cd4522afb378eb1a6a1ab71dbc1dd79412c703d2
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 #ifdef EXPERIMENTAL_SRS_NATIVE
133 US"srs_encode",
134 #endif
135 US"substr",
136 US"tr" };
137
138 enum {
139 EITEM_ACL,
140 EITEM_AUTHRESULTS,
141 EITEM_CERTEXTRACT,
142 EITEM_DLFUNC,
143 EITEM_ENV,
144 EITEM_EXTRACT,
145 EITEM_FILTER,
146 EITEM_HASH,
147 EITEM_HMAC,
148 EITEM_IF,
149 #ifdef SUPPORT_I18N
150 EITEM_IMAPFOLDER,
151 #endif
152 EITEM_LENGTH,
153 EITEM_LISTEXTRACT,
154 EITEM_LOOKUP,
155 EITEM_MAP,
156 EITEM_NHASH,
157 EITEM_PERL,
158 EITEM_PRVS,
159 EITEM_PRVSCHECK,
160 EITEM_READFILE,
161 EITEM_READSOCK,
162 EITEM_REDUCE,
163 EITEM_RUN,
164 EITEM_SG,
165 EITEM_SORT,
166 #ifdef EXPERIMENTAL_SRS_NATIVE
167 EITEM_SRS_ENCODE,
168 #endif
169 EITEM_SUBSTR,
170 EITEM_TR };
171
172 /* Tables of operator names, and corresponding switch numbers. The names must be
173 in alphabetical order. There are two tables, because underscore is used in some
174 cases to introduce arguments, whereas for other it is part of the name. This is
175 an historical mis-design. */
176
177 static uschar *op_table_underscore[] = {
178 US"from_utf8",
179 US"local_part",
180 US"quote_local_part",
181 US"reverse_ip",
182 US"time_eval",
183 US"time_interval"
184 #ifdef SUPPORT_I18N
185 ,US"utf8_domain_from_alabel",
186 US"utf8_domain_to_alabel",
187 US"utf8_localpart_from_alabel",
188 US"utf8_localpart_to_alabel"
189 #endif
190 };
191
192 enum {
193 EOP_FROM_UTF8,
194 EOP_LOCAL_PART,
195 EOP_QUOTE_LOCAL_PART,
196 EOP_REVERSE_IP,
197 EOP_TIME_EVAL,
198 EOP_TIME_INTERVAL
199 #ifdef SUPPORT_I18N
200 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
201 EOP_UTF8_DOMAIN_TO_ALABEL,
202 EOP_UTF8_LOCALPART_FROM_ALABEL,
203 EOP_UTF8_LOCALPART_TO_ALABEL
204 #endif
205 };
206
207 static uschar *op_table_main[] = {
208 US"address",
209 US"addresses",
210 US"base32",
211 US"base32d",
212 US"base62",
213 US"base62d",
214 US"base64",
215 US"base64d",
216 US"bless",
217 US"domain",
218 US"escape",
219 US"escape8bit",
220 US"eval",
221 US"eval10",
222 US"expand",
223 US"h",
224 US"hash",
225 US"hex2b64",
226 US"hexquote",
227 US"ipv6denorm",
228 US"ipv6norm",
229 US"l",
230 US"lc",
231 US"length",
232 US"listcount",
233 US"listnamed",
234 US"mask",
235 US"md5",
236 US"nh",
237 US"nhash",
238 US"quote",
239 US"randint",
240 US"rfc2047",
241 US"rfc2047d",
242 US"rxquote",
243 US"s",
244 US"sha1",
245 US"sha2",
246 US"sha256",
247 US"sha3",
248 US"stat",
249 US"str2b64",
250 US"strlen",
251 US"substr",
252 US"uc",
253 US"utf8clean" };
254
255 enum {
256 EOP_ADDRESS = nelem(op_table_underscore),
257 EOP_ADDRESSES,
258 EOP_BASE32,
259 EOP_BASE32D,
260 EOP_BASE62,
261 EOP_BASE62D,
262 EOP_BASE64,
263 EOP_BASE64D,
264 EOP_BLESS,
265 EOP_DOMAIN,
266 EOP_ESCAPE,
267 EOP_ESCAPE8BIT,
268 EOP_EVAL,
269 EOP_EVAL10,
270 EOP_EXPAND,
271 EOP_H,
272 EOP_HASH,
273 EOP_HEX2B64,
274 EOP_HEXQUOTE,
275 EOP_IPV6DENORM,
276 EOP_IPV6NORM,
277 EOP_L,
278 EOP_LC,
279 EOP_LENGTH,
280 EOP_LISTCOUNT,
281 EOP_LISTNAMED,
282 EOP_MASK,
283 EOP_MD5,
284 EOP_NH,
285 EOP_NHASH,
286 EOP_QUOTE,
287 EOP_RANDINT,
288 EOP_RFC2047,
289 EOP_RFC2047D,
290 EOP_RXQUOTE,
291 EOP_S,
292 EOP_SHA1,
293 EOP_SHA2,
294 EOP_SHA256,
295 EOP_SHA3,
296 EOP_STAT,
297 EOP_STR2B64,
298 EOP_STRLEN,
299 EOP_SUBSTR,
300 EOP_UC,
301 EOP_UTF8CLEAN };
302
303
304 /* Table of condition names, and corresponding switch numbers. The names must
305 be in alphabetical order. */
306
307 static uschar *cond_table[] = {
308 US"<",
309 US"<=",
310 US"=",
311 US"==", /* Backward compatibility */
312 US">",
313 US">=",
314 US"acl",
315 US"and",
316 US"bool",
317 US"bool_lax",
318 US"crypteq",
319 US"def",
320 US"eq",
321 US"eqi",
322 US"exists",
323 US"first_delivery",
324 US"forall",
325 US"forall_json",
326 US"forall_jsons",
327 US"forany",
328 US"forany_json",
329 US"forany_jsons",
330 US"ge",
331 US"gei",
332 US"gt",
333 US"gti",
334 #ifdef EXPERIMENTAL_SRS_NATIVE
335 US"inbound_srs",
336 #endif
337 US"inlist",
338 US"inlisti",
339 US"isip",
340 US"isip4",
341 US"isip6",
342 US"ldapauth",
343 US"le",
344 US"lei",
345 US"lt",
346 US"lti",
347 US"match",
348 US"match_address",
349 US"match_domain",
350 US"match_ip",
351 US"match_local_part",
352 US"or",
353 US"pam",
354 US"pwcheck",
355 US"queue_running",
356 US"radius",
357 US"saslauthd"
358 };
359
360 enum {
361 ECOND_NUM_L,
362 ECOND_NUM_LE,
363 ECOND_NUM_E,
364 ECOND_NUM_EE,
365 ECOND_NUM_G,
366 ECOND_NUM_GE,
367 ECOND_ACL,
368 ECOND_AND,
369 ECOND_BOOL,
370 ECOND_BOOL_LAX,
371 ECOND_CRYPTEQ,
372 ECOND_DEF,
373 ECOND_STR_EQ,
374 ECOND_STR_EQI,
375 ECOND_EXISTS,
376 ECOND_FIRST_DELIVERY,
377 ECOND_FORALL,
378 ECOND_FORALL_JSON,
379 ECOND_FORALL_JSONS,
380 ECOND_FORANY,
381 ECOND_FORANY_JSON,
382 ECOND_FORANY_JSONS,
383 ECOND_STR_GE,
384 ECOND_STR_GEI,
385 ECOND_STR_GT,
386 ECOND_STR_GTI,
387 #ifdef EXPERIMENTAL_SRS_NATIVE
388 ECOND_INBOUND_SRS,
389 #endif
390 ECOND_INLIST,
391 ECOND_INLISTI,
392 ECOND_ISIP,
393 ECOND_ISIP4,
394 ECOND_ISIP6,
395 ECOND_LDAPAUTH,
396 ECOND_STR_LE,
397 ECOND_STR_LEI,
398 ECOND_STR_LT,
399 ECOND_STR_LTI,
400 ECOND_MATCH,
401 ECOND_MATCH_ADDRESS,
402 ECOND_MATCH_DOMAIN,
403 ECOND_MATCH_IP,
404 ECOND_MATCH_LOCAL_PART,
405 ECOND_OR,
406 ECOND_PAM,
407 ECOND_PWCHECK,
408 ECOND_QUEUE_RUNNING,
409 ECOND_RADIUS,
410 ECOND_SASLAUTHD
411 };
412
413
414 /* Types of table entry */
415
416 enum vtypes {
417 vtype_int, /* value is address of int */
418 vtype_filter_int, /* ditto, but recognized only when filtering */
419 vtype_ino, /* value is address of ino_t (not always an int) */
420 vtype_uid, /* value is address of uid_t (not always an int) */
421 vtype_gid, /* value is address of gid_t (not always an int) */
422 vtype_bool, /* value is address of bool */
423 vtype_stringptr, /* value is address of pointer to string */
424 vtype_msgbody, /* as stringptr, but read when first required */
425 vtype_msgbody_end, /* ditto, the end of the message */
426 vtype_msgheaders, /* the message's headers, processed */
427 vtype_msgheaders_raw, /* the message's headers, unprocessed */
428 vtype_localpart, /* extract local part from string */
429 vtype_domain, /* extract domain from string */
430 vtype_string_func, /* value is string returned by given function */
431 vtype_todbsdin, /* value not used; generate BSD inbox tod */
432 vtype_tode, /* value not used; generate tod in epoch format */
433 vtype_todel, /* value not used; generate tod in epoch/usec format */
434 vtype_todf, /* value not used; generate full tod */
435 vtype_todl, /* value not used; generate log tod */
436 vtype_todlf, /* value not used; generate log file datestamp tod */
437 vtype_todzone, /* value not used; generate time zone only */
438 vtype_todzulu, /* value not used; generate zulu tod */
439 vtype_reply, /* value not used; get reply from headers */
440 vtype_pid, /* value not used; result is pid */
441 vtype_host_lookup, /* value not used; get host name */
442 vtype_load_avg, /* value not used; result is int from os_getloadavg */
443 vtype_pspace, /* partition space; value is T/F for spool/log */
444 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
445 vtype_cert /* SSL certificate */
446 #ifndef DISABLE_DKIM
447 ,vtype_dkim /* Lookup of value in DKIM signature */
448 #endif
449 };
450
451 /* Type for main variable table */
452
453 typedef struct {
454 const char *name;
455 enum vtypes type;
456 void *value;
457 } var_entry;
458
459 /* Type for entries pointing to address/length pairs. Not currently
460 in use. */
461
462 typedef struct {
463 uschar **address;
464 int *length;
465 } alblock;
466
467 static uschar * fn_recipients(void);
468 typedef uschar * stringptr_fn_t(void);
469 static uschar * fn_queue_size(void);
470
471 /* This table must be kept in alphabetical order. */
472
473 static var_entry var_table[] = {
474 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
475 they will be confused with user-creatable ACL variables. */
476 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
477 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
478 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
479 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
480 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
481 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
482 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
483 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
484 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
485 { "acl_narg", vtype_int, &acl_narg },
486 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
487 { "address_data", vtype_stringptr, &deliver_address_data },
488 { "address_file", vtype_stringptr, &address_file },
489 { "address_pipe", vtype_stringptr, &address_pipe },
490 #ifdef EXPERIMENTAL_ARC
491 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
492 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
493 { "arc_state", vtype_stringptr, &arc_state },
494 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
495 #endif
496 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
497 { "authenticated_id", vtype_stringptr, &authenticated_id },
498 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
499 { "authentication_failed",vtype_int, &authentication_failed },
500 #ifdef WITH_CONTENT_SCAN
501 { "av_failed", vtype_int, &av_failed },
502 #endif
503 #ifdef EXPERIMENTAL_BRIGHTMAIL
504 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
505 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
506 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
507 { "bmi_deliver", vtype_int, &bmi_deliver },
508 #endif
509 { "body_linecount", vtype_int, &body_linecount },
510 { "body_zerocount", vtype_int, &body_zerocount },
511 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
512 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
513 { "caller_gid", vtype_gid, &real_gid },
514 { "caller_uid", vtype_uid, &real_uid },
515 { "callout_address", vtype_stringptr, &callout_address },
516 { "compile_date", vtype_stringptr, &version_date },
517 { "compile_number", vtype_stringptr, &version_cnumber },
518 { "config_dir", vtype_stringptr, &config_main_directory },
519 { "config_file", vtype_stringptr, &config_main_filename },
520 { "csa_status", vtype_stringptr, &csa_status },
521 #ifdef EXPERIMENTAL_DCC
522 { "dcc_header", vtype_stringptr, &dcc_header },
523 { "dcc_result", vtype_stringptr, &dcc_result },
524 #endif
525 #ifndef DISABLE_DKIM
526 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
527 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
528 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
529 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
530 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
531 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
532 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
533 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
534 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
535 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
536 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
537 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
538 { "dkim_key_length", vtype_int, &dkim_key_length },
539 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
540 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
541 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
542 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
543 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
544 { "dkim_signers", vtype_stringptr, &dkim_signers },
545 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
546 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
547 #endif
548 #ifdef SUPPORT_DMARC
549 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
550 { "dmarc_status", vtype_stringptr, &dmarc_status },
551 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
552 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
553 #endif
554 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
555 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
556 { "dnslist_text", vtype_stringptr, &dnslist_text },
557 { "dnslist_value", vtype_stringptr, &dnslist_value },
558 { "domain", vtype_stringptr, &deliver_domain },
559 { "domain_data", vtype_stringptr, &deliver_domain_data },
560 #ifndef DISABLE_EVENT
561 { "event_data", vtype_stringptr, &event_data },
562
563 /*XXX want to use generic vars for as many of these as possible*/
564 { "event_defer_errno", vtype_int, &event_defer_errno },
565
566 { "event_name", vtype_stringptr, &event_name },
567 #endif
568 { "exim_gid", vtype_gid, &exim_gid },
569 { "exim_path", vtype_stringptr, &exim_path },
570 { "exim_uid", vtype_uid, &exim_uid },
571 { "exim_version", vtype_stringptr, &version_string },
572 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
573 { "home", vtype_stringptr, &deliver_home },
574 { "host", vtype_stringptr, &deliver_host },
575 { "host_address", vtype_stringptr, &deliver_host_address },
576 { "host_data", vtype_stringptr, &host_data },
577 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
578 { "host_lookup_failed", vtype_int, &host_lookup_failed },
579 { "host_port", vtype_int, &deliver_host_port },
580 { "initial_cwd", vtype_stringptr, &initial_cwd },
581 { "inode", vtype_ino, &deliver_inode },
582 { "interface_address", vtype_stringptr, &interface_address },
583 { "interface_port", vtype_int, &interface_port },
584 { "item", vtype_stringptr, &iterate_item },
585 #ifdef LOOKUP_LDAP
586 { "ldap_dn", vtype_stringptr, &eldap_dn },
587 #endif
588 { "load_average", vtype_load_avg, NULL },
589 { "local_part", vtype_stringptr, &deliver_localpart },
590 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
591 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
592 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
593 { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
594 #ifdef HAVE_LOCAL_SCAN
595 { "local_scan_data", vtype_stringptr, &local_scan_data },
596 #endif
597 { "local_user_gid", vtype_gid, &local_user_gid },
598 { "local_user_uid", vtype_uid, &local_user_uid },
599 { "localhost_number", vtype_int, &host_number },
600 { "log_inodes", vtype_pinodes, (void *)FALSE },
601 { "log_space", vtype_pspace, (void *)FALSE },
602 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
603 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
604 #ifdef WITH_CONTENT_SCAN
605 { "malware_name", vtype_stringptr, &malware_name },
606 #endif
607 { "max_received_linelength", vtype_int, &max_received_linelength },
608 { "message_age", vtype_int, &message_age },
609 { "message_body", vtype_msgbody, &message_body },
610 { "message_body_end", vtype_msgbody_end, &message_body_end },
611 { "message_body_size", vtype_int, &message_body_size },
612 { "message_exim_id", vtype_stringptr, &message_id },
613 { "message_headers", vtype_msgheaders, NULL },
614 { "message_headers_raw", vtype_msgheaders_raw, NULL },
615 { "message_id", vtype_stringptr, &message_id },
616 { "message_linecount", vtype_int, &message_linecount },
617 { "message_size", vtype_int, &message_size },
618 #ifdef SUPPORT_I18N
619 { "message_smtputf8", vtype_bool, &message_smtputf8 },
620 #endif
621 #ifdef WITH_CONTENT_SCAN
622 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
623 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
624 { "mime_boundary", vtype_stringptr, &mime_boundary },
625 { "mime_charset", vtype_stringptr, &mime_charset },
626 { "mime_content_description", vtype_stringptr, &mime_content_description },
627 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
628 { "mime_content_id", vtype_stringptr, &mime_content_id },
629 { "mime_content_size", vtype_int, &mime_content_size },
630 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
631 { "mime_content_type", vtype_stringptr, &mime_content_type },
632 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
633 { "mime_filename", vtype_stringptr, &mime_filename },
634 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
635 { "mime_is_multipart", vtype_int, &mime_is_multipart },
636 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
637 { "mime_part_count", vtype_int, &mime_part_count },
638 #endif
639 { "n0", vtype_filter_int, &filter_n[0] },
640 { "n1", vtype_filter_int, &filter_n[1] },
641 { "n2", vtype_filter_int, &filter_n[2] },
642 { "n3", vtype_filter_int, &filter_n[3] },
643 { "n4", vtype_filter_int, &filter_n[4] },
644 { "n5", vtype_filter_int, &filter_n[5] },
645 { "n6", vtype_filter_int, &filter_n[6] },
646 { "n7", vtype_filter_int, &filter_n[7] },
647 { "n8", vtype_filter_int, &filter_n[8] },
648 { "n9", vtype_filter_int, &filter_n[9] },
649 { "original_domain", vtype_stringptr, &deliver_domain_orig },
650 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
651 { "originator_gid", vtype_gid, &originator_gid },
652 { "originator_uid", vtype_uid, &originator_uid },
653 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
654 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
655 { "pid", vtype_pid, NULL },
656 #ifndef DISABLE_PRDR
657 { "prdr_requested", vtype_bool, &prdr_requested },
658 #endif
659 { "primary_hostname", vtype_stringptr, &primary_hostname },
660 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
661 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
662 { "proxy_external_port", vtype_int, &proxy_external_port },
663 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
664 { "proxy_local_port", vtype_int, &proxy_local_port },
665 { "proxy_session", vtype_bool, &proxy_session },
666 #endif
667 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
668 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
669 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
670 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
671 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
672 { "queue_name", vtype_stringptr, &queue_name },
673 { "queue_size", vtype_string_func, &fn_queue_size },
674 { "rcpt_count", vtype_int, &rcpt_count },
675 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
676 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
677 { "received_count", vtype_int, &received_count },
678 { "received_for", vtype_stringptr, &received_for },
679 { "received_ip_address", vtype_stringptr, &interface_address },
680 { "received_port", vtype_int, &interface_port },
681 { "received_protocol", vtype_stringptr, &received_protocol },
682 { "received_time", vtype_int, &received_time.tv_sec },
683 { "recipient_data", vtype_stringptr, &recipient_data },
684 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
685 { "recipients", vtype_string_func, (void *) &fn_recipients },
686 { "recipients_count", vtype_int, &recipients_count },
687 #ifdef WITH_CONTENT_SCAN
688 { "regex_match_string", vtype_stringptr, &regex_match_string },
689 #endif
690 { "reply_address", vtype_reply, NULL },
691 { "return_path", vtype_stringptr, &return_path },
692 { "return_size_limit", vtype_int, &bounce_return_size_limit },
693 { "router_name", vtype_stringptr, &router_name },
694 { "runrc", vtype_int, &runrc },
695 { "self_hostname", vtype_stringptr, &self_hostname },
696 { "sender_address", vtype_stringptr, &sender_address },
697 { "sender_address_data", vtype_stringptr, &sender_address_data },
698 { "sender_address_domain", vtype_domain, &sender_address },
699 { "sender_address_local_part", vtype_localpart, &sender_address },
700 { "sender_data", vtype_stringptr, &sender_data },
701 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
702 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
703 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
704 { "sender_host_address", vtype_stringptr, &sender_host_address },
705 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
706 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
707 { "sender_host_name", vtype_host_lookup, NULL },
708 { "sender_host_port", vtype_int, &sender_host_port },
709 { "sender_ident", vtype_stringptr, &sender_ident },
710 { "sender_rate", vtype_stringptr, &sender_rate },
711 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
712 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
713 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
714 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
715 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
716 { "sending_port", vtype_int, &sending_port },
717 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
718 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
719 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
720 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
721 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
722 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
723 { "sn0", vtype_filter_int, &filter_sn[0] },
724 { "sn1", vtype_filter_int, &filter_sn[1] },
725 { "sn2", vtype_filter_int, &filter_sn[2] },
726 { "sn3", vtype_filter_int, &filter_sn[3] },
727 { "sn4", vtype_filter_int, &filter_sn[4] },
728 { "sn5", vtype_filter_int, &filter_sn[5] },
729 { "sn6", vtype_filter_int, &filter_sn[6] },
730 { "sn7", vtype_filter_int, &filter_sn[7] },
731 { "sn8", vtype_filter_int, &filter_sn[8] },
732 { "sn9", vtype_filter_int, &filter_sn[9] },
733 #ifdef WITH_CONTENT_SCAN
734 { "spam_action", vtype_stringptr, &spam_action },
735 { "spam_bar", vtype_stringptr, &spam_bar },
736 { "spam_report", vtype_stringptr, &spam_report },
737 { "spam_score", vtype_stringptr, &spam_score },
738 { "spam_score_int", vtype_stringptr, &spam_score_int },
739 #endif
740 #ifdef SUPPORT_SPF
741 { "spf_guess", vtype_stringptr, &spf_guess },
742 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
743 { "spf_received", vtype_stringptr, &spf_received },
744 { "spf_result", vtype_stringptr, &spf_result },
745 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
746 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
747 #endif
748 { "spool_directory", vtype_stringptr, &spool_directory },
749 { "spool_inodes", vtype_pinodes, (void *)TRUE },
750 { "spool_space", vtype_pspace, (void *)TRUE },
751 #ifdef EXPERIMENTAL_SRS
752 { "srs_db_address", vtype_stringptr, &srs_db_address },
753 { "srs_db_key", vtype_stringptr, &srs_db_key },
754 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
755 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
756 #endif
757 #if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
758 { "srs_recipient", vtype_stringptr, &srs_recipient },
759 #endif
760 #ifdef EXPERIMENTAL_SRS
761 { "srs_status", vtype_stringptr, &srs_status },
762 #endif
763 { "thisaddress", vtype_stringptr, &filter_thisaddress },
764
765 /* The non-(in,out) variables are now deprecated */
766 { "tls_bits", vtype_int, &tls_in.bits },
767 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
768 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
769
770 { "tls_in_bits", vtype_int, &tls_in.bits },
771 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
772 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
773 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
774 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
775 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
776 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
777 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
778 #ifdef EXPERIMENTAL_TLS_RESUME
779 { "tls_in_resumption", vtype_int, &tls_in.resumption },
780 #endif
781 #ifndef DISABLE_TLS
782 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
783 #endif
784 { "tls_in_ver", vtype_stringptr, &tls_in.ver },
785 { "tls_out_bits", vtype_int, &tls_out.bits },
786 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
787 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
788 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
789 #ifdef SUPPORT_DANE
790 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
791 #endif
792 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
793 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
794 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
795 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
796 #ifdef EXPERIMENTAL_TLS_RESUME
797 { "tls_out_resumption", vtype_int, &tls_out.resumption },
798 #endif
799 #ifndef DISABLE_TLS
800 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
801 #endif
802 #ifdef SUPPORT_DANE
803 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
804 #endif
805 { "tls_out_ver", vtype_stringptr, &tls_out.ver },
806
807 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
808 #ifndef DISABLE_TLS
809 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
810 #endif
811
812 { "tod_bsdinbox", vtype_todbsdin, NULL },
813 { "tod_epoch", vtype_tode, NULL },
814 { "tod_epoch_l", vtype_todel, NULL },
815 { "tod_full", vtype_todf, NULL },
816 { "tod_log", vtype_todl, NULL },
817 { "tod_logfile", vtype_todlf, NULL },
818 { "tod_zone", vtype_todzone, NULL },
819 { "tod_zulu", vtype_todzulu, NULL },
820 { "transport_name", vtype_stringptr, &transport_name },
821 { "value", vtype_stringptr, &lookup_value },
822 { "verify_mode", vtype_stringptr, &verify_mode },
823 { "version_number", vtype_stringptr, &version_string },
824 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
825 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
826 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
827 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
828 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
829 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
830 };
831
832 static int var_table_size = nelem(var_table);
833 static uschar var_buffer[256];
834 static BOOL malformed_header;
835
836 /* For textual hashes */
837
838 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
839 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
840 "0123456789";
841
842 enum { HMAC_MD5, HMAC_SHA1 };
843
844 /* For numeric hashes */
845
846 static unsigned int prime[] = {
847 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
848 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
849 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
850
851 /* For printing modes in symbolic form */
852
853 static uschar *mtable_normal[] =
854 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
855
856 static uschar *mtable_setid[] =
857 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
858
859 static uschar *mtable_sticky[] =
860 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
861
862 /* flags for find_header() */
863 #define FH_EXISTS_ONLY BIT(0)
864 #define FH_WANT_RAW BIT(1)
865 #define FH_WANT_LIST BIT(2)
866
867
868 /*************************************************
869 * Tables for UTF-8 support *
870 *************************************************/
871
872 /* Table of the number of extra characters, indexed by the first character
873 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
874 0x3d. */
875
876 static uschar utf8_table1[] = {
877 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
878 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
879 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
880 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
881
882 /* These are the masks for the data bits in the first byte of a character,
883 indexed by the number of additional bytes. */
884
885 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
886
887 /* Get the next UTF-8 character, advancing the pointer. */
888
889 #define GETUTF8INC(c, ptr) \
890 c = *ptr++; \
891 if ((c & 0xc0) == 0xc0) \
892 { \
893 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
894 int s = 6*a; \
895 c = (c & utf8_table2[a]) << s; \
896 while (a-- > 0) \
897 { \
898 s -= 6; \
899 c |= (*ptr++ & 0x3f) << s; \
900 } \
901 }
902
903
904
905 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
906
907 /*************************************************
908 * Binary chop search on a table *
909 *************************************************/
910
911 /* This is used for matching expansion items and operators.
912
913 Arguments:
914 name the name that is being sought
915 table the table to search
916 table_size the number of items in the table
917
918 Returns: the offset in the table, or -1
919 */
920
921 static int
922 chop_match(uschar *name, uschar **table, int table_size)
923 {
924 uschar **bot = table;
925 uschar **top = table + table_size;
926
927 while (top > bot)
928 {
929 uschar **mid = bot + (top - bot)/2;
930 int c = Ustrcmp(name, *mid);
931 if (c == 0) return mid - table;
932 if (c > 0) bot = mid + 1; else top = mid;
933 }
934
935 return -1;
936 }
937
938
939
940 /*************************************************
941 * Check a condition string *
942 *************************************************/
943
944 /* This function is called to expand a string, and test the result for a "true"
945 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
946 forced fail or lookup defer.
947
948 We used to release all store used, but this is not not safe due
949 to ${dlfunc } and ${acl }. In any case expand_string_internal()
950 is reasonably careful to release what it can.
951
952 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
953
954 Arguments:
955 condition the condition string
956 m1 text to be incorporated in panic error
957 m2 ditto
958
959 Returns: TRUE if condition is met, FALSE if not
960 */
961
962 BOOL
963 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
964 {
965 uschar * ss = expand_string(condition);
966 if (!ss)
967 {
968 if (!f.expand_string_forcedfail && !f.search_find_defer)
969 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
970 "for %s %s: %s", condition, m1, m2, expand_string_message);
971 return FALSE;
972 }
973 return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
974 strcmpic(ss, US"false") != 0;
975 }
976
977
978
979
980 /*************************************************
981 * Pseudo-random number generation *
982 *************************************************/
983
984 /* Pseudo-random number generation. The result is not "expected" to be
985 cryptographically strong but not so weak that someone will shoot themselves
986 in the foot using it as a nonce in some email header scheme or whatever
987 weirdness they'll twist this into. The result should ideally handle fork().
988
989 However, if we're stuck unable to provide this, then we'll fall back to
990 appallingly bad randomness.
991
992 If DISABLE_TLS is not defined then this will not be used except as an emergency
993 fallback.
994
995 Arguments:
996 max range maximum
997 Returns a random number in range [0, max-1]
998 */
999
1000 #ifndef DISABLE_TLS
1001 # define vaguely_random_number vaguely_random_number_fallback
1002 #endif
1003 int
1004 vaguely_random_number(int max)
1005 {
1006 #ifndef DISABLE_TLS
1007 # undef vaguely_random_number
1008 #endif
1009 static pid_t pid = 0;
1010 pid_t p2;
1011
1012 if ((p2 = getpid()) != pid)
1013 {
1014 if (pid != 0)
1015 {
1016
1017 #ifdef HAVE_ARC4RANDOM
1018 /* cryptographically strong randomness, common on *BSD platforms, not
1019 so much elsewhere. Alas. */
1020 # ifndef NOT_HAVE_ARC4RANDOM_STIR
1021 arc4random_stir();
1022 # endif
1023 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1024 # ifdef HAVE_SRANDOMDEV
1025 /* uses random(4) for seeding */
1026 srandomdev();
1027 # else
1028 {
1029 struct timeval tv;
1030 gettimeofday(&tv, NULL);
1031 srandom(tv.tv_sec | tv.tv_usec | getpid());
1032 }
1033 # endif
1034 #else
1035 /* Poor randomness and no seeding here */
1036 #endif
1037
1038 }
1039 pid = p2;
1040 }
1041
1042 #ifdef HAVE_ARC4RANDOM
1043 return arc4random() % max;
1044 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1045 return random() % max;
1046 #else
1047 /* This one returns a 16-bit number, definitely not crypto-strong */
1048 return random_number(max);
1049 #endif
1050 }
1051
1052
1053
1054
1055 /*************************************************
1056 * Pick out a name from a string *
1057 *************************************************/
1058
1059 /* If the name is too long, it is silently truncated.
1060
1061 Arguments:
1062 name points to a buffer into which to put the name
1063 max is the length of the buffer
1064 s points to the first alphabetic character of the name
1065 extras chars other than alphanumerics to permit
1066
1067 Returns: pointer to the first character after the name
1068
1069 Note: The test for *s != 0 in the while loop is necessary because
1070 Ustrchr() yields non-NULL if the character is zero (which is not something
1071 I expected). */
1072
1073 static const uschar *
1074 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1075 {
1076 int ptr = 0;
1077 while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1078 {
1079 if (ptr < max-1) name[ptr++] = *s;
1080 s++;
1081 }
1082 name[ptr] = 0;
1083 return s;
1084 }
1085
1086
1087
1088 /*************************************************
1089 * Pick out the rest of a header name *
1090 *************************************************/
1091
1092 /* A variable name starting $header_ (or just $h_ for those who like
1093 abbreviations) might not be the complete header name because headers can
1094 contain any printing characters in their names, except ':'. This function is
1095 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1096 on the end, if the name was terminated by white space.
1097
1098 Arguments:
1099 name points to a buffer in which the name read so far exists
1100 max is the length of the buffer
1101 s points to the first character after the name so far, i.e. the
1102 first non-alphameric character after $header_xxxxx
1103
1104 Returns: a pointer to the first character after the header name
1105 */
1106
1107 static const uschar *
1108 read_header_name(uschar *name, int max, const uschar *s)
1109 {
1110 int prelen = Ustrchr(name, '_') - name + 1;
1111 int ptr = Ustrlen(name) - prelen;
1112 if (ptr > 0) memmove(name, name+prelen, ptr);
1113 while (mac_isgraph(*s) && *s != ':')
1114 {
1115 if (ptr < max-1) name[ptr++] = *s;
1116 s++;
1117 }
1118 if (*s == ':') s++;
1119 name[ptr++] = ':';
1120 name[ptr] = 0;
1121 return s;
1122 }
1123
1124
1125
1126 /*************************************************
1127 * Pick out a number from a string *
1128 *************************************************/
1129
1130 /* Arguments:
1131 n points to an integer into which to put the number
1132 s points to the first digit of the number
1133
1134 Returns: a pointer to the character after the last digit
1135 */
1136 /*XXX consider expanding to int_eximarith_t. But the test for
1137 "overbig numbers" in 0002 still needs to overflow it. */
1138
1139 static uschar *
1140 read_number(int *n, uschar *s)
1141 {
1142 *n = 0;
1143 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1144 return s;
1145 }
1146
1147 static const uschar *
1148 read_cnumber(int *n, const uschar *s)
1149 {
1150 *n = 0;
1151 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1152 return s;
1153 }
1154
1155
1156
1157 /*************************************************
1158 * Extract keyed subfield from a string *
1159 *************************************************/
1160
1161 /* The yield is in dynamic store; NULL means that the key was not found.
1162
1163 Arguments:
1164 key points to the name of the key
1165 s points to the string from which to extract the subfield
1166
1167 Returns: NULL if the subfield was not found, or
1168 a pointer to the subfield's data
1169 */
1170
1171 static uschar *
1172 expand_getkeyed(uschar * key, const uschar * s)
1173 {
1174 int length = Ustrlen(key);
1175 while (isspace(*s)) s++;
1176
1177 /* Loop to search for the key */
1178
1179 while (*s)
1180 {
1181 int dkeylength;
1182 uschar * data;
1183 const uschar * dkey = s;
1184
1185 while (*s && *s != '=' && !isspace(*s)) s++;
1186 dkeylength = s - dkey;
1187 while (isspace(*s)) s++;
1188 if (*s == '=') while (isspace((*(++s))));
1189
1190 data = string_dequote(&s);
1191 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1192 return data;
1193
1194 while (isspace(*s)) s++;
1195 }
1196
1197 return NULL;
1198 }
1199
1200
1201
1202 static var_entry *
1203 find_var_ent(uschar * name)
1204 {
1205 int first = 0;
1206 int last = var_table_size;
1207
1208 while (last > first)
1209 {
1210 int middle = (first + last)/2;
1211 int c = Ustrcmp(name, var_table[middle].name);
1212
1213 if (c > 0) { first = middle + 1; continue; }
1214 if (c < 0) { last = middle; continue; }
1215 return &var_table[middle];
1216 }
1217 return NULL;
1218 }
1219
1220 /*************************************************
1221 * Extract numbered subfield from string *
1222 *************************************************/
1223
1224 /* Extracts a numbered field from a string that is divided by tokens - for
1225 example a line from /etc/passwd is divided by colon characters. First field is
1226 numbered one. Negative arguments count from the right. Zero returns the whole
1227 string. Returns NULL if there are insufficient tokens in the string
1228
1229 ***WARNING***
1230 Modifies final argument - this is a dynamically generated string, so that's OK.
1231
1232 Arguments:
1233 field number of field to be extracted,
1234 first field = 1, whole string = 0, last field = -1
1235 separators characters that are used to break string into tokens
1236 s points to the string from which to extract the subfield
1237
1238 Returns: NULL if the field was not found,
1239 a pointer to the field's data inside s (modified to add 0)
1240 */
1241
1242 static uschar *
1243 expand_gettokened (int field, uschar *separators, uschar *s)
1244 {
1245 int sep = 1;
1246 int count;
1247 uschar *ss = s;
1248 uschar *fieldtext = NULL;
1249
1250 if (field == 0) return s;
1251
1252 /* Break the line up into fields in place; for field > 0 we stop when we have
1253 done the number of fields we want. For field < 0 we continue till the end of
1254 the string, counting the number of fields. */
1255
1256 count = (field > 0)? field : INT_MAX;
1257
1258 while (count-- > 0)
1259 {
1260 size_t len;
1261
1262 /* Previous field was the last one in the string. For a positive field
1263 number, this means there are not enough fields. For a negative field number,
1264 check that there are enough, and scan back to find the one that is wanted. */
1265
1266 if (sep == 0)
1267 {
1268 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1269 if ((-field) == (INT_MAX - count - 1)) return s;
1270 while (field++ < 0)
1271 {
1272 ss--;
1273 while (ss[-1] != 0) ss--;
1274 }
1275 fieldtext = ss;
1276 break;
1277 }
1278
1279 /* Previous field was not last in the string; save its start and put a
1280 zero at its end. */
1281
1282 fieldtext = ss;
1283 len = Ustrcspn(ss, separators);
1284 sep = ss[len];
1285 ss[len] = 0;
1286 ss += len + 1;
1287 }
1288
1289 return fieldtext;
1290 }
1291
1292
1293 static uschar *
1294 expand_getlistele(int field, const uschar * list)
1295 {
1296 const uschar * tlist = list;
1297 int sep = 0;
1298 uschar dummy;
1299
1300 if (field < 0)
1301 {
1302 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1303 sep = 0;
1304 }
1305 if (field == 0) return NULL;
1306 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1307 return string_nextinlist(&list, &sep, NULL, 0);
1308 }
1309
1310
1311 /* Certificate fields, by name. Worry about by-OID later */
1312 /* Names are chosen to not have common prefixes */
1313
1314 #ifndef DISABLE_TLS
1315 typedef struct
1316 {
1317 uschar * name;
1318 int namelen;
1319 uschar * (*getfn)(void * cert, uschar * mod);
1320 } certfield;
1321 static certfield certfields[] =
1322 { /* linear search; no special order */
1323 { US"version", 7, &tls_cert_version },
1324 { US"serial_number", 13, &tls_cert_serial_number },
1325 { US"subject", 7, &tls_cert_subject },
1326 { US"notbefore", 9, &tls_cert_not_before },
1327 { US"notafter", 8, &tls_cert_not_after },
1328 { US"issuer", 6, &tls_cert_issuer },
1329 { US"signature", 9, &tls_cert_signature },
1330 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1331 { US"subj_altname", 12, &tls_cert_subject_altname },
1332 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1333 { US"crl_uri", 7, &tls_cert_crl_uri },
1334 };
1335
1336 static uschar *
1337 expand_getcertele(uschar * field, uschar * certvar)
1338 {
1339 var_entry * vp;
1340
1341 if (!(vp = find_var_ent(certvar)))
1342 {
1343 expand_string_message =
1344 string_sprintf("no variable named \"%s\"", certvar);
1345 return NULL; /* Unknown variable name */
1346 }
1347 /* NB this stops us passing certs around in variable. Might
1348 want to do that in future */
1349 if (vp->type != vtype_cert)
1350 {
1351 expand_string_message =
1352 string_sprintf("\"%s\" is not a certificate", certvar);
1353 return NULL; /* Unknown variable name */
1354 }
1355 if (!*(void **)vp->value)
1356 return NULL;
1357
1358 if (*field >= '0' && *field <= '9')
1359 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1360
1361 for (certfield * cp = certfields;
1362 cp < certfields + nelem(certfields);
1363 cp++)
1364 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1365 {
1366 uschar * modifier = *(field += cp->namelen) == ','
1367 ? ++field : NULL;
1368 return (*cp->getfn)( *(void **)vp->value, modifier );
1369 }
1370
1371 expand_string_message =
1372 string_sprintf("bad field selector \"%s\" for certextract", field);
1373 return NULL;
1374 }
1375 #endif /*DISABLE_TLS*/
1376
1377 /*************************************************
1378 * Extract a substring from a string *
1379 *************************************************/
1380
1381 /* Perform the ${substr or ${length expansion operations.
1382
1383 Arguments:
1384 subject the input string
1385 value1 the offset from the start of the input string to the start of
1386 the output string; if negative, count from the right.
1387 value2 the length of the output string, or negative (-1) for unset
1388 if value1 is positive, unset means "all after"
1389 if value1 is negative, unset means "all before"
1390 len set to the length of the returned string
1391
1392 Returns: pointer to the output string, or NULL if there is an error
1393 */
1394
1395 static uschar *
1396 extract_substr(uschar *subject, int value1, int value2, int *len)
1397 {
1398 int sublen = Ustrlen(subject);
1399
1400 if (value1 < 0) /* count from right */
1401 {
1402 value1 += sublen;
1403
1404 /* If the position is before the start, skip to the start, and adjust the
1405 length. If the length ends up negative, the substring is null because nothing
1406 can precede. This falls out naturally when the length is unset, meaning "all
1407 to the left". */
1408
1409 if (value1 < 0)
1410 {
1411 value2 += value1;
1412 if (value2 < 0) value2 = 0;
1413 value1 = 0;
1414 }
1415
1416 /* Otherwise an unset length => characters before value1 */
1417
1418 else if (value2 < 0)
1419 {
1420 value2 = value1;
1421 value1 = 0;
1422 }
1423 }
1424
1425 /* For a non-negative offset, if the starting position is past the end of the
1426 string, the result will be the null string. Otherwise, an unset length means
1427 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1428
1429 else
1430 {
1431 if (value1 > sublen)
1432 {
1433 value1 = sublen;
1434 value2 = 0;
1435 }
1436 else if (value2 < 0) value2 = sublen;
1437 }
1438
1439 /* Cut the length down to the maximum possible for the offset value, and get
1440 the required characters. */
1441
1442 if (value1 + value2 > sublen) value2 = sublen - value1;
1443 *len = value2;
1444 return subject + value1;
1445 }
1446
1447
1448
1449
1450 /*************************************************
1451 * Old-style hash of a string *
1452 *************************************************/
1453
1454 /* Perform the ${hash expansion operation.
1455
1456 Arguments:
1457 subject the input string (an expanded substring)
1458 value1 the length of the output string; if greater or equal to the
1459 length of the input string, the input string is returned
1460 value2 the number of hash characters to use, or 26 if negative
1461 len set to the length of the returned string
1462
1463 Returns: pointer to the output string, or NULL if there is an error
1464 */
1465
1466 static uschar *
1467 compute_hash(uschar *subject, int value1, int value2, int *len)
1468 {
1469 int sublen = Ustrlen(subject);
1470
1471 if (value2 < 0) value2 = 26;
1472 else if (value2 > Ustrlen(hashcodes))
1473 {
1474 expand_string_message =
1475 string_sprintf("hash count \"%d\" too big", value2);
1476 return NULL;
1477 }
1478
1479 /* Calculate the hash text. We know it is shorter than the original string, so
1480 can safely place it in subject[] (we know that subject is always itself an
1481 expanded substring). */
1482
1483 if (value1 < sublen)
1484 {
1485 int c;
1486 int i = 0;
1487 int j = value1;
1488 while ((c = (subject[j])) != 0)
1489 {
1490 int shift = (c + j++) & 7;
1491 subject[i] ^= (c << shift) | (c >> (8-shift));
1492 if (++i >= value1) i = 0;
1493 }
1494 for (i = 0; i < value1; i++)
1495 subject[i] = hashcodes[(subject[i]) % value2];
1496 }
1497 else value1 = sublen;
1498
1499 *len = value1;
1500 return subject;
1501 }
1502
1503
1504
1505
1506 /*************************************************
1507 * Numeric hash of a string *
1508 *************************************************/
1509
1510 /* Perform the ${nhash expansion operation. The first characters of the
1511 string are treated as most important, and get the highest prime numbers.
1512
1513 Arguments:
1514 subject the input string
1515 value1 the maximum value of the first part of the result
1516 value2 the maximum value of the second part of the result,
1517 or negative to produce only a one-part result
1518 len set to the length of the returned string
1519
1520 Returns: pointer to the output string, or NULL if there is an error.
1521 */
1522
1523 static uschar *
1524 compute_nhash (uschar *subject, int value1, int value2, int *len)
1525 {
1526 uschar *s = subject;
1527 int i = 0;
1528 unsigned long int total = 0; /* no overflow */
1529
1530 while (*s != 0)
1531 {
1532 if (i == 0) i = nelem(prime) - 1;
1533 total += prime[i--] * (unsigned int)(*s++);
1534 }
1535
1536 /* If value2 is unset, just compute one number */
1537
1538 if (value2 < 0)
1539 s = string_sprintf("%lu", total % value1);
1540
1541 /* Otherwise do a div/mod hash */
1542
1543 else
1544 {
1545 total = total % (value1 * value2);
1546 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1547 }
1548
1549 *len = Ustrlen(s);
1550 return s;
1551 }
1552
1553
1554
1555
1556
1557 /*************************************************
1558 * Find the value of a header or headers *
1559 *************************************************/
1560
1561 /* Multiple instances of the same header get concatenated, and this function
1562 can also return a concatenation of all the header lines. When concatenating
1563 specific headers that contain lists of addresses, a comma is inserted between
1564 them. Otherwise we use a straight concatenation. Because some messages can have
1565 pathologically large number of lines, there is a limit on the length that is
1566 returned.
1567
1568 Arguments:
1569 name the name of the header, without the leading $header_ or $h_,
1570 or NULL if a concatenation of all headers is required
1571 newsize return the size of memory block that was obtained; may be NULL
1572 if exists_only is TRUE
1573 flags FH_EXISTS_ONLY
1574 set if called from a def: test; don't need to build a string;
1575 just return a string that is not "" and not "0" if the header
1576 exists
1577 FH_WANT_RAW
1578 set if called for $rh_ or $rheader_ items; no processing,
1579 other than concatenating, will be done on the header. Also used
1580 for $message_headers_raw.
1581 FH_WANT_LIST
1582 Double colon chars in the content, and replace newline with
1583 colon between each element when concatenating; returning a
1584 colon-sep list (elements might contain newlines)
1585 charset name of charset to translate MIME words to; used only if
1586 want_raw is false; if NULL, no translation is done (this is
1587 used for $bh_ and $bheader_)
1588
1589 Returns: NULL if the header does not exist, else a pointer to a new
1590 store block
1591 */
1592
1593 static uschar *
1594 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1595 {
1596 BOOL found = !name;
1597 int len = name ? Ustrlen(name) : 0;
1598 BOOL comma = FALSE;
1599 gstring * g = NULL;
1600
1601 for (header_line * h = header_list; h; h = h->next)
1602 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1603 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1604 {
1605 uschar * s, * t;
1606 size_t inc;
1607
1608 if (flags & FH_EXISTS_ONLY)
1609 return US"1"; /* don't need actual string */
1610
1611 found = TRUE;
1612 s = h->text + len; /* text to insert */
1613 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1614 while (isspace(*s)) s++; /* remove leading white space */
1615 t = h->text + h->slen; /* end-point */
1616
1617 /* Unless wanted raw, remove trailing whitespace, including the
1618 newline. */
1619
1620 if (flags & FH_WANT_LIST)
1621 while (t > s && t[-1] == '\n') t--;
1622 else if (!(flags & FH_WANT_RAW))
1623 {
1624 while (t > s && isspace(t[-1])) t--;
1625
1626 /* Set comma if handling a single header and it's one of those
1627 that contains an address list, except when asked for raw headers. Only
1628 need to do this once. */
1629
1630 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1631 }
1632
1633 /* Trim the header roughly if we're approaching limits */
1634 inc = t - s;
1635 if (gstring_length(g) + inc > header_insert_maxlen)
1636 inc = header_insert_maxlen - gstring_length(g);
1637
1638 /* For raw just copy the data; for a list, add the data as a colon-sep
1639 list-element; for comma-list add as an unchecked comma,newline sep
1640 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1641 stripped trailing WS above including the newline). We ignore the potential
1642 expansion due to colon-doubling, just leaving the loop if the limit is met
1643 or exceeded. */
1644
1645 if (flags & FH_WANT_LIST)
1646 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1647 else if (flags & FH_WANT_RAW)
1648 g = string_catn(g, s, (unsigned)inc);
1649 else if (inc > 0)
1650 g = string_append2_listele_n(g, comma ? US",\n" : US"\n",
1651 s, (unsigned)inc);
1652
1653 if (gstring_length(g) >= header_insert_maxlen) break;
1654 }
1655
1656 if (!found) return NULL; /* No header found */
1657 if (!g) return US"";
1658
1659 /* That's all we do for raw header expansion. */
1660
1661 *newsize = g->size;
1662 if (flags & FH_WANT_RAW)
1663 return string_from_gstring(g);
1664
1665 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1666 The rfc2047_decode2() function can return an error with decoded data if the
1667 charset translation fails. If decoding fails, it returns NULL. */
1668
1669 else
1670 {
1671 uschar * error, * decoded = rfc2047_decode2(string_from_gstring(g),
1672 check_rfc2047_length, charset, '?', NULL, newsize, &error);
1673 if (error)
1674 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1675 " input was: %s\n", error, g->s);
1676 return decoded ? decoded : string_from_gstring(g);
1677 }
1678 }
1679
1680
1681
1682
1683 /* Append a "local" element to an Authentication-Results: header
1684 if this was a non-smtp message.
1685 */
1686
1687 static gstring *
1688 authres_local(gstring * g, const uschar * sysname)
1689 {
1690 if (!f.authentication_local)
1691 return g;
1692 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1693 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1694 return g;
1695 }
1696
1697
1698 /* Append an "iprev" element to an Authentication-Results: header
1699 if we have attempted to get the calling host's name.
1700 */
1701
1702 static gstring *
1703 authres_iprev(gstring * g)
1704 {
1705 if (sender_host_name)
1706 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1707 else if (host_lookup_deferred)
1708 g = string_catn(g, US";\n\tiprev=temperror", 19);
1709 else if (host_lookup_failed)
1710 g = string_catn(g, US";\n\tiprev=fail", 13);
1711 else
1712 return g;
1713
1714 if (sender_host_address)
1715 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1716 return g;
1717 }
1718
1719
1720
1721 /*************************************************
1722 * Return list of recipients *
1723 *************************************************/
1724 /* A recipients list is available only during system message filtering,
1725 during ACL processing after DATA, and while expanding pipe commands
1726 generated from a system filter, but not elsewhere. */
1727
1728 static uschar *
1729 fn_recipients(void)
1730 {
1731 uschar * s;
1732 gstring * g = NULL;
1733
1734 if (!f.enable_dollar_recipients) return NULL;
1735
1736 for (int i = 0; i < recipients_count; i++)
1737 {
1738 s = recipients_list[i].address;
1739 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1740 }
1741 return g ? g->s : NULL;
1742 }
1743
1744
1745 /*************************************************
1746 * Return size of queue *
1747 *************************************************/
1748 /* Ask the daemon for the queue size */
1749
1750 static uschar *
1751 fn_queue_size(void)
1752 {
1753 struct sockaddr_un sun = {.sun_family = AF_UNIX};
1754 uschar buf[16];
1755 int fd;
1756 ssize_t len;
1757 const uschar * where;
1758
1759 if ((fd = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0)
1760 {
1761 DEBUG(D_expand) debug_printf(" socket: %s\n", strerror(errno));
1762 return NULL;
1763 }
1764
1765 #define ABSTRACT_CLIENT
1766 #ifdef ABSTRACT_CLIENT
1767 sun.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1768 len = offsetof(struct sockaddr_un, sun_path) + 1
1769 + snprintf(sun.sun_path+1, sizeof(sun.sun_path)-1, "exim_%d", getpid());
1770 #else
1771 len = offsetof(struct sockaddr_un, sun_path)
1772 + snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/p_%d",
1773 spool_directory, getpid());
1774 #endif
1775
1776 if (bind(fd, &sun, len) < 0) { where = US"bind"; goto bad; }
1777
1778 #ifdef notdef
1779 debug_printf("local%s '%s'\n", *sun.sun_path ? "" : " abstract",
1780 sun.sun_path+ (*sun.sun_path ? 0 : 1));
1781 #endif
1782
1783 sun.sun_path[0] = 0; /* Abstract local socket addr - Linux-specific? */
1784 len = offsetof(struct sockaddr_un, sun_path) + 1
1785 + snprintf(sun.sun_path+1, sizeof(sun.sun_path)-1, "%s", NOTIFIER_SOCKET_NAME);
1786
1787 if (connect(fd, &sun, len) < 0) { where = US"connect"; goto bad; }
1788
1789 buf[0] = NOTIFY_QUEUE_SIZE_REQ;
1790 if (send(fd, buf, 1, 0) < 0) { where = US"send"; goto bad; }
1791
1792 if ((len = recv(fd, buf, sizeof(buf), 0)) < 0) { where = US"recv"; goto bad; }
1793
1794 close(fd);
1795 return string_copyn(buf, len);
1796
1797 bad:
1798 close(fd);
1799 DEBUG(D_expand) debug_printf(" %s: %s\n", where, strerror(errno));
1800 return NULL;
1801 }
1802
1803
1804 /*************************************************
1805 * Find value of a variable *
1806 *************************************************/
1807
1808 /* The table of variables is kept in alphabetic order, so we can search it
1809 using a binary chop. The "choplen" variable is nothing to do with the binary
1810 chop.
1811
1812 Arguments:
1813 name the name of the variable being sought
1814 exists_only TRUE if this is a def: test; passed on to find_header()
1815 skipping TRUE => skip any processing evaluation; this is not the same as
1816 exists_only because def: may test for values that are first
1817 evaluated here
1818 newsize pointer to an int which is initially zero; if the answer is in
1819 a new memory buffer, *newsize is set to its size
1820
1821 Returns: NULL if the variable does not exist, or
1822 a pointer to the variable's contents, or
1823 something non-NULL if exists_only is TRUE
1824 */
1825
1826 static uschar *
1827 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1828 {
1829 var_entry * vp;
1830 uschar *s, *domain;
1831 uschar **ss;
1832 void * val;
1833
1834 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1835 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1836 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1837 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1838 (this gave backwards compatibility at the changeover). There may be built-in
1839 variables whose names start acl_ but they should never start in this way. This
1840 slightly messy specification is a consequence of the history, needless to say.
1841
1842 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1843 set, in which case give an error. */
1844
1845 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1846 !isalpha(name[5]))
1847 {
1848 tree_node * node =
1849 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1850 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1851 }
1852 else if (Ustrncmp(name, "r_", 2) == 0)
1853 {
1854 tree_node * node = tree_search(router_var, name + 2);
1855 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1856 }
1857
1858 /* Handle $auth<n> variables. */
1859
1860 if (Ustrncmp(name, "auth", 4) == 0)
1861 {
1862 uschar *endptr;
1863 int n = Ustrtoul(name + 4, &endptr, 10);
1864 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1865 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1866 }
1867 else if (Ustrncmp(name, "regex", 5) == 0)
1868 {
1869 uschar *endptr;
1870 int n = Ustrtoul(name + 5, &endptr, 10);
1871 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1872 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1873 }
1874
1875 /* For all other variables, search the table */
1876
1877 if (!(vp = find_var_ent(name)))
1878 return NULL; /* Unknown variable name */
1879
1880 /* Found an existing variable. If in skipping state, the value isn't needed,
1881 and we want to avoid processing (such as looking up the host name). */
1882
1883 if (skipping)
1884 return US"";
1885
1886 val = vp->value;
1887 switch (vp->type)
1888 {
1889 case vtype_filter_int:
1890 if (!f.filter_running) return NULL;
1891 /* Fall through */
1892 /* VVVVVVVVVVVV */
1893 case vtype_int:
1894 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1895 return var_buffer;
1896
1897 case vtype_ino:
1898 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1899 return var_buffer;
1900
1901 case vtype_gid:
1902 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1903 return var_buffer;
1904
1905 case vtype_uid:
1906 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1907 return var_buffer;
1908
1909 case vtype_bool:
1910 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1911 return var_buffer;
1912
1913 case vtype_stringptr: /* Pointer to string */
1914 return (s = *((uschar **)(val))) ? s : US"";
1915
1916 case vtype_pid:
1917 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1918 return var_buffer;
1919
1920 case vtype_load_avg:
1921 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1922 return var_buffer;
1923
1924 case vtype_host_lookup: /* Lookup if not done so */
1925 if ( !sender_host_name && sender_host_address
1926 && !host_lookup_failed && host_name_lookup() == OK)
1927 host_build_sender_fullhost();
1928 return sender_host_name ? sender_host_name : US"";
1929
1930 case vtype_localpart: /* Get local part from address */
1931 if (!(s = *((uschar **)(val)))) return US"";
1932 if (!(domain = Ustrrchr(s, '@'))) return s;
1933 if (domain - s > sizeof(var_buffer) - 1)
1934 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1935 " in string expansion", sizeof(var_buffer));
1936 return string_copyn(s, domain - s);
1937
1938 case vtype_domain: /* Get domain from address */
1939 if (!(s = *((uschar **)(val)))) return US"";
1940 domain = Ustrrchr(s, '@');
1941 return domain ? domain + 1 : US"";
1942
1943 case vtype_msgheaders:
1944 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1945
1946 case vtype_msgheaders_raw:
1947 return find_header(NULL, newsize,
1948 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1949
1950 case vtype_msgbody: /* Pointer to msgbody string */
1951 case vtype_msgbody_end: /* Ditto, the end of the msg */
1952 ss = (uschar **)(val);
1953 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1954 {
1955 uschar *body;
1956 off_t start_offset = SPOOL_DATA_START_OFFSET;
1957 int len = message_body_visible;
1958 if (len > message_size) len = message_size;
1959 *ss = body = store_malloc(len+1);
1960 body[0] = 0;
1961 if (vp->type == vtype_msgbody_end)
1962 {
1963 struct stat statbuf;
1964 if (fstat(deliver_datafile, &statbuf) == 0)
1965 {
1966 start_offset = statbuf.st_size - len;
1967 if (start_offset < SPOOL_DATA_START_OFFSET)
1968 start_offset = SPOOL_DATA_START_OFFSET;
1969 }
1970 }
1971 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1972 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1973 strerror(errno));
1974 len = read(deliver_datafile, body, len);
1975 if (len > 0)
1976 {
1977 body[len] = 0;
1978 if (message_body_newlines) /* Separate loops for efficiency */
1979 while (len > 0)
1980 { if (body[--len] == 0) body[len] = ' '; }
1981 else
1982 while (len > 0)
1983 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1984 }
1985 }
1986 return *ss ? *ss : US"";
1987
1988 case vtype_todbsdin: /* BSD inbox time of day */
1989 return tod_stamp(tod_bsdin);
1990
1991 case vtype_tode: /* Unix epoch time of day */
1992 return tod_stamp(tod_epoch);
1993
1994 case vtype_todel: /* Unix epoch/usec time of day */
1995 return tod_stamp(tod_epoch_l);
1996
1997 case vtype_todf: /* Full time of day */
1998 return tod_stamp(tod_full);
1999
2000 case vtype_todl: /* Log format time of day */
2001 return tod_stamp(tod_log_bare); /* (without timezone) */
2002
2003 case vtype_todzone: /* Time zone offset only */
2004 return tod_stamp(tod_zone);
2005
2006 case vtype_todzulu: /* Zulu time */
2007 return tod_stamp(tod_zulu);
2008
2009 case vtype_todlf: /* Log file datestamp tod */
2010 return tod_stamp(tod_log_datestamp_daily);
2011
2012 case vtype_reply: /* Get reply address */
2013 s = find_header(US"reply-to:", newsize,
2014 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2015 headers_charset);
2016 if (s) while (isspace(*s)) s++;
2017 if (!s || !*s)
2018 {
2019 *newsize = 0; /* For the *s==0 case */
2020 s = find_header(US"from:", newsize,
2021 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
2022 headers_charset);
2023 }
2024 if (s)
2025 {
2026 uschar *t;
2027 while (isspace(*s)) s++;
2028 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
2029 while (t > s && isspace(t[-1])) t--;
2030 *t = 0;
2031 }
2032 return s ? s : US"";
2033
2034 case vtype_string_func:
2035 {
2036 stringptr_fn_t * fn = (stringptr_fn_t *) val;
2037 return fn();
2038 }
2039
2040 case vtype_pspace:
2041 {
2042 int inodes;
2043 sprintf(CS var_buffer, PR_EXIM_ARITH,
2044 receive_statvfs(val == (void *)TRUE, &inodes));
2045 }
2046 return var_buffer;
2047
2048 case vtype_pinodes:
2049 {
2050 int inodes;
2051 (void) receive_statvfs(val == (void *)TRUE, &inodes);
2052 sprintf(CS var_buffer, "%d", inodes);
2053 }
2054 return var_buffer;
2055
2056 case vtype_cert:
2057 return *(void **)val ? US"<cert>" : US"";
2058
2059 #ifndef DISABLE_DKIM
2060 case vtype_dkim:
2061 return dkim_exim_expand_query((int)(long)val);
2062 #endif
2063
2064 }
2065
2066 return NULL; /* Unknown variable. Silences static checkers. */
2067 }
2068
2069
2070
2071
2072 void
2073 modify_variable(uschar *name, void * value)
2074 {
2075 var_entry * vp;
2076 if ((vp = find_var_ent(name))) vp->value = value;
2077 return; /* Unknown variable name, fail silently */
2078 }
2079
2080
2081
2082
2083
2084
2085 /*************************************************
2086 * Read and expand substrings *
2087 *************************************************/
2088
2089 /* This function is called to read and expand argument substrings for various
2090 expansion items. Some have a minimum requirement that is less than the maximum;
2091 in these cases, the first non-present one is set to NULL.
2092
2093 Arguments:
2094 sub points to vector of pointers to set
2095 n maximum number of substrings
2096 m minimum required
2097 sptr points to current string pointer
2098 skipping the skipping flag
2099 check_end if TRUE, check for final '}'
2100 name name of item, for error message
2101 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2102 the store.
2103
2104 Returns: 0 OK; string pointer updated
2105 1 curly bracketing error (too few arguments)
2106 2 too many arguments (only if check_end is set); message set
2107 3 other error (expansion failure)
2108 */
2109
2110 static int
2111 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2112 BOOL check_end, uschar *name, BOOL *resetok)
2113 {
2114 const uschar *s = *sptr;
2115
2116 while (isspace(*s)) s++;
2117 for (int i = 0; i < n; i++)
2118 {
2119 if (*s != '{')
2120 {
2121 if (i < m)
2122 {
2123 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2124 "(min is %d)", name, m);
2125 return 1;
2126 }
2127 sub[i] = NULL;
2128 break;
2129 }
2130 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2131 return 3;
2132 if (*s++ != '}') return 1;
2133 while (isspace(*s)) s++;
2134 }
2135 if (check_end && *s++ != '}')
2136 {
2137 if (s[-1] == '{')
2138 {
2139 expand_string_message = string_sprintf("Too many arguments for '%s' "
2140 "(max is %d)", name, n);
2141 return 2;
2142 }
2143 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2144 return 1;
2145 }
2146
2147 *sptr = s;
2148 return 0;
2149 }
2150
2151
2152
2153
2154 /*************************************************
2155 * Elaborate message for bad variable *
2156 *************************************************/
2157
2158 /* For the "unknown variable" message, take a look at the variable's name, and
2159 give additional information about possible ACL variables. The extra information
2160 is added on to expand_string_message.
2161
2162 Argument: the name of the variable
2163 Returns: nothing
2164 */
2165
2166 static void
2167 check_variable_error_message(uschar *name)
2168 {
2169 if (Ustrncmp(name, "acl_", 4) == 0)
2170 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2171 (name[4] == 'c' || name[4] == 'm')?
2172 (isalpha(name[5])?
2173 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2174 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2175 ) :
2176 US"user-defined ACL variables must start acl_c or acl_m");
2177 }
2178
2179
2180
2181 /*
2182 Load args from sub array to globals, and call acl_check().
2183 Sub array will be corrupted on return.
2184
2185 Returns: OK access is granted by an ACCEPT verb
2186 DISCARD access is (apparently) granted by a DISCARD verb
2187 FAIL access is denied
2188 FAIL_DROP access is denied; drop the connection
2189 DEFER can't tell at the moment
2190 ERROR disaster
2191 */
2192 static int
2193 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2194 {
2195 int i;
2196 int sav_narg = acl_narg;
2197 int ret;
2198 uschar * dummy_logmsg;
2199 extern int acl_where;
2200
2201 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2202 for (i = 0; i < nsub && sub[i+1]; i++)
2203 {
2204 uschar * tmp = acl_arg[i];
2205 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2206 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2207 }
2208 acl_narg = i;
2209 while (i < nsub)
2210 {
2211 sub[i+1] = acl_arg[i];
2212 acl_arg[i++] = NULL;
2213 }
2214
2215 DEBUG(D_expand)
2216 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2217 sub[0],
2218 acl_narg>0 ? acl_arg[0] : US"<none>",
2219 acl_narg>1 ? " +more" : "");
2220
2221 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2222
2223 for (i = 0; i < nsub; i++)
2224 acl_arg[i] = sub[i+1]; /* restore old args */
2225 acl_narg = sav_narg;
2226
2227 return ret;
2228 }
2229
2230
2231
2232
2233 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2234 The given string is modified on return. Leading whitespace is skipped while
2235 looking for the opening wrap character, then the rest is scanned for the trailing
2236 (non-escaped) wrap character. A backslash in the string will act as an escape.
2237
2238 A nul is written over the trailing wrap, and a pointer to the char after the
2239 leading wrap is returned.
2240
2241 Arguments:
2242 s String for de-wrapping
2243 wrap Two-char string, the first being the opener, second the closer wrapping
2244 character
2245 Return:
2246 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2247 */
2248
2249 static uschar *
2250 dewrap(uschar * s, const uschar * wrap)
2251 {
2252 uschar * p = s;
2253 unsigned depth = 0;
2254 BOOL quotesmode = wrap[0] == wrap[1];
2255
2256 while (isspace(*p)) p++;
2257
2258 if (*p == *wrap)
2259 {
2260 s = ++p;
2261 wrap++;
2262 while (*p)
2263 {
2264 if (*p == '\\') p++;
2265 else if (!quotesmode && *p == wrap[-1]) depth++;
2266 else if (*p == *wrap)
2267 if (depth == 0)
2268 {
2269 *p = '\0';
2270 return s;
2271 }
2272 else
2273 depth--;
2274 p++;
2275 }
2276 }
2277 expand_string_message = string_sprintf("missing '%c'", *wrap);
2278 return NULL;
2279 }
2280
2281
2282 /* Pull off the leading array or object element, returning
2283 a copy in an allocated string. Update the list pointer.
2284
2285 The element may itself be an abject or array.
2286 Return NULL when the list is empty.
2287 */
2288
2289 static uschar *
2290 json_nextinlist(const uschar ** list)
2291 {
2292 unsigned array_depth = 0, object_depth = 0;
2293 const uschar * s = *list, * item;
2294
2295 while (isspace(*s)) s++;
2296
2297 for (item = s;
2298 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2299 s++)
2300 switch (*s)
2301 {
2302 case '[': array_depth++; break;
2303 case ']': array_depth--; break;
2304 case '{': object_depth++; break;
2305 case '}': object_depth--; break;
2306 }
2307 *list = *s ? s+1 : s;
2308 if (item == s) return NULL;
2309 item = string_copyn(item, s - item);
2310 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2311 return US item;
2312 }
2313
2314
2315
2316 /************************************************/
2317 /* Return offset in ops table, or -1 if not found.
2318 Repoint to just after the operator in the string.
2319
2320 Argument:
2321 ss string representation of operator
2322 opname split-out operator name
2323 */
2324
2325 static int
2326 identify_operator(const uschar ** ss, uschar ** opname)
2327 {
2328 const uschar * s = *ss;
2329 uschar name[256];
2330
2331 /* Numeric comparisons are symbolic */
2332
2333 if (*s == '=' || *s == '>' || *s == '<')
2334 {
2335 int p = 0;
2336 name[p++] = *s++;
2337 if (*s == '=')
2338 {
2339 name[p++] = '=';
2340 s++;
2341 }
2342 name[p] = 0;
2343 }
2344
2345 /* All other conditions are named */
2346
2347 else
2348 s = read_name(name, sizeof(name), s, US"_");
2349 *ss = s;
2350
2351 /* If we haven't read a name, it means some non-alpha character is first. */
2352
2353 if (!name[0])
2354 {
2355 expand_string_message = string_sprintf("condition name expected, "
2356 "but found \"%.16s\"", s);
2357 return -1;
2358 }
2359 if (opname)
2360 *opname = string_copy(name);
2361
2362 return chop_match(name, cond_table, nelem(cond_table));
2363 }
2364
2365
2366 /*************************************************
2367 * Handle MD5 or SHA-1 computation for HMAC *
2368 *************************************************/
2369
2370 /* These are some wrapping functions that enable the HMAC code to be a bit
2371 cleaner. A good compiler will spot the tail recursion.
2372
2373 Arguments:
2374 type HMAC_MD5 or HMAC_SHA1
2375 remaining are as for the cryptographic hash functions
2376
2377 Returns: nothing
2378 */
2379
2380 static void
2381 chash_start(int type, void * base)
2382 {
2383 if (type == HMAC_MD5)
2384 md5_start((md5 *)base);
2385 else
2386 sha1_start((hctx *)base);
2387 }
2388
2389 static void
2390 chash_mid(int type, void * base, const uschar * string)
2391 {
2392 if (type == HMAC_MD5)
2393 md5_mid((md5 *)base, string);
2394 else
2395 sha1_mid((hctx *)base, string);
2396 }
2397
2398 static void
2399 chash_end(int type, void * base, const uschar * string, int length,
2400 uschar * digest)
2401 {
2402 if (type == HMAC_MD5)
2403 md5_end((md5 *)base, string, length, digest);
2404 else
2405 sha1_end((hctx *)base, string, length, digest);
2406 }
2407
2408
2409
2410
2411 /* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as
2412 the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer.
2413
2414 Arguments:
2415 key encoding key, nul-terminated
2416 src data to be hashed, nul-terminated
2417 buf output buffer
2418 len size of output buffer
2419 */
2420
2421 static void
2422 hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len)
2423 {
2424 md5 md5_base;
2425 const uschar * keyptr;
2426 uschar * p;
2427 unsigned int keylen;
2428
2429 #define MD5_HASHLEN 16
2430 #define MD5_HASHBLOCKLEN 64
2431
2432 uschar keyhash[MD5_HASHLEN];
2433 uschar innerhash[MD5_HASHLEN];
2434 uschar finalhash[MD5_HASHLEN];
2435 uschar innerkey[MD5_HASHBLOCKLEN];
2436 uschar outerkey[MD5_HASHBLOCKLEN];
2437
2438 keyptr = key;
2439 keylen = Ustrlen(keyptr);
2440
2441 /* If the key is longer than the hash block length, then hash the key
2442 first */
2443
2444 if (keylen > MD5_HASHBLOCKLEN)
2445 {
2446 chash_start(HMAC_MD5, &md5_base);
2447 chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash);
2448 keyptr = keyhash;
2449 keylen = MD5_HASHLEN;
2450 }
2451
2452 /* Now make the inner and outer key values */
2453
2454 memset(innerkey, 0x36, MD5_HASHBLOCKLEN);
2455 memset(outerkey, 0x5c, MD5_HASHBLOCKLEN);
2456
2457 for (int i = 0; i < keylen; i++)
2458 {
2459 innerkey[i] ^= keyptr[i];
2460 outerkey[i] ^= keyptr[i];
2461 }
2462
2463 /* Now do the hashes */
2464
2465 chash_start(HMAC_MD5, &md5_base);
2466 chash_mid(HMAC_MD5, &md5_base, innerkey);
2467 chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash);
2468
2469 chash_start(HMAC_MD5, &md5_base);
2470 chash_mid(HMAC_MD5, &md5_base, outerkey);
2471 chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash);
2472
2473 /* Encode the final hash as a hex string, limited by output buffer size */
2474
2475 p = buf;
2476 for (int i = 0, j = len; i < MD5_HASHLEN; i++)
2477 {
2478 if (j-- <= 0) break;
2479 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2480 if (j-- <= 0) break;
2481 *p++ = hex_digits[finalhash[i] & 0x0f];
2482 }
2483 return;
2484 }
2485
2486
2487 /*************************************************
2488 * Read and evaluate a condition *
2489 *************************************************/
2490
2491 /*
2492 Arguments:
2493 s points to the start of the condition text
2494 resetok points to a BOOL which is written false if it is unsafe to
2495 free memory. Certain condition types (acl) may have side-effect
2496 allocation which must be preserved.
2497 yield points to a BOOL to hold the result of the condition test;
2498 if NULL, we are just reading through a condition that is
2499 part of an "or" combination to check syntax, or in a state
2500 where the answer isn't required
2501
2502 Returns: a pointer to the first character after the condition, or
2503 NULL after an error
2504 */
2505
2506 static const uschar *
2507 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2508 {
2509 BOOL testfor = TRUE;
2510 BOOL tempcond, combined_cond;
2511 BOOL *subcondptr;
2512 BOOL sub2_honour_dollar = TRUE;
2513 BOOL is_forany, is_json, is_jsons;
2514 int rc, cond_type, roffset;
2515 int_eximarith_t num[2];
2516 struct stat statbuf;
2517 uschar * opname;
2518 uschar name[256];
2519 const uschar *sub[10];
2520
2521 const pcre *re;
2522 const uschar *rerror;
2523
2524 for (;;)
2525 {
2526 while (isspace(*s)) s++;
2527 if (*s == '!') { testfor = !testfor; s++; } else break;
2528 }
2529
2530 switch(cond_type = identify_operator(&s, &opname))
2531 {
2532 /* def: tests for a non-empty variable, or for the existence of a header. If
2533 yield == NULL we are in a skipping state, and don't care about the answer. */
2534
2535 case ECOND_DEF:
2536 {
2537 uschar * t;
2538
2539 if (*s != ':')
2540 {
2541 expand_string_message = US"\":\" expected after \"def\"";
2542 return NULL;
2543 }
2544
2545 s = read_name(name, sizeof(name), s+1, US"_");
2546
2547 /* Test for a header's existence. If the name contains a closing brace
2548 character, this may be a user error where the terminating colon has been
2549 omitted. Set a flag to adjust a subsequent error message in this case. */
2550
2551 if ( ( *(t = name) == 'h'
2552 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2553 )
2554 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2555 )
2556 {
2557 s = read_header_name(name, sizeof(name), s);
2558 /* {-for-text-editors */
2559 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2560 if (yield) *yield =
2561 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2562 }
2563
2564 /* Test for a variable's having a non-empty value. A non-existent variable
2565 causes an expansion failure. */
2566
2567 else
2568 {
2569 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2570 {
2571 expand_string_message = name[0]
2572 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2573 : US"variable name omitted after \"def:\"";
2574 check_variable_error_message(name);
2575 return NULL;
2576 }
2577 if (yield) *yield = (t[0] != 0) == testfor;
2578 }
2579
2580 return s;
2581 }
2582
2583
2584 /* first_delivery tests for first delivery attempt */
2585
2586 case ECOND_FIRST_DELIVERY:
2587 if (yield) *yield = f.deliver_firsttime == testfor;
2588 return s;
2589
2590
2591 /* queue_running tests for any process started by a queue runner */
2592
2593 case ECOND_QUEUE_RUNNING:
2594 if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor;
2595 return s;
2596
2597
2598 /* exists: tests for file existence
2599 isip: tests for any IP address
2600 isip4: tests for an IPv4 address
2601 isip6: tests for an IPv6 address
2602 pam: does PAM authentication
2603 radius: does RADIUS authentication
2604 ldapauth: does LDAP authentication
2605 pwcheck: does Cyrus SASL pwcheck authentication
2606 */
2607
2608 case ECOND_EXISTS:
2609 case ECOND_ISIP:
2610 case ECOND_ISIP4:
2611 case ECOND_ISIP6:
2612 case ECOND_PAM:
2613 case ECOND_RADIUS:
2614 case ECOND_LDAPAUTH:
2615 case ECOND_PWCHECK:
2616
2617 while (isspace(*s)) s++;
2618 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2619
2620 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2621 if (!sub[0]) return NULL;
2622 /* {-for-text-editors */
2623 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2624
2625 if (!yield) return s; /* No need to run the test if skipping */
2626
2627 switch(cond_type)
2628 {
2629 case ECOND_EXISTS:
2630 if ((expand_forbid & RDO_EXISTS) != 0)
2631 {
2632 expand_string_message = US"File existence tests are not permitted";
2633 return NULL;
2634 }
2635 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2636 break;
2637
2638 case ECOND_ISIP:
2639 case ECOND_ISIP4:
2640 case ECOND_ISIP6:
2641 rc = string_is_ip_address(sub[0], NULL);
2642 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2643 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2644 break;
2645
2646 /* Various authentication tests - all optionally compiled */
2647
2648 case ECOND_PAM:
2649 #ifdef SUPPORT_PAM
2650 rc = auth_call_pam(sub[0], &expand_string_message);
2651 goto END_AUTH;
2652 #else
2653 goto COND_FAILED_NOT_COMPILED;
2654 #endif /* SUPPORT_PAM */
2655
2656 case ECOND_RADIUS:
2657 #ifdef RADIUS_CONFIG_FILE
2658 rc = auth_call_radius(sub[0], &expand_string_message);
2659 goto END_AUTH;
2660 #else
2661 goto COND_FAILED_NOT_COMPILED;
2662 #endif /* RADIUS_CONFIG_FILE */
2663
2664 case ECOND_LDAPAUTH:
2665 #ifdef LOOKUP_LDAP
2666 {
2667 /* Just to keep the interface the same */
2668 BOOL do_cache;
2669 int old_pool = store_pool;
2670 store_pool = POOL_SEARCH;
2671 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2672 &expand_string_message, &do_cache);
2673 store_pool = old_pool;
2674 }
2675 goto END_AUTH;
2676 #else
2677 goto COND_FAILED_NOT_COMPILED;
2678 #endif /* LOOKUP_LDAP */
2679
2680 case ECOND_PWCHECK:
2681 #ifdef CYRUS_PWCHECK_SOCKET
2682 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2683 goto END_AUTH;
2684 #else
2685 goto COND_FAILED_NOT_COMPILED;
2686 #endif /* CYRUS_PWCHECK_SOCKET */
2687
2688 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2689 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2690 END_AUTH:
2691 if (rc == ERROR || rc == DEFER) return NULL;
2692 *yield = (rc == OK) == testfor;
2693 #endif
2694 }
2695 return s;
2696
2697
2698 /* call ACL (in a conditional context). Accept true, deny false.
2699 Defer is a forced-fail. Anything set by message= goes to $value.
2700 Up to ten parameters are used; we use the braces round the name+args
2701 like the saslauthd condition does, to permit a variable number of args.
2702 See also the expansion-item version EITEM_ACL and the traditional
2703 acl modifier ACLC_ACL.
2704 Since the ACL may allocate new global variables, tell our caller to not
2705 reclaim memory.
2706 */
2707
2708 case ECOND_ACL:
2709 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2710 {
2711 uschar *sub[10];
2712 uschar *user_msg;
2713 BOOL cond = FALSE;
2714
2715 while (isspace(*s)) s++;
2716 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2717
2718 switch(read_subs(sub, nelem(sub), 1,
2719 &s, yield == NULL, TRUE, US"acl", resetok))
2720 {
2721 case 1: expand_string_message = US"too few arguments or bracketing "
2722 "error for acl";
2723 case 2:
2724 case 3: return NULL;
2725 }
2726
2727 if (yield)
2728 {
2729 int rc;
2730 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2731 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
2732 {
2733 case OK:
2734 cond = TRUE;
2735 case FAIL:
2736 lookup_value = NULL;
2737 if (user_msg)
2738 lookup_value = string_copy(user_msg);
2739 *yield = cond == testfor;
2740 break;
2741
2742 case DEFER:
2743 f.expand_string_forcedfail = TRUE;
2744 /*FALLTHROUGH*/
2745 default:
2746 expand_string_message = string_sprintf("%s from acl \"%s\"",
2747 rc_names[rc], sub[0]);
2748 return NULL;
2749 }
2750 }
2751 return s;
2752 }
2753
2754
2755 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2756
2757 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2758
2759 However, the last two are optional. That is why the whole set is enclosed
2760 in their own set of braces. */
2761
2762 case ECOND_SASLAUTHD:
2763 #ifndef CYRUS_SASLAUTHD_SOCKET
2764 goto COND_FAILED_NOT_COMPILED;
2765 #else
2766 {
2767 uschar *sub[4];
2768 while (isspace(*s)) s++;
2769 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2770 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2771 resetok))
2772 {
2773 case 1: expand_string_message = US"too few arguments or bracketing "
2774 "error for saslauthd";
2775 case 2:
2776 case 3: return NULL;
2777 }
2778 if (!sub[2]) sub[3] = NULL; /* realm if no service */
2779 if (yield)
2780 {
2781 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2782 &expand_string_message);
2783 if (rc == ERROR || rc == DEFER) return NULL;
2784 *yield = (rc == OK) == testfor;
2785 }
2786 return s;
2787 }
2788 #endif /* CYRUS_SASLAUTHD_SOCKET */
2789
2790
2791 /* symbolic operators for numeric and string comparison, and a number of
2792 other operators, all requiring two arguments.
2793
2794 crypteq: encrypts plaintext and compares against an encrypted text,
2795 using crypt(), crypt16(), MD5 or SHA-1
2796 inlist/inlisti: checks if first argument is in the list of the second
2797 match: does a regular expression match and sets up the numerical
2798 variables if it succeeds
2799 match_address: matches in an address list
2800 match_domain: matches in a domain list
2801 match_ip: matches a host list that is restricted to IP addresses
2802 match_local_part: matches in a local part list
2803 */
2804
2805 case ECOND_MATCH_ADDRESS:
2806 case ECOND_MATCH_DOMAIN:
2807 case ECOND_MATCH_IP:
2808 case ECOND_MATCH_LOCAL_PART:
2809 #ifndef EXPAND_LISTMATCH_RHS
2810 sub2_honour_dollar = FALSE;
2811 #endif
2812 /* FALLTHROUGH */
2813
2814 case ECOND_CRYPTEQ:
2815 case ECOND_INLIST:
2816 case ECOND_INLISTI:
2817 case ECOND_MATCH:
2818
2819 case ECOND_NUM_L: /* Numerical comparisons */
2820 case ECOND_NUM_LE:
2821 case ECOND_NUM_E:
2822 case ECOND_NUM_EE:
2823 case ECOND_NUM_G:
2824 case ECOND_NUM_GE:
2825
2826 case ECOND_STR_LT: /* String comparisons */
2827 case ECOND_STR_LTI:
2828 case ECOND_STR_LE:
2829 case ECOND_STR_LEI:
2830 case ECOND_STR_EQ:
2831 case ECOND_STR_EQI:
2832 case ECOND_STR_GT:
2833 case ECOND_STR_GTI:
2834 case ECOND_STR_GE:
2835 case ECOND_STR_GEI:
2836
2837 for (int i = 0; i < 2; i++)
2838 {
2839 /* Sometimes, we don't expand substrings; too many insecure configurations
2840 created using match_address{}{} and friends, where the second param
2841 includes information from untrustworthy sources. */
2842 BOOL honour_dollar = TRUE;
2843 if ((i > 0) && !sub2_honour_dollar)
2844 honour_dollar = FALSE;
2845
2846 while (isspace(*s)) s++;
2847 if (*s != '{')
2848 {
2849 if (i == 0) goto COND_FAILED_CURLY_START;
2850 expand_string_message = string_sprintf("missing 2nd string in {} "
2851 "after \"%s\"", opname);
2852 return NULL;
2853 }
2854 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2855 honour_dollar, resetok)))
2856 return NULL;
2857 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2858 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2859 " for security reasons\n");
2860 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2861
2862 /* Convert to numerical if required; we know that the names of all the
2863 conditions that compare numbers do not start with a letter. This just saves
2864 checking for them individually. */
2865
2866 if (!isalpha(opname[0]) && yield)
2867 if (sub[i][0] == 0)
2868 {
2869 num[i] = 0;
2870 DEBUG(D_expand)
2871 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2872 }
2873 else
2874 {
2875 num[i] = expanded_string_integer(sub[i], FALSE);
2876 if (expand_string_message) return NULL;
2877 }
2878 }
2879
2880 /* Result not required */
2881
2882 if (!yield) return s;
2883
2884 /* Do an appropriate comparison */
2885
2886 switch(cond_type)
2887 {
2888 case ECOND_NUM_E:
2889 case ECOND_NUM_EE:
2890 tempcond = (num[0] == num[1]);
2891 break;
2892
2893 case ECOND_NUM_G:
2894 tempcond = (num[0] > num[1]);
2895 break;
2896
2897 case ECOND_NUM_GE:
2898 tempcond = (num[0] >= num[1]);
2899 break;
2900
2901 case ECOND_NUM_L:
2902 tempcond = (num[0] < num[1]);
2903 break;
2904
2905 case ECOND_NUM_LE:
2906 tempcond = (num[0] <= num[1]);
2907 break;
2908
2909 case ECOND_STR_LT:
2910 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2911 break;
2912
2913 case ECOND_STR_LTI:
2914 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2915 break;
2916
2917 case ECOND_STR_LE:
2918 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2919 break;
2920
2921 case ECOND_STR_LEI:
2922 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2923 break;
2924
2925 case ECOND_STR_EQ:
2926 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2927 break;
2928
2929 case ECOND_STR_EQI:
2930 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2931 break;
2932
2933 case ECOND_STR_GT:
2934 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2935 break;
2936
2937 case ECOND_STR_GTI:
2938 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2939 break;
2940
2941 case ECOND_STR_GE:
2942 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2943 break;
2944
2945 case ECOND_STR_GEI:
2946 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2947 break;
2948
2949 case ECOND_MATCH: /* Regular expression match */
2950 if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
2951 &roffset, NULL)))
2952 {
2953 expand_string_message = string_sprintf("regular expression error in "
2954 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2955 return NULL;
2956 }
2957 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2958 break;
2959
2960 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2961 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2962 goto MATCHED_SOMETHING;
2963
2964 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2965 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2966 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2967 goto MATCHED_SOMETHING;
2968
2969 case ECOND_MATCH_IP: /* Match IP address in a host list */
2970 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2971 {
2972 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2973 sub[0]);
2974 return NULL;
2975 }
2976 else
2977 {
2978 unsigned int *nullcache = NULL;
2979 check_host_block cb;
2980
2981 cb.host_name = US"";
2982 cb.host_address = sub[0];
2983
2984 /* If the host address starts off ::ffff: it is an IPv6 address in
2985 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2986 addresses. */
2987
2988 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2989 cb.host_address + 7 : cb.host_address;
2990
2991 rc = match_check_list(
2992 &sub[1], /* the list */
2993 0, /* separator character */
2994 &hostlist_anchor, /* anchor pointer */
2995 &nullcache, /* cache pointer */
2996 check_host, /* function for testing */
2997 &cb, /* argument for function */
2998 MCL_HOST, /* type of check */
2999 sub[0], /* text for debugging */
3000 NULL); /* where to pass back data */
3001 }
3002 goto MATCHED_SOMETHING;
3003
3004 case ECOND_MATCH_LOCAL_PART:
3005 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
3006 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
3007 /* Fall through */
3008 /* VVVVVVVVVVVV */
3009 MATCHED_SOMETHING:
3010 switch(rc)
3011 {
3012 case OK:
3013 tempcond = TRUE;
3014 break;
3015
3016 case FAIL:
3017 tempcond = FALSE;
3018 break;
3019
3020 case DEFER:
3021 expand_string_message = string_sprintf("unable to complete match "
3022 "against \"%s\": %s", sub[1], search_error_message);
3023 return NULL;
3024 }
3025
3026 break;
3027
3028 /* Various "encrypted" comparisons. If the second string starts with
3029 "{" then an encryption type is given. Default to crypt() or crypt16()
3030 (build-time choice). */
3031 /* }-for-text-editors */
3032
3033 case ECOND_CRYPTEQ:
3034 #ifndef SUPPORT_CRYPTEQ
3035 goto COND_FAILED_NOT_COMPILED;
3036 #else
3037 if (strncmpic(sub[1], US"{md5}", 5) == 0)
3038 {
3039 int sublen = Ustrlen(sub[1]+5);
3040 md5 base;
3041 uschar digest[16];
3042
3043 md5_start(&base);
3044 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
3045
3046 /* If the length that we are comparing against is 24, the MD5 digest
3047 is expressed as a base64 string. This is the way LDAP does it. However,
3048 some other software uses a straightforward hex representation. We assume
3049 this if the length is 32. Other lengths fail. */
3050
3051 if (sublen == 24)
3052 {
3053 uschar *coded = b64encode(CUS digest, 16);
3054 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
3055 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3056 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
3057 }
3058 else if (sublen == 32)
3059 {
3060 uschar coded[36];
3061 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3062 coded[32] = 0;
3063 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
3064 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3065 tempcond = (strcmpic(coded, sub[1]+5) == 0);
3066 }
3067 else
3068 {
3069 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
3070 "fail\n crypted=%s\n", sub[1]+5);
3071 tempcond = FALSE;
3072 }
3073 }
3074
3075 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
3076 {
3077 int sublen = Ustrlen(sub[1]+6);
3078 hctx h;
3079 uschar digest[20];
3080
3081 sha1_start(&h);
3082 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
3083
3084 /* If the length that we are comparing against is 28, assume the SHA1
3085 digest is expressed as a base64 string. If the length is 40, assume a
3086 straightforward hex representation. Other lengths fail. */
3087
3088 if (sublen == 28)
3089 {
3090 uschar *coded = b64encode(CUS digest, 20);
3091 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
3092 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3093 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
3094 }
3095 else if (sublen == 40)
3096 {
3097 uschar coded[44];
3098 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3099 coded[40] = 0;
3100 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
3101 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3102 tempcond = (strcmpic(coded, sub[1]+6) == 0);
3103 }
3104 else
3105 {
3106 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
3107 "fail\n crypted=%s\n", sub[1]+6);
3108 tempcond = FALSE;
3109 }
3110 }
3111
3112 else /* {crypt} or {crypt16} and non-{ at start */
3113 /* }-for-text-editors */
3114 {
3115 int which = 0;
3116 uschar *coded;
3117
3118 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
3119 {
3120 sub[1] += 7;
3121 which = 1;
3122 }
3123 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
3124 {
3125 sub[1] += 9;
3126 which = 2;
3127 }
3128 else if (sub[1][0] == '{') /* }-for-text-editors */
3129 {
3130 expand_string_message = string_sprintf("unknown encryption mechanism "
3131 "in \"%s\"", sub[1]);
3132 return NULL;
3133 }
3134
3135 switch(which)
3136 {
3137 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
3138 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
3139 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
3140 }
3141
3142 #define STR(s) # s
3143 #define XSTR(s) STR(s)
3144 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
3145 " subject=%s\n crypted=%s\n",
3146 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
3147 coded, sub[1]);
3148 #undef STR
3149 #undef XSTR
3150
3151 /* If the encrypted string contains fewer than two characters (for the
3152 salt), force failure. Otherwise we get false positives: with an empty
3153 string the yield of crypt() is an empty string! */
3154
3155 if (coded)
3156 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
3157 else if (errno == EINVAL)
3158 tempcond = FALSE;
3159 else
3160 {
3161 expand_string_message = string_sprintf("crypt error: %s\n",
3162 US strerror(errno));
3163 return NULL;
3164 }
3165 }
3166 break;
3167 #endif /* SUPPORT_CRYPTEQ */
3168
3169 case ECOND_INLIST:
3170 case ECOND_INLISTI:
3171 {
3172 const uschar * list = sub[1];
3173 int sep = 0;
3174 uschar *save_iterate_item = iterate_item;
3175 int (*compare)(const uschar *, const uschar *);
3176
3177 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
3178
3179 tempcond = FALSE;
3180 compare = cond_type == ECOND_INLISTI
3181 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
3182
3183 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
3184 {
3185 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
3186 if (compare(sub[0], iterate_item) == 0)
3187 {
3188 tempcond = TRUE;
3189 break;
3190 }
3191 }
3192 iterate_item = save_iterate_item;
3193 }
3194
3195 } /* Switch for comparison conditions */
3196
3197 *yield = tempcond == testfor;
3198 return s; /* End of comparison conditions */
3199
3200
3201 /* and/or: computes logical and/or of several conditions */
3202
3203 case ECOND_AND:
3204 case ECOND_OR:
3205 subcondptr = (yield == NULL) ? NULL : &tempcond;
3206 combined_cond = (cond_type == ECOND_AND);
3207
3208 while (isspace(*s)) s++;
3209 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3210
3211 for (;;)
3212 {
3213 while (isspace(*s)) s++;
3214 /* {-for-text-editors */
3215 if (*s == '}') break;
3216 if (*s != '{') /* }-for-text-editors */
3217 {
3218 expand_string_message = string_sprintf("each subcondition "
3219 "inside an \"%s{...}\" condition must be in its own {}", opname);
3220 return NULL;
3221 }
3222
3223 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3224 {
3225 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3226 expand_string_message, opname);
3227 return NULL;
3228 }
3229 while (isspace(*s)) s++;
3230
3231 /* {-for-text-editors */
3232 if (*s++ != '}')
3233 {
3234 /* {-for-text-editors */
3235 expand_string_message = string_sprintf("missing } at end of condition "
3236 "inside \"%s\" group", opname);
3237 return NULL;
3238 }
3239
3240 if (yield)
3241 if (cond_type == ECOND_AND)
3242 {
3243 combined_cond &= tempcond;
3244 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3245 } /* evaluate any more */
3246 else
3247 {
3248 combined_cond |= tempcond;
3249 if (combined_cond) subcondptr = NULL; /* once true, don't */
3250 } /* evaluate any more */
3251 }
3252
3253 if (yield) *yield = (combined_cond == testfor);
3254 return ++s;
3255
3256
3257 /* forall/forany: iterates a condition with different values */
3258
3259 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3260 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3261 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3262 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3263 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3264 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3265
3266 FORMANY:
3267 {
3268 const uschar * list;
3269 int sep = 0;
3270 uschar *save_iterate_item = iterate_item;
3271
3272 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
3273
3274 while (isspace(*s)) s++;
3275 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3276 if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok)))
3277 return NULL;
3278 /* {-for-text-editors */
3279 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3280
3281 while (isspace(*s)) s++;
3282 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3283
3284 sub[1] = s;
3285
3286 /* Call eval_condition once, with result discarded (as if scanning a
3287 "false" part). This allows us to find the end of the condition, because if
3288 the list it empty, we won't actually evaluate the condition for real. */
3289
3290 if (!(s = eval_condition(sub[1], resetok, NULL)))
3291 {
3292 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3293 expand_string_message, opname);
3294 return NULL;
3295 }
3296 while (isspace(*s)) s++;
3297
3298 /* {-for-text-editors */
3299 if (*s++ != '}')
3300 {
3301 /* {-for-text-editors */
3302 expand_string_message = string_sprintf("missing } at end of condition "
3303 "inside \"%s\"", opname);
3304 return NULL;
3305 }
3306
3307 if (yield) *yield = !testfor;
3308 list = sub[0];
3309 if (is_json) list = dewrap(string_copy(list), US"[]");
3310 while ((iterate_item = is_json
3311 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3312 {
3313 if (is_jsons)
3314 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3315 {
3316 expand_string_message =
3317 string_sprintf("%s wrapping string result for extract jsons",
3318 expand_string_message);
3319 iterate_item = save_iterate_item;
3320 return NULL;
3321 }
3322
3323 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", opname, iterate_item);
3324 if (!eval_condition(sub[1], resetok, &tempcond))
3325 {
3326 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3327 expand_string_message, opname);
3328 iterate_item = save_iterate_item;
3329 return NULL;
3330 }
3331 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
3332 tempcond? "true":"false");
3333
3334 if (yield) *yield = (tempcond == testfor);
3335 if (tempcond == is_forany) break;
3336 }
3337
3338 iterate_item = save_iterate_item;
3339 return s;
3340 }
3341
3342
3343 /* The bool{} expansion condition maps a string to boolean.
3344 The values supported should match those supported by the ACL condition
3345 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3346 of true/false. Note that Router "condition" rules have a different
3347 interpretation, where general data can be used and only a few values
3348 map to FALSE.
3349 Note that readconf.c boolean matching, for boolean configuration options,
3350 only matches true/yes/false/no.
3351 The bool_lax{} condition matches the Router logic, which is much more
3352 liberal. */
3353 case ECOND_BOOL:
3354 case ECOND_BOOL_LAX:
3355 {
3356 uschar *sub_arg[1];
3357 uschar *t, *t2;
3358 uschar *ourname;
3359 size_t len;
3360 BOOL boolvalue = FALSE;
3361 while (isspace(*s)) s++;
3362 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3363 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3364 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3365 {
3366 case 1: expand_string_message = string_sprintf(
3367 "too few arguments or bracketing error for %s",
3368 ourname);
3369 /*FALLTHROUGH*/
3370 case 2:
3371 case 3: return NULL;
3372 }
3373 t = sub_arg[0];
3374 while (isspace(*t)) t++;
3375 len = Ustrlen(t);
3376 if (len)
3377 {
3378 /* trailing whitespace: seems like a good idea to ignore it too */
3379 t2 = t + len - 1;
3380 while (isspace(*t2)) t2--;
3381 if (t2 != (t + len))
3382 {
3383 *++t2 = '\0';
3384 len = t2 - t;
3385 }
3386 }
3387 DEBUG(D_expand)
3388 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3389 /* logic for the lax case from expand_check_condition(), which also does
3390 expands, and the logic is both short and stable enough that there should
3391 be no maintenance burden from replicating it. */
3392 if (len == 0)
3393 boolvalue = FALSE;
3394 else if (*t == '-'
3395 ? Ustrspn(t+1, "0123456789") == len-1
3396 : Ustrspn(t, "0123456789") == len)
3397 {
3398 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3399 /* expand_check_condition only does a literal string "0" check */
3400 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3401 boolvalue = TRUE;
3402 }
3403 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3404 boolvalue = TRUE;
3405 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3406 boolvalue = FALSE;
3407 else if (cond_type == ECOND_BOOL_LAX)
3408 boolvalue = TRUE;
3409 else
3410 {
3411 expand_string_message = string_sprintf("unrecognised boolean "
3412 "value \"%s\"", t);
3413 return NULL;
3414 }
3415 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
3416 boolvalue? "true":"false");
3417 if (yield) *yield = (boolvalue == testfor);
3418 return s;
3419 }
3420
3421 #ifdef EXPERIMENTAL_SRS_NATIVE
3422 case ECOND_INBOUND_SRS:
3423 /* ${if inbound_srs {local_part}{secret} {yes}{no}} */
3424 {
3425 uschar * sub[2];
3426 const pcre * re;
3427 int ovec[3*(4+1)];
3428 int n;
3429 uschar cksum[4];
3430 BOOL boolvalue = FALSE;
3431
3432 switch(read_subs(sub, 2, 2, CUSS &s, yield == NULL, FALSE, US"inbound_srs", resetok))
3433 {
3434 case 1: expand_string_message = US"too few arguments or bracketing "
3435 "error for inbound_srs";
3436 case 2:
3437 case 3: return NULL;
3438 }
3439
3440 /* Match the given local_part against the SRS-encoded pattern */
3441
3442 re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$",
3443 TRUE, FALSE);
3444 if (pcre_exec(re, NULL, CS sub[0], Ustrlen(sub[0]), 0, PCRE_EOPT,
3445 ovec, nelem(ovec)) < 0)
3446 {
3447 DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n");
3448 goto srs_result;
3449 }
3450
3451 /* Side-effect: record the decoded recipient */
3452
3453 srs_recipient = string_sprintf("%.*S@%.*S", /* lowercased */
3454 ovec[9]-ovec[8], sub[0] + ovec[8], /* substring 4 */
3455 ovec[7]-ovec[6], sub[0] + ovec[6]); /* substring 3 */
3456
3457 /* If a zero-length secret was given, we're done. Otherwise carry on
3458 and validate the given SRS local_part againt our secret. */
3459
3460 if (!*sub[1])
3461 {
3462 boolvalue = TRUE;
3463 goto srs_result;
3464 }
3465
3466 /* check the timestamp */
3467 {
3468 struct timeval now;
3469 uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */
3470 long d;
3471
3472 gettimeofday(&now, NULL);
3473 now.tv_sec /= 86400; /* days since epoch */
3474
3475 /* Decode substring 2 from base32 to a number */
3476
3477 for (d = 0, n = ovec[5]-ovec[4]; n; n--)
3478 {
3479 uschar * t = Ustrchr(base32_chars, *ss++);
3480 d = d * 32 + (t - base32_chars);
3481 }
3482
3483 if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */
3484 {
3485 DEBUG(D_expand) debug_printf("SRS too old\n");
3486 goto srs_result;
3487 }
3488 }
3489
3490 /* check length of substring 1, the offered checksum */
3491
3492 if (ovec[3]-ovec[2] != 4)
3493 {
3494 DEBUG(D_expand) debug_printf("SRS checksum wrong size\n");
3495 goto srs_result;
3496 }
3497
3498 /* Hash the address with our secret, and compare that computed checksum
3499 with the one extracted from the arg */
3500
3501 hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum));
3502 if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0)
3503 {
3504 DEBUG(D_expand) debug_printf("SRS checksum mismatch\n");
3505 goto srs_result;
3506 }
3507 boolvalue = TRUE;
3508
3509 srs_result:
3510 if (yield) *yield = (boolvalue == testfor);
3511 return s;
3512 }
3513 #endif /*EXPERIMENTAL_SRS_NATIVE*/
3514
3515 /* Unknown condition */
3516
3517 default:
3518 if (!expand_string_message || !*expand_string_message)
3519 expand_string_message = string_sprintf("unknown condition \"%s\"", opname);
3520 return NULL;
3521 } /* End switch on condition type */
3522
3523 /* Missing braces at start and end of data */
3524
3525 COND_FAILED_CURLY_START:
3526 expand_string_message = string_sprintf("missing { after \"%s\"", opname);
3527 return NULL;
3528
3529 COND_FAILED_CURLY_END:
3530 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3531 opname);
3532 return NULL;
3533
3534 /* A condition requires code that is not compiled */
3535
3536 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3537 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3538 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3539 COND_FAILED_NOT_COMPILED:
3540 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3541 opname);
3542 return NULL;
3543 #endif
3544 }
3545
3546
3547
3548
3549 /*************************************************
3550 * Save numerical variables *
3551 *************************************************/
3552
3553 /* This function is called from items such as "if" that want to preserve and
3554 restore the numbered variables.
3555
3556 Arguments:
3557 save_expand_string points to an array of pointers to set
3558 save_expand_nlength points to an array of ints for the lengths
3559
3560 Returns: the value of expand max to save
3561 */
3562
3563 static int
3564 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3565 {
3566 for (int i = 0; i <= expand_nmax; i++)
3567 {
3568 save_expand_nstring[i] = expand_nstring[i];
3569 save_expand_nlength[i] = expand_nlength[i];
3570 }
3571 return expand_nmax;
3572 }
3573
3574
3575
3576 /*************************************************
3577 * Restore numerical variables *
3578 *************************************************/
3579
3580 /* This function restored saved values of numerical strings.
3581
3582 Arguments:
3583 save_expand_nmax the number of strings to restore
3584 save_expand_string points to an array of pointers
3585 save_expand_nlength points to an array of ints
3586
3587 Returns: nothing
3588 */
3589
3590 static void
3591 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3592 int *save_expand_nlength)
3593 {
3594 expand_nmax = save_expand_nmax;
3595 for (int i = 0; i <= expand_nmax; i++)
3596 {
3597 expand_nstring[i] = save_expand_nstring[i];
3598 expand_nlength[i] = save_expand_nlength[i];
3599 }
3600 }
3601
3602
3603
3604
3605
3606 /*************************************************
3607 * Handle yes/no substrings *
3608 *************************************************/
3609
3610 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3611 alternative substrings that depend on whether or not the condition was true,
3612 or the lookup or extraction succeeded. The substrings always have to be
3613 expanded, to check their syntax, but "skipping" is set when the result is not
3614 needed - this avoids unnecessary nested lookups.
3615
3616 Arguments:
3617 skipping TRUE if we were skipping when this item was reached
3618 yes TRUE if the first string is to be used, else use the second
3619 save_lookup a value to put back into lookup_value before the 2nd expansion
3620 sptr points to the input string pointer
3621 yieldptr points to the output growable-string pointer
3622 type "lookup", "if", "extract", "run", "env", "listextract" or
3623 "certextract" for error message
3624 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3625 the store.
3626
3627 Returns: 0 OK; lookup_value has been reset to save_lookup
3628 1 expansion failed
3629 2 expansion failed because of bracketing error
3630 */
3631
3632 static int
3633 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3634 gstring ** yieldptr, uschar *type, BOOL *resetok)
3635 {
3636 int rc = 0;
3637 const uschar *s = *sptr; /* Local value */
3638 uschar *sub1, *sub2;
3639 const uschar * errwhere;
3640
3641 /* If there are no following strings, we substitute the contents of $value for
3642 lookups and for extractions in the success case. For the ${if item, the string
3643 "true" is substituted. In the fail case, nothing is substituted for all three
3644 items. */
3645
3646 while (isspace(*s)) s++;
3647 if (*s == '}')
3648 {
3649 if (type[0] == 'i')
3650 {
3651 if (yes && !skipping)
3652 *yieldptr = string_catn(*yieldptr, US"true", 4);
3653 }
3654 else
3655 {
3656 if (yes && lookup_value && !skipping)
3657 *yieldptr = string_cat(*yieldptr, lookup_value);
3658 lookup_value = save_lookup;
3659 }
3660 s++;
3661 goto RETURN;
3662 }
3663
3664 /* The first following string must be braced. */
3665
3666 if (*s++ != '{')
3667 {
3668 errwhere = US"'yes' part did not start with '{'";
3669 goto FAILED_CURLY;
3670 }
3671
3672 /* Expand the first substring. Forced failures are noticed only if we actually
3673 want this string. Set skipping in the call in the fail case (this will always
3674 be the case if we were already skipping). */
3675
3676 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
3677 if (sub1 == NULL && (yes || !f.expand_string_forcedfail)) goto FAILED;
3678 f.expand_string_forcedfail = FALSE;
3679 if (*s++ != '}')
3680 {
3681 errwhere = US"'yes' part did not end with '}'";
3682 goto FAILED_CURLY;
3683 }
3684
3685 /* If we want the first string, add it to the output */
3686
3687 if (yes)
3688 *yieldptr = string_cat(*yieldptr, sub1);
3689
3690 /* If this is called from a lookup/env or a (cert)extract, we want to restore
3691 $value to what it was at the start of the item, so that it has this value
3692 during the second string expansion. For the call from "if" or "run" to this
3693 function, save_lookup is set to lookup_value, so that this statement does
3694 nothing. */
3695
3696 lookup_value = save_lookup;
3697
3698 /* There now follows either another substring, or "fail", or nothing. This
3699 time, forced failures are noticed only if we want the second string. We must
3700 set skipping in the nested call if we don't want this string, or if we were
3701 already skipping. */
3702
3703 while (isspace(*s)) s++;
3704 if (*s == '{')
3705 {
3706 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
3707 if (sub2 == NULL && (!yes || !f.expand_string_forcedfail)) goto FAILED;
3708 f.expand_string_forcedfail = FALSE;
3709 if (*s++ != '}')
3710 {
3711 errwhere = US"'no' part did not start with '{'";
3712 goto FAILED_CURLY;
3713 }
3714
3715 /* If we want the second string, add it to the output */
3716
3717 if (!yes)
3718 *yieldptr = string_cat(*yieldptr, sub2);
3719 }
3720
3721 /* If there is no second string, but the word "fail" is present when the use of
3722 the second string is wanted, set a flag indicating it was a forced failure
3723 rather than a syntactic error. Swallow the terminating } in case this is nested
3724 inside another lookup or if or extract. */
3725
3726 else if (*s != '}')
3727 {
3728 uschar name[256];
3729 /* deconst cast ok here as source is s anyway */
3730 s = US read_name(name, sizeof(name), s, US"_");
3731 if (Ustrcmp(name, "fail") == 0)
3732 {
3733 if (!yes && !skipping)
3734 {
3735 while (isspace(*s)) s++;
3736 if (*s++ != '}')
3737 {
3738 errwhere = US"did not close with '}' after forcedfail";
3739 goto FAILED_CURLY;
3740 }
3741 expand_string_message =
3742 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3743 f.expand_string_forcedfail = TRUE;
3744 goto FAILED;
3745 }
3746 }
3747 else
3748 {
3749 expand_string_message =
3750 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3751 goto FAILED;
3752 }
3753 }
3754
3755 /* All we have to do now is to check on the final closing brace. */
3756
3757 while (isspace(*s)) s++;
3758 if (*s++ != '}')
3759 {
3760 errwhere = US"did not close with '}'";
3761 goto FAILED_CURLY;
3762 }
3763
3764
3765 RETURN:
3766 /* Update the input pointer value before returning */
3767 *sptr = s;
3768 return rc;
3769
3770 FAILED_CURLY:
3771 /* Get here if there is a bracketing failure */
3772 expand_string_message = string_sprintf(
3773 "curly-bracket problem in conditional yes/no parsing: %s\n"
3774 " remaining string is '%s'", errwhere, --s);
3775 rc = 2;
3776 goto RETURN;
3777
3778 FAILED:
3779 /* Get here for other failures */
3780 rc = 1;
3781 goto RETURN;
3782 }
3783
3784
3785
3786
3787 /********************************************************
3788 * prvs: Get last three digits of days since Jan 1, 1970 *
3789 ********************************************************/
3790
3791 /* This is needed to implement the "prvs" BATV reverse
3792 path signing scheme
3793
3794 Argument: integer "days" offset to add or substract to
3795 or from the current number of days.
3796
3797 Returns: pointer to string containing the last three
3798 digits of the number of days since Jan 1, 1970,
3799 modified by the offset argument, NULL if there
3800 was an error in the conversion.
3801
3802 */
3803
3804 static uschar *
3805 prvs_daystamp(int day_offset)
3806 {
3807 uschar *days = store_get(32, FALSE); /* Need at least 24 for cases */
3808 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3809 (time(NULL) + day_offset*86400)/86400);
3810 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3811 }
3812
3813
3814
3815 /********************************************************
3816 * prvs: perform HMAC-SHA1 computation of prvs bits *
3817 ********************************************************/
3818
3819 /* This is needed to implement the "prvs" BATV reverse
3820 path signing scheme
3821
3822 Arguments:
3823 address RFC2821 Address to use
3824 key The key to use (must be less than 64 characters
3825 in size)
3826 key_num Single-digit key number to use. Defaults to
3827 '0' when NULL.
3828
3829 Returns: pointer to string containing the first three
3830 bytes of the final hash in hex format, NULL if
3831 there was an error in the process.
3832 */
3833
3834 static uschar *
3835 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3836 {
3837 gstring * hash_source;
3838 uschar * p;
3839 hctx h;
3840 uschar innerhash[20];
3841 uschar finalhash[20];
3842 uschar innerkey[64];
3843 uschar outerkey[64];
3844 uschar *finalhash_hex;
3845
3846 if (!key_num)
3847 key_num = US"0";
3848
3849 if (Ustrlen(key) > 64)
3850 return NULL;
3851
3852 hash_source = string_catn(NULL, key_num, 1);
3853 hash_source = string_catn(hash_source, daystamp, 3);
3854 hash_source = string_cat(hash_source, address);
3855 (void) string_from_gstring(hash_source);
3856
3857 DEBUG(D_expand)
3858 debug_printf_indent("prvs: hash source is '%s'\n", hash_source->s);
3859
3860 memset(innerkey, 0x36, 64);
3861 memset(outerkey, 0x5c, 64);
3862
3863 for (int i = 0; i < Ustrlen(key); i++)
3864 {
3865 innerkey[i] ^= key[i];
3866 outerkey[i] ^= key[i];
3867 }
3868
3869 chash_start(HMAC_SHA1, &h);
3870 chash_mid(HMAC_SHA1, &h, innerkey);
3871 chash_end(HMAC_SHA1, &h, hash_source->s, hash_source->ptr, innerhash);
3872
3873 chash_start(HMAC_SHA1, &h);
3874 chash_mid(HMAC_SHA1, &h, outerkey);
3875 chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash);
3876
3877 /* Hashing is deemed sufficient to de-taint any input data */
3878
3879 p = finalhash_hex = store_get(40, FALSE);
3880 for (int i = 0; i < 3; i++)
3881 {
3882 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3883 *p++ = hex_digits[finalhash[i] & 0x0f];
3884 }
3885 *p = '\0';
3886
3887 return finalhash_hex;
3888 }
3889
3890
3891
3892
3893 /*************************************************
3894 * Join a file onto the output string *
3895 *************************************************/
3896
3897 /* This is used for readfile/readsock and after a run expansion.
3898 It joins the contents of a file onto the output string, globally replacing
3899 newlines with a given string (optionally).
3900
3901 Arguments:
3902 f the FILE
3903 yield pointer to the expandable string struct
3904 eol newline replacement string, or NULL
3905
3906 Returns: new pointer for expandable string, terminated if non-null
3907 */
3908
3909 static gstring *
3910 cat_file(FILE *f, gstring *yield, uschar *eol)
3911 {
3912 uschar buffer[1024];
3913
3914 while (Ufgets(buffer, sizeof(buffer), f))
3915 {
3916 int len = Ustrlen(buffer);
3917 if (eol && buffer[len-1] == '\n') len--;
3918 yield = string_catn(yield, buffer, len);
3919 if (eol && buffer[len])
3920 yield = string_cat(yield, eol);
3921 }
3922
3923 (void) string_from_gstring(yield);
3924 return yield;