d2ccddc73a5b5321aad7d6e9db5ee5fc971f06dd
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOOL, BOOL, BOOL *);
17 static int_eximarith_t expanded_string_integer(const uschar *, BOOL);
18
19 #ifdef STAND_ALONE
20 # ifndef SUPPORT_CRYPTEQ
21 # define SUPPORT_CRYPTEQ
22 # endif
23 #endif
24
25 #ifdef LOOKUP_LDAP
26 # include "lookups/ldap.h"
27 #endif
28
29 #ifdef SUPPORT_CRYPTEQ
30 # ifdef CRYPT_H
31 # include <crypt.h>
32 # endif
33 # ifndef HAVE_CRYPT16
34 extern char* crypt16(char*, char*);
35 # endif
36 #endif
37
38 /* The handling of crypt16() is a mess. I will record below the analysis of the
39 mess that was sent to me. We decided, however, to make changing this very low
40 priority, because in practice people are moving away from the crypt()
41 algorithms nowadays, so it doesn't seem worth it.
42
43 <quote>
44 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
45 the first 8 characters of the password using a 20-round version of crypt
46 (standard crypt does 25 rounds). It then crypts the next 8 characters,
47 or an empty block if the password is less than 9 characters, using a
48 20-round version of crypt and the same salt as was used for the first
49 block. Characters after the first 16 are ignored. It always generates
50 a 16-byte hash, which is expressed together with the salt as a string
51 of 24 base 64 digits. Here are some links to peruse:
52
53 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
54 http://seclists.org/bugtraq/1999/Mar/0076.html
55
56 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
57 and OSF/1. This is the same as the standard crypt if given a password
58 of 8 characters or less. If given more, it first does the same as crypt
59 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
60 using as salt the first two base 64 digits from the first hash block.
61 If the password is more than 16 characters then it crypts the 17th to 24th
62 characters using as salt the first two base 64 digits from the second hash
63 block. And so on: I've seen references to it cutting off the password at
64 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
65
66 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
67 http://seclists.org/bugtraq/1999/Mar/0109.html
68 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
69 TET1_html/sec.c222.html#no_id_208
70
71 Exim has something it calls "crypt16". It will either use a native
72 crypt16 or its own implementation. A native crypt16 will presumably
73 be the one that I called "crypt16" above. The internal "crypt16"
74 function, however, is a two-block-maximum implementation of what I called
75 "bigcrypt". The documentation matches the internal code.
76
77 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
78 that crypt16 and bigcrypt were different things.
79
80 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
81 to whatever it is using under that name. This unfortunately sets a
82 precedent for using "{crypt16}" to identify two incompatible algorithms
83 whose output can't be distinguished. With "{crypt16}" thus rendered
84 ambiguous, I suggest you deprecate it and invent two new identifiers
85 for the two algorithms.
86
87 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
88 of the password separately means they can be cracked separately, so
89 the double-length hash only doubles the cracking effort instead of
90 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
91 bcrypt ({CRYPT}$2a$).
92 </quote>
93 */
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"acl",
106 US"authresults",
107 US"certextract",
108 US"dlfunc",
109 US"env",
110 US"extract",
111 US"filter",
112 US"hash",
113 US"hmac",
114 US"if",
115 #ifdef SUPPORT_I18N
116 US"imapfolder",
117 #endif
118 US"length",
119 US"listextract",
120 US"lookup",
121 US"map",
122 US"nhash",
123 US"perl",
124 US"prvs",
125 US"prvscheck",
126 US"readfile",
127 US"readsocket",
128 US"reduce",
129 US"run",
130 US"sg",
131 US"sort",
132 US"substr",
133 US"tr" };
134
135 enum {
136 EITEM_ACL,
137 EITEM_AUTHRESULTS,
138 EITEM_CERTEXTRACT,
139 EITEM_DLFUNC,
140 EITEM_ENV,
141 EITEM_EXTRACT,
142 EITEM_FILTER,
143 EITEM_HASH,
144 EITEM_HMAC,
145 EITEM_IF,
146 #ifdef SUPPORT_I18N
147 EITEM_IMAPFOLDER,
148 #endif
149 EITEM_LENGTH,
150 EITEM_LISTEXTRACT,
151 EITEM_LOOKUP,
152 EITEM_MAP,
153 EITEM_NHASH,
154 EITEM_PERL,
155 EITEM_PRVS,
156 EITEM_PRVSCHECK,
157 EITEM_READFILE,
158 EITEM_READSOCK,
159 EITEM_REDUCE,
160 EITEM_RUN,
161 EITEM_SG,
162 EITEM_SORT,
163 EITEM_SUBSTR,
164 EITEM_TR };
165
166 /* Tables of operator names, and corresponding switch numbers. The names must be
167 in alphabetical order. There are two tables, because underscore is used in some
168 cases to introduce arguments, whereas for other it is part of the name. This is
169 an historical mis-design. */
170
171 static uschar *op_table_underscore[] = {
172 US"from_utf8",
173 US"local_part",
174 US"quote_local_part",
175 US"reverse_ip",
176 US"time_eval",
177 US"time_interval"
178 #ifdef SUPPORT_I18N
179 ,US"utf8_domain_from_alabel",
180 US"utf8_domain_to_alabel",
181 US"utf8_localpart_from_alabel",
182 US"utf8_localpart_to_alabel"
183 #endif
184 };
185
186 enum {
187 EOP_FROM_UTF8,
188 EOP_LOCAL_PART,
189 EOP_QUOTE_LOCAL_PART,
190 EOP_REVERSE_IP,
191 EOP_TIME_EVAL,
192 EOP_TIME_INTERVAL
193 #ifdef SUPPORT_I18N
194 ,EOP_UTF8_DOMAIN_FROM_ALABEL,
195 EOP_UTF8_DOMAIN_TO_ALABEL,
196 EOP_UTF8_LOCALPART_FROM_ALABEL,
197 EOP_UTF8_LOCALPART_TO_ALABEL
198 #endif
199 };
200
201 static uschar *op_table_main[] = {
202 US"address",
203 US"addresses",
204 US"base32",
205 US"base32d",
206 US"base62",
207 US"base62d",
208 US"base64",
209 US"base64d",
210 US"domain",
211 US"escape",
212 US"escape8bit",
213 US"eval",
214 US"eval10",
215 US"expand",
216 US"h",
217 US"hash",
218 US"hex2b64",
219 US"hexquote",
220 US"ipv6denorm",
221 US"ipv6norm",
222 US"l",
223 US"lc",
224 US"length",
225 US"listcount",
226 US"listnamed",
227 US"mask",
228 US"md5",
229 US"nh",
230 US"nhash",
231 US"quote",
232 US"randint",
233 US"rfc2047",
234 US"rfc2047d",
235 US"rxquote",
236 US"s",
237 US"sha1",
238 US"sha2",
239 US"sha256",
240 US"sha3",
241 US"stat",
242 US"str2b64",
243 US"strlen",
244 US"substr",
245 US"uc",
246 US"utf8clean" };
247
248 enum {
249 EOP_ADDRESS = nelem(op_table_underscore),
250 EOP_ADDRESSES,
251 EOP_BASE32,
252 EOP_BASE32D,
253 EOP_BASE62,
254 EOP_BASE62D,
255 EOP_BASE64,
256 EOP_BASE64D,
257 EOP_DOMAIN,
258 EOP_ESCAPE,
259 EOP_ESCAPE8BIT,
260 EOP_EVAL,
261 EOP_EVAL10,
262 EOP_EXPAND,
263 EOP_H,
264 EOP_HASH,
265 EOP_HEX2B64,
266 EOP_HEXQUOTE,
267 EOP_IPV6DENORM,
268 EOP_IPV6NORM,
269 EOP_L,
270 EOP_LC,
271 EOP_LENGTH,
272 EOP_LISTCOUNT,
273 EOP_LISTNAMED,
274 EOP_MASK,
275 EOP_MD5,
276 EOP_NH,
277 EOP_NHASH,
278 EOP_QUOTE,
279 EOP_RANDINT,
280 EOP_RFC2047,
281 EOP_RFC2047D,
282 EOP_RXQUOTE,
283 EOP_S,
284 EOP_SHA1,
285 EOP_SHA2,
286 EOP_SHA256,
287 EOP_SHA3,
288 EOP_STAT,
289 EOP_STR2B64,
290 EOP_STRLEN,
291 EOP_SUBSTR,
292 EOP_UC,
293 EOP_UTF8CLEAN };
294
295
296 /* Table of condition names, and corresponding switch numbers. The names must
297 be in alphabetical order. */
298
299 static uschar *cond_table[] = {
300 US"<",
301 US"<=",
302 US"=",
303 US"==", /* Backward compatibility */
304 US">",
305 US">=",
306 US"acl",
307 US"and",
308 US"bool",
309 US"bool_lax",
310 US"crypteq",
311 US"def",
312 US"eq",
313 US"eqi",
314 US"exists",
315 US"first_delivery",
316 US"forall",
317 US"forall_json",
318 US"forall_jsons",
319 US"forany",
320 US"forany_json",
321 US"forany_jsons",
322 US"ge",
323 US"gei",
324 US"gt",
325 US"gti",
326 US"inlist",
327 US"inlisti",
328 US"isip",
329 US"isip4",
330 US"isip6",
331 US"ldapauth",
332 US"le",
333 US"lei",
334 US"lt",
335 US"lti",
336 US"match",
337 US"match_address",
338 US"match_domain",
339 US"match_ip",
340 US"match_local_part",
341 US"or",
342 US"pam",
343 US"pwcheck",
344 US"queue_running",
345 US"radius",
346 US"saslauthd"
347 };
348
349 enum {
350 ECOND_NUM_L,
351 ECOND_NUM_LE,
352 ECOND_NUM_E,
353 ECOND_NUM_EE,
354 ECOND_NUM_G,
355 ECOND_NUM_GE,
356 ECOND_ACL,
357 ECOND_AND,
358 ECOND_BOOL,
359 ECOND_BOOL_LAX,
360 ECOND_CRYPTEQ,
361 ECOND_DEF,
362 ECOND_STR_EQ,
363 ECOND_STR_EQI,
364 ECOND_EXISTS,
365 ECOND_FIRST_DELIVERY,
366 ECOND_FORALL,
367 ECOND_FORALL_JSON,
368 ECOND_FORALL_JSONS,
369 ECOND_FORANY,
370 ECOND_FORANY_JSON,
371 ECOND_FORANY_JSONS,
372 ECOND_STR_GE,
373 ECOND_STR_GEI,
374 ECOND_STR_GT,
375 ECOND_STR_GTI,
376 ECOND_INLIST,
377 ECOND_INLISTI,
378 ECOND_ISIP,
379 ECOND_ISIP4,
380 ECOND_ISIP6,
381 ECOND_LDAPAUTH,
382 ECOND_STR_LE,
383 ECOND_STR_LEI,
384 ECOND_STR_LT,
385 ECOND_STR_LTI,
386 ECOND_MATCH,
387 ECOND_MATCH_ADDRESS,
388 ECOND_MATCH_DOMAIN,
389 ECOND_MATCH_IP,
390 ECOND_MATCH_LOCAL_PART,
391 ECOND_OR,
392 ECOND_PAM,
393 ECOND_PWCHECK,
394 ECOND_QUEUE_RUNNING,
395 ECOND_RADIUS,
396 ECOND_SASLAUTHD
397 };
398
399
400 /* Types of table entry */
401
402 enum vtypes {
403 vtype_int, /* value is address of int */
404 vtype_filter_int, /* ditto, but recognized only when filtering */
405 vtype_ino, /* value is address of ino_t (not always an int) */
406 vtype_uid, /* value is address of uid_t (not always an int) */
407 vtype_gid, /* value is address of gid_t (not always an int) */
408 vtype_bool, /* value is address of bool */
409 vtype_stringptr, /* value is address of pointer to string */
410 vtype_msgbody, /* as stringptr, but read when first required */
411 vtype_msgbody_end, /* ditto, the end of the message */
412 vtype_msgheaders, /* the message's headers, processed */
413 vtype_msgheaders_raw, /* the message's headers, unprocessed */
414 vtype_localpart, /* extract local part from string */
415 vtype_domain, /* extract domain from string */
416 vtype_string_func, /* value is string returned by given function */
417 vtype_todbsdin, /* value not used; generate BSD inbox tod */
418 vtype_tode, /* value not used; generate tod in epoch format */
419 vtype_todel, /* value not used; generate tod in epoch/usec format */
420 vtype_todf, /* value not used; generate full tod */
421 vtype_todl, /* value not used; generate log tod */
422 vtype_todlf, /* value not used; generate log file datestamp tod */
423 vtype_todzone, /* value not used; generate time zone only */
424 vtype_todzulu, /* value not used; generate zulu tod */
425 vtype_reply, /* value not used; get reply from headers */
426 vtype_pid, /* value not used; result is pid */
427 vtype_host_lookup, /* value not used; get host name */
428 vtype_load_avg, /* value not used; result is int from os_getloadavg */
429 vtype_pspace, /* partition space; value is T/F for spool/log */
430 vtype_pinodes, /* partition inodes; value is T/F for spool/log */
431 vtype_cert /* SSL certificate */
432 #ifndef DISABLE_DKIM
433 ,vtype_dkim /* Lookup of value in DKIM signature */
434 #endif
435 };
436
437 /* Type for main variable table */
438
439 typedef struct {
440 const char *name;
441 enum vtypes type;
442 void *value;
443 } var_entry;
444
445 /* Type for entries pointing to address/length pairs. Not currently
446 in use. */
447
448 typedef struct {
449 uschar **address;
450 int *length;
451 } alblock;
452
453 static uschar * fn_recipients(void);
454 typedef uschar * stringptr_fn_t(void);
455
456 /* This table must be kept in alphabetical order. */
457
458 static var_entry var_table[] = {
459 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
460 they will be confused with user-creatable ACL variables. */
461 { "acl_arg1", vtype_stringptr, &acl_arg[0] },
462 { "acl_arg2", vtype_stringptr, &acl_arg[1] },
463 { "acl_arg3", vtype_stringptr, &acl_arg[2] },
464 { "acl_arg4", vtype_stringptr, &acl_arg[3] },
465 { "acl_arg5", vtype_stringptr, &acl_arg[4] },
466 { "acl_arg6", vtype_stringptr, &acl_arg[5] },
467 { "acl_arg7", vtype_stringptr, &acl_arg[6] },
468 { "acl_arg8", vtype_stringptr, &acl_arg[7] },
469 { "acl_arg9", vtype_stringptr, &acl_arg[8] },
470 { "acl_narg", vtype_int, &acl_narg },
471 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
472 { "address_data", vtype_stringptr, &deliver_address_data },
473 { "address_file", vtype_stringptr, &address_file },
474 { "address_pipe", vtype_stringptr, &address_pipe },
475 #ifdef EXPERIMENTAL_ARC
476 { "arc_domains", vtype_string_func, (void *) &fn_arc_domains },
477 { "arc_oldest_pass", vtype_int, &arc_oldest_pass },
478 { "arc_state", vtype_stringptr, &arc_state },
479 { "arc_state_reason", vtype_stringptr, &arc_state_reason },
480 #endif
481 { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
482 { "authenticated_id", vtype_stringptr, &authenticated_id },
483 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
484 { "authentication_failed",vtype_int, &authentication_failed },
485 #ifdef WITH_CONTENT_SCAN
486 { "av_failed", vtype_int, &av_failed },
487 #endif
488 #ifdef EXPERIMENTAL_BRIGHTMAIL
489 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
490 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
491 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
492 { "bmi_deliver", vtype_int, &bmi_deliver },
493 #endif
494 { "body_linecount", vtype_int, &body_linecount },
495 { "body_zerocount", vtype_int, &body_zerocount },
496 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
497 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
498 { "caller_gid", vtype_gid, &real_gid },
499 { "caller_uid", vtype_uid, &real_uid },
500 { "callout_address", vtype_stringptr, &callout_address },
501 { "compile_date", vtype_stringptr, &version_date },
502 { "compile_number", vtype_stringptr, &version_cnumber },
503 { "config_dir", vtype_stringptr, &config_main_directory },
504 { "config_file", vtype_stringptr, &config_main_filename },
505 { "csa_status", vtype_stringptr, &csa_status },
506 #ifdef EXPERIMENTAL_DCC
507 { "dcc_header", vtype_stringptr, &dcc_header },
508 { "dcc_result", vtype_stringptr, &dcc_result },
509 #endif
510 #ifndef DISABLE_DKIM
511 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
512 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
513 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
514 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
515 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
516 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
517 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
518 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
519 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
520 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
521 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
522 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
523 { "dkim_key_length", vtype_int, &dkim_key_length },
524 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
525 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
526 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
527 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
528 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
529 { "dkim_signers", vtype_stringptr, &dkim_signers },
530 { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason },
531 { "dkim_verify_status", vtype_stringptr, &dkim_verify_status },
532 #endif
533 #ifdef SUPPORT_DMARC
534 { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy },
535 { "dmarc_status", vtype_stringptr, &dmarc_status },
536 { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
537 { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
538 #endif
539 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
540 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
541 { "dnslist_text", vtype_stringptr, &dnslist_text },
542 { "dnslist_value", vtype_stringptr, &dnslist_value },
543 { "domain", vtype_stringptr, &deliver_domain },
544 { "domain_data", vtype_stringptr, &deliver_domain_data },
545 #ifndef DISABLE_EVENT
546 { "event_data", vtype_stringptr, &event_data },
547
548 /*XXX want to use generic vars for as many of these as possible*/
549 { "event_defer_errno", vtype_int, &event_defer_errno },
550
551 { "event_name", vtype_stringptr, &event_name },
552 #endif
553 { "exim_gid", vtype_gid, &exim_gid },
554 { "exim_path", vtype_stringptr, &exim_path },
555 { "exim_uid", vtype_uid, &exim_uid },
556 { "exim_version", vtype_stringptr, &version_string },
557 { "headers_added", vtype_string_func, (void *) &fn_hdrs_added },
558 { "home", vtype_stringptr, &deliver_home },
559 { "host", vtype_stringptr, &deliver_host },
560 { "host_address", vtype_stringptr, &deliver_host_address },
561 { "host_data", vtype_stringptr, &host_data },
562 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
563 { "host_lookup_failed", vtype_int, &host_lookup_failed },
564 { "host_port", vtype_int, &deliver_host_port },
565 { "initial_cwd", vtype_stringptr, &initial_cwd },
566 { "inode", vtype_ino, &deliver_inode },
567 { "interface_address", vtype_stringptr, &interface_address },
568 { "interface_port", vtype_int, &interface_port },
569 { "item", vtype_stringptr, &iterate_item },
570 #ifdef LOOKUP_LDAP
571 { "ldap_dn", vtype_stringptr, &eldap_dn },
572 #endif
573 { "load_average", vtype_load_avg, NULL },
574 { "local_part", vtype_stringptr, &deliver_localpart },
575 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
576 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
577 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
578 #ifdef HAVE_LOCAL_SCAN
579 { "local_scan_data", vtype_stringptr, &local_scan_data },
580 #endif
581 { "local_user_gid", vtype_gid, &local_user_gid },
582 { "local_user_uid", vtype_uid, &local_user_uid },
583 { "localhost_number", vtype_int, &host_number },
584 { "log_inodes", vtype_pinodes, (void *)FALSE },
585 { "log_space", vtype_pspace, (void *)FALSE },
586 { "lookup_dnssec_authenticated",vtype_stringptr,&lookup_dnssec_authenticated},
587 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
588 #ifdef WITH_CONTENT_SCAN
589 { "malware_name", vtype_stringptr, &malware_name },
590 #endif
591 { "max_received_linelength", vtype_int, &max_received_linelength },
592 { "message_age", vtype_int, &message_age },
593 { "message_body", vtype_msgbody, &message_body },
594 { "message_body_end", vtype_msgbody_end, &message_body_end },
595 { "message_body_size", vtype_int, &message_body_size },
596 { "message_exim_id", vtype_stringptr, &message_id },
597 { "message_headers", vtype_msgheaders, NULL },
598 { "message_headers_raw", vtype_msgheaders_raw, NULL },
599 { "message_id", vtype_stringptr, &message_id },
600 { "message_linecount", vtype_int, &message_linecount },
601 { "message_size", vtype_int, &message_size },
602 #ifdef SUPPORT_I18N
603 { "message_smtputf8", vtype_bool, &message_smtputf8 },
604 #endif
605 #ifdef WITH_CONTENT_SCAN
606 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
607 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
608 { "mime_boundary", vtype_stringptr, &mime_boundary },
609 { "mime_charset", vtype_stringptr, &mime_charset },
610 { "mime_content_description", vtype_stringptr, &mime_content_description },
611 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
612 { "mime_content_id", vtype_stringptr, &mime_content_id },
613 { "mime_content_size", vtype_int, &mime_content_size },
614 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
615 { "mime_content_type", vtype_stringptr, &mime_content_type },
616 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
617 { "mime_filename", vtype_stringptr, &mime_filename },
618 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
619 { "mime_is_multipart", vtype_int, &mime_is_multipart },
620 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
621 { "mime_part_count", vtype_int, &mime_part_count },
622 #endif
623 { "n0", vtype_filter_int, &filter_n[0] },
624 { "n1", vtype_filter_int, &filter_n[1] },
625 { "n2", vtype_filter_int, &filter_n[2] },
626 { "n3", vtype_filter_int, &filter_n[3] },
627 { "n4", vtype_filter_int, &filter_n[4] },
628 { "n5", vtype_filter_int, &filter_n[5] },
629 { "n6", vtype_filter_int, &filter_n[6] },
630 { "n7", vtype_filter_int, &filter_n[7] },
631 { "n8", vtype_filter_int, &filter_n[8] },
632 { "n9", vtype_filter_int, &filter_n[9] },
633 { "original_domain", vtype_stringptr, &deliver_domain_orig },
634 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
635 { "originator_gid", vtype_gid, &originator_gid },
636 { "originator_uid", vtype_uid, &originator_uid },
637 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
638 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
639 { "pid", vtype_pid, NULL },
640 #ifndef DISABLE_PRDR
641 { "prdr_requested", vtype_bool, &prdr_requested },
642 #endif
643 { "primary_hostname", vtype_stringptr, &primary_hostname },
644 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
645 { "proxy_external_address",vtype_stringptr, &proxy_external_address },
646 { "proxy_external_port", vtype_int, &proxy_external_port },
647 { "proxy_local_address", vtype_stringptr, &proxy_local_address },
648 { "proxy_local_port", vtype_int, &proxy_local_port },
649 { "proxy_session", vtype_bool, &proxy_session },
650 #endif
651 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
652 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
653 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
654 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
655 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
656 { "queue_name", vtype_stringptr, &queue_name },
657 { "rcpt_count", vtype_int, &rcpt_count },
658 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
659 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
660 { "received_count", vtype_int, &received_count },
661 { "received_for", vtype_stringptr, &received_for },
662 { "received_ip_address", vtype_stringptr, &interface_address },
663 { "received_port", vtype_int, &interface_port },
664 { "received_protocol", vtype_stringptr, &received_protocol },
665 { "received_time", vtype_int, &received_time.tv_sec },
666 { "recipient_data", vtype_stringptr, &recipient_data },
667 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
668 { "recipients", vtype_string_func, (void *) &fn_recipients },
669 { "recipients_count", vtype_int, &recipients_count },
670 #ifdef WITH_CONTENT_SCAN
671 { "regex_match_string", vtype_stringptr, &regex_match_string },
672 #endif
673 { "reply_address", vtype_reply, NULL },
674 { "return_path", vtype_stringptr, &return_path },
675 { "return_size_limit", vtype_int, &bounce_return_size_limit },
676 { "router_name", vtype_stringptr, &router_name },
677 { "runrc", vtype_int, &runrc },
678 { "self_hostname", vtype_stringptr, &self_hostname },
679 { "sender_address", vtype_stringptr, &sender_address },
680 { "sender_address_data", vtype_stringptr, &sender_address_data },
681 { "sender_address_domain", vtype_domain, &sender_address },
682 { "sender_address_local_part", vtype_localpart, &sender_address },
683 { "sender_data", vtype_stringptr, &sender_data },
684 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
685 { "sender_helo_dnssec", vtype_bool, &sender_helo_dnssec },
686 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
687 { "sender_host_address", vtype_stringptr, &sender_host_address },
688 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
689 { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
690 { "sender_host_name", vtype_host_lookup, NULL },
691 { "sender_host_port", vtype_int, &sender_host_port },
692 { "sender_ident", vtype_stringptr, &sender_ident },
693 { "sender_rate", vtype_stringptr, &sender_rate },
694 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
695 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
696 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
697 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
698 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
699 { "sending_port", vtype_int, &sending_port },
700 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
701 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
702 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
703 { "smtp_command_history", vtype_string_func, (void *) &smtp_cmd_hist },
704 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
705 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
706 { "sn0", vtype_filter_int, &filter_sn[0] },
707 { "sn1", vtype_filter_int, &filter_sn[1] },
708 { "sn2", vtype_filter_int, &filter_sn[2] },
709 { "sn3", vtype_filter_int, &filter_sn[3] },
710 { "sn4", vtype_filter_int, &filter_sn[4] },
711 { "sn5", vtype_filter_int, &filter_sn[5] },
712 { "sn6", vtype_filter_int, &filter_sn[6] },
713 { "sn7", vtype_filter_int, &filter_sn[7] },
714 { "sn8", vtype_filter_int, &filter_sn[8] },
715 { "sn9", vtype_filter_int, &filter_sn[9] },
716 #ifdef WITH_CONTENT_SCAN
717 { "spam_action", vtype_stringptr, &spam_action },
718 { "spam_bar", vtype_stringptr, &spam_bar },
719 { "spam_report", vtype_stringptr, &spam_report },
720 { "spam_score", vtype_stringptr, &spam_score },
721 { "spam_score_int", vtype_stringptr, &spam_score_int },
722 #endif
723 #ifdef SUPPORT_SPF
724 { "spf_guess", vtype_stringptr, &spf_guess },
725 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
726 { "spf_received", vtype_stringptr, &spf_received },
727 { "spf_result", vtype_stringptr, &spf_result },
728 { "spf_result_guessed", vtype_bool, &spf_result_guessed },
729 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
730 #endif
731 { "spool_directory", vtype_stringptr, &spool_directory },
732 { "spool_inodes", vtype_pinodes, (void *)TRUE },
733 { "spool_space", vtype_pspace, (void *)TRUE },
734 #ifdef EXPERIMENTAL_SRS
735 { "srs_db_address", vtype_stringptr, &srs_db_address },
736 { "srs_db_key", vtype_stringptr, &srs_db_key },
737 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
738 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
739 { "srs_recipient", vtype_stringptr, &srs_recipient },
740 { "srs_status", vtype_stringptr, &srs_status },
741 #endif
742 { "thisaddress", vtype_stringptr, &filter_thisaddress },
743
744 /* The non-(in,out) variables are now deprecated */
745 { "tls_bits", vtype_int, &tls_in.bits },
746 { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
747 { "tls_cipher", vtype_stringptr, &tls_in.cipher },
748
749 { "tls_in_bits", vtype_int, &tls_in.bits },
750 { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
751 { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
752 { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
753 { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
754 { "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
755 { "tls_in_peercert", vtype_cert, &tls_in.peercert },
756 { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
757 #ifdef EXPERIMENTAL_TLS_RESUME
758 { "tls_in_resumption", vtype_int, &tls_in.resumption },
759 #endif
760 #ifndef DISABLE_TLS
761 { "tls_in_sni", vtype_stringptr, &tls_in.sni },
762 #endif
763 { "tls_out_bits", vtype_int, &tls_out.bits },
764 { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
765 { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
766 { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
767 #ifdef SUPPORT_DANE
768 { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
769 #endif
770 { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
771 { "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
772 { "tls_out_peercert", vtype_cert, &tls_out.peercert },
773 { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
774 #ifdef EXPERIMENTAL_TLS_RESUME
775 { "tls_out_resumption", vtype_int, &tls_out.resumption },
776 #endif
777 #ifndef DISABLE_TLS
778 { "tls_out_sni", vtype_stringptr, &tls_out.sni },
779 #endif
780 #ifdef SUPPORT_DANE
781 { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
782 #endif
783
784 { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
785 #ifndef DISABLE_TLS
786 { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
787 #endif
788
789 { "tod_bsdinbox", vtype_todbsdin, NULL },
790 { "tod_epoch", vtype_tode, NULL },
791 { "tod_epoch_l", vtype_todel, NULL },
792 { "tod_full", vtype_todf, NULL },
793 { "tod_log", vtype_todl, NULL },
794 { "tod_logfile", vtype_todlf, NULL },
795 { "tod_zone", vtype_todzone, NULL },
796 { "tod_zulu", vtype_todzulu, NULL },
797 { "transport_name", vtype_stringptr, &transport_name },
798 { "value", vtype_stringptr, &lookup_value },
799 { "verify_mode", vtype_stringptr, &verify_mode },
800 { "version_number", vtype_stringptr, &version_string },
801 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
802 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
803 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
804 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
805 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
806 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
807 };
808
809 static int var_table_size = nelem(var_table);
810 static uschar var_buffer[256];
811 static BOOL malformed_header;
812
813 /* For textual hashes */
814
815 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
816 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
817 "0123456789";
818
819 enum { HMAC_MD5, HMAC_SHA1 };
820
821 /* For numeric hashes */
822
823 static unsigned int prime[] = {
824 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
825 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
826 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
827
828 /* For printing modes in symbolic form */
829
830 static uschar *mtable_normal[] =
831 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
832
833 static uschar *mtable_setid[] =
834 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
835
836 static uschar *mtable_sticky[] =
837 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
838
839 /* flags for find_header() */
840 #define FH_EXISTS_ONLY BIT(0)
841 #define FH_WANT_RAW BIT(1)
842 #define FH_WANT_LIST BIT(2)
843
844
845 /*************************************************
846 * Tables for UTF-8 support *
847 *************************************************/
848
849 /* Table of the number of extra characters, indexed by the first character
850 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
851 0x3d. */
852
853 static uschar utf8_table1[] = {
854 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
855 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
856 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
857 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
858
859 /* These are the masks for the data bits in the first byte of a character,
860 indexed by the number of additional bytes. */
861
862 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
863
864 /* Get the next UTF-8 character, advancing the pointer. */
865
866 #define GETUTF8INC(c, ptr) \
867 c = *ptr++; \
868 if ((c & 0xc0) == 0xc0) \
869 { \
870 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
871 int s = 6*a; \
872 c = (c & utf8_table2[a]) << s; \
873 while (a-- > 0) \
874 { \
875 s -= 6; \
876 c |= (*ptr++ & 0x3f) << s; \
877 } \
878 }
879
880
881
882 static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
883
884 /*************************************************
885 * Binary chop search on a table *
886 *************************************************/
887
888 /* This is used for matching expansion items and operators.
889
890 Arguments:
891 name the name that is being sought
892 table the table to search
893 table_size the number of items in the table
894
895 Returns: the offset in the table, or -1
896 */
897
898 static int
899 chop_match(uschar *name, uschar **table, int table_size)
900 {
901 uschar **bot = table;
902 uschar **top = table + table_size;
903
904 while (top > bot)
905 {
906 uschar **mid = bot + (top - bot)/2;
907 int c = Ustrcmp(name, *mid);
908 if (c == 0) return mid - table;
909 if (c > 0) bot = mid + 1; else top = mid;
910 }
911
912 return -1;
913 }
914
915
916
917 /*************************************************
918 * Check a condition string *
919 *************************************************/
920
921 /* This function is called to expand a string, and test the result for a "true"
922 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
923 forced fail or lookup defer.
924
925 We used to release all store used, but this is not not safe due
926 to ${dlfunc } and ${acl }. In any case expand_string_internal()
927 is reasonably careful to release what it can.
928
929 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
930
931 Arguments:
932 condition the condition string
933 m1 text to be incorporated in panic error
934 m2 ditto
935
936 Returns: TRUE if condition is met, FALSE if not
937 */
938
939 BOOL
940 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
941 {
942 int rc;
943 uschar *ss = expand_string(condition);
944 if (ss == NULL)
945 {
946 if (!f.expand_string_forcedfail && !f.search_find_defer)
947 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
948 "for %s %s: %s", condition, m1, m2, expand_string_message);
949 return FALSE;
950 }
951 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
952 strcmpic(ss, US"false") != 0;
953 return rc;
954 }
955
956
957
958
959 /*************************************************
960 * Pseudo-random number generation *
961 *************************************************/
962
963 /* Pseudo-random number generation. The result is not "expected" to be
964 cryptographically strong but not so weak that someone will shoot themselves
965 in the foot using it as a nonce in some email header scheme or whatever
966 weirdness they'll twist this into. The result should ideally handle fork().
967
968 However, if we're stuck unable to provide this, then we'll fall back to
969 appallingly bad randomness.
970
971 If DISABLE_TLS is not defined then this will not be used except as an emergency
972 fallback.
973
974 Arguments:
975 max range maximum
976 Returns a random number in range [0, max-1]
977 */
978
979 #ifndef DISABLE_TLS
980 # define vaguely_random_number vaguely_random_number_fallback
981 #endif
982 int
983 vaguely_random_number(int max)
984 {
985 #ifndef DISABLE_TLS
986 # undef vaguely_random_number
987 #endif
988 static pid_t pid = 0;
989 pid_t p2;
990
991 if ((p2 = getpid()) != pid)
992 {
993 if (pid != 0)
994 {
995
996 #ifdef HAVE_ARC4RANDOM
997 /* cryptographically strong randomness, common on *BSD platforms, not
998 so much elsewhere. Alas. */
999 # ifndef NOT_HAVE_ARC4RANDOM_STIR
1000 arc4random_stir();
1001 # endif
1002 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1003 # ifdef HAVE_SRANDOMDEV
1004 /* uses random(4) for seeding */
1005 srandomdev();
1006 # else
1007 {
1008 struct timeval tv;
1009 gettimeofday(&tv, NULL);
1010 srandom(tv.tv_sec | tv.tv_usec | getpid());
1011 }
1012 # endif
1013 #else
1014 /* Poor randomness and no seeding here */
1015 #endif
1016
1017 }
1018 pid = p2;
1019 }
1020
1021 #ifdef HAVE_ARC4RANDOM
1022 return arc4random() % max;
1023 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
1024 return random() % max;
1025 #else
1026 /* This one returns a 16-bit number, definitely not crypto-strong */
1027 return random_number(max);
1028 #endif
1029 }
1030
1031
1032
1033
1034 /*************************************************
1035 * Pick out a name from a string *
1036 *************************************************/
1037
1038 /* If the name is too long, it is silently truncated.
1039
1040 Arguments:
1041 name points to a buffer into which to put the name
1042 max is the length of the buffer
1043 s points to the first alphabetic character of the name
1044 extras chars other than alphanumerics to permit
1045
1046 Returns: pointer to the first character after the name
1047
1048 Note: The test for *s != 0 in the while loop is necessary because
1049 Ustrchr() yields non-NULL if the character is zero (which is not something
1050 I expected). */
1051
1052 static const uschar *
1053 read_name(uschar *name, int max, const uschar *s, uschar *extras)
1054 {
1055 int ptr = 0;
1056 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
1057 {
1058 if (ptr < max-1) name[ptr++] = *s;
1059 s++;
1060 }
1061 name[ptr] = 0;
1062 return s;
1063 }
1064
1065
1066
1067 /*************************************************
1068 * Pick out the rest of a header name *
1069 *************************************************/
1070
1071 /* A variable name starting $header_ (or just $h_ for those who like
1072 abbreviations) might not be the complete header name because headers can
1073 contain any printing characters in their names, except ':'. This function is
1074 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
1075 on the end, if the name was terminated by white space.
1076
1077 Arguments:
1078 name points to a buffer in which the name read so far exists
1079 max is the length of the buffer
1080 s points to the first character after the name so far, i.e. the
1081 first non-alphameric character after $header_xxxxx
1082
1083 Returns: a pointer to the first character after the header name
1084 */
1085
1086 static const uschar *
1087 read_header_name(uschar *name, int max, const uschar *s)
1088 {
1089 int prelen = Ustrchr(name, '_') - name + 1;
1090 int ptr = Ustrlen(name) - prelen;
1091 if (ptr > 0) memmove(name, name+prelen, ptr);
1092 while (mac_isgraph(*s) && *s != ':')
1093 {
1094 if (ptr < max-1) name[ptr++] = *s;
1095 s++;
1096 }
1097 if (*s == ':') s++;
1098 name[ptr++] = ':';
1099 name[ptr] = 0;
1100 return s;
1101 }
1102
1103
1104
1105 /*************************************************
1106 * Pick out a number from a string *
1107 *************************************************/
1108
1109 /* Arguments:
1110 n points to an integer into which to put the number
1111 s points to the first digit of the number
1112
1113 Returns: a pointer to the character after the last digit
1114 */
1115 /*XXX consider expanding to int_eximarith_t. But the test for
1116 "overbig numbers" in 0002 still needs to overflow it. */
1117
1118 static uschar *
1119 read_number(int *n, uschar *s)
1120 {
1121 *n = 0;
1122 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1123 return s;
1124 }
1125
1126 static const uschar *
1127 read_cnumber(int *n, const uschar *s)
1128 {
1129 *n = 0;
1130 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
1131 return s;
1132 }
1133
1134
1135
1136 /*************************************************
1137 * Extract keyed subfield from a string *
1138 *************************************************/
1139
1140 /* The yield is in dynamic store; NULL means that the key was not found.
1141
1142 Arguments:
1143 key points to the name of the key
1144 s points to the string from which to extract the subfield
1145
1146 Returns: NULL if the subfield was not found, or
1147 a pointer to the subfield's data
1148 */
1149
1150 static uschar *
1151 expand_getkeyed(uschar * key, const uschar * s)
1152 {
1153 int length = Ustrlen(key);
1154 while (isspace(*s)) s++;
1155
1156 /* Loop to search for the key */
1157
1158 while (*s)
1159 {
1160 int dkeylength;
1161 uschar * data;
1162 const uschar * dkey = s;
1163
1164 while (*s && *s != '=' && !isspace(*s)) s++;
1165 dkeylength = s - dkey;
1166 while (isspace(*s)) s++;
1167 if (*s == '=') while (isspace((*(++s))));
1168
1169 data = string_dequote(&s);
1170 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
1171 return data;
1172
1173 while (isspace(*s)) s++;
1174 }
1175
1176 return NULL;
1177 }
1178
1179
1180
1181 static var_entry *
1182 find_var_ent(uschar * name)
1183 {
1184 int first = 0;
1185 int last = var_table_size;
1186
1187 while (last > first)
1188 {
1189 int middle = (first + last)/2;
1190 int c = Ustrcmp(name, var_table[middle].name);
1191
1192 if (c > 0) { first = middle + 1; continue; }
1193 if (c < 0) { last = middle; continue; }
1194 return &var_table[middle];
1195 }
1196 return NULL;
1197 }
1198
1199 /*************************************************
1200 * Extract numbered subfield from string *
1201 *************************************************/
1202
1203 /* Extracts a numbered field from a string that is divided by tokens - for
1204 example a line from /etc/passwd is divided by colon characters. First field is
1205 numbered one. Negative arguments count from the right. Zero returns the whole
1206 string. Returns NULL if there are insufficient tokens in the string
1207
1208 ***WARNING***
1209 Modifies final argument - this is a dynamically generated string, so that's OK.
1210
1211 Arguments:
1212 field number of field to be extracted,
1213 first field = 1, whole string = 0, last field = -1
1214 separators characters that are used to break string into tokens
1215 s points to the string from which to extract the subfield
1216
1217 Returns: NULL if the field was not found,
1218 a pointer to the field's data inside s (modified to add 0)
1219 */
1220
1221 static uschar *
1222 expand_gettokened (int field, uschar *separators, uschar *s)
1223 {
1224 int sep = 1;
1225 int count;
1226 uschar *ss = s;
1227 uschar *fieldtext = NULL;
1228
1229 if (field == 0) return s;
1230
1231 /* Break the line up into fields in place; for field > 0 we stop when we have
1232 done the number of fields we want. For field < 0 we continue till the end of
1233 the string, counting the number of fields. */
1234
1235 count = (field > 0)? field : INT_MAX;
1236
1237 while (count-- > 0)
1238 {
1239 size_t len;
1240
1241 /* Previous field was the last one in the string. For a positive field
1242 number, this means there are not enough fields. For a negative field number,
1243 check that there are enough, and scan back to find the one that is wanted. */
1244
1245 if (sep == 0)
1246 {
1247 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1248 if ((-field) == (INT_MAX - count - 1)) return s;
1249 while (field++ < 0)
1250 {
1251 ss--;
1252 while (ss[-1] != 0) ss--;
1253 }
1254 fieldtext = ss;
1255 break;
1256 }
1257
1258 /* Previous field was not last in the string; save its start and put a
1259 zero at its end. */
1260
1261 fieldtext = ss;
1262 len = Ustrcspn(ss, separators);
1263 sep = ss[len];
1264 ss[len] = 0;
1265 ss += len + 1;
1266 }
1267
1268 return fieldtext;
1269 }
1270
1271
1272 static uschar *
1273 expand_getlistele(int field, const uschar * list)
1274 {
1275 const uschar * tlist = list;
1276 int sep = 0;
1277 uschar dummy;
1278
1279 if (field < 0)
1280 {
1281 for (field++; string_nextinlist(&tlist, &sep, &dummy, 1); ) field++;
1282 sep = 0;
1283 }
1284 if (field == 0) return NULL;
1285 while (--field > 0 && (string_nextinlist(&list, &sep, &dummy, 1))) ;
1286 return string_nextinlist(&list, &sep, NULL, 0);
1287 }
1288
1289
1290 /* Certificate fields, by name. Worry about by-OID later */
1291 /* Names are chosen to not have common prefixes */
1292
1293 #ifndef DISABLE_TLS
1294 typedef struct
1295 {
1296 uschar * name;
1297 int namelen;
1298 uschar * (*getfn)(void * cert, uschar * mod);
1299 } certfield;
1300 static certfield certfields[] =
1301 { /* linear search; no special order */
1302 { US"version", 7, &tls_cert_version },
1303 { US"serial_number", 13, &tls_cert_serial_number },
1304 { US"subject", 7, &tls_cert_subject },
1305 { US"notbefore", 9, &tls_cert_not_before },
1306 { US"notafter", 8, &tls_cert_not_after },
1307 { US"issuer", 6, &tls_cert_issuer },
1308 { US"signature", 9, &tls_cert_signature },
1309 { US"sig_algorithm", 13, &tls_cert_signature_algorithm },
1310 { US"subj_altname", 12, &tls_cert_subject_altname },
1311 { US"ocsp_uri", 8, &tls_cert_ocsp_uri },
1312 { US"crl_uri", 7, &tls_cert_crl_uri },
1313 };
1314
1315 static uschar *
1316 expand_getcertele(uschar * field, uschar * certvar)
1317 {
1318 var_entry * vp;
1319
1320 if (!(vp = find_var_ent(certvar)))
1321 {
1322 expand_string_message =
1323 string_sprintf("no variable named \"%s\"", certvar);
1324 return NULL; /* Unknown variable name */
1325 }
1326 /* NB this stops us passing certs around in variable. Might
1327 want to do that in future */
1328 if (vp->type != vtype_cert)
1329 {
1330 expand_string_message =
1331 string_sprintf("\"%s\" is not a certificate", certvar);
1332 return NULL; /* Unknown variable name */
1333 }
1334 if (!*(void **)vp->value)
1335 return NULL;
1336
1337 if (*field >= '0' && *field <= '9')
1338 return tls_cert_ext_by_oid(*(void **)vp->value, field, 0);
1339
1340 for (certfield * cp = certfields;
1341 cp < certfields + nelem(certfields);
1342 cp++)
1343 if (Ustrncmp(cp->name, field, cp->namelen) == 0)
1344 {
1345 uschar * modifier = *(field += cp->namelen) == ','
1346 ? ++field : NULL;
1347 return (*cp->getfn)( *(void **)vp->value, modifier );
1348 }
1349
1350 expand_string_message =
1351 string_sprintf("bad field selector \"%s\" for certextract", field);
1352 return NULL;
1353 }
1354 #endif /*DISABLE_TLS*/
1355
1356 /*************************************************
1357 * Extract a substring from a string *
1358 *************************************************/
1359
1360 /* Perform the ${substr or ${length expansion operations.
1361
1362 Arguments:
1363 subject the input string
1364 value1 the offset from the start of the input string to the start of
1365 the output string; if negative, count from the right.
1366 value2 the length of the output string, or negative (-1) for unset
1367 if value1 is positive, unset means "all after"
1368 if value1 is negative, unset means "all before"
1369 len set to the length of the returned string
1370
1371 Returns: pointer to the output string, or NULL if there is an error
1372 */
1373
1374 static uschar *
1375 extract_substr(uschar *subject, int value1, int value2, int *len)
1376 {
1377 int sublen = Ustrlen(subject);
1378
1379 if (value1 < 0) /* count from right */
1380 {
1381 value1 += sublen;
1382
1383 /* If the position is before the start, skip to the start, and adjust the
1384 length. If the length ends up negative, the substring is null because nothing
1385 can precede. This falls out naturally when the length is unset, meaning "all
1386 to the left". */
1387
1388 if (value1 < 0)
1389 {
1390 value2 += value1;
1391 if (value2 < 0) value2 = 0;
1392 value1 = 0;
1393 }
1394
1395 /* Otherwise an unset length => characters before value1 */
1396
1397 else if (value2 < 0)
1398 {
1399 value2 = value1;
1400 value1 = 0;
1401 }
1402 }
1403
1404 /* For a non-negative offset, if the starting position is past the end of the
1405 string, the result will be the null string. Otherwise, an unset length means
1406 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1407
1408 else
1409 {
1410 if (value1 > sublen)
1411 {
1412 value1 = sublen;
1413 value2 = 0;
1414 }
1415 else if (value2 < 0) value2 = sublen;
1416 }
1417
1418 /* Cut the length down to the maximum possible for the offset value, and get
1419 the required characters. */
1420
1421 if (value1 + value2 > sublen) value2 = sublen - value1;
1422 *len = value2;
1423 return subject + value1;
1424 }
1425
1426
1427
1428
1429 /*************************************************
1430 * Old-style hash of a string *
1431 *************************************************/
1432
1433 /* Perform the ${hash expansion operation.
1434
1435 Arguments:
1436 subject the input string (an expanded substring)
1437 value1 the length of the output string; if greater or equal to the
1438 length of the input string, the input string is returned
1439 value2 the number of hash characters to use, or 26 if negative
1440 len set to the length of the returned string
1441
1442 Returns: pointer to the output string, or NULL if there is an error
1443 */
1444
1445 static uschar *
1446 compute_hash(uschar *subject, int value1, int value2, int *len)
1447 {
1448 int sublen = Ustrlen(subject);
1449
1450 if (value2 < 0) value2 = 26;
1451 else if (value2 > Ustrlen(hashcodes))
1452 {
1453 expand_string_message =
1454 string_sprintf("hash count \"%d\" too big", value2);
1455 return NULL;
1456 }
1457
1458 /* Calculate the hash text. We know it is shorter than the original string, so
1459 can safely place it in subject[] (we know that subject is always itself an
1460 expanded substring). */
1461
1462 if (value1 < sublen)
1463 {
1464 int c;
1465 int i = 0;
1466 int j = value1;
1467 while ((c = (subject[j])) != 0)
1468 {
1469 int shift = (c + j++) & 7;
1470 subject[i] ^= (c << shift) | (c >> (8-shift));
1471 if (++i >= value1) i = 0;
1472 }
1473 for (i = 0; i < value1; i++)
1474 subject[i] = hashcodes[(subject[i]) % value2];
1475 }
1476 else value1 = sublen;
1477
1478 *len = value1;
1479 return subject;
1480 }
1481
1482
1483
1484
1485 /*************************************************
1486 * Numeric hash of a string *
1487 *************************************************/
1488
1489 /* Perform the ${nhash expansion operation. The first characters of the
1490 string are treated as most important, and get the highest prime numbers.
1491
1492 Arguments:
1493 subject the input string
1494 value1 the maximum value of the first part of the result
1495 value2 the maximum value of the second part of the result,
1496 or negative to produce only a one-part result
1497 len set to the length of the returned string
1498
1499 Returns: pointer to the output string, or NULL if there is an error.
1500 */
1501
1502 static uschar *
1503 compute_nhash (uschar *subject, int value1, int value2, int *len)
1504 {
1505 uschar *s = subject;
1506 int i = 0;
1507 unsigned long int total = 0; /* no overflow */
1508
1509 while (*s != 0)
1510 {
1511 if (i == 0) i = nelem(prime) - 1;
1512 total += prime[i--] * (unsigned int)(*s++);
1513 }
1514
1515 /* If value2 is unset, just compute one number */
1516
1517 if (value2 < 0)
1518 s = string_sprintf("%lu", total % value1);
1519
1520 /* Otherwise do a div/mod hash */
1521
1522 else
1523 {
1524 total = total % (value1 * value2);
1525 s = string_sprintf("%lu/%lu", total/value2, total % value2);
1526 }
1527
1528 *len = Ustrlen(s);
1529 return s;
1530 }
1531
1532
1533
1534
1535
1536 /*************************************************
1537 * Find the value of a header or headers *
1538 *************************************************/
1539
1540 /* Multiple instances of the same header get concatenated, and this function
1541 can also return a concatenation of all the header lines. When concatenating
1542 specific headers that contain lists of addresses, a comma is inserted between
1543 them. Otherwise we use a straight concatenation. Because some messages can have
1544 pathologically large number of lines, there is a limit on the length that is
1545 returned.
1546
1547 Arguments:
1548 name the name of the header, without the leading $header_ or $h_,
1549 or NULL if a concatenation of all headers is required
1550 newsize return the size of memory block that was obtained; may be NULL
1551 if exists_only is TRUE
1552 flags FH_EXISTS_ONLY
1553 set if called from a def: test; don't need to build a string;
1554 just return a string that is not "" and not "0" if the header
1555 exists
1556 FH_WANT_RAW
1557 set if called for $rh_ or $rheader_ items; no processing,
1558 other than concatenating, will be done on the header. Also used
1559 for $message_headers_raw.
1560 FH_WANT_LIST
1561 Double colon chars in the content, and replace newline with
1562 colon between each element when concatenating; returning a
1563 colon-sep list (elements might contain newlines)
1564 charset name of charset to translate MIME words to; used only if
1565 want_raw is false; if NULL, no translation is done (this is
1566 used for $bh_ and $bheader_)
1567
1568 Returns: NULL if the header does not exist, else a pointer to a new
1569 store block
1570 */
1571
1572 static uschar *
1573 find_header(uschar *name, int *newsize, unsigned flags, uschar *charset)
1574 {
1575 BOOL found = !name;
1576 int len = name ? Ustrlen(name) : 0;
1577 BOOL comma = FALSE;
1578 gstring * g = NULL;
1579
1580 for (header_line * h = header_list; h; h = h->next)
1581 if (h->type != htype_old && h->text) /* NULL => Received: placeholder */
1582 if (!name || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1583 {
1584 uschar * s, * t;
1585 size_t inc;
1586
1587 if (flags & FH_EXISTS_ONLY)
1588 return US"1"; /* don't need actual string */
1589
1590 found = TRUE;
1591 s = h->text + len; /* text to insert */
1592 if (!(flags & FH_WANT_RAW)) /* unless wanted raw, */
1593 while (isspace(*s)) s++; /* remove leading white space */
1594 t = h->text + h->slen; /* end-point */
1595
1596 /* Unless wanted raw, remove trailing whitespace, including the
1597 newline. */
1598
1599 if (flags & FH_WANT_LIST)
1600 while (t > s && t[-1] == '\n') t--;
1601 else if (!(flags & FH_WANT_RAW))
1602 {
1603 while (t > s && isspace(t[-1])) t--;
1604
1605 /* Set comma if handling a single header and it's one of those
1606 that contains an address list, except when asked for raw headers. Only
1607 need to do this once. */
1608
1609 if (name && !comma && Ustrchr("BCFRST", h->type)) comma = TRUE;
1610 }
1611
1612 /* Trim the header roughly if we're approaching limits */
1613 inc = t - s;
1614 if ((g ? g->ptr : 0) + inc > header_insert_maxlen)
1615 inc = header_insert_maxlen - (g ? g->ptr : 0);
1616
1617 /* For raw just copy the data; for a list, add the data as a colon-sep
1618 list-element; for comma-list add as an unchecked comma,newline sep
1619 list-elemment; for other nonraw add as an unchecked newline-sep list (we
1620 stripped trailing WS above including the newline). We ignore the potential
1621 expansion due to colon-doubling, just leaving the loop if the limit is met
1622 or exceeded. */
1623
1624 if (flags & FH_WANT_LIST)
1625 g = string_append_listele_n(g, ':', s, (unsigned)inc);
1626 else if (flags & FH_WANT_RAW)
1627 {
1628 g = string_catn(g, s, (unsigned)inc);
1629 (void) string_from_gstring(g);
1630 }
1631 else if (inc > 0)
1632 if (comma)
1633 g = string_append2_listele_n(g, US",\n", s, (unsigned)inc);
1634 else
1635 g = string_append2_listele_n(g, US"\n", s, (unsigned)inc);
1636
1637 if (g && g->ptr >= header_insert_maxlen) break;
1638 }
1639
1640 if (!found) return NULL; /* No header found */
1641 if (!g) return US"";
1642
1643 /* That's all we do for raw header expansion. */
1644
1645 *newsize = g->size;
1646 if (flags & FH_WANT_RAW)
1647 return g->s;
1648
1649 /* Otherwise do RFC 2047 decoding, translating the charset if requested.
1650 The rfc2047_decode2() function can return an error with decoded data if the
1651 charset translation fails. If decoding fails, it returns NULL. */
1652
1653 else
1654 {
1655 uschar *decoded, *error;
1656
1657 decoded = rfc2047_decode2(g->s, check_rfc2047_length, charset, '?', NULL,
1658 newsize, &error);
1659 if (error)
1660 {
1661 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1662 " input was: %s\n", error, g->s);
1663 }
1664 return decoded ? decoded : g->s;
1665 }
1666 }
1667
1668
1669
1670
1671 /* Append a "local" element to an Authentication-Results: header
1672 if this was a non-smtp message.
1673 */
1674
1675 static gstring *
1676 authres_local(gstring * g, const uschar * sysname)
1677 {
1678 if (!f.authentication_local)
1679 return g;
1680 g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
1681 if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
1682 return g;
1683 }
1684
1685
1686 /* Append an "iprev" element to an Authentication-Results: header
1687 if we have attempted to get the calling host's name.
1688 */
1689
1690 static gstring *
1691 authres_iprev(gstring * g)
1692 {
1693 if (sender_host_name)
1694 g = string_append(g, 3, US";\n\tiprev=pass (", sender_host_name, US")");
1695 else if (host_lookup_deferred)
1696 g = string_catn(g, US";\n\tiprev=temperror", 19);
1697 else if (host_lookup_failed)
1698 g = string_catn(g, US";\n\tiprev=fail", 13);
1699 else
1700 return g;
1701
1702 if (sender_host_address)
1703 g = string_append(g, 2, US" smtp.remote-ip=", sender_host_address);
1704 return g;
1705 }
1706
1707
1708
1709 /*************************************************
1710 * Return list of recipients *
1711 *************************************************/
1712 /* A recipients list is available only during system message filtering,
1713 during ACL processing after DATA, and while expanding pipe commands
1714 generated from a system filter, but not elsewhere. */
1715
1716 static uschar *
1717 fn_recipients(void)
1718 {
1719 uschar * s;
1720 gstring * g = NULL;
1721
1722 if (!f.enable_dollar_recipients) return NULL;
1723
1724 for (int i = 0; i < recipients_count; i++)
1725 {
1726 s = recipients_list[i].address;
1727 g = string_append2_listele_n(g, US", ", s, Ustrlen(s));
1728 }
1729 return g ? g->s : NULL;
1730 }
1731
1732
1733 /*************************************************
1734 * Find value of a variable *
1735 *************************************************/
1736
1737 /* The table of variables is kept in alphabetic order, so we can search it
1738 using a binary chop. The "choplen" variable is nothing to do with the binary
1739 chop.
1740
1741 Arguments:
1742 name the name of the variable being sought
1743 exists_only TRUE if this is a def: test; passed on to find_header()
1744 skipping TRUE => skip any processing evaluation; this is not the same as
1745 exists_only because def: may test for values that are first
1746 evaluated here
1747 newsize pointer to an int which is initially zero; if the answer is in
1748 a new memory buffer, *newsize is set to its size
1749
1750 Returns: NULL if the variable does not exist, or
1751 a pointer to the variable's contents, or
1752 something non-NULL if exists_only is TRUE
1753 */
1754
1755 static uschar *
1756 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1757 {
1758 var_entry * vp;
1759 uschar *s, *domain;
1760 uschar **ss;
1761 void * val;
1762
1763 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1764 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1765 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1766 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1767 (this gave backwards compatibility at the changeover). There may be built-in
1768 variables whose names start acl_ but they should never start in this way. This
1769 slightly messy specification is a consequence of the history, needless to say.
1770
1771 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1772 set, in which case give an error. */
1773
1774 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1775 !isalpha(name[5]))
1776 {
1777 tree_node * node =
1778 tree_search(name[4] == 'c' ? acl_var_c : acl_var_m, name + 4);
1779 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1780 }
1781 else if (Ustrncmp(name, "r_", 2) == 0)
1782 {
1783 tree_node * node = tree_search(router_var, name + 2);
1784 return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
1785 }
1786
1787 /* Handle $auth<n> variables. */
1788
1789 if (Ustrncmp(name, "auth", 4) == 0)
1790 {
1791 uschar *endptr;
1792 int n = Ustrtoul(name + 4, &endptr, 10);
1793 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1794 return !auth_vars[n-1] ? US"" : auth_vars[n-1];
1795 }
1796 else if (Ustrncmp(name, "regex", 5) == 0)
1797 {
1798 uschar *endptr;
1799 int n = Ustrtoul(name + 5, &endptr, 10);
1800 if (*endptr == 0 && n != 0 && n <= REGEX_VARS)
1801 return !regex_vars[n-1] ? US"" : regex_vars[n-1];
1802 }
1803
1804 /* For all other variables, search the table */
1805
1806 if (!(vp = find_var_ent(name)))
1807 return NULL; /* Unknown variable name */
1808
1809 /* Found an existing variable. If in skipping state, the value isn't needed,
1810 and we want to avoid processing (such as looking up the host name). */
1811
1812 if (skipping)
1813 return US"";
1814
1815 val = vp->value;
1816 switch (vp->type)
1817 {
1818 case vtype_filter_int:
1819 if (!f.filter_running) return NULL;
1820 /* Fall through */
1821 /* VVVVVVVVVVVV */
1822 case vtype_int:
1823 sprintf(CS var_buffer, "%d", *(int *)(val)); /* Integer */
1824 return var_buffer;
1825
1826 case vtype_ino:
1827 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(val))); /* Inode */
1828 return var_buffer;
1829
1830 case vtype_gid:
1831 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(val))); /* gid */
1832 return var_buffer;
1833
1834 case vtype_uid:
1835 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(val))); /* uid */
1836 return var_buffer;
1837
1838 case vtype_bool:
1839 sprintf(CS var_buffer, "%s", *(BOOL *)(val) ? "yes" : "no"); /* bool */
1840 return var_buffer;
1841
1842 case vtype_stringptr: /* Pointer to string */
1843 return (s = *((uschar **)(val))) ? s : US"";
1844
1845 case vtype_pid:
1846 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1847 return var_buffer;
1848
1849 case vtype_load_avg:
1850 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1851 return var_buffer;
1852
1853 case vtype_host_lookup: /* Lookup if not done so */
1854 if ( !sender_host_name && sender_host_address
1855 && !host_lookup_failed && host_name_lookup() == OK)
1856 host_build_sender_fullhost();
1857 return sender_host_name ? sender_host_name : US"";
1858
1859 case vtype_localpart: /* Get local part from address */
1860 if (!(s = *((uschar **)(val)))) return US"";
1861 if (!(domain = Ustrrchr(s, '@'))) return s;
1862 if (domain - s > sizeof(var_buffer) - 1)
1863 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
1864 " in string expansion", sizeof(var_buffer));
1865 return string_copyn(s, domain - s);
1866
1867 case vtype_domain: /* Get domain from address */
1868 if (!(s = *((uschar **)(val)))) return US"";
1869 domain = Ustrrchr(s, '@');
1870 return domain ? domain + 1 : US"";
1871
1872 case vtype_msgheaders:
1873 return find_header(NULL, newsize, exists_only ? FH_EXISTS_ONLY : 0, NULL);
1874
1875 case vtype_msgheaders_raw:
1876 return find_header(NULL, newsize,
1877 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW, NULL);
1878
1879 case vtype_msgbody: /* Pointer to msgbody string */
1880 case vtype_msgbody_end: /* Ditto, the end of the msg */
1881 ss = (uschar **)(val);
1882 if (!*ss && deliver_datafile >= 0) /* Read body when needed */
1883 {
1884 uschar *body;
1885 off_t start_offset = SPOOL_DATA_START_OFFSET;
1886 int len = message_body_visible;
1887 if (len > message_size) len = message_size;
1888 *ss = body = store_malloc(len+1);
1889 body[0] = 0;
1890 if (vp->type == vtype_msgbody_end)
1891 {
1892 struct stat statbuf;
1893 if (fstat(deliver_datafile, &statbuf) == 0)
1894 {
1895 start_offset = statbuf.st_size - len;
1896 if (start_offset < SPOOL_DATA_START_OFFSET)
1897 start_offset = SPOOL_DATA_START_OFFSET;
1898 }
1899 }
1900 if (lseek(deliver_datafile, start_offset, SEEK_SET) < 0)
1901 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "deliver_datafile lseek: %s",
1902 strerror(errno));
1903 len = read(deliver_datafile, body, len);
1904 if (len > 0)
1905 {
1906 body[len] = 0;
1907 if (message_body_newlines) /* Separate loops for efficiency */
1908 while (len > 0)
1909 { if (body[--len] == 0) body[len] = ' '; }
1910 else
1911 while (len > 0)
1912 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1913 }
1914 }
1915 return *ss ? *ss : US"";
1916
1917 case vtype_todbsdin: /* BSD inbox time of day */
1918 return tod_stamp(tod_bsdin);
1919
1920 case vtype_tode: /* Unix epoch time of day */
1921 return tod_stamp(tod_epoch);
1922
1923 case vtype_todel: /* Unix epoch/usec time of day */
1924 return tod_stamp(tod_epoch_l);
1925
1926 case vtype_todf: /* Full time of day */
1927 return tod_stamp(tod_full);
1928
1929 case vtype_todl: /* Log format time of day */
1930 return tod_stamp(tod_log_bare); /* (without timezone) */
1931
1932 case vtype_todzone: /* Time zone offset only */
1933 return tod_stamp(tod_zone);
1934
1935 case vtype_todzulu: /* Zulu time */
1936 return tod_stamp(tod_zulu);
1937
1938 case vtype_todlf: /* Log file datestamp tod */
1939 return tod_stamp(tod_log_datestamp_daily);
1940
1941 case vtype_reply: /* Get reply address */
1942 s = find_header(US"reply-to:", newsize,
1943 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1944 headers_charset);
1945 if (s) while (isspace(*s)) s++;
1946 if (!s || !*s)
1947 {
1948 *newsize = 0; /* For the *s==0 case */
1949 s = find_header(US"from:", newsize,
1950 exists_only ? FH_EXISTS_ONLY|FH_WANT_RAW : FH_WANT_RAW,
1951 headers_charset);
1952 }
1953 if (s)
1954 {
1955 uschar *t;
1956 while (isspace(*s)) s++;
1957 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1958 while (t > s && isspace(t[-1])) t--;
1959 *t = 0;
1960 }
1961 return s ? s : US"";
1962
1963 case vtype_string_func:
1964 {
1965 stringptr_fn_t * fn = (stringptr_fn_t *) val;
1966 return fn();
1967 }
1968
1969 case vtype_pspace:
1970 {
1971 int inodes;
1972 sprintf(CS var_buffer, PR_EXIM_ARITH,
1973 receive_statvfs(val == (void *)TRUE, &inodes));
1974 }
1975 return var_buffer;
1976
1977 case vtype_pinodes:
1978 {
1979 int inodes;
1980 (void) receive_statvfs(val == (void *)TRUE, &inodes);
1981 sprintf(CS var_buffer, "%d", inodes);
1982 }
1983 return var_buffer;
1984
1985 case vtype_cert:
1986 return *(void **)val ? US"<cert>" : US"";
1987
1988 #ifndef DISABLE_DKIM
1989 case vtype_dkim:
1990 return dkim_exim_expand_query((int)(long)val);
1991 #endif
1992
1993 }
1994
1995 return NULL; /* Unknown variable. Silences static checkers. */
1996 }
1997
1998
1999
2000
2001 void
2002 modify_variable(uschar *name, void * value)
2003 {
2004 var_entry * vp;
2005 if ((vp = find_var_ent(name))) vp->value = value;
2006 return; /* Unknown variable name, fail silently */
2007 }
2008
2009
2010
2011
2012
2013
2014 /*************************************************
2015 * Read and expand substrings *
2016 *************************************************/
2017
2018 /* This function is called to read and expand argument substrings for various
2019 expansion items. Some have a minimum requirement that is less than the maximum;
2020 in these cases, the first non-present one is set to NULL.
2021
2022 Arguments:
2023 sub points to vector of pointers to set
2024 n maximum number of substrings
2025 m minimum required
2026 sptr points to current string pointer
2027 skipping the skipping flag
2028 check_end if TRUE, check for final '}'
2029 name name of item, for error message
2030 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
2031 the store.
2032
2033 Returns: 0 OK; string pointer updated
2034 1 curly bracketing error (too few arguments)
2035 2 too many arguments (only if check_end is set); message set
2036 3 other error (expansion failure)
2037 */
2038
2039 static int
2040 read_subs(uschar **sub, int n, int m, const uschar **sptr, BOOL skipping,
2041 BOOL check_end, uschar *name, BOOL *resetok)
2042 {
2043 const uschar *s = *sptr;
2044
2045 while (isspace(*s)) s++;
2046 for (int i = 0; i < n; i++)
2047 {
2048 if (*s != '{')
2049 {
2050 if (i < m)
2051 {
2052 expand_string_message = string_sprintf("Not enough arguments for '%s' "
2053 "(min is %d)", name, m);
2054 return 1;
2055 }
2056 sub[i] = NULL;
2057 break;
2058 }
2059 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
2060 return 3;
2061 if (*s++ != '}') return 1;
2062 while (isspace(*s)) s++;
2063 }
2064 if (check_end && *s++ != '}')
2065 {
2066 if (s[-1] == '{')
2067 {
2068 expand_string_message = string_sprintf("Too many arguments for '%s' "
2069 "(max is %d)", name, n);
2070 return 2;
2071 }
2072 expand_string_message = string_sprintf("missing '}' after '%s'", name);
2073 return 1;
2074 }
2075
2076 *sptr = s;
2077 return 0;
2078 }
2079
2080
2081
2082
2083 /*************************************************
2084 * Elaborate message for bad variable *
2085 *************************************************/
2086
2087 /* For the "unknown variable" message, take a look at the variable's name, and
2088 give additional information about possible ACL variables. The extra information
2089 is added on to expand_string_message.
2090
2091 Argument: the name of the variable
2092 Returns: nothing
2093 */
2094
2095 static void
2096 check_variable_error_message(uschar *name)
2097 {
2098 if (Ustrncmp(name, "acl_", 4) == 0)
2099 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
2100 (name[4] == 'c' || name[4] == 'm')?
2101 (isalpha(name[5])?
2102 US"6th character of a user-defined ACL variable must be a digit or underscore" :
2103 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
2104 ) :
2105 US"user-defined ACL variables must start acl_c or acl_m");
2106 }
2107
2108
2109
2110 /*
2111 Load args from sub array to globals, and call acl_check().
2112 Sub array will be corrupted on return.
2113
2114 Returns: OK access is granted by an ACCEPT verb
2115 DISCARD access is (apparently) granted by a DISCARD verb
2116 FAIL access is denied
2117 FAIL_DROP access is denied; drop the connection
2118 DEFER can't tell at the moment
2119 ERROR disaster
2120 */
2121 static int
2122 eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
2123 {
2124 int i;
2125 int sav_narg = acl_narg;
2126 int ret;
2127 uschar * dummy_logmsg;
2128 extern int acl_where;
2129
2130 if(--nsub > nelem(acl_arg)) nsub = nelem(acl_arg);
2131 for (i = 0; i < nsub && sub[i+1]; i++)
2132 {
2133 uschar * tmp = acl_arg[i];
2134 acl_arg[i] = sub[i+1]; /* place callers args in the globals */
2135 sub[i+1] = tmp; /* stash the old args using our caller's storage */
2136 }
2137 acl_narg = i;
2138 while (i < nsub)
2139 {
2140 sub[i+1] = acl_arg[i];
2141 acl_arg[i++] = NULL;
2142 }
2143
2144 DEBUG(D_expand)
2145 debug_printf_indent("expanding: acl: %s arg: %s%s\n",
2146 sub[0],
2147 acl_narg>0 ? acl_arg[0] : US"<none>",
2148 acl_narg>1 ? " +more" : "");
2149
2150 ret = acl_eval(acl_where, sub[0], user_msgp, &dummy_logmsg);
2151
2152 for (i = 0; i < nsub; i++)
2153 acl_arg[i] = sub[i+1]; /* restore old args */
2154 acl_narg = sav_narg;
2155
2156 return ret;
2157 }
2158
2159
2160
2161
2162 /* Return pointer to dewrapped string, with enclosing specified chars removed.
2163 The given string is modified on return. Leading whitespace is skipped while
2164 looking for the opening wrap character, then the rest is scanned for the trailing
2165 (non-escaped) wrap character. A backslash in the string will act as an escape.
2166
2167 A nul is written over the trailing wrap, and a pointer to the char after the
2168 leading wrap is returned.
2169
2170 Arguments:
2171 s String for de-wrapping
2172 wrap Two-char string, the first being the opener, second the closer wrapping
2173 character
2174 Return:
2175 Pointer to de-wrapped string, or NULL on error (with expand_string_message set).
2176 */
2177
2178 static uschar *
2179 dewrap(uschar * s, const uschar * wrap)
2180 {
2181 uschar * p = s;
2182 unsigned depth = 0;
2183 BOOL quotesmode = wrap[0] == wrap[1];
2184
2185 while (isspace(*p)) p++;
2186
2187 if (*p == *wrap)
2188 {
2189 s = ++p;
2190 wrap++;
2191 while (*p)
2192 {
2193 if (*p == '\\') p++;
2194 else if (!quotesmode && *p == wrap[-1]) depth++;
2195 else if (*p == *wrap)
2196 if (depth == 0)
2197 {
2198 *p = '\0';
2199 return s;
2200 }
2201 else
2202 depth--;
2203 p++;
2204 }
2205 }
2206 expand_string_message = string_sprintf("missing '%c'", *wrap);
2207 return NULL;
2208 }
2209
2210
2211 /* Pull off the leading array or object element, returning
2212 a copy in an allocated string. Update the list pointer.
2213
2214 The element may itself be an abject or array.
2215 Return NULL when the list is empty.
2216 */
2217
2218 static uschar *
2219 json_nextinlist(const uschar ** list)
2220 {
2221 unsigned array_depth = 0, object_depth = 0;
2222 const uschar * s = *list, * item;
2223
2224 while (isspace(*s)) s++;
2225
2226 for (item = s;
2227 *s && (*s != ',' || array_depth != 0 || object_depth != 0);
2228 s++)
2229 switch (*s)
2230 {
2231 case '[': array_depth++; break;
2232 case ']': array_depth--; break;
2233 case '{': object_depth++; break;
2234 case '}': object_depth--; break;
2235 }
2236 *list = *s ? s+1 : s;
2237 if (item == s) return NULL;
2238 item = string_copyn(item, s - item);
2239 DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
2240 return US item;
2241 }
2242
2243
2244
2245 /************************************************/
2246 /* Return offset in ops table, or -1 if not found.
2247 Repoint to just after the operator in the string.
2248
2249 Argument:
2250 ss string representation of operator
2251 opname split-out operator name
2252 */
2253
2254 static int
2255 identify_operator(const uschar ** ss, uschar ** opname)
2256 {
2257 const uschar * s = *ss;
2258 uschar name[256];
2259
2260 /* Numeric comparisons are symbolic */
2261
2262 if (*s == '=' || *s == '>' || *s == '<')
2263 {
2264 int p = 0;
2265 name[p++] = *s++;
2266 if (*s == '=')
2267 {
2268 name[p++] = '=';
2269 s++;
2270 }
2271 name[p] = 0;
2272 }
2273
2274 /* All other conditions are named */
2275
2276 else
2277 s = read_name(name, sizeof(name), s, US"_");
2278 *ss = s;
2279
2280 /* If we haven't read a name, it means some non-alpha character is first. */
2281
2282 if (!name[0])
2283 {
2284 expand_string_message = string_sprintf("condition name expected, "
2285 "but found \"%.16s\"", s);
2286 return -1;
2287 }
2288 if (opname)
2289 *opname = string_copy(name);
2290
2291 return chop_match(name, cond_table, nelem(cond_table));
2292 }
2293
2294
2295 /*************************************************
2296 * Read and evaluate a condition *
2297 *************************************************/
2298
2299 /*
2300 Arguments:
2301 s points to the start of the condition text
2302 resetok points to a BOOL which is written false if it is unsafe to
2303 free memory. Certain condition types (acl) may have side-effect
2304 allocation which must be preserved.
2305 yield points to a BOOL to hold the result of the condition test;
2306 if NULL, we are just reading through a condition that is
2307 part of an "or" combination to check syntax, or in a state
2308 where the answer isn't required
2309
2310 Returns: a pointer to the first character after the condition, or
2311 NULL after an error
2312 */
2313
2314 static const uschar *
2315 eval_condition(const uschar *s, BOOL *resetok, BOOL *yield)
2316 {
2317 BOOL testfor = TRUE;
2318 BOOL tempcond, combined_cond;
2319 BOOL *subcondptr;
2320 BOOL sub2_honour_dollar = TRUE;
2321 BOOL is_forany, is_json, is_jsons;
2322 int rc, cond_type, roffset;
2323 int_eximarith_t num[2];
2324 struct stat statbuf;
2325 uschar * opname;
2326 uschar name[256];
2327 const uschar *sub[10];
2328
2329 const pcre *re;
2330 const uschar *rerror;
2331
2332 for (;;)
2333 {
2334 while (isspace(*s)) s++;
2335 if (*s == '!') { testfor = !testfor; s++; } else break;
2336 }
2337
2338 switch(cond_type = identify_operator(&s, &opname))
2339 {
2340 /* def: tests for a non-empty variable, or for the existence of a header. If
2341 yield == NULL we are in a skipping state, and don't care about the answer. */
2342
2343 case ECOND_DEF:
2344 {
2345 uschar * t;
2346
2347 if (*s != ':')
2348 {
2349 expand_string_message = US"\":\" expected after \"def\"";
2350 return NULL;
2351 }
2352
2353 s = read_name(name, sizeof(name), s+1, US"_");
2354
2355 /* Test for a header's existence. If the name contains a closing brace
2356 character, this may be a user error where the terminating colon has been
2357 omitted. Set a flag to adjust a subsequent error message in this case. */
2358
2359 if ( ( *(t = name) == 'h'
2360 || (*t == 'r' || *t == 'l' || *t == 'b') && *++t == 'h'
2361 )
2362 && (*++t == '_' || Ustrncmp(t, "eader_", 6) == 0)
2363 )
2364 {
2365 s = read_header_name(name, sizeof(name), s);
2366 /* {-for-text-editors */
2367 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2368 if (yield) *yield =
2369 (find_header(name, NULL, FH_EXISTS_ONLY, NULL) != NULL) == testfor;
2370 }
2371
2372 /* Test for a variable's having a non-empty value. A non-existent variable
2373 causes an expansion failure. */
2374
2375 else
2376 {
2377 if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
2378 {
2379 expand_string_message = name[0]
2380 ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
2381 : US"variable name omitted after \"def:\"";
2382 check_variable_error_message(name);
2383 return NULL;
2384 }
2385 if (yield) *yield = (t[0] != 0) == testfor;
2386 }
2387
2388 return s;
2389 }
2390
2391
2392 /* first_delivery tests for first delivery attempt */
2393
2394 case ECOND_FIRST_DELIVERY:
2395 if (yield != NULL) *yield = f.deliver_firsttime == testfor;
2396 return s;
2397
2398
2399 /* queue_running tests for any process started by a queue runner */
2400
2401 case ECOND_QUEUE_RUNNING:
2402 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
2403 return s;
2404
2405
2406 /* exists: tests for file existence
2407 isip: tests for any IP address
2408 isip4: tests for an IPv4 address
2409 isip6: tests for an IPv6 address
2410 pam: does PAM authentication
2411 radius: does RADIUS authentication
2412 ldapauth: does LDAP authentication
2413 pwcheck: does Cyrus SASL pwcheck authentication
2414 */
2415
2416 case ECOND_EXISTS:
2417 case ECOND_ISIP:
2418 case ECOND_ISIP4:
2419 case ECOND_ISIP6:
2420 case ECOND_PAM:
2421 case ECOND_RADIUS:
2422 case ECOND_LDAPAUTH:
2423 case ECOND_PWCHECK:
2424
2425 while (isspace(*s)) s++;
2426 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2427
2428 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok);
2429 if (sub[0] == NULL) return NULL;
2430 /* {-for-text-editors */
2431 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2432
2433 if (yield == NULL) return s; /* No need to run the test if skipping */
2434
2435 switch(cond_type)
2436 {
2437 case ECOND_EXISTS:
2438 if ((expand_forbid & RDO_EXISTS) != 0)
2439 {
2440 expand_string_message = US"File existence tests are not permitted";
2441 return NULL;
2442 }
2443 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
2444 break;
2445
2446 case ECOND_ISIP:
2447 case ECOND_ISIP4:
2448 case ECOND_ISIP6:
2449 rc = string_is_ip_address(sub[0], NULL);
2450 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
2451 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
2452 break;
2453
2454 /* Various authentication tests - all optionally compiled */
2455
2456 case ECOND_PAM:
2457 #ifdef SUPPORT_PAM
2458 rc = auth_call_pam(sub[0], &expand_string_message);
2459 goto END_AUTH;
2460 #else
2461 goto COND_FAILED_NOT_COMPILED;
2462 #endif /* SUPPORT_PAM */
2463
2464 case ECOND_RADIUS:
2465 #ifdef RADIUS_CONFIG_FILE
2466 rc = auth_call_radius(sub[0], &expand_string_message);
2467 goto END_AUTH;
2468 #else
2469 goto COND_FAILED_NOT_COMPILED;
2470 #endif /* RADIUS_CONFIG_FILE */
2471
2472 case ECOND_LDAPAUTH:
2473 #ifdef LOOKUP_LDAP
2474 {
2475 /* Just to keep the interface the same */
2476 BOOL do_cache;
2477 int old_pool = store_pool;
2478 store_pool = POOL_SEARCH;
2479 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
2480 &expand_string_message, &do_cache);
2481 store_pool = old_pool;
2482 }
2483 goto END_AUTH;
2484 #else
2485 goto COND_FAILED_NOT_COMPILED;
2486 #endif /* LOOKUP_LDAP */
2487
2488 case ECOND_PWCHECK:
2489 #ifdef CYRUS_PWCHECK_SOCKET
2490 rc = auth_call_pwcheck(sub[0], &expand_string_message);
2491 goto END_AUTH;
2492 #else
2493 goto COND_FAILED_NOT_COMPILED;
2494 #endif /* CYRUS_PWCHECK_SOCKET */
2495
2496 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
2497 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
2498 END_AUTH:
2499 if (rc == ERROR || rc == DEFER) return NULL;
2500 *yield = (rc == OK) == testfor;
2501 #endif
2502 }
2503 return s;
2504
2505
2506 /* call ACL (in a conditional context). Accept true, deny false.
2507 Defer is a forced-fail. Anything set by message= goes to $value.
2508 Up to ten parameters are used; we use the braces round the name+args
2509 like the saslauthd condition does, to permit a variable number of args.
2510 See also the expansion-item version EITEM_ACL and the traditional
2511 acl modifier ACLC_ACL.
2512 Since the ACL may allocate new global variables, tell our caller to not
2513 reclaim memory.
2514 */
2515
2516 case ECOND_ACL:
2517 /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
2518 {
2519 uschar *sub[10];
2520 uschar *user_msg;
2521 BOOL cond = FALSE;
2522
2523 while (isspace(*s)) s++;
2524 if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
2525
2526 switch(read_subs(sub, nelem(sub), 1,
2527 &s, yield == NULL, TRUE, US"acl", resetok))
2528 {
2529 case 1: expand_string_message = US"too few arguments or bracketing "
2530 "error for acl";
2531 case 2:
2532 case 3: return NULL;
2533 }
2534
2535 if (yield != NULL)
2536 {
2537 int rc;
2538 *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */
2539 switch(rc = eval_acl(sub, nelem(sub), &user_msg))
2540 {
2541 case OK:
2542 cond = TRUE;
2543 case FAIL:
2544 lookup_value = NULL;
2545 if (user_msg)
2546 lookup_value = string_copy(user_msg);
2547 *yield = cond == testfor;
2548 break;
2549
2550 case DEFER:
2551 f.expand_string_forcedfail = TRUE;
2552 /*FALLTHROUGH*/
2553 default:
2554 expand_string_message = string_sprintf("%s from acl \"%s\"",
2555 rc_names[rc], sub[0]);
2556 return NULL;
2557 }
2558 }
2559 return s;
2560 }
2561
2562
2563 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
2564
2565 ${if saslauthd {{username}{password}{service}{realm}} {yes}{no}}
2566
2567 However, the last two are optional. That is why the whole set is enclosed
2568 in their own set of braces. */
2569
2570 case ECOND_SASLAUTHD:
2571 #ifndef CYRUS_SASLAUTHD_SOCKET
2572 goto COND_FAILED_NOT_COMPILED;
2573 #else
2574 {
2575 uschar *sub[4];
2576 while (isspace(*s)) s++;
2577 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
2578 switch(read_subs(sub, nelem(sub), 2, &s, yield == NULL, TRUE, US"saslauthd",
2579 resetok))
2580 {
2581 case 1: expand_string_message = US"too few arguments or bracketing "
2582 "error for saslauthd";
2583 case 2:
2584 case 3: return NULL;
2585 }
2586 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2587 if (yield != NULL)
2588 {
2589 int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2590 &expand_string_message);
2591 if (rc == ERROR || rc == DEFER) return NULL;
2592 *yield = (rc == OK) == testfor;
2593 }
2594 return s;
2595 }
2596 #endif /* CYRUS_SASLAUTHD_SOCKET */
2597
2598
2599 /* symbolic operators for numeric and string comparison, and a number of
2600 other operators, all requiring two arguments.
2601
2602 crypteq: encrypts plaintext and compares against an encrypted text,
2603 using crypt(), crypt16(), MD5 or SHA-1
2604 inlist/inlisti: checks if first argument is in the list of the second
2605 match: does a regular expression match and sets up the numerical
2606 variables if it succeeds
2607 match_address: matches in an address list
2608 match_domain: matches in a domain list
2609 match_ip: matches a host list that is restricted to IP addresses
2610 match_local_part: matches in a local part list
2611 */
2612
2613 case ECOND_MATCH_ADDRESS:
2614 case ECOND_MATCH_DOMAIN:
2615 case ECOND_MATCH_IP:
2616 case ECOND_MATCH_LOCAL_PART:
2617 #ifndef EXPAND_LISTMATCH_RHS
2618 sub2_honour_dollar = FALSE;
2619 #endif
2620 /* FALLTHROUGH */
2621
2622 case ECOND_CRYPTEQ:
2623 case ECOND_INLIST:
2624 case ECOND_INLISTI:
2625 case ECOND_MATCH:
2626
2627 case ECOND_NUM_L: /* Numerical comparisons */
2628 case ECOND_NUM_LE:
2629 case ECOND_NUM_E:
2630 case ECOND_NUM_EE:
2631 case ECOND_NUM_G:
2632 case ECOND_NUM_GE:
2633
2634 case ECOND_STR_LT: /* String comparisons */
2635 case ECOND_STR_LTI:
2636 case ECOND_STR_LE:
2637 case ECOND_STR_LEI:
2638 case ECOND_STR_EQ:
2639 case ECOND_STR_EQI:
2640 case ECOND_STR_GT:
2641 case ECOND_STR_GTI:
2642 case ECOND_STR_GE:
2643 case ECOND_STR_GEI:
2644
2645 for (int i = 0; i < 2; i++)
2646 {
2647 /* Sometimes, we don't expand substrings; too many insecure configurations
2648 created using match_address{}{} and friends, where the second param
2649 includes information from untrustworthy sources. */
2650 BOOL honour_dollar = TRUE;
2651 if ((i > 0) && !sub2_honour_dollar)
2652 honour_dollar = FALSE;
2653
2654 while (isspace(*s)) s++;
2655 if (*s != '{')
2656 {
2657 if (i == 0) goto COND_FAILED_CURLY_START;
2658 expand_string_message = string_sprintf("missing 2nd string in {} "
2659 "after \"%s\"", opname);
2660 return NULL;
2661 }
2662 if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
2663 honour_dollar, resetok)))
2664 return NULL;
2665 DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$'))
2666 debug_printf_indent("WARNING: the second arg is NOT expanded,"
2667 " for security reasons\n");
2668 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2669
2670 /* Convert to numerical if required; we know that the names of all the
2671 conditions that compare numbers do not start with a letter. This just saves
2672 checking for them individually. */
2673
2674 if (!isalpha(opname[0]) && yield != NULL)
2675 if (sub[i][0] == 0)
2676 {
2677 num[i] = 0;
2678 DEBUG(D_expand)
2679 debug_printf_indent("empty string cast to zero for numerical comparison\n");
2680 }
2681 else
2682 {
2683 num[i] = expanded_string_integer(sub[i], FALSE);
2684 if (expand_string_message != NULL) return NULL;
2685 }
2686 }
2687
2688 /* Result not required */
2689
2690 if (yield == NULL) return s;
2691
2692 /* Do an appropriate comparison */
2693
2694 switch(cond_type)
2695 {
2696 case ECOND_NUM_E:
2697 case ECOND_NUM_EE:
2698 tempcond = (num[0] == num[1]);
2699 break;
2700
2701 case ECOND_NUM_G:
2702 tempcond = (num[0] > num[1]);
2703 break;
2704
2705 case ECOND_NUM_GE:
2706 tempcond = (num[0] >= num[1]);
2707 break;
2708
2709 case ECOND_NUM_L:
2710 tempcond = (num[0] < num[1]);
2711 break;
2712
2713 case ECOND_NUM_LE:
2714 tempcond = (num[0] <= num[1]);
2715 break;
2716
2717 case ECOND_STR_LT:
2718 tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
2719 break;
2720
2721 case ECOND_STR_LTI:
2722 tempcond = (strcmpic(sub[0], sub[1]) < 0);
2723 break;
2724
2725 case ECOND_STR_LE:
2726 tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
2727 break;
2728
2729 case ECOND_STR_LEI:
2730 tempcond = (strcmpic(sub[0], sub[1]) <= 0);
2731 break;
2732
2733 case ECOND_STR_EQ:
2734 tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
2735 break;
2736
2737 case ECOND_STR_EQI:
2738 tempcond = (strcmpic(sub[0], sub[1]) == 0);
2739 break;
2740
2741 case ECOND_STR_GT:
2742 tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
2743 break;
2744
2745 case ECOND_STR_GTI:
2746 tempcond = (strcmpic(sub[0], sub[1]) > 0);
2747 break;
2748
2749 case ECOND_STR_GE:
2750 tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
2751 break;
2752
2753 case ECOND_STR_GEI:
2754 tempcond = (strcmpic(sub[0], sub[1]) >= 0);
2755 break;
2756
2757 case ECOND_MATCH: /* Regular expression match */
2758 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2759 NULL);
2760 if (re == NULL)
2761 {
2762 expand_string_message = string_sprintf("regular expression error in "
2763 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2764 return NULL;
2765 }
2766 tempcond = regex_match_and_setup(re, sub[0], 0, -1);
2767 break;
2768
2769 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2770 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2771 goto MATCHED_SOMETHING;
2772
2773 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2774 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2775 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2776 goto MATCHED_SOMETHING;
2777
2778 case ECOND_MATCH_IP: /* Match IP address in a host list */
2779 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2780 {
2781 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2782 sub[0]);
2783 return NULL;
2784 }
2785 else
2786 {
2787 unsigned int *nullcache = NULL;
2788 check_host_block cb;
2789
2790 cb.host_name = US"";
2791 cb.host_address = sub[0];
2792
2793 /* If the host address starts off ::ffff: it is an IPv6 address in
2794 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2795 addresses. */
2796
2797 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2798 cb.host_address + 7 : cb.host_address;
2799
2800 rc = match_check_list(
2801 &sub[1], /* the list */
2802 0, /* separator character */
2803 &hostlist_anchor, /* anchor pointer */
2804 &nullcache, /* cache pointer */
2805 check_host, /* function for testing */
2806 &cb, /* argument for function */
2807 MCL_HOST, /* type of check */
2808 sub[0], /* text for debugging */
2809 NULL); /* where to pass back data */
2810 }
2811 goto MATCHED_SOMETHING;
2812
2813 case ECOND_MATCH_LOCAL_PART:
2814 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2815 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2816 /* Fall through */
2817 /* VVVVVVVVVVVV */
2818 MATCHED_SOMETHING:
2819 switch(rc)
2820 {
2821 case OK:
2822 tempcond = TRUE;
2823 break;
2824
2825 case FAIL:
2826 tempcond = FALSE;
2827 break;
2828
2829 case DEFER:
2830 expand_string_message = string_sprintf("unable to complete match "
2831 "against \"%s\": %s", sub[1], search_error_message);
2832 return NULL;
2833 }
2834
2835 break;
2836
2837 /* Various "encrypted" comparisons. If the second string starts with
2838 "{" then an encryption type is given. Default to crypt() or crypt16()
2839 (build-time choice). */
2840 /* }-for-text-editors */
2841
2842 case ECOND_CRYPTEQ:
2843 #ifndef SUPPORT_CRYPTEQ
2844 goto COND_FAILED_NOT_COMPILED;
2845 #else
2846 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2847 {
2848 int sublen = Ustrlen(sub[1]+5);
2849 md5 base;
2850 uschar digest[16];
2851
2852 md5_start(&base);
2853 md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
2854
2855 /* If the length that we are comparing against is 24, the MD5 digest
2856 is expressed as a base64 string. This is the way LDAP does it. However,
2857 some other software uses a straightforward hex representation. We assume
2858 this if the length is 32. Other lengths fail. */
2859
2860 if (sublen == 24)
2861 {
2862 uschar *coded = b64encode(CUS digest, 16);
2863 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2864 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2865 tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
2866 }
2867 else if (sublen == 32)
2868 {
2869 uschar coded[36];
2870 for (int i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2871 coded[32] = 0;
2872 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2873 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2874 tempcond = (strcmpic(coded, sub[1]+5) == 0);
2875 }
2876 else
2877 {
2878 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2879 "fail\n crypted=%s\n", sub[1]+5);
2880 tempcond = FALSE;
2881 }
2882 }
2883
2884 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2885 {
2886 int sublen = Ustrlen(sub[1]+6);
2887 hctx h;
2888 uschar digest[20];
2889
2890 sha1_start(&h);
2891 sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
2892
2893 /* If the length that we are comparing against is 28, assume the SHA1
2894 digest is expressed as a base64 string. If the length is 40, assume a
2895 straightforward hex representation. Other lengths fail. */
2896
2897 if (sublen == 28)
2898 {
2899 uschar *coded = b64encode(CUS digest, 20);
2900 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2901 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2902 tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
2903 }
2904 else if (sublen == 40)
2905 {
2906 uschar coded[44];
2907 for (int i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2908 coded[40] = 0;
2909 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2910 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2911 tempcond = (strcmpic(coded, sub[1]+6) == 0);
2912 }
2913 else
2914 {
2915 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2916 "fail\n crypted=%s\n", sub[1]+6);
2917 tempcond = FALSE;
2918 }
2919 }
2920
2921 else /* {crypt} or {crypt16} and non-{ at start */
2922 /* }-for-text-editors */
2923 {
2924 int which = 0;
2925 uschar *coded;
2926
2927 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2928 {
2929 sub[1] += 7;
2930 which = 1;
2931 }
2932 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2933 {
2934 sub[1] += 9;
2935 which = 2;
2936 }
2937 else if (sub[1][0] == '{') /* }-for-text-editors */
2938 {
2939 expand_string_message = string_sprintf("unknown encryption mechanism "
2940 "in \"%s\"", sub[1]);
2941 return NULL;
2942 }
2943
2944 switch(which)
2945 {
2946 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2947 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2948 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2949 }
2950
2951 #define STR(s) # s
2952 #define XSTR(s) STR(s)
2953 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2954 " subject=%s\n crypted=%s\n",
2955 which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
2956 coded, sub[1]);
2957 #undef STR
2958 #undef XSTR
2959
2960 /* If the encrypted string contains fewer than two characters (for the
2961 salt), force failure. Otherwise we get false positives: with an empty
2962 string the yield of crypt() is an empty string! */
2963
2964 if (coded)
2965 tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
2966 else if (errno == EINVAL)
2967 tempcond = FALSE;
2968 else
2969 {
2970 expand_string_message = string_sprintf("crypt error: %s\n",
2971 US strerror(errno));
2972 return NULL;
2973 }
2974 }
2975 break;
2976 #endif /* SUPPORT_CRYPTEQ */
2977
2978 case ECOND_INLIST:
2979 case ECOND_INLISTI:
2980 {
2981 const uschar * list = sub[1];
2982 int sep = 0;
2983 uschar *save_iterate_item = iterate_item;
2984 int (*compare)(const uschar *, const uschar *);
2985
2986 DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
2987
2988 tempcond = FALSE;
2989 compare = cond_type == ECOND_INLISTI
2990 ? strcmpic : (int (*)(const uschar *, const uschar *)) strcmp;
2991
2992 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
2993 {
2994 DEBUG(D_expand) debug_printf_indent(" compare %s\n", iterate_item);
2995 if (compare(sub[0], iterate_item) == 0)
2996 {
2997 tempcond = TRUE;
2998 break;
2999 }
3000 }
3001 iterate_item = save_iterate_item;
3002 }
3003
3004 } /* Switch for comparison conditions */
3005
3006 *yield = tempcond == testfor;
3007 return s; /* End of comparison conditions */
3008
3009
3010 /* and/or: computes logical and/or of several conditions */
3011
3012 case ECOND_AND:
3013 case ECOND_OR:
3014 subcondptr = (yield == NULL)? NULL : &tempcond;
3015 combined_cond = (cond_type == ECOND_AND);
3016
3017 while (isspace(*s)) s++;
3018 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3019
3020 for (;;)
3021 {
3022 while (isspace(*s)) s++;
3023 /* {-for-text-editors */
3024 if (*s == '}') break;
3025 if (*s != '{') /* }-for-text-editors */
3026 {
3027 expand_string_message = string_sprintf("each subcondition "
3028 "inside an \"%s{...}\" condition must be in its own {}", opname);
3029 return NULL;
3030 }
3031
3032 if (!(s = eval_condition(s+1, resetok, subcondptr)))
3033 {
3034 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
3035 expand_string_message, opname);
3036 return NULL;
3037 }
3038 while (isspace(*s)) s++;
3039
3040 /* {-for-text-editors */
3041 if (*s++ != '}')
3042 {
3043 /* {-for-text-editors */
3044 expand_string_message = string_sprintf("missing } at end of condition "
3045 "inside \"%s\" group", opname);
3046 return NULL;
3047 }
3048
3049 if (yield != NULL)
3050 {
3051 if (cond_type == ECOND_AND)
3052 {
3053 combined_cond &= tempcond;
3054 if (!combined_cond) subcondptr = NULL; /* once false, don't */
3055 } /* evaluate any more */
3056 else
3057 {
3058 combined_cond |= tempcond;
3059 if (combined_cond) subcondptr = NULL; /* once true, don't */
3060 } /* evaluate any more */
3061 }
3062 }
3063
3064 if (yield != NULL) *yield = (combined_cond == testfor);
3065 return ++s;
3066
3067
3068 /* forall/forany: iterates a condition with different values */
3069
3070 case ECOND_FORALL: is_forany = FALSE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3071 case ECOND_FORANY: is_forany = TRUE; is_json = FALSE; is_jsons = FALSE; goto FORMANY;
3072 case ECOND_FORALL_JSON: is_forany = FALSE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3073 case ECOND_FORANY_JSON: is_forany = TRUE; is_json = TRUE; is_jsons = FALSE; goto FORMANY;
3074 case ECOND_FORALL_JSONS: is_forany = FALSE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3075 case ECOND_FORANY_JSONS: is_forany = TRUE; is_json = TRUE; is_jsons = TRUE; goto FORMANY;
3076
3077 FORMANY:
3078 {
3079 const uschar * list;
3080 int sep = 0;
3081 uschar *save_iterate_item = iterate_item;
3082
3083 DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
3084
3085 while (isspace(*s)) s++;
3086 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3087 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
3088 if (sub[0] == NULL) return NULL;
3089 /* {-for-text-editors */
3090 if (*s++ != '}') goto COND_FAILED_CURLY_END;
3091
3092 while (isspace(*s)) s++;
3093 if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3094
3095 sub[1] = s;
3096
3097 /* Call eval_condition once, with result discarded (as if scanning a
3098 "false" part). This allows us to find the end of the condition, because if
3099 the list it empty, we won't actually evaluate the condition for real. */
3100
3101 if (!(s = eval_condition(sub[1], resetok, NULL)))
3102 {
3103 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3104 expand_string_message, opname);
3105 return NULL;
3106 }
3107 while (isspace(*s)) s++;
3108
3109 /* {-for-text-editors */
3110 if (*s++ != '}')
3111 {
3112 /* {-for-text-editors */
3113 expand_string_message = string_sprintf("missing } at end of condition "
3114 "inside \"%s\"", opname);
3115 return NULL;
3116 }
3117
3118 if (yield) *yield = !testfor;
3119 list = sub[0];
3120 if (is_json) list = dewrap(string_copy(list), US"[]");
3121 while ((iterate_item = is_json
3122 ? json_nextinlist(&list) : string_nextinlist(&list, &sep, NULL, 0)))
3123 {
3124 if (is_jsons)
3125 if (!(iterate_item = dewrap(iterate_item, US"\"\"")))
3126 {
3127 expand_string_message =
3128 string_sprintf("%s wrapping string result for extract jsons",
3129 expand_string_message);
3130 iterate_item = save_iterate_item;
3131 return NULL;
3132 }
3133
3134 DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", opname, iterate_item);
3135 if (!eval_condition(sub[1], resetok, &tempcond))
3136 {
3137 expand_string_message = string_sprintf("%s inside \"%s\" condition",
3138 expand_string_message, opname);
3139 iterate_item = save_iterate_item;
3140 return NULL;
3141 }
3142 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
3143 tempcond? "true":"false");
3144
3145 if (yield) *yield = (tempcond == testfor);
3146 if (tempcond == is_forany) break;
3147 }
3148
3149 iterate_item = save_iterate_item;
3150 return s;
3151 }
3152
3153
3154 /* The bool{} expansion condition maps a string to boolean.
3155 The values supported should match those supported by the ACL condition
3156 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
3157 of true/false. Note that Router "condition" rules have a different
3158 interpretation, where general data can be used and only a few values
3159 map to FALSE.
3160 Note that readconf.c boolean matching, for boolean configuration options,
3161 only matches true/yes/false/no.
3162 The bool_lax{} condition matches the Router logic, which is much more
3163 liberal. */
3164 case ECOND_BOOL:
3165 case ECOND_BOOL_LAX:
3166 {
3167 uschar *sub_arg[1];
3168 uschar *t, *t2;
3169 uschar *ourname;
3170 size_t len;
3171 BOOL boolvalue = FALSE;
3172 while (isspace(*s)) s++;
3173 if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
3174 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
3175 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname, resetok))
3176 {
3177 case 1: expand_string_message = string_sprintf(
3178 "too few arguments or bracketing error for %s",
3179 ourname);
3180 /*FALLTHROUGH*/
3181 case 2:
3182 case 3: return NULL;
3183 }
3184 t = sub_arg[0];
3185 while (isspace(*t)) t++;
3186 len = Ustrlen(t);
3187 if (len)
3188 {
3189 /* trailing whitespace: seems like a good idea to ignore it too */
3190 t2 = t + len - 1;
3191 while (isspace(*t2)) t2--;
3192 if (t2 != (t + len))
3193 {
3194 *++t2 = '\0';
3195 len = t2 - t;
3196 }
3197 }
3198 DEBUG(D_expand)
3199 debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
3200 /* logic for the lax case from expand_check_condition(), which also does
3201 expands, and the logic is both short and stable enough that there should
3202 be no maintenance burden from replicating it. */
3203 if (len == 0)
3204 boolvalue = FALSE;
3205 else if (*t == '-'
3206 ? Ustrspn(t+1, "0123456789") == len-1
3207 : Ustrspn(t, "0123456789") == len)
3208 {
3209 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
3210 /* expand_check_condition only does a literal string "0" check */
3211 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
3212 boolvalue = TRUE;
3213 }
3214 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
3215 boolvalue = TRUE;
3216 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
3217 boolvalue = FALSE;
3218 else if (cond_type == ECOND_BOOL_LAX)
3219 boolvalue = TRUE;
3220 else
3221 {
3222 expand_string_message = string_sprintf("unrecognised boolean "
3223 "value \"%s\"", t);
3224 return NULL;
3225 }
3226 DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
3227 boolvalue? "true":"false");
3228 if (yield != NULL) *yield = (boolvalue == testfor);
3229 return s;
3230 }
3231
3232 /* Unknown condition */
3233
3234 default:
3235 if (!expand_string_message || !*expand_string_message)
3236 expand_string_message = string_sprintf("unknown condition \"%s\"", opname);
3237 return NULL;
3238 } /* End switch on condition type */
3239
3240 /* Missing braces at start and end of data */
3241
3242 COND_FAILED_CURLY_START:
3243 expand_string_message = string_sprintf("missing { after \"%s\"", opname);
3244 return NULL;
3245
3246 COND_FAILED_CURLY_END:
3247 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
3248 opname);
3249 return NULL;
3250
3251 /* A condition requires code that is not compiled */
3252
3253 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
3254 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
3255 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
3256 COND_FAILED_NOT_COMPILED:
3257 expand_string_message = string_sprintf("support for \"%s\" not compiled",
3258 opname);
3259 return NULL;
3260 #endif
3261 }
3262
3263
3264
3265
3266 /*************************************************
3267 * Save numerical variables *
3268 *************************************************/
3269
3270 /* This function is called from items such as "if" that want to preserve and
3271 restore the numbered variables.
3272
3273 Arguments:
3274 save_expand_string points to an array of pointers to set
3275 save_expand_nlength points to an array of ints for the lengths
3276
3277 Returns: the value of expand max to save
3278 */
3279
3280 static int
3281 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
3282 {
3283 for (int i = 0; i <= expand_nmax; i++)
3284 {
3285 save_expand_nstring[i] = expand_nstring[i];
3286 save_expand_nlength[i] = expand_nlength[i];
3287 }
3288 return expand_nmax;
3289 }
3290
3291
3292
3293 /*************************************************
3294 * Restore numerical variables *
3295 *************************************************/
3296
3297 /* This function restored saved values of numerical strings.
3298
3299 Arguments:
3300 save_expand_nmax the number of strings to restore
3301 save_expand_string points to an array of pointers
3302 save_expand_nlength points to an array of ints
3303
3304 Returns: nothing
3305 */
3306
3307 static void
3308 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
3309 int *save_expand_nlength)
3310 {
3311 expand_nmax = save_expand_nmax;
3312 for (int i = 0; i <= expand_nmax; i++)
3313 {
3314 expand_nstring[i] = save_expand_nstring[i];
3315 expand_nlength[i] = save_expand_nlength[i];
3316 }
3317 }
3318
3319
3320
3321
3322
3323 /*************************************************
3324 * Handle yes/no substrings *
3325 *************************************************/
3326
3327 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
3328 alternative substrings that depend on whether or not the condition was true,
3329 or the lookup or extraction succeeded. The substrings always have to be
3330 expanded, to check their syntax, but "skipping" is set when the result is not
3331 needed - this avoids unnecessary nested lookups.
3332
3333 Arguments:
3334 skipping TRUE if we were skipping when this item was reached
3335 yes TRUE if the first string is to be used, else use the second
3336 save_lookup a value to put back into lookup_value before the 2nd expansion
3337 sptr points to the input string pointer
3338 yieldptr points to the output growable-string pointer
3339 type "lookup", "if", "extract", "run", "env", "listextract" or
3340 "certextract" for error message
3341 resetok if not NULL, pointer to flag - write FALSE if unsafe to reset
3342 the store.
3343
3344 Returns: 0 OK; lookup_value has been reset to save_lookup
3345 1 expansion failed
3346 2 expansion failed because of bracketing error
3347 */
3348
3349 static int
3350 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, const uschar **sptr,
3351 gstring ** yieldptr, uschar *type, BOOL *resetok)
3352 {
3353 int rc = 0;
3354 const uschar *s = *sptr; /* Local value */
3355 uschar *sub1, *sub2;
3356 const uschar * errwhere;
3357
3358 /* If there are no following strings, we substitute the contents of $value for
3359 lookups and for extractions in the success case. For the ${if item, the string
3360 "true" is substituted. In the fail case, nothing is substituted for all three
3361 items. */
3362
3363 while (isspace(*s)) s++;
3364 if (*s == '}')
3365 {
3366 if (type[0] == 'i')
3367 {
3368 if (yes && !skipping)
3369 *yieldptr = string_catn(*yieldptr, US"true", 4);
3370 }
3371 else
3372 {
3373 if (yes && lookup_value && !skipping)
3374 *yieldptr = string_cat(*yieldptr, lookup_value);
3375 lookup_value = save_lookup;
3376 }
3377 s++;
3378 goto RETURN;
3379 }
3380
3381 /* The first following string must be braced. */
3382
3383 if (*s++ != '{')
3384 {
3385 errwhere = US"'yes' part did not start with '{'";
3386 goto FAILED_CURLY;
3387 }
3388
3389 /* Expand the first substring. Forced failures are noticed only if we actually
3390 want this string. Set skipping in the call in the fail case (this will always
3391 be the case if we were already skipping). */
3392
3393 sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
3394 if (sub1 == NULL && (yes || !f.expand_string_forcedfail)) goto FAILED;
3395 f.expand_string_forcedfail = FALSE;
3396 if (*s++ != '}')
3397 {
3398 errwhere = US"'yes' part did not end with '}'";
3399 goto FAILED_CURLY;
3400 }
3401
3402 /* If we want the first string, add it to the output */
3403
3404 if (yes)
3405 *yieldptr = string_cat(*yieldptr, sub1);
3406
3407 /* If this is called from a lookup/env or a (cert)extract, we want to restore
3408 $value to what it was at the start of the item, so that it has this value
3409 during the second string expansion. For the call from "if" or "run" to this
3410 function, save_lookup is set to lookup_value, so that this statement does
3411 nothing. */
3412
3413 lookup_value = save_lookup;
3414
3415 /* There now follows either another substring, or "fail", or nothing. This
3416 time, forced failures are noticed only if we want the second string. We must
3417 set skipping in the nested call if we don't want this string, or if we were
3418 already skipping. */
3419
3420 while (isspace(*s)) s++;
3421 if (*s == '{')
3422 {
3423 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
3424 if (sub2 == NULL && (!yes || !f.expand_string_forcedfail)) goto FAILED;
3425 f.expand_string_forcedfail = FALSE;
3426 if (*s++ != '}')
3427 {
3428 errwhere = US"'no' part did not start with '{'";
3429 goto FAILED_CURLY;
3430 }
3431
3432 /* If we want the second string, add it to the output */
3433
3434 if (!yes)
3435 *yieldptr = string_cat(*yieldptr, sub2);
3436 }
3437
3438 /* If there is no second string, but the word "fail" is present when the use of
3439 the second string is wanted, set a flag indicating it was a forced failure
3440 rather than a syntactic error. Swallow the terminating } in case this is nested
3441 inside another lookup or if or extract. */
3442
3443 else if (*s != '}')
3444 {
3445 uschar name[256];
3446 /* deconst cast ok here as source is s anyway */
3447 s = US read_name(name, sizeof(name), s, US"_");
3448 if (Ustrcmp(name, "fail") == 0)
3449 {
3450 if (!yes && !skipping)
3451 {
3452 while (isspace(*s)) s++;
3453 if (*s++ != '}')
3454 {
3455 errwhere = US"did not close with '}' after forcedfail";
3456 goto FAILED_CURLY;
3457 }
3458 expand_string_message =
3459 string_sprintf("\"%s\" failed and \"fail\" requested", type);
3460 f.expand_string_forcedfail = TRUE;
3461 goto FAILED;
3462 }
3463 }
3464 else
3465 {
3466 expand_string_message =
3467 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
3468 goto FAILED;
3469 }
3470 }
3471
3472 /* All we have to do now is to check on the final closing brace. */
3473
3474 while (isspace(*s)) s++;
3475 if (*s++ != '}')
3476 {
3477 errwhere = US"did not close with '}'";
3478 goto FAILED_CURLY;
3479 }
3480
3481
3482 RETURN:
3483 /* Update the input pointer value before returning */
3484 *sptr = s;
3485 return rc;
3486
3487 FAILED_CURLY:
3488 /* Get here if there is a bracketing failure */
3489 expand_string_message = string_sprintf(
3490 "curly-bracket problem in conditional yes/no parsing: %s\n"
3491 " remaining string is '%s'", errwhere, --s);
3492 rc = 2;
3493 goto RETURN;
3494
3495 FAILED:
3496 /* Get here for other failures */
3497 rc = 1;
3498 goto RETURN;
3499 }
3500
3501
3502
3503
3504 /*************************************************
3505 * Handle MD5 or SHA-1 computation for HMAC *
3506 *************************************************/
3507
3508 /* These are some wrapping functions that enable the HMAC code to be a bit
3509 cleaner. A good compiler will spot the tail recursion.
3510
3511 Arguments:
3512 type HMAC_MD5 or HMAC_SHA1
3513 remaining are as for the cryptographic hash functions
3514
3515 Returns: nothing
3516 */
3517
3518 static void
3519 chash_start(int type, void *base)
3520 {
3521 if (type == HMAC_MD5)
3522 md5_start((md5 *)base);
3523 else
3524 sha1_start((hctx *)base);
3525 }
3526
3527 static void
3528 chash_mid(int type, void *base, uschar *string)
3529 {
3530 if (type == HMAC_MD5)
3531 md5_mid((md5 *)base, string);
3532 else
3533 sha1_mid((hctx *)base, string);
3534 }
3535
3536 static void
3537 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
3538 {
3539 if (type == HMAC_MD5)
3540 md5_end((md5 *)base, string, length, digest);
3541 else
3542 sha1_end((hctx *)base, string, length, digest);
3543 }
3544
3545
3546
3547
3548
3549 /********************************************************
3550 * prvs: Get last three digits of days since Jan 1, 1970 *
3551 ********************************************************/
3552
3553 /* This is needed to implement the "prvs" BATV reverse
3554 path signing scheme
3555
3556 Argument: integer "days" offset to add or substract to
3557 or from the current number of days.
3558
3559 Returns: pointer to string containing the last three
3560 digits of the number of days since Jan 1, 1970,
3561 modified by the offset argument, NULL if there
3562 was an error in the conversion.
3563
3564 */
3565
3566 static uschar *
3567 prvs_daystamp(int day_offset)
3568 {
3569 uschar *days = store_get(32, FALSE); /* Need at least 24 for cases */
3570 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
3571 (time(NULL) + day_offset*86400)/86400);
3572 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
3573 }
3574
3575
3576
3577 /********************************************************
3578 * prvs: perform HMAC-SHA1 computation of prvs bits *
3579 ********************************************************/
3580
3581 /* This is needed to implement the "prvs" BATV reverse
3582 path signing scheme
3583
3584 Arguments:
3585 address RFC2821 Address to use
3586 key The key to use (must be less than 64 characters
3587 in size)
3588 key_num Single-digit key number to use. Defaults to
3589 '0' when NULL.
3590
3591 Returns: pointer to string containing the first three
3592 bytes of the final hash in hex format, NULL if
3593 there was an error in the process.
3594 */
3595
3596 static uschar *
3597 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
3598 {
3599 gstring * hash_source;
3600 uschar * p;
3601 hctx h;
3602 uschar innerhash[20];
3603 uschar finalhash[20];
3604 uschar innerkey[64];
3605 uschar outerkey[64];
3606 uschar *finalhash_hex;
3607
3608 if (key_num == NULL)
3609 key_num = US"0";
3610
3611 if (Ustrlen(key) > 64)
3612 return NULL;
3613
3614 hash_source = string_catn(NULL, key_num, 1);
3615 hash_source = string_catn(hash_source, daystamp, 3);
3616 hash_source = string_cat(hash_source, address);
3617 (void) string_from_gstring(hash_source);
3618
3619 DEBUG(D_expand)
3620 debug_printf_indent("prvs: hash source is '%s'\n", hash_source->s);
3621
3622 memset(innerkey, 0x36, 64);
3623 memset(outerkey, 0x5c, 64);
3624
3625 for (int i = 0; i < Ustrlen(key); i++)
3626 {
3627 innerkey[i] ^= key[i];
3628 outerkey[i] ^= key[i];
3629 }
3630
3631 chash_start(HMAC_SHA1, &h);
3632 chash_mid(HMAC_SHA1, &h, innerkey);
3633 chash_end(HMAC_SHA1, &h, hash_source->s, hash_source->ptr, innerhash);
3634
3635 chash_start(HMAC_SHA1, &h);
3636 chash_mid(HMAC_SHA1, &h, outerkey);
3637 chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash);
3638
3639 /* Hashing is deemed sufficient to de-taint any input data */
3640
3641 p = finalhash_hex = store_get(40, FALSE);
3642 for (int i = 0; i < 3; i++)
3643 {
3644 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3645 *p++ = hex_digits[finalhash[i] & 0x0f];
3646 }
3647 *p = '\0';
3648
3649 return finalhash_hex;
3650 }
3651
3652
3653
3654
3655 /*************************************************
3656 * Join a file onto the output string *
3657 *************************************************/
3658
3659 /* This is used for readfile/readsock and after a run expansion.
3660 It joins the contents of a file onto the output string, globally replacing
3661 newlines with a given string (optionally).
3662
3663 Arguments:
3664 f the FILE
3665 yield pointer to the expandable string struct
3666 eol newline replacement string, or NULL
3667
3668 Returns: new pointer for expandable string, terminated if non-null
3669 */
3670
3671 static gstring *
3672 cat_file(FILE *f, gstring *yield, uschar *eol)
3673 {
3674 uschar buffer[1024];
3675
3676 while (Ufgets(buffer, sizeof(buffer), f))
3677 {
3678 int len = Ustrlen(buffer);
3679 if (eol && buffer[len-1] == '\n') len--;
3680 yield = string_catn(yield, buffer, len);
3681 if (eol && buffer[len])
3682 yield = string_cat(yield, eol);
3683 }
3684
3685 (void) string_from_gstring(yield);
3686 return yield;
3687 }
3688
3689
3690 #ifndef DISABLE_TLS
3691 static gstring *
3692 cat_file_tls(void * tls_ctx, gstring * yield, uschar * eol)
3693 {
3694 int rc;
3695 uschar buffer[1024];
3696
3697 /*XXX could we read direct into a pre-grown string? */
3698
3699 while ((rc = tls_read(tls_ctx, buffer, sizeof(buffer))) > 0)
3700 for (uschar * s = buffer; rc--; s++)
3701 yield = eol && *s == '\n'
3702 ? string_cat(yield, eol) : string_catn(yield, s, 1);
3703
3704 /* We assume that all errors, and any returns of zero bytes,
3705 are actually EOF. */
3706
3707 (void) string_from_gstring(yield);
3708 return yield;
3709 }
3710 #endif
3711
3712
3713 /*************************************************
3714 * Evaluate numeric expression *
3715 *************************************************/
3716
3717 /* This is a set of mutually recursive functions that evaluate an arithmetic
3718 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3719 these functions that is called from elsewhere is eval_expr, whose interface is:
3720
3721 Arguments:
3722 sptr pointer to the pointer to the string - gets updated
3723 decimal TRUE if numbers are to be assumed decimal
3724 error pointer to where to put an error message - must be NULL on input
3725 endket TRUE if ')' must terminate - FALSE for external call
3726
3727 Returns: on success: the value of the expression, with *error still NULL
3728 on failure: an undefined value, with *error = a message
3729 */
3730
3731 static int_eximarith_t eval_op_or(uschar **, BOOL, uschar **);
3732
3733
3734 static int_eximarith_t
3735 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3736 {
3737 uschar *s = *sptr;
3738 int_eximarith_t x = eval_op_or(&s, decimal, error);
3739
3740 if (!*error)
3741 if (endket)
3742 if (*s != ')')
3743 *error = US"expecting closing parenthesis";
3744 else
3745 while (isspace(*(++s)));
3746 else if (*s)
3747 *error = US"expecting operator";
3748 *sptr = s;
3749 return x;
3750 }
3751
3752
3753 static int_eximarith_t
3754 eval_number(uschar **sptr, BOOL decimal, uschar **error)
3755 {
3756 int c;
3757 int_eximarith_t n;
3758 uschar *s = *sptr;
3759
3760 while (isspace(*s)) s++;
3761 if (isdigit((c = *s)))
3762 {
3763 int count;
3764 (void)sscanf(CS s, (decimal? SC_EXIM_DEC "%n" : SC_EXIM_ARITH "%n"), &n, &count);
3765 s += count;
3766 switch (tolower(*s))
3767 {
3768 default: break;
3769 case 'k': n *= 1024; s++; break;
3770 case 'm': n *= 1024*1024; s++; break;
3771 case 'g': n *= 1024*1024*1024; s++; break;
3772 }
3773 while (isspace (*s)) s++;
3774 }
3775 else if (c == '(')
3776 {
3777 s++;
3778 n = eval_expr(&s, decimal, error, 1);
3779 }
3780 else
3781 {
3782 *error = US"expecting number or opening parenthesis";
3783 n = 0;
3784 }
3785 *sptr = s;
3786 return n;
3787 }
3788
3789
3790 static int_eximarith_t
3791 eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3792 {
3793 uschar *s = *sptr;
3794 int_eximarith_t x;
3795 while (isspace(*s)) s++;
3796 if (*s == '+' || *s == '-' || *s == '~')
3797 {
3798 int op = *s++;
3799 x = eval_op_unary(&s, decimal, error);
3800 if (op == '-') x = -x;
3801 else if (op == '~') x = ~x;
3802 }
3803 else
3804 x = eval_number(&s, decimal, error);
3805
3806 *sptr = s;
3807 return x;
3808 }
3809
3810
3811 static int_eximarith_t
3812 eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
3813 {
3814 uschar *s = *sptr;
3815 int_eximarith_t x = eval_op_unary(&s, decimal, error);
3816 if (*error == NULL)
3817 {
3818 while (*s == '*' || *s == '/' || *s == '%')
3819 {
3820 int op = *s++;
3821 int_eximarith_t y = eval_op_unary(&s, decimal, error);
3822 if (*error != NULL) break;
3823 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3824 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3825 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3826 * -N*M is INT_MIN will yield INT_MIN.
3827 * Since we don't support floating point, this is somewhat simpler.
3828 * Ideally, we'd return an error, but since we overflow for all other
3829 * arithmetic, consistency suggests otherwise, but what's the correct value
3830 * to use? There is none.
3831 * The C standard guarantees overflow for unsigned arithmetic but signed
3832 * overflow invokes undefined behaviour; in practice, this is overflow
3833 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3834 * that long/longlong larger than int are available, or we could just work
3835 * with larger types. We should consider whether to guarantee 32bit eval
3836 * and 64-bit working variables, with errors returned. For now ...
3837 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3838 * can just let the other invalid results occur otherwise, as they have
3839 * until now. For this one case, we can coerce.
3840 */
3841 if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
3842 {
3843 DEBUG(D_expand)
3844 debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
3845 EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
3846 x = EXIM_ARITH_MAX;
3847 continue;
3848 }
3849 if (op == '*')
3850 x *= y;
3851 else
3852 {
3853 if (y == 0)
3854 {
3855 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3856 x = 0;
3857 break;
3858 }
3859 if (op == '/')
3860 x /= y;
3861 else
3862 x %= y;
3863 }
3864 }
3865 }
3866 *sptr = s;
3867 return x;
3868 }
3869
3870
3871 static int_eximarith_t
3872 eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3873 {
3874 uschar *s = *sptr;
3875 int_eximarith_t x = eval_op_mult(&s, decimal, error);
3876 if (!*error)
3877 {
3878 while (*s == '+' || *s == '-')
3879 {
3880 int op = *s++;
3881 int_eximarith_t y = eval_op_mult(&s, decimal, error);
3882 if (*error) break;
3883 if ( (x >= EXIM_ARITH_MAX/2 && x >= EXIM_ARITH_MAX/2)
3884 || (x <= -(EXIM_ARITH_MAX/2) && y <= -(EXIM_ARITH_MAX/2)))
3885 { /* over-conservative check */
3886 *error = op == '+'
3887 ? US"overflow in sum" : US"overflow in difference";
3888 break;
3889 }
3890 if (op == '+') x += y; else x -= y;
3891 }
3892 }
3893 *sptr = s;
3894 return x;
3895 }
3896
3897
3898 static int_eximarith_t
3899 eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3900 {
3901 uschar *s = *sptr;
3902 int_eximarith_t x = eval_op_sum(&s, decimal, error);
3903 if (*error == NULL)
3904 {
3905 while ((*s == '<' || *s == '>') && s[1] == s[0])
3906 {
3907 int_eximarith_t y;
3908 int op = *s++;
3909 s++;
3910 y = eval_op_sum(&s, decimal, error);
3911 if (*error != NULL) break;
3912 if (op == '<') x <<= y; else x >>= y;
3913 }
3914 }
3915 *sptr = s;
3916 return x;
3917 }
3918
3919
3920 static int_eximarith_t
3921 eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3922 {
3923 uschar *s = *sptr;
3924 int_eximarith_t x = eval_op_shift(&s, decimal, error);
3925 if (*error == NULL)
3926 {
3927 while (*s == '&')
3928 {
3929 int_eximarith_t y;
3930 s++;
3931 y = eval_op_shift(&s, decimal, error);
3932 if (*error != NULL) break;
3933 x &= y;
3934 }
3935 }