Handle ${run} returning more data than OS pipe buffer size.
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2009 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
17
18 #ifdef STAND_ALONE
19 #ifndef SUPPORT_CRYPTEQ
20 #define SUPPORT_CRYPTEQ
21 #endif
22 #endif
23
24 #ifdef LOOKUP_LDAP
25 #include "lookups/ldap.h"
26 #endif
27
28 #ifdef SUPPORT_CRYPTEQ
29 #ifdef CRYPT_H
30 #include <crypt.h>
31 #endif
32 #ifndef HAVE_CRYPT16
33 extern char* crypt16(char*, char*);
34 #endif
35 #endif
36
37 /* The handling of crypt16() is a mess. I will record below the analysis of the
38 mess that was sent to me. We decided, however, to make changing this very low
39 priority, because in practice people are moving away from the crypt()
40 algorithms nowadays, so it doesn't seem worth it.
41
42 <quote>
43 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44 the first 8 characters of the password using a 20-round version of crypt
45 (standard crypt does 25 rounds). It then crypts the next 8 characters,
46 or an empty block if the password is less than 9 characters, using a
47 20-round version of crypt and the same salt as was used for the first
48 block. Charaters after the first 16 are ignored. It always generates
49 a 16-byte hash, which is expressed together with the salt as a string
50 of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56 and OSF/1. This is the same as the standard crypt if given a password
57 of 8 characters or less. If given more, it first does the same as crypt
58 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59 using as salt the first two base 64 digits from the first hash block.
60 If the password is more than 16 characters then it crypts the 17th to 24th
61 characters using as salt the first two base 64 digits from the second hash
62 block. And so on: I've seen references to it cutting off the password at
63 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70 Exim has something it calls "crypt16". It will either use a native
71 crypt16 or its own implementation. A native crypt16 will presumably
72 be the one that I called "crypt16" above. The internal "crypt16"
73 function, however, is a two-block-maximum implementation of what I called
74 "bigcrypt". The documentation matches the internal code.
75
76 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77 that crypt16 and bigcrypt were different things.
78
79 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80 to whatever it is using under that name. This unfortunately sets a
81 precedent for using "{crypt16}" to identify two incompatible algorithms
82 whose output can't be distinguished. With "{crypt16}" thus rendered
83 ambiguous, I suggest you deprecate it and invent two new identifiers
84 for the two algorithms.
85
86 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87 of the password separately means they can be cracked separately, so
88 the double-length hash only doubles the cracking effort instead of
89 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90 bcrypt ({CRYPT}$2a$).
91 </quote>
92 */
93
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"dlfunc",
106 US"extract",
107 US"filter",
108 US"hash",
109 US"hmac",
110 US"if",
111 US"length",
112 US"lookup",
113 US"map",
114 US"nhash",
115 US"perl",
116 US"prvs",
117 US"prvscheck",
118 US"readfile",
119 US"readsocket",
120 US"reduce",
121 US"run",
122 US"sg",
123 US"substr",
124 US"tr" };
125
126 enum {
127 EITEM_DLFUNC,
128 EITEM_EXTRACT,
129 EITEM_FILTER,
130 EITEM_HASH,
131 EITEM_HMAC,
132 EITEM_IF,
133 EITEM_LENGTH,
134 EITEM_LOOKUP,
135 EITEM_MAP,
136 EITEM_NHASH,
137 EITEM_PERL,
138 EITEM_PRVS,
139 EITEM_PRVSCHECK,
140 EITEM_READFILE,
141 EITEM_READSOCK,
142 EITEM_REDUCE,
143 EITEM_RUN,
144 EITEM_SG,
145 EITEM_SUBSTR,
146 EITEM_TR };
147
148 /* Tables of operator names, and corresponding switch numbers. The names must be
149 in alphabetical order. There are two tables, because underscore is used in some
150 cases to introduce arguments, whereas for other it is part of the name. This is
151 an historical mis-design. */
152
153 static uschar *op_table_underscore[] = {
154 US"from_utf8",
155 US"local_part",
156 US"quote_local_part",
157 US"reverse_ip",
158 US"time_eval",
159 US"time_interval"};
160
161 enum {
162 EOP_FROM_UTF8,
163 EOP_LOCAL_PART,
164 EOP_QUOTE_LOCAL_PART,
165 EOP_REVERSE_IP,
166 EOP_TIME_EVAL,
167 EOP_TIME_INTERVAL };
168
169 static uschar *op_table_main[] = {
170 US"address",
171 US"addresses",
172 US"base62",
173 US"base62d",
174 US"domain",
175 US"escape",
176 US"eval",
177 US"eval10",
178 US"expand",
179 US"h",
180 US"hash",
181 US"hex2b64",
182 US"l",
183 US"lc",
184 US"length",
185 US"mask",
186 US"md5",
187 US"nh",
188 US"nhash",
189 US"quote",
190 US"randint",
191 US"rfc2047",
192 US"rfc2047d",
193 US"rxquote",
194 US"s",
195 US"sha1",
196 US"stat",
197 US"str2b64",
198 US"strlen",
199 US"substr",
200 US"uc" };
201
202 enum {
203 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
204 EOP_ADDRESSES,
205 EOP_BASE62,
206 EOP_BASE62D,
207 EOP_DOMAIN,
208 EOP_ESCAPE,
209 EOP_EVAL,
210 EOP_EVAL10,
211 EOP_EXPAND,
212 EOP_H,
213 EOP_HASH,
214 EOP_HEX2B64,
215 EOP_L,
216 EOP_LC,
217 EOP_LENGTH,
218 EOP_MASK,
219 EOP_MD5,
220 EOP_NH,
221 EOP_NHASH,
222 EOP_QUOTE,
223 EOP_RANDINT,
224 EOP_RFC2047,
225 EOP_RFC2047D,
226 EOP_RXQUOTE,
227 EOP_S,
228 EOP_SHA1,
229 EOP_STAT,
230 EOP_STR2B64,
231 EOP_STRLEN,
232 EOP_SUBSTR,
233 EOP_UC };
234
235
236 /* Table of condition names, and corresponding switch numbers. The names must
237 be in alphabetical order. */
238
239 static uschar *cond_table[] = {
240 US"<",
241 US"<=",
242 US"=",
243 US"==", /* Backward compatibility */
244 US">",
245 US">=",
246 US"and",
247 US"bool",
248 US"bool_lax",
249 US"crypteq",
250 US"def",
251 US"eq",
252 US"eqi",
253 US"exists",
254 US"first_delivery",
255 US"forall",
256 US"forany",
257 US"ge",
258 US"gei",
259 US"gt",
260 US"gti",
261 US"isip",
262 US"isip4",
263 US"isip6",
264 US"ldapauth",
265 US"le",
266 US"lei",
267 US"lt",
268 US"lti",
269 US"match",
270 US"match_address",
271 US"match_domain",
272 US"match_ip",
273 US"match_local_part",
274 US"or",
275 US"pam",
276 US"pwcheck",
277 US"queue_running",
278 US"radius",
279 US"saslauthd"
280 };
281
282 enum {
283 ECOND_NUM_L,
284 ECOND_NUM_LE,
285 ECOND_NUM_E,
286 ECOND_NUM_EE,
287 ECOND_NUM_G,
288 ECOND_NUM_GE,
289 ECOND_AND,
290 ECOND_BOOL,
291 ECOND_BOOL_LAX,
292 ECOND_CRYPTEQ,
293 ECOND_DEF,
294 ECOND_STR_EQ,
295 ECOND_STR_EQI,
296 ECOND_EXISTS,
297 ECOND_FIRST_DELIVERY,
298 ECOND_FORALL,
299 ECOND_FORANY,
300 ECOND_STR_GE,
301 ECOND_STR_GEI,
302 ECOND_STR_GT,
303 ECOND_STR_GTI,
304 ECOND_ISIP,
305 ECOND_ISIP4,
306 ECOND_ISIP6,
307 ECOND_LDAPAUTH,
308 ECOND_STR_LE,
309 ECOND_STR_LEI,
310 ECOND_STR_LT,
311 ECOND_STR_LTI,
312 ECOND_MATCH,
313 ECOND_MATCH_ADDRESS,
314 ECOND_MATCH_DOMAIN,
315 ECOND_MATCH_IP,
316 ECOND_MATCH_LOCAL_PART,
317 ECOND_OR,
318 ECOND_PAM,
319 ECOND_PWCHECK,
320 ECOND_QUEUE_RUNNING,
321 ECOND_RADIUS,
322 ECOND_SASLAUTHD
323 };
324
325
326 /* Type for main variable table */
327
328 typedef struct {
329 const char *name;
330 int type;
331 void *value;
332 } var_entry;
333
334 /* Type for entries pointing to address/length pairs. Not currently
335 in use. */
336
337 typedef struct {
338 uschar **address;
339 int *length;
340 } alblock;
341
342 /* Types of table entry */
343
344 enum {
345 vtype_int, /* value is address of int */
346 vtype_filter_int, /* ditto, but recognized only when filtering */
347 vtype_ino, /* value is address of ino_t (not always an int) */
348 vtype_uid, /* value is address of uid_t (not always an int) */
349 vtype_gid, /* value is address of gid_t (not always an int) */
350 vtype_stringptr, /* value is address of pointer to string */
351 vtype_msgbody, /* as stringptr, but read when first required */
352 vtype_msgbody_end, /* ditto, the end of the message */
353 vtype_msgheaders, /* the message's headers, processed */
354 vtype_msgheaders_raw, /* the message's headers, unprocessed */
355 vtype_localpart, /* extract local part from string */
356 vtype_domain, /* extract domain from string */
357 vtype_recipients, /* extract recipients from recipients list */
358 /* (available only in system filters, ACLs, and */
359 /* local_scan()) */
360 vtype_todbsdin, /* value not used; generate BSD inbox tod */
361 vtype_tode, /* value not used; generate tod in epoch format */
362 vtype_todf, /* value not used; generate full tod */
363 vtype_todl, /* value not used; generate log tod */
364 vtype_todlf, /* value not used; generate log file datestamp tod */
365 vtype_todzone, /* value not used; generate time zone only */
366 vtype_todzulu, /* value not used; generate zulu tod */
367 vtype_reply, /* value not used; get reply from headers */
368 vtype_pid, /* value not used; result is pid */
369 vtype_host_lookup, /* value not used; get host name */
370 vtype_load_avg, /* value not used; result is int from os_getloadavg */
371 vtype_pspace, /* partition space; value is T/F for spool/log */
372 vtype_pinodes /* partition inodes; value is T/F for spool/log */
373 #ifndef DISABLE_DKIM
374 ,vtype_dkim /* Lookup of value in DKIM signature */
375 #endif
376 };
377
378 /* This table must be kept in alphabetical order. */
379
380 static var_entry var_table[] = {
381 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
382 they will be confused with user-creatable ACL variables. */
383 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
384 { "address_data", vtype_stringptr, &deliver_address_data },
385 { "address_file", vtype_stringptr, &address_file },
386 { "address_pipe", vtype_stringptr, &address_pipe },
387 { "authenticated_id", vtype_stringptr, &authenticated_id },
388 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
389 { "authentication_failed",vtype_int, &authentication_failed },
390 #ifdef WITH_CONTENT_SCAN
391 { "av_failed", vtype_int, &av_failed },
392 #endif
393 #ifdef EXPERIMENTAL_BRIGHTMAIL
394 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
395 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
396 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
397 { "bmi_deliver", vtype_int, &bmi_deliver },
398 #endif
399 { "body_linecount", vtype_int, &body_linecount },
400 { "body_zerocount", vtype_int, &body_zerocount },
401 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
402 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
403 { "caller_gid", vtype_gid, &real_gid },
404 { "caller_uid", vtype_uid, &real_uid },
405 { "compile_date", vtype_stringptr, &version_date },
406 { "compile_number", vtype_stringptr, &version_cnumber },
407 { "csa_status", vtype_stringptr, &csa_status },
408 #ifdef EXPERIMENTAL_DCC
409 { "dcc_header", vtype_stringptr, &dcc_header },
410 { "dcc_result", vtype_stringptr, &dcc_result },
411 #endif
412 #ifdef WITH_OLD_DEMIME
413 { "demime_errorlevel", vtype_int, &demime_errorlevel },
414 { "demime_reason", vtype_stringptr, &demime_reason },
415 #endif
416 #ifndef DISABLE_DKIM
417 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
418 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
419 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
420 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
421 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
422 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
423 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
424 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
425 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
426 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
427 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
428 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
429 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
430 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
431 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
432 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
433 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
434 { "dkim_signers", vtype_stringptr, &dkim_signers },
435 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
436 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
437 #endif
438 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
439 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
440 { "dnslist_text", vtype_stringptr, &dnslist_text },
441 { "dnslist_value", vtype_stringptr, &dnslist_value },
442 { "domain", vtype_stringptr, &deliver_domain },
443 { "domain_data", vtype_stringptr, &deliver_domain_data },
444 { "exim_gid", vtype_gid, &exim_gid },
445 { "exim_path", vtype_stringptr, &exim_path },
446 { "exim_uid", vtype_uid, &exim_uid },
447 #ifdef WITH_OLD_DEMIME
448 { "found_extension", vtype_stringptr, &found_extension },
449 #endif
450 { "home", vtype_stringptr, &deliver_home },
451 { "host", vtype_stringptr, &deliver_host },
452 { "host_address", vtype_stringptr, &deliver_host_address },
453 { "host_data", vtype_stringptr, &host_data },
454 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
455 { "host_lookup_failed", vtype_int, &host_lookup_failed },
456 { "inode", vtype_ino, &deliver_inode },
457 { "interface_address", vtype_stringptr, &interface_address },
458 { "interface_port", vtype_int, &interface_port },
459 { "item", vtype_stringptr, &iterate_item },
460 #ifdef LOOKUP_LDAP
461 { "ldap_dn", vtype_stringptr, &eldap_dn },
462 #endif
463 { "load_average", vtype_load_avg, NULL },
464 { "local_part", vtype_stringptr, &deliver_localpart },
465 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
466 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
467 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
468 { "local_scan_data", vtype_stringptr, &local_scan_data },
469 { "local_user_gid", vtype_gid, &local_user_gid },
470 { "local_user_uid", vtype_uid, &local_user_uid },
471 { "localhost_number", vtype_int, &host_number },
472 { "log_inodes", vtype_pinodes, (void *)FALSE },
473 { "log_space", vtype_pspace, (void *)FALSE },
474 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
475 #ifdef WITH_CONTENT_SCAN
476 { "malware_name", vtype_stringptr, &malware_name },
477 #endif
478 { "max_received_linelength", vtype_int, &max_received_linelength },
479 { "message_age", vtype_int, &message_age },
480 { "message_body", vtype_msgbody, &message_body },
481 { "message_body_end", vtype_msgbody_end, &message_body_end },
482 { "message_body_size", vtype_int, &message_body_size },
483 { "message_exim_id", vtype_stringptr, &message_id },
484 { "message_headers", vtype_msgheaders, NULL },
485 { "message_headers_raw", vtype_msgheaders_raw, NULL },
486 { "message_id", vtype_stringptr, &message_id },
487 { "message_linecount", vtype_int, &message_linecount },
488 { "message_size", vtype_int, &message_size },
489 #ifdef WITH_CONTENT_SCAN
490 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
491 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
492 { "mime_boundary", vtype_stringptr, &mime_boundary },
493 { "mime_charset", vtype_stringptr, &mime_charset },
494 { "mime_content_description", vtype_stringptr, &mime_content_description },
495 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
496 { "mime_content_id", vtype_stringptr, &mime_content_id },
497 { "mime_content_size", vtype_int, &mime_content_size },
498 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
499 { "mime_content_type", vtype_stringptr, &mime_content_type },
500 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
501 { "mime_filename", vtype_stringptr, &mime_filename },
502 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
503 { "mime_is_multipart", vtype_int, &mime_is_multipart },
504 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
505 { "mime_part_count", vtype_int, &mime_part_count },
506 #endif
507 { "n0", vtype_filter_int, &filter_n[0] },
508 { "n1", vtype_filter_int, &filter_n[1] },
509 { "n2", vtype_filter_int, &filter_n[2] },
510 { "n3", vtype_filter_int, &filter_n[3] },
511 { "n4", vtype_filter_int, &filter_n[4] },
512 { "n5", vtype_filter_int, &filter_n[5] },
513 { "n6", vtype_filter_int, &filter_n[6] },
514 { "n7", vtype_filter_int, &filter_n[7] },
515 { "n8", vtype_filter_int, &filter_n[8] },
516 { "n9", vtype_filter_int, &filter_n[9] },
517 { "original_domain", vtype_stringptr, &deliver_domain_orig },
518 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
519 { "originator_gid", vtype_gid, &originator_gid },
520 { "originator_uid", vtype_uid, &originator_uid },
521 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
522 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
523 { "pid", vtype_pid, NULL },
524 { "primary_hostname", vtype_stringptr, &primary_hostname },
525 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
526 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
527 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
528 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
529 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
530 { "rcpt_count", vtype_int, &rcpt_count },
531 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
532 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
533 { "received_count", vtype_int, &received_count },
534 { "received_for", vtype_stringptr, &received_for },
535 { "received_ip_address", vtype_stringptr, &interface_address },
536 { "received_port", vtype_int, &interface_port },
537 { "received_protocol", vtype_stringptr, &received_protocol },
538 { "received_time", vtype_int, &received_time },
539 { "recipient_data", vtype_stringptr, &recipient_data },
540 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
541 { "recipients", vtype_recipients, NULL },
542 { "recipients_count", vtype_int, &recipients_count },
543 #ifdef WITH_CONTENT_SCAN
544 { "regex_match_string", vtype_stringptr, &regex_match_string },
545 #endif
546 { "reply_address", vtype_reply, NULL },
547 { "return_path", vtype_stringptr, &return_path },
548 { "return_size_limit", vtype_int, &bounce_return_size_limit },
549 { "runrc", vtype_int, &runrc },
550 { "self_hostname", vtype_stringptr, &self_hostname },
551 { "sender_address", vtype_stringptr, &sender_address },
552 { "sender_address_data", vtype_stringptr, &sender_address_data },
553 { "sender_address_domain", vtype_domain, &sender_address },
554 { "sender_address_local_part", vtype_localpart, &sender_address },
555 { "sender_data", vtype_stringptr, &sender_data },
556 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
557 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
558 { "sender_host_address", vtype_stringptr, &sender_host_address },
559 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
560 { "sender_host_name", vtype_host_lookup, NULL },
561 { "sender_host_port", vtype_int, &sender_host_port },
562 { "sender_ident", vtype_stringptr, &sender_ident },
563 { "sender_rate", vtype_stringptr, &sender_rate },
564 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
565 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
566 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
567 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
568 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
569 { "sending_port", vtype_int, &sending_port },
570 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
571 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
572 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
573 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
574 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
575 { "sn0", vtype_filter_int, &filter_sn[0] },
576 { "sn1", vtype_filter_int, &filter_sn[1] },
577 { "sn2", vtype_filter_int, &filter_sn[2] },
578 { "sn3", vtype_filter_int, &filter_sn[3] },
579 { "sn4", vtype_filter_int, &filter_sn[4] },
580 { "sn5", vtype_filter_int, &filter_sn[5] },
581 { "sn6", vtype_filter_int, &filter_sn[6] },
582 { "sn7", vtype_filter_int, &filter_sn[7] },
583 { "sn8", vtype_filter_int, &filter_sn[8] },
584 { "sn9", vtype_filter_int, &filter_sn[9] },
585 #ifdef WITH_CONTENT_SCAN
586 { "spam_bar", vtype_stringptr, &spam_bar },
587 { "spam_report", vtype_stringptr, &spam_report },
588 { "spam_score", vtype_stringptr, &spam_score },
589 { "spam_score_int", vtype_stringptr, &spam_score_int },
590 #endif
591 #ifdef EXPERIMENTAL_SPF
592 { "spf_guess", vtype_stringptr, &spf_guess },
593 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
594 { "spf_received", vtype_stringptr, &spf_received },
595 { "spf_result", vtype_stringptr, &spf_result },
596 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
597 #endif
598 { "spool_directory", vtype_stringptr, &spool_directory },
599 { "spool_inodes", vtype_pinodes, (void *)TRUE },
600 { "spool_space", vtype_pspace, (void *)TRUE },
601 #ifdef EXPERIMENTAL_SRS
602 { "srs_db_address", vtype_stringptr, &srs_db_address },
603 { "srs_db_key", vtype_stringptr, &srs_db_key },
604 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
605 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
606 { "srs_recipient", vtype_stringptr, &srs_recipient },
607 { "srs_status", vtype_stringptr, &srs_status },
608 #endif
609 { "thisaddress", vtype_stringptr, &filter_thisaddress },
610 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
611 { "tls_cipher", vtype_stringptr, &tls_cipher },
612 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
613 { "tod_bsdinbox", vtype_todbsdin, NULL },
614 { "tod_epoch", vtype_tode, NULL },
615 { "tod_full", vtype_todf, NULL },
616 { "tod_log", vtype_todl, NULL },
617 { "tod_logfile", vtype_todlf, NULL },
618 { "tod_zone", vtype_todzone, NULL },
619 { "tod_zulu", vtype_todzulu, NULL },
620 { "value", vtype_stringptr, &lookup_value },
621 { "version_number", vtype_stringptr, &version_string },
622 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
623 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
624 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
625 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
626 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
627 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
628 };
629
630 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
631 static uschar var_buffer[256];
632 static BOOL malformed_header;
633
634 /* For textual hashes */
635
636 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
637 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
638 "0123456789";
639
640 enum { HMAC_MD5, HMAC_SHA1 };
641
642 /* For numeric hashes */
643
644 static unsigned int prime[] = {
645 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
646 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
647 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
648
649 /* For printing modes in symbolic form */
650
651 static uschar *mtable_normal[] =
652 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
653
654 static uschar *mtable_setid[] =
655 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
656
657 static uschar *mtable_sticky[] =
658 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
659
660
661
662 /*************************************************
663 * Tables for UTF-8 support *
664 *************************************************/
665
666 /* Table of the number of extra characters, indexed by the first character
667 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
668 0x3d. */
669
670 static uschar utf8_table1[] = {
671 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
672 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
673 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
674 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
675
676 /* These are the masks for the data bits in the first byte of a character,
677 indexed by the number of additional bytes. */
678
679 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
680
681 /* Get the next UTF-8 character, advancing the pointer. */
682
683 #define GETUTF8INC(c, ptr) \
684 c = *ptr++; \
685 if ((c & 0xc0) == 0xc0) \
686 { \
687 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
688 int s = 6*a; \
689 c = (c & utf8_table2[a]) << s; \
690 while (a-- > 0) \
691 { \
692 s -= 6; \
693 c |= (*ptr++ & 0x3f) << s; \
694 } \
695 }
696
697
698 /*************************************************
699 * Binary chop search on a table *
700 *************************************************/
701
702 /* This is used for matching expansion items and operators.
703
704 Arguments:
705 name the name that is being sought
706 table the table to search
707 table_size the number of items in the table
708
709 Returns: the offset in the table, or -1
710 */
711
712 static int
713 chop_match(uschar *name, uschar **table, int table_size)
714 {
715 uschar **bot = table;
716 uschar **top = table + table_size;
717
718 while (top > bot)
719 {
720 uschar **mid = bot + (top - bot)/2;
721 int c = Ustrcmp(name, *mid);
722 if (c == 0) return mid - table;
723 if (c > 0) bot = mid + 1; else top = mid;
724 }
725
726 return -1;
727 }
728
729
730
731 /*************************************************
732 * Check a condition string *
733 *************************************************/
734
735 /* This function is called to expand a string, and test the result for a "true"
736 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
737 forced fail or lookup defer. All store used by the function can be released on
738 exit.
739
740 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
741
742 Arguments:
743 condition the condition string
744 m1 text to be incorporated in panic error
745 m2 ditto
746
747 Returns: TRUE if condition is met, FALSE if not
748 */
749
750 BOOL
751 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
752 {
753 int rc;
754 void *reset_point = store_get(0);
755 uschar *ss = expand_string(condition);
756 if (ss == NULL)
757 {
758 if (!expand_string_forcedfail && !search_find_defer)
759 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
760 "for %s %s: %s", condition, m1, m2, expand_string_message);
761 return FALSE;
762 }
763 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
764 strcmpic(ss, US"false") != 0;
765 store_reset(reset_point);
766 return rc;
767 }
768
769
770
771 /*************************************************
772 * Pseudo-random number generation *
773 *************************************************/
774
775 /* Pseudo-random number generation. The result is not "expected" to be
776 cryptographically strong but not so weak that someone will shoot themselves
777 in the foot using it as a nonce in some email header scheme or whatever
778 weirdness they'll twist this into. The result should ideally handle fork().
779
780 However, if we're stuck unable to provide this, then we'll fall back to
781 appallingly bad randomness.
782
783 If SUPPORT_TLS is defined and OpenSSL is used, then this will not be used.
784 The GNUTLS randomness functions found do not seem amenable to extracting
785 random numbers outside of a TLS context. Any volunteers?
786
787 Arguments:
788 max range maximum
789 Returns a random number in range [0, max-1]
790 */
791
792 #if !defined(SUPPORT_TLS) || defined(USE_GNUTLS)
793 int
794 pseudo_random_number(int max)
795 {
796 static pid_t pid = 0;
797 pid_t p2;
798 #if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
799 struct timeval tv;
800 #endif
801
802 p2 = getpid();
803 if (p2 != pid)
804 {
805 if (pid != 0)
806 {
807
808 #ifdef HAVE_ARC4RANDOM
809 /* cryptographically strong randomness, common on *BSD platforms, not
810 so much elsewhere. Alas. */
811 arc4random_stir();
812 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
813 #ifdef HAVE_SRANDOMDEV
814 /* uses random(4) for seeding */
815 srandomdev();
816 #else
817 gettimeofday(&tv, NULL);
818 srandom(tv.tv_sec | tv.tv_usec | getpid());
819 #endif
820 #else
821 /* Poor randomness and no seeding here */
822 #endif
823
824 }
825 pid = p2;
826 }
827
828 #ifdef HAVE_ARC4RANDOM
829 return arc4random() % max;
830 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
831 return random() % max;
832 #else
833 /* This one returns a 16-bit number, definitely not crypto-strong */
834 return random_number(max);
835 #endif
836 }
837
838 #endif
839
840 /*************************************************
841 * Pick out a name from a string *
842 *************************************************/
843
844 /* If the name is too long, it is silently truncated.
845
846 Arguments:
847 name points to a buffer into which to put the name
848 max is the length of the buffer
849 s points to the first alphabetic character of the name
850 extras chars other than alphanumerics to permit
851
852 Returns: pointer to the first character after the name
853
854 Note: The test for *s != 0 in the while loop is necessary because
855 Ustrchr() yields non-NULL if the character is zero (which is not something
856 I expected). */
857
858 static uschar *
859 read_name(uschar *name, int max, uschar *s, uschar *extras)
860 {
861 int ptr = 0;
862 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
863 {
864 if (ptr < max-1) name[ptr++] = *s;
865 s++;
866 }
867 name[ptr] = 0;
868 return s;
869 }
870
871
872
873 /*************************************************
874 * Pick out the rest of a header name *
875 *************************************************/
876
877 /* A variable name starting $header_ (or just $h_ for those who like
878 abbreviations) might not be the complete header name because headers can
879 contain any printing characters in their names, except ':'. This function is
880 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
881 on the end, if the name was terminated by white space.
882
883 Arguments:
884 name points to a buffer in which the name read so far exists
885 max is the length of the buffer
886 s points to the first character after the name so far, i.e. the
887 first non-alphameric character after $header_xxxxx
888
889 Returns: a pointer to the first character after the header name
890 */
891
892 static uschar *
893 read_header_name(uschar *name, int max, uschar *s)
894 {
895 int prelen = Ustrchr(name, '_') - name + 1;
896 int ptr = Ustrlen(name) - prelen;
897 if (ptr > 0) memmove(name, name+prelen, ptr);
898 while (mac_isgraph(*s) && *s != ':')
899 {
900 if (ptr < max-1) name[ptr++] = *s;
901 s++;
902 }
903 if (*s == ':') s++;
904 name[ptr++] = ':';
905 name[ptr] = 0;
906 return s;
907 }
908
909
910
911 /*************************************************
912 * Pick out a number from a string *
913 *************************************************/
914
915 /* Arguments:
916 n points to an integer into which to put the number
917 s points to the first digit of the number
918
919 Returns: a pointer to the character after the last digit
920 */
921
922 static uschar *
923 read_number(int *n, uschar *s)
924 {
925 *n = 0;
926 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
927 return s;
928 }
929
930
931
932 /*************************************************
933 * Extract keyed subfield from a string *
934 *************************************************/
935
936 /* The yield is in dynamic store; NULL means that the key was not found.
937
938 Arguments:
939 key points to the name of the key
940 s points to the string from which to extract the subfield
941
942 Returns: NULL if the subfield was not found, or
943 a pointer to the subfield's data
944 */
945
946 static uschar *
947 expand_getkeyed(uschar *key, uschar *s)
948 {
949 int length = Ustrlen(key);
950 while (isspace(*s)) s++;
951
952 /* Loop to search for the key */
953
954 while (*s != 0)
955 {
956 int dkeylength;
957 uschar *data;
958 uschar *dkey = s;
959
960 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
961 dkeylength = s - dkey;
962 while (isspace(*s)) s++;
963 if (*s == '=') while (isspace((*(++s))));
964
965 data = string_dequote(&s);
966 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
967 return data;
968
969 while (isspace(*s)) s++;
970 }
971
972 return NULL;
973 }
974
975
976
977
978 /*************************************************
979 * Extract numbered subfield from string *
980 *************************************************/
981
982 /* Extracts a numbered field from a string that is divided by tokens - for
983 example a line from /etc/passwd is divided by colon characters. First field is
984 numbered one. Negative arguments count from the right. Zero returns the whole
985 string. Returns NULL if there are insufficient tokens in the string
986
987 ***WARNING***
988 Modifies final argument - this is a dynamically generated string, so that's OK.
989
990 Arguments:
991 field number of field to be extracted,
992 first field = 1, whole string = 0, last field = -1
993 separators characters that are used to break string into tokens
994 s points to the string from which to extract the subfield
995
996 Returns: NULL if the field was not found,
997 a pointer to the field's data inside s (modified to add 0)
998 */
999
1000 static uschar *
1001 expand_gettokened (int field, uschar *separators, uschar *s)
1002 {
1003 int sep = 1;
1004 int count;
1005 uschar *ss = s;
1006 uschar *fieldtext = NULL;
1007
1008 if (field == 0) return s;
1009
1010 /* Break the line up into fields in place; for field > 0 we stop when we have
1011 done the number of fields we want. For field < 0 we continue till the end of
1012 the string, counting the number of fields. */
1013
1014 count = (field > 0)? field : INT_MAX;
1015
1016 while (count-- > 0)
1017 {
1018 size_t len;
1019
1020 /* Previous field was the last one in the string. For a positive field
1021 number, this means there are not enough fields. For a negative field number,
1022 check that there are enough, and scan back to find the one that is wanted. */
1023
1024 if (sep == 0)
1025 {
1026 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1027 if ((-field) == (INT_MAX - count - 1)) return s;
1028 while (field++ < 0)
1029 {
1030 ss--;
1031 while (ss[-1] != 0) ss--;
1032 }
1033 fieldtext = ss;
1034 break;
1035 }
1036
1037 /* Previous field was not last in the string; save its start and put a
1038 zero at its end. */
1039
1040 fieldtext = ss;
1041 len = Ustrcspn(ss, separators);
1042 sep = ss[len];
1043 ss[len] = 0;
1044 ss += len + 1;
1045 }
1046
1047 return fieldtext;
1048 }
1049
1050
1051
1052 /*************************************************
1053 * Extract a substring from a string *
1054 *************************************************/
1055
1056 /* Perform the ${substr or ${length expansion operations.
1057
1058 Arguments:
1059 subject the input string
1060 value1 the offset from the start of the input string to the start of
1061 the output string; if negative, count from the right.
1062 value2 the length of the output string, or negative (-1) for unset
1063 if value1 is positive, unset means "all after"
1064 if value1 is negative, unset means "all before"
1065 len set to the length of the returned string
1066
1067 Returns: pointer to the output string, or NULL if there is an error
1068 */
1069
1070 static uschar *
1071 extract_substr(uschar *subject, int value1, int value2, int *len)
1072 {
1073 int sublen = Ustrlen(subject);
1074
1075 if (value1 < 0) /* count from right */
1076 {
1077 value1 += sublen;
1078
1079 /* If the position is before the start, skip to the start, and adjust the
1080 length. If the length ends up negative, the substring is null because nothing
1081 can precede. This falls out naturally when the length is unset, meaning "all
1082 to the left". */
1083
1084 if (value1 < 0)
1085 {
1086 value2 += value1;
1087 if (value2 < 0) value2 = 0;
1088 value1 = 0;
1089 }
1090
1091 /* Otherwise an unset length => characters before value1 */
1092
1093 else if (value2 < 0)
1094 {
1095 value2 = value1;
1096 value1 = 0;
1097 }
1098 }
1099
1100 /* For a non-negative offset, if the starting position is past the end of the
1101 string, the result will be the null string. Otherwise, an unset length means
1102 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1103
1104 else
1105 {
1106 if (value1 > sublen)
1107 {
1108 value1 = sublen;
1109 value2 = 0;
1110 }
1111 else if (value2 < 0) value2 = sublen;
1112 }
1113
1114 /* Cut the length down to the maximum possible for the offset value, and get
1115 the required characters. */
1116
1117 if (value1 + value2 > sublen) value2 = sublen - value1;
1118 *len = value2;
1119 return subject + value1;
1120 }
1121
1122
1123
1124
1125 /*************************************************
1126 * Old-style hash of a string *
1127 *************************************************/
1128
1129 /* Perform the ${hash expansion operation.
1130
1131 Arguments:
1132 subject the input string (an expanded substring)
1133 value1 the length of the output string; if greater or equal to the
1134 length of the input string, the input string is returned
1135 value2 the number of hash characters to use, or 26 if negative
1136 len set to the length of the returned string
1137
1138 Returns: pointer to the output string, or NULL if there is an error
1139 */
1140
1141 static uschar *
1142 compute_hash(uschar *subject, int value1, int value2, int *len)
1143 {
1144 int sublen = Ustrlen(subject);
1145
1146 if (value2 < 0) value2 = 26;
1147 else if (value2 > Ustrlen(hashcodes))
1148 {
1149 expand_string_message =
1150 string_sprintf("hash count \"%d\" too big", value2);
1151 return NULL;
1152 }
1153
1154 /* Calculate the hash text. We know it is shorter than the original string, so
1155 can safely place it in subject[] (we know that subject is always itself an
1156 expanded substring). */
1157
1158 if (value1 < sublen)
1159 {
1160 int c;
1161 int i = 0;
1162 int j = value1;
1163 while ((c = (subject[j])) != 0)
1164 {
1165 int shift = (c + j++) & 7;
1166 subject[i] ^= (c << shift) | (c >> (8-shift));
1167 if (++i >= value1) i = 0;
1168 }
1169 for (i = 0; i < value1; i++)
1170 subject[i] = hashcodes[(subject[i]) % value2];
1171 }
1172 else value1 = sublen;
1173
1174 *len = value1;
1175 return subject;
1176 }
1177
1178
1179
1180
1181 /*************************************************
1182 * Numeric hash of a string *
1183 *************************************************/
1184
1185 /* Perform the ${nhash expansion operation. The first characters of the
1186 string are treated as most important, and get the highest prime numbers.
1187
1188 Arguments:
1189 subject the input string
1190 value1 the maximum value of the first part of the result
1191 value2 the maximum value of the second part of the result,
1192 or negative to produce only a one-part result
1193 len set to the length of the returned string
1194
1195 Returns: pointer to the output string, or NULL if there is an error.
1196 */
1197
1198 static uschar *
1199 compute_nhash (uschar *subject, int value1, int value2, int *len)
1200 {
1201 uschar *s = subject;
1202 int i = 0;
1203 unsigned long int total = 0; /* no overflow */
1204
1205 while (*s != 0)
1206 {
1207 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1208 total += prime[i--] * (unsigned int)(*s++);
1209 }
1210
1211 /* If value2 is unset, just compute one number */
1212
1213 if (value2 < 0)
1214 {
1215 s = string_sprintf("%d", total % value1);
1216 }
1217
1218 /* Otherwise do a div/mod hash */
1219
1220 else
1221 {
1222 total = total % (value1 * value2);
1223 s = string_sprintf("%d/%d", total/value2, total % value2);
1224 }
1225
1226 *len = Ustrlen(s);
1227 return s;
1228 }
1229
1230
1231
1232
1233
1234 /*************************************************
1235 * Find the value of a header or headers *
1236 *************************************************/
1237
1238 /* Multiple instances of the same header get concatenated, and this function
1239 can also return a concatenation of all the header lines. When concatenating
1240 specific headers that contain lists of addresses, a comma is inserted between
1241 them. Otherwise we use a straight concatenation. Because some messages can have
1242 pathologically large number of lines, there is a limit on the length that is
1243 returned. Also, to avoid massive store use which would result from using
1244 string_cat() as it copies and extends strings, we do a preliminary pass to find
1245 out exactly how much store will be needed. On "normal" messages this will be
1246 pretty trivial.
1247
1248 Arguments:
1249 name the name of the header, without the leading $header_ or $h_,
1250 or NULL if a concatenation of all headers is required
1251 exists_only TRUE if called from a def: test; don't need to build a string;
1252 just return a string that is not "" and not "0" if the header
1253 exists
1254 newsize return the size of memory block that was obtained; may be NULL
1255 if exists_only is TRUE
1256 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1257 other than concatenating, will be done on the header. Also used
1258 for $message_headers_raw.
1259 charset name of charset to translate MIME words to; used only if
1260 want_raw is false; if NULL, no translation is done (this is
1261 used for $bh_ and $bheader_)
1262
1263 Returns: NULL if the header does not exist, else a pointer to a new
1264 store block
1265 */
1266
1267 static uschar *
1268 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1269 uschar *charset)
1270 {
1271 BOOL found = name == NULL;
1272 int comma = 0;
1273 int len = found? 0 : Ustrlen(name);
1274 int i;
1275 uschar *yield = NULL;
1276 uschar *ptr = NULL;
1277
1278 /* Loop for two passes - saves code repetition */
1279
1280 for (i = 0; i < 2; i++)
1281 {
1282 int size = 0;
1283 header_line *h;
1284
1285 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1286 {
1287 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1288 {
1289 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1290 {
1291 int ilen;
1292 uschar *t;
1293
1294 if (exists_only) return US"1"; /* don't need actual string */
1295 found = TRUE;
1296 t = h->text + len; /* text to insert */
1297 if (!want_raw) /* unless wanted raw, */
1298 while (isspace(*t)) t++; /* remove leading white space */
1299 ilen = h->slen - (t - h->text); /* length to insert */
1300
1301 /* Unless wanted raw, remove trailing whitespace, including the
1302 newline. */
1303
1304 if (!want_raw)
1305 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1306
1307 /* Set comma = 1 if handling a single header and it's one of those
1308 that contains an address list, except when asked for raw headers. Only
1309 need to do this once. */
1310
1311 if (!want_raw && name != NULL && comma == 0 &&
1312 Ustrchr("BCFRST", h->type) != NULL)
1313 comma = 1;
1314
1315 /* First pass - compute total store needed; second pass - compute
1316 total store used, including this header. */
1317
1318 size += ilen + comma + 1; /* +1 for the newline */
1319
1320 /* Second pass - concatentate the data, up to a maximum. Note that
1321 the loop stops when size hits the limit. */
1322
1323 if (i != 0)
1324 {
1325 if (size > header_insert_maxlen)
1326 {
1327 ilen -= size - header_insert_maxlen - 1;
1328 comma = 0;
1329 }
1330 Ustrncpy(ptr, t, ilen);
1331 ptr += ilen;
1332
1333 /* For a non-raw header, put in the comma if needed, then add
1334 back the newline we removed above, provided there was some text in
1335 the header. */
1336
1337 if (!want_raw && ilen > 0)
1338 {
1339 if (comma != 0) *ptr++ = ',';
1340 *ptr++ = '\n';
1341 }
1342 }
1343 }
1344 }
1345 }
1346
1347 /* At end of first pass, return NULL if no header found. Then truncate size
1348 if necessary, and get the buffer to hold the data, returning the buffer size.
1349 */
1350
1351 if (i == 0)
1352 {
1353 if (!found) return NULL;
1354 if (size > header_insert_maxlen) size = header_insert_maxlen;
1355 *newsize = size + 1;
1356 ptr = yield = store_get(*newsize);
1357 }
1358 }
1359
1360 /* That's all we do for raw header expansion. */
1361
1362 if (want_raw)
1363 {
1364 *ptr = 0;
1365 }
1366
1367 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1368 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1369 function can return an error with decoded data if the charset translation
1370 fails. If decoding fails, it returns NULL. */
1371
1372 else
1373 {
1374 uschar *decoded, *error;
1375 if (ptr > yield && ptr[-1] == '\n') ptr--;
1376 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1377 *ptr = 0;
1378 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1379 newsize, &error);
1380 if (error != NULL)
1381 {
1382 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1383 " input was: %s\n", error, yield);
1384 }
1385 if (decoded != NULL) yield = decoded;
1386 }
1387
1388 return yield;
1389 }
1390
1391
1392
1393
1394 /*************************************************
1395 * Find value of a variable *
1396 *************************************************/
1397
1398 /* The table of variables is kept in alphabetic order, so we can search it
1399 using a binary chop. The "choplen" variable is nothing to do with the binary
1400 chop.
1401
1402 Arguments:
1403 name the name of the variable being sought
1404 exists_only TRUE if this is a def: test; passed on to find_header()
1405 skipping TRUE => skip any processing evaluation; this is not the same as
1406 exists_only because def: may test for values that are first
1407 evaluated here
1408 newsize pointer to an int which is initially zero; if the answer is in
1409 a new memory buffer, *newsize is set to its size
1410
1411 Returns: NULL if the variable does not exist, or
1412 a pointer to the variable's contents, or
1413 something non-NULL if exists_only is TRUE
1414 */
1415
1416 static uschar *
1417 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1418 {
1419 int first = 0;
1420 int last = var_table_size;
1421
1422 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1423 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1424 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1425 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1426 (this gave backwards compatibility at the changeover). There may be built-in
1427 variables whose names start acl_ but they should never start in this way. This
1428 slightly messy specification is a consequence of the history, needless to say.
1429
1430 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1431 set, in which case give an error. */
1432
1433 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1434 !isalpha(name[5]))
1435 {
1436 tree_node *node =
1437 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1438 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1439 }
1440
1441 /* Handle $auth<n> variables. */
1442
1443 if (Ustrncmp(name, "auth", 4) == 0)
1444 {
1445 uschar *endptr;
1446 int n = Ustrtoul(name + 4, &endptr, 10);
1447 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1448 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1449 }
1450
1451 /* For all other variables, search the table */
1452
1453 while (last > first)
1454 {
1455 uschar *s, *domain;
1456 uschar **ss;
1457 int middle = (first + last)/2;
1458 int c = Ustrcmp(name, var_table[middle].name);
1459
1460 if (c > 0) { first = middle + 1; continue; }
1461 if (c < 0) { last = middle; continue; }
1462
1463 /* Found an existing variable. If in skipping state, the value isn't needed,
1464 and we want to avoid processing (such as looking up the host name). */
1465
1466 if (skipping) return US"";
1467
1468 switch (var_table[middle].type)
1469 {
1470 case vtype_filter_int:
1471 if (!filter_running) return NULL;
1472 /* Fall through */
1473 /* VVVVVVVVVVVV */
1474 case vtype_int:
1475 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1476 return var_buffer;
1477
1478 case vtype_ino:
1479 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1480 return var_buffer;
1481
1482 case vtype_gid:
1483 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1484 return var_buffer;
1485
1486 case vtype_uid:
1487 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1488 return var_buffer;
1489
1490 case vtype_stringptr: /* Pointer to string */
1491 s = *((uschar **)(var_table[middle].value));
1492 return (s == NULL)? US"" : s;
1493
1494 case vtype_pid:
1495 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1496 return var_buffer;
1497
1498 case vtype_load_avg:
1499 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1500 return var_buffer;
1501
1502 case vtype_host_lookup: /* Lookup if not done so */
1503 if (sender_host_name == NULL && sender_host_address != NULL &&
1504 !host_lookup_failed && host_name_lookup() == OK)
1505 host_build_sender_fullhost();
1506 return (sender_host_name == NULL)? US"" : sender_host_name;
1507
1508 case vtype_localpart: /* Get local part from address */
1509 s = *((uschar **)(var_table[middle].value));
1510 if (s == NULL) return US"";
1511 domain = Ustrrchr(s, '@');
1512 if (domain == NULL) return s;
1513 if (domain - s > sizeof(var_buffer) - 1)
1514 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1515 "string expansion", sizeof(var_buffer));
1516 Ustrncpy(var_buffer, s, domain - s);
1517 var_buffer[domain - s] = 0;
1518 return var_buffer;
1519
1520 case vtype_domain: /* Get domain from address */
1521 s = *((uschar **)(var_table[middle].value));
1522 if (s == NULL) return US"";
1523 domain = Ustrrchr(s, '@');
1524 return (domain == NULL)? US"" : domain + 1;
1525
1526 case vtype_msgheaders:
1527 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1528
1529 case vtype_msgheaders_raw:
1530 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1531
1532 case vtype_msgbody: /* Pointer to msgbody string */
1533 case vtype_msgbody_end: /* Ditto, the end of the msg */
1534 ss = (uschar **)(var_table[middle].value);
1535 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1536 {
1537 uschar *body;
1538 off_t start_offset = SPOOL_DATA_START_OFFSET;
1539 int len = message_body_visible;
1540 if (len > message_size) len = message_size;
1541 *ss = body = store_malloc(len+1);
1542 body[0] = 0;
1543 if (var_table[middle].type == vtype_msgbody_end)
1544 {
1545 struct stat statbuf;
1546 if (fstat(deliver_datafile, &statbuf) == 0)
1547 {
1548 start_offset = statbuf.st_size - len;
1549 if (start_offset < SPOOL_DATA_START_OFFSET)
1550 start_offset = SPOOL_DATA_START_OFFSET;
1551 }
1552 }
1553 lseek(deliver_datafile, start_offset, SEEK_SET);
1554 len = read(deliver_datafile, body, len);
1555 if (len > 0)
1556 {
1557 body[len] = 0;
1558 if (message_body_newlines) /* Separate loops for efficiency */
1559 {
1560 while (len > 0)
1561 { if (body[--len] == 0) body[len] = ' '; }
1562 }
1563 else
1564 {
1565 while (len > 0)
1566 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1567 }
1568 }
1569 }
1570 return (*ss == NULL)? US"" : *ss;
1571
1572 case vtype_todbsdin: /* BSD inbox time of day */
1573 return tod_stamp(tod_bsdin);
1574
1575 case vtype_tode: /* Unix epoch time of day */
1576 return tod_stamp(tod_epoch);
1577
1578 case vtype_todf: /* Full time of day */
1579 return tod_stamp(tod_full);
1580
1581 case vtype_todl: /* Log format time of day */
1582 return tod_stamp(tod_log_bare); /* (without timezone) */
1583
1584 case vtype_todzone: /* Time zone offset only */
1585 return tod_stamp(tod_zone);
1586
1587 case vtype_todzulu: /* Zulu time */
1588 return tod_stamp(tod_zulu);
1589
1590 case vtype_todlf: /* Log file datestamp tod */
1591 return tod_stamp(tod_log_datestamp_daily);
1592
1593 case vtype_reply: /* Get reply address */
1594 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1595 headers_charset);
1596 if (s != NULL) while (isspace(*s)) s++;
1597 if (s == NULL || *s == 0)
1598 {
1599 *newsize = 0; /* For the *s==0 case */
1600 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1601 }
1602 if (s != NULL)
1603 {
1604 uschar *t;
1605 while (isspace(*s)) s++;
1606 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1607 while (t > s && isspace(t[-1])) t--;
1608 *t = 0;
1609 }
1610 return (s == NULL)? US"" : s;
1611
1612 /* A recipients list is available only during system message filtering,
1613 during ACL processing after DATA, and while expanding pipe commands
1614 generated from a system filter, but not elsewhere. */
1615
1616 case vtype_recipients:
1617 if (!enable_dollar_recipients) return NULL; else
1618 {
1619 int size = 128;
1620 int ptr = 0;
1621 int i;
1622 s = store_get(size);
1623 for (i = 0; i < recipients_count; i++)
1624 {
1625 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1626 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1627 Ustrlen(recipients_list[i].address));
1628 }
1629 s[ptr] = 0; /* string_cat() leaves room */
1630 }
1631 return s;
1632
1633 case vtype_pspace:
1634 {
1635 int inodes;
1636 sprintf(CS var_buffer, "%d",
1637 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1638 }
1639 return var_buffer;
1640
1641 case vtype_pinodes:
1642 {
1643 int inodes;
1644 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1645 sprintf(CS var_buffer, "%d", inodes);
1646 }
1647 return var_buffer;
1648
1649 #ifndef DISABLE_DKIM
1650 case vtype_dkim:
1651 return dkim_exim_expand_query((int)(long)var_table[middle].value);
1652 #endif
1653
1654 }
1655 }
1656
1657 return NULL; /* Unknown variable name */
1658 }
1659
1660
1661
1662
1663 /*************************************************
1664 * Read and expand substrings *
1665 *************************************************/
1666
1667 /* This function is called to read and expand argument substrings for various
1668 expansion items. Some have a minimum requirement that is less than the maximum;
1669 in these cases, the first non-present one is set to NULL.
1670
1671 Arguments:
1672 sub points to vector of pointers to set
1673 n maximum number of substrings
1674 m minimum required
1675 sptr points to current string pointer
1676 skipping the skipping flag
1677 check_end if TRUE, check for final '}'
1678 name name of item, for error message
1679
1680 Returns: 0 OK; string pointer updated
1681 1 curly bracketing error (too few arguments)
1682 2 too many arguments (only if check_end is set); message set
1683 3 other error (expansion failure)
1684 */
1685
1686 static int
1687 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1688 BOOL check_end, uschar *name)
1689 {
1690 int i;
1691 uschar *s = *sptr;
1692
1693 while (isspace(*s)) s++;
1694 for (i = 0; i < n; i++)
1695 {
1696 if (*s != '{')
1697 {
1698 if (i < m) return 1;
1699 sub[i] = NULL;
1700 break;
1701 }
1702 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1703 if (sub[i] == NULL) return 3;
1704 if (*s++ != '}') return 1;
1705 while (isspace(*s)) s++;
1706 }
1707 if (check_end && *s++ != '}')
1708 {
1709 if (s[-1] == '{')
1710 {
1711 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1712 "(max is %d)", name, n);
1713 return 2;
1714 }
1715 return 1;
1716 }
1717
1718 *sptr = s;
1719 return 0;
1720 }
1721
1722
1723
1724
1725 /*************************************************
1726 * Elaborate message for bad variable *
1727 *************************************************/
1728
1729 /* For the "unknown variable" message, take a look at the variable's name, and
1730 give additional information about possible ACL variables. The extra information
1731 is added on to expand_string_message.
1732
1733 Argument: the name of the variable
1734 Returns: nothing
1735 */
1736
1737 static void
1738 check_variable_error_message(uschar *name)
1739 {
1740 if (Ustrncmp(name, "acl_", 4) == 0)
1741 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1742 (name[4] == 'c' || name[4] == 'm')?
1743 (isalpha(name[5])?
1744 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1745 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1746 ) :
1747 US"user-defined ACL variables must start acl_c or acl_m");
1748 }
1749
1750
1751
1752 /*************************************************
1753 * Read and evaluate a condition *
1754 *************************************************/
1755
1756 /*
1757 Arguments:
1758 s points to the start of the condition text
1759 yield points to a BOOL to hold the result of the condition test;
1760 if NULL, we are just reading through a condition that is
1761 part of an "or" combination to check syntax, or in a state
1762 where the answer isn't required
1763
1764 Returns: a pointer to the first character after the condition, or
1765 NULL after an error
1766 */
1767
1768 static uschar *
1769 eval_condition(uschar *s, BOOL *yield)
1770 {
1771 BOOL testfor = TRUE;
1772 BOOL tempcond, combined_cond;
1773 BOOL *subcondptr;
1774 int i, rc, cond_type, roffset;
1775 int num[2];
1776 struct stat statbuf;
1777 uschar name[256];
1778 uschar *sub[4];
1779
1780 const pcre *re;
1781 const uschar *rerror;
1782
1783 for (;;)
1784 {
1785 while (isspace(*s)) s++;
1786 if (*s == '!') { testfor = !testfor; s++; } else break;
1787 }
1788
1789 /* Numeric comparisons are symbolic */
1790
1791 if (*s == '=' || *s == '>' || *s == '<')
1792 {
1793 int p = 0;
1794 name[p++] = *s++;
1795 if (*s == '=')
1796 {
1797 name[p++] = '=';
1798 s++;
1799 }
1800 name[p] = 0;
1801 }
1802
1803 /* All other conditions are named */
1804
1805 else s = read_name(name, 256, s, US"_");
1806
1807 /* If we haven't read a name, it means some non-alpha character is first. */
1808
1809 if (name[0] == 0)
1810 {
1811 expand_string_message = string_sprintf("condition name expected, "
1812 "but found \"%.16s\"", s);
1813 return NULL;
1814 }
1815
1816 /* Find which condition we are dealing with, and switch on it */
1817
1818 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1819 switch(cond_type)
1820 {
1821 /* def: tests for a non-empty variable, or for the existence of a header. If
1822 yield == NULL we are in a skipping state, and don't care about the answer. */
1823
1824 case ECOND_DEF:
1825 if (*s != ':')
1826 {
1827 expand_string_message = US"\":\" expected after \"def\"";
1828 return NULL;
1829 }
1830
1831 s = read_name(name, 256, s+1, US"_");
1832
1833 /* Test for a header's existence. If the name contains a closing brace
1834 character, this may be a user error where the terminating colon has been
1835 omitted. Set a flag to adjust a subsequent error message in this case. */
1836
1837 if (Ustrncmp(name, "h_", 2) == 0 ||
1838 Ustrncmp(name, "rh_", 3) == 0 ||
1839 Ustrncmp(name, "bh_", 3) == 0 ||
1840 Ustrncmp(name, "header_", 7) == 0 ||
1841 Ustrncmp(name, "rheader_", 8) == 0 ||
1842 Ustrncmp(name, "bheader_", 8) == 0)
1843 {
1844 s = read_header_name(name, 256, s);
1845 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
1846 if (yield != NULL) *yield =
1847 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1848 }
1849
1850 /* Test for a variable's having a non-empty value. A non-existent variable
1851 causes an expansion failure. */
1852
1853 else
1854 {
1855 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1856 if (value == NULL)
1857 {
1858 expand_string_message = (name[0] == 0)?
1859 string_sprintf("variable name omitted after \"def:\"") :
1860 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1861 check_variable_error_message(name);
1862 return NULL;
1863 }
1864 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1865 }
1866
1867 return s;
1868
1869
1870 /* first_delivery tests for first delivery attempt */
1871
1872 case ECOND_FIRST_DELIVERY:
1873 if (yield != NULL) *yield = deliver_firsttime == testfor;
1874 return s;
1875
1876
1877 /* queue_running tests for any process started by a queue runner */
1878
1879 case ECOND_QUEUE_RUNNING:
1880 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1881 return s;
1882
1883
1884 /* exists: tests for file existence
1885 isip: tests for any IP address
1886 isip4: tests for an IPv4 address
1887 isip6: tests for an IPv6 address
1888 pam: does PAM authentication
1889 radius: does RADIUS authentication
1890 ldapauth: does LDAP authentication
1891 pwcheck: does Cyrus SASL pwcheck authentication
1892 */
1893
1894 case ECOND_EXISTS:
1895 case ECOND_ISIP:
1896 case ECOND_ISIP4:
1897 case ECOND_ISIP6:
1898 case ECOND_PAM:
1899 case ECOND_RADIUS:
1900 case ECOND_LDAPAUTH:
1901 case ECOND_PWCHECK:
1902
1903 while (isspace(*s)) s++;
1904 if (*s != '{') goto COND_FAILED_CURLY_START;
1905
1906 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1907 if (sub[0] == NULL) return NULL;
1908 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1909
1910 if (yield == NULL) return s; /* No need to run the test if skipping */
1911
1912 switch(cond_type)
1913 {
1914 case ECOND_EXISTS:
1915 if ((expand_forbid & RDO_EXISTS) != 0)
1916 {
1917 expand_string_message = US"File existence tests are not permitted";
1918 return NULL;
1919 }
1920 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1921 break;
1922
1923 case ECOND_ISIP:
1924 case ECOND_ISIP4:
1925 case ECOND_ISIP6:
1926 rc = string_is_ip_address(sub[0], NULL);
1927 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
1928 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1929 break;
1930
1931 /* Various authentication tests - all optionally compiled */
1932
1933 case ECOND_PAM:
1934 #ifdef SUPPORT_PAM
1935 rc = auth_call_pam(sub[0], &expand_string_message);
1936 goto END_AUTH;
1937 #else
1938 goto COND_FAILED_NOT_COMPILED;
1939 #endif /* SUPPORT_PAM */
1940
1941 case ECOND_RADIUS:
1942 #ifdef RADIUS_CONFIG_FILE
1943 rc = auth_call_radius(sub[0], &expand_string_message);
1944 goto END_AUTH;
1945 #else
1946 goto COND_FAILED_NOT_COMPILED;
1947 #endif /* RADIUS_CONFIG_FILE */
1948
1949 case ECOND_LDAPAUTH:
1950 #ifdef LOOKUP_LDAP
1951 {
1952 /* Just to keep the interface the same */
1953 BOOL do_cache;
1954 int old_pool = store_pool;
1955 store_pool = POOL_SEARCH;
1956 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1957 &expand_string_message, &do_cache);
1958 store_pool = old_pool;
1959 }
1960 goto END_AUTH;
1961 #else
1962 goto COND_FAILED_NOT_COMPILED;
1963 #endif /* LOOKUP_LDAP */
1964
1965 case ECOND_PWCHECK:
1966 #ifdef CYRUS_PWCHECK_SOCKET
1967 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1968 goto END_AUTH;
1969 #else
1970 goto COND_FAILED_NOT_COMPILED;
1971 #endif /* CYRUS_PWCHECK_SOCKET */
1972
1973 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1974 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1975 END_AUTH:
1976 if (rc == ERROR || rc == DEFER) return NULL;
1977 *yield = (rc == OK) == testfor;
1978 #endif
1979 }
1980 return s;
1981
1982
1983 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1984
1985 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1986
1987 However, the last two are optional. That is why the whole set is enclosed
1988 in their own set or braces. */
1989
1990 case ECOND_SASLAUTHD:
1991 #ifndef CYRUS_SASLAUTHD_SOCKET
1992 goto COND_FAILED_NOT_COMPILED;
1993 #else
1994 while (isspace(*s)) s++;
1995 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1996 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1997 {
1998 case 1: expand_string_message = US"too few arguments or bracketing "
1999 "error for saslauthd";
2000 case 2:
2001 case 3: return NULL;
2002 }
2003 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2004 if (yield != NULL)
2005 {
2006 int rc;
2007 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2008 &expand_string_message);
2009 if (rc == ERROR || rc == DEFER) return NULL;
2010 *yield = (rc == OK) == testfor;
2011 }
2012 return s;
2013 #endif /* CYRUS_SASLAUTHD_SOCKET */
2014
2015
2016 /* symbolic operators for numeric and string comparison, and a number of
2017 other operators, all requiring two arguments.
2018
2019 match: does a regular expression match and sets up the numerical
2020 variables if it succeeds
2021 match_address: matches in an address list
2022 match_domain: matches in a domain list
2023 match_ip: matches a host list that is restricted to IP addresses
2024 match_local_part: matches in a local part list
2025 crypteq: encrypts plaintext and compares against an encrypted text,
2026 using crypt(), crypt16(), MD5 or SHA-1
2027 */
2028
2029 case ECOND_MATCH:
2030 case ECOND_MATCH_ADDRESS:
2031 case ECOND_MATCH_DOMAIN:
2032 case ECOND_MATCH_IP:
2033 case ECOND_MATCH_LOCAL_PART:
2034 case ECOND_CRYPTEQ:
2035
2036 case ECOND_NUM_L: /* Numerical comparisons */
2037 case ECOND_NUM_LE:
2038 case ECOND_NUM_E:
2039 case ECOND_NUM_EE:
2040 case ECOND_NUM_G:
2041 case ECOND_NUM_GE:
2042
2043 case ECOND_STR_LT: /* String comparisons */
2044 case ECOND_STR_LTI:
2045 case ECOND_STR_LE:
2046 case ECOND_STR_LEI:
2047 case ECOND_STR_EQ:
2048 case ECOND_STR_EQI:
2049 case ECOND_STR_GT:
2050 case ECOND_STR_GTI:
2051 case ECOND_STR_GE:
2052 case ECOND_STR_GEI:
2053
2054 for (i = 0; i < 2; i++)
2055 {
2056 while (isspace(*s)) s++;
2057 if (*s != '{')
2058 {
2059 if (i == 0) goto COND_FAILED_CURLY_START;
2060 expand_string_message = string_sprintf("missing 2nd string in {} "
2061 "after \"%s\"", name);
2062 return NULL;
2063 }
2064 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
2065 if (sub[i] == NULL) return NULL;
2066 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2067
2068 /* Convert to numerical if required; we know that the names of all the
2069 conditions that compare numbers do not start with a letter. This just saves
2070 checking for them individually. */
2071
2072 if (!isalpha(name[0]) && yield != NULL)
2073 {
2074 if (sub[i][0] == 0)
2075 {
2076 num[i] = 0;
2077 DEBUG(D_expand)
2078 debug_printf("empty string cast to zero for numerical comparison\n");
2079 }
2080 else
2081 {
2082 num[i] = expand_string_integer(sub[i], FALSE);
2083 if (expand_string_message != NULL) return NULL;
2084 }
2085 }
2086 }
2087
2088 /* Result not required */
2089
2090 if (yield == NULL) return s;
2091
2092 /* Do an appropriate comparison */
2093
2094 switch(cond_type)
2095 {
2096 case ECOND_NUM_E:
2097 case ECOND_NUM_EE:
2098 *yield = (num[0] == num[1]) == testfor;
2099 break;
2100
2101 case ECOND_NUM_G:
2102 *yield = (num[0] > num[1]) == testfor;
2103 break;
2104
2105 case ECOND_NUM_GE:
2106 *yield = (num[0] >= num[1]) == testfor;
2107 break;
2108
2109 case ECOND_NUM_L:
2110 *yield = (num[0] < num[1]) == testfor;
2111 break;
2112
2113 case ECOND_NUM_LE:
2114 *yield = (num[0] <= num[1]) == testfor;
2115 break;
2116
2117 case ECOND_STR_LT:
2118 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
2119 break;
2120
2121 case ECOND_STR_LTI:
2122 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
2123 break;
2124
2125 case ECOND_STR_LE:
2126 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
2127 break;
2128
2129 case ECOND_STR_LEI:
2130 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
2131 break;
2132
2133 case ECOND_STR_EQ:
2134 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
2135 break;
2136
2137 case ECOND_STR_EQI:
2138 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
2139 break;
2140
2141 case ECOND_STR_GT:
2142 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
2143 break;
2144
2145 case ECOND_STR_GTI:
2146 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
2147 break;
2148
2149 case ECOND_STR_GE:
2150 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2151 break;
2152
2153 case ECOND_STR_GEI:
2154 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2155 break;
2156
2157 case ECOND_MATCH: /* Regular expression match */
2158 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2159 NULL);
2160 if (re == NULL)
2161 {
2162 expand_string_message = string_sprintf("regular expression error in "
2163 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2164 return NULL;
2165 }
2166 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2167 break;
2168
2169 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2170 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2171 goto MATCHED_SOMETHING;
2172
2173 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2174 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2175 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2176 goto MATCHED_SOMETHING;
2177
2178 case ECOND_MATCH_IP: /* Match IP address in a host list */
2179 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2180 {
2181 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2182 sub[0]);
2183 return NULL;
2184 }
2185 else
2186 {
2187 unsigned int *nullcache = NULL;
2188 check_host_block cb;
2189
2190 cb.host_name = US"";
2191 cb.host_address = sub[0];
2192
2193 /* If the host address starts off ::ffff: it is an IPv6 address in
2194 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2195 addresses. */
2196
2197 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2198 cb.host_address + 7 : cb.host_address;
2199
2200 rc = match_check_list(
2201 &sub[1], /* the list */
2202 0, /* separator character */
2203 &hostlist_anchor, /* anchor pointer */
2204 &nullcache, /* cache pointer */
2205 check_host, /* function for testing */
2206 &cb, /* argument for function */
2207 MCL_HOST, /* type of check */
2208 sub[0], /* text for debugging */
2209 NULL); /* where to pass back data */
2210 }
2211 goto MATCHED_SOMETHING;
2212
2213 case ECOND_MATCH_LOCAL_PART:
2214 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2215 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2216 /* Fall through */
2217 /* VVVVVVVVVVVV */
2218 MATCHED_SOMETHING:
2219 switch(rc)
2220 {
2221 case OK:
2222 *yield = testfor;
2223 break;
2224
2225 case FAIL:
2226 *yield = !testfor;
2227 break;
2228
2229 case DEFER:
2230 expand_string_message = string_sprintf("unable to complete match "
2231 "against \"%s\": %s", sub[1], search_error_message);
2232 return NULL;
2233 }
2234
2235 break;
2236
2237 /* Various "encrypted" comparisons. If the second string starts with
2238 "{" then an encryption type is given. Default to crypt() or crypt16()
2239 (build-time choice). */
2240
2241 case ECOND_CRYPTEQ:
2242 #ifndef SUPPORT_CRYPTEQ
2243 goto COND_FAILED_NOT_COMPILED;
2244 #else
2245 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2246 {
2247 int sublen = Ustrlen(sub[1]+5);
2248 md5 base;
2249 uschar digest[16];
2250
2251 md5_start(&base);
2252 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2253
2254 /* If the length that we are comparing against is 24, the MD5 digest
2255 is expressed as a base64 string. This is the way LDAP does it. However,
2256 some other software uses a straightforward hex representation. We assume
2257 this if the length is 32. Other lengths fail. */
2258
2259 if (sublen == 24)
2260 {
2261 uschar *coded = auth_b64encode((uschar *)digest, 16);
2262 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2263 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2264 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2265 }
2266 else if (sublen == 32)
2267 {
2268 int i;
2269 uschar coded[36];
2270 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2271 coded[32] = 0;
2272 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2273 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2274 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2275 }
2276 else
2277 {
2278 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2279 "fail\n crypted=%s\n", sub[1]+5);
2280 *yield = !testfor;
2281 }
2282 }
2283
2284 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2285 {
2286 int sublen = Ustrlen(sub[1]+6);
2287 sha1 base;
2288 uschar digest[20];
2289
2290 sha1_start(&base);
2291 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2292
2293 /* If the length that we are comparing against is 28, assume the SHA1
2294 digest is expressed as a base64 string. If the length is 40, assume a
2295 straightforward hex representation. Other lengths fail. */
2296
2297 if (sublen == 28)
2298 {
2299 uschar *coded = auth_b64encode((uschar *)digest, 20);
2300 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2301 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2302 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2303 }
2304 else if (sublen == 40)
2305 {
2306 int i;
2307 uschar coded[44];
2308 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2309 coded[40] = 0;
2310 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2311 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2312 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2313 }
2314 else
2315 {
2316 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2317 "fail\n crypted=%s\n", sub[1]+6);
2318 *yield = !testfor;
2319 }
2320 }
2321
2322 else /* {crypt} or {crypt16} and non-{ at start */
2323 {
2324 int which = 0;
2325 uschar *coded;
2326
2327 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2328 {
2329 sub[1] += 7;
2330 which = 1;
2331 }
2332 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2333 {
2334 sub[1] += 9;
2335 which = 2;
2336 }
2337 else if (sub[1][0] == '{')
2338 {
2339 expand_string_message = string_sprintf("unknown encryption mechanism "
2340 "in \"%s\"", sub[1]);
2341 return NULL;
2342 }
2343
2344 switch(which)
2345 {
2346 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2347 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2348 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2349 }
2350
2351 #define STR(s) # s
2352 #define XSTR(s) STR(s)
2353 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2354 " subject=%s\n crypted=%s\n",
2355 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2356 coded, sub[1]);
2357 #undef STR
2358 #undef XSTR
2359
2360 /* If the encrypted string contains fewer than two characters (for the
2361 salt), force failure. Otherwise we get false positives: with an empty
2362 string the yield of crypt() is an empty string! */
2363
2364 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2365 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2366 }
2367 break;
2368 #endif /* SUPPORT_CRYPTEQ */
2369 } /* Switch for comparison conditions */
2370
2371 return s; /* End of comparison conditions */
2372
2373
2374 /* and/or: computes logical and/or of several conditions */
2375
2376 case ECOND_AND:
2377 case ECOND_OR:
2378 subcondptr = (yield == NULL)? NULL : &tempcond;
2379 combined_cond = (cond_type == ECOND_AND);
2380
2381 while (isspace(*s)) s++;
2382 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2383
2384 for (;;)
2385 {
2386 while (isspace(*s)) s++;
2387 if (*s == '}') break;
2388 if (*s != '{')
2389 {
2390 expand_string_message = string_sprintf("each subcondition "
2391 "inside an \"%s{...}\" condition must be in its own {}", name);
2392 return NULL;
2393 }
2394
2395 s = eval_condition(s+1, subcondptr);
2396 if (s == NULL)
2397 {
2398 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2399 expand_string_message, name);
2400 return NULL;
2401 }
2402 while (isspace(*s)) s++;
2403
2404 if (*s++ != '}')
2405 {
2406 expand_string_message = string_sprintf("missing } at end of condition "
2407 "inside \"%s\" group", name);
2408 return NULL;
2409 }
2410
2411 if (yield != NULL)
2412 {
2413 if (cond_type == ECOND_AND)
2414 {
2415 combined_cond &= tempcond;
2416 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2417 } /* evaluate any more */
2418 else
2419 {
2420 combined_cond |= tempcond;
2421 if (combined_cond) subcondptr = NULL; /* once true, don't */
2422 } /* evaluate any more */
2423 }
2424 }
2425
2426 if (yield != NULL) *yield = (combined_cond == testfor);
2427 return ++s;
2428
2429
2430 /* forall/forany: iterates a condition with different values */
2431
2432 case ECOND_FORALL:
2433 case ECOND_FORANY:
2434 {
2435 int sep = 0;
2436 uschar *save_iterate_item = iterate_item;
2437
2438 while (isspace(*s)) s++;
2439 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2440 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL));
2441 if (sub[0] == NULL) return NULL;
2442 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2443
2444 while (isspace(*s)) s++;
2445 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2446
2447 sub[1] = s;
2448
2449 /* Call eval_condition once, with result discarded (as if scanning a
2450 "false" part). This allows us to find the end of the condition, because if
2451 the list it empty, we won't actually evaluate the condition for real. */
2452
2453 s = eval_condition(sub[1], NULL);
2454 if (s == NULL)
2455 {
2456 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2457 expand_string_message, name);
2458 return NULL;
2459 }
2460 while (isspace(*s)) s++;
2461
2462 if (*s++ != '}')
2463 {
2464 expand_string_message = string_sprintf("missing } at end of condition "
2465 "inside \"%s\"", name);
2466 return NULL;
2467 }
2468
2469 if (yield != NULL) *yield = !testfor;
2470 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2471 {
2472 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2473 if (eval_condition(sub[1], &tempcond) == NULL)
2474 {
2475 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2476 expand_string_message, name);
2477 iterate_item = save_iterate_item;
2478 return NULL;
2479 }
2480 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2481 tempcond? "true":"false");
2482
2483 if (yield != NULL) *yield = (tempcond == testfor);
2484 if (tempcond == (cond_type == ECOND_FORANY)) break;
2485 }
2486
2487 iterate_item = save_iterate_item;
2488 return s;
2489 }
2490
2491
2492 /* The bool{} expansion condition maps a string to boolean.
2493 The values supported should match those supported by the ACL condition
2494 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2495 of true/false. Note that Router "condition" rules have a different
2496 interpretation, where general data can be used and only a few values
2497 map to FALSE.
2498 Note that readconf.c boolean matching, for boolean configuration options,
2499 only matches true/yes/false/no.
2500 The bool_lax{} condition matches the Router logic, which is much more
2501 liberal. */
2502 case ECOND_BOOL:
2503 case ECOND_BOOL_LAX:
2504 {
2505 uschar *sub_arg[1];
2506 uschar *t, *t2;
2507 uschar *ourname;
2508 size_t len;
2509 BOOL boolvalue = FALSE;
2510 while (isspace(*s)) s++;
2511 if (*s != '{') goto COND_FAILED_CURLY_START;
2512 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
2513 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname))
2514 {
2515 case 1: expand_string_message = string_sprintf(
2516 "too few arguments or bracketing error for %s",
2517 ourname);
2518 /*FALLTHROUGH*/
2519 case 2:
2520 case 3: return NULL;
2521 }
2522 t = sub_arg[0];
2523 while (isspace(*t)) t++;
2524 len = Ustrlen(t);
2525 if (len)
2526 {
2527 /* trailing whitespace: seems like a good idea to ignore it too */
2528 t2 = t + len - 1;
2529 while (isspace(*t2)) t2--;
2530 if (t2 != (t + len))
2531 {
2532 *++t2 = '\0';
2533 len = t2 - t;
2534 }
2535 }
2536 DEBUG(D_expand)
2537 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2538 /* logic for the lax case from expand_check_condition(), which also does
2539 expands, and the logic is both short and stable enough that there should
2540 be no maintenance burden from replicating it. */
2541 if (len == 0)
2542 boolvalue = FALSE;
2543 else if (Ustrspn(t, "0123456789") == len)
2544 {
2545 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
2546 /* expand_check_condition only does a literal string "0" check */
2547 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2548 boolvalue = TRUE;
2549 }
2550 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2551 boolvalue = TRUE;
2552 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2553 boolvalue = FALSE;
2554 else if (cond_type == ECOND_BOOL_LAX)
2555 boolvalue = TRUE;
2556 else
2557 {
2558 expand_string_message = string_sprintf("unrecognised boolean "
2559 "value \"%s\"", t);
2560 return NULL;
2561 }
2562 if (yield != NULL) *yield = (boolvalue == testfor);
2563 return s;
2564 }
2565
2566 /* Unknown condition */
2567
2568 default:
2569 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2570 return NULL;
2571 } /* End switch on condition type */
2572
2573 /* Missing braces at start and end of data */
2574
2575 COND_FAILED_CURLY_START:
2576 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2577 return NULL;
2578
2579 COND_FAILED_CURLY_END:
2580 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2581 name);
2582 return NULL;
2583
2584 /* A condition requires code that is not compiled */
2585
2586 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2587 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2588 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2589 COND_FAILED_NOT_COMPILED:
2590 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2591 name);
2592 return NULL;
2593 #endif
2594 }
2595
2596
2597
2598
2599 /*************************************************
2600 * Save numerical variables *
2601 *************************************************/
2602
2603 /* This function is called from items such as "if" that want to preserve and
2604 restore the numbered variables.
2605
2606 Arguments:
2607 save_expand_string points to an array of pointers to set
2608 save_expand_nlength points to an array of ints for the lengths
2609
2610 Returns: the value of expand max to save
2611 */
2612
2613 static int
2614 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2615 {
2616 int i;
2617 for (i = 0; i <= expand_nmax; i++)
2618 {
2619 save_expand_nstring[i] = expand_nstring[i];
2620 save_expand_nlength[i] = expand_nlength[i];
2621 }
2622 return expand_nmax;
2623 }
2624
2625
2626
2627 /*************************************************
2628 * Restore numerical variables *
2629 *************************************************/
2630
2631 /* This function restored saved values of numerical strings.
2632
2633 Arguments:
2634 save_expand_nmax the number of strings to restore
2635 save_expand_string points to an array of pointers
2636 save_expand_nlength points to an array of ints
2637
2638 Returns: nothing
2639 */
2640
2641 static void
2642 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2643 int *save_expand_nlength)
2644 {
2645 int i;
2646 expand_nmax = save_expand_nmax;
2647 for (i = 0; i <= expand_nmax; i++)
2648 {
2649 expand_nstring[i] = save_expand_nstring[i];
2650 expand_nlength[i] = save_expand_nlength[i];
2651 }
2652 }
2653
2654
2655
2656
2657
2658 /*************************************************
2659 * Handle yes/no substrings *
2660 *************************************************/
2661
2662 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2663 alternative substrings that depend on whether or not the condition was true,
2664 or the lookup or extraction succeeded. The substrings always have to be
2665 expanded, to check their syntax, but "skipping" is set when the result is not
2666 needed - this avoids unnecessary nested lookups.
2667
2668 Arguments:
2669 skipping TRUE if we were skipping when this item was reached
2670 yes TRUE if the first string is to be used, else use the second
2671 save_lookup a value to put back into lookup_value before the 2nd expansion
2672 sptr points to the input string pointer
2673 yieldptr points to the output string pointer
2674 sizeptr points to the output string size
2675 ptrptr points to the output string pointer
2676 type "lookup" or "if" or "extract" or "run", for error message
2677
2678 Returns: 0 OK; lookup_value has been reset to save_lookup
2679 1 expansion failed
2680 2 expansion failed because of bracketing error
2681 */
2682
2683 static int
2684 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2685 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2686 {
2687 int rc = 0;
2688 uschar *s = *sptr; /* Local value */
2689 uschar *sub1, *sub2;
2690
2691 /* If there are no following strings, we substitute the contents of $value for
2692 lookups and for extractions in the success case. For the ${if item, the string
2693 "true" is substituted. In the fail case, nothing is substituted for all three
2694 items. */
2695
2696 while (isspace(*s)) s++;
2697 if (*s == '}')
2698 {
2699 if (type[0] == 'i')
2700 {
2701 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2702 }
2703 else
2704 {
2705 if (yes && lookup_value != NULL)
2706 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2707 Ustrlen(lookup_value));
2708 lookup_value = save_lookup;
2709 }
2710 s++;
2711 goto RETURN;
2712 }
2713
2714 /* The first following string must be braced. */
2715
2716 if (*s++ != '{') goto FAILED_CURLY;
2717
2718 /* Expand the first substring. Forced failures are noticed only if we actually
2719 want this string. Set skipping in the call in the fail case (this will always
2720 be the case if we were already skipping). */
2721
2722 sub1 = expand_string_internal(s, TRUE, &s, !yes);
2723 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2724 expand_string_forcedfail = FALSE;
2725 if (*s++ != '}') goto FAILED_CURLY;
2726
2727 /* If we want the first string, add it to the output */
2728
2729 if (yes)
2730 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2731
2732 /* If this is called from a lookup or an extract, we want to restore $value to
2733 what it was at the start of the item, so that it has this value during the
2734 second string expansion. For the call from "if" or "run" to this function,
2735 save_lookup is set to lookup_value, so that this statement does nothing. */
2736
2737 lookup_value = save_lookup;
2738
2739 /* There now follows either another substring, or "fail", or nothing. This
2740 time, forced failures are noticed only if we want the second string. We must
2741 set skipping in the nested call if we don't want this string, or if we were
2742 already skipping. */
2743
2744 while (isspace(*s)) s++;
2745 if (*s == '{')
2746 {
2747 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2748 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2749 expand_string_forcedfail = FALSE;
2750 if (*s++ != '}') goto FAILED_CURLY;
2751
2752 /* If we want the second string, add it to the output */
2753
2754 if (!yes)
2755 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2756 }
2757
2758 /* If there is no second string, but the word "fail" is present when the use of
2759 the second string is wanted, set a flag indicating it was a forced failure
2760 rather than a syntactic error. Swallow the terminating } in case this is nested
2761 inside another lookup or if or extract. */
2762
2763 else if (*s != '}')
2764 {
2765 uschar name[256];
2766 s = read_name(name, sizeof(name), s, US"_");
2767 if (Ustrcmp(name, "fail") == 0)
2768 {
2769 if (!yes && !skipping)
2770 {
2771 while (isspace(*s)) s++;
2772 if (*s++ != '}') goto FAILED_CURLY;
2773 expand_string_message =
2774 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2775 expand_string_forcedfail = TRUE;
2776 goto FAILED;
2777 }
2778 }
2779 else
2780 {
2781 expand_string_message =
2782 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2783 goto FAILED;
2784 }
2785 }
2786
2787 /* All we have to do now is to check on the final closing brace. */
2788
2789 while (isspace(*s)) s++;
2790 if (*s++ == '}') goto RETURN;
2791
2792 /* Get here if there is a bracketing failure */
2793
2794 FAILED_CURLY:
2795 rc++;
2796
2797 /* Get here for other failures */
2798
2799 FAILED:
2800 rc++;
2801
2802 /* Update the input pointer value before returning */
2803
2804 RETURN:
2805 *sptr = s;
2806 return rc;
2807 }
2808
2809
2810
2811
2812 /*************************************************
2813 * Handle MD5 or SHA-1 computation for HMAC *
2814 *************************************************/
2815
2816 /* These are some wrapping functions that enable the HMAC code to be a bit
2817 cleaner. A good compiler will spot the tail recursion.
2818
2819 Arguments:
2820 type HMAC_MD5 or HMAC_SHA1
2821 remaining are as for the cryptographic hash functions
2822
2823 Returns: nothing
2824 */
2825
2826 static void
2827 chash_start(int type, void *base)
2828 {
2829 if (type == HMAC_MD5)
2830 md5_start((md5 *)base);
2831 else
2832 sha1_start((sha1 *)base);
2833 }
2834
2835 static void
2836 chash_mid(int type, void *base, uschar *string)
2837 {
2838 if (type == HMAC_MD5)
2839 md5_mid((md5 *)base, string);
2840 else
2841 sha1_mid((sha1 *)base, string);
2842 }
2843
2844 static void
2845 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2846 {
2847 if (type == HMAC_MD5)
2848 md5_end((md5 *)base, string, length, digest);
2849 else
2850 sha1_end((sha1 *)base, string, length, digest);
2851 }
2852
2853
2854
2855
2856
2857 /********************************************************
2858 * prvs: Get last three digits of days since Jan 1, 1970 *
2859 ********************************************************/
2860
2861 /* This is needed to implement the "prvs" BATV reverse
2862 path signing scheme
2863
2864 Argument: integer "days" offset to add or substract to
2865 or from the current number of days.
2866
2867 Returns: pointer to string containing the last three
2868 digits of the number of days since Jan 1, 1970,
2869 modified by the offset argument, NULL if there
2870 was an error in the conversion.
2871
2872 */
2873
2874 static uschar *
2875 prvs_daystamp(int day_offset)
2876 {
2877 uschar *days = store_get(32); /* Need at least 24 for cases */
2878 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
2879 (time(NULL) + day_offset*86400)/86400);
2880 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
2881 }
2882
2883
2884
2885 /********************************************************
2886 * prvs: perform HMAC-SHA1 computation of prvs bits *
2887 ********************************************************/
2888
2889 /* This is needed to implement the "prvs" BATV reverse
2890 path signing scheme
2891
2892 Arguments:
2893 address RFC2821 Address to use
2894 key The key to use (must be less than 64 characters
2895 in size)
2896 key_num Single-digit key number to use. Defaults to
2897 '0' when NULL.
2898
2899 Returns: pointer to string containing the first three
2900 bytes of the final hash in hex format, NULL if
2901 there was an error in the process.
2902 */
2903
2904 static uschar *
2905 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2906 {
2907 uschar *hash_source, *p;
2908 int size = 0,offset = 0,i;
2909 sha1 sha1_base;
2910 void *use_base = &sha1_base;
2911 uschar innerhash[20];
2912 uschar finalhash[20];
2913 uschar innerkey[64];
2914 uschar outerkey[64];
2915 uschar *finalhash_hex = store_get(40);
2916
2917 if (key_num == NULL)
2918 key_num = US"0";
2919
2920 if (Ustrlen(key) > 64)
2921 return NULL;
2922
2923 hash_source = string_cat(NULL,&size,&offset,key_num,1);
2924 string_cat(hash_source,&size,&offset,daystamp,3);
2925 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2926 hash_source[offset] = '\0';
2927
2928 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2929
2930 memset(innerkey, 0x36, 64);
2931 memset(outerkey, 0x5c, 64);
2932
2933 for (i = 0; i < Ustrlen(key); i++)
2934 {
2935 innerkey[i] ^= key[i];
2936 outerkey[i] ^= key[i];
2937 }
2938
2939 chash_start(HMAC_SHA1, use_base);
2940 chash_mid(HMAC_SHA1, use_base, innerkey);
2941 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2942
2943 chash_start(HMAC_SHA1, use_base);
2944 chash_mid(HMAC_SHA1, use_base, outerkey);
2945 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2946
2947 p = finalhash_hex;
2948 for (i = 0; i < 3; i++)
2949 {
2950 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2951 *p++ = hex_digits[finalhash[i] & 0x0f];
2952 }
2953 *p = '\0';
2954
2955 return finalhash_hex;
2956 }
2957
2958
2959
2960
2961 /*************************************************
2962 * Join a file onto the output string *
2963 *************************************************/
2964
2965 /* This is used for readfile and after a run expansion. It joins the contents
2966 of a file onto the output string, globally replacing newlines with a given
2967 string (optionally). The file is closed at the end.
2968
2969 Arguments:
2970 f the FILE
2971 yield pointer to the expandable string
2972 sizep pointer to the current size
2973 ptrp pointer to the current position
2974 eol newline replacement string, or NULL
2975
2976 Returns: new value of string pointer
2977 */
2978
2979 static uschar *
2980 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2981 {
2982 int eollen;
2983 uschar buffer[1024];
2984
2985 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2986
2987 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2988 {
2989 int len = Ustrlen(buffer);
2990 if (eol != NULL && buffer[len-1] == '\n') len--;
2991 yield = string_cat(yield, sizep, ptrp, buffer, len);
2992 if (buffer[len] != 0)
2993 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2994 }
2995
2996 if (yield != NULL) yield[*ptrp] = 0;
2997
2998 return yield;
2999 }
3000
3001
3002
3003
3004 /*************************************************
3005 * Evaluate numeric expression *
3006 *************************************************/
3007
3008 /* This is a set of mutually recursive functions that evaluate an arithmetic
3009 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3010 these functions that is called from elsewhere is eval_expr, whose interface is:
3011
3012 Arguments:
3013 sptr pointer to the pointer to the string - gets updated
3014 decimal TRUE if numbers are to be assumed decimal
3015 error pointer to where to put an error message - must be NULL on input
3016 endket TRUE if ')' must terminate - FALSE for external call
3017
3018 Returns: on success: the value of the expression, with *error still NULL
3019 on failure: an undefined value, with *error = a message
3020 */
3021
3022 static int eval_op_or(uschar **, BOOL, uschar **);
3023
3024
3025 static int
3026 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3027 {
3028 uschar *s = *sptr;
3029 int x = eval_op_or(&s, decimal, error);
3030 if (*error == NULL)
3031 {
3032 if (endket)
3033 {
3034 if (*s != ')')
3035 *error = US"expecting closing parenthesis";
3036 else
3037 while (isspace(*(++s)));
3038 }
3039 else if (*s != 0) *error = US"expecting operator";
3040 }
3041 *sptr = s;
3042 return x;
3043 }
3044
3045
3046 static int
3047 eval_number(uschar **sptr, BOOL decimal, uschar **error)
3048 {
3049 register int c;
3050 int n;
3051 uschar *s = *sptr;
3052 while (isspace(*s)) s++;
3053 c = *s;
3054 if (isdigit(c))
3055 {
3056 int count;
3057 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
3058 s += count;
3059 if (tolower(*s) == 'k') { n *= 1024; s++; }
3060 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
3061 while (isspace (*s)) s++;
3062 }
3063 else if (c == '(')
3064 {
3065 s++;
3066 n = eval_expr(&s, decimal, error, 1);
3067 }
3068 else
3069 {
3070 *error = US"expecting number or opening parenthesis";
3071 n = 0;
3072 }
3073 *sptr = s;
3074 return n;
3075 }
3076
3077
3078 static int eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3079 {
3080 uschar *s = *sptr;
3081 int x;
3082 while (isspace(*s)) s++;
3083 if (*s == '+' || *s == '-' || *s == '~')
3084 {
3085 int op = *s++;
3086 x = eval_op_unary(&s, decimal, error);
3087 if (op == '-') x = -x;
3088 else if (op == '~') x = ~x;
3089 }
3090 else
3091 {
3092 x = eval_number(&s, decimal, error);
3093 }
3094 *sptr = s;
3095 return x;
3096 }
3097
3098
3099 static int eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
3100 {
3101 uschar *s = *sptr;
3102 int x = eval_op_unary(&s, decimal, error);
3103 if (*error == NULL)
3104 {
3105 while (*s == '*' || *s == '/' || *s == '%')
3106 {
3107 int op = *s++;
3108 int y = eval_op_unary(&s, decimal, error);
3109 if (*error != NULL) break;
3110 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3111 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3112 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3113 * -N*M is INT_MIN will yielf INT_MIN.
3114 * Since we don't support floating point, this is somewhat simpler.
3115 * Ideally, we'd return an error, but since we overflow for all other
3116 * arithmetic, consistency suggests otherwise, but what's the correct value
3117 * to use? There is none.
3118 * The C standard guarantees overflow for unsigned arithmetic but signed
3119 * overflow invokes undefined behaviour; in practice, this is overflow
3120 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3121 * that long/longlong larger than int are available, or we could just work
3122 * with larger types. We should consider whether to guarantee 32bit eval
3123 * and 64-bit working variables, with errors returned. For now ...
3124 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3125 * can just let the other invalid results occur otherwise, as they have
3126 * until now. For this one case, we can coerce.
3127 */
3128 if (y == -1 && x == INT_MIN && op != '*')
3129 {
3130 DEBUG(D_expand)
3131 debug_printf("Integer exception dodging: %d%c-1 coerced to %d\n",
3132 INT_MIN, op, INT_MAX);
3133 x = INT_MAX;
3134 continue;
3135 }
3136 if (op == '*')
3137 x *= y;
3138 else
3139 {
3140 if (y == 0)
3141 {
3142 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3143 x = 0;
3144 break;
3145 }
3146 if (op == '/')
3147 x /= y;
3148 else
3149 x %= y;
3150 }
3151 }
3152 }
3153 *sptr = s;
3154 return x;
3155 }
3156
3157
3158 static int eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3159 {
3160 uschar *s = *sptr;
3161 int x = eval_op_mult(&s, decimal, error);
3162 if (*error == NULL)
3163 {
3164 while (*s == '+' || *s == '-')
3165 {
3166 int op = *s++;
3167 int y = eval_op_mult(&s, decimal, error);
3168 if (*error != NULL) break;
3169 if (op == '+') x += y; else x -= y;
3170 }
3171 }
3172 *sptr = s;
3173 return x;
3174 }
3175
3176
3177 static int eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3178 {
3179 uschar *s = *sptr;
3180 int x = eval_op_sum(&s, decimal, error);
3181 if (*error == NULL)
3182 {
3183 while ((*s == '<' || *s == '>') && s[1] == s[0])
3184 {
3185 int y;
3186 int op = *s++;
3187 s++;
3188 y = eval_op_sum(&s, decimal, error);
3189 if (*error != NULL) break;
3190 if (op == '<') x <<= y; else x >>= y;
3191 }
3192 }
3193 *sptr = s;
3194 return x;
3195 }
3196
3197
3198 static int eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3199 {
3200 uschar *s = *sptr;
3201 int x = eval_op_shift(&s, decimal, error);
3202 if (*error == NULL)
3203 {
3204 while (*s == '&')
3205 {
3206 int y;
3207 s++;
3208 y = eval_op_shift(&s, decimal, error);
3209 if (*error != NULL) break;
3210 x &= y;
3211 }
3212 }
3213 *sptr = s;
3214 return x;
3215 }
3216
3217
3218 static int eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3219 {
3220 uschar *s = *sptr;
3221 int x = eval_op_and(&s, decimal, error);
3222 if (*error == NULL)
3223 {
3224 while (*s == '^')
3225 {
3226 int y;
3227 s++;
3228 y = eval_op_and(&s, decimal, error);
3229 if (*error != NULL) break;
3230 x ^= y;
3231 }
3232 }
3233 *sptr = s;
3234 return x;
3235 }
3236
3237
3238 static int eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3239 {
3240 uschar *s = *sptr;
3241 int x = eval_op_xor(&s, decimal, error);
3242 if (*error == NULL)
3243 {
3244 while (*s == '|')
3245 {
3246 int y;
3247 s++;
3248 y = eval_op_xor(&s, decimal, error);
3249 if (*error != NULL) break;
3250 x |= y;
3251 }
3252 }
3253 *sptr = s;
3254 return x;
3255 }
3256
3257
3258
3259 /*************************************************
3260 * Expand string *
3261 *************************************************/
3262
3263 /* Returns either an unchanged string, or the expanded string in stacking pool
3264 store. Interpreted sequences are:
3265
3266 \... normal escaping rules
3267 $name substitutes the variable
3268 ${name} ditto
3269 ${op:string} operates on the expanded string value
3270 ${item{arg1}{arg2}...} expands the args and then does the business
3271 some literal args are not enclosed in {}
3272
3273 There are now far too many operators and item types to make it worth listing
3274 them here in detail any more.
3275
3276 We use an internal routine recursively to handle embedded substrings. The
3277 external function follows. The yield is NULL if the expansion failed, and there
3278 are two cases: if something collapsed syntactically, or if "fail" was given
3279 as the action on a lookup failure. These can be distinguised by looking at the
3280 variable expand_string_forcedfail, which is TRUE in the latter case.
3281
3282 The skipping flag is set true when expanding a substring that isn't actually
3283 going to be used (after "if" or "lookup") and it prevents lookups from
3284 happening lower down.
3285
3286 Store usage: At start, a store block of the length of the input plus 64
3287 is obtained. This is expanded as necessary by string_cat(), which might have to
3288 get a new block, or might be able to expand the original. At the end of the
3289 function we can release any store above that portion of the yield block that
3290 was actually used. In many cases this will be optimal.
3291
3292 However: if the first item in the expansion is a variable name or header name,
3293 we reset the store before processing it; if the result is in fresh store, we
3294 use that without copying. This is helpful for expanding strings like
3295 $message_headers which can get very long.
3296
3297 There's a problem if a ${dlfunc item has side-effects that cause allocation,
3298 since resetting the store at the end of the expansion will free store that was
3299 allocated by the plugin code as well as the slop after the expanded string. So
3300 we skip any resets if ${dlfunc has been used. This is an unfortunate
3301 consequence of string expansion becoming too powerful.
3302
3303 Arguments:
3304 string the string to be expanded
3305 ket_ends true if expansion is to stop at }
3306 left if not NULL, a pointer to the first character after the
3307 expansion is placed here (typically used with ket_ends)
3308 skipping TRUE for recursive calls when the value isn't actually going
3309 to be used (to allow for optimisation)
3310
3311 Returns: NULL if expansion fails:
3312 expand_string_forcedfail is set TRUE if failure was forced
3313 expand_string_message contains a textual error message
3314 a pointer to the expanded string on success
3315 */
3316
3317 static uschar *
3318 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
3319 BOOL skipping)
3320 {
3321 int ptr = 0;
3322 int size = Ustrlen(string)+ 64;
3323 int item_type;
3324 uschar *yield = store_get(size);
3325 uschar *s = string;
3326 uschar *save_expand_nstring[EXPAND_MAXN+1];
3327 int save_expand_nlength[EXPAND_MAXN+1];
3328 BOOL resetok = TRUE;
3329
3330 expand_string_forcedfail = FALSE;
3331 expand_string_message = US"";
3332
3333 while (*s != 0)
3334 {
3335 uschar *value;
3336 uschar name[256];
3337
3338 /* \ escapes the next character, which must exist, or else
3339 the expansion fails. There's a special escape, \N, which causes
3340 copying of the subject verbatim up to the next \N. Otherwise,
3341 the escapes are the standard set. */
3342
3343 if (*s == '\\')
3344 {
3345 if (s[1] == 0)
3346 {
3347 expand_string_message = US"\\ at end of string";
3348 goto EXPAND_FAILED;
3349 }
3350
3351 if (s[1] == 'N')
3352 {
3353 uschar *t = s + 2;
3354 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3355 yield = string_cat(yield, &size, &ptr, t, s - t);
3356 if (*s != 0) s += 2;
3357 }
3358
3359 else
3360 {
3361 uschar ch[1];
3362 ch[0] = string_interpret_escape(&s);
3363 s++;
3364 yield = string_cat(yield, &size, &ptr, ch, 1);
3365 }
3366
3367 continue;
3368 }
3369
3370 /* Anything other than $ is just copied verbatim, unless we are
3371 looking for a terminating } character. */
3372
3373 if (ket_ends && *s == '}') break;
3374
3375 if (*s != '$')
3376 {
3377 yield = string_cat(yield, &size, &ptr, s++, 1);
3378 continue;
3379 }
3380
3381 /* No { after the $ - must be a plain name or a number for string
3382 match variable. There has to be a fudge for variables that are the
3383 names of header fields preceded by "$header_" because header field