
3478 {
3479 int i;
3480 int len;
3481 uschar *ret;
3482 int val[2] = { 0, -1 };
3483 uschar *sub[3];
3484
3485 /* "length" takes only 2 arguments whereas the others take 2 or 3.
3486 Ensure that sub[2] is set in the ${length case. */
3487
3488 sub[2] = NULL;
3489 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
3490 TRUE, name))
3491 {
3492 case 1: goto EXPAND_FAILED_CURLY;
3493 case 2:
3494 case 3: goto EXPAND_FAILED;
3495 }
3496
3497 /* Juggle the arguments if there are only two of them: always move the
3498 string to the last position and make ${length{n}{str}} equivalent to
3499 ${substr{0}{n}{str}}. See the defaults for val[] above. */
3500
3501 if (sub[2] == NULL)
3502 {
3503 sub[2] = sub[1];
3504 sub[1] = NULL;
3505 if (item_type == EITEM_LENGTH)
3506 {
3507 sub[1] = sub[0];
3508 sub[0] = NULL;
3509 }
3510 }
3511
3512 for (i = 0; i < 2; i++)
3513 {
3514 if (sub[i] == NULL) continue;
3515 val[i] = (int)Ustrtol(sub[i], &ret, 10);
3516 if (*ret != 0 || (i != 0 && val[i] < 0))
3517 {
3518 expand_string_message = string_sprintf("\"%s\" is not a%s number "
3519 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
3520 goto EXPAND_FAILED;
3521 }
3522 }
3523
3524 ret =
3525 (item_type == EITEM_HASH)?
3526 compute_hash(sub[2], val[0], val[1], &len) :
3527 (item_type == EITEM_NHASH)?
3528 compute_nhash(sub[2], val[0], val[1], &len) :
3529 extract_substr(sub[2], val[0], val[1], &len);
3530
3531 if (ret == NULL) goto EXPAND_FAILED;
3532 yield = string_cat(yield, &size, &ptr, ret, len);
3533 continue;
3534 }
3535
3536 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
3537 This code originally contributed by Steve Haslam. It currently supports
3538 the use of MD5 and SHA-1 hashes.
3539
3540 We need some workspace that is large enough to handle all the supported
3541 hash types. Use macros to set the sizes rather than be too elaborate. */
3542
3543 #define MAX_HASHLEN 20
3544 #define MAX_HASHBLOCKLEN 64
3545
3546 case EITEM_HMAC:
3547 {
3548 uschar *sub[3];
3549 md5 md5_base;
3550 sha1 sha1_base;
3551 void *use_base;
3552 int type, i;
3553 int hashlen; /* Number of octets for the hash algorithm's output */
3554 int hashblocklen; /* Number of octets the hash algorithm processes */
3555 uschar *keyptr, *p;
3556 unsigned int keylen;
3557
3558 uschar keyhash[MAX_HASHLEN];
3559 uschar innerhash[MAX_HASHLEN];
3560 uschar finalhash[MAX_HASHLEN];
3561 uschar finalhash_hex[2*MAX_HASHLEN];
3562 uschar innerkey[MAX_HASHBLOCKLEN];
3563 uschar outerkey[MAX_HASHBLOCKLEN];
3564
3565 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
3566 {
3567 case 1: goto EXPAND_FAILED_CURLY;
3568 case 2:
3569 case 3: goto EXPAND_FAILED;
3570 }
3571
3572 if (Ustrcmp(sub[0], "md5") == 0)
3573 {
3574 type = HMAC_MD5;
3575 use_base = &md5_base;
3576 hashlen = 16;
3577 hashblocklen = 64;
3578 }
3579 else if (Ustrcmp(sub[0], "sha1") == 0)
3580 {
3581 type = HMAC_SHA1;
3582 use_base = &sha1_base;
3583 hashlen = 20;
3584 hashblocklen = 64;
3585 }
3586 else
3587 {
3588 expand_string_message =
3589 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
3590 goto EXPAND_FAILED;
3591 }
3592
3593 keyptr = sub[1];
3594 keylen = Ustrlen(keyptr);
3595
3596 /* If the key is longer than the hash block length, then hash the key
3597 first */
3598
3599 if (keylen > hashblocklen)
3600 {
3601 chash_start(type, use_base);
3602 chash_end(type, use_base, keyptr, keylen, keyhash);
3603 keyptr = keyhash;
3604 keylen = hashlen;
3605 }
3606
3607 /* Now make the inner and outer key values */
3608
3609 memset(innerkey, 0x36, hashblocklen);
3610 memset(outerkey, 0x5c, hashblocklen);
3611
3612 for (i = 0; i < keylen; i++)
3613 {
3614 innerkey[i] ^= keyptr[i];
3615 outerkey[i] ^= keyptr[i];
3616 }
3617
3618 /* Now do the hashes */
3619
3620 chash_start(type, use_base);
3621 chash_mid(type, use_base, innerkey);
3622 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
3623
3624 chash_start(type, use_base);
3625 chash_mid(type, use_base, outerkey);
3626 chash_end(type, use_base, innerhash, hashlen, finalhash);
3627
3628 /* Encode the final hash as a hex string */
3629
3630 p = finalhash_hex;
3631 for (i = 0; i < hashlen; i++)
3632 {
3633 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3634 *p++ = hex_digits[finalhash[i] & 0x0f];
3635 }
3636
3637 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
3638 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
3639
3640 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
3641 }
3642
3643 continue;
3644
3645 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
3646 We have to save the numerical variables and restore them afterwards. */
3647
3648 case EITEM_SG:
3649 {
3650 const pcre *re;
3651 int moffset, moffsetextra, slen;
3652 int roffset;
3653 int emptyopt;
3654 const uschar *rerror;
3655 uschar *subject;
3656 uschar *sub[3];
3657 int save_expand_nmax =
3658 save_expand_strings(save_expand_nstring, save_expand_nlength);
3659
3660 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
3661 {
3662 case 1: goto EXPAND_FAILED_CURLY;
3663 case 2:
3664 case 3: goto EXPAND_FAILED;
3665 }
3666
3667 /* Compile the regular expression */
3668
3669 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
3670 NULL);
3671
3672 if (re == NULL)
3673 {
3674 expand_string_message = string_sprintf("regular expression error in "
3675 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
3676 goto EXPAND_FAILED;
3677 }
3678
3679 /* Now run a loop to do the substitutions as often as necessary. It ends
3680 when there are no more matches. Take care over matches of the null string;
3681 do the same thing as Perl does. */
3682
3683 subject = sub[0];
3684 slen = Ustrlen(sub[0]);
3685 moffset = moffsetextra = 0;
3686 emptyopt = 0;
3687
3688 for (;;)
3689 {
3690 int ovector[3*(EXPAND_MAXN+1)];
3691 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
3692 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
3693 int nn;
3694 uschar *insert;
3695
3696 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
3697 is not necessarily the end. We want to repeat the match from one
3698 character further along, but leaving the basic offset the same (for
3699 copying below). We can't be at the end of the string - that was checked
3700 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
3701 finished; copy the remaining string and end the loop. */
3702
3703 if (n < 0)
3704 {
3705 if (emptyopt != 0)
3706 {
3707 moffsetextra = 1;
3708 emptyopt = 0;
3709 continue;
3710 }
3711 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
3712 break;
3713 }
3714
3715 /* Match - set up for expanding the replacement. */
3716
3717 if (n == 0) n = EXPAND_MAXN + 1;
3718 expand_nmax = 0;
3719 for (nn = 0; nn < n*2; nn += 2)
3720 {
3721 expand_nstring[expand_nmax] = subject + ovector[nn];
3722 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
3723 }
3724 expand_nmax--;
3725
3726 /* Copy the characters before the match, plus the expanded insertion. */
3727
3728 yield = string_cat(yield, &size, &ptr, subject + moffset,
3729 ovector[0] - moffset);
3730 insert = expand_string(sub[2]);
3731 if (insert == NULL) goto EXPAND_FAILED;
3732 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
3733
3734 moffset = ovector[1];
3735 moffsetextra = 0;
3736 emptyopt = 0;
3737
3738 /* If we have matched an empty string, first check to see if we are at
3739 the end of the subject. If so, the loop is over. Otherwise, mimic
3740 what Perl's /g options does. This turns out to be rather cunning. First
3741 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
3742 string at the same point. If this fails (picked up above) we advance to
3743 the next character. */
3744
3745 if (ovector[0] == ovector[1])
3746 {
3747 if (ovector[0] == slen) break;
3748 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
3749 }
3750 }
3751
3752 /* All done - restore numerical variables. */
3753
3754 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3755 save_expand_nlength);
3756 continue;
3757 }
3758
3759 /* Handle keyed and numbered substring extraction. If the first argument
3760 consists entirely of digits, then a numerical extraction is assumed. */
3761
3762 case EITEM_EXTRACT:
3763 {
3764 int i;
3765 int j = 2;
3766 int field_number = 1;
3767 BOOL field_number_set = FALSE;
3768 uschar *save_lookup_value = lookup_value;
3769 uschar *sub[3];
3770 int save_expand_nmax =
3771 save_expand_strings(save_expand_nstring, save_expand_nlength);
3772
3773 /* Read the arguments */
3774
3775 for (i = 0; i < j; i++)
3776 {
3777 while (isspace(*s)) s++;
3778 if (*s == '{')
3779 {
3780 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
3781 if (sub[i] == NULL) goto EXPAND_FAILED;
3782 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3783
3784 /* After removal of leading and trailing white space, the first
3785 argument must not be empty; if it consists entirely of digits
3786 (optionally preceded by a minus sign), this is a numerical
3787 extraction, and we expect 3 arguments. */
3788
3789 if (i == 0)
3790 {
3791 int len;
3792 int x = 0;
3793 uschar *p = sub[0];
3794
3795 while (isspace(*p)) p++;
3796 sub[0] = p;
3797
3798 len = Ustrlen(p);
3799 while (len > 0 && isspace(p[len-1])) len--;
3800 p[len] = 0;
3801
3802 if (*p == 0)
3803 {
3804 expand_string_message = US"first argument of \"expand\" must not "
3805 "be empty";
3806 goto EXPAND_FAILED;
3807 }
3808
3809 if (*p == '-')
3810 {
3811 field_number = -1;
3812 p++;
3813 }
3814 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
3815 if (*p == 0)
3816 {
3817 field_number *= x;
3818 j = 3; /* Need 3 args */
3819 field_number_set = TRUE;
3820 }
3821 }
3822 }
3823 else goto EXPAND_FAILED_CURLY;
3824 }
3825
3826 /* Extract either the numbered or the keyed substring into $value. If
3827 skipping, just pretend the extraction failed. */
3828
3829 lookup_value = skipping? NULL : field_number_set?
3830 expand_gettokened(field_number, sub[1], sub[2]) :
3831 expand_getkeyed(sub[0], sub[1]);
3832
3833 /* If no string follows, $value gets substituted; otherwise there can
3834 be yes/no strings, as for lookup or if. */
3835
3836 switch(process_yesno(
3837 skipping, /* were previously skipping */
3838 lookup_value != NULL, /* success/failure indicator */
3839 save_lookup_value, /* value to reset for string2 */
3840 &s, /* input pointer */
3841 &yield, /* output pointer */
3842 &size, /* output size */
3843 &ptr, /* output current point */
3844 US"extract")) /* condition type */
3845 {
3846 case 1: goto EXPAND_FAILED; /* when all is well, the */
3847 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3848 }
3849
3850 /* All done - restore numerical variables. */
3851
3852 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3853 save_expand_nlength);
3854
3855 continue;
3856 }
3857
3858
3859 /* If ${dlfunc support is configured, handle calling dynamically-loaded
3860 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
3861 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
3862 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
3863
3864 #define EXPAND_DLFUNC_MAX_ARGS 8
3865
3866 case EITEM_DLFUNC:
3867 #ifndef EXPAND_DLFUNC
3868 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
3869 "is not included in this binary";
3870 goto EXPAND_FAILED;
3871
3872 #else /* EXPAND_DLFUNC */
3873 {
3874 tree_node *t;
3875 exim_dlfunc_t *func;
3876 uschar *result;
3877 int status, argc;
3878 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
3879
3880 if ((expand_forbid & RDO_DLFUNC) != 0)
3881 {
3882 expand_string_message =
3883 US"dynamically-loaded functions are not permitted";
3884 goto EXPAND_FAILED;
3885 }
3886
3887 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
3888 TRUE, US"dlfunc"))
3889 {
3890 case 1: goto EXPAND_FAILED_CURLY;
3891 case 2:
3892 case 3: goto EXPAND_FAILED;
3893 }
3894
3895 /* If skipping, we don't actually do anything */
3896
3897 if (skipping) continue;
3898
3899 /* Look up the dynamically loaded object handle in the tree. If it isn't
3900 found, dlopen() the file and put the handle in the tree for next time. */
3901
3902 t = tree_search(dlobj_anchor, argv[0]);
3903 if (t == NULL)
3904 {
3905 void *handle = dlopen(CS argv[0], RTLD_LAZY);
3906 if (handle == NULL)
3907 {
3908 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
3909 argv[0], dlerror());
3910 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
3911 goto EXPAND_FAILED;
3912 }
3913 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
3914 Ustrcpy(t->name, argv[0]);
3915 t->data.ptr = handle;
3916 (void)tree_insertnode(&dlobj_anchor, t);
3917 }
3918
3919 /* Having obtained the dynamically loaded object handle, look up the
3920 function pointer. */
3921
3922 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
3923 if (func == NULL)
3924 {
3925 expand_string_message = string_sprintf("dlsym \"%s\&qu