Expansions: acl expansion error detail
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 US"substr",
133 US"tr" };
134
135 enum {
136 EITEM_ACL,
137 EITEM_AUTHRESULTS,
138 EITEM_CERTEXTRACT,
139 EITEM_DLFUNC,
140 EITEM_ENV,
141 EITEM_EXTRACT,
142 EITEM_FILTER,
143 EITEM_HASH,
144 EITEM_HMAC,
145 EITEM_IF,
146 #ifdef SUPPORT_I18N
147 EITEM_IMAPFOLDER,
148 #endif
149 EITEM_LENGTH,
150 EITEM_LISTEXTRACT,
151 EITEM_LOOKUP,
152 EITEM_MAP,
153 EITEM_NHASH,
154 EITEM_PERL,
155 EITEM_PRVS,
156 EITEM_PRVSCHECK,
157 EITEM_READFILE,
158 EITEM_READSOCK,
159 EITEM_REDUCE,
160 EITEM_RUN,
161 EITEM_SG,
162 EITEM_SORT,
163 EITEM_SUBSTR,
164 EITEM_TR };
165
166 /* Tables of operator names, and corresponding switch numbers. The names must be
167 in alphabetical order. There are two tables, because underscore is used in some
168 cases to introduce arguments, whereas for other it is part of the name. This is
169 an historical mis-design. */
170
171 static uschar *op_table_underscore[] = {
172 US"from_utf8",
173 US"local_part",
174 US"quote_local_part",
175 US"reverse_ip",
176 US"time_eval",
177 US"time_interval"
178 #ifdef SUPPORT_I18N
179 ,US"utf8_domain_from_alabel",
180 US"utf8_domain_to_alabel",
181 US"utf8_localpart_from_alabel",
182 US"utf8_localpart_to_alabel"
183 #endif
184 };
185
186 enum {
187 EOP_FROM_UTF8,
188 EOP_LOCAL_PART,
189 EOP_QUOTE_LOCAL_PART,
190 EOP_REVERSE_IP,
191 EOP_TIME_EVAL,
192 EOP_TIME_INTERVAL
193 #ifdef SUPPORT_I18N
194 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
195 EOP_UTF8_DOMAIN_TO_ALABEL,
196 EOP_UTF8_LOCALPART_FROM_ALABEL,
197 EOP_UTF8_LOCALPART_TO_ALABEL
198 #endif
199 };
200
201 static uschar *op_table_main[] = {
202 US"address",
203 US"addresses",
204 US"base32",
205 US"base32d",
206 US"base62",
207 US"base62d",
208 US"base64",
209 US"base64d",
210 US"domain",
211 US"escape",
212 US"escape8bit",
213 US"eval",
214 US"eval10",
215 US"expand",
216 US"h",
217 US"hash",
218 US"hex2b64",
219 US"hexquote",
220 US"ipv6denorm",
221 US"ipv6norm",
222 US"l",
223 US"lc",
224 US"length",
225 US"listcount",
226 US"listnamed",
227 US"mask",
228 US"md5",
229 US"nh",
230 US"nhash",
231 US"quote",
232 US"randint",
233 US"rfc2047",
234 US"rfc2047d",
235 US"rxquote",
236 US"s",
237 US"sha1",
238 US"sha2",
239 US"sha256",
240 US"sha3",
241 US"stat",
242 US"str2b64",
243 US"strlen",
244 US"substr",
245 US"uc",
246 US"utf8clean" };
247
248 enum {
249 EOP_ADDRESS = nelem(op_table_underscore),
250 EOP_ADDRESSES,
251 EOP_BASE32,
252 EOP_BASE32D,
253 EOP_BASE62,
254 EOP_BASE62D,
255 EOP_BASE64,
256 EOP_BASE64D,
257 EOP_DOMAIN,
258 EOP_ESCAPE,
259 EOP_ESCAPE8BIT,
260 EOP_EVAL,
261 EOP_EVAL10,
262 EOP_EXPAND,
263 EOP_H,
264 EOP_HASH,
265 EOP_HEX2B64,
266 EOP_HEXQUOTE,
267 EOP_IPV6DENORM,
268 EOP_IPV6NORM,
269 EOP_L,
270 EOP_LC,
271 EOP_LENGTH,
272 EOP_LISTCOUNT,
273 EOP_LISTNAMED,
274 EOP_MASK,
275 EOP_MD5,
276 EOP_NH,
277 EOP_NHASH,
278 EOP_QUOTE,
279 EOP_RANDINT,
280 EOP_RFC2047,
281 EOP_RFC2047D,
282 EOP_RXQUOTE,
283 EOP_S,
284 EOP_SHA1,
285 EOP_SHA2,
286 EOP_SHA256,
287 EOP_SHA3,
288 EOP_STAT,
289 EOP_STR2B64,
290 EOP_STRLEN,
291 EOP_SUBSTR,
292 EOP_UC,
293 EOP_UTF8CLEAN };
294
295
296 /* Table of condition names, and corresponding switch numbers. The names must
297 be in alphabetical order. */
298
299 static uschar *cond_table[] = {
300 US"<",
301 US"<=",
302 US"=",
303 US"==", /* Backward compatibility */
304 US">",
305 US">=",
306 US"acl",
307 US"and",
308 US"bool",
309 US"bool_lax",
310 US"crypteq",
311 US"def",
312 US"eq",
313 US"eqi",
314 US"exists",
315 US"first_delivery",
316 US"forall",
317 US"forall_json",
318 US"forall_jsons",
319 US"forany",
320 US"forany_json",
321 US"forany_jsons",
322 US"ge",
323 US"gei",
324 US"gt",
325 US"gti",
326 US"inlist",
327 US"inlisti",
328 US"isip",
329 US"isip4",
330 US"isip6",
331 US"ldapauth",
332 US"le",
333 US"lei",
334 US"lt",
335 US"lti",
336 US"match",
337 US"match_address",
338 US"match_domain",
339 US"match_ip",
340 US"match_local_part",
341 US"or",
342 US"pam",
343 US"pwcheck",
344 US"queue_running",
345 US"radius",
346 US"saslauthd"
347 };
348
349 enum {
350 ECOND_NUM_L,
351 ECOND_NUM_LE,
352 ECOND_NUM_E,
353 ECOND_NUM_EE,
354 ECOND_NUM_G,
355 ECOND_NUM_GE,
356 ECOND_ACL,
357 ECOND_AND,
358 ECOND_BOOL,
359 ECOND_BOOL_LAX,
360 ECOND_CRYPTEQ,
361 ECOND_DEF,
362 ECOND_STR_EQ,
363 ECOND_STR_EQI,
364 ECOND_EXISTS,
365 ECOND_FIRST_DELIVERY,
366 ECOND_FORALL,
367 ECOND_FORALL_JSON,
368 ECOND_FORALL_JSONS,
369 ECOND_FORANY,
370 ECOND_FORANY_JSON,
371 ECOND_FORANY_JSONS,
372 ECOND_STR_GE,
373 ECOND_STR_GEI,
374 ECOND_STR_GT,
375 ECOND_STR_GTI,
376 ECOND_INLIST,
377 ECOND_INLISTI,
378 ECOND_ISIP,
379 ECOND_ISIP4,
380 ECOND_ISIP6,
381 ECOND_LDAPAUTH,
382 ECOND_STR_LE,
383 ECOND_STR_LEI,
384 ECOND_STR_LT,
385 ECOND_STR_LTI,
386 ECOND_MATCH,
387 ECOND_MATCH_ADDRESS,
388 ECOND_MATCH_DOMAIN,
389 ECOND_MATCH_IP,
390 ECOND_MATCH_LOCAL_PART,
391 ECOND_OR,
392 ECOND_PAM,
393 ECOND_PWCHECK,
394 ECOND_QUEUE_RUNNING,
395 ECOND_RADIUS,
396 ECOND_SASLAUTHD
397 };
398
399
400 /* Types of table entry */
401
402 enum vtypes {
403 vtype_int, /* value is address of int */
404 vtype_filter_int, /* ditto, but recognized only when filtering */
405 vtype_ino, /* value is address of ino_t (not always an int) */
406 vtype_uid, /* value is address of uid_t (not always an int) */
407 vtype_gid, /* value is address of gid_t (not always an int) */
408 vtype_bool, /* value is address of bool */
409 vtype_stringptr, /* value is address of pointer to string */
410 vtype_msgbody, /* as stringptr, but read when first required */
411 vtype_msgbody_end, /* ditto, the end of the message */
412 vtype_msgheaders, /* the message's headers, processed */
413 vtype_msgheaders_raw, /* the message's headers, unprocessed */
414 vtype_localpart, /* extract local part from string */
415 vtype_domain, /* extract domain from string */
416 vtype_string_func, /* value is string returned by given function */
417 vtype_todbsdin, /* value not used; generate BSD inbox tod */
418 vtype_tode, /* value not used; generate tod in epoch format */
419 vtype_todel, /* value not used; generate tod in epoch/usec format */
420 vtype_todf, /* value not used; generate full tod */
421 vtype_todl, /* value not used; generate log tod */
422 vtype_todlf, /* value not used; generate log file datestamp tod */
423 vtype_todzone, /* value not used; generate time zone only */
424 vtype_todzulu, /* value not used; generate zulu tod */
425 vtype_reply, /* value not used; get reply from headers */
426 vtype_pid, /* value not used; result is pid */
427 vtype_host_lookup, /* value not used; get host name */
428 vtype_load_avg, /* value not used; result is int from os_getloadavg */
429 vtype_pspace, /* partition space; value is T/F for spool/log */
430 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
431 vtype_cert /* SSL certificate */
432 #ifndef DISABLE_DKIM
433 ,vtype_dkim /* Lookup of value in DKIM signature */
434 #endif
435 };
436
437 /* Type for main variable table */
438
439 typedef struct {
440 const char *name;
441 enum vtypes type;
442 void *value;
443 } var_entry;
444
445 /* Type for entries pointing to address/length pairs. Not currently
446 in use. */
447
448 typedef struct {
449 uschar **address;
450 int *length;
451 } alblock;
452
453 static uschar * fn_recipients(void);
454
455 /* This table must be kept in alphabetical order. */
456
457 static var_entry var_table[] = {
458 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
459 they will be confused with user-creatable ACL variables. */
460 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
461 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
462 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
463 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
464 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
465 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
466 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
467 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
468 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
469 { "acl_narg", vtype_int, &acl_narg },
470 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
471 { "address_data", vtype_stringptr, &deliver_address_data },
472 { "address_file", vtype_stringptr, &address_file },
473 { "address_pipe", vtype_stringptr, &address_pipe },
474 #ifdef EXPERIMENTAL_ARC
475 { "arc_domains", vtype_string_func, &fn_arc_domains },
476 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
477 { "arc_state", vtype_stringptr, &arc_state },
478 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
479 #endif
480 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
481 { "authenticated_id", vtype_stringptr, &authenticated_id },
482 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
483 { "authentication_failed",vtype_int, &authentication_failed },
484 #ifdef WITH_CONTENT_SCAN
485 { "av_failed", vtype_int, &av_failed },
486 #endif
487 #ifdef EXPERIMENTAL_BRIGHTMAIL
488 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
489 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
490 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
491 { "bmi_deliver", vtype_int, &bmi_deliver },
492 #endif
493 { "body_linecount", vtype_int, &body_linecount },
494 { "body_zerocount", vtype_int, &body_zerocount },
495 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
496 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
497 { "caller_gid", vtype_gid, &real_gid },
498 { "caller_uid", vtype_uid, &real_uid },
499 { "callout_address", vtype_stringptr, &callout_address },
500 { "compile_date", vtype_stringptr, &version_date },
501 { "compile_number", vtype_stringptr, &version_cnumber },
502 { "config_dir", vtype_stringptr, &config_main_directory },
503 { "config_file", vtype_stringptr, &config_main_filename },
504 { "csa_status", vtype_stringptr, &csa_status },
505 #ifdef EXPERIMENTAL_DCC
506 { "dcc_header", vtype_stringptr, &dcc_header },
507 { "dcc_result", vtype_stringptr, &dcc_result },
508 #endif
509 #ifndef DISABLE_DKIM
510 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
511 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
512 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
513 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
514 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
515 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
516 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
517 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
518 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
519 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
520 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
521 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
522 { "dkim_key_length", vtype_int, &dkim_key_length },
523 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
524 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
525 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
526 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
527 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
528 { "dkim_signers", vtype_stringptr, &dkim_signers },
529 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
530 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
531 #endif
532 #ifdef EXPERIMENTAL_DMARC
533 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
534 { "dmarc_status", vtype_stringptr, &dmarc_status },
535 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
536 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
537 #endif
538 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
539 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
540 { "dnslist_text", vtype_stringptr, &dnslist_text },
541 { "dnslist_value", vtype_stringptr, &dnslist_value },
542 { "domain", vtype_stringptr, &deliver_domain },
543 { "domain_data", vtype_stringptr, &deliver_domain_data },
544 #ifndef DISABLE_EVENT
545 { "event_data", vtype_stringptr, &event_data },
546
547 /*XXX want to use generic vars for as many of these as possible*/
548 { "event_defer_errno", vtype_int, &event_defer_errno },
549
550 { "event_name", vtype_stringptr, &event_name },
551 #endif
552 { "exim_gid", vtype_gid, &exim_gid },
553 { "exim_path", vtype_stringptr, &exim_path },
554 { "exim_uid", vtype_uid, &exim_uid },
555 { "exim_version", vtype_stringptr, &version_string },
556 { "headers_added", vtype_string_func, &fn_hdrs_added },
557 { "home", vtype_stringptr, &deliver_home },
558 { "host", vtype_stringptr, &deliver_host },
559 { "host_address", vtype_stringptr, &deliver_host_address },
560 { "host_data", vtype_stringptr, &host_data },
561 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
562 { "host_lookup_failed", vtype_int, &host_lookup_failed },
563 { "host_port", vtype_int, &deliver_host_port },
564 { "initial_cwd", vtype_stringptr, &initial_cwd },
565 { "inode", vtype_ino, &deliver_inode },
566 { "interface_address", vtype_stringptr, &interface_address },
567 { "interface_port", vtype_int, &interface_port },
568 { "item", vtype_stringptr, &iterate_item },
569 #ifdef LOOKUP_LDAP
570 { "ldap_dn", vtype_stringptr, &eldap_dn },
571 #endif
572 { "load_average", vtype_load_avg, NULL },
573 { "local_part", vtype_stringptr, &deliver_localpart },
574 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
575 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
576 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
577 #ifdef HAVE_LOCAL_SCAN
578 { "local_scan_data", vtype_stringptr, &local_scan_data },
579 #endif
580 { "local_user_gid", vtype_gid, &local_user_gid },
581 { "local_user_uid", vtype_uid, &local_user_uid },
582 { "localhost_number", vtype_int, &host_number },
583 { "log_inodes", vtype_pinodes, (void *)FALSE },
584 { "log_space", vtype_pspace, (void *)FALSE },
585 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
586 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
587 #ifdef WITH_CONTENT_SCAN
588 { "malware_name", vtype_stringptr, &malware_name },
589 #endif
590 { "max_received_linelength", vtype_int, &max_received_linelength },
591 { "message_age", vtype_int, &message_age },
592 { "message_body", vtype_msgbody, &message_body },
593 { "message_body_end", vtype_msgbody_end, &message_body_end },
594 { "message_body_size", vtype_int, &message_body_size },
595 { "message_exim_id", vtype_stringptr, &message_id },
596 { "message_headers", vtype_msgheaders, NULL },
597 { "message_headers_raw", vtype_msgheaders_raw, NULL },
598 { "message_id", vtype_stringptr, &message_id },
599 { "message_linecount", vtype_int, &message_linecount },
600 { "message_size", vtype_int, &message_size },
601 #ifdef SUPPORT_I18N
602 { "message_smtputf8", vtype_bool, &message_smtputf8 },
603 #endif
604 #ifdef WITH_CONTENT_SCAN
605 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
606 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
607 { "mime_boundary", vtype_stringptr, &mime_boundary },
608 { "mime_charset", vtype_stringptr, &mime_charset },
609 { "mime_content_description", vtype_stringptr, &mime_content_description },
610 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
611 { "mime_content_id", vtype_stringptr, &mime_content_id },
612 { "mime_content_size", vtype_int, &mime_content_size },
613 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
614 { "mime_content_type", vtype_stringptr, &mime_content_type },
615 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
616 { "mime_filename", vtype_stringptr, &mime_filename },
617 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
618 { "mime_is_multipart", vtype_int, &mime_is_multipart },
619 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
620 { "mime_part_count", vtype_int, &mime_part_count },
621 #endif
622 { "n0", vtype_filter_int, &filter_n[0] },
623 { "n1", vtype_filter_int, &filter_n[1] },
624 { "n2", vtype_filter_int, &filter_n[2] },
625 { "n3", vtype_filter_int, &filter_n[3] },
626 { "n4", vtype_filter_int, &filter_n[4] },
627 { "n5", vtype_filter_int, &filter_n[5] },
628 { "n6", vtype_filter_int, &filter_n[6] },
629 { "n7", vtype_filter_int, &filter_n[7] },
630 { "n8", vtype_filter_int, &filter_n[8] },
631 { "n9", vtype_filter_int, &filter_n[9] },
632 { "original_domain", vtype_stringptr, &deliver_domain_orig },
633 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
634 { "originator_gid", vtype_gid, &originator_gid },
635 { "originator_uid", vtype_uid, &originator_uid },
636 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
637 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
638 { "pid", vtype_pid, NULL },
639 #ifndef DISABLE_PRDR
640 { "prdr_requested", vtype_bool, &prdr_requested },
641 #endif
642 { "primary_hostname", vtype_stringptr, &primary_hostname },
643 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
644 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
645 { "proxy_external_port", vtype_int, &proxy_external_port },
646 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
647 { "proxy_local_port", vtype_int, &proxy_local_port },
648 { "proxy_session", vtype_bool, &proxy_session },
649 #endif
650 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
651 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
652 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
653 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
654 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
655 { "queue_name", vtype_stringptr, &queue_name },
656 { "rcpt_count", vtype_int, &rcpt_count },
657 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
658 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
659 { "received_count", vtype_int, &received_count },
660 { "received_for", vtype_stringptr, &received_for },
661 { "received_ip_address", vtype_stringptr, &interface_address },
662 { "received_port", vtype_int, &interface_port },
663 { "received_protocol", vtype_stringptr, &received_protocol },
664 { "received_time", vtype_int, &received_time.tv_sec },
665 { "recipient_data", vtype_stringptr, &recipient_data },
666 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
667 { "recipients", vtype_string_func, &fn_recipients },
668 { "recipients_count", vtype_int, &recipients_count },
669 #ifdef WITH_CONTENT_SCAN
670 { "regex_match_string", vtype_stringptr, &regex_match_string },
671 #endif
672 { "reply_address", vtype_reply, NULL },
673 { "return_path", vtype_stringptr, &return_path },
674 { "return_size_limit", vtype_int, &bounce_return_size_limit },
675 { "router_name", vtype_stringptr, &router_name },
676 { "runrc", vtype_int, &runrc },
677 { "self_hostname", vtype_stringptr, &self_hostname },
678 { "sender_address", vtype_stringptr, &sender_address },
679 { "sender_address_data", vtype_stringptr, &sender_address_data },
680 { "sender_address_domain", vtype_domain, &sender_address },
681 { "sender_address_local_part", vtype_localpart, &sender_address },
682 { "sender_data", vtype_stringptr, &sender_data },
683 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
684 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
685 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
686 { "sender_host_address", vtype_stringptr, &sender_host_address },
687 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
688 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
689 { "sender_host_name", vtype_host_lookup, NULL },
690 { "sender_host_port", vtype_int, &sender_host_port },
691 { "sender_ident", vtype_stringptr, &sender_ident },
692 { "sender_rate", vtype_stringptr, &sender_rate },
693 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
694 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
695 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
696 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
697 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
698 { "sending_port", vtype_int, &sending_port },
699 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
700 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
701 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
702 { "smtp_command_history", vtype_string_func, &smtp_cmd_hist },
703 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
704 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
705 { "sn0", vtype_filter_int, &filter_sn[0] },
706 { "sn1", vtype_filter_int, &filter_sn[1] },
707 { "sn2", vtype_filter_int, &filter_sn[2] },
708 { "sn3", vtype_filter_int, &filter_sn[3] },
709 { "sn4", vtype_filter_int, &filter_sn[4] },
710 { "sn5", vtype_filter_int, &filter_sn[5] },
711 { "sn6", vtype_filter_int, &filter_sn[6] },
712 { "sn7", vtype_filter_int, &filter_sn[7] },
713 { "sn8", vtype_filter_int, &filter_sn[8] },
714 { "sn9", vtype_filter_int, &filter_sn[9] },
715 #ifdef WITH_CONTENT_SCAN
716 { "spam_action", vtype_stringptr, &spam_action },
717 { "spam_bar", vtype_stringptr, &spam_bar },
718 { "spam_report", vtype_stringptr, &spam_report },
719 { "spam_score", vtype_stringptr, &spam_score },
720 { "spam_score_int", vtype_stringptr, &spam_score_int },
721 #endif
722 #ifdef SUPPORT_SPF
723 { "spf_guess", vtype_stringptr, &spf_guess },
724 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
725 { "spf_received", vtype_stringptr, &spf_received },
726 { "spf_result", vtype_stringptr, &spf_result },
727 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
728 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
729 #endif
730 { "spool_directory", vtype_stringptr, &spool_directory },
731 { "spool_inodes", vtype_pinodes, (void *)TRUE },
732 { "spool_space", vtype_pspace, (void *)TRUE },
733 #ifdef EXPERIMENTAL_SRS
734 { "srs_db_address", vtype_stringptr, &srs_db_address },
735 { "srs_db_key", vtype_stringptr, &srs_db_key },
736 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
737 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
738 { "srs_recipient", vtype_stringptr, &srs_recipient },
739 { "srs_status", vtype_stringptr, &srs_status },
740 #endif
741 { "thisaddress", vtype_stringptr, &filter_thisaddress },
742
743 /* The non-(in,out) variables are now deprecated */
744 { "tls_bits", vtype_int, &tls_in.bits },
745 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
746 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
747
748 { "tls_in_bits", vtype_int, &tls_in.bits },
749 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
750 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
751 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
752 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
753 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
754 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
755 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
756 #ifdef EXPERIMENTAL_TLS_RESUME
757 { "tls_in_resumption", vtype_int, &tls_in.resumption },
758 #endif
759 #ifndef DISABLE_TLS
760 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
761 #endif
762 { "tls_out_bits", vtype_int, &tls_out.bits },
763 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
764 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
765 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
766 #ifdef SUPPORT_DANE
767 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
768 #endif
769 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
770 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
771 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
772 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
773 #ifdef EXPERIMENTAL_TLS_RESUME
774 { "tls_out_resumption", vtype_int, &tls_out.resumption },
775 #endif
776 #ifndef DISABLE_TLS
777 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
778 #endif
779 #ifdef SUPPORT_DANE
780 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
781 #endif
782
783 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
784 #ifndef DISABLE_TLS
785 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
786 #endif
787
788 { "tod_bsdinbox", vtype_todbsdin, NULL },
789 { "tod_epoch", vtype_tode, NULL },
790 { "tod_epoch_l", vtype_todel, NULL },
791 { "tod_full", vtype_todf, NULL },
792 { "tod_log", vtype_todl, NULL },
793 { "tod_logfile", vtype_todlf, NULL },
794 { "tod_zone", vtype_todzone, NULL },
795 { "tod_zulu", vtype_todzulu, NULL },
796 { "transport_name", vtype_stringptr, &transport_name },
797 { "value", vtype_stringptr, &lookup_value },
798 { "verify_mode", vtype_stringptr, &verify_mode },
799 { "version_number", vtype_stringptr, &version_string },
800 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
801 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
802 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
803 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
804 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
805 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
806 };
807
808 static int var_table_size = nelem(var_table);
809 static uschar var_buffer[256];
810 static BOOL malformed_header;
811
812 /* For textual hashes */
813
814 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
815 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
816 "0123456789";
817
818 enum { HMAC_MD5, HMAC_SHA1 };
819
820 /* For numeric hashes */
821
822 static unsigned int prime[] = {
823 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
824 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
825 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
826
827 /* For printing modes in symbolic form */
828
829 static uschar *mtable_normal[] =
830 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
831
832 static uschar *mtable_setid[] =
833 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
834
835 static uschar *mtable_sticky[] =
836 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
837
838 /* flags for find_header() */
839 #define FH_EXISTS_ONLY BIT(0)
840 #define FH_WANT_RAW BIT(1)
841 #define FH_WANT_LIST BIT(2)
842
843
844 /*************************************************
845 * Tables for UTF-8 support *
846 *************************************************/
847
848 /* Table of the number of extra characters, indexed by the first character
849 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
850 0x3d. */
851
852 static uschar utf8_table1[] = {
853 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
854 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
855 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
856 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
857
858 /* These are the masks for the data bits in the first byte of a character,
859 indexed by the number of additional bytes. */
860
861 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
862
863 /* Get the next UTF-8 character, advancing the pointer. */
864
865 #define GETUTF8INC(c, ptr) \
866 c = *ptr++; \
867 if ((c & 0xc0) == 0xc0) \
868 { \
869 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
870 int s = 6*a; \
871 c = (c & utf8_table2[a]) << s; \
872 while (a-- > 0) \
873 { \
874 s -= 6; \
875 c |= (*ptr++ & 0x3f) << s; \
876 } \
877 }
878
879
880
881 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
882
883 /*************************************************
884 * Binary chop search on a table *
885 *************************************************/
886
887 /* This is used for matching expansion items and operators.
888
889 Arguments:
890 name the name that is being sought
891 table the table to search
892 table_size the number of items in the table
893
894 Returns: the offset in the table, or -1
895 */
896
897 static int
898 chop_match(uschar *name, uschar **table, int table_size)
899 {
900 uschar **bot = table;
901 uschar **top = table + table_size;
902
903 while (top > bot)
904 {
905 uschar **mid = bot + (top - bot)/2;
906 int c = Ustrcmp(name, *mid);
907 if (c == 0) return mid - table;
908 if (c > 0) bot = mid + 1; else top = mid;
909 }
910
911 return -1;
912 }
913
914
915
916 /*************************************************
917 * Check a condition string *
918 *************************************************/
919
920 /* This function is called to expand a string, and test the result for a "true"
921 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
922 forced fail or lookup defer.
923
924 We used to release all store used, but this is not not safe due
925 to ${dlfunc } and ${acl }. In any case expand_string_internal()
926 is reasonably careful to release what it can.
927
928 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
929
930 Arguments:
931 condition the condition string
932 m1 text to be incorporated in panic error
933 m2 ditto
934
935 Returns: TRUE if condition is met, FALSE if not
936 */
937
938 BOOL
939 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
940 {
941 int rc;
942 uschar *ss = expand_string(condition);
943 if (ss == NULL)
944 {
945 if (!f.expand_string_forcedfail && !f.search_find_defer)
946 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
947 "for %s %s: %s", condition, m1, m2, expand_string_message);
948 return FALSE;
949 }
950 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
951 strcmpic(ss, US"false") != 0;
952 return rc;
953 }
954
955
956
957
958 /*************************************************
959 * Pseudo-random number generation *
960 *************************************************/
961
962 /* Pseudo-random number generation. The result is not "expected" to be
963 cryptographically strong but not so weak that someone will shoot themselves
964 in the foot using it as a nonce in some email header scheme or whatever
965 weirdness they'll twist this into. The result should ideally handle fork().
966
967 However, if we're stuck unable to provide this, then we'll fall back to
968 appallingly bad randomness.
969
970 If DISABLE_TLS is not defined then this will not be used except as an emergency
971 fallback.
972
973 Arguments:
974 max range maximum
975 Returns a random number in range [0, max-1]
976 */
977
978 #ifndef DISABLE_TLS
979 # define vaguely_random_number vaguely_random_number_fallback
980 #endif
981 int
982 vaguely_random_number(int max)
983 {
984 #ifndef DISABLE_TLS
985 # undef vaguely_random_number
986 #endif
987 static pid_t pid = 0;
988 pid_t p2;
989
990 if ((p2 = getpid()) != pid)
991 {
992 if (pid != 0)
993 {
994
995 #ifdef HAVE_ARC4RANDOM
996 /* cryptographically strong randomness, common on *BSD platforms, not
997 so much elsewhere. Alas. */
998 # ifndef NOT_HAVE_ARC4RANDOM_STIR
999 arc4random_stir();
1000 # endif
1001 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1002 # ifdef HAVE_SRANDOMDEV
1003 /* uses random(4) for seeding */
1004 srandomdev();
1005 # else
1006 {
1007 struct timeval tv;
1008 gettimeofday(&tv, NULL);
1009 srandom(tv.tv_sec | tv.tv_usec | getpid());
1010 }
1011 # endif
1012 #else
1013 /* Poor randomness and no seeding here */
1014 #endif
1015
1016 }
1017 pid = p2;
1018 }
1019
1020 #ifdef HAVE_ARC4RANDOM
1021 return arc4random() % max;
1022 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1023 return random() % max;
1024 #else
1025 /* This one returns a 16-bit number, definitely not crypto-strong */
1026 return random_number(max);
1027 #endif
1028 }
1029
1030
1031
1032
1033 /*************************************************
1034 * Pick out a name from a string *
1035 *************************************************/
1036
1037 /* If the name is too long, it is silently truncated.
1038
1039 Arguments:
1040 name points to a buffer into which to put the name
1041 max is the length of the buffer
1042 s points to the first alphabetic character of the name
1043 extras chars other than alphanumerics to permit
1044
1045 Returns: pointer to the first character after the name
1046
1047 Note: The test for *s != 0 in the while loop is necessary because
1048 Ustrchr() yields non-NULL if the character is zero (which is not something
1049 I expected). */
1050
1051 static const uschar *
1052 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1053 {
1054 int ptr = 0;
1055 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1056 {
1057 if (ptr < max-1) name[ptr++] = *s;
1058 s++;
1059 }
1060 name[ptr] = 0;
1061 return s;
1062 }
1063
1064
1065
1066 /*************************************************
1067 * Pick out the rest of a header name *
1068 *************************************************/
1069
1070 /* A variable name starting $header_ (or just $h_ for those who like
1071 abbreviations) might not be the complete header name because headers can
1072 contain any printing characters in their names, except ':'. This function is
1073 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1074 on the end, if the name was terminated by white space.
1075
1076 Arguments:
1077 name points to a buffer in which the name read so far exists
1078 max is the length of the buffer
1079 s points to the first character after the name so far, i.e. the
1080 first non-alphameric character after $header_xxxxx
1081
1082 Returns: a pointer to the first character after the header name
1083 */
1084
1085 static const uschar *
1086 read_header_name(uschar *name, int max, const uschar *s)
1087 {
1088 int prelen = Ustrchr(name, '_') - name + 1;
1089 int ptr = Ustrlen(name) - prelen;
1090 if (ptr > 0) memmove(name, name+prelen, ptr);
1091 while (mac_isgraph(*s) && *s != ':')
1092 {
1093 if (ptr < max-1) name[ptr++] = *s;
1094 s++;
1095 }
1096 if (*s == ':') s++;
1097 name[ptr++] = ':';
1098 name[ptr] = 0;
1099 return s;
1100 }
1101
1102
1103
1104 /*************************************************
1105 * Pick out a number from a string *
1106 *************************************************/
1107
1108 /* Arguments:
1109 n points to an integer into which to put the number
1110 s points to the first digit of the number
1111
1112 Returns: a pointer to the character after the last digit
1113 */
1114 /*XXX consider expanding to int_eximarith_t. But the test for
1115 "overbig numbers" in 0002 still needs to overflow it. */
1116
1117 static uschar *
1118 read_number(int *n, uschar *s)
1119 {
1120 *n = 0;
1121 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1122 return s;
1123 }
1124
1125 static const uschar *
1126 read_cnumber(int *n, const uschar *s)
1127 {
1128 *n = 0;
1129 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1130 return s;
1131 }
1132
1133
1134
1135 /*************************************************
1136 * Extract keyed subfield from a string *
1137 *************************************************/
1138
1139 /* The yield is in dynamic store; NULL means that the key was not found.
1140
1141 Arguments:
1142 key points to the name of the key
1143 s points to the string from which to extract the subfield
1144
1145 Returns: NULL if the subfield was not found, or
1146 a pointer to the subfield's data
1147 */
1148
1149 static uschar *
1150 expand_getkeyed(uschar * key, const uschar * s)
1151 {
1152 int length = Ustrlen(key);
1153 while (isspace(*s)) s++;
1154
1155 /* Loop to search for the key */
1156
1157 while (*s)
1158 {
1159 int dkeylength;
1160 uschar * data;
1161 const uschar * dkey = s;
1162
1163 while (*s && *s != '=' && !isspace(*s)) s++;
1164 dkeylength = s - dkey;
1165 while (isspace(*s)) s++;
1166 if (*s == '=') while (isspace((*(++s))));
1167
1168 data = string_dequote(&s);
1169 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1170 return data;
1171
1172 while (isspace(*s)) s++;
1173 }
1174
1175 return NULL;
1176 }
1177
1178
1179
1180 static var_entry *
1181 find_var_ent(uschar * name)
1182 {
1183 int first = 0;
1184 int last = var_table_size;
1185
1186 while (last > first)
1187 {
1188 int middle = (first + last)/2;
1189 int c = Ustrcmp(name, var_table[middle].name);
1190
1191 if (c > 0) { first = middle + 1; continue; }
1192 if (c < 0) { last = middle; continue; }
1193 return &var_table[middle];
1194 }
1195 return NULL;
1196 }
1197
1198 /*************************************************
1199 * Extract numbered subfield from string *
1200 *************************************************/
1201
1202 /* Extracts a numbered field from a string that is divided by tokens - for
1203 example a line from /etc/passwd is divided by colon characters. First field is
1204 numbered one. Negative arguments count from the right. Zero returns the whole
1205 string. Returns NULL if there are insufficient tokens in the string
1206
1207 ***WARNING***
1208 Modifies final argument - this is a dynamically generated string, so that's OK.
1209
1210 Arguments:
1211 field number of field to be extracted,
1212 first field = 1, whole string = 0, last field = -1
1213 separators characters that are used to break string into tokens
1214 s points to the string from which to extract the subfield
1215
1216 Returns: NULL if the field was not found,
1217 a pointer to the field's data inside s (modified to add 0)
1218 */
1219
1220 static uschar *
1221 expand_gettokened (int field, uschar *separators, uschar *s)
1222 {
1223 int sep = 1;
1224 int count;
1225 uschar *ss = s;
1226 uschar *fieldtext = NULL;
1227
1228 if (field == 0) return s;
1229
1230 /* Break the line up into fields in place; for field > 0 we stop when we have
1231 done the number of fields we want. For field < 0 we continue till the end of
1232 the string, counting the number of fields. */
1233
1234 count = (field > 0)? field : INT_MAX;
1235
1236 while (count-- > 0)
1237 {
1238 size_t len;
1239
1240 /* Previous field was the last one in the string. For a positive field
1241 number, this means there are not enough fields. For a negative field number,
1242 check that there are enough, and scan back to find the one that is wanted. */
1243
1244 if (sep == 0)
1245 {
1246 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1247 if ((-field) == (INT_MAX - count - 1)) return s;
1248 while (field++ < 0)
1249 {
1250 ss--;
1251 while (ss[-1] != 0) ss--;
1252 }
1253 fieldtext = ss;
1254 break;
1255 }
1256
1257 /* Previous field was not last in the string; save its start and put a
1258 zero at its end. */
1259
1260 fieldtext = ss;
1261 len = Ustrcspn(ss, separators);
1262 sep = ss[len];
1263 ss[len] = 0;
1264 ss += len + 1;
1265 }
1266
1267 return fieldtext;
1268 }
1269
1270
1271 static uschar *
1272 expand_getlistele(int field, const uschar * list)
1273 {
1274 const uschar * tlist = list;
1275 int sep = 0;
1276 uschar dummy;
1277
1278 if (field < 0)
1279 {
1280 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1281 sep = 0;
1282 }
1283 if (field == 0) return NULL;
1284 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1285 return string_nextinlist(&list, &sep, NULL, 0);
1286 }
1287
1288
1289 /* Certificate fields, by name. Worry about by-OID later */
1290 /* Names are chosen to not have common prefixes */
1291
1292 #ifndef DISABLE_TLS
1293 typedef struct
1294 {
1295 uschar * name;
1296 int namelen;
1297 uschar * (*getfn)(void * cert, uschar * mod);
1298 } certfield;
1299 static certfield certfields[] =
1300 { /* linear search; no special order */
1301 { US"version", 7, &tls_cert_version },
1302 { US"serial_number", 13, &tls_cert_serial_number },
1303 { US"subject", 7, &tls_cert_subject },
1304 { US"notbefore", 9, &tls_cert_not_before },
1305 { US"notafter", 8, &tls_cert_not_after },
1306 { US"issuer", 6, &tls_cert_issuer },
1307 { US"signature", 9, &tls_cert_signature },
1308 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1309 { US"subj_altname", 12, &tls_cert_subject_altname },
1310 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1311 { US"crl_uri", 7, &tls_cert_crl_uri },
1312 };
1313
1314 static uschar *
1315 expand_getcertele(uschar * field, uschar * certvar)
1316 {
1317 var_entry * vp;
1318
1319 if (!(vp = find_var_ent(certvar)))
1320 {
1321 expand_string_message =
1322 string_sprintf("no variable named \"%s\"", certvar);
1323 return NULL; /* Unknown variable name */
1324 }
1325 /* NB this stops us passing certs around in variable. Might
1326 want to do that in future */
1327 if (vp->type != vtype_cert)
1328 {
1329 expand_string_message =
1330 string_sprintf("\"%s\" is not a certificate", certvar);
1331 return NULL; /* Unknown variable name */
1332 }
1333 if (!*(void **)vp->value)
1334 return NULL;
1335
1336 if (*field >= '0' && *field <= '9')
1337 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1338
1339 for (certfield * cp = certfields;
1340 cp < certfields + nelem(certfields);
1341 cp++)
1342 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1343 {
1344 uschar * modifier = *(field += cp->namelen) == ','
1345 ? ++field : NULL;
1346 return (*cp->getfn)( *(void **)vp->value, modifier );
1347 }
1348
1349 expand_string_message =
1350 string_sprintf("bad field selector \"%s\" for certextract", field);
1351 return NULL;
1352 }
1353 #endif /*DISABLE_TLS*/
1354
1355 /*************************************************
1356 * Extract a substring from a string *
1357 *************************************************/
1358
1359 /* Perform the ${substr or ${length expansion operations.
1360
1361 Arguments:
1362 subject the input string
1363 value1 the offset from the start of the input string to the start of
1364 the output string; if negative, count from the right.
1365 value2 the length of the output string, or negative (-1) for unset
1366 if value1 is positive, unset means "all after"
1367 if value1 is negative, unset means "all before"
1368 len set to the length of the returned string
1369
1370 Returns: pointer to the output string, or NULL if there is an error
1371 */
1372
1373 static uschar *
1374 extract_substr(uschar *subject, int value1, int value2, int *len)
1375 {
1376 int sublen = Ustrlen(subject);
1377
1378 if (value1 < 0) /* count from right */
1379 {
1380 value1 += sublen;
1381
1382 /* If the position is before the start, skip to the start, and adjust the
1383 length. If the length ends up negative, the substring is null because nothing
1384 can precede. This falls out naturally when the length is unset, meaning "all
1385 to the left". */
1386
1387 if (value1 < 0)
1388 {
1389 value2 += value1;
1390 if (value2 < 0) value2 = 0;
1391 value1 = 0;
1392 }
1393
1394 /* Otherwise an unset length => characters before value1 */
1395
1396 else if (value2 < 0)
1397 {
1398 value2 = value1;
1399 value1 = 0;
1400 }
1401 }
1402
1403 /* For a non-negative offset, if the starting position is past the end of the
1404 string, the result will be the null string. Otherwise, an unset length means
1405 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1406
1407 else
1408 {
1409 if (value1 > sublen)
1410 {
1411 value1 = sublen;
1412 value2 = 0;
1413 }
1414 else if (value2 < 0) value2 = sublen;
1415 }
1416
1417 /* Cut the length down to the maximum possible for the offset value, and get
1418 the required characters. */
1419
1420 if (value1 + value2 > sublen) value2 = sublen - value1;
1421 *len = value2;
1422 return subject + value1;
1423 }
1424
1425
1426
1427
1428 /*************************************************
1429 * Old-style hash of a string *
1430 *************************************************/
1431
1432 /* Perform the ${hash expansion operation.
1433
1434 Arguments:
1435 subject the input string (an expanded substring)
1436 value1 the length of the output string; if greater or equal to the
1437 length of the input string, the input string is returned
1438 value2 the number of hash characters to use, or 26 if negative
1439 len set to the length of the returned string
1440
1441 Returns: pointer to the output string, or NULL if there is an error
1442 */
1443
1444 static uschar *
1445 compute_hash(uschar *subject, int value1, int value2, int *len)
1446 {
1447 int sublen = Ustrlen(subject);
1448
1449 if (value2 < 0) value2 = 26;
1450 else if (value2 > Ustrlen(hashcodes))
1451 {
1452 expand_string_message =
1453 string_sprintf("hash count \"%d\" too big", value2);
1454 return NULL;
1455 }
1456
1457 /* Calculate the hash text. We know it is shorter than the original string, so
1458 can safely place it in subject[] (we know that subject is always itself an
1459 expanded substring). */
1460
1461 if (value1 < sublen)
1462 {
1463 int c;
1464 int i = 0;
1465 int j = value1;
1466 while ((c = (subject[j])) != 0)
1467 {
1468 int shift = (c + j++) & 7;
1469 subject[i] ^= (c << shift) | (c >> (8-shift));
1470 if (++i >= value1) i = 0;
1471 }
1472 for (i = 0; i < value1; i++)
1473 subject[i] = hashcodes[(subject[i]) % value2];
1474 }
1475 else value1 = sublen;
1476
1477 *len = value1;
1478 return subject;
1479 }
1480
1481
1482
1483
1484 /*************************************************
1485 * Numeric hash of a string *
1486 *************************************************/
1487
1488 /* Perform the ${nhash expansion operation. The first characters of the
1489 string are treated as most important, and get the highest prime numbers.
1490
1491 Arguments:
1492 subject the input string
1493 value1 the maximum value of the first part of the result
1494 value2 the maximum value of the second part of the result,
1495 or negative to produce only a one-part result
1496 len set to the length of the returned string
1497
1498 Returns: pointer to the output string, or NULL if there is an error.
1499 */
1500
1501 static uschar *
1502 compute_nhash (uschar *subject, int value1, int value2, int *len)
1503 {
1504 uschar *s = subject;
1505 int i = 0;
1506 unsigned long int total = 0; /* no overflow */
1507
1508 while (*s != 0)
1509 {
1510 if (i == 0) i = nelem(prime) - 1;
1511 total += prime[i--] * (unsigned int)(*s++);
1512 }
1513
1514 /* If value2 is unset, just compute one number */
1515
1516 if (value2 < 0)
1517 s = string_sprintf("%lu", total % value1);
1518
1519 /* Otherwise do a div/mod hash */
1520
1521 else
1522 {
1523 total = total % (value1 * value2);
1524 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1525 }
1526
1527 *len = Ustrlen(s);
1528 return s;
1529 }
1530
1531
1532
1533
1534
1535 /*************************************************
1536 * Find the value of a header or headers *
1537 *************************************************/
1538
1539 /* Multiple instances of the same header get concatenated, and this function
1540 can also return a concatenation of all the header lines. When concatenating
1541 specific headers that contain lists of addresses, a comma is inserted between
1542 them. Otherwise we use a straight concatenation. Because some messages can have
1543 pathologically large number of lines, there is a limit on the length that is
1544 returned.
1545
1546 Arguments:
1547 name the name of the header, without the leading $header_ or $h_,
1548 or NULL if a concatenation of all headers is required
1549 newsize return the size of memory block that was obtained; may be NULL
1550 if exists_only is TRUE
1551 flags FH_EXISTS_ONLY
1552 set if called from a def: test; don't need to build a string;
1553 just return a string that is not "" and not "0" if the header
1554 exists
1555 FH_WANT_RAW
1556 set if called for $rh_ or $rheader_ items; no processing,
1557 other than concatenating, will be done on the header. Also used
1558 for $message_headers_raw.
1559 FH_WANT_LIST
1560 Double colon chars in the content, and replace newline with
1561 colon between each element when concatenating; returning a
1562 colon-sep list (elements might contain newlines)
1563 charset name of charset to translate MIME words to; used only if
1564 want_raw is false; if NULL, no translation is done (this is
1565 used for $bh_ and $bheader_)
1566
1567 Returns: NULL if the header does not exist, else a pointer to a new
1568 store block
1569 */
1570
1571 static uschar *
1572 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1573 {
1574 BOOL found = !name;
1575 int len = name ? Ustrlen(name) : 0;
1576 BOOL comma = FALSE;
1577 gstring * g = NULL;
1578
1579 for (header_line * h = header_list; h; h = h->next)
1580 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1581 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1582 {
1583 uschar * s, * t;
1584 size_t inc;
1585
1586 if (flags & FH_EXISTS_ONLY)
1587 return US"1"; /* don't need actual string */
1588
1589 found = TRUE;
1590 s = h->text + len; /* text to insert */
1591 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1592 while (isspace(*s)) s++; /* remove leading white space */
1593 t = h->text + h->slen; /* end-point */
1594
1595 /* Unless wanted raw, remove trailing whitespace, including the
1596 newline. */
1597
1598 if (flags & FH_WANT_LIST)
1599 while (t > s && t[-1] == '\n') t--;
1600 else if (!(flags & FH_WANT_RAW))
1601 {
1602 while (t > s && isspace(t[-1])) t--;
1603
1604 /* Set comma if handling a single header and it's one of those
1605 that contains an address list, except when asked for raw headers. Only
1606 need to do this once. */
1607
1608 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1609 }
1610
1611 /* Trim the header roughly if we're approaching limits */
1612 inc = t - s;
1613 if ((g ? g->ptr : 0) + inc > header_insert_maxlen)
1614 inc = header_insert_maxlen - (g ? g->ptr : 0);
1615
1616 /* For raw just copy the data; for a list, add the data as a colon-sep
1617 list-element; for comma-list add as an unchecked comma,newline sep
1618 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1619 stripped trailing WS above including the newline). We ignore the potential
1620 expansion due to colon-doubling, just leaving the loop if the limit is met
1621 or exceeded. */
1622
1623 if (flags & FH_WANT_LIST)
1624 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1625 else if (flags & FH_WANT_RAW)
1626 {
1627 g = string_catn(g, s, (unsigned)inc);
1628 (void) string_from_gstring(g);
1629 }
1630 else if (inc > 0)
1631 if (comma)
1632 g = string_append2_listele_n(g, US",\n", s, (unsigned)inc);
1633 else
1634 g = string_append2_listele_n(g, US"\n", s, (unsigned)inc);
1635
1636 if (g && g->ptr >= header_insert_maxlen) break;
1637 }
1638
1639 if (!found) return NULL; /* No header found */
1640 if (!g) return US"";
1641
1642 /* That's all we do for raw header expansion. */
1643
1644 *newsize = g->size;
1645 if (flags & FH_WANT_RAW)
1646 return g->s;
1647
1648 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1649 The rfc2047_decode2() function can return an error with decoded data if the
1650 charset translation fails. If decoding fails, it returns NULL. */
1651
1652 else
1653 {
1654 uschar *decoded, *error;
1655
1656 decoded = rfc2047_decode2(g->s, check_rfc2047_length, charset, '?', NULL,
1657 newsize, &error);
1658 if (error)
1659 {
1660 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1661 " input was: %s\n", error, g->s);
1662 }
1663 return decoded ? decoded : g->s;
1664 }
1665 }
1666
1667
1668
1669
1670 /* Append a "local" element to an Authentication-Results: header
1671 if this was a non-smtp message.
1672 */
1673
1674 static gstring *
1675 authres_local(gstring * g, const uschar * sysname)
1676 {
1677 if (!f.authentication_local)
1678 return g;
1679 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1680 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1681 return g;
1682 }
1683
1684
1685 /* Append an "iprev" element to an Authentication-Results: header
1686 if we have attempted to get the calling host's name.
1687 */
1688
1689 static gstring *
1690 authres_iprev(gstring * g)
1691 {
1692 if (sender_host_name)
1693 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1694 else if (host_lookup_deferred)
1695 g = string_catn(g, US";\n\tiprev=temperror", 19);
1696 else if (host_lookup_failed)
1697 g = string_catn(g, US";\n\tiprev=fail", 13);
1698 else
1699 return g;
1700
1701 if (sender_host_address)
1702 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1703 return g;
1704 }
1705
1706
1707
1708 /*************************************************
1709 * Return list of recipients *
1710 *************************************************/
1711 /* A recipients list is available only during system message filtering,
1712 during ACL processing after DATA, and while expanding pipe commands
1713 generated from a system filter, but not elsewhere. */
1714
1715 static uschar *
1716 fn_recipients(void)
1717 {
1718 uschar * s;
1719 gstring * g = NULL;
1720
1721 if (!f.enable_dollar_recipients) return NULL;
1722
1723 for (int i = 0; i < recipients_count; i++)
1724 {
1725 s = recipients_list[i].address;
1726 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1727 }
1728 return g ? g->s : NULL;
1729 }
1730
1731
1732 /*************************************************
1733 * Find value of a variable *
1734 *************************************************/
1735
1736 /* The table of variables is kept in alphabetic order, so we can search it
1737 using a binary chop. The "choplen" variable is nothing to do with the binary
1738 chop.
1739
1740 Arguments:
1741 name the name of the variable being sought
1742 exists_only TRUE if this is a def: test; passed on to find_header()
1743 skipping TRUE => skip any processing evaluation; this is not the same as
1744 exists_only because def: may test for values that are first
1745 evaluated here
1746 newsize pointer to an int which is initially zero; if the answer is in
1747 a new memory buffer, *newsize is set to its size
1748
1749 Returns: NULL if the variable does not exist, or
1750 a pointer to the variable's contents, or
1751 something non-NULL if exists_only is TRUE
1752 */
1753
1754 static uschar *
1755 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1756 {
1757 var_entry * vp;
1758 uschar *s, *domain;
1759 uschar **ss;
1760 void * val;
1761
1762 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1763 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1764 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1765 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1766 (this gave backwards compatibility at the changeover). There may be built-in
1767 variables whose names start acl_ but they should never start in this way. This
1768 slightly messy specification is a consequence of the history, needless to say.
1769
1770 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1771 set, in which case give an error. */
1772
1773 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1774 !isalpha(name[5]))
1775 {
1776 tree_node * node =
1777 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1778 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1779 }
1780 else if (Ustrncmp(name, "r_", 2) == 0)
1781 {
1782 tree_node * node = tree_search(router_var, name + 2);
1783 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1784 }
1785
1786 /* Handle $auth<n> variables. */
1787
1788 if (Ustrncmp(name, "auth", 4) == 0)
1789 {
1790 uschar *endptr;
1791 int n = Ustrtoul(name + 4, &endptr, 10);
1792 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1793 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1794 }
1795 else if (Ustrncmp(name, "regex", 5) == 0)
1796 {
1797 uschar *endptr;
1798 int n = Ustrtoul(name + 5, &endptr, 10);
1799 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1800 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1801 }
1802
1803 /* For all other variables, search the table */
1804
1805 if (!(vp = find_var_ent(name)))
1806 return NULL; /* Unknown variable name */
1807
1808 /* Found an existing variable. If in skipping state, the value isn't needed,
1809 and we want to avoid processing (such as looking up the host name). */
1810
1811 if (skipping)
1812 return US"";
1813
1814 val = vp->value;
1815 switch (vp->type)
1816 {
1817 case vtype_filter_int:
1818 if (!f.filter_running) return NULL;
1819 /* Fall through */
1820 /* VVVVVVVVVVVV */
1821 case vtype_int:
1822 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1823 return var_buffer;
1824
1825 case vtype_ino:
1826 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1827 return var_buffer;
1828
1829 case vtype_gid:
1830 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1831 return var_buffer;
1832
1833 case vtype_uid:
1834 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1835 return var_buffer;
1836
1837 case vtype_bool:
1838 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1839 return var_buffer;
1840
1841 case vtype_stringptr: /* Pointer to string */
1842 return (s = *((uschar **)(val))) ? s : US"";
1843
1844 case vtype_pid:
1845 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1846 return var_buffer;
1847
1848 case vtype_load_avg:
1849 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1850 return var_buffer;
1851
1852 case vtype_host_lookup: /* Lookup if not done so */
1853 if ( !sender_host_name && sender_host_address
1854 && !host_lookup_failed && host_name_lookup() == OK)
1855 host_build_sender_fullhost();
1856 return sender_host_name ? sender_host_name : US"";
1857
1858 case vtype_localpart: /* Get local part from address */
1859 s = *((uschar **)(val));
1860 if (s == NULL) return US"";
1861 domain = Ustrrchr(s, '@');
1862 if (domain == NULL) return s;
1863 if (domain - s > sizeof(var_buffer) - 1)
1864 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1865 " in string expansion", sizeof(var_buffer));
1866 Ustrncpy(var_buffer, s, domain - s);
1867 var_buffer[domain - s] = 0;
1868 return var_buffer;
1869
1870 case vtype_domain: /* Get domain from address */
1871 s = *((uschar **)(val));
1872 if (s == NULL) return US"";
1873 domain = Ustrrchr(s, '@');
1874 return (domain == NULL)? US"" : domain + 1;
1875
1876 case vtype_msgheaders:
1877 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1878
1879 case vtype_msgheaders_raw:
1880 return find_header(NULL, newsize,
1881 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1882
1883 case vtype_msgbody: /* Pointer to msgbody string */
1884 case vtype_msgbody_end: /* Ditto, the end of the msg */
1885 ss = (uschar **)(val);
1886 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1887 {
1888 uschar *body;
1889 off_t start_offset = SPOOL_DATA_START_OFFSET;
1890 int len = message_body_visible;
1891 if (len > message_size) len = message_size;
1892 *ss = body = store_malloc(len+1);
1893 body[0] = 0;
1894 if (vp->type == vtype_msgbody_end)
1895 {
1896 struct stat statbuf;
1897 if (fstat(deliver_datafile, &statbuf) == 0)
1898 {
1899 start_offset = statbuf.st_size - len;
1900 if (start_offset < SPOOL_DATA_START_OFFSET)
1901 start_offset = SPOOL_DATA_START_OFFSET;
1902 }
1903 }
1904 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1905 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1906 strerror(errno));
1907 len = read(deliver_datafile, body, len);
1908 if (len > 0)
1909 {
1910 body[len] = 0;
1911 if (message_body_newlines) /* Separate loops for efficiency */
1912 while (len > 0)
1913 { if (body[--len] == 0) body[len] = ' '; }
1914 else
1915 while (len > 0)
1916 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1917 }
1918 }
1919 return *ss ? *ss : US"";
1920
1921 case vtype_todbsdin: /* BSD inbox time of day */
1922 return tod_stamp(tod_bsdin);
1923
1924 case vtype_tode: /* Unix epoch time of day */
1925 return tod_stamp(tod_epoch);
1926
1927 case vtype_todel: /* Unix epoch/usec time of day */
1928 return tod_stamp(tod_epoch_l);
1929
1930 case vtype_todf: /* Full time of day */
1931 return tod_stamp(tod_full);
1932
1933 case vtype_todl: /* Log format time of day */
1934 return tod_stamp(tod_log_bare); /* (without timezone) */
1935
1936 case vtype_todzone: /* Time zone offset only */
1937 return tod_stamp(tod_zone);
1938
1939 case vtype_todzulu: /* Zulu time */
1940 return tod_stamp(tod_zulu);
1941
1942 case vtype_todlf: /* Log file datestamp tod */
1943 return tod_stamp(tod_log_datestamp_daily);
1944
1945 case vtype_reply: /* Get reply address */
1946 s = find_header(US"reply-to:", newsize,
1947 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1948 headers_charset);
1949 if (s) while (isspace(*s)) s++;
1950 if (!s || !*s)
1951 {
1952 *newsize = 0; /* For the *s==0 case */
1953 s = find_header(US"from:", newsize,
1954 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1955 headers_charset);
1956 }
1957 if (s)
1958 {
1959 uschar *t;
1960 while (isspace(*s)) s++;
1961 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1962 while (t > s && isspace(t[-1])) t--;
1963 *t = 0;
1964 }
1965 return s ? s : US"";
1966
1967 case vtype_string_func:
1968 {
1969 uschar * (*fn)() = val;
1970 return fn();
1971 }
1972
1973 case vtype_pspace:
1974 {
1975 int inodes;
1976 sprintf(CS var_buffer, PR_EXIM_ARITH,
1977 receive_statvfs(val == (void *)TRUE, &inodes));
1978 }
1979 return var_buffer;
1980
1981 case vtype_pinodes:
1982 {
1983 int inodes;
1984 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1985 sprintf(CS var_buffer, "%d", inodes);
1986 }
1987 return var_buffer;
1988
1989 case vtype_cert:
1990 return *(void **)val ? US"<cert>" : US"";
1991
1992 #ifndef DISABLE_DKIM
1993 case vtype_dkim:
1994 return dkim_exim_expand_query((int)(long)val);
1995 #endif
1996
1997 }
1998
1999 return NULL; /* Unknown variable. Silences static checkers. */
2000 }
2001
2002
2003
2004
2005 void
2006 modify_variable(uschar *name, void * value)
2007 {
2008 var_entry * vp;
2009 if ((vp = find_var_ent(name))) vp->value = value;
2010 return; /* Unknown variable name, fail silently */
2011 }
2012
2013
2014
2015
2016
2017
2018 /*************************************************
2019 * Read and expand substrings *
2020 *************************************************/
2021
2022 /* This function is called to read and expand argument substrings for various
2023 expansion items. Some have a minimum requirement that is less than the maximum;
2024 in these cases, the first non-present one is set to NULL.
2025
2026 Arguments:
2027 sub points to vector of pointers to set
2028 n maximum number of substrings
2029 m minimum required
2030 sptr points to current string pointer
2031 skipping the skipping flag
2032 check_end if TRUE, check for final '}'
2033 name name of item, for error message
2034 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2035 the store.
2036
2037 Returns: 0 OK; string pointer updated
2038 1 curly bracketing error (too few arguments)
2039 2 too many arguments (only if check_end is set); message set
2040 3 other error (expansion failure)
2041 */
2042
2043 static int
2044 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2045 BOOL check_end, uschar *name, BOOL *resetok)
2046 {
2047 const uschar *s = *sptr;
2048
2049 while (isspace(*s)) s++;
2050 for (int i = 0; i < n; i++)
2051 {
2052 if (*s != '{')
2053 {
2054 if (i < m)
2055 {
2056 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2057 "(min is %d)", name, m);
2058 return 1;
2059 }
2060 sub[i] = NULL;
2061 break;
2062 }
2063 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2064 return 3;
2065 if (*s++ != '}') return 1;
2066 while (isspace(*s)) s++;
2067 }
2068 if (check_end && *s++ != '}')
2069 {
2070 if (s[-1] == '{')
2071 {
2072 expand_string_message = string_sprintf("Too many arguments for '%s' "
2073 "(max is %d)", name, n);
2074 return 2;
2075 }
2076 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2077 return 1;
2078 }
2079
2080 *sptr = s;
2081 return 0;
2082 }
2083
2084
2085
2086
2087 /*************************************************
2088 * Elaborate message for bad variable *
2089 *************************************************/
2090
2091 /* For the "unknown variable" message, take a look at the variable's name, and
2092 give additional information about possible ACL variables. The extra information
2093 is added on to expand_string_message.
2094
2095 Argument: the name of the variable
2096 Returns: nothing
2097 */
2098
2099 static void
2100 check_variable_error_message(uschar *name)
2101 {
2102 if (Ustrncmp(name, "acl_", 4) == 0)
2103 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2104 (name[4] == 'c' || name[4] == 'm')?
2105 (isalpha(name[5])?
2106 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2107 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2108 ) :
2109 US"user-defined ACL variables must start acl_c or acl_m");
2110 }
2111
2112
2113
2114 /*
2115 Load args from sub array to globals, and call acl_check().
2116 Sub array will be corrupted on return.
2117
2118 Returns: OK access is granted by an ACCEPT verb
2119 DISCARD access is (apparently) granted by a DISCARD verb
2120 FAIL access is denied
2121 FAIL_DROP access is denied; drop the connection
2122 DEFER can't tell at the moment
2123 ERROR disaster
2124 */
2125 static int
2126 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2127 {
2128 int i;
2129 int sav_narg = acl_narg;
2130 int ret;
2131 uschar * dummy_logmsg;
2132 extern int acl_where;
2133
2134 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2135 for (i = 0; i < nsub && sub[i+1]; i++)
2136 {
2137 uschar * tmp = acl_arg[i];
2138 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2139 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2140 }
2141 acl_narg = i;
2142 while (i < nsub)
2143 {
2144 sub[i+1] = acl_arg[i];
2145 acl_arg[i++] = NULL;
2146 }
2147
2148 DEBUG(D_expand)
2149 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2150 sub[0],
2151 acl_narg>0 ? acl_arg[0] : US"<none>",
2152 acl_narg>1 ? " +more" : "");
2153
2154 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2155
2156 for (i = 0; i < nsub; i++)
2157 acl_arg[i] = sub[i+1]; /* restore old args */
2158 acl_narg = sav_narg;
2159
2160 return ret;
2161 }
2162
2163
2164
2165
2166 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2167 The given string is modified on return. Leading whitespace is skipped while
2168 looking for the opening wrap character, then the rest is scanned for the trailing
2169 (non-escaped) wrap character. A backslash in the string will act as an escape.
2170
2171 A nul is written over the trailing wrap, and a pointer to the char after the
2172 leading wrap is returned.
2173
2174 Arguments:
2175 s String for de-wrapping
2176 wrap Two-char string, the first being the opener, second the closer wrapping
2177 character
2178 Return:
2179 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2180 */
2181
2182 static uschar *
2183 dewrap(uschar * s, const uschar * wrap)
2184 {
2185 uschar * p = s;
2186 unsigned depth = 0;
2187 BOOL quotesmode = wrap[0] == wrap[1];
2188
2189 while (isspace(*p)) p++;
2190
2191 if (*p == *wrap)
2192 {
2193 s = ++p;
2194 wrap++;
2195 while (*p)
2196 {
2197 if (*p == '\\') p++;
2198 else if (!quotesmode && *p == wrap[-1]) depth++;
2199 else if (*p == *wrap)
2200 if (depth == 0)
2201 {
2202 *p = '\0';
2203 return s;
2204 }
2205 else
2206 depth--;
2207 p++;
2208 }
2209 }
2210 expand_string_message = string_sprintf("missing '%c'", *wrap);
2211 return NULL;
2212 }
2213
2214
2215 /* Pull off the leading array or object element, returning
2216 a copy in an allocated string. Update the list pointer.
2217
2218 The element may itself be an abject or array.
2219 Return NULL when the list is empty.
2220 */
2221
2222 static uschar *
2223 json_nextinlist(const uschar ** list)
2224 {
2225 unsigned array_depth = 0, object_depth = 0;
2226 const uschar * s = *list, * item;
2227
2228 while (isspace(*s)) s++;
2229
2230 for (item = s;
2231 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2232 s++)
2233 switch (*s)
2234 {
2235 case '[': array_depth++; break;
2236 case ']': array_depth--; break;
2237 case '{': object_depth++; break;
2238 case '}': object_depth--; break;
2239 }
2240 *list = *s ? s+1 : s;
2241 if (item == s) return NULL;
2242 item = string_copyn(item, s - item);
2243 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2244 return US item;
2245 }
2246
2247
2248
2249 /*************************************************
2250 * Read and evaluate a condition *
2251 *************************************************/
2252
2253 /*
2254 Arguments:
2255 s points to the start of the condition text
2256 resetok points to a BOOL which is written false if it is unsafe to
2257 free memory. Certain condition types (acl) may have side-effect
2258 allocation which must be preserved.
2259 yield points to a BOOL to hold the result of the condition test;
2260 if NULL, we are just reading through a condition that is
2261 part of an "or" combination to check syntax, or in a state
2262 where the answer isn't required
2263
2264 Returns: a pointer to the first character after the condition, or
2265 NULL after an error
2266 */
2267
2268 static const uschar *
2269 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2270 {
2271 BOOL testfor = TRUE;
2272 BOOL tempcond, combined_cond;
2273 BOOL *subcondptr;
2274 BOOL sub2_honour_dollar = TRUE;
2275 BOOL is_forany, is_json, is_jsons;
2276 int rc, cond_type, roffset;
2277 int_eximarith_t num[2];
2278 struct stat statbuf;
2279 uschar name[256];
2280 const uschar *sub[10];
2281
2282 const pcre *re;
2283 const uschar *rerror;
2284
2285 for (;;)
2286 {
2287 while (isspace(*s)) s++;
2288 if (*s == '!') { testfor = !testfor; s++; } else break;
2289 }
2290
2291 /* Numeric comparisons are symbolic */
2292
2293 if (*s == '=' || *s == '>' || *s == '<')
2294 {
2295 int p = 0;
2296 name[p++] = *s++;
2297 if (*s == '=')
2298 {
2299 name[p++] = '=';
2300 s++;
2301 }
2302 name[p] = 0;
2303 }
2304
2305 /* All other conditions are named */
2306
2307 else s = read_name(name, 256, s, US"_");
2308
2309 /* If we haven't read a name, it means some non-alpha character is first. */
2310
2311 if (name[0] == 0)
2312 {
2313 expand_string_message = string_sprintf("condition name expected, "
2314 "but found \"%.16s\"", s);
2315 return NULL;
2316 }
2317
2318 /* Find which condition we are dealing with, and switch on it */
2319
2320 cond_type = chop_match(name, cond_table, nelem(cond_table));
2321 switch(cond_type)
2322 {
2323 /* def: tests for a non-empty variable, or for the existence of a header. If
2324 yield == NULL we are in a skipping state, and don't care about the answer. */
2325
2326 case ECOND_DEF:
2327 {
2328 uschar * t;
2329
2330 if (*s != ':')
2331 {
2332 expand_string_message = US"\":\" expected after \"def\"";
2333 return NULL;
2334 }
2335
2336 s = read_name(name, 256, s+1, US"_");
2337
2338 /* Test for a header's existence. If the name contains a closing brace
2339 character, this may be a user error where the terminating colon has been
2340 omitted. Set a flag to adjust a subsequent error message in this case. */
2341
2342 if ( ( *(t = name) == 'h'
2343 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2344 )
2345 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2346 )
2347 {
2348 s = read_header_name(name, 256, s);
2349 /* {-for-text-editors */
2350 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2351 if (yield) *yield =
2352 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2353 }
2354
2355 /* Test for a variable's having a non-empty value. A non-existent variable
2356 causes an expansion failure. */
2357
2358 else
2359 {
2360 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2361 {
2362 expand_string_message = (name[0] == 0)?
2363 string_sprintf("variable name omitted after \"def:\"") :
2364 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
2365 check_variable_error_message(name);
2366 return NULL;
2367 }
2368 if (yield) *yield = (t[0] != 0) == testfor;
2369 }
2370
2371 return s;
2372 }
2373
2374
2375 /* first_delivery tests for first delivery attempt */
2376
2377 case ECOND_FIRST_DELIVERY:
2378 if (yield != NULL) *yield = f.deliver_firsttime == testfor;
2379 return s;
2380
2381
2382 /* queue_running tests for any process started by a queue runner */
2383
2384 case ECOND_QUEUE_RUNNING:
2385 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2386 return s;
2387
2388
2389 /* exists: tests for file existence
2390 isip: tests for any IP address
2391 isip4: tests for an IPv4 address
2392 isip6: tests for an IPv6 address
2393 pam: does PAM authentication
2394 radius: does RADIUS authentication
2395 ldapauth: does LDAP authentication
2396 pwcheck: does Cyrus SASL pwcheck authentication
2397 */
2398
2399 case ECOND_EXISTS:
2400 case ECOND_ISIP:
2401 case ECOND_ISIP4:
2402 case ECOND_ISIP6:
2403 case ECOND_PAM:
2404 case ECOND_RADIUS:
2405 case ECOND_LDAPAUTH:
2406 case ECOND_PWCHECK:
2407
2408 while (isspace(*s)) s++;
2409 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2410
2411 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2412 if (sub[0] == NULL) return NULL;
2413 /* {-for-text-editors */
2414 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2415
2416 if (yield == NULL) return s; /* No need to run the test if skipping */
2417
2418 switch(cond_type)
2419 {
2420 case ECOND_EXISTS:
2421 if ((expand_forbid & RDO_EXISTS) != 0)
2422 {
2423 expand_string_message = US"File existence tests are not permitted";
2424 return NULL;
2425 }
2426 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2427 break;
2428
2429 case ECOND_ISIP:
2430 case ECOND_ISIP4:
2431 case ECOND_ISIP6:
2432 rc = string_is_ip_address(sub[0], NULL);
2433 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2434 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2435 break;
2436
2437 /* Various authentication tests - all optionally compiled */
2438
2439 case ECOND_PAM:
2440 #ifdef SUPPORT_PAM
2441 rc = auth_call_pam(sub[0], &expand_string_message);
2442 goto END_AUTH;
2443 #else
2444 goto COND_FAILED_NOT_COMPILED;
2445 #endif /* SUPPORT_PAM */
2446
2447 case ECOND_RADIUS:
2448 #ifdef RADIUS_CONFIG_FILE
2449 rc = auth_call_radius(sub[0], &expand_string_message);
2450 goto END_AUTH;
2451 #else
2452 goto COND_FAILED_NOT_COMPILED;
2453 #endif /* RADIUS_CONFIG_FILE */
2454
2455 case ECOND_LDAPAUTH:
2456 #ifdef LOOKUP_LDAP
2457 {
2458 /* Just to keep the interface the same */
2459 BOOL do_cache;
2460 int old_pool = store_pool;
2461 store_pool = POOL_SEARCH;
2462 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2463 &expand_string_message, &do_cache);
2464 store_pool = old_pool;
2465 }
2466 goto END_AUTH;
2467 #else
2468 goto COND_FAILED_NOT_COMPILED;
2469 #endif /* LOOKUP_LDAP */
2470
2471 case ECOND_PWCHECK:
2472 #ifdef CYRUS_PWCHECK_SOCKET
2473 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2474 goto END_AUTH;
2475 #else
2476 goto COND_FAILED_NOT_COMPILED;
2477 #endif /* CYRUS_PWCHECK_SOCKET */
2478
2479 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2480 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2481 END_AUTH:
2482 if (rc == ERROR || rc == DEFER) return NULL;
2483 *yield = (rc == OK) == testfor;
2484 #endif
2485 }
2486 return s;
2487
2488
2489 /* call ACL (in a conditional context). Accept true, deny false.
2490 Defer is a forced-fail. Anything set by message= goes to $value.
2491 Up to ten parameters are used; we use the braces round the name+args
2492 like the saslauthd condition does, to permit a variable number of args.
2493 See also the expansion-item version EITEM_ACL and the traditional
2494 acl modifier ACLC_ACL.
2495 Since the ACL may allocate new global variables, tell our caller to not
2496 reclaim memory.
2497 */
2498
2499 case ECOND_ACL:
2500 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2501 {
2502 uschar *sub[10];
2503 uschar *user_msg;
2504 BOOL cond = FALSE;
2505
2506 while (isspace(*s)) s++;
2507 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2508
2509 switch(read_subs(sub, nelem(sub), 1,
2510 &s, yield == NULL, TRUE, US"acl", resetok))
2511 {
2512 case 1: expand_string_message = US"too few arguments or bracketing "
2513 "error for acl";
2514 case 2:
2515 case 3: return NULL;
2516 }
2517
2518 if (yield != NULL)
2519 {
2520 int rc;
2521 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2522 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
2523 {
2524 case OK:
2525 cond = TRUE;
2526 case FAIL:
2527 lookup_value = NULL;
2528 if (user_msg)
2529 lookup_value = string_copy(user_msg);
2530 *yield = cond == testfor;
2531 break;
2532
2533 case DEFER:
2534 f.expand_string_forcedfail = TRUE;
2535 /*FALLTHROUGH*/
2536 default:
2537 expand_string_message = string_sprintf("%s from acl \"%s\"",
2538 rc_names[rc], sub[0]);
2539 return NULL;
2540 }
2541 }
2542 return s;
2543 }
2544
2545
2546 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2547
2548 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2549
2550 However, the last two are optional. That is why the whole set is enclosed
2551 in their own set of braces. */
2552
2553 case ECOND_SASLAUTHD:
2554 #ifndef CYRUS_SASLAUTHD_SOCKET
2555 goto COND_FAILED_NOT_COMPILED;
2556 #else
2557 {
2558 uschar *sub[4];
2559 while (isspace(*s)) s++;
2560 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2561 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2562 resetok))
2563 {
2564 case 1: expand_string_message = US"too few arguments or bracketing "
2565 "error for saslauthd";
2566 case 2:
2567 case 3: return NULL;
2568 }
2569 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2570 if (yield != NULL)
2571 {
2572 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2573 &expand_string_message);
2574 if (rc == ERROR || rc == DEFER) return NULL;
2575 *yield = (rc == OK) == testfor;
2576 }
2577 return s;
2578 }
2579 #endif /* CYRUS_SASLAUTHD_SOCKET */
2580
2581
2582 /* symbolic operators for numeric and string comparison, and a number of
2583 other operators, all requiring two arguments.
2584
2585 crypteq: encrypts plaintext and compares against an encrypted text,
2586 using crypt(), crypt16(), MD5 or SHA-1
2587 inlist/inlisti: checks if first argument is in the list of the second
2588 match: does a regular expression match and sets up the numerical
2589 variables if it succeeds
2590 match_address: matches in an address list
2591 match_domain: matches in a domain list
2592 match_ip: matches a host list that is restricted to IP addresses
2593 match_local_part: matches in a local part list
2594 */
2595
2596 case ECOND_MATCH_ADDRESS:
2597 case ECOND_MATCH_DOMAIN:
2598 case ECOND_MATCH_IP:
2599 case ECOND_MATCH_LOCAL_PART:
2600 #ifndef EXPAND_LISTMATCH_RHS
2601 sub2_honour_dollar = FALSE;
2602 #endif
2603 /* FALLTHROUGH */
2604
2605 case ECOND_CRYPTEQ:
2606 case ECOND_INLIST:
2607 case ECOND_INLISTI:
2608 case ECOND_MATCH:
2609
2610 case ECOND_NUM_L: /* Numerical comparisons */
2611 case ECOND_NUM_LE:
2612 case ECOND_NUM_E:
2613 case ECOND_NUM_EE:
2614 case ECOND_NUM_G:
2615 case ECOND_NUM_GE:
2616
2617 case ECOND_STR_LT: /* String comparisons */
2618 case ECOND_STR_LTI:
2619 case ECOND_STR_LE:
2620 case ECOND_STR_LEI:
2621 case ECOND_STR_EQ:
2622 case ECOND_STR_EQI:
2623 case ECOND_STR_GT:
2624 case ECOND_STR_GTI:
2625 case ECOND_STR_GE:
2626 case ECOND_STR_GEI:
2627
2628 for (int i = 0; i < 2; i++)
2629 {
2630 /* Sometimes, we don't expand substrings; too many insecure configurations
2631 created using match_address{}{} and friends, where the second param
2632 includes information from untrustworthy sources. */
2633 BOOL honour_dollar = TRUE;
2634 if ((i > 0) && !sub2_honour_dollar)
2635 honour_dollar = FALSE;
2636
2637 while (isspace(*s)) s++;
2638 if (*s != '{')
2639 {
2640 if (i == 0) goto COND_FAILED_CURLY_START;
2641 expand_string_message = string_sprintf("missing 2nd string in {} "
2642 "after \"%s\"", name);
2643 return NULL;
2644 }
2645 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2646 honour_dollar, resetok)))
2647 return NULL;
2648 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2649 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2650 " for security reasons\n");
2651 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2652
2653 /* Convert to numerical if required; we know that the names of all the
2654 conditions that compare numbers do not start with a letter. This just saves
2655 checking for them individually. */
2656
2657 if (!isalpha(name[0]) && yield != NULL)
2658 if (sub[i][0] == 0)
2659 {
2660 num[i] = 0;
2661 DEBUG(D_expand)
2662 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2663 }
2664 else
2665 {
2666 num[i] = expanded_string_integer(sub[i], FALSE);
2667 if (expand_string_message != NULL) return NULL;
2668 }
2669 }
2670
2671 /* Result not required */
2672
2673 if (yield == NULL) return s;
2674
2675 /* Do an appropriate comparison */
2676
2677 switch(cond_type)
2678 {
2679 case ECOND_NUM_E:
2680 case ECOND_NUM_EE:
2681 tempcond = (num[0] == num[1]);
2682 break;
2683
2684 case ECOND_NUM_G:
2685 tempcond = (num[0] > num[1]);
2686 break;
2687
2688 case ECOND_NUM_GE:
2689 tempcond = (num[0] >= num[1]);
2690 break;
2691
2692 case ECOND_NUM_L:
2693 tempcond = (num[0] < num[1]);
2694 break;
2695
2696 case ECOND_NUM_LE:
2697 tempcond = (num[0] <= num[1]);
2698 break;
2699
2700 case ECOND_STR_LT:
2701 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2702 break;
2703
2704 case ECOND_STR_LTI:
2705 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2706 break;
2707
2708 case ECOND_STR_LE:
2709 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2710 break;
2711
2712 case ECOND_STR_LEI:
2713 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2714 break;
2715
2716 case ECOND_STR_EQ:
2717 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2718 break;
2719
2720 case ECOND_STR_EQI:
2721 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2722 break;
2723
2724 case ECOND_STR_GT:
2725 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2726 break;
2727
2728 case ECOND_STR_GTI:
2729 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2730 break;
2731
2732 case ECOND_STR_GE:
2733 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2734 break;
2735
2736 case ECOND_STR_GEI:
2737 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2738 break;
2739
2740 case ECOND_MATCH: /* Regular expression match */
2741 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2742 NULL);
2743 if (re == NULL)
2744 {
2745 expand_string_message = string_sprintf("regular expression error in "
2746 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2747 return NULL;
2748 }
2749 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2750 break;
2751
2752 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2753 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2754 goto MATCHED_SOMETHING;
2755
2756 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2757 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2758 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2759 goto MATCHED_SOMETHING;
2760
2761 case ECOND_MATCH_IP: /* Match IP address in a host list */
2762 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2763 {
2764 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2765 sub[0]);
2766 return NULL;
2767 }
2768 else
2769 {
2770 unsigned int *nullcache = NULL;
2771 check_host_block cb;
2772
2773 cb.host_name = US"";
2774 cb.host_address = sub[0];
2775
2776 /* If the host address starts off ::ffff: it is an IPv6 address in
2777 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2778 addresses. */
2779
2780 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2781 cb.host_address + 7 : cb.host_address;
2782
2783 rc = match_check_list(
2784 &sub[1], /* the list */
2785 0, /* separator character */
2786 &hostlist_anchor, /* anchor pointer */
2787 &nullcache, /* cache pointer */
2788 check_host, /* function for testing */
2789 &cb, /* argument for function */
2790 MCL_HOST, /* type of check */
2791 sub[0], /* text for debugging */
2792 NULL); /* where to pass back data */
2793 }
2794 goto MATCHED_SOMETHING;
2795
2796 case ECOND_MATCH_LOCAL_PART:
2797 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2798 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2799 /* Fall through */
2800 /* VVVVVVVVVVVV */
2801 MATCHED_SOMETHING:
2802 switch(rc)
2803 {
2804 case OK:
2805 tempcond = TRUE;
2806 break;
2807
2808 case FAIL:
2809 tempcond = FALSE;
2810 break;
2811
2812 case DEFER:
2813 expand_string_message = string_sprintf("unable to complete match "
2814 "against \"%s\": %s", sub[1], search_error_message);
2815 return NULL;
2816 }
2817
2818 break;
2819
2820 /* Various "encrypted" comparisons. If the second string starts with
2821 "{" then an encryption type is given. Default to crypt() or crypt16()
2822 (build-time choice). */
2823 /* }-for-text-editors */
2824
2825 case ECOND_CRYPTEQ:
2826 #ifndef SUPPORT_CRYPTEQ
2827 goto COND_FAILED_NOT_COMPILED;
2828 #else
2829 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2830 {
2831 int sublen = Ustrlen(sub[1]+5);
2832 md5 base;
2833 uschar digest[16];
2834
2835 md5_start(&base);
2836 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
2837
2838 /* If the length that we are comparing against is 24, the MD5 digest
2839 is expressed as a base64 string. This is the way LDAP does it. However,
2840 some other software uses a straightforward hex representation. We assume
2841 this if the length is 32. Other lengths fail. */
2842
2843 if (sublen == 24)
2844 {
2845 uschar *coded = b64encode(CUS digest, 16);
2846 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2847 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2848 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
2849 }
2850 else if (sublen == 32)
2851 {
2852 uschar coded[36];
2853 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2854 coded[32] = 0;
2855 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2856 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2857 tempcond = (strcmpic(coded, sub[1]+5) == 0);
2858 }
2859 else
2860 {
2861 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2862 "fail\n crypted=%s\n", sub[1]+5);
2863 tempcond = FALSE;
2864 }
2865 }
2866
2867 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2868 {
2869 int sublen = Ustrlen(sub[1]+6);
2870 hctx h;
2871 uschar digest[20];
2872
2873 sha1_start(&h);
2874 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
2875
2876 /* If the length that we are comparing against is 28, assume the SHA1
2877 digest is expressed as a base64 string. If the length is 40, assume a
2878 straightforward hex representation. Other lengths fail. */
2879
2880 if (sublen == 28)
2881 {
2882 uschar *coded = b64encode(CUS digest, 20);
2883 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2884 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2885 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
2886 }
2887 else if (sublen == 40)
2888 {
2889 uschar coded[44];
2890 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2891 coded[40] = 0;
2892 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2893 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2894 tempcond = (strcmpic(coded, sub[1]+6) == 0);
2895 }
2896 else
2897 {
2898 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2899 "fail\n crypted=%s\n", sub[1]+6);
2900 tempcond = FALSE;
2901 }
2902 }
2903
2904 else /* {crypt} or {crypt16} and non-{ at start */
2905 /* }-for-text-editors */
2906 {
2907 int which = 0;
2908 uschar *coded;
2909
2910 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2911 {
2912 sub[1] += 7;
2913 which = 1;
2914 }
2915 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2916 {
2917 sub[1] += 9;
2918 which = 2;
2919 }
2920 else if (sub[1][0] == '{') /* }-for-text-editors */
2921 {
2922 expand_string_message = string_sprintf("unknown encryption mechanism "
2923 "in \"%s\"", sub[1]);
2924 return NULL;
2925 }
2926
2927 switch(which)
2928 {
2929 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2930 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2931 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2932 }
2933
2934 #define STR(s) # s
2935 #define XSTR(s) STR(s)
2936 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2937 " subject=%s\n crypted=%s\n",
2938 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
2939 coded, sub[1]);
2940 #undef STR
2941 #undef XSTR
2942
2943 /* If the encrypted string contains fewer than two characters (for the
2944 salt), force failure. Otherwise we get false positives: with an empty
2945 string the yield of crypt() is an empty string! */
2946
2947 if (coded)
2948 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
2949 else if (errno == EINVAL)
2950 tempcond = FALSE;
2951 else
2952 {
2953 expand_string_message = string_sprintf("crypt error: %s\n",
2954 US strerror(errno));
2955 return NULL;
2956 }
2957 }
2958 break;
2959 #endif /* SUPPORT_CRYPTEQ */
2960
2961 case ECOND_INLIST:
2962 case ECOND_INLISTI:
2963 {
2964 const uschar * list = sub[1];
2965 int sep = 0;
2966 uschar *save_iterate_item = iterate_item;
2967 int (*compare)(const uschar *, const uschar *);
2968
2969 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", name, sub[0]);
2970
2971 tempcond = FALSE;
2972 compare = cond_type == ECOND_INLISTI
2973 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
2974
2975 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
2976 {
2977 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
2978 if (compare(sub[0], iterate_item) == 0)
2979 {
2980 tempcond = TRUE;
2981 break;
2982 }
2983 }
2984 iterate_item = save_iterate_item;
2985 }
2986
2987 } /* Switch for comparison conditions */
2988
2989 *yield = tempcond == testfor;
2990 return s; /* End of comparison conditions */
2991
2992
2993 /* and/or: computes logical and/or of several conditions */
2994
2995 case ECOND_AND:
2996 case ECOND_OR:
2997 subcondptr = (yield == NULL)? NULL : &tempcond;
2998 combined_cond = (cond_type == ECOND_AND);
2999
3000 while (isspace(*s)) s++;
3001 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3002
3003 for (;;)
3004 {
3005 while (isspace(*s)) s++;
3006 /* {-for-text-editors */
3007 if (*s == '}') break;
3008 if (*s != '{') /* }-for-text-editors */
3009 {
3010 expand_string_message = string_sprintf("each subcondition "
3011 "inside an \"%s{...}\" condition must be in its own {}", name);
3012 return NULL;
3013 }
3014
3015 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3016 {
3017 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3018 expand_string_message, name);
3019 return NULL;
3020 }
3021 while (isspace(*s)) s++;
3022
3023 /* {-for-text-editors */
3024 if (*s++ != '}')
3025 {
3026 /* {-for-text-editors */
3027 expand_string_message = string_sprintf("missing } at end of condition "
3028 "inside \"%s\" group", name);
3029 return NULL;
3030 }
3031
3032 if (yield != NULL)
3033 {
3034 if (cond_type == ECOND_AND)
3035 {
3036 combined_cond &= tempcond;
3037 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3038 } /* evaluate any more */
3039 else
3040 {
3041 combined_cond |= tempcond;
3042 if (combined_cond) subcondptr = NULL; /* once true, don't */
3043 } /* evaluate any more */
3044 }
3045 }
3046
3047 if (yield != NULL) *yield = (combined_cond == testfor);
3048 return ++s;
3049
3050
3051 /* forall/forany: iterates a condition with different values */
3052
3053 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3054 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3055 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3056 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3057 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3058 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3059
3060 FORMANY:
3061 {
3062 const uschar * list;
3063 int sep = 0;
3064 uschar *save_iterate_item = iterate_item;
3065
3066 DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
3067
3068 while (isspace(*s)) s++;
3069 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3070 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
3071 if (sub[0] == NULL) return NULL;
3072 /* {-for-text-editors */
3073 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3074
3075 while (isspace(*s)) s++;
3076 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3077
3078 sub[1] = s;
3079
3080 /* Call eval_condition once, with result discarded (as if scanning a
3081 "false" part). This allows us to find the end of the condition, because if
3082 the list it empty, we won't actually evaluate the condition for real. */
3083
3084 if (!(s = eval_condition(sub[1], resetok, NULL)))
3085 {
3086 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3087 expand_string_message, name);
3088 return NULL;
3089 }
3090 while (isspace(*s)) s++;
3091
3092 /* {-for-text-editors */
3093 if (*s++ != '}')
3094 {
3095 /* {-for-text-editors */
3096 expand_string_message = string_sprintf("missing } at end of condition "
3097 "inside \"%s\"", name);
3098 return NULL;
3099 }
3100
3101 if (yield) *yield = !testfor;
3102 list = sub[0];
3103 if (is_json) list = dewrap(string_copy(list), US"[]");
3104 while ((iterate_item = is_json
3105 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3106 {
3107 if (is_jsons)
3108 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3109 {
3110 expand_string_message =
3111 string_sprintf("%s wrapping string result for extract jsons",
3112 expand_string_message);
3113 iterate_item = save_iterate_item;
3114 return NULL;
3115 }
3116
3117 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, iterate_item);
3118 if (!eval_condition(sub[1], resetok, &tempcond))
3119 {
3120 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3121 expand_string_message, name);
3122 iterate_item = save_iterate_item;
3123 return NULL;
3124 }
3125 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name,
3126 tempcond? "true":"false");
3127
3128 if (yield) *yield = (tempcond == testfor);
3129 if (tempcond == is_forany) break;
3130 }
3131
3132 iterate_item = save_iterate_item;
3133 return s;
3134 }
3135
3136
3137 /* The bool{} expansion condition maps a string to boolean.
3138 The values supported should match those supported by the ACL condition
3139 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3140 of true/false. Note that Router "condition" rules have a different
3141 interpretation, where general data can be used and only a few values
3142 map to FALSE.
3143 Note that readconf.c boolean matching, for boolean configuration options,
3144 only matches true/yes/false/no.
3145 The bool_lax{} condition matches the Router logic, which is much more
3146 liberal. */
3147 case ECOND_BOOL:
3148 case ECOND_BOOL_LAX:
3149 {
3150 uschar *sub_arg[1];
3151 uschar *t, *t2;
3152 uschar *ourname;
3153 size_t len;
3154 BOOL boolvalue = FALSE;
3155 while (isspace(*s)) s++;
3156 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3157 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3158 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3159 {
3160 case 1: expand_string_message = string_sprintf(
3161 "too few arguments or bracketing error for %s",
3162 ourname);
3163 /*FALLTHROUGH*/
3164 case 2:
3165 case 3: return NULL;
3166 }
3167 t = sub_arg[0];
3168 while (isspace(*t)) t++;
3169 len = Ustrlen(t);
3170 if (len)
3171 {
3172 /* trailing whitespace: seems like a good idea to ignore it too */
3173 t2 = t + len - 1;
3174 while (isspace(*t2)) t2--;
3175 if (t2 != (t + len))
3176 {
3177 *++t2 = '\0';
3178 len = t2 - t;
3179 }
3180 }
3181 DEBUG(D_expand)
3182 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3183 /* logic for the lax case from expand_check_condition(), which also does
3184 expands, and the logic is both short and stable enough that there should
3185 be no maintenance burden from replicating it. */
3186 if (len == 0)
3187 boolvalue = FALSE;
3188 else if (*t == '-'
3189 ? Ustrspn(t+1, "0123456789") == len-1
3190 : Ustrspn(t, "0123456789") == len)
3191 {
3192 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3193 /* expand_check_condition only does a literal string "0" check */
3194 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3195 boolvalue = TRUE;
3196 }
3197 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3198 boolvalue = TRUE;
3199 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3200 boolvalue = FALSE;
3201 else if (cond_type == ECOND_BOOL_LAX)
3202 boolvalue = TRUE;
3203 else
3204 {
3205 expand_string_message = string_sprintf("unrecognised boolean "
3206 "value \"%s\"", t);
3207 return NULL;
3208 }
3209 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
3210 boolvalue? "true":"false");
3211 if (yield != NULL) *yield = (boolvalue == testfor);
3212 return s;
3213 }
3214
3215 /* Unknown condition */
3216
3217 default:
3218 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
3219 return NULL;
3220 } /* End switch on condition type */
3221
3222 /* Missing braces at start and end of data */
3223
3224 COND_FAILED_CURLY_START:
3225 expand_string_message = string_sprintf("missing { after \"%s\"", name);
3226 return NULL;
3227
3228 COND_FAILED_CURLY_END:
3229 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3230 name);
3231 return NULL;
3232
3233 /* A condition requires code that is not compiled */
3234
3235 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3236 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3237 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3238 COND_FAILED_NOT_COMPILED:
3239 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3240 name);
3241 return NULL;
3242 #endif
3243 }
3244
3245
3246
3247
3248 /*************************************************
3249 * Save numerical variables *
3250 *************************************************/
3251
3252 /* This function is called from items such as "if" that want to preserve and
3253 restore the numbered variables.
3254
3255 Arguments:
3256 save_expand_string points to an array of pointers to set
3257 save_expand_nlength points to an array of ints for the lengths
3258
3259 Returns: the value of expand max to save
3260 */
3261
3262 static int
3263 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3264 {
3265 for (int i = 0; i <= expand_nmax; i++)
3266 {
3267 save_expand_nstring[i] = expand_nstring[i];
3268 save_expand_nlength[i] = expand_nlength[i];
3269 }
3270 return expand_nmax;
3271 }
3272
3273
3274
3275 /*************************************************
3276 * Restore numerical variables *
3277 *************************************************/
3278
3279 /* This function restored saved values of numerical strings.
3280
3281 Arguments:
3282 save_expand_nmax the number of strings to restore
3283 save_expand_string points to an array of pointers
3284 save_expand_nlength points to an array of ints
3285
3286 Returns: nothing
3287 */
3288
3289 static void
3290 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3291 int *save_expand_nlength)
3292 {
3293 expand_nmax = save_expand_nmax;
3294 for (int i = 0; i <= expand_nmax; i++)
3295 {
3296 expand_nstring[i] = save_expand_nstring[i];
3297 expand_nlength[i] = save_expand_nlength[i];
3298 }
3299 }
3300
3301
3302
3303
3304
3305 /*************************************************
3306 * Handle yes/no substrings *
3307 *************************************************/
3308
3309 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3310 alternative substrings that depend on whether or not the condition was true,
3311 or the lookup or extraction succeeded. The substrings always have to be
3312 expanded, to check their syntax, but "skipping" is set when the result is not
3313 needed - this avoids unnecessary nested lookups.
3314
3315 Arguments:
3316 skipping TRUE if we were skipping when this item was reached
3317 yes TRUE if the first string is to be used, else use the second
3318 save_lookup a value to put back into lookup_value before the 2nd expansion
3319 sptr points to the input string pointer
3320 yieldptr points to the output growable-string pointer
3321 type "lookup", "if", "extract", "run", "env", "listextract" or
3322 "certextract" for error message
3323 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3324 the store.
3325
3326 Returns: 0 OK; lookup_value has been reset to save_lookup
3327 1 expansion failed
3328 2 expansion failed because of bracketing error
3329 */
3330
3331 static int
3332 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3333 gstring ** yieldptr, uschar *type, BOOL *resetok)
3334 {
3335 int rc = 0;
3336 const uschar *s = *sptr; /* Local value */
3337 uschar *sub1, *sub2;
3338 const uschar * errwhere;
3339
3340 /* If there are no following strings, we substitute the contents of $value for
3341 lookups and for extractions in the success case. For the ${if item, the string
3342 "true" is substituted. In the fail case, nothing is substituted for all three
3343 items. */
3344
3345 while (isspace(*s)) s++;
3346 if (*s == '}')
3347 {
3348 if (type[0] == 'i')
3349 {
3350 if (yes && !skipping)
3351 *yieldptr = string_catn(*yieldptr, US"true", 4);
3352 <