tidying: CCSS macro
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 #ifdef EXPERIMENTAL_SRS_NATIVE
133 US"srs_encode",
134 #endif
135 US"substr",
136 US"tr" };
137
138 enum {
139 EITEM_ACL,
140 EITEM_AUTHRESULTS,
141 EITEM_CERTEXTRACT,
142 EITEM_DLFUNC,
143 EITEM_ENV,
144 EITEM_EXTRACT,
145 EITEM_FILTER,
146 EITEM_HASH,
147 EITEM_HMAC,
148 EITEM_IF,
149 #ifdef SUPPORT_I18N
150 EITEM_IMAPFOLDER,
151 #endif
152 EITEM_LENGTH,
153 EITEM_LISTEXTRACT,
154 EITEM_LOOKUP,
155 EITEM_MAP,
156 EITEM_NHASH,
157 EITEM_PERL,
158 EITEM_PRVS,
159 EITEM_PRVSCHECK,
160 EITEM_READFILE,
161 EITEM_READSOCK,
162 EITEM_REDUCE,
163 EITEM_RUN,
164 EITEM_SG,
165 EITEM_SORT,
166 #ifdef EXPERIMENTAL_SRS_NATIVE
167 EITEM_SRS_ENCODE,
168 #endif
169 EITEM_SUBSTR,
170 EITEM_TR };
171
172 /* Tables of operator names, and corresponding switch numbers. The names must be
173 in alphabetical order. There are two tables, because underscore is used in some
174 cases to introduce arguments, whereas for other it is part of the name. This is
175 an historical mis-design. */
176
177 static uschar *op_table_underscore[] = {
178 US"from_utf8",
179 US"local_part",
180 US"quote_local_part",
181 US"reverse_ip",
182 US"time_eval",
183 US"time_interval"
184 #ifdef SUPPORT_I18N
185 ,US"utf8_domain_from_alabel",
186 US"utf8_domain_to_alabel",
187 US"utf8_localpart_from_alabel",
188 US"utf8_localpart_to_alabel"
189 #endif
190 };
191
192 enum {
193 EOP_FROM_UTF8,
194 EOP_LOCAL_PART,
195 EOP_QUOTE_LOCAL_PART,
196 EOP_REVERSE_IP,
197 EOP_TIME_EVAL,
198 EOP_TIME_INTERVAL
199 #ifdef SUPPORT_I18N
200 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
201 EOP_UTF8_DOMAIN_TO_ALABEL,
202 EOP_UTF8_LOCALPART_FROM_ALABEL,
203 EOP_UTF8_LOCALPART_TO_ALABEL
204 #endif
205 };
206
207 static uschar *op_table_main[] = {
208 US"address",
209 US"addresses",
210 US"base32",
211 US"base32d",
212 US"base62",
213 US"base62d",
214 US"base64",
215 US"base64d",
216 US"domain",
217 US"escape",
218 US"escape8bit",
219 US"eval",
220 US"eval10",
221 US"expand",
222 US"h",
223 US"hash",
224 US"hex2b64",
225 US"hexquote",
226 US"ipv6denorm",
227 US"ipv6norm",
228 US"l",
229 US"lc",
230 US"length",
231 US"listcount",
232 US"listnamed",
233 US"mask",
234 US"md5",
235 US"nh",
236 US"nhash",
237 US"quote",
238 US"randint",
239 US"rfc2047",
240 US"rfc2047d",
241 US"rxquote",
242 US"s",
243 US"sha1",
244 US"sha2",
245 US"sha256",
246 US"sha3",
247 US"stat",
248 US"str2b64",
249 US"strlen",
250 US"substr",
251 US"uc",
252 US"utf8clean" };
253
254 enum {
255 EOP_ADDRESS = nelem(op_table_underscore),
256 EOP_ADDRESSES,
257 EOP_BASE32,
258 EOP_BASE32D,
259 EOP_BASE62,
260 EOP_BASE62D,
261 EOP_BASE64,
262 EOP_BASE64D,
263 EOP_DOMAIN,
264 EOP_ESCAPE,
265 EOP_ESCAPE8BIT,
266 EOP_EVAL,
267 EOP_EVAL10,
268 EOP_EXPAND,
269 EOP_H,
270 EOP_HASH,
271 EOP_HEX2B64,
272 EOP_HEXQUOTE,
273 EOP_IPV6DENORM,
274 EOP_IPV6NORM,
275 EOP_L,
276 EOP_LC,
277 EOP_LENGTH,
278 EOP_LISTCOUNT,
279 EOP_LISTNAMED,
280 EOP_MASK,
281 EOP_MD5,
282 EOP_NH,
283 EOP_NHASH,
284 EOP_QUOTE,
285 EOP_RANDINT,
286 EOP_RFC2047,
287 EOP_RFC2047D,
288 EOP_RXQUOTE,
289 EOP_S,
290 EOP_SHA1,
291 EOP_SHA2,
292 EOP_SHA256,
293 EOP_SHA3,
294 EOP_STAT,
295 EOP_STR2B64,
296 EOP_STRLEN,
297 EOP_SUBSTR,
298 EOP_UC,
299 EOP_UTF8CLEAN };
300
301
302 /* Table of condition names, and corresponding switch numbers. The names must
303 be in alphabetical order. */
304
305 static uschar *cond_table[] = {
306 US"<",
307 US"<=",
308 US"=",
309 US"==", /* Backward compatibility */
310 US">",
311 US">=",
312 US"acl",
313 US"and",
314 US"bool",
315 US"bool_lax",
316 US"crypteq",
317 US"def",
318 US"eq",
319 US"eqi",
320 US"exists",
321 US"first_delivery",
322 US"forall",
323 US"forall_json",
324 US"forall_jsons",
325 US"forany",
326 US"forany_json",
327 US"forany_jsons",
328 US"ge",
329 US"gei",
330 US"gt",
331 US"gti",
332 #ifdef EXPERIMENTAL_SRS_NATIVE
333 US"inbound_srs",
334 #endif
335 US"inlist",
336 US"inlisti",
337 US"isip",
338 US"isip4",
339 US"isip6",
340 US"ldapauth",
341 US"le",
342 US"lei",
343 US"lt",
344 US"lti",
345 US"match",
346 US"match_address",
347 US"match_domain",
348 US"match_ip",
349 US"match_local_part",
350 US"or",
351 US"pam",
352 US"pwcheck",
353 US"queue_running",
354 US"radius",
355 US"saslauthd"
356 };
357
358 enum {
359 ECOND_NUM_L,
360 ECOND_NUM_LE,
361 ECOND_NUM_E,
362 ECOND_NUM_EE,
363 ECOND_NUM_G,
364 ECOND_NUM_GE,
365 ECOND_ACL,
366 ECOND_AND,
367 ECOND_BOOL,
368 ECOND_BOOL_LAX,
369 ECOND_CRYPTEQ,
370 ECOND_DEF,
371 ECOND_STR_EQ,
372 ECOND_STR_EQI,
373 ECOND_EXISTS,
374 ECOND_FIRST_DELIVERY,
375 ECOND_FORALL,
376 ECOND_FORALL_JSON,
377 ECOND_FORALL_JSONS,
378 ECOND_FORANY,
379 ECOND_FORANY_JSON,
380 ECOND_FORANY_JSONS,
381 ECOND_STR_GE,
382 ECOND_STR_GEI,
383 ECOND_STR_GT,
384 ECOND_STR_GTI,
385 #ifdef EXPERIMENTAL_SRS_NATIVE
386 ECOND_INBOUND_SRS,
387 #endif
388 ECOND_INLIST,
389 ECOND_INLISTI,
390 ECOND_ISIP,
391 ECOND_ISIP4,
392 ECOND_ISIP6,
393 ECOND_LDAPAUTH,
394 ECOND_STR_LE,
395 ECOND_STR_LEI,
396 ECOND_STR_LT,
397 ECOND_STR_LTI,
398 ECOND_MATCH,
399 ECOND_MATCH_ADDRESS,
400 ECOND_MATCH_DOMAIN,
401 ECOND_MATCH_IP,
402 ECOND_MATCH_LOCAL_PART,
403 ECOND_OR,
404 ECOND_PAM,
405 ECOND_PWCHECK,
406 ECOND_QUEUE_RUNNING,
407 ECOND_RADIUS,
408 ECOND_SASLAUTHD
409 };
410
411
412 /* Types of table entry */
413
414 enum vtypes {
415 vtype_int, /* value is address of int */
416 vtype_filter_int, /* ditto, but recognized only when filtering */
417 vtype_ino, /* value is address of ino_t (not always an int) */
418 vtype_uid, /* value is address of uid_t (not always an int) */
419 vtype_gid, /* value is address of gid_t (not always an int) */
420 vtype_bool, /* value is address of bool */
421 vtype_stringptr, /* value is address of pointer to string */
422 vtype_msgbody, /* as stringptr, but read when first required */
423 vtype_msgbody_end, /* ditto, the end of the message */
424 vtype_msgheaders, /* the message's headers, processed */
425 vtype_msgheaders_raw, /* the message's headers, unprocessed */
426 vtype_localpart, /* extract local part from string */
427 vtype_domain, /* extract domain from string */
428 vtype_string_func, /* value is string returned by given function */
429 vtype_todbsdin, /* value not used; generate BSD inbox tod */
430 vtype_tode, /* value not used; generate tod in epoch format */
431 vtype_todel, /* value not used; generate tod in epoch/usec format */
432 vtype_todf, /* value not used; generate full tod */
433 vtype_todl, /* value not used; generate log tod */
434 vtype_todlf, /* value not used; generate log file datestamp tod */
435 vtype_todzone, /* value not used; generate time zone only */
436 vtype_todzulu, /* value not used; generate zulu tod */
437 vtype_reply, /* value not used; get reply from headers */
438 vtype_pid, /* value not used; result is pid */
439 vtype_host_lookup, /* value not used; get host name */
440 vtype_load_avg, /* value not used; result is int from os_getloadavg */
441 vtype_pspace, /* partition space; value is T/F for spool/log */
442 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
443 vtype_cert /* SSL certificate */
444 #ifndef DISABLE_DKIM
445 ,vtype_dkim /* Lookup of value in DKIM signature */
446 #endif
447 };
448
449 /* Type for main variable table */
450
451 typedef struct {
452 const char *name;
453 enum vtypes type;
454 void *value;
455 } var_entry;
456
457 /* Type for entries pointing to address/length pairs. Not currently
458 in use. */
459
460 typedef struct {
461 uschar **address;
462 int *length;
463 } alblock;
464
465 static uschar * fn_recipients(void);
466 typedef uschar * stringptr_fn_t(void);
467
468 /* This table must be kept in alphabetical order. */
469
470 static var_entry var_table[] = {
471 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
472 they will be confused with user-creatable ACL variables. */
473 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
474 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
475 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
476 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
477 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
478 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
479 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
480 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
481 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
482 { "acl_narg", vtype_int, &acl_narg },
483 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
484 { "address_data", vtype_stringptr, &deliver_address_data },
485 { "address_file", vtype_stringptr, &address_file },
486 { "address_pipe", vtype_stringptr, &address_pipe },
487 #ifdef EXPERIMENTAL_ARC
488 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
489 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
490 { "arc_state", vtype_stringptr, &arc_state },
491 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
492 #endif
493 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
494 { "authenticated_id", vtype_stringptr, &authenticated_id },
495 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
496 { "authentication_failed",vtype_int, &authentication_failed },
497 #ifdef WITH_CONTENT_SCAN
498 { "av_failed", vtype_int, &av_failed },
499 #endif
500 #ifdef EXPERIMENTAL_BRIGHTMAIL
501 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
502 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
503 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
504 { "bmi_deliver", vtype_int, &bmi_deliver },
505 #endif
506 { "body_linecount", vtype_int, &body_linecount },
507 { "body_zerocount", vtype_int, &body_zerocount },
508 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
509 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
510 { "caller_gid", vtype_gid, &real_gid },
511 { "caller_uid", vtype_uid, &real_uid },
512 { "callout_address", vtype_stringptr, &callout_address },
513 { "compile_date", vtype_stringptr, &version_date },
514 { "compile_number", vtype_stringptr, &version_cnumber },
515 { "config_dir", vtype_stringptr, &config_main_directory },
516 { "config_file", vtype_stringptr, &config_main_filename },
517 { "csa_status", vtype_stringptr, &csa_status },
518 #ifdef EXPERIMENTAL_DCC
519 { "dcc_header", vtype_stringptr, &dcc_header },
520 { "dcc_result", vtype_stringptr, &dcc_result },
521 #endif
522 #ifndef DISABLE_DKIM
523 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
524 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
525 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
526 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
527 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
528 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
529 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
530 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
531 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
532 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
533 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
534 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
535 { "dkim_key_length", vtype_int, &dkim_key_length },
536 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
537 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
538 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
539 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
540 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
541 { "dkim_signers", vtype_stringptr, &dkim_signers },
542 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
543 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
544 #endif
545 #ifdef SUPPORT_DMARC
546 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
547 { "dmarc_status", vtype_stringptr, &dmarc_status },
548 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
549 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
550 #endif
551 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
552 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
553 { "dnslist_text", vtype_stringptr, &dnslist_text },
554 { "dnslist_value", vtype_stringptr, &dnslist_value },
555 { "domain", vtype_stringptr, &deliver_domain },
556 { "domain_data", vtype_stringptr, &deliver_domain_data },
557 #ifndef DISABLE_EVENT
558 { "event_data", vtype_stringptr, &event_data },
559
560 /*XXX want to use generic vars for as many of these as possible*/
561 { "event_defer_errno", vtype_int, &event_defer_errno },
562
563 { "event_name", vtype_stringptr, &event_name },
564 #endif
565 { "exim_gid", vtype_gid, &exim_gid },
566 { "exim_path", vtype_stringptr, &exim_path },
567 { "exim_uid", vtype_uid, &exim_uid },
568 { "exim_version", vtype_stringptr, &version_string },
569 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
570 { "home", vtype_stringptr, &deliver_home },
571 { "host", vtype_stringptr, &deliver_host },
572 { "host_address", vtype_stringptr, &deliver_host_address },
573 { "host_data", vtype_stringptr, &host_data },
574 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
575 { "host_lookup_failed", vtype_int, &host_lookup_failed },
576 { "host_port", vtype_int, &deliver_host_port },
577 { "initial_cwd", vtype_stringptr, &initial_cwd },
578 { "inode", vtype_ino, &deliver_inode },
579 { "interface_address", vtype_stringptr, &interface_address },
580 { "interface_port", vtype_int, &interface_port },
581 { "item", vtype_stringptr, &iterate_item },
582 #ifdef LOOKUP_LDAP
583 { "ldap_dn", vtype_stringptr, &eldap_dn },
584 #endif
585 { "load_average", vtype_load_avg, NULL },
586 { "local_part", vtype_stringptr, &deliver_localpart },
587 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
588 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
589 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
590 { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
591 #ifdef HAVE_LOCAL_SCAN
592 { "local_scan_data", vtype_stringptr, &local_scan_data },
593 #endif
594 { "local_user_gid", vtype_gid, &local_user_gid },
595 { "local_user_uid", vtype_uid, &local_user_uid },
596 { "localhost_number", vtype_int, &host_number },
597 { "log_inodes", vtype_pinodes, (void *)FALSE },
598 { "log_space", vtype_pspace, (void *)FALSE },
599 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
600 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
601 #ifdef WITH_CONTENT_SCAN
602 { "malware_name", vtype_stringptr, &malware_name },
603 #endif
604 { "max_received_linelength", vtype_int, &max_received_linelength },
605 { "message_age", vtype_int, &message_age },
606 { "message_body", vtype_msgbody, &message_body },
607 { "message_body_end", vtype_msgbody_end, &message_body_end },
608 { "message_body_size", vtype_int, &message_body_size },
609 { "message_exim_id", vtype_stringptr, &message_id },
610 { "message_headers", vtype_msgheaders, NULL },
611 { "message_headers_raw", vtype_msgheaders_raw, NULL },
612 { "message_id", vtype_stringptr, &message_id },
613 { "message_linecount", vtype_int, &message_linecount },
614 { "message_size", vtype_int, &message_size },
615 #ifdef SUPPORT_I18N
616 { "message_smtputf8", vtype_bool, &message_smtputf8 },
617 #endif
618 #ifdef WITH_CONTENT_SCAN
619 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
620 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
621 { "mime_boundary", vtype_stringptr, &mime_boundary },
622 { "mime_charset", vtype_stringptr, &mime_charset },
623 { "mime_content_description", vtype_stringptr, &mime_content_description },
624 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
625 { "mime_content_id", vtype_stringptr, &mime_content_id },
626 { "mime_content_size", vtype_int, &mime_content_size },
627 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
628 { "mime_content_type", vtype_stringptr, &mime_content_type },
629 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
630 { "mime_filename", vtype_stringptr, &mime_filename },
631 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
632 { "mime_is_multipart", vtype_int, &mime_is_multipart },
633 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
634 { "mime_part_count", vtype_int, &mime_part_count },
635 #endif
636 { "n0", vtype_filter_int, &filter_n[0] },
637 { "n1", vtype_filter_int, &filter_n[1] },
638 { "n2", vtype_filter_int, &filter_n[2] },
639 { "n3", vtype_filter_int, &filter_n[3] },
640 { "n4", vtype_filter_int, &filter_n[4] },
641 { "n5", vtype_filter_int, &filter_n[5] },
642 { "n6", vtype_filter_int, &filter_n[6] },
643 { "n7", vtype_filter_int, &filter_n[7] },
644 { "n8", vtype_filter_int, &filter_n[8] },
645 { "n9", vtype_filter_int, &filter_n[9] },
646 { "original_domain", vtype_stringptr, &deliver_domain_orig },
647 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
648 { "originator_gid", vtype_gid, &originator_gid },
649 { "originator_uid", vtype_uid, &originator_uid },
650 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
651 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
652 { "pid", vtype_pid, NULL },
653 #ifndef DISABLE_PRDR
654 { "prdr_requested", vtype_bool, &prdr_requested },
655 #endif
656 { "primary_hostname", vtype_stringptr, &primary_hostname },
657 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
658 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
659 { "proxy_external_port", vtype_int, &proxy_external_port },
660 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
661 { "proxy_local_port", vtype_int, &proxy_local_port },
662 { "proxy_session", vtype_bool, &proxy_session },
663 #endif
664 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
665 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
666 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
667 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
668 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
669 { "queue_name", vtype_stringptr, &queue_name },
670 { "rcpt_count", vtype_int, &rcpt_count },
671 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
672 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
673 { "received_count", vtype_int, &received_count },
674 { "received_for", vtype_stringptr, &received_for },
675 { "received_ip_address", vtype_stringptr, &interface_address },
676 { "received_port", vtype_int, &interface_port },
677 { "received_protocol", vtype_stringptr, &received_protocol },
678 { "received_time", vtype_int, &received_time.tv_sec },
679 { "recipient_data", vtype_stringptr, &recipient_data },
680 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
681 { "recipients", vtype_string_func, (void *) &fn_recipients },
682 { "recipients_count", vtype_int, &recipients_count },
683 #ifdef WITH_CONTENT_SCAN
684 { "regex_match_string", vtype_stringptr, &regex_match_string },
685 #endif
686 { "reply_address", vtype_reply, NULL },
687 { "return_path", vtype_stringptr, &return_path },
688 { "return_size_limit", vtype_int, &bounce_return_size_limit },
689 { "router_name", vtype_stringptr, &router_name },
690 { "runrc", vtype_int, &runrc },
691 { "self_hostname", vtype_stringptr, &self_hostname },
692 { "sender_address", vtype_stringptr, &sender_address },
693 { "sender_address_data", vtype_stringptr, &sender_address_data },
694 { "sender_address_domain", vtype_domain, &sender_address },
695 { "sender_address_local_part", vtype_localpart, &sender_address },
696 { "sender_data", vtype_stringptr, &sender_data },
697 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
698 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
699 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
700 { "sender_host_address", vtype_stringptr, &sender_host_address },
701 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
702 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
703 { "sender_host_name", vtype_host_lookup, NULL },
704 { "sender_host_port", vtype_int, &sender_host_port },
705 { "sender_ident", vtype_stringptr, &sender_ident },
706 { "sender_rate", vtype_stringptr, &sender_rate },
707 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
708 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
709 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
710 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
711 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
712 { "sending_port", vtype_int, &sending_port },
713 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
714 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
715 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
716 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
717 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
718 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
719 { "sn0", vtype_filter_int, &filter_sn[0] },
720 { "sn1", vtype_filter_int, &filter_sn[1] },
721 { "sn2", vtype_filter_int, &filter_sn[2] },
722 { "sn3", vtype_filter_int, &filter_sn[3] },
723 { "sn4", vtype_filter_int, &filter_sn[4] },
724 { "sn5", vtype_filter_int, &filter_sn[5] },
725 { "sn6", vtype_filter_int, &filter_sn[6] },
726 { "sn7", vtype_filter_int, &filter_sn[7] },
727 { "sn8", vtype_filter_int, &filter_sn[8] },
728 { "sn9", vtype_filter_int, &filter_sn[9] },
729 #ifdef WITH_CONTENT_SCAN
730 { "spam_action", vtype_stringptr, &spam_action },
731 { "spam_bar", vtype_stringptr, &spam_bar },
732 { "spam_report", vtype_stringptr, &spam_report },
733 { "spam_score", vtype_stringptr, &spam_score },
734 { "spam_score_int", vtype_stringptr, &spam_score_int },
735 #endif
736 #ifdef SUPPORT_SPF
737 { "spf_guess", vtype_stringptr, &spf_guess },
738 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
739 { "spf_received", vtype_stringptr, &spf_received },
740 { "spf_result", vtype_stringptr, &spf_result },
741 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
742 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
743 #endif
744 { "spool_directory", vtype_stringptr, &spool_directory },
745 { "spool_inodes", vtype_pinodes, (void *)TRUE },
746 { "spool_space", vtype_pspace, (void *)TRUE },
747 #ifdef EXPERIMENTAL_SRS
748 { "srs_db_address", vtype_stringptr, &srs_db_address },
749 { "srs_db_key", vtype_stringptr, &srs_db_key },
750 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
751 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
752 #endif
753 #if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE)
754 { "srs_recipient", vtype_stringptr, &srs_recipient },
755 #endif
756 #ifdef EXPERIMENTAL_SRS
757 { "srs_status", vtype_stringptr, &srs_status },
758 #endif
759 { "thisaddress", vtype_stringptr, &filter_thisaddress },
760
761 /* The non-(in,out) variables are now deprecated */
762 { "tls_bits", vtype_int, &tls_in.bits },
763 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
764 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
765
766 { "tls_in_bits", vtype_int, &tls_in.bits },
767 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
768 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
769 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
770 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
771 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
772 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
773 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
774 #ifdef EXPERIMENTAL_TLS_RESUME
775 { "tls_in_resumption", vtype_int, &tls_in.resumption },
776 #endif
777 #ifndef DISABLE_TLS
778 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
779 #endif
780 { "tls_in_ver", vtype_stringptr, &tls_in.ver },
781 { "tls_out_bits", vtype_int, &tls_out.bits },
782 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
783 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
784 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
785 #ifdef SUPPORT_DANE
786 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
787 #endif
788 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
789 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
790 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
791 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
792 #ifdef EXPERIMENTAL_TLS_RESUME
793 { "tls_out_resumption", vtype_int, &tls_out.resumption },
794 #endif
795 #ifndef DISABLE_TLS
796 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
797 #endif
798 #ifdef SUPPORT_DANE
799 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
800 #endif
801 { "tls_out_ver", vtype_stringptr, &tls_out.ver },
802
803 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
804 #ifndef DISABLE_TLS
805 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
806 #endif
807
808 { "tod_bsdinbox", vtype_todbsdin, NULL },
809 { "tod_epoch", vtype_tode, NULL },
810 { "tod_epoch_l", vtype_todel, NULL },
811 { "tod_full", vtype_todf, NULL },
812 { "tod_log", vtype_todl, NULL },
813 { "tod_logfile", vtype_todlf, NULL },
814 { "tod_zone", vtype_todzone, NULL },
815 { "tod_zulu", vtype_todzulu, NULL },
816 { "transport_name", vtype_stringptr, &transport_name },
817 { "value", vtype_stringptr, &lookup_value },
818 { "verify_mode", vtype_stringptr, &verify_mode },
819 { "version_number", vtype_stringptr, &version_string },
820 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
821 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
822 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
823 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
824 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
825 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
826 };
827
828 static int var_table_size = nelem(var_table);
829 static uschar var_buffer[256];
830 static BOOL malformed_header;
831
832 /* For textual hashes */
833
834 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
835 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
836 "0123456789";
837
838 enum { HMAC_MD5, HMAC_SHA1 };
839
840 /* For numeric hashes */
841
842 static unsigned int prime[] = {
843 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
844 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
845 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
846
847 /* For printing modes in symbolic form */
848
849 static uschar *mtable_normal[] =
850 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
851
852 static uschar *mtable_setid[] =
853 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
854
855 static uschar *mtable_sticky[] =
856 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
857
858 /* flags for find_header() */
859 #define FH_EXISTS_ONLY BIT(0)
860 #define FH_WANT_RAW BIT(1)
861 #define FH_WANT_LIST BIT(2)
862
863
864 /*************************************************
865 * Tables for UTF-8 support *
866 *************************************************/
867
868 /* Table of the number of extra characters, indexed by the first character
869 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
870 0x3d. */
871
872 static uschar utf8_table1[] = {
873 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
874 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
875 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
876 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
877
878 /* These are the masks for the data bits in the first byte of a character,
879 indexed by the number of additional bytes. */
880
881 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
882
883 /* Get the next UTF-8 character, advancing the pointer. */
884
885 #define GETUTF8INC(c, ptr) \
886 c = *ptr++; \
887 if ((c & 0xc0) == 0xc0) \
888 { \
889 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
890 int s = 6*a; \
891 c = (c & utf8_table2[a]) << s; \
892 while (a-- > 0) \
893 { \
894 s -= 6; \
895 c |= (*ptr++ & 0x3f) << s; \
896 } \
897 }
898
899
900
901 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
902
903 /*************************************************
904 * Binary chop search on a table *
905 *************************************************/
906
907 /* This is used for matching expansion items and operators.
908
909 Arguments:
910 name the name that is being sought
911 table the table to search
912 table_size the number of items in the table
913
914 Returns: the offset in the table, or -1
915 */
916
917 static int
918 chop_match(uschar *name, uschar **table, int table_size)
919 {
920 uschar **bot = table;
921 uschar **top = table + table_size;
922
923 while (top > bot)
924 {
925 uschar **mid = bot + (top - bot)/2;
926 int c = Ustrcmp(name, *mid);
927 if (c == 0) return mid - table;
928 if (c > 0) bot = mid + 1; else top = mid;
929 }
930
931 return -1;
932 }
933
934
935
936 /*************************************************
937 * Check a condition string *
938 *************************************************/
939
940 /* This function is called to expand a string, and test the result for a "true"
941 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
942 forced fail or lookup defer.
943
944 We used to release all store used, but this is not not safe due
945 to ${dlfunc } and ${acl }. In any case expand_string_internal()
946 is reasonably careful to release what it can.
947
948 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
949
950 Arguments:
951 condition the condition string
952 m1 text to be incorporated in panic error
953 m2 ditto
954
955 Returns: TRUE if condition is met, FALSE if not
956 */
957
958 BOOL
959 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
960 {
961 uschar * ss = expand_string(condition);
962 if (!ss)
963 {
964 if (!f.expand_string_forcedfail && !f.search_find_defer)
965 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
966 "for %s %s: %s", condition, m1, m2, expand_string_message);
967 return FALSE;
968 }
969 return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
970 strcmpic(ss, US"false") != 0;
971 }
972
973
974
975
976 /*************************************************
977 * Pseudo-random number generation *
978 *************************************************/
979
980 /* Pseudo-random number generation. The result is not "expected" to be
981 cryptographically strong but not so weak that someone will shoot themselves
982 in the foot using it as a nonce in some email header scheme or whatever
983 weirdness they'll twist this into. The result should ideally handle fork().
984
985 However, if we're stuck unable to provide this, then we'll fall back to
986 appallingly bad randomness.
987
988 If DISABLE_TLS is not defined then this will not be used except as an emergency
989 fallback.
990
991 Arguments:
992 max range maximum
993 Returns a random number in range [0, max-1]
994 */
995
996 #ifndef DISABLE_TLS
997 # define vaguely_random_number vaguely_random_number_fallback
998 #endif
999 int
1000 vaguely_random_number(int max)
1001 {
1002 #ifndef DISABLE_TLS
1003 # undef vaguely_random_number
1004 #endif
1005 static pid_t pid = 0;
1006 pid_t p2;
1007
1008 if ((p2 = getpid()) != pid)
1009 {
1010 if (pid != 0)
1011 {
1012
1013 #ifdef HAVE_ARC4RANDOM
1014 /* cryptographically strong randomness, common on *BSD platforms, not
1015 so much elsewhere. Alas. */
1016 # ifndef NOT_HAVE_ARC4RANDOM_STIR
1017 arc4random_stir();
1018 # endif
1019 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1020 # ifdef HAVE_SRANDOMDEV
1021 /* uses random(4) for seeding */
1022 srandomdev();
1023 # else
1024 {
1025 struct timeval tv;
1026 gettimeofday(&tv, NULL);
1027 srandom(tv.tv_sec | tv.tv_usec | getpid());
1028 }
1029 # endif
1030 #else
1031 /* Poor randomness and no seeding here */
1032 #endif
1033
1034 }
1035 pid = p2;
1036 }
1037
1038 #ifdef HAVE_ARC4RANDOM
1039 return arc4random() % max;
1040 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1041 return random() % max;
1042 #else
1043 /* This one returns a 16-bit number, definitely not crypto-strong */
1044 return random_number(max);
1045 #endif
1046 }
1047
1048
1049
1050
1051 /*************************************************
1052 * Pick out a name from a string *
1053 *************************************************/
1054
1055 /* If the name is too long, it is silently truncated.
1056
1057 Arguments:
1058 name points to a buffer into which to put the name
1059 max is the length of the buffer
1060 s points to the first alphabetic character of the name
1061 extras chars other than alphanumerics to permit
1062
1063 Returns: pointer to the first character after the name
1064
1065 Note: The test for *s != 0 in the while loop is necessary because
1066 Ustrchr() yields non-NULL if the character is zero (which is not something
1067 I expected). */
1068
1069 static const uschar *
1070 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1071 {
1072 int ptr = 0;
1073 while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1074 {
1075 if (ptr < max-1) name[ptr++] = *s;
1076 s++;
1077 }
1078 name[ptr] = 0;
1079 return s;
1080 }
1081
1082
1083
1084 /*************************************************
1085 * Pick out the rest of a header name *
1086 *************************************************/
1087
1088 /* A variable name starting $header_ (or just $h_ for those who like
1089 abbreviations) might not be the complete header name because headers can
1090 contain any printing characters in their names, except ':'. This function is
1091 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1092 on the end, if the name was terminated by white space.
1093
1094 Arguments:
1095 name points to a buffer in which the name read so far exists
1096 max is the length of the buffer
1097 s points to the first character after the name so far, i.e. the
1098 first non-alphameric character after $header_xxxxx
1099
1100 Returns: a pointer to the first character after the header name
1101 */
1102
1103 static const uschar *
1104 read_header_name(uschar *name, int max, const uschar *s)
1105 {
1106 int prelen = Ustrchr(name, '_') - name + 1;
1107 int ptr = Ustrlen(name) - prelen;
1108 if (ptr > 0) memmove(name, name+prelen, ptr);
1109 while (mac_isgraph(*s) && *s != ':')
1110 {
1111 if (ptr < max-1) name[ptr++] = *s;
1112 s++;
1113 }
1114 if (*s == ':') s++;
1115 name[ptr++] = ':';
1116 name[ptr] = 0;
1117 return s;
1118 }
1119
1120
1121
1122 /*************************************************
1123 * Pick out a number from a string *
1124 *************************************************/
1125
1126 /* Arguments:
1127 n points to an integer into which to put the number
1128 s points to the first digit of the number
1129
1130 Returns: a pointer to the character after the last digit
1131 */
1132 /*XXX consider expanding to int_eximarith_t. But the test for
1133 "overbig numbers" in 0002 still needs to overflow it. */
1134
1135 static uschar *
1136 read_number(int *n, uschar *s)
1137 {
1138 *n = 0;
1139 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1140 return s;
1141 }
1142
1143 static const uschar *
1144 read_cnumber(int *n, const uschar *s)
1145 {
1146 *n = 0;
1147 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1148 return s;
1149 }
1150
1151
1152
1153 /*************************************************
1154 * Extract keyed subfield from a string *
1155 *************************************************/
1156
1157 /* The yield is in dynamic store; NULL means that the key was not found.
1158
1159 Arguments:
1160 key points to the name of the key
1161 s points to the string from which to extract the subfield
1162
1163 Returns: NULL if the subfield was not found, or
1164 a pointer to the subfield's data
1165 */
1166
1167 static uschar *
1168 expand_getkeyed(uschar * key, const uschar * s)
1169 {
1170 int length = Ustrlen(key);
1171 while (isspace(*s)) s++;
1172
1173 /* Loop to search for the key */
1174
1175 while (*s)
1176 {
1177 int dkeylength;
1178 uschar * data;
1179 const uschar * dkey = s;
1180
1181 while (*s && *s != '=' && !isspace(*s)) s++;
1182 dkeylength = s - dkey;
1183 while (isspace(*s)) s++;
1184 if (*s == '=') while (isspace((*(++s))));
1185
1186 data = string_dequote(&s);
1187 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1188 return data;
1189
1190 while (isspace(*s)) s++;
1191 }
1192
1193 return NULL;
1194 }
1195
1196
1197
1198 static var_entry *
1199 find_var_ent(uschar * name)
1200 {
1201 int first = 0;
1202 int last = var_table_size;
1203
1204 while (last > first)
1205 {
1206 int middle = (first + last)/2;
1207 int c = Ustrcmp(name, var_table[middle].name);
1208
1209 if (c > 0) { first = middle + 1; continue; }
1210 if (c < 0) { last = middle; continue; }
1211 return &var_table[middle];
1212 }
1213 return NULL;
1214 }
1215
1216 /*************************************************
1217 * Extract numbered subfield from string *
1218 *************************************************/
1219
1220 /* Extracts a numbered field from a string that is divided by tokens - for
1221 example a line from /etc/passwd is divided by colon characters. First field is
1222 numbered one. Negative arguments count from the right. Zero returns the whole
1223 string. Returns NULL if there are insufficient tokens in the string
1224
1225 ***WARNING***
1226 Modifies final argument - this is a dynamically generated string, so that's OK.
1227
1228 Arguments:
1229 field number of field to be extracted,
1230 first field = 1, whole string = 0, last field = -1
1231 separators characters that are used to break string into tokens
1232 s points to the string from which to extract the subfield
1233
1234 Returns: NULL if the field was not found,
1235 a pointer to the field's data inside s (modified to add 0)
1236 */
1237
1238 static uschar *
1239 expand_gettokened (int field, uschar *separators, uschar *s)
1240 {
1241 int sep = 1;
1242 int count;
1243 uschar *ss = s;
1244 uschar *fieldtext = NULL;
1245
1246 if (field == 0) return s;
1247
1248 /* Break the line up into fields in place; for field > 0 we stop when we have
1249 done the number of fields we want. For field < 0 we continue till the end of
1250 the string, counting the number of fields. */
1251
1252 count = (field > 0)? field : INT_MAX;
1253
1254 while (count-- > 0)
1255 {
1256 size_t len;
1257
1258 /* Previous field was the last one in the string. For a positive field
1259 number, this means there are not enough fields. For a negative field number,
1260 check that there are enough, and scan back to find the one that is wanted. */
1261
1262 if (sep == 0)
1263 {
1264 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1265 if ((-field) == (INT_MAX - count - 1)) return s;
1266 while (field++ < 0)
1267 {
1268 ss--;
1269 while (ss[-1] != 0) ss--;
1270 }
1271 fieldtext = ss;
1272 break;
1273 }
1274
1275 /* Previous field was not last in the string; save its start and put a
1276 zero at its end. */
1277
1278 fieldtext = ss;
1279 len = Ustrcspn(ss, separators);
1280 sep = ss[len];
1281 ss[len] = 0;
1282 ss += len + 1;
1283 }
1284
1285 return fieldtext;
1286 }
1287
1288
1289 static uschar *
1290 expand_getlistele(int field, const uschar * list)
1291 {
1292 const uschar * tlist = list;
1293 int sep = 0;
1294 uschar dummy;
1295
1296 if (field < 0)
1297 {
1298 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1299 sep = 0;
1300 }
1301 if (field == 0) return NULL;
1302 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1303 return string_nextinlist(&list, &sep, NULL, 0);
1304 }
1305
1306
1307 /* Certificate fields, by name. Worry about by-OID later */
1308 /* Names are chosen to not have common prefixes */
1309
1310 #ifndef DISABLE_TLS
1311 typedef struct
1312 {
1313 uschar * name;
1314 int namelen;
1315 uschar * (*getfn)(void * cert, uschar * mod);
1316 } certfield;
1317 static certfield certfields[] =
1318 { /* linear search; no special order */
1319 { US"version", 7, &tls_cert_version },
1320 { US"serial_number", 13, &tls_cert_serial_number },
1321 { US"subject", 7, &tls_cert_subject },
1322 { US"notbefore", 9, &tls_cert_not_before },
1323 { US"notafter", 8, &tls_cert_not_after },
1324 { US"issuer", 6, &tls_cert_issuer },
1325 { US"signature", 9, &tls_cert_signature },
1326 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1327 { US"subj_altname", 12, &tls_cert_subject_altname },
1328 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1329 { US"crl_uri", 7, &tls_cert_crl_uri },
1330 };
1331
1332 static uschar *
1333 expand_getcertele(uschar * field, uschar * certvar)
1334 {
1335 var_entry * vp;
1336
1337 if (!(vp = find_var_ent(certvar)))
1338 {
1339 expand_string_message =
1340 string_sprintf("no variable named \"%s\"", certvar);
1341 return NULL; /* Unknown variable name */
1342 }
1343 /* NB this stops us passing certs around in variable. Might
1344 want to do that in future */
1345 if (vp->type != vtype_cert)
1346 {
1347 expand_string_message =
1348 string_sprintf("\"%s\" is not a certificate", certvar);
1349 return NULL; /* Unknown variable name */
1350 }
1351 if (!*(void **)vp->value)
1352 return NULL;
1353
1354 if (*field >= '0' && *field <= '9')
1355 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1356
1357 for (certfield * cp = certfields;
1358 cp < certfields + nelem(certfields);
1359 cp++)
1360 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1361 {
1362 uschar * modifier = *(field += cp->namelen) == ','
1363 ? ++field : NULL;
1364 return (*cp->getfn)( *(void **)vp->value, modifier );
1365 }
1366
1367 expand_string_message =
1368 string_sprintf("bad field selector \"%s\" for certextract", field);
1369 return NULL;
1370 }
1371 #endif /*DISABLE_TLS*/
1372
1373 /*************************************************
1374 * Extract a substring from a string *
1375 *************************************************/
1376
1377 /* Perform the ${substr or ${length expansion operations.
1378
1379 Arguments:
1380 subject the input string
1381 value1 the offset from the start of the input string to the start of
1382 the output string; if negative, count from the right.
1383 value2 the length of the output string, or negative (-1) for unset
1384 if value1 is positive, unset means "all after"
1385 if value1 is negative, unset means "all before"
1386 len set to the length of the returned string
1387
1388 Returns: pointer to the output string, or NULL if there is an error
1389 */
1390
1391 static uschar *
1392 extract_substr(uschar *subject, int value1, int value2, int *len)
1393 {
1394 int sublen = Ustrlen(subject);
1395
1396 if (value1 < 0) /* count from right */
1397 {
1398 value1 += sublen;
1399
1400 /* If the position is before the start, skip to the start, and adjust the
1401 length. If the length ends up negative, the substring is null because nothing
1402 can precede. This falls out naturally when the length is unset, meaning "all
1403 to the left". */
1404
1405 if (value1 < 0)
1406 {
1407 value2 += value1;
1408 if (value2 < 0) value2 = 0;
1409 value1 = 0;
1410 }
1411
1412 /* Otherwise an unset length => characters before value1 */
1413
1414 else if (value2 < 0)
1415 {
1416 value2 = value1;
1417 value1 = 0;
1418 }
1419 }
1420
1421 /* For a non-negative offset, if the starting position is past the end of the
1422 string, the result will be the null string. Otherwise, an unset length means
1423 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1424
1425 else
1426 {
1427 if (value1 > sublen)
1428 {
1429 value1 = sublen;
1430 value2 = 0;
1431 }
1432 else if (value2 < 0) value2 = sublen;
1433 }
1434
1435 /* Cut the length down to the maximum possible for the offset value, and get
1436 the required characters. */
1437
1438 if (value1 + value2 > sublen) value2 = sublen - value1;
1439 *len = value2;
1440 return subject + value1;
1441 }
1442
1443
1444
1445
1446 /*************************************************
1447 * Old-style hash of a string *
1448 *************************************************/
1449
1450 /* Perform the ${hash expansion operation.
1451
1452 Arguments:
1453 subject the input string (an expanded substring)
1454 value1 the length of the output string; if greater or equal to the
1455 length of the input string, the input string is returned
1456 value2 the number of hash characters to use, or 26 if negative
1457 len set to the length of the returned string
1458
1459 Returns: pointer to the output string, or NULL if there is an error
1460 */
1461
1462 static uschar *
1463 compute_hash(uschar *subject, int value1, int value2, int *len)
1464 {
1465 int sublen = Ustrlen(subject);
1466
1467 if (value2 < 0) value2 = 26;
1468 else if (value2 > Ustrlen(hashcodes))
1469 {
1470 expand_string_message =
1471 string_sprintf("hash count \"%d\" too big", value2);
1472 return NULL;
1473 }
1474
1475 /* Calculate the hash text. We know it is shorter than the original string, so
1476 can safely place it in subject[] (we know that subject is always itself an
1477 expanded substring). */
1478
1479 if (value1 < sublen)
1480 {
1481 int c;
1482 int i = 0;
1483 int j = value1;
1484 while ((c = (subject[j])) != 0)
1485 {
1486 int shift = (c + j++) & 7;
1487 subject[i] ^= (c << shift) | (c >> (8-shift));
1488 if (++i >= value1) i = 0;
1489 }
1490 for (i = 0; i < value1; i++)
1491 subject[i] = hashcodes[(subject[i]) % value2];
1492 }
1493 else value1 = sublen;
1494
1495 *len = value1;
1496 return subject;
1497 }
1498
1499
1500
1501
1502 /*************************************************
1503 * Numeric hash of a string *
1504 *************************************************/
1505
1506 /* Perform the ${nhash expansion operation. The first characters of the
1507 string are treated as most important, and get the highest prime numbers.
1508
1509 Arguments:
1510 subject the input string
1511 value1 the maximum value of the first part of the result
1512 value2 the maximum value of the second part of the result,
1513 or negative to produce only a one-part result
1514 len set to the length of the returned string
1515
1516 Returns: pointer to the output string, or NULL if there is an error.
1517 */
1518
1519 static uschar *
1520 compute_nhash (uschar *subject, int value1, int value2, int *len)
1521 {
1522 uschar *s = subject;
1523 int i = 0;
1524 unsigned long int total = 0; /* no overflow */
1525
1526 while (*s != 0)
1527 {
1528 if (i == 0) i = nelem(prime) - 1;
1529 total += prime[i--] * (unsigned int)(*s++);
1530 }
1531
1532 /* If value2 is unset, just compute one number */
1533
1534 if (value2 < 0)
1535 s = string_sprintf("%lu", total % value1);
1536
1537 /* Otherwise do a div/mod hash */
1538
1539 else
1540 {
1541 total = total % (value1 * value2);
1542 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1543 }
1544
1545 *len = Ustrlen(s);
1546 return s;
1547 }
1548
1549
1550
1551
1552
1553 /*************************************************
1554 * Find the value of a header or headers *
1555 *************************************************/
1556
1557 /* Multiple instances of the same header get concatenated, and this function
1558 can also return a concatenation of all the header lines. When concatenating
1559 specific headers that contain lists of addresses, a comma is inserted between
1560 them. Otherwise we use a straight concatenation. Because some messages can have
1561 pathologically large number of lines, there is a limit on the length that is
1562 returned.
1563
1564 Arguments:
1565 name the name of the header, without the leading $header_ or $h_,
1566 or NULL if a concatenation of all headers is required
1567 newsize return the size of memory block that was obtained; may be NULL
1568 if exists_only is TRUE
1569 flags FH_EXISTS_ONLY
1570 set if called from a def: test; don't need to build a string;
1571 just return a string that is not "" and not "0" if the header
1572 exists
1573 FH_WANT_RAW
1574 set if called for $rh_ or $rheader_ items; no processing,
1575 other than concatenating, will be done on the header. Also used
1576 for $message_headers_raw.
1577 FH_WANT_LIST
1578 Double colon chars in the content, and replace newline with
1579 colon between each element when concatenating; returning a
1580 colon-sep list (elements might contain newlines)
1581 charset name of charset to translate MIME words to; used only if
1582 want_raw is false; if NULL, no translation is done (this is
1583 used for $bh_ and $bheader_)
1584
1585 Returns: NULL if the header does not exist, else a pointer to a new
1586 store block
1587 */
1588
1589 static uschar *
1590 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1591 {
1592 BOOL found = !name;
1593 int len = name ? Ustrlen(name) : 0;
1594 BOOL comma = FALSE;
1595 gstring * g = NULL;
1596
1597 for (header_line * h = header_list; h; h = h->next)
1598 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1599 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1600 {
1601 uschar * s, * t;
1602 size_t inc;
1603
1604 if (flags & FH_EXISTS_ONLY)
1605 return US"1"; /* don't need actual string */
1606
1607 found = TRUE;
1608 s = h->text + len; /* text to insert */
1609 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1610 while (isspace(*s)) s++; /* remove leading white space */
1611 t = h->text + h->slen; /* end-point */
1612
1613 /* Unless wanted raw, remove trailing whitespace, including the
1614 newline. */
1615
1616 if (flags & FH_WANT_LIST)
1617 while (t > s && t[-1] == '\n') t--;
1618 else if (!(flags & FH_WANT_RAW))
1619 {
1620 while (t > s && isspace(t[-1])) t--;
1621
1622 /* Set comma if handling a single header and it's one of those
1623 that contains an address list, except when asked for raw headers. Only
1624 need to do this once. */
1625
1626 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1627 }
1628
1629 /* Trim the header roughly if we're approaching limits */
1630 inc = t - s;
1631 if ((g ? g->ptr : 0) + inc > header_insert_maxlen)
1632 inc = header_insert_maxlen - (g ? g->ptr : 0);
1633
1634 /* For raw just copy the data; for a list, add the data as a colon-sep
1635 list-element; for comma-list add as an unchecked comma,newline sep
1636 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1637 stripped trailing WS above including the newline). We ignore the potential
1638 expansion due to colon-doubling, just leaving the loop if the limit is met
1639 or exceeded. */
1640
1641 if (flags & FH_WANT_LIST)
1642 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1643 else if (flags & FH_WANT_RAW)
1644 {
1645 g = string_catn(g, s, (unsigned)inc);
1646 (void) string_from_gstring(g);
1647 }
1648 else if (inc > 0)
1649 if (comma)
1650 g = string_append2_listele_n(g, US",\n", s, (unsigned)inc);
1651 else
1652 g = string_append2_listele_n(g, US"\n", s, (unsigned)inc);
1653
1654 if (g && g->ptr >= header_insert_maxlen) break;
1655 }
1656
1657 if (!found) return NULL; /* No header found */
1658 if (!g) return US"";
1659
1660 /* That's all we do for raw header expansion. */
1661
1662 *newsize = g->size;
1663 if (flags & FH_WANT_RAW)
1664 return g->s;
1665
1666 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1667 The rfc2047_decode2() function can return an error with decoded data if the
1668 charset translation fails. If decoding fails, it returns NULL. */
1669
1670 else
1671 {
1672 uschar *decoded, *error;
1673
1674 decoded = rfc2047_decode2(g->s, check_rfc2047_length, charset, '?', NULL,
1675 newsize, &error);
1676 if (error)
1677 {
1678 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1679 " input was: %s\n", error, g->s);
1680 }
1681 return decoded ? decoded : g->s;
1682 }
1683 }
1684
1685
1686
1687
1688 /* Append a "local" element to an Authentication-Results: header
1689 if this was a non-smtp message.
1690 */
1691
1692 static gstring *
1693 authres_local(gstring * g, const uschar * sysname)
1694 {
1695 if (!f.authentication_local)
1696 return g;
1697 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1698 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1699 return g;
1700 }
1701
1702
1703 /* Append an "iprev" element to an Authentication-Results: header
1704 if we have attempted to get the calling host's name.
1705 */
1706
1707 static gstring *
1708 authres_iprev(gstring * g)
1709 {
1710 if (sender_host_name)
1711 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1712 else if (host_lookup_deferred)
1713 g = string_catn(g, US";\n\tiprev=temperror", 19);
1714 else if (host_lookup_failed)
1715 g = string_catn(g, US";\n\tiprev=fail", 13);
1716 else
1717 return g;
1718
1719 if (sender_host_address)
1720 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1721 return g;
1722 }
1723
1724
1725
1726 /*************************************************
1727 * Return list of recipients *
1728 *************************************************/
1729 /* A recipients list is available only during system message filtering,
1730 during ACL processing after DATA, and while expanding pipe commands
1731 generated from a system filter, but not elsewhere. */
1732
1733 static uschar *
1734 fn_recipients(void)
1735 {
1736 uschar * s;
1737 gstring * g = NULL;
1738
1739 if (!f.enable_dollar_recipients) return NULL;
1740
1741 for (int i = 0; i < recipients_count; i++)
1742 {
1743 s = recipients_list[i].address;
1744 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1745 }
1746 return g ? g->s : NULL;
1747 }
1748
1749
1750 /*************************************************
1751 * Find value of a variable *
1752 *************************************************/
1753
1754 /* The table of variables is kept in alphabetic order, so we can search it
1755 using a binary chop. The "choplen" variable is nothing to do with the binary
1756 chop.
1757
1758 Arguments:
1759 name the name of the variable being sought
1760 exists_only TRUE if this is a def: test; passed on to find_header()
1761 skipping TRUE => skip any processing evaluation; this is not the same as
1762 exists_only because def: may test for values that are first
1763 evaluated here
1764 newsize pointer to an int which is initially zero; if the answer is in
1765 a new memory buffer, *newsize is set to its size
1766
1767 Returns: NULL if the variable does not exist, or
1768 a pointer to the variable's contents, or
1769 something non-NULL if exists_only is TRUE
1770 */
1771
1772 static uschar *
1773 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1774 {
1775 var_entry * vp;
1776 uschar *s, *domain;
1777 uschar **ss;
1778 void * val;
1779
1780 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1781 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1782 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1783 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1784 (this gave backwards compatibility at the changeover). There may be built-in
1785 variables whose names start acl_ but they should never start in this way. This
1786 slightly messy specification is a consequence of the history, needless to say.
1787
1788 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1789 set, in which case give an error. */
1790
1791 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1792 !isalpha(name[5]))
1793 {
1794 tree_node * node =
1795 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1796 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1797 }
1798 else if (Ustrncmp(name, "r_", 2) == 0)
1799 {
1800 tree_node * node = tree_search(router_var, name + 2);
1801 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1802 }
1803
1804 /* Handle $auth<n> variables. */
1805
1806 if (Ustrncmp(name, "auth", 4) == 0)
1807 {
1808 uschar *endptr;
1809 int n = Ustrtoul(name + 4, &endptr, 10);
1810 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1811 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1812 }
1813 else if (Ustrncmp(name, "regex", 5) == 0)
1814 {
1815 uschar *endptr;
1816 int n = Ustrtoul(name + 5, &endptr, 10);
1817 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1818 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1819 }
1820
1821 /* For all other variables, search the table */
1822
1823 if (!(vp = find_var_ent(name)))
1824 return NULL; /* Unknown variable name */
1825
1826 /* Found an existing variable. If in skipping state, the value isn't needed,
1827 and we want to avoid processing (such as looking up the host name). */
1828
1829 if (skipping)
1830 return US"";
1831
1832 val = vp->value;
1833 switch (vp->type)
1834 {
1835 case vtype_filter_int:
1836 if (!f.filter_running) return NULL;
1837 /* Fall through */
1838 /* VVVVVVVVVVVV */
1839 case vtype_int:
1840 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1841 return var_buffer;
1842
1843 case vtype_ino:
1844 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1845 return var_buffer;
1846
1847 case vtype_gid:
1848 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1849 return var_buffer;
1850
1851 case vtype_uid:
1852 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1853 return var_buffer;
1854
1855 case vtype_bool:
1856 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1857 return var_buffer;
1858
1859 case vtype_stringptr: /* Pointer to string */
1860 return (s = *((uschar **)(val))) ? s : US"";
1861
1862 case vtype_pid:
1863 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1864 return var_buffer;
1865
1866 case vtype_load_avg:
1867 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1868 return var_buffer;
1869
1870 case vtype_host_lookup: /* Lookup if not done so */
1871 if ( !sender_host_name && sender_host_address
1872 && !host_lookup_failed && host_name_lookup() == OK)
1873 host_build_sender_fullhost();
1874 return sender_host_name ? sender_host_name : US"";
1875
1876 case vtype_localpart: /* Get local part from address */
1877 if (!(s = *((uschar **)(val)))) return US"";
1878 if (!(domain = Ustrrchr(s, '@'))) return s;
1879 if (domain - s > sizeof(var_buffer) - 1)
1880 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1881 " in string expansion", sizeof(var_buffer));
1882 return string_copyn(s, domain - s);
1883
1884 case vtype_domain: /* Get domain from address */
1885 if (!(s = *((uschar **)(val)))) return US"";
1886 domain = Ustrrchr(s, '@');
1887 return domain ? domain + 1 : US"";
1888
1889 case vtype_msgheaders:
1890 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1891
1892 case vtype_msgheaders_raw:
1893 return find_header(NULL, newsize,
1894 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1895
1896 case vtype_msgbody: /* Pointer to msgbody string */
1897 case vtype_msgbody_end: /* Ditto, the end of the msg */
1898 ss = (uschar **)(val);
1899 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1900 {
1901 uschar *body;
1902 off_t start_offset = SPOOL_DATA_START_OFFSET;
1903 int len = message_body_visible;
1904 if (len > message_size) len = message_size;
1905 *ss = body = store_malloc(len+1);
1906 body[0] = 0;
1907 if (vp->type == vtype_msgbody_end)
1908 {
1909 struct stat statbuf;
1910 if (fstat(deliver_datafile, &statbuf) == 0)
1911 {
1912 start_offset = statbuf.st_size - len;
1913 if (start_offset < SPOOL_DATA_START_OFFSET)
1914 start_offset = SPOOL_DATA_START_OFFSET;
1915 }
1916 }
1917 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1918 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1919 strerror(errno));
1920 len = read(deliver_datafile, body, len);
1921 if (len > 0)
1922 {
1923 body[len] = 0;
1924 if (message_body_newlines) /* Separate loops for efficiency */
1925 while (len > 0)
1926 { if (body[--len] == 0) body[len] = ' '; }
1927 else
1928 while (len > 0)
1929 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1930 }
1931 }
1932 return *ss ? *ss : US"";
1933
1934 case vtype_todbsdin: /* BSD inbox time of day */
1935 return tod_stamp(tod_bsdin);
1936
1937 case vtype_tode: /* Unix epoch time of day */
1938 return tod_stamp(tod_epoch);
1939
1940 case vtype_todel: /* Unix epoch/usec time of day */
1941 return tod_stamp(tod_epoch_l);
1942
1943 case vtype_todf: /* Full time of day */
1944 return tod_stamp(tod_full);
1945
1946 case vtype_todl: /* Log format time of day */
1947 return tod_stamp(tod_log_bare); /* (without timezone) */
1948
1949 case vtype_todzone: /* Time zone offset only */
1950 return tod_stamp(tod_zone);
1951
1952 case vtype_todzulu: /* Zulu time */
1953 return tod_stamp(tod_zulu);
1954
1955 case vtype_todlf: /* Log file datestamp tod */
1956 return tod_stamp(tod_log_datestamp_daily);
1957
1958 case vtype_reply: /* Get reply address */
1959 s = find_header(US"reply-to:", newsize,
1960 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1961 headers_charset);
1962 if (s) while (isspace(*s)) s++;
1963 if (!s || !*s)
1964 {
1965 *newsize = 0; /* For the *s==0 case */
1966 s = find_header(US"from:", newsize,
1967 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1968 headers_charset);
1969 }
1970 if (s)
1971 {
1972 uschar *t;
1973 while (isspace(*s)) s++;
1974 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1975 while (t > s && isspace(t[-1])) t--;
1976 *t = 0;
1977 }
1978 return s ? s : US"";
1979
1980 case vtype_string_func:
1981 {
1982 stringptr_fn_t * fn = (stringptr_fn_t *) val;
1983 return fn();
1984 }
1985
1986 case vtype_pspace:
1987 {
1988 int inodes;
1989 sprintf(CS var_buffer, PR_EXIM_ARITH,
1990 receive_statvfs(val == (void *)TRUE, &inodes));
1991 }
1992 return var_buffer;
1993
1994 case vtype_pinodes:
1995 {
1996 int inodes;
1997 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1998 sprintf(CS var_buffer, "%d", inodes);
1999 }
2000 return var_buffer;
2001
2002 case vtype_cert:
2003 return *(void **)val ? US"<cert>" : US"";
2004
2005 #ifndef DISABLE_DKIM
2006 case vtype_dkim:
2007 return dkim_exim_expand_query((int)(long)val);
2008 #endif
2009
2010 }
2011
2012 return NULL; /* Unknown variable. Silences static checkers. */
2013 }
2014
2015
2016
2017
2018 void
2019 modify_variable(uschar *name, void * value)
2020 {
2021 var_entry * vp;
2022 if ((vp = find_var_ent(name))) vp->value = value;
2023 return; /* Unknown variable name, fail silently */
2024 }
2025
2026
2027
2028
2029
2030
2031 /*************************************************
2032 * Read and expand substrings *
2033 *************************************************/
2034
2035 /* This function is called to read and expand argument substrings for various
2036 expansion items. Some have a minimum requirement that is less than the maximum;
2037 in these cases, the first non-present one is set to NULL.
2038
2039 Arguments:
2040 sub points to vector of pointers to set
2041 n maximum number of substrings
2042 m minimum required
2043 sptr points to current string pointer
2044 skipping the skipping flag
2045 check_end if TRUE, check for final '}'
2046 name name of item, for error message
2047 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2048 the store.
2049
2050 Returns: 0 OK; string pointer updated
2051 1 curly bracketing error (too few arguments)
2052 2 too many arguments (only if check_end is set); message set
2053 3 other error (expansion failure)
2054 */
2055
2056 static int
2057 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2058 BOOL check_end, uschar *name, BOOL *resetok)
2059 {
2060 const uschar *s = *sptr;
2061
2062 while (isspace(*s)) s++;
2063 for (int i = 0; i < n; i++)
2064 {
2065 if (*s != '{')
2066 {
2067 if (i < m)
2068 {
2069 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2070 "(min is %d)", name, m);
2071 return 1;
2072 }
2073 sub[i] = NULL;
2074 break;
2075 }
2076 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2077 return 3;
2078 if (*s++ != '}') return 1;
2079 while (isspace(*s)) s++;
2080 }
2081 if (check_end && *s++ != '}')
2082 {
2083 if (s[-1] == '{')
2084 {
2085 expand_string_message = string_sprintf("Too many arguments for '%s' "
2086 "(max is %d)", name, n);
2087 return 2;
2088 }
2089 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2090 return 1;
2091 }
2092
2093 *sptr = s;
2094 return 0;
2095 }
2096
2097
2098
2099
2100 /*************************************************
2101 * Elaborate message for bad variable *
2102 *************************************************/
2103
2104 /* For the "unknown variable" message, take a look at the variable's name, and
2105 give additional information about possible ACL variables. The extra information
2106 is added on to expand_string_message.
2107
2108 Argument: the name of the variable
2109 Returns: nothing
2110 */
2111
2112 static void
2113 check_variable_error_message(uschar *name)
2114 {
2115 if (Ustrncmp(name, "acl_", 4) == 0)
2116 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2117 (name[4] == 'c' || name[4] == 'm')?
2118 (isalpha(name[5])?
2119 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2120 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2121 ) :
2122 US"user-defined ACL variables must start acl_c or acl_m");
2123 }
2124
2125
2126
2127 /*
2128 Load args from sub array to globals, and call acl_check().
2129 Sub array will be corrupted on return.
2130
2131 Returns: OK access is granted by an ACCEPT verb
2132 DISCARD access is (apparently) granted by a DISCARD verb
2133 FAIL access is denied
2134 FAIL_DROP access is denied; drop the connection
2135 DEFER can't tell at the moment
2136 ERROR disaster
2137 */
2138 static int
2139 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2140 {
2141 int i;
2142 int sav_narg = acl_narg;
2143 int ret;
2144 uschar * dummy_logmsg;
2145 extern int acl_where;
2146
2147 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2148 for (i = 0; i < nsub && sub[i+1]; i++)
2149 {
2150 uschar * tmp = acl_arg[i];
2151 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2152 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2153 }
2154 acl_narg = i;
2155 while (i < nsub)
2156 {
2157 sub[i+1] = acl_arg[i];
2158 acl_arg[i++] = NULL;
2159 }
2160
2161 DEBUG(D_expand)
2162 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2163 sub[0],
2164 acl_narg>0 ? acl_arg[0] : US"<none>",
2165 acl_narg>1 ? " +more" : "");
2166
2167 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2168
2169 for (i = 0; i < nsub; i++)
2170 acl_arg[i] = sub[i+1]; /* restore old args */
2171 acl_narg = sav_narg;
2172
2173 return ret;
2174 }
2175
2176
2177
2178
2179 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2180 The given string is modified on return. Leading whitespace is skipped while
2181 looking for the opening wrap character, then the rest is scanned for the trailing
2182 (non-escaped) wrap character. A backslash in the string will act as an escape.
2183
2184 A nul is written over the trailing wrap, and a pointer to the char after the
2185 leading wrap is returned.
2186
2187 Arguments:
2188 s String for de-wrapping
2189 wrap Two-char string, the first being the opener, second the closer wrapping
2190 character
2191 Return:
2192 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2193 */
2194
2195 static uschar *
2196 dewrap(uschar * s, const uschar * wrap)
2197 {
2198 uschar * p = s;
2199 unsigned depth = 0;
2200 BOOL quotesmode = wrap[0] == wrap[1];
2201
2202 while (isspace(*p)) p++;
2203
2204 if (*p == *wrap)
2205 {
2206 s = ++p;
2207 wrap++;
2208 while (*p)
2209 {
2210 if (*p == '\\') p++;
2211 else if (!quotesmode && *p == wrap[-1]) depth++;
2212 else if (*p == *wrap)
2213 if (depth == 0)
2214 {
2215 *p = '\0';
2216 return s;
2217 }
2218 else
2219 depth--;
2220 p++;
2221 }
2222 }
2223 expand_string_message = string_sprintf("missing '%c'", *wrap);
2224 return NULL;
2225 }
2226
2227
2228 /* Pull off the leading array or object element, returning
2229 a copy in an allocated string. Update the list pointer.
2230
2231 The element may itself be an abject or array.
2232 Return NULL when the list is empty.
2233 */
2234
2235 static uschar *
2236 json_nextinlist(const uschar ** list)
2237 {
2238 unsigned array_depth = 0, object_depth = 0;
2239 const uschar * s = *list, * item;
2240
2241 while (isspace(*s)) s++;
2242
2243 for (item = s;
2244 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2245 s++)
2246 switch (*s)
2247 {
2248 case '[': array_depth++; break;
2249 case ']': array_depth--; break;
2250 case '{': object_depth++; break;
2251 case '}': object_depth--; break;
2252 }
2253 *list = *s ? s+1 : s;
2254 if (item == s) return NULL;
2255 item = string_copyn(item, s - item);
2256 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2257 return US item;
2258 }
2259
2260
2261
2262 /************************************************/
2263 /* Return offset in ops table, or -1 if not found.
2264 Repoint to just after the operator in the string.
2265
2266 Argument:
2267 ss string representation of operator
2268 opname split-out operator name
2269 */
2270
2271 static int
2272 identify_operator(const uschar ** ss, uschar ** opname)
2273 {
2274 const uschar * s = *ss;
2275 uschar name[256];
2276
2277 /* Numeric comparisons are symbolic */
2278
2279 if (*s == '=' || *s == '>' || *s == '<')
2280 {
2281 int p = 0;
2282 name[p++] = *s++;
2283 if (*s == '=')
2284 {
2285 name[p++] = '=';
2286 s++;
2287 }
2288 name[p] = 0;
2289 }
2290
2291 /* All other conditions are named */
2292
2293 else
2294 s = read_name(name, sizeof(name), s, US"_");
2295 *ss = s;
2296
2297 /* If we haven't read a name, it means some non-alpha character is first. */
2298
2299 if (!name[0])
2300 {
2301 expand_string_message = string_sprintf("condition name expected, "
2302 "but found \"%.16s\"", s);
2303 return -1;
2304 }
2305 if (opname)
2306 *opname = string_copy(name);
2307
2308 return chop_match(name, cond_table, nelem(cond_table));
2309 }
2310
2311
2312 /*************************************************
2313 * Handle MD5 or SHA-1 computation for HMAC *
2314 *************************************************/
2315
2316 /* These are some wrapping functions that enable the HMAC code to be a bit
2317 cleaner. A good compiler will spot the tail recursion.
2318
2319 Arguments:
2320 type HMAC_MD5 or HMAC_SHA1
2321 remaining are as for the cryptographic hash functions
2322
2323 Returns: nothing
2324 */
2325
2326 static void
2327 chash_start(int type, void * base)
2328 {
2329 if (type == HMAC_MD5)
2330 md5_start((md5 *)base);
2331 else
2332 sha1_start((hctx *)base);
2333 }
2334
2335 static void
2336 chash_mid(int type, void * base, const uschar * string)
2337 {
2338 if (type == HMAC_MD5)
2339 md5_mid((md5 *)base, string);
2340 else
2341 sha1_mid((hctx *)base, string);
2342 }
2343
2344 static void
2345 chash_end(int type, void * base, const uschar * string, int length,
2346 uschar * digest)
2347 {
2348 if (type == HMAC_MD5)
2349 md5_end((md5 *)base, string, length, digest);
2350 else
2351 sha1_end((hctx *)base, string, length, digest);
2352 }
2353
2354
2355
2356
2357 /* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as
2358 the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer.
2359
2360 Arguments:
2361 key encoding key, nul-terminated
2362 src data to be hashed, nul-terminated
2363 buf output buffer
2364 len size of output buffer
2365 */
2366
2367 static void
2368 hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len)
2369 {
2370 md5 md5_base;
2371 const uschar * keyptr;
2372 uschar * p;
2373 unsigned int keylen;
2374
2375 #define MD5_HASHLEN 16
2376 #define MD5_HASHBLOCKLEN 64
2377
2378 uschar keyhash[MD5_HASHLEN];
2379 uschar innerhash[MD5_HASHLEN];
2380 uschar finalhash[MD5_HASHLEN];
2381 uschar innerkey[MD5_HASHBLOCKLEN];
2382 uschar outerkey[MD5_HASHBLOCKLEN];
2383
2384 keyptr = key;
2385 keylen = Ustrlen(keyptr);
2386
2387 /* If the key is longer than the hash block length, then hash the key
2388 first */
2389
2390 if (keylen > MD5_HASHBLOCKLEN)
2391 {
2392 chash_start(HMAC_MD5, &md5_base);
2393 chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash);
2394 keyptr = keyhash;
2395 keylen = MD5_HASHLEN;
2396 }
2397
2398 /* Now make the inner and outer key values */
2399
2400 memset(innerkey, 0x36, MD5_HASHBLOCKLEN);
2401 memset(outerkey, 0x5c, MD5_HASHBLOCKLEN);
2402
2403 for (int i = 0; i < keylen; i++)
2404 {
2405 innerkey[i] ^= keyptr[i];
2406 outerkey[i] ^= keyptr[i];
2407 }
2408
2409 /* Now do the hashes */
2410
2411 chash_start(HMAC_MD5, &md5_base);
2412 chash_mid(HMAC_MD5, &md5_base, innerkey);
2413 chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash);
2414
2415 chash_start(HMAC_MD5, &md5_base);
2416 chash_mid(HMAC_MD5, &md5_base, outerkey);
2417 chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash);
2418
2419 /* Encode the final hash as a hex string, limited by output buffer size */
2420
2421 p = buf;
2422 for (int i = 0, j = len; i < MD5_HASHLEN; i++)
2423 {
2424 if (j-- <= 0) break;
2425 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2426 if (j-- <= 0) break;
2427 *p++ = hex_digits[finalhash[i] & 0x0f];
2428 }
2429 return;
2430 }
2431
2432
2433 /*************************************************
2434 * Read and evaluate a condition *
2435 *************************************************/
2436
2437 /*
2438 Arguments:
2439 s points to the start of the condition text
2440 resetok points to a BOOL which is written false if it is unsafe to
2441 free memory. Certain condition types (acl) may have side-effect
2442 allocation which must be preserved.
2443 yield points to a BOOL to hold the result of the condition test;
2444 if NULL, we are just reading through a condition that is
2445 part of an "or" combination to check syntax, or in a state
2446 where the answer isn't required
2447
2448 Returns: a pointer to the first character after the condition, or
2449 NULL after an error
2450 */
2451
2452 static const uschar *
2453 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2454 {
2455 BOOL testfor = TRUE;
2456 BOOL tempcond, combined_cond;
2457 BOOL *subcondptr;
2458 BOOL sub2_honour_dollar = TRUE;
2459 BOOL is_forany, is_json, is_jsons;
2460 int rc, cond_type, roffset;
2461 int_eximarith_t num[2];
2462 struct stat statbuf;
2463 uschar * opname;
2464 uschar name[256];
2465 const uschar *sub[10];
2466
2467 const pcre *re;
2468 const uschar *rerror;
2469
2470 for (;;)
2471 {
2472 while (isspace(*s)) s++;
2473 if (*s == '!') { testfor = !testfor; s++; } else break;
2474 }
2475
2476 switch(cond_type = identify_operator(&s, &opname))
2477 {
2478 /* def: tests for a non-empty variable, or for the existence of a header. If
2479 yield == NULL we are in a skipping state, and don't care about the answer. */
2480
2481 case ECOND_DEF:
2482 {
2483 uschar * t;
2484
2485 if (*s != ':')
2486 {
2487 expand_string_message = US"\":\" expected after \"def\"";
2488 return NULL;
2489 }
2490
2491 s = read_name(name, sizeof(name), s+1, US"_");
2492
2493 /* Test for a header's existence. If the name contains a closing brace
2494 character, this may be a user error where the terminating colon has been
2495 omitted. Set a flag to adjust a subsequent error message in this case. */
2496
2497 if ( ( *(t = name) == 'h'
2498 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2499 )
2500 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2501 )
2502 {
2503 s = read_header_name(name, sizeof(name), s);
2504 /* {-for-text-editors */
2505 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2506 if (yield) *yield =
2507 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2508 }
2509
2510 /* Test for a variable's having a non-empty value. A non-existent variable
2511 causes an expansion failure. */
2512
2513 else
2514 {
2515 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2516 {
2517 expand_string_message = name[0]
2518 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2519 : US"variable name omitted after \"def:\"";
2520 check_variable_error_message(name);
2521 return NULL;
2522 }
2523 if (yield) *yield = (t[0] != 0) == testfor;
2524 }
2525
2526 return s;
2527 }
2528
2529
2530 /* first_delivery tests for first delivery attempt */
2531
2532 case ECOND_FIRST_DELIVERY:
2533 if (yield) *yield = f.deliver_firsttime == testfor;
2534 return s;
2535
2536
2537 /* queue_running tests for any process started by a queue runner */
2538
2539 case ECOND_QUEUE_RUNNING:
2540 if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor;
2541 return s;
2542
2543
2544 /* exists: tests for file existence
2545 isip: tests for any IP address
2546 isip4: tests for an IPv4 address
2547 isip6: tests for an IPv6 address
2548 pam: does PAM authentication
2549 radius: does RADIUS authentication
2550 ldapauth: does LDAP authentication
2551 pwcheck: does Cyrus SASL pwcheck authentication
2552 */
2553
2554 case ECOND_EXISTS:
2555 case ECOND_ISIP:
2556 case ECOND_ISIP4:
2557 case ECOND_ISIP6:
2558 case ECOND_PAM:
2559 case ECOND_RADIUS:
2560 case ECOND_LDAPAUTH:
2561 case ECOND_PWCHECK:
2562
2563 while (isspace(*s)) s++;
2564 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2565
2566 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2567 if (!sub[0]) return NULL;
2568 /* {-for-text-editors */
2569 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2570
2571 if (!yield) return s; /* No need to run the test if skipping */
2572
2573 switch(cond_type)
2574 {
2575 case ECOND_EXISTS:
2576 if ((expand_forbid & RDO_EXISTS) != 0)
2577 {
2578 expand_string_message = US"File existence tests are not permitted";
2579 return NULL;
2580 }
2581 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2582 break;
2583
2584 case ECOND_ISIP:
2585 case ECOND_ISIP4:
2586 case ECOND_ISIP6:
2587 rc = string_is_ip_address(sub[0], NULL);
2588 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2589 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2590 break;
2591
2592 /* Various authentication tests - all optionally compiled */
2593
2594 case ECOND_PAM:
2595 #ifdef SUPPORT_PAM
2596 rc = auth_call_pam(sub[0], &expand_string_message);
2597 goto END_AUTH;
2598 #else
2599 goto COND_FAILED_NOT_COMPILED;
2600 #endif /* SUPPORT_PAM */
2601
2602 case ECOND_RADIUS:
2603 #ifdef RADIUS_CONFIG_FILE
2604 rc = auth_call_radius(sub[0], &expand_string_message);
2605 goto END_AUTH;
2606 #else
2607 goto COND_FAILED_NOT_COMPILED;
2608 #endif /* RADIUS_CONFIG_FILE */
2609
2610 case ECOND_LDAPAUTH:
2611 #ifdef LOOKUP_LDAP
2612 {
2613 /* Just to keep the interface the same */
2614 BOOL do_cache;
2615 int old_pool = store_pool;
2616 store_pool = POOL_SEARCH;
2617 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2618 &expand_string_message, &do_cache);
2619 store_pool = old_pool;
2620 }
2621 goto END_AUTH;
2622 #else
2623 goto COND_FAILED_NOT_COMPILED;
2624 #endif /* LOOKUP_LDAP */
2625
2626 case ECOND_PWCHECK:
2627 #ifdef CYRUS_PWCHECK_SOCKET
2628 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2629 goto END_AUTH;
2630 #else
2631 goto COND_FAILED_NOT_COMPILED;
2632 #endif /* CYRUS_PWCHECK_SOCKET */
2633
2634 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2635 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2636 END_AUTH:
2637 if (rc == ERROR || rc == DEFER) return NULL;
2638 *yield = (rc == OK) == testfor;
2639 #endif
2640 }
2641 return s;
2642
2643
2644 /* call ACL (in a conditional context). Accept true, deny false.
2645 Defer is a forced-fail. Anything set by message= goes to $value.
2646 Up to ten parameters are used; we use the braces round the name+args
2647 like the saslauthd condition does, to permit a variable number of args.
2648 See also the expansion-item version EITEM_ACL and the traditional
2649 acl modifier ACLC_ACL.
2650 Since the ACL may allocate new global variables, tell our caller to not
2651 reclaim memory.
2652 */
2653
2654 case ECOND_ACL:
2655 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2656 {
2657 uschar *sub[10];
2658 uschar *user_msg;
2659 BOOL cond = FALSE;
2660
2661 while (isspace(*s)) s++;
2662 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2663
2664 switch(read_subs(sub, nelem(sub), 1,
2665 &s, yield == NULL, TRUE, US"acl", resetok))
2666 {
2667 case 1: expand_string_message = US"too few arguments or bracketing "
2668 "error for acl";
2669 case 2:
2670 case 3: return NULL;
2671 }
2672
2673 if (yield)
2674 {
2675 int rc;
2676 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2677 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
2678 {
2679 case OK:
2680 cond = TRUE;
2681 case FAIL:
2682 lookup_value = NULL;
2683 if (user_msg)
2684 lookup_value = string_copy(user_msg);
2685 *yield = cond == testfor;
2686 break;
2687
2688 case DEFER:
2689 f.expand_string_forcedfail = TRUE;
2690 /*FALLTHROUGH*/
2691 default:
2692 expand_string_message = string_sprintf("%s from acl \"%s\"",
2693 rc_names[rc], sub[0]);
2694 return NULL;
2695 }
2696 }
2697 return s;
2698 }
2699
2700
2701 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2702
2703 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2704
2705 However, the last two are optional. That is why the whole set is enclosed
2706 in their own set of braces. */
2707
2708 case ECOND_SASLAUTHD:
2709 #ifndef CYRUS_SASLAUTHD_SOCKET
2710 goto COND_FAILED_NOT_COMPILED;
2711 #else
2712 {
2713 uschar *sub[4];
2714 while (isspace(*s)) s++;
2715 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2716 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2717 resetok))
2718 {
2719 case 1: expand_string_message = US"too few arguments or bracketing "
2720 "error for saslauthd";
2721 case 2:
2722 case 3: return NULL;
2723 }
2724 if (!sub[2]) sub[3] = NULL; /* realm if no service */
2725 if (yield)
2726 {
2727 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2728 &expand_string_message);
2729 if (rc == ERROR || rc == DEFER) return NULL;
2730 *yield = (rc == OK) == testfor;
2731 }
2732 return s;
2733 }
2734 #endif /* CYRUS_SASLAUTHD_SOCKET */
2735
2736
2737 /* symbolic operators for numeric and string comparison, and a number of
2738 other operators, all requiring two arguments.
2739
2740 crypteq: encrypts plaintext and compares against an encrypted text,
2741 using crypt(), crypt16(), MD5 or SHA-1
2742 inlist/inlisti: checks if first argument is in the list of the second
2743 match: does a regular expression match and sets up the numerical
2744 variables if it succeeds
2745 match_address: matches in an address list
2746 match_domain: matches in a domain list
2747 match_ip: matches a host list that is restricted to IP addresses
2748 match_local_part: matches in a local part list
2749 */
2750
2751 case ECOND_MATCH_ADDRESS:
2752 case ECOND_MATCH_DOMAIN:
2753 case ECOND_MATCH_IP:
2754 case ECOND_MATCH_LOCAL_PART:
2755 #ifndef EXPAND_LISTMATCH_RHS
2756 sub2_honour_dollar = FALSE;
2757 #endif
2758 /* FALLTHROUGH */
2759
2760 case ECOND_CRYPTEQ:
2761 case ECOND_INLIST:
2762 case ECOND_INLISTI:
2763 case ECOND_MATCH:
2764
2765 case ECOND_NUM_L: /* Numerical comparisons */
2766 case ECOND_NUM_LE:
2767 case ECOND_NUM_E:
2768 case ECOND_NUM_EE:
2769 case ECOND_NUM_G:
2770 case ECOND_NUM_GE:
2771
2772 case ECOND_STR_LT: /* String comparisons */
2773 case ECOND_STR_LTI:
2774 case ECOND_STR_LE:
2775 case ECOND_STR_LEI:
2776 case ECOND_STR_EQ:
2777 case ECOND_STR_EQI:
2778 case ECOND_STR_GT:
2779 case ECOND_STR_GTI:
2780 case ECOND_STR_GE:
2781 case ECOND_STR_GEI:
2782
2783 for (int i = 0; i < 2; i++)
2784 {
2785 /* Sometimes, we don't expand substrings; too many insecure configurations
2786 created using match_address{}{} and friends, where the second param
2787 includes information from untrustworthy sources. */
2788 BOOL honour_dollar = TRUE;
2789 if ((i > 0) && !sub2_honour_dollar)
2790 honour_dollar = FALSE;
2791
2792 while (isspace(*s)) s++;
2793 if (*s != '{')
2794 {
2795 if (i == 0) goto COND_FAILED_CURLY_START;
2796 expand_string_message = string_sprintf("missing 2nd string in {} "
2797 "after \"%s\"", opname);
2798 return NULL;
2799 }
2800 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2801 honour_dollar, resetok)))
2802 return NULL;
2803 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2804 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2805 " for security reasons\n");
2806 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2807
2808 /* Convert to numerical if required; we know that the names of all the
2809 conditions that compare numbers do not start with a letter. This just saves
2810 checking for them individually. */
2811
2812 if (!isalpha(opname[0]) && yield)
2813 if (sub[i][0] == 0)
2814 {
2815 num[i] = 0;
2816 DEBUG(D_expand)
2817 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2818 }
2819 else
2820 {
2821 num[i] = expanded_string_integer(sub[i], FALSE);
2822 if (expand_string_message) return NULL;
2823 }
2824 }
2825
2826 /* Result not required */
2827
2828 if (!yield) return s;
2829
2830 /* Do an appropriate comparison */
2831
2832 switch(cond_type)
2833 {
2834 case ECOND_NUM_E:
2835 case ECOND_NUM_EE:
2836 tempcond = (num[0] == num[1]);
2837 break;
2838
2839 case ECOND_NUM_G:
2840 tempcond = (num[0] > num[1]);
2841 break;
2842
2843 case ECOND_NUM_GE:
2844 tempcond = (num[0] >= num[1]);
2845 break;
2846
2847 case ECOND_NUM_L:
2848 tempcond = (num[0] < num[1]);
2849 break;
2850
2851 case ECOND_NUM_LE:
2852 tempcond = (num[0] <= num[1]);
2853 break;
2854
2855 case ECOND_STR_LT:
2856 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2857 break;
2858
2859 case ECOND_STR_LTI:
2860 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2861 break;
2862
2863 case ECOND_STR_LE:
2864 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2865 break;
2866
2867 case ECOND_STR_LEI:
2868 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2869 break;
2870
2871 case ECOND_STR_EQ:
2872 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2873 break;
2874
2875 case ECOND_STR_EQI:
2876 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2877 break;
2878
2879 case ECOND_STR_GT:
2880 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2881 break;
2882
2883 case ECOND_STR_GTI:
2884 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2885 break;
2886
2887 case ECOND_STR_GE:
2888 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2889 break;
2890
2891 case ECOND_STR_GEI:
2892 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2893 break;
2894
2895 case ECOND_MATCH: /* Regular expression match */
2896 if (!(re = pcre_compile(CS sub[1], PCRE_COPT, CCSS &rerror,
2897 &roffset, NULL)))
2898 {
2899 expand_string_message = string_sprintf("regular expression error in "
2900 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2901 return NULL;
2902 }
2903 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2904 break;
2905
2906 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2907 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2908 goto MATCHED_SOMETHING;
2909
2910 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2911 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2912 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2913 goto MATCHED_SOMETHING;
2914
2915 case ECOND_MATCH_IP: /* Match IP address in a host list */
2916 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2917 {
2918 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2919 sub[0]);
2920 return NULL;
2921 }
2922 else
2923 {
2924 unsigned int *nullcache = NULL;
2925 check_host_block cb;
2926
2927 cb.host_name = US"";
2928 cb.host_address = sub[0];
2929
2930 /* If the host address starts off ::ffff: it is an IPv6 address in
2931 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2932 addresses. */
2933
2934 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2935 cb.host_address + 7 : cb.host_address;
2936
2937 rc = match_check_list(
2938 &sub[1], /* the list */
2939 0, /* separator character */
2940 &hostlist_anchor, /* anchor pointer */
2941 &nullcache, /* cache pointer */
2942 check_host, /* function for testing */
2943 &cb, /* argument for function */
2944 MCL_HOST, /* type of check */
2945 sub[0], /* text for debugging */
2946 NULL); /* where to pass back data */
2947 }
2948 goto MATCHED_SOMETHING;
2949
2950 case ECOND_MATCH_LOCAL_PART:
2951 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2952 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2953 /* Fall through */
2954 /* VVVVVVVVVVVV */
2955 MATCHED_SOMETHING:
2956 switch(rc)
2957 {
2958 case OK:
2959 tempcond = TRUE;
2960 break;
2961
2962 case FAIL:
2963 tempcond = FALSE;
2964 break;
2965
2966 case DEFER:
2967 expand_string_message = string_sprintf("unable to complete match "
2968 "against \"%s\": %s", sub[1], search_error_message);
2969 return NULL;
2970 }
2971
2972 break;
2973
2974 /* Various "encrypted" comparisons. If the second string starts with
2975 "{" then an encryption type is given. Default to crypt() or crypt16()
2976 (build-time choice). */
2977 /* }-for-text-editors */
2978
2979 case ECOND_CRYPTEQ:
2980 #ifndef SUPPORT_CRYPTEQ
2981 goto COND_FAILED_NOT_COMPILED;
2982 #else
2983 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2984 {
2985 int sublen = Ustrlen(sub[1]+5);
2986 md5 base;
2987 uschar digest[16];
2988
2989 md5_start(&base);
2990 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
2991
2992 /* If the length that we are comparing against is 24, the MD5 digest
2993 is expressed as a base64 string. This is the way LDAP does it. However,
2994 some other software uses a straightforward hex representation. We assume
2995 this if the length is 32. Other lengths fail. */
2996
2997 if (sublen == 24)
2998 {
2999 uschar *coded = b64encode(CUS digest, 16);
3000 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
3001 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3002 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
3003 }
3004 else if (sublen == 32)
3005 {
3006 uschar coded[36];
3007 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3008 coded[32] = 0;
3009 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
3010 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
3011 tempcond = (strcmpic(coded, sub[1]+5) == 0);
3012 }
3013 else
3014 {
3015 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
3016 "fail\n crypted=%s\n", sub[1]+5);
3017 tempcond = FALSE;
3018 }
3019 }
3020
3021 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
3022 {
3023 int sublen = Ustrlen(sub[1]+6);
3024 hctx h;
3025 uschar digest[20];
3026
3027 sha1_start(&h);
3028 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
3029
3030 /* If the length that we are comparing against is 28, assume the SHA1
3031 digest is expressed as a base64 string. If the length is 40, assume a
3032 straightforward hex representation. Other lengths fail. */
3033
3034 if (sublen == 28)
3035 {
3036 uschar *coded = b64encode(CUS digest, 20);
3037 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
3038 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3039 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
3040 }
3041 else if (sublen == 40)
3042 {
3043 uschar coded[44];
3044 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
3045 coded[40] = 0;
3046 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
3047 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
3048 tempcond = (strcmpic(coded, sub[1]+6) == 0);
3049 }
3050 else
3051 {
3052 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
3053 "fail\n crypted=%s\n", sub[1]+6);
3054 tempcond = FALSE;
3055 }
3056 }
3057
3058 else /* {crypt} or {crypt16} and non-{ at start */
3059 /* }-for-text-editors */
3060 {
3061 int which = 0;
3062 uschar *coded;
3063
3064 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
3065 {
3066 sub[1] += 7;
3067 which = 1;
3068 }
3069 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
3070 {
3071 sub[1] += 9;
3072 which = 2;
3073 }
3074 else if (sub[1][0] == '{') /* }-for-text-editors */
3075 {
3076 expand_string_message = string_sprintf("unknown encryption mechanism "
3077 "in \"%s\"", sub[1]);
3078 return NULL;
3079 }
3080
3081 switch(which)
3082 {
3083 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
3084 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
3085 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
3086 }
3087
3088 #define STR(s) # s
3089 #define XSTR(s) STR(s)
3090 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
3091 " subject=%s\n crypted=%s\n",
3092 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
3093 coded, sub[1]);
3094 #undef STR
3095 #undef XSTR
3096
3097 /* If the encrypted string contains fewer than two characters (for the
3098 salt), force failure. Otherwise we get false positives: with an empty
3099 string the yield of crypt() is an empty string! */
3100
3101 if (coded)
3102 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
3103 else if (errno == EINVAL)
3104 tempcond = FALSE;
3105 else
3106 {
3107 expand_string_message = string_sprintf("crypt error: %s\n",
3108 US strerror(errno));
3109 return NULL;
3110 }
3111 }
3112 break;
3113 #endif /* SUPPORT_CRYPTEQ */
3114
3115 case ECOND_INLIST:
3116 case ECOND_INLISTI:
3117 {
3118 const uschar * list = sub[1];
3119 int sep = 0;
3120 uschar *save_iterate_item = iterate_item;
3121 int (*compare)(const uschar *, const uschar *);
3122
3123 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
3124
3125 tempcond = FALSE;
3126 compare = cond_type == ECOND_INLISTI
3127 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
3128
3129 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
3130 {
3131 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
3132 if (compare(sub[0], iterate_item) == 0)
3133 {
3134 tempcond = TRUE;
3135 break;
3136 }
3137 }
3138 iterate_item = save_iterate_item;
3139 }
3140
3141 } /* Switch for comparison conditions */
3142
3143 *yield = tempcond == testfor;
3144 return s; /* End of comparison conditions */
3145
3146
3147 /* and/or: computes logical and/or of several conditions */
3148
3149 case ECOND_AND:
3150 case ECOND_OR:
3151 subcondptr = (yield == NULL) ? NULL : &tempcond;
3152 combined_cond = (cond_type == ECOND_AND);
3153
3154 while (isspace(*s)) s++;
3155 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3156
3157 for (;;)
3158 {
3159 while (isspace(*s)) s++;
3160 /* {-for-text-editors */
3161 if (*s == '}') break;
3162 if (*s != '{') /* }-for-text-editors */
3163 {
3164 expand_string_message = string_sprintf("each subcondition "
3165 "inside an \"%s{...}\" condition must be in its own {}", opname);
3166 return NULL;
3167 }
3168
3169 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3170 {
3171 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3172 expand_string_message, opname);
3173 return NULL;
3174 }
3175 while (isspace(*s)) s++;
3176
3177 /* {-for-text-editors */
3178 if (*s++ != '}')
3179 {
3180 /* {-for-text-editors */
3181 expand_string_message = string_sprintf("missing } at end of condition "
3182 "inside \"%s\" group", opname);
3183 return NULL;
3184 }
3185
3186 if (yield)
3187 if (cond_type == ECOND_AND)
3188 {
3189 combined_cond &= tempcond;
3190 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3191 } /* evaluate any more */
3192 else
3193 {
3194 combined_cond |= tempcond;
3195 if (combined_cond) subcondptr = NULL; /* once true, don't */
3196 } /* evaluate any more */
3197 }
3198
3199 if (yield) *yield = (combined_cond == testfor);
3200 return ++s;
3201
3202
3203 /* forall/forany: iterates a condition with different values */
3204
3205 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3206 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3207 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3208 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3209 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3210 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3211
3212 FORMANY:
3213 {
3214 const uschar * list;
3215 int sep = 0;
3216 uschar *save_iterate_item = iterate_item;
3217
3218 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
3219
3220 while (isspace(*s)) s++;
3221 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3222 if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok)))
3223 return NULL;
3224 /* {-for-text-editors */
3225 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3226
3227 while (isspace(*s)) s++;
3228 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3229
3230 sub[1] = s;
3231
3232 /* Call eval_condition once, with result discarded (as if scanning a
3233 "false" part). This allows us to find the end of the condition, because if
3234 the list it empty, we won't actually evaluate the condition for real. */
3235
3236 if (!(s = eval_condition(sub[1], resetok, NULL)))
3237 {
3238 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3239 expand_string_message, opname);
3240 return NULL;
3241 }
3242 while (isspace(*s)) s++;
3243
3244 /* {-for-text-editors */
3245 if (*s++ != '}')
3246 {
3247 /* {-for-text-editors */
3248 expand_string_message = string_sprintf("missing } at end of condition "
3249 "inside \"%s\"", opname);
3250 return NULL;
3251 }
3252
3253 if (yield) *yield = !testfor;
3254 list = sub[0];
3255 if (is_json) list = dewrap(string_copy(list), US"[]");
3256 while ((iterate_item = is_json
3257 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3258 {
3259 if (is_jsons)
3260 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3261 {
3262 expand_string_message =
3263 string_sprintf("%s wrapping string result for extract jsons",
3264 expand_string_message);
3265 iterate_item = save_iterate_item;
3266 return NULL;
3267 }
3268
3269 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", opname, iterate_item);
3270 if (!eval_condition(sub[1], resetok, &tempcond))
3271 {
3272 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3273 expand_string_message, opname);
3274 iterate_item = save_iterate_item;
3275 return NULL;
3276 }
3277 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
3278 tempcond? "true":"false");
3279
3280 if (yield) *yield = (tempcond == testfor);
3281 if (tempcond == is_forany) break;
3282 }
3283
3284 iterate_item = save_iterate_item;
3285 return s;
3286 }
3287
3288
3289 /* The bool{} expansion condition maps a string to boolean.
3290 The values supported should match those supported by the ACL condition
3291 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3292 of true/false. Note that Router "condition" rules have a different
3293 interpretation, where general data can be used and only a few values
3294 map to FALSE.
3295 Note that readconf.c boolean matching, for boolean configuration options,
3296 only matches true/yes/false/no.
3297 The bool_lax{} condition matches the Router logic, which is much more
3298 liberal. */
3299 case ECOND_BOOL:
3300 case ECOND_BOOL_LAX:
3301 {
3302 uschar *sub_arg[1];
3303 uschar *t, *t2;
3304 uschar *ourname;
3305 size_t len;
3306 BOOL boolvalue = FALSE;
3307 while (isspace(*s)) s++;
3308 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3309 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3310 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3311 {
3312 case 1: expand_string_message = string_sprintf(
3313 "too few arguments or bracketing error for %s",
3314 ourname);
3315 /*FALLTHROUGH*/
3316 case 2:
3317 case 3: return NULL;
3318 }
3319 t = sub_arg[0];
3320 while (isspace(*t)) t++;
3321 len = Ustrlen(t);
3322 if (len)
3323 {
3324 /* trailing whitespace: seems like a good idea to ignore it too */
3325 t2 = t + len - 1;
3326 while (isspace(*t2)) t2--;
3327 if (t2 != (t + len))
3328 {
3329 *++t2 = '\0';
3330 len = t2 - t;
3331 }
3332 }
3333 DEBUG(D_expand)
3334 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3335 /* logic for the lax case from expand_check_condition(), which also does
3336 expands, and the logic is both short and stable enough that there should
3337 be no maintenance burden from replicating it. */
3338 if (len == 0)
3339 boolvalue = FALSE;
3340 else if (*t == '-'
3341 ? Ustrspn(t+1, "0123456789") == len-1
3342 : Ustrspn(t, "0123456789") == len)
3343 {
3344 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3345 /* expand_check_condition only does a literal string "0" check */
3346 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3347 boolvalue = TRUE;
3348 }
3349 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3350 boolvalue = TRUE;
3351 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3352 boolvalue = FALSE;