projects / exim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Make maildir_use_size_file expandable.
[exim.git] / src / src / expand.c
1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
4
5 /* Copyright (c) University of Cambridge 1995 - 2009 */
6 /* See the file NOTICE for conditions of use and distribution. */
7
8
9 /* Functions for handling string expansion. */
10
11
12 #include "exim.h"
13
14 /* Recursively called function */
15
16 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
17
18 #ifdef STAND_ALONE
19 #ifndef SUPPORT_CRYPTEQ
20 #define SUPPORT_CRYPTEQ
21 #endif
22 #endif
23
24 #ifdef LOOKUP_LDAP
25 #include "lookups/ldap.h"
26 #endif
27
28 #ifdef SUPPORT_CRYPTEQ
29 #ifdef CRYPT_H
30 #include <crypt.h>
31 #endif
32 #ifndef HAVE_CRYPT16
33 extern char* crypt16(char*, char*);
34 #endif
35 #endif
36
37 /* The handling of crypt16() is a mess. I will record below the analysis of the
38 mess that was sent to me. We decided, however, to make changing this very low
39 priority, because in practice people are moving away from the crypt()
40 algorithms nowadays, so it doesn't seem worth it.
41
42 <quote>
43 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
44 the first 8 characters of the password using a 20-round version of crypt
45 (standard crypt does 25 rounds). It then crypts the next 8 characters,
46 or an empty block if the password is less than 9 characters, using a
47 20-round version of crypt and the same salt as was used for the first
48 block. Charaters after the first 16 are ignored. It always generates
49 a 16-byte hash, which is expressed together with the salt as a string
50 of 24 base 64 digits. Here are some links to peruse:
51
52 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
53 http://seclists.org/bugtraq/1999/Mar/0076.html
54
55 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
56 and OSF/1. This is the same as the standard crypt if given a password
57 of 8 characters or less. If given more, it first does the same as crypt
58 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
59 using as salt the first two base 64 digits from the first hash block.
60 If the password is more than 16 characters then it crypts the 17th to 24th
61 characters using as salt the first two base 64 digits from the second hash
62 block. And so on: I've seen references to it cutting off the password at
63 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
64
65 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
66 http://seclists.org/bugtraq/1999/Mar/0109.html
67 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
68 TET1_html/sec.c222.html#no_id_208
69
70 Exim has something it calls "crypt16". It will either use a native
71 crypt16 or its own implementation. A native crypt16 will presumably
72 be the one that I called "crypt16" above. The internal "crypt16"
73 function, however, is a two-block-maximum implementation of what I called
74 "bigcrypt". The documentation matches the internal code.
75
76 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
77 that crypt16 and bigcrypt were different things.
78
79 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
80 to whatever it is using under that name. This unfortunately sets a
81 precedent for using "{crypt16}" to identify two incompatible algorithms
82 whose output can't be distinguished. With "{crypt16}" thus rendered
83 ambiguous, I suggest you deprecate it and invent two new identifiers
84 for the two algorithms.
85
86 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
87 of the password separately means they can be cracked separately, so
88 the double-length hash only doubles the cracking effort instead of
89 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
90 bcrypt ({CRYPT}$2a$).
91 </quote>
92 */
93
94
95
96
97 /*************************************************
98 * Local statics and tables *
99 *************************************************/
100
101 /* Table of item names, and corresponding switch numbers. The names must be in
102 alphabetical order. */
103
104 static uschar *item_table[] = {
105 US"dlfunc",
106 US"extract",
107 US"filter",
108 US"hash",
109 US"hmac",
110 US"if",
111 US"length",
112 US"lookup",
113 US"map",
114 US"nhash",
115 US"perl",
116 US"prvs",
117 US"prvscheck",
118 US"readfile",
119 US"readsocket",
120 US"reduce",
121 US"run",
122 US"sg",
123 US"substr",
124 US"tr" };
125
126 enum {
127 EITEM_DLFUNC,
128 EITEM_EXTRACT,
129 EITEM_FILTER,
130 EITEM_HASH,
131 EITEM_HMAC,
132 EITEM_IF,
133 EITEM_LENGTH,
134 EITEM_LOOKUP,
135 EITEM_MAP,
136 EITEM_NHASH,
137 EITEM_PERL,
138 EITEM_PRVS,
139 EITEM_PRVSCHECK,
140 EITEM_READFILE,
141 EITEM_READSOCK,
142 EITEM_REDUCE,
143 EITEM_RUN,
144 EITEM_SG,
145 EITEM_SUBSTR,
146 EITEM_TR };
147
148 /* Tables of operator names, and corresponding switch numbers. The names must be
149 in alphabetical order. There are two tables, because underscore is used in some
150 cases to introduce arguments, whereas for other it is part of the name. This is
151 an historical mis-design. */
152
153 static uschar *op_table_underscore[] = {
154 US"from_utf8",
155 US"local_part",
156 US"quote_local_part",
157 US"reverse_ip",
158 US"time_eval",
159 US"time_interval"};
160
161 enum {
162 EOP_FROM_UTF8,
163 EOP_LOCAL_PART,
164 EOP_QUOTE_LOCAL_PART,
165 EOP_REVERSE_IP,
166 EOP_TIME_EVAL,
167 EOP_TIME_INTERVAL };
168
169 static uschar *op_table_main[] = {
170 US"address",
171 US"addresses",
172 US"base62",
173 US"base62d",
174 US"domain",
175 US"escape",
176 US"eval",
177 US"eval10",
178 US"expand",
179 US"h",
180 US"hash",
181 US"hex2b64",
182 US"l",
183 US"lc",
184 US"length",
185 US"mask",
186 US"md5",
187 US"nh",
188 US"nhash",
189 US"quote",
190 US"randint",
191 US"rfc2047",
192 US"rfc2047d",
193 US"rxquote",
194 US"s",
195 US"sha1",
196 US"stat",
197 US"str2b64",
198 US"strlen",
199 US"substr",
200 US"uc" };
201
202 enum {
203 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
204 EOP_ADDRESSES,
205 EOP_BASE62,
206 EOP_BASE62D,
207 EOP_DOMAIN,
208 EOP_ESCAPE,
209 EOP_EVAL,
210 EOP_EVAL10,
211 EOP_EXPAND,
212 EOP_H,
213 EOP_HASH,
214 EOP_HEX2B64,
215 EOP_L,
216 EOP_LC,
217 EOP_LENGTH,
218 EOP_MASK,
219 EOP_MD5,
220 EOP_NH,
221 EOP_NHASH,
222 EOP_QUOTE,
223 EOP_RANDINT,
224 EOP_RFC2047,
225 EOP_RFC2047D,
226 EOP_RXQUOTE,
227 EOP_S,
228 EOP_SHA1,
229 EOP_STAT,
230 EOP_STR2B64,
231 EOP_STRLEN,
232 EOP_SUBSTR,
233 EOP_UC };
234
235
236 /* Table of condition names, and corresponding switch numbers. The names must
237 be in alphabetical order. */
238
239 static uschar *cond_table[] = {
240 US"<",
241 US"<=",
242 US"=",
243 US"==", /* Backward compatibility */
244 US">",
245 US">=",
246 US"and",
247 US"bool",
248 US"bool_lax",
249 US"crypteq",
250 US"def",
251 US"eq",
252 US"eqi",
253 US"exists",
254 US"first_delivery",
255 US"forall",
256 US"forany",
257 US"ge",
258 US"gei",
259 US"gt",
260 US"gti",
261 US"isip",
262 US"isip4",
263 US"isip6",
264 US"ldapauth",
265 US"le",
266 US"lei",
267 US"lt",
268 US"lti",
269 US"match",
270 US"match_address",
271 US"match_domain",
272 US"match_ip",
273 US"match_local_part",
274 US"or",
275 US"pam",
276 US"pwcheck",
277 US"queue_running",
278 US"radius",
279 US"saslauthd"
280 };
281
282 enum {
283 ECOND_NUM_L,
284 ECOND_NUM_LE,
285 ECOND_NUM_E,
286 ECOND_NUM_EE,
287 ECOND_NUM_G,
288 ECOND_NUM_GE,
289 ECOND_AND,
290 ECOND_BOOL,
291 ECOND_BOOL_LAX,
292 ECOND_CRYPTEQ,
293 ECOND_DEF,
294 ECOND_STR_EQ,
295 ECOND_STR_EQI,
296 ECOND_EXISTS,
297 ECOND_FIRST_DELIVERY,
298 ECOND_FORALL,
299 ECOND_FORANY,
300 ECOND_STR_GE,
301 ECOND_STR_GEI,
302 ECOND_STR_GT,
303 ECOND_STR_GTI,
304 ECOND_ISIP,
305 ECOND_ISIP4,
306 ECOND_ISIP6,
307 ECOND_LDAPAUTH,
308 ECOND_STR_LE,
309 ECOND_STR_LEI,
310 ECOND_STR_LT,
311 ECOND_STR_LTI,
312 ECOND_MATCH,
313 ECOND_MATCH_ADDRESS,
314 ECOND_MATCH_DOMAIN,
315 ECOND_MATCH_IP,
316 ECOND_MATCH_LOCAL_PART,
317 ECOND_OR,
318 ECOND_PAM,
319 ECOND_PWCHECK,
320 ECOND_QUEUE_RUNNING,
321 ECOND_RADIUS,
322 ECOND_SASLAUTHD
323 };
324
325
326 /* Type for main variable table */
327
328 typedef struct {
329 const char *name;
330 int type;
331 void *value;
332 } var_entry;
333
334 /* Type for entries pointing to address/length pairs. Not currently
335 in use. */
336
337 typedef struct {
338 uschar **address;
339 int *length;
340 } alblock;
341
342 /* Types of table entry */
343
344 enum {
345 vtype_int, /* value is address of int */
346 vtype_filter_int, /* ditto, but recognized only when filtering */
347 vtype_ino, /* value is address of ino_t (not always an int) */
348 vtype_uid, /* value is address of uid_t (not always an int) */
349 vtype_gid, /* value is address of gid_t (not always an int) */
350 vtype_stringptr, /* value is address of pointer to string */
351 vtype_msgbody, /* as stringptr, but read when first required */
352 vtype_msgbody_end, /* ditto, the end of the message */
353 vtype_msgheaders, /* the message's headers, processed */
354 vtype_msgheaders_raw, /* the message's headers, unprocessed */
355 vtype_localpart, /* extract local part from string */
356 vtype_domain, /* extract domain from string */
357 vtype_recipients, /* extract recipients from recipients list */
358 /* (available only in system filters, ACLs, and */
359 /* local_scan()) */
360 vtype_todbsdin, /* value not used; generate BSD inbox tod */
361 vtype_tode, /* value not used; generate tod in epoch format */
362 vtype_todf, /* value not used; generate full tod */
363 vtype_todl, /* value not used; generate log tod */
364 vtype_todlf, /* value not used; generate log file datestamp tod */
365 vtype_todzone, /* value not used; generate time zone only */
366 vtype_todzulu, /* value not used; generate zulu tod */
367 vtype_reply, /* value not used; get reply from headers */
368 vtype_pid, /* value not used; result is pid */
369 vtype_host_lookup, /* value not used; get host name */
370 vtype_load_avg, /* value not used; result is int from os_getloadavg */
371 vtype_pspace, /* partition space; value is T/F for spool/log */
372 vtype_pinodes /* partition inodes; value is T/F for spool/log */
373 #ifndef DISABLE_DKIM
374 ,vtype_dkim /* Lookup of value in DKIM signature */
375 #endif
376 };
377
378 /* This table must be kept in alphabetical order. */
379
380 static var_entry var_table[] = {
381 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
382 they will be confused with user-creatable ACL variables. */
383 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
384 { "address_data", vtype_stringptr, &deliver_address_data },
385 { "address_file", vtype_stringptr, &address_file },
386 { "address_pipe", vtype_stringptr, &address_pipe },
387 { "authenticated_id", vtype_stringptr, &authenticated_id },
388 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
389 { "authentication_failed",vtype_int, &authentication_failed },
390 #ifdef WITH_CONTENT_SCAN
391 { "av_failed", vtype_int, &av_failed },
392 #endif
393 #ifdef EXPERIMENTAL_BRIGHTMAIL
394 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
395 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
396 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
397 { "bmi_deliver", vtype_int, &bmi_deliver },
398 #endif
399 { "body_linecount", vtype_int, &body_linecount },
400 { "body_zerocount", vtype_int, &body_zerocount },
401 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
402 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
403 { "caller_gid", vtype_gid, &real_gid },
404 { "caller_uid", vtype_uid, &real_uid },
405 { "compile_date", vtype_stringptr, &version_date },
406 { "compile_number", vtype_stringptr, &version_cnumber },
407 { "csa_status", vtype_stringptr, &csa_status },
408 #ifdef EXPERIMENTAL_DCC
409 { "dcc_header", vtype_stringptr, &dcc_header },
410 { "dcc_result", vtype_stringptr, &dcc_result },
411 #endif
412 #ifdef WITH_OLD_DEMIME
413 { "demime_errorlevel", vtype_int, &demime_errorlevel },
414 { "demime_reason", vtype_stringptr, &demime_reason },
415 #endif
416 #ifndef DISABLE_DKIM
417 { "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
418 { "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
419 { "dkim_canon_body", vtype_dkim, (void *)DKIM_CANON_BODY },
420 { "dkim_canon_headers", vtype_dkim, (void *)DKIM_CANON_HEADERS },
421 { "dkim_copiedheaders", vtype_dkim, (void *)DKIM_COPIEDHEADERS },
422 { "dkim_created", vtype_dkim, (void *)DKIM_CREATED },
423 { "dkim_cur_signer", vtype_stringptr, &dkim_cur_signer },
424 { "dkim_domain", vtype_stringptr, &dkim_signing_domain },
425 { "dkim_expires", vtype_dkim, (void *)DKIM_EXPIRES },
426 { "dkim_headernames", vtype_dkim, (void *)DKIM_HEADERNAMES },
427 { "dkim_identity", vtype_dkim, (void *)DKIM_IDENTITY },
428 { "dkim_key_granularity",vtype_dkim, (void *)DKIM_KEY_GRANULARITY },
429 { "dkim_key_nosubdomains",vtype_dkim, (void *)DKIM_NOSUBDOMAINS },
430 { "dkim_key_notes", vtype_dkim, (void *)DKIM_KEY_NOTES },
431 { "dkim_key_srvtype", vtype_dkim, (void *)DKIM_KEY_SRVTYPE },
432 { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING },
433 { "dkim_selector", vtype_stringptr, &dkim_signing_selector },
434 { "dkim_signers", vtype_stringptr, &dkim_signers },
435 { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
436 { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
437 #endif
438 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
439 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
440 { "dnslist_text", vtype_stringptr, &dnslist_text },
441 { "dnslist_value", vtype_stringptr, &dnslist_value },
442 { "domain", vtype_stringptr, &deliver_domain },
443 { "domain_data", vtype_stringptr, &deliver_domain_data },
444 { "exim_gid", vtype_gid, &exim_gid },
445 { "exim_path", vtype_stringptr, &exim_path },
446 { "exim_uid", vtype_uid, &exim_uid },
447 #ifdef WITH_OLD_DEMIME
448 { "found_extension", vtype_stringptr, &found_extension },
449 #endif
450 { "home", vtype_stringptr, &deliver_home },
451 { "host", vtype_stringptr, &deliver_host },
452 { "host_address", vtype_stringptr, &deliver_host_address },
453 { "host_data", vtype_stringptr, &host_data },
454 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
455 { "host_lookup_failed", vtype_int, &host_lookup_failed },
456 { "inode", vtype_ino, &deliver_inode },
457 { "interface_address", vtype_stringptr, &interface_address },
458 { "interface_port", vtype_int, &interface_port },
459 { "item", vtype_stringptr, &iterate_item },
460 #ifdef LOOKUP_LDAP
461 { "ldap_dn", vtype_stringptr, &eldap_dn },
462 #endif
463 { "load_average", vtype_load_avg, NULL },
464 { "local_part", vtype_stringptr, &deliver_localpart },
465 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
466 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
467 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
468 { "local_scan_data", vtype_stringptr, &local_scan_data },
469 { "local_user_gid", vtype_gid, &local_user_gid },
470 { "local_user_uid", vtype_uid, &local_user_uid },
471 { "localhost_number", vtype_int, &host_number },
472 { "log_inodes", vtype_pinodes, (void *)FALSE },
473 { "log_space", vtype_pspace, (void *)FALSE },
474 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
475 #ifdef WITH_CONTENT_SCAN
476 { "malware_name", vtype_stringptr, &malware_name },
477 #endif
478 { "max_received_linelength", vtype_int, &max_received_linelength },
479 { "message_age", vtype_int, &message_age },
480 { "message_body", vtype_msgbody, &message_body },
481 { "message_body_end", vtype_msgbody_end, &message_body_end },
482 { "message_body_size", vtype_int, &message_body_size },
483 { "message_exim_id", vtype_stringptr, &message_id },
484 { "message_headers", vtype_msgheaders, NULL },
485 { "message_headers_raw", vtype_msgheaders_raw, NULL },
486 { "message_id", vtype_stringptr, &message_id },
487 { "message_linecount", vtype_int, &message_linecount },
488 { "message_size", vtype_int, &message_size },
489 #ifdef WITH_CONTENT_SCAN
490 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
491 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
492 { "mime_boundary", vtype_stringptr, &mime_boundary },
493 { "mime_charset", vtype_stringptr, &mime_charset },
494 { "mime_content_description", vtype_stringptr, &mime_content_description },
495 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
496 { "mime_content_id", vtype_stringptr, &mime_content_id },
497 { "mime_content_size", vtype_int, &mime_content_size },
498 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
499 { "mime_content_type", vtype_stringptr, &mime_content_type },
500 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
501 { "mime_filename", vtype_stringptr, &mime_filename },
502 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
503 { "mime_is_multipart", vtype_int, &mime_is_multipart },
504 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
505 { "mime_part_count", vtype_int, &mime_part_count },
506 #endif
507 { "n0", vtype_filter_int, &filter_n[0] },
508 { "n1", vtype_filter_int, &filter_n[1] },
509 { "n2", vtype_filter_int, &filter_n[2] },
510 { "n3", vtype_filter_int, &filter_n[3] },
511 { "n4", vtype_filter_int, &filter_n[4] },
512 { "n5", vtype_filter_int, &filter_n[5] },
513 { "n6", vtype_filter_int, &filter_n[6] },
514 { "n7", vtype_filter_int, &filter_n[7] },
515 { "n8", vtype_filter_int, &filter_n[8] },
516 { "n9", vtype_filter_int, &filter_n[9] },
517 { "original_domain", vtype_stringptr, &deliver_domain_orig },
518 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
519 { "originator_gid", vtype_gid, &originator_gid },
520 { "originator_uid", vtype_uid, &originator_uid },
521 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
522 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
523 { "pid", vtype_pid, NULL },
524 { "primary_hostname", vtype_stringptr, &primary_hostname },
525 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
526 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
527 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
528 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
529 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
530 { "rcpt_count", vtype_int, &rcpt_count },
531 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
532 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
533 { "received_count", vtype_int, &received_count },
534 { "received_for", vtype_stringptr, &received_for },
535 { "received_ip_address", vtype_stringptr, &interface_address },
536 { "received_port", vtype_int, &interface_port },
537 { "received_protocol", vtype_stringptr, &received_protocol },
538 { "received_time", vtype_int, &received_time },
539 { "recipient_data", vtype_stringptr, &recipient_data },
540 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
541 { "recipients", vtype_recipients, NULL },
542 { "recipients_count", vtype_int, &recipients_count },
543 #ifdef WITH_CONTENT_SCAN
544 { "regex_match_string", vtype_stringptr, &regex_match_string },
545 #endif
546 { "reply_address", vtype_reply, NULL },
547 { "return_path", vtype_stringptr, &return_path },
548 { "return_size_limit", vtype_int, &bounce_return_size_limit },
549 { "runrc", vtype_int, &runrc },
550 { "self_hostname", vtype_stringptr, &self_hostname },
551 { "sender_address", vtype_stringptr, &sender_address },
552 { "sender_address_data", vtype_stringptr, &sender_address_data },
553 { "sender_address_domain", vtype_domain, &sender_address },
554 { "sender_address_local_part", vtype_localpart, &sender_address },
555 { "sender_data", vtype_stringptr, &sender_data },
556 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
557 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
558 { "sender_host_address", vtype_stringptr, &sender_host_address },
559 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
560 { "sender_host_name", vtype_host_lookup, NULL },
561 { "sender_host_port", vtype_int, &sender_host_port },
562 { "sender_ident", vtype_stringptr, &sender_ident },
563 { "sender_rate", vtype_stringptr, &sender_rate },
564 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
565 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
566 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
567 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
568 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
569 { "sending_port", vtype_int, &sending_port },
570 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
571 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
572 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
573 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
574 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
575 { "sn0", vtype_filter_int, &filter_sn[0] },
576 { "sn1", vtype_filter_int, &filter_sn[1] },
577 { "sn2", vtype_filter_int, &filter_sn[2] },
578 { "sn3", vtype_filter_int, &filter_sn[3] },
579 { "sn4", vtype_filter_int, &filter_sn[4] },
580 { "sn5", vtype_filter_int, &filter_sn[5] },
581 { "sn6", vtype_filter_int, &filter_sn[6] },
582 { "sn7", vtype_filter_int, &filter_sn[7] },
583 { "sn8", vtype_filter_int, &filter_sn[8] },
584 { "sn9", vtype_filter_int, &filter_sn[9] },
585 #ifdef WITH_CONTENT_SCAN
586 { "spam_bar", vtype_stringptr, &spam_bar },
587 { "spam_report", vtype_stringptr, &spam_report },
588 { "spam_score", vtype_stringptr, &spam_score },
589 { "spam_score_int", vtype_stringptr, &spam_score_int },
590 #endif
591 #ifdef EXPERIMENTAL_SPF
592 { "spf_guess", vtype_stringptr, &spf_guess },
593 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
594 { "spf_received", vtype_stringptr, &spf_received },
595 { "spf_result", vtype_stringptr, &spf_result },
596 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
597 #endif
598 { "spool_directory", vtype_stringptr, &spool_directory },
599 { "spool_inodes", vtype_pinodes, (void *)TRUE },
600 { "spool_space", vtype_pspace, (void *)TRUE },
601 #ifdef EXPERIMENTAL_SRS
602 { "srs_db_address", vtype_stringptr, &srs_db_address },
603 { "srs_db_key", vtype_stringptr, &srs_db_key },
604 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
605 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
606 { "srs_recipient", vtype_stringptr, &srs_recipient },
607 { "srs_status", vtype_stringptr, &srs_status },
608 #endif
609 { "thisaddress", vtype_stringptr, &filter_thisaddress },
610 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
611 { "tls_cipher", vtype_stringptr, &tls_cipher },
612 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
613 { "tod_bsdinbox", vtype_todbsdin, NULL },
614 { "tod_epoch", vtype_tode, NULL },
615 { "tod_full", vtype_todf, NULL },
616 { "tod_log", vtype_todl, NULL },
617 { "tod_logfile", vtype_todlf, NULL },
618 { "tod_zone", vtype_todzone, NULL },
619 { "tod_zulu", vtype_todzulu, NULL },
620 { "value", vtype_stringptr, &lookup_value },
621 { "version_number", vtype_stringptr, &version_string },
622 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
623 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
624 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
625 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
626 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
627 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
628 };
629
630 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
631 static uschar var_buffer[256];
632 static BOOL malformed_header;
633
634 /* For textual hashes */
635
636 static const char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
637 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
638 "0123456789";
639
640 enum { HMAC_MD5, HMAC_SHA1 };
641
642 /* For numeric hashes */
643
644 static unsigned int prime[] = {
645 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
646 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
647 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
648
649 /* For printing modes in symbolic form */
650
651 static uschar *mtable_normal[] =
652 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
653
654 static uschar *mtable_setid[] =
655 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
656
657 static uschar *mtable_sticky[] =
658 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
659
660
661
662 /*************************************************
663 * Tables for UTF-8 support *
664 *************************************************/
665
666 /* Table of the number of extra characters, indexed by the first character
667 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
668 0x3d. */
669
670 static uschar utf8_table1[] = {
671 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
672 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
673 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
674 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
675
676 /* These are the masks for the data bits in the first byte of a character,
677 indexed by the number of additional bytes. */
678
679 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
680
681 /* Get the next UTF-8 character, advancing the pointer. */
682
683 #define GETUTF8INC(c, ptr) \
684 c = *ptr++; \
685 if ((c & 0xc0) == 0xc0) \
686 { \
687 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
688 int s = 6*a; \
689 c = (c & utf8_table2[a]) << s; \
690 while (a-- > 0) \
691 { \
692 s -= 6; \
693 c |= (*ptr++ & 0x3f) << s; \
694 } \
695 }
696
697
698 /*************************************************
699 * Binary chop search on a table *
700 *************************************************/
701
702 /* This is used for matching expansion items and operators.
703
704 Arguments:
705 name the name that is being sought
706 table the table to search
707 table_size the number of items in the table
708
709 Returns: the offset in the table, or -1
710 */
711
712 static int
713 chop_match(uschar *name, uschar **table, int table_size)
714 {
715 uschar **bot = table;
716 uschar **top = table + table_size;
717
718 while (top > bot)
719 {
720 uschar **mid = bot + (top - bot)/2;
721 int c = Ustrcmp(name, *mid);
722 if (c == 0) return mid - table;
723 if (c > 0) bot = mid + 1; else top = mid;
724 }
725
726 return -1;
727 }
728
729
730
731 /*************************************************
732 * Check a condition string *
733 *************************************************/
734
735 /* This function is called to expand a string, and test the result for a "true"
736 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
737 forced fail or lookup defer. All store used by the function can be released on
738 exit.
739
740 The actual false-value tests should be replicated for ECOND_BOOL_LAX.
741
742 Arguments:
743 condition the condition string
744 m1 text to be incorporated in panic error
745 m2 ditto
746
747 Returns: TRUE if condition is met, FALSE if not
748 */
749
750 BOOL
751 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
752 {
753 int rc;
754 void *reset_point = store_get(0);
755 uschar *ss = expand_string(condition);
756 if (ss == NULL)
757 {
758 if (!expand_string_forcedfail && !search_find_defer)
759 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
760 "for %s %s: %s", condition, m1, m2, expand_string_message);
761 return FALSE;
762 }
763 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
764 strcmpic(ss, US"false") != 0;
765 store_reset(reset_point);
766 return rc;
767 }
768
769
770
771 /*************************************************
772 * Pseudo-random number generation *
773 *************************************************/
774
775 /* Pseudo-random number generation. The result is not "expected" to be
776 cryptographically strong but not so weak that someone will shoot themselves
777 in the foot using it as a nonce in some email header scheme or whatever
778 weirdness they'll twist this into. The result should ideally handle fork().
779
780 However, if we're stuck unable to provide this, then we'll fall back to
781 appallingly bad randomness.
782
783 If SUPPORT_TLS is defined and OpenSSL is used, then this will not be used.
784 The GNUTLS randomness functions found do not seem amenable to extracting
785 random numbers outside of a TLS context. Any volunteers?
786
787 Arguments:
788 max range maximum
789 Returns a random number in range [0, max-1]
790 */
791
792 #if !defined(SUPPORT_TLS) || defined(USE_GNUTLS)
793 int
794 pseudo_random_number(int max)
795 {
796 static pid_t pid = 0;
797 pid_t p2;
798 #if defined(HAVE_SRANDOM) && !defined(HAVE_SRANDOMDEV)
799 struct timeval tv;
800 #endif
801
802 p2 = getpid();
803 if (p2 != pid)
804 {
805 if (pid != 0)
806 {
807
808 #ifdef HAVE_ARC4RANDOM
809 /* cryptographically strong randomness, common on *BSD platforms, not
810 so much elsewhere. Alas. */
811 arc4random_stir();
812 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
813 #ifdef HAVE_SRANDOMDEV
814 /* uses random(4) for seeding */
815 srandomdev();
816 #else
817 gettimeofday(&tv, NULL);
818 srandom(tv.tv_sec | tv.tv_usec | getpid());
819 #endif
820 #else
821 /* Poor randomness and no seeding here */
822 #endif
823
824 }
825 pid = p2;
826 }
827
828 #ifdef HAVE_ARC4RANDOM
829 return arc4random() % max;
830 #elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
831 return random() % max;
832 #else
833 /* This one returns a 16-bit number, definitely not crypto-strong */
834 return random_number(max);
835 #endif
836 }
837
838 #endif
839
840 /*************************************************
841 * Pick out a name from a string *
842 *************************************************/
843
844 /* If the name is too long, it is silently truncated.
845
846 Arguments:
847 name points to a buffer into which to put the name
848 max is the length of the buffer
849 s points to the first alphabetic character of the name
850 extras chars other than alphanumerics to permit
851
852 Returns: pointer to the first character after the name
853
854 Note: The test for *s != 0 in the while loop is necessary because
855 Ustrchr() yields non-NULL if the character is zero (which is not something
856 I expected). */
857
858 static uschar *
859 read_name(uschar *name, int max, uschar *s, uschar *extras)
860 {
861 int ptr = 0;
862 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
863 {
864 if (ptr < max-1) name[ptr++] = *s;
865 s++;
866 }
867 name[ptr] = 0;
868 return s;
869 }
870
871
872
873 /*************************************************
874 * Pick out the rest of a header name *
875 *************************************************/
876
877 /* A variable name starting $header_ (or just $h_ for those who like
878 abbreviations) might not be the complete header name because headers can
879 contain any printing characters in their names, except ':'. This function is
880 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
881 on the end, if the name was terminated by white space.
882
883 Arguments:
884 name points to a buffer in which the name read so far exists
885 max is the length of the buffer
886 s points to the first character after the name so far, i.e. the
887 first non-alphameric character after $header_xxxxx
888
889 Returns: a pointer to the first character after the header name
890 */
891
892 static uschar *
893 read_header_name(uschar *name, int max, uschar *s)
894 {
895 int prelen = Ustrchr(name, '_') - name + 1;
896 int ptr = Ustrlen(name) - prelen;
897 if (ptr > 0) memmove(name, name+prelen, ptr);
898 while (mac_isgraph(*s) && *s != ':')
899 {
900 if (ptr < max-1) name[ptr++] = *s;
901 s++;
902 }
903 if (*s == ':') s++;
904 name[ptr++] = ':';
905 name[ptr] = 0;
906 return s;
907 }
908
909
910
911 /*************************************************
912 * Pick out a number from a string *
913 *************************************************/
914
915 /* Arguments:
916 n points to an integer into which to put the number
917 s points to the first digit of the number
918
919 Returns: a pointer to the character after the last digit
920 */
921
922 static uschar *
923 read_number(int *n, uschar *s)
924 {
925 *n = 0;
926 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
927 return s;
928 }
929
930
931
932 /*************************************************
933 * Extract keyed subfield from a string *
934 *************************************************/
935
936 /* The yield is in dynamic store; NULL means that the key was not found.
937
938 Arguments:
939 key points to the name of the key
940 s points to the string from which to extract the subfield
941
942 Returns: NULL if the subfield was not found, or
943 a pointer to the subfield's data
944 */
945
946 static uschar *
947 expand_getkeyed(uschar *key, uschar *s)
948 {
949 int length = Ustrlen(key);
950 while (isspace(*s)) s++;
951
952 /* Loop to search for the key */
953
954 while (*s != 0)
955 {
956 int dkeylength;
957 uschar *data;
958 uschar *dkey = s;
959
960 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
961 dkeylength = s - dkey;
962 while (isspace(*s)) s++;
963 if (*s == '=') while (isspace((*(++s))));
964
965 data = string_dequote(&s);
966 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
967 return data;
968
969 while (isspace(*s)) s++;
970 }
971
972 return NULL;
973 }
974
975
976
977
978 /*************************************************
979 * Extract numbered subfield from string *
980 *************************************************/
981
982 /* Extracts a numbered field from a string that is divided by tokens - for
983 example a line from /etc/passwd is divided by colon characters. First field is
984 numbered one. Negative arguments count from the right. Zero returns the whole
985 string. Returns NULL if there are insufficient tokens in the string
986
987 ***WARNING***
988 Modifies final argument - this is a dynamically generated string, so that's OK.
989
990 Arguments:
991 field number of field to be extracted,
992 first field = 1, whole string = 0, last field = -1
993 separators characters that are used to break string into tokens
994 s points to the string from which to extract the subfield
995
996 Returns: NULL if the field was not found,
997 a pointer to the field's data inside s (modified to add 0)
998 */
999
1000 static uschar *
1001 expand_gettokened (int field, uschar *separators, uschar *s)
1002 {
1003 int sep = 1;
1004 int count;
1005 uschar *ss = s;
1006 uschar *fieldtext = NULL;
1007
1008 if (field == 0) return s;
1009
1010 /* Break the line up into fields in place; for field > 0 we stop when we have
1011 done the number of fields we want. For field < 0 we continue till the end of
1012 the string, counting the number of fields. */
1013
1014 count = (field > 0)? field : INT_MAX;
1015
1016 while (count-- > 0)
1017 {
1018 size_t len;
1019
1020 /* Previous field was the last one in the string. For a positive field
1021 number, this means there are not enough fields. For a negative field number,
1022 check that there are enough, and scan back to find the one that is wanted. */
1023
1024 if (sep == 0)
1025 {
1026 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
1027 if ((-field) == (INT_MAX - count - 1)) return s;
1028 while (field++ < 0)
1029 {
1030 ss--;
1031 while (ss[-1] != 0) ss--;
1032 }
1033 fieldtext = ss;
1034 break;
1035 }
1036
1037 /* Previous field was not last in the string; save its start and put a
1038 zero at its end. */
1039
1040 fieldtext = ss;
1041 len = Ustrcspn(ss, separators);
1042 sep = ss[len];
1043 ss[len] = 0;
1044 ss += len + 1;
1045 }
1046
1047 return fieldtext;
1048 }
1049
1050
1051
1052 /*************************************************
1053 * Extract a substring from a string *
1054 *************************************************/
1055
1056 /* Perform the ${substr or ${length expansion operations.
1057
1058 Arguments:
1059 subject the input string
1060 value1 the offset from the start of the input string to the start of
1061 the output string; if negative, count from the right.
1062 value2 the length of the output string, or negative (-1) for unset
1063 if value1 is positive, unset means "all after"
1064 if value1 is negative, unset means "all before"
1065 len set to the length of the returned string
1066
1067 Returns: pointer to the output string, or NULL if there is an error
1068 */
1069
1070 static uschar *
1071 extract_substr(uschar *subject, int value1, int value2, int *len)
1072 {
1073 int sublen = Ustrlen(subject);
1074
1075 if (value1 < 0) /* count from right */
1076 {
1077 value1 += sublen;
1078
1079 /* If the position is before the start, skip to the start, and adjust the
1080 length. If the length ends up negative, the substring is null because nothing
1081 can precede. This falls out naturally when the length is unset, meaning "all
1082 to the left". */
1083
1084 if (value1 < 0)
1085 {
1086 value2 += value1;
1087 if (value2 < 0) value2 = 0;
1088 value1 = 0;
1089 }
1090
1091 /* Otherwise an unset length => characters before value1 */
1092
1093 else if (value2 < 0)
1094 {
1095 value2 = value1;
1096 value1 = 0;
1097 }
1098 }
1099
1100 /* For a non-negative offset, if the starting position is past the end of the
1101 string, the result will be the null string. Otherwise, an unset length means
1102 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1103
1104 else
1105 {
1106 if (value1 > sublen)
1107 {
1108 value1 = sublen;
1109 value2 = 0;
1110 }
1111 else if (value2 < 0) value2 = sublen;
1112 }
1113
1114 /* Cut the length down to the maximum possible for the offset value, and get
1115 the required characters. */
1116
1117 if (value1 + value2 > sublen) value2 = sublen - value1;
1118 *len = value2;
1119 return subject + value1;
1120 }
1121
1122
1123
1124
1125 /*************************************************
1126 * Old-style hash of a string *
1127 *************************************************/
1128
1129 /* Perform the ${hash expansion operation.
1130
1131 Arguments:
1132 subject the input string (an expanded substring)
1133 value1 the length of the output string; if greater or equal to the
1134 length of the input string, the input string is returned
1135 value2 the number of hash characters to use, or 26 if negative
1136 len set to the length of the returned string
1137
1138 Returns: pointer to the output string, or NULL if there is an error
1139 */
1140
1141 static uschar *
1142 compute_hash(uschar *subject, int value1, int value2, int *len)
1143 {
1144 int sublen = Ustrlen(subject);
1145
1146 if (value2 < 0) value2 = 26;
1147 else if (value2 > Ustrlen(hashcodes))
1148 {
1149 expand_string_message =
1150 string_sprintf("hash count \"%d\" too big", value2);
1151 return NULL;
1152 }
1153
1154 /* Calculate the hash text. We know it is shorter than the original string, so
1155 can safely place it in subject[] (we know that subject is always itself an
1156 expanded substring). */
1157
1158 if (value1 < sublen)
1159 {
1160 int c;
1161 int i = 0;
1162 int j = value1;
1163 while ((c = (subject[j])) != 0)
1164 {
1165 int shift = (c + j++) & 7;
1166 subject[i] ^= (c << shift) | (c >> (8-shift));
1167 if (++i >= value1) i = 0;
1168 }
1169 for (i = 0; i < value1; i++)
1170 subject[i] = hashcodes[(subject[i]) % value2];
1171 }
1172 else value1 = sublen;
1173
1174 *len = value1;
1175 return subject;
1176 }
1177
1178
1179
1180
1181 /*************************************************
1182 * Numeric hash of a string *
1183 *************************************************/
1184
1185 /* Perform the ${nhash expansion operation. The first characters of the
1186 string are treated as most important, and get the highest prime numbers.
1187
1188 Arguments:
1189 subject the input string
1190 value1 the maximum value of the first part of the result
1191 value2 the maximum value of the second part of the result,
1192 or negative to produce only a one-part result
1193 len set to the length of the returned string
1194
1195 Returns: pointer to the output string, or NULL if there is an error.
1196 */
1197
1198 static uschar *
1199 compute_nhash (uschar *subject, int value1, int value2, int *len)
1200 {
1201 uschar *s = subject;
1202 int i = 0;
1203 unsigned long int total = 0; /* no overflow */
1204
1205 while (*s != 0)
1206 {
1207 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1208 total += prime[i--] * (unsigned int)(*s++);
1209 }
1210
1211 /* If value2 is unset, just compute one number */
1212
1213 if (value2 < 0)
1214 {
1215 s = string_sprintf("%d", total % value1);
1216 }
1217
1218 /* Otherwise do a div/mod hash */
1219
1220 else
1221 {
1222 total = total % (value1 * value2);
1223 s = string_sprintf("%d/%d", total/value2, total % value2);
1224 }
1225
1226 *len = Ustrlen(s);
1227 return s;
1228 }
1229
1230
1231
1232
1233
1234 /*************************************************
1235 * Find the value of a header or headers *
1236 *************************************************/
1237
1238 /* Multiple instances of the same header get concatenated, and this function
1239 can also return a concatenation of all the header lines. When concatenating
1240 specific headers that contain lists of addresses, a comma is inserted between
1241 them. Otherwise we use a straight concatenation. Because some messages can have
1242 pathologically large number of lines, there is a limit on the length that is
1243 returned. Also, to avoid massive store use which would result from using
1244 string_cat() as it copies and extends strings, we do a preliminary pass to find
1245 out exactly how much store will be needed. On "normal" messages this will be
1246 pretty trivial.
1247
1248 Arguments:
1249 name the name of the header, without the leading $header_ or $h_,
1250 or NULL if a concatenation of all headers is required
1251 exists_only TRUE if called from a def: test; don't need to build a string;
1252 just return a string that is not "" and not "0" if the header
1253 exists
1254 newsize return the size of memory block that was obtained; may be NULL
1255 if exists_only is TRUE
1256 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1257 other than concatenating, will be done on the header. Also used
1258 for $message_headers_raw.
1259 charset name of charset to translate MIME words to; used only if
1260 want_raw is false; if NULL, no translation is done (this is
1261 used for $bh_ and $bheader_)
1262
1263 Returns: NULL if the header does not exist, else a pointer to a new
1264 store block
1265 */
1266
1267 static uschar *
1268 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1269 uschar *charset)
1270 {
1271 BOOL found = name == NULL;
1272 int comma = 0;
1273 int len = found? 0 : Ustrlen(name);
1274 int i;
1275 uschar *yield = NULL;
1276 uschar *ptr = NULL;
1277
1278 /* Loop for two passes - saves code repetition */
1279
1280 for (i = 0; i < 2; i++)
1281 {
1282 int size = 0;
1283 header_line *h;
1284
1285 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1286 {
1287 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1288 {
1289 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1290 {
1291 int ilen;
1292 uschar *t;
1293
1294 if (exists_only) return US"1"; /* don't need actual string */
1295 found = TRUE;
1296 t = h->text + len; /* text to insert */
1297 if (!want_raw) /* unless wanted raw, */
1298 while (isspace(*t)) t++; /* remove leading white space */
1299 ilen = h->slen - (t - h->text); /* length to insert */
1300
1301 /* Unless wanted raw, remove trailing whitespace, including the
1302 newline. */
1303
1304 if (!want_raw)
1305 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1306
1307 /* Set comma = 1 if handling a single header and it's one of those
1308 that contains an address list, except when asked for raw headers. Only
1309 need to do this once. */
1310
1311 if (!want_raw && name != NULL && comma == 0 &&
1312 Ustrchr("BCFRST", h->type) != NULL)
1313 comma = 1;
1314
1315 /* First pass - compute total store needed; second pass - compute
1316 total store used, including this header. */
1317
1318 size += ilen + comma + 1; /* +1 for the newline */
1319
1320 /* Second pass - concatentate the data, up to a maximum. Note that
1321 the loop stops when size hits the limit. */
1322
1323 if (i != 0)
1324 {
1325 if (size > header_insert_maxlen)
1326 {
1327 ilen -= size - header_insert_maxlen - 1;
1328 comma = 0;
1329 }
1330 Ustrncpy(ptr, t, ilen);
1331 ptr += ilen;
1332
1333 /* For a non-raw header, put in the comma if needed, then add
1334 back the newline we removed above, provided there was some text in
1335 the header. */
1336
1337 if (!want_raw && ilen > 0)
1338 {
1339 if (comma != 0) *ptr++ = ',';
1340 *ptr++ = '\n';
1341 }
1342 }
1343 }
1344 }
1345 }
1346
1347 /* At end of first pass, return NULL if no header found. Then truncate size
1348 if necessary, and get the buffer to hold the data, returning the buffer size.
1349 */
1350
1351 if (i == 0)
1352 {
1353 if (!found) return NULL;
1354 if (size > header_insert_maxlen) size = header_insert_maxlen;
1355 *newsize = size + 1;
1356 ptr = yield = store_get(*newsize);
1357 }
1358 }
1359
1360 /* That's all we do for raw header expansion. */
1361
1362 if (want_raw)
1363 {
1364 *ptr = 0;
1365 }
1366
1367 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1368 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1369 function can return an error with decoded data if the charset translation
1370 fails. If decoding fails, it returns NULL. */
1371
1372 else
1373 {
1374 uschar *decoded, *error;
1375 if (ptr > yield && ptr[-1] == '\n') ptr--;
1376 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1377 *ptr = 0;
1378 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1379 newsize, &error);
1380 if (error != NULL)
1381 {
1382 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1383 " input was: %s\n", error, yield);
1384 }
1385 if (decoded != NULL) yield = decoded;
1386 }
1387
1388 return yield;
1389 }
1390
1391
1392
1393
1394 /*************************************************
1395 * Find value of a variable *
1396 *************************************************/
1397
1398 /* The table of variables is kept in alphabetic order, so we can search it
1399 using a binary chop. The "choplen" variable is nothing to do with the binary
1400 chop.
1401
1402 Arguments:
1403 name the name of the variable being sought
1404 exists_only TRUE if this is a def: test; passed on to find_header()
1405 skipping TRUE => skip any processing evaluation; this is not the same as
1406 exists_only because def: may test for values that are first
1407 evaluated here
1408 newsize pointer to an int which is initially zero; if the answer is in
1409 a new memory buffer, *newsize is set to its size
1410
1411 Returns: NULL if the variable does not exist, or
1412 a pointer to the variable's contents, or
1413 something non-NULL if exists_only is TRUE
1414 */
1415
1416 static uschar *
1417 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1418 {
1419 int first = 0;
1420 int last = var_table_size;
1421
1422 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1423 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1424 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1425 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1426 (this gave backwards compatibility at the changeover). There may be built-in
1427 variables whose names start acl_ but they should never start in this way. This
1428 slightly messy specification is a consequence of the history, needless to say.
1429
1430 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1431 set, in which case give an error. */
1432
1433 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1434 !isalpha(name[5]))
1435 {
1436 tree_node *node =
1437 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1438 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1439 }
1440
1441 /* Handle $auth<n> variables. */
1442
1443 if (Ustrncmp(name, "auth", 4) == 0)
1444 {
1445 uschar *endptr;
1446 int n = Ustrtoul(name + 4, &endptr, 10);
1447 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1448 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1449 }
1450
1451 /* For all other variables, search the table */
1452
1453 while (last > first)
1454 {
1455 uschar *s, *domain;
1456 uschar **ss;
1457 int middle = (first + last)/2;
1458 int c = Ustrcmp(name, var_table[middle].name);
1459
1460 if (c > 0) { first = middle + 1; continue; }
1461 if (c < 0) { last = middle; continue; }
1462
1463 /* Found an existing variable. If in skipping state, the value isn't needed,
1464 and we want to avoid processing (such as looking up the host name). */
1465
1466 if (skipping) return US"";
1467
1468 switch (var_table[middle].type)
1469 {
1470 case vtype_filter_int:
1471 if (!filter_running) return NULL;
1472 /* Fall through */
1473 /* VVVVVVVVVVVV */
1474 case vtype_int:
1475 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1476 return var_buffer;
1477
1478 case vtype_ino:
1479 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1480 return var_buffer;
1481
1482 case vtype_gid:
1483 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1484 return var_buffer;
1485
1486 case vtype_uid:
1487 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1488 return var_buffer;
1489
1490 case vtype_stringptr: /* Pointer to string */
1491 s = *((uschar **)(var_table[middle].value));
1492 return (s == NULL)? US"" : s;
1493
1494 case vtype_pid:
1495 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1496 return var_buffer;
1497
1498 case vtype_load_avg:
1499 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1500 return var_buffer;
1501
1502 case vtype_host_lookup: /* Lookup if not done so */
1503 if (sender_host_name == NULL && sender_host_address != NULL &&
1504 !host_lookup_failed && host_name_lookup() == OK)
1505 host_build_sender_fullhost();
1506 return (sender_host_name == NULL)? US"" : sender_host_name;
1507
1508 case vtype_localpart: /* Get local part from address */
1509 s = *((uschar **)(var_table[middle].value));
1510 if (s == NULL) return US"";
1511 domain = Ustrrchr(s, '@');
1512 if (domain == NULL) return s;
1513 if (domain - s > sizeof(var_buffer) - 1)
1514 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1515 "string expansion", sizeof(var_buffer));
1516 Ustrncpy(var_buffer, s, domain - s);
1517 var_buffer[domain - s] = 0;
1518 return var_buffer;
1519
1520 case vtype_domain: /* Get domain from address */
1521 s = *((uschar **)(var_table[middle].value));
1522 if (s == NULL) return US"";
1523 domain = Ustrrchr(s, '@');
1524 return (domain == NULL)? US"" : domain + 1;
1525
1526 case vtype_msgheaders:
1527 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1528
1529 case vtype_msgheaders_raw:
1530 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1531
1532 case vtype_msgbody: /* Pointer to msgbody string */
1533 case vtype_msgbody_end: /* Ditto, the end of the msg */
1534 ss = (uschar **)(var_table[middle].value);
1535 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1536 {
1537 uschar *body;
1538 off_t start_offset = SPOOL_DATA_START_OFFSET;
1539 int len = message_body_visible;
1540 if (len > message_size) len = message_size;
1541 *ss = body = store_malloc(len+1);
1542 body[0] = 0;
1543 if (var_table[middle].type == vtype_msgbody_end)
1544 {
1545 struct stat statbuf;
1546 if (fstat(deliver_datafile, &statbuf) == 0)
1547 {
1548 start_offset = statbuf.st_size - len;
1549 if (start_offset < SPOOL_DATA_START_OFFSET)
1550 start_offset = SPOOL_DATA_START_OFFSET;
1551 }
1552 }
1553 lseek(deliver_datafile, start_offset, SEEK_SET);
1554 len = read(deliver_datafile, body, len);
1555 if (len > 0)
1556 {
1557 body[len] = 0;
1558 if (message_body_newlines) /* Separate loops for efficiency */
1559 {
1560 while (len > 0)
1561 { if (body[--len] == 0) body[len] = ' '; }
1562 }
1563 else
1564 {
1565 while (len > 0)
1566 { if (body[--len] == '\n' || body[len] == 0) body[len] = ' '; }
1567 }
1568 }
1569 }
1570 return (*ss == NULL)? US"" : *ss;
1571
1572 case vtype_todbsdin: /* BSD inbox time of day */
1573 return tod_stamp(tod_bsdin);
1574
1575 case vtype_tode: /* Unix epoch time of day */
1576 return tod_stamp(tod_epoch);
1577
1578 case vtype_todf: /* Full time of day */
1579 return tod_stamp(tod_full);
1580
1581 case vtype_todl: /* Log format time of day */
1582 return tod_stamp(tod_log_bare); /* (without timezone) */
1583
1584 case vtype_todzone: /* Time zone offset only */
1585 return tod_stamp(tod_zone);
1586
1587 case vtype_todzulu: /* Zulu time */
1588 return tod_stamp(tod_zulu);
1589
1590 case vtype_todlf: /* Log file datestamp tod */
1591 return tod_stamp(tod_log_datestamp_daily);
1592
1593 case vtype_reply: /* Get reply address */
1594 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1595 headers_charset);
1596 if (s != NULL) while (isspace(*s)) s++;
1597 if (s == NULL || *s == 0)
1598 {
1599 *newsize = 0; /* For the *s==0 case */
1600 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1601 }
1602 if (s != NULL)
1603 {
1604 uschar *t;
1605 while (isspace(*s)) s++;
1606 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1607 while (t > s && isspace(t[-1])) t--;
1608 *t = 0;
1609 }
1610 return (s == NULL)? US"" : s;
1611
1612 /* A recipients list is available only during system message filtering,
1613 during ACL processing after DATA, and while expanding pipe commands
1614 generated from a system filter, but not elsewhere. */
1615
1616 case vtype_recipients:
1617 if (!enable_dollar_recipients) return NULL; else
1618 {
1619 int size = 128;
1620 int ptr = 0;
1621 int i;
1622 s = store_get(size);
1623 for (i = 0; i < recipients_count; i++)
1624 {
1625 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1626 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1627 Ustrlen(recipients_list[i].address));
1628 }
1629 s[ptr] = 0; /* string_cat() leaves room */
1630 }
1631 return s;
1632
1633 case vtype_pspace:
1634 {
1635 int inodes;
1636 sprintf(CS var_buffer, "%d",
1637 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1638 }
1639 return var_buffer;
1640
1641 case vtype_pinodes:
1642 {
1643 int inodes;
1644 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1645 sprintf(CS var_buffer, "%d", inodes);
1646 }
1647 return var_buffer;
1648
1649 #ifndef DISABLE_DKIM
1650 case vtype_dkim:
1651 return dkim_exim_expand_query((int)(long)var_table[middle].value);
1652 #endif
1653
1654 }
1655 }
1656
1657 return NULL; /* Unknown variable name */
1658 }
1659
1660
1661
1662
1663 /*************************************************
1664 * Read and expand substrings *
1665 *************************************************/
1666
1667 /* This function is called to read and expand argument substrings for various
1668 expansion items. Some have a minimum requirement that is less than the maximum;
1669 in these cases, the first non-present one is set to NULL.
1670
1671 Arguments:
1672 sub points to vector of pointers to set
1673 n maximum number of substrings
1674 m minimum required
1675 sptr points to current string pointer
1676 skipping the skipping flag
1677 check_end if TRUE, check for final '}'
1678 name name of item, for error message
1679
1680 Returns: 0 OK; string pointer updated
1681 1 curly bracketing error (too few arguments)
1682 2 too many arguments (only if check_end is set); message set
1683 3 other error (expansion failure)
1684 */
1685
1686 static int
1687 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1688 BOOL check_end, uschar *name)
1689 {
1690 int i;
1691 uschar *s = *sptr;
1692
1693 while (isspace(*s)) s++;
1694 for (i = 0; i < n; i++)
1695 {
1696 if (*s != '{')
1697 {
1698 if (i < m) return 1;
1699 sub[i] = NULL;
1700 break;
1701 }
1702 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1703 if (sub[i] == NULL) return 3;
1704 if (*s++ != '}') return 1;
1705 while (isspace(*s)) s++;
1706 }
1707 if (check_end && *s++ != '}')
1708 {
1709 if (s[-1] == '{')
1710 {
1711 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1712 "(max is %d)", name, n);
1713 return 2;
1714 }
1715 return 1;
1716 }
1717
1718 *sptr = s;
1719 return 0;
1720 }
1721
1722
1723
1724
1725 /*************************************************
1726 * Elaborate message for bad variable *
1727 *************************************************/
1728
1729 /* For the "unknown variable" message, take a look at the variable's name, and
1730 give additional information about possible ACL variables. The extra information
1731 is added on to expand_string_message.
1732
1733 Argument: the name of the variable
1734 Returns: nothing
1735 */
1736
1737 static void
1738 check_variable_error_message(uschar *name)
1739 {
1740 if (Ustrncmp(name, "acl_", 4) == 0)
1741 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1742 (name[4] == 'c' || name[4] == 'm')?
1743 (isalpha(name[5])?
1744 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1745 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1746 ) :
1747 US"user-defined ACL variables must start acl_c or acl_m");
1748 }
1749
1750
1751
1752 /*************************************************
1753 * Read and evaluate a condition *
1754 *************************************************/
1755
1756 /*
1757 Arguments:
1758 s points to the start of the condition text
1759 yield points to a BOOL to hold the result of the condition test;
1760 if NULL, we are just reading through a condition that is
1761 part of an "or" combination to check syntax, or in a state
1762 where the answer isn't required
1763
1764 Returns: a pointer to the first character after the condition, or
1765 NULL after an error
1766 */
1767
1768 static uschar *
1769 eval_condition(uschar *s, BOOL *yield)
1770 {
1771 BOOL testfor = TRUE;
1772 BOOL tempcond, combined_cond;
1773 BOOL *subcondptr;
1774 int i, rc, cond_type, roffset;
1775 int num[2];
1776 struct stat statbuf;
1777 uschar name[256];
1778 uschar *sub[4];
1779
1780 const pcre *re;
1781 const uschar *rerror;
1782
1783 for (;;)
1784 {
1785 while (isspace(*s)) s++;
1786 if (*s == '!') { testfor = !testfor; s++; } else break;
1787 }
1788
1789 /* Numeric comparisons are symbolic */
1790
1791 if (*s == '=' || *s == '>' || *s == '<')
1792 {
1793 int p = 0;
1794 name[p++] = *s++;
1795 if (*s == '=')
1796 {
1797 name[p++] = '=';
1798 s++;
1799 }
1800 name[p] = 0;
1801 }
1802
1803 /* All other conditions are named */
1804
1805 else s = read_name(name, 256, s, US"_");
1806
1807 /* If we haven't read a name, it means some non-alpha character is first. */
1808
1809 if (name[0] == 0)
1810 {
1811 expand_string_message = string_sprintf("condition name expected, "
1812 "but found \"%.16s\"", s);
1813 return NULL;
1814 }
1815
1816 /* Find which condition we are dealing with, and switch on it */
1817
1818 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1819 switch(cond_type)
1820 {
1821 /* def: tests for a non-empty variable, or for the existence of a header. If
1822 yield == NULL we are in a skipping state, and don't care about the answer. */
1823
1824 case ECOND_DEF:
1825 if (*s != ':')
1826 {
1827 expand_string_message = US"\":\" expected after \"def\"";
1828 return NULL;
1829 }
1830
1831 s = read_name(name, 256, s+1, US"_");
1832
1833 /* Test for a header's existence. If the name contains a closing brace
1834 character, this may be a user error where the terminating colon has been
1835 omitted. Set a flag to adjust a subsequent error message in this case. */
1836
1837 if (Ustrncmp(name, "h_", 2) == 0 ||
1838 Ustrncmp(name, "rh_", 3) == 0 ||
1839 Ustrncmp(name, "bh_", 3) == 0 ||
1840 Ustrncmp(name, "header_", 7) == 0 ||
1841 Ustrncmp(name, "rheader_", 8) == 0 ||
1842 Ustrncmp(name, "bheader_", 8) == 0)
1843 {
1844 s = read_header_name(name, 256, s);
1845 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
1846 if (yield != NULL) *yield =
1847 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1848 }
1849
1850 /* Test for a variable's having a non-empty value. A non-existent variable
1851 causes an expansion failure. */
1852
1853 else
1854 {
1855 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1856 if (value == NULL)
1857 {
1858 expand_string_message = (name[0] == 0)?
1859 string_sprintf("variable name omitted after \"def:\"") :
1860 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1861 check_variable_error_message(name);
1862 return NULL;
1863 }
1864 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1865 }
1866
1867 return s;
1868
1869
1870 /* first_delivery tests for first delivery attempt */
1871
1872 case ECOND_FIRST_DELIVERY:
1873 if (yield != NULL) *yield = deliver_firsttime == testfor;
1874 return s;
1875
1876
1877 /* queue_running tests for any process started by a queue runner */
1878
1879 case ECOND_QUEUE_RUNNING:
1880 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1881 return s;
1882
1883
1884 /* exists: tests for file existence
1885 isip: tests for any IP address
1886 isip4: tests for an IPv4 address
1887 isip6: tests for an IPv6 address
1888 pam: does PAM authentication
1889 radius: does RADIUS authentication
1890 ldapauth: does LDAP authentication
1891 pwcheck: does Cyrus SASL pwcheck authentication
1892 */
1893
1894 case ECOND_EXISTS:
1895 case ECOND_ISIP:
1896 case ECOND_ISIP4:
1897 case ECOND_ISIP6:
1898 case ECOND_PAM:
1899 case ECOND_RADIUS:
1900 case ECOND_LDAPAUTH:
1901 case ECOND_PWCHECK:
1902
1903 while (isspace(*s)) s++;
1904 if (*s != '{') goto COND_FAILED_CURLY_START;
1905
1906 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1907 if (sub[0] == NULL) return NULL;
1908 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1909
1910 if (yield == NULL) return s; /* No need to run the test if skipping */
1911
1912 switch(cond_type)
1913 {
1914 case ECOND_EXISTS:
1915 if ((expand_forbid & RDO_EXISTS) != 0)
1916 {
1917 expand_string_message = US"File existence tests are not permitted";
1918 return NULL;
1919 }
1920 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1921 break;
1922
1923 case ECOND_ISIP:
1924 case ECOND_ISIP4:
1925 case ECOND_ISIP6:
1926 rc = string_is_ip_address(sub[0], NULL);
1927 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
1928 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1929 break;
1930
1931 /* Various authentication tests - all optionally compiled */
1932
1933 case ECOND_PAM:
1934 #ifdef SUPPORT_PAM
1935 rc = auth_call_pam(sub[0], &expand_string_message);
1936 goto END_AUTH;
1937 #else
1938 goto COND_FAILED_NOT_COMPILED;
1939 #endif /* SUPPORT_PAM */
1940
1941 case ECOND_RADIUS:
1942 #ifdef RADIUS_CONFIG_FILE
1943 rc = auth_call_radius(sub[0], &expand_string_message);
1944 goto END_AUTH;
1945 #else
1946 goto COND_FAILED_NOT_COMPILED;
1947 #endif /* RADIUS_CONFIG_FILE */
1948
1949 case ECOND_LDAPAUTH:
1950 #ifdef LOOKUP_LDAP
1951 {
1952 /* Just to keep the interface the same */
1953 BOOL do_cache;
1954 int old_pool = store_pool;
1955 store_pool = POOL_SEARCH;
1956 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1957 &expand_string_message, &do_cache);
1958 store_pool = old_pool;
1959 }
1960 goto END_AUTH;
1961 #else
1962 goto COND_FAILED_NOT_COMPILED;
1963 #endif /* LOOKUP_LDAP */
1964
1965 case ECOND_PWCHECK:
1966 #ifdef CYRUS_PWCHECK_SOCKET
1967 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1968 goto END_AUTH;
1969 #else
1970 goto COND_FAILED_NOT_COMPILED;
1971 #endif /* CYRUS_PWCHECK_SOCKET */
1972
1973 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1974 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1975 END_AUTH:
1976 if (rc == ERROR || rc == DEFER) return NULL;
1977 *yield = (rc == OK) == testfor;
1978 #endif
1979 }
1980 return s;
1981
1982
1983 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1984
1985 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1986
1987 However, the last two are optional. That is why the whole set is enclosed
1988 in their own set or braces. */
1989
1990 case ECOND_SASLAUTHD:
1991 #ifndef CYRUS_SASLAUTHD_SOCKET
1992 goto COND_FAILED_NOT_COMPILED;
1993 #else
1994 while (isspace(*s)) s++;
1995 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1996 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1997 {
1998 case 1: expand_string_message = US"too few arguments or bracketing "
1999 "error for saslauthd";
2000 case 2:
2001 case 3: return NULL;
2002 }
2003 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
2004 if (yield != NULL)
2005 {
2006 int rc;
2007 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
2008 &expand_string_message);
2009 if (rc == ERROR || rc == DEFER) return NULL;
2010 *yield = (rc == OK) == testfor;
2011 }
2012 return s;
2013 #endif /* CYRUS_SASLAUTHD_SOCKET */
2014
2015
2016 /* symbolic operators for numeric and string comparison, and a number of
2017 other operators, all requiring two arguments.
2018
2019 match: does a regular expression match and sets up the numerical
2020 variables if it succeeds
2021 match_address: matches in an address list
2022 match_domain: matches in a domain list
2023 match_ip: matches a host list that is restricted to IP addresses
2024 match_local_part: matches in a local part list
2025 crypteq: encrypts plaintext and compares against an encrypted text,
2026 using crypt(), crypt16(), MD5 or SHA-1
2027 */
2028
2029 case ECOND_MATCH:
2030 case ECOND_MATCH_ADDRESS:
2031 case ECOND_MATCH_DOMAIN:
2032 case ECOND_MATCH_IP:
2033 case ECOND_MATCH_LOCAL_PART:
2034 case ECOND_CRYPTEQ:
2035
2036 case ECOND_NUM_L: /* Numerical comparisons */
2037 case ECOND_NUM_LE:
2038 case ECOND_NUM_E:
2039 case ECOND_NUM_EE:
2040 case ECOND_NUM_G:
2041 case ECOND_NUM_GE:
2042
2043 case ECOND_STR_LT: /* String comparisons */
2044 case ECOND_STR_LTI:
2045 case ECOND_STR_LE:
2046 case ECOND_STR_LEI:
2047 case ECOND_STR_EQ:
2048 case ECOND_STR_EQI:
2049 case ECOND_STR_GT:
2050 case ECOND_STR_GTI:
2051 case ECOND_STR_GE:
2052 case ECOND_STR_GEI:
2053
2054 for (i = 0; i < 2; i++)
2055 {
2056 while (isspace(*s)) s++;
2057 if (*s != '{')
2058 {
2059 if (i == 0) goto COND_FAILED_CURLY_START;
2060 expand_string_message = string_sprintf("missing 2nd string in {} "
2061 "after \"%s\"", name);
2062 return NULL;
2063 }
2064 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
2065 if (sub[i] == NULL) return NULL;
2066 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2067
2068 /* Convert to numerical if required; we know that the names of all the
2069 conditions that compare numbers do not start with a letter. This just saves
2070 checking for them individually. */
2071
2072 if (!isalpha(name[0]) && yield != NULL)
2073 {
2074 if (sub[i][0] == 0)
2075 {
2076 num[i] = 0;
2077 DEBUG(D_expand)
2078 debug_printf("empty string cast to zero for numerical comparison\n");
2079 }
2080 else
2081 {
2082 num[i] = expand_string_integer(sub[i], FALSE);
2083 if (expand_string_message != NULL) return NULL;
2084 }
2085 }
2086 }
2087
2088 /* Result not required */
2089
2090 if (yield == NULL) return s;
2091
2092 /* Do an appropriate comparison */
2093
2094 switch(cond_type)
2095 {
2096 case ECOND_NUM_E:
2097 case ECOND_NUM_EE:
2098 *yield = (num[0] == num[1]) == testfor;
2099 break;
2100
2101 case ECOND_NUM_G:
2102 *yield = (num[0] > num[1]) == testfor;
2103 break;
2104
2105 case ECOND_NUM_GE:
2106 *yield = (num[0] >= num[1]) == testfor;
2107 break;
2108
2109 case ECOND_NUM_L:
2110 *yield = (num[0] < num[1]) == testfor;
2111 break;
2112
2113 case ECOND_NUM_LE:
2114 *yield = (num[0] <= num[1]) == testfor;
2115 break;
2116
2117 case ECOND_STR_LT:
2118 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
2119 break;
2120
2121 case ECOND_STR_LTI:
2122 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
2123 break;
2124
2125 case ECOND_STR_LE:
2126 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
2127 break;
2128
2129 case ECOND_STR_LEI:
2130 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
2131 break;
2132
2133 case ECOND_STR_EQ:
2134 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
2135 break;
2136
2137 case ECOND_STR_EQI:
2138 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
2139 break;
2140
2141 case ECOND_STR_GT:
2142 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
2143 break;
2144
2145 case ECOND_STR_GTI:
2146 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
2147 break;
2148
2149 case ECOND_STR_GE:
2150 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2151 break;
2152
2153 case ECOND_STR_GEI:
2154 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2155 break;
2156
2157 case ECOND_MATCH: /* Regular expression match */
2158 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2159 NULL);
2160 if (re == NULL)
2161 {
2162 expand_string_message = string_sprintf("regular expression error in "
2163 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2164 return NULL;
2165 }
2166 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2167 break;
2168
2169 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2170 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2171 goto MATCHED_SOMETHING;
2172
2173 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2174 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2175 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2176 goto MATCHED_SOMETHING;
2177
2178 case ECOND_MATCH_IP: /* Match IP address in a host list */
2179 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2180 {
2181 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2182 sub[0]);
2183 return NULL;
2184 }
2185 else
2186 {
2187 unsigned int *nullcache = NULL;
2188 check_host_block cb;
2189
2190 cb.host_name = US"";
2191 cb.host_address = sub[0];
2192
2193 /* If the host address starts off ::ffff: it is an IPv6 address in
2194 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2195 addresses. */
2196
2197 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2198 cb.host_address + 7 : cb.host_address;
2199
2200 rc = match_check_list(
2201 &sub[1], /* the list */
2202 0, /* separator character */
2203 &hostlist_anchor, /* anchor pointer */
2204 &nullcache, /* cache pointer */
2205 check_host, /* function for testing */
2206 &cb, /* argument for function */
2207 MCL_HOST, /* type of check */
2208 sub[0], /* text for debugging */
2209 NULL); /* where to pass back data */
2210 }
2211 goto MATCHED_SOMETHING;
2212
2213 case ECOND_MATCH_LOCAL_PART:
2214 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2215 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2216 /* Fall through */
2217 /* VVVVVVVVVVVV */
2218 MATCHED_SOMETHING:
2219 switch(rc)
2220 {
2221 case OK:
2222 *yield = testfor;
2223 break;
2224
2225 case FAIL:
2226 *yield = !testfor;
2227 break;
2228
2229 case DEFER:
2230 expand_string_message = string_sprintf("unable to complete match "
2231 "against \"%s\": %s", sub[1], search_error_message);
2232 return NULL;
2233 }
2234
2235 break;
2236
2237 /* Various "encrypted" comparisons. If the second string starts with
2238 "{" then an encryption type is given. Default to crypt() or crypt16()
2239 (build-time choice). */
2240
2241 case ECOND_CRYPTEQ:
2242 #ifndef SUPPORT_CRYPTEQ
2243 goto COND_FAILED_NOT_COMPILED;
2244 #else
2245 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2246 {
2247 int sublen = Ustrlen(sub[1]+5);
2248 md5 base;
2249 uschar digest[16];
2250
2251 md5_start(&base);
2252 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2253
2254 /* If the length that we are comparing against is 24, the MD5 digest
2255 is expressed as a base64 string. This is the way LDAP does it. However,
2256 some other software uses a straightforward hex representation. We assume
2257 this if the length is 32. Other lengths fail. */
2258
2259 if (sublen == 24)
2260 {
2261 uschar *coded = auth_b64encode((uschar *)digest, 16);
2262 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2263 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2264 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2265 }
2266 else if (sublen == 32)
2267 {
2268 int i;
2269 uschar coded[36];
2270 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2271 coded[32] = 0;
2272 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2273 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2274 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2275 }
2276 else
2277 {
2278 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2279 "fail\n crypted=%s\n", sub[1]+5);
2280 *yield = !testfor;
2281 }
2282 }
2283
2284 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2285 {
2286 int sublen = Ustrlen(sub[1]+6);
2287 sha1 base;
2288 uschar digest[20];
2289
2290 sha1_start(&base);
2291 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2292
2293 /* If the length that we are comparing against is 28, assume the SHA1
2294 digest is expressed as a base64 string. If the length is 40, assume a
2295 straightforward hex representation. Other lengths fail. */
2296
2297 if (sublen == 28)
2298 {
2299 uschar *coded = auth_b64encode((uschar *)digest, 20);
2300 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2301 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2302 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2303 }
2304 else if (sublen == 40)
2305 {
2306 int i;
2307 uschar coded[44];
2308 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2309 coded[40] = 0;
2310 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2311 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2312 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2313 }
2314 else
2315 {
2316 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2317 "fail\n crypted=%s\n", sub[1]+6);
2318 *yield = !testfor;
2319 }
2320 }
2321
2322 else /* {crypt} or {crypt16} and non-{ at start */
2323 {
2324 int which = 0;
2325 uschar *coded;
2326
2327 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2328 {
2329 sub[1] += 7;
2330 which = 1;
2331 }
2332 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2333 {
2334 sub[1] += 9;
2335 which = 2;
2336 }
2337 else if (sub[1][0] == '{')
2338 {
2339 expand_string_message = string_sprintf("unknown encryption mechanism "
2340 "in \"%s\"", sub[1]);
2341 return NULL;
2342 }
2343
2344 switch(which)
2345 {
2346 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2347 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2348 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2349 }
2350
2351 #define STR(s) # s
2352 #define XSTR(s) STR(s)
2353 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2354 " subject=%s\n crypted=%s\n",
2355 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2356 coded, sub[1]);
2357 #undef STR
2358 #undef XSTR
2359
2360 /* If the encrypted string contains fewer than two characters (for the
2361 salt), force failure. Otherwise we get false positives: with an empty
2362 string the yield of crypt() is an empty string! */
2363
2364 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2365 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2366 }
2367 break;
2368 #endif /* SUPPORT_CRYPTEQ */
2369 } /* Switch for comparison conditions */
2370
2371 return s; /* End of comparison conditions */
2372
2373
2374 /* and/or: computes logical and/or of several conditions */
2375
2376 case ECOND_AND:
2377 case ECOND_OR:
2378 subcondptr = (yield == NULL)? NULL : &tempcond;
2379 combined_cond = (cond_type == ECOND_AND);
2380
2381 while (isspace(*s)) s++;
2382 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2383
2384 for (;;)
2385 {
2386 while (isspace(*s)) s++;
2387 if (*s == '}') break;
2388 if (*s != '{')
2389 {
2390 expand_string_message = string_sprintf("each subcondition "
2391 "inside an \"%s{...}\" condition must be in its own {}", name);
2392 return NULL;
2393 }
2394
2395 s = eval_condition(s+1, subcondptr);
2396 if (s == NULL)
2397 {
2398 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2399 expand_string_message, name);
2400 return NULL;
2401 }
2402 while (isspace(*s)) s++;
2403
2404 if (*s++ != '}')
2405 {
2406 expand_string_message = string_sprintf("missing } at end of condition "
2407 "inside \"%s\" group", name);
2408 return NULL;
2409 }
2410
2411 if (yield != NULL)
2412 {
2413 if (cond_type == ECOND_AND)
2414 {
2415 combined_cond &= tempcond;
2416 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2417 } /* evaluate any more */
2418 else
2419 {
2420 combined_cond |= tempcond;
2421 if (combined_cond) subcondptr = NULL; /* once true, don't */
2422 } /* evaluate any more */
2423 }
2424 }
2425
2426 if (yield != NULL) *yield = (combined_cond == testfor);
2427 return ++s;
2428
2429
2430 /* forall/forany: iterates a condition with different values */
2431
2432 case ECOND_FORALL:
2433 case ECOND_FORANY:
2434 {
2435 int sep = 0;
2436 uschar *save_iterate_item = iterate_item;
2437
2438 while (isspace(*s)) s++;
2439 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2440 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL));
2441 if (sub[0] == NULL) return NULL;
2442 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2443
2444 while (isspace(*s)) s++;
2445 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2446
2447 sub[1] = s;
2448
2449 /* Call eval_condition once, with result discarded (as if scanning a
2450 "false" part). This allows us to find the end of the condition, because if
2451 the list it empty, we won't actually evaluate the condition for real. */
2452
2453 s = eval_condition(sub[1], NULL);
2454 if (s == NULL)
2455 {
2456 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2457 expand_string_message, name);
2458 return NULL;
2459 }
2460 while (isspace(*s)) s++;
2461
2462 if (*s++ != '}')
2463 {
2464 expand_string_message = string_sprintf("missing } at end of condition "
2465 "inside \"%s\"", name);
2466 return NULL;
2467 }
2468
2469 if (yield != NULL) *yield = !testfor;
2470 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2471 {
2472 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2473 if (eval_condition(sub[1], &tempcond) == NULL)
2474 {
2475 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2476 expand_string_message, name);
2477 iterate_item = save_iterate_item;
2478 return NULL;
2479 }
2480 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2481 tempcond? "true":"false");
2482
2483 if (yield != NULL) *yield = (tempcond == testfor);
2484 if (tempcond == (cond_type == ECOND_FORANY)) break;
2485 }
2486
2487 iterate_item = save_iterate_item;
2488 return s;
2489 }
2490
2491
2492 /* The bool{} expansion condition maps a string to boolean.
2493 The values supported should match those supported by the ACL condition
2494 (acl.c, ACLC_CONDITION) so that we keep to a minimum the different ideas
2495 of true/false. Note that Router "condition" rules have a different
2496 interpretation, where general data can be used and only a few values
2497 map to FALSE.
2498 Note that readconf.c boolean matching, for boolean configuration options,
2499 only matches true/yes/false/no.
2500 The bool_lax{} condition matches the Router logic, which is much more
2501 liberal. */
2502 case ECOND_BOOL:
2503 case ECOND_BOOL_LAX:
2504 {
2505 uschar *sub_arg[1];
2506 uschar *t, *t2;
2507 uschar *ourname;
2508 size_t len;
2509 BOOL boolvalue = FALSE;
2510 while (isspace(*s)) s++;
2511 if (*s != '{') goto COND_FAILED_CURLY_START;
2512 ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
2513 switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname))
2514 {
2515 case 1: expand_string_message = string_sprintf(
2516 "too few arguments or bracketing error for %s",
2517 ourname);
2518 /*FALLTHROUGH*/
2519 case 2:
2520 case 3: return NULL;
2521 }
2522 t = sub_arg[0];
2523 while (isspace(*t)) t++;
2524 len = Ustrlen(t);
2525 if (len)
2526 {
2527 /* trailing whitespace: seems like a good idea to ignore it too */
2528 t2 = t + len - 1;
2529 while (isspace(*t2)) t2--;
2530 if (t2 != (t + len))
2531 {
2532 *++t2 = '\0';
2533 len = t2 - t;
2534 }
2535 }
2536 DEBUG(D_expand)
2537 debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
2538 /* logic for the lax case from expand_check_condition(), which also does
2539 expands, and the logic is both short and stable enough that there should
2540 be no maintenance burden from replicating it. */
2541 if (len == 0)
2542 boolvalue = FALSE;
2543 else if (Ustrspn(t, "0123456789") == len)
2544 {
2545 boolvalue = (Uatoi(t) == 0) ? FALSE : TRUE;
2546 /* expand_check_condition only does a literal string "0" check */
2547 if ((cond_type == ECOND_BOOL_LAX) && (len > 1))
2548 boolvalue = TRUE;
2549 }
2550 else if (strcmpic(t, US"true") == 0 || strcmpic(t, US"yes") == 0)
2551 boolvalue = TRUE;
2552 else if (strcmpic(t, US"false") == 0 || strcmpic(t, US"no") == 0)
2553 boolvalue = FALSE;
2554 else if (cond_type == ECOND_BOOL_LAX)
2555 boolvalue = TRUE;
2556 else
2557 {
2558 expand_string_message = string_sprintf("unrecognised boolean "
2559 "value \"%s\"", t);
2560 return NULL;
2561 }
2562 if (yield != NULL) *yield = (boolvalue == testfor);
2563 return s;
2564 }
2565
2566 /* Unknown condition */
2567
2568 default:
2569 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2570 return NULL;
2571 } /* End switch on condition type */
2572
2573 /* Missing braces at start and end of data */
2574
2575 COND_FAILED_CURLY_START:
2576 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2577 return NULL;
2578
2579 COND_FAILED_CURLY_END:
2580 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2581 name);
2582 return NULL;
2583
2584 /* A condition requires code that is not compiled */
2585
2586 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2587 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2588 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2589 COND_FAILED_NOT_COMPILED:
2590 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2591 name);
2592 return NULL;
2593 #endif
2594 }
2595
2596
2597
2598
2599 /*************************************************
2600 * Save numerical variables *
2601 *************************************************/
2602
2603 /* This function is called from items such as "if" that want to preserve and
2604 restore the numbered variables.
2605
2606 Arguments:
2607 save_expand_string points to an array of pointers to set
2608 save_expand_nlength points to an array of ints for the lengths
2609
2610 Returns: the value of expand max to save
2611 */
2612
2613 static int
2614 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2615 {
2616 int i;
2617 for (i = 0; i <= expand_nmax; i++)
2618 {
2619 save_expand_nstring[i] = expand_nstring[i];
2620 save_expand_nlength[i] = expand_nlength[i];
2621 }
2622 return expand_nmax;
2623 }
2624
2625
2626
2627 /*************************************************
2628 * Restore numerical variables *
2629 *************************************************/
2630
2631 /* This function restored saved values of numerical strings.
2632
2633 Arguments:
2634 save_expand_nmax the number of strings to restore
2635 save_expand_string points to an array of pointers
2636 save_expand_nlength points to an array of ints
2637
2638 Returns: nothing
2639 */
2640
2641 static void
2642 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2643 int *save_expand_nlength)
2644 {
2645 int i;
2646 expand_nmax = save_expand_nmax;
2647 for (i = 0; i <= expand_nmax; i++)
2648 {
2649 expand_nstring[i] = save_expand_nstring[i];
2650 expand_nlength[i] = save_expand_nlength[i];
2651 }
2652 }
2653
2654
2655
2656
2657
2658 /*************************************************
2659 * Handle yes/no substrings *
2660 *************************************************/
2661
2662 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2663 alternative substrings that depend on whether or not the condition was true,
2664 or the lookup or extraction succeeded. The substrings always have to be
2665 expanded, to check their syntax, but "skipping" is set when the result is not
2666 needed - this avoids unnecessary nested lookups.
2667
2668 Arguments:
2669 skipping TRUE if we were skipping when this item was reached
2670 yes TRUE if the first string is to be used, else use the second
2671 save_lookup a value to put back into lookup_value before the 2nd expansion
2672 sptr points to the input string pointer
2673 yieldptr points to the output string pointer
2674 sizeptr points to the output string size
2675 ptrptr points to the output string pointer
2676 type "lookup" or "if" or "extract" or "run", for error message
2677
2678 Returns: 0 OK; lookup_value has been reset to save_lookup
2679 1 expansion failed
2680 2 expansion failed because of bracketing error
2681 */
2682
2683 static int
2684 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2685 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2686 {
2687 int rc = 0;
2688 uschar *s = *sptr; /* Local value */
2689 uschar *sub1, *sub2;
2690
2691 /* If there are no following strings, we substitute the contents of $value for
2692 lookups and for extractions in the success case. For the ${if item, the string
2693 "true" is substituted. In the fail case, nothing is substituted for all three
2694 items. */
2695
2696 while (isspace(*s)) s++;
2697 if (*s == '}')
2698 {
2699 if (type[0] == 'i')
2700 {
2701 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2702 }
2703 else
2704 {
2705 if (yes && lookup_value != NULL)
2706 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2707 Ustrlen(lookup_value));
2708 lookup_value = save_lookup;
2709 }
2710 s++;
2711 goto RETURN;
2712 }
2713
2714 /* The first following string must be braced. */
2715
2716 if (*s++ != '{') goto FAILED_CURLY;
2717
2718 /* Expand the first substring. Forced failures are noticed only if we actually
2719 want this string. Set skipping in the call in the fail case (this will always
2720 be the case if we were already skipping). */
2721
2722 sub1 = expand_string_internal(s, TRUE, &s, !yes);
2723 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2724 expand_string_forcedfail = FALSE;
2725 if (*s++ != '}') goto FAILED_CURLY;
2726
2727 /* If we want the first string, add it to the output */
2728
2729 if (yes)
2730 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2731
2732 /* If this is called from a lookup or an extract, we want to restore $value to
2733 what it was at the start of the item, so that it has this value during the
2734 second string expansion. For the call from "if" or "run" to this function,
2735 save_lookup is set to lookup_value, so that this statement does nothing. */
2736
2737 lookup_value = save_lookup;
2738
2739 /* There now follows either another substring, or "fail", or nothing. This
2740 time, forced failures are noticed only if we want the second string. We must
2741 set skipping in the nested call if we don't want this string, or if we were
2742 already skipping. */
2743
2744 while (isspace(*s)) s++;
2745 if (*s == '{')
2746 {
2747 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2748 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2749 expand_string_forcedfail = FALSE;
2750 if (*s++ != '}') goto FAILED_CURLY;
2751
2752 /* If we want the second string, add it to the output */
2753
2754 if (!yes)
2755 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2756 }
2757
2758 /* If there is no second string, but the word "fail" is present when the use of
2759 the second string is wanted, set a flag indicating it was a forced failure
2760 rather than a syntactic error. Swallow the terminating } in case this is nested
2761 inside another lookup or if or extract. */
2762
2763 else if (*s != '}')
2764 {
2765 uschar name[256];
2766 s = read_name(name, sizeof(name), s, US"_");
2767 if (Ustrcmp(name, "fail") == 0)
2768 {
2769 if (!yes && !skipping)
2770 {
2771 while (isspace(*s)) s++;
2772 if (*s++ != '}') goto FAILED_CURLY;
2773 expand_string_message =
2774 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2775 expand_string_forcedfail = TRUE;
2776 goto FAILED;
2777 }
2778 }
2779 else
2780 {
2781 expand_string_message =
2782 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2783 goto FAILED;
2784 }
2785 }
2786
2787 /* All we have to do now is to check on the final closing brace. */
2788
2789 while (isspace(*s)) s++;
2790 if (*s++ == '}') goto RETURN;
2791
2792 /* Get here if there is a bracketing failure */
2793
2794 FAILED_CURLY:
2795 rc++;
2796
2797 /* Get here for other failures */
2798
2799 FAILED:
2800 rc++;
2801
2802 /* Update the input pointer value before returning */
2803
2804 RETURN:
2805 *sptr = s;
2806 return rc;
2807 }
2808
2809
2810
2811
2812 /*************************************************
2813 * Handle MD5 or SHA-1 computation for HMAC *
2814 *************************************************/
2815
2816 /* These are some wrapping functions that enable the HMAC code to be a bit
2817 cleaner. A good compiler will spot the tail recursion.
2818
2819 Arguments:
2820 type HMAC_MD5 or HMAC_SHA1
2821 remaining are as for the cryptographic hash functions
2822
2823 Returns: nothing
2824 */
2825
2826 static void
2827 chash_start(int type, void *base)
2828 {
2829 if (type == HMAC_MD5)
2830 md5_start((md5 *)base);
2831 else
2832 sha1_start((sha1 *)base);
2833 }
2834
2835 static void
2836 chash_mid(int type, void *base, uschar *string)
2837 {
2838 if (type == HMAC_MD5)
2839 md5_mid((md5 *)base, string);
2840 else
2841 sha1_mid((sha1 *)base, string);
2842 }
2843
2844 static void
2845 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2846 {
2847 if (type == HMAC_MD5)
2848 md5_end((md5 *)base, string, length, digest);
2849 else
2850 sha1_end((sha1 *)base, string, length, digest);
2851 }
2852
2853
2854
2855
2856
2857 /********************************************************
2858 * prvs: Get last three digits of days since Jan 1, 1970 *
2859 ********************************************************/
2860
2861 /* This is needed to implement the "prvs" BATV reverse
2862 path signing scheme
2863
2864 Argument: integer "days" offset to add or substract to
2865 or from the current number of days.
2866
2867 Returns: pointer to string containing the last three
2868 digits of the number of days since Jan 1, 1970,
2869 modified by the offset argument, NULL if there
2870 was an error in the conversion.
2871
2872 */
2873
2874 static uschar *
2875 prvs_daystamp(int day_offset)
2876 {
2877 uschar *days = store_get(32); /* Need at least 24 for cases */
2878 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
2879 (time(NULL) + day_offset*86400)/86400);
2880 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
2881 }
2882
2883
2884
2885 /********************************************************
2886 * prvs: perform HMAC-SHA1 computation of prvs bits *
2887 ********************************************************/
2888
2889 /* This is needed to implement the "prvs" BATV reverse
2890 path signing scheme
2891
2892 Arguments:
2893 address RFC2821 Address to use
2894 key The key to use (must be less than 64 characters
2895 in size)
2896 key_num Single-digit key number to use. Defaults to
2897 '0' when NULL.
2898
2899 Returns: pointer to string containing the first three
2900 bytes of the final hash in hex format, NULL if
2901 there was an error in the process.
2902 */
2903
2904 static uschar *
2905 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2906 {
2907 uschar *hash_source, *p;
2908 int size = 0,offset = 0,i;
2909 sha1 sha1_base;
2910 void *use_base = &sha1_base;
2911 uschar innerhash[20];
2912 uschar finalhash[20];
2913 uschar innerkey[64];
2914 uschar outerkey[64];
2915 uschar *finalhash_hex = store_get(40);
2916
2917 if (key_num == NULL)
2918 key_num = US"0";
2919
2920 if (Ustrlen(key) > 64)
2921 return NULL;
2922
2923 hash_source = string_cat(NULL,&size,&offset,key_num,1);
2924 string_cat(hash_source,&size,&offset,daystamp,3);
2925 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2926 hash_source[offset] = '\0';
2927
2928 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2929
2930 memset(innerkey, 0x36, 64);
2931 memset(outerkey, 0x5c, 64);
2932
2933 for (i = 0; i < Ustrlen(key); i++)
2934 {
2935 innerkey[i] ^= key[i];
2936 outerkey[i] ^= key[i];
2937 }
2938
2939 chash_start(HMAC_SHA1, use_base);
2940 chash_mid(HMAC_SHA1, use_base, innerkey);
2941 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2942
2943 chash_start(HMAC_SHA1, use_base);
2944 chash_mid(HMAC_SHA1, use_base, outerkey);
2945 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2946
2947 p = finalhash_hex;
2948 for (i = 0; i < 3; i++)
2949 {
2950 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2951 *p++ = hex_digits[finalhash[i] & 0x0f];
2952 }
2953 *p = '\0';
2954
2955 return finalhash_hex;
2956 }
2957
2958
2959
2960
2961 /*************************************************
2962 * Join a file onto the output string *
2963 *************************************************/
2964
2965 /* This is used for readfile and after a run expansion. It joins the contents
2966 of a file onto the output string, globally replacing newlines with a given
2967 string (optionally). The file is closed at the end.
2968
2969 Arguments:
2970 f the FILE
2971 yield pointer to the expandable string
2972 sizep pointer to the current size
2973 ptrp pointer to the current position
2974 eol newline replacement string, or NULL
2975
2976 Returns: new value of string pointer
2977 */
2978
2979 static uschar *
2980 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2981 {
2982 int eollen;
2983 uschar buffer[1024];
2984
2985 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2986
2987 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2988 {
2989 int len = Ustrlen(buffer);
2990 if (eol != NULL && buffer[len-1] == '\n') len--;
2991 yield = string_cat(yield, sizep, ptrp, buffer, len);
2992 if (buffer[len] != 0)
2993 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2994 }
2995
2996 if (yield != NULL) yield[*ptrp] = 0;
2997
2998 return yield;
2999 }
3000
3001
3002
3003
3004 /*************************************************
3005 * Evaluate numeric expression *
3006 *************************************************/
3007
3008 /* This is a set of mutually recursive functions that evaluate an arithmetic
3009 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
3010 these functions that is called from elsewhere is eval_expr, whose interface is:
3011
3012 Arguments:
3013 sptr pointer to the pointer to the string - gets updated
3014 decimal TRUE if numbers are to be assumed decimal
3015 error pointer to where to put an error message - must be NULL on input
3016 endket TRUE if ')' must terminate - FALSE for external call
3017
3018 Returns: on success: the value of the expression, with *error still NULL
3019 on failure: an undefined value, with *error = a message
3020 */
3021
3022 static int eval_op_or(uschar **, BOOL, uschar **);
3023
3024
3025 static int
3026 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
3027 {
3028 uschar *s = *sptr;
3029 int x = eval_op_or(&s, decimal, error);
3030 if (*error == NULL)
3031 {
3032 if (endket)
3033 {
3034 if (*s != ')')
3035 *error = US"expecting closing parenthesis";
3036 else
3037 while (isspace(*(++s)));
3038 }
3039 else if (*s != 0) *error = US"expecting operator";
3040 }
3041 *sptr = s;
3042 return x;
3043 }
3044
3045
3046 static int
3047 eval_number(uschar **sptr, BOOL decimal, uschar **error)
3048 {
3049 register int c;
3050 int n;
3051 uschar *s = *sptr;
3052 while (isspace(*s)) s++;
3053 c = *s;
3054 if (isdigit(c))
3055 {
3056 int count;
3057 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
3058 s += count;
3059 if (tolower(*s) == 'k') { n *= 1024; s++; }
3060 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
3061 while (isspace (*s)) s++;
3062 }
3063 else if (c == '(')
3064 {
3065 s++;
3066 n = eval_expr(&s, decimal, error, 1);
3067 }
3068 else
3069 {
3070 *error = US"expecting number or opening parenthesis";
3071 n = 0;
3072 }
3073 *sptr = s;
3074 return n;
3075 }
3076
3077
3078 static int eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
3079 {
3080 uschar *s = *sptr;
3081 int x;
3082 while (isspace(*s)) s++;
3083 if (*s == '+' || *s == '-' || *s == '~')
3084 {
3085 int op = *s++;
3086 x = eval_op_unary(&s, decimal, error);
3087 if (op == '-') x = -x;
3088 else if (op == '~') x = ~x;
3089 }
3090 else
3091 {
3092 x = eval_number(&s, decimal, error);
3093 }
3094 *sptr = s;
3095 return x;
3096 }
3097
3098
3099 static int eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
3100 {
3101 uschar *s = *sptr;
3102 int x = eval_op_unary(&s, decimal, error);
3103 if (*error == NULL)
3104 {
3105 while (*s == '*' || *s == '/' || *s == '%')
3106 {
3107 int op = *s++;
3108 int y = eval_op_unary(&s, decimal, error);
3109 if (*error != NULL) break;
3110 /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
3111 * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
3112 * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
3113 * -N*M is INT_MIN will yielf INT_MIN.
3114 * Since we don't support floating point, this is somewhat simpler.
3115 * Ideally, we'd return an error, but since we overflow for all other
3116 * arithmetic, consistency suggests otherwise, but what's the correct value
3117 * to use? There is none.
3118 * The C standard guarantees overflow for unsigned arithmetic but signed
3119 * overflow invokes undefined behaviour; in practice, this is overflow
3120 * except for converting INT_MIN to INT_MAX+1. We also can't guarantee
3121 * that long/longlong larger than int are available, or we could just work
3122 * with larger types. We should consider whether to guarantee 32bit eval
3123 * and 64-bit working variables, with errors returned. For now ...
3124 * So, the only SIGFPEs occur with a non-shrinking div/mod, thus -1; we
3125 * can just let the other invalid results occur otherwise, as they have
3126 * until now. For this one case, we can coerce.
3127 */
3128 if (y == -1 && x == INT_MIN && op != '*')
3129 {
3130 DEBUG(D_expand)
3131 debug_printf("Integer exception dodging: %d%c-1 coerced to %d\n",
3132 INT_MIN, op, INT_MAX);
3133 x = INT_MAX;
3134 continue;
3135 }
3136 if (op == '*')
3137 x *= y;
3138 else
3139 {
3140 if (y == 0)
3141 {
3142 *error = (op == '/') ? US"divide by zero" : US"modulo by zero";
3143 x = 0;
3144 break;
3145 }
3146 if (op == '/')
3147 x /= y;
3148 else
3149 x %= y;
3150 }
3151 }
3152 }
3153 *sptr = s;
3154 return x;
3155 }
3156
3157
3158 static int eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
3159 {
3160 uschar *s = *sptr;
3161 int x = eval_op_mult(&s, decimal, error);
3162 if (*error == NULL)
3163 {
3164 while (*s == '+' || *s == '-')
3165 {
3166 int op = *s++;
3167 int y = eval_op_mult(&s, decimal, error);
3168 if (*error != NULL) break;
3169 if (op == '+') x += y; else x -= y;
3170 }
3171 }
3172 *sptr = s;
3173 return x;
3174 }
3175
3176
3177 static int eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3178 {
3179 uschar *s = *sptr;
3180 int x = eval_op_sum(&s, decimal, error);
3181 if (*error == NULL)
3182 {
3183 while ((*s == '<' || *s == '>') && s[1] == s[0])
3184 {
3185 int y;
3186 int op = *s++;
3187 s++;
3188 y = eval_op_sum(&s, decimal, error);
3189 if (*error != NULL) break;
3190 if (op == '<') x <<= y; else x >>= y;
3191 }
3192 }
3193 *sptr = s;
3194 return x;
3195 }
3196
3197
3198 static int eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3199 {
3200 uschar *s = *sptr;
3201 int x = eval_op_shift(&s, decimal, error);
3202 if (*error == NULL)
3203 {
3204 while (*s == '&')
3205 {
3206 int y;
3207 s++;
3208 y = eval_op_shift(&s, decimal, error);
3209 if (*error != NULL) break;
3210 x &= y;
3211 }
3212 }
3213 *sptr = s;
3214 return x;
3215 }
3216
3217
3218 static int eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3219 {
3220 uschar *s = *sptr;
3221 int x = eval_op_and(&s, decimal, error);
3222 if (*error == NULL)
3223 {
3224 while (*s == '^')
3225 {
3226 int y;
3227 s++;
3228 y = eval_op_and(&s, decimal, error);
3229 if (*error != NULL) break;
3230 x ^= y;
3231 }
3232 }
3233 *sptr = s;
3234 return x;
3235 }
3236
3237
3238 static int eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3239 {
3240 uschar *s = *sptr;
3241 int x = eval_op_xor(&s, decimal, error);
3242 if (*error == NULL)
3243 {
3244 while (*s == '|')
3245 {
3246 int y;
3247 s++;
3248 y = eval_op_xor(&s, decimal, error);
3249 if (*error != NULL) break;
3250 x |= y;
3251 }
3252 }
3253 *sptr = s;
3254 return x;
3255 }
3256
3257
3258
3259 /*************************************************
3260 * Expand string *
3261 *************************************************/
3262
3263 /* Returns either an unchanged string, or the expanded string in stacking pool
3264 store. Interpreted sequences are:
3265
3266 \... normal escaping rules
3267 $name substitutes the variable
3268 ${name} ditto
3269 ${op:string} operates on the expanded string value
3270 ${item{arg1}{arg2}...} expands the args and then does the business
3271 some literal args are not enclosed in {}
3272
3273 There are now far too many operators and item types to make it worth listing
3274 them here in detail any more.
3275
3276 We use an internal routine recursively to handle embedded substrings. The
3277 external function follows. The yield is NULL if the expansion failed, and there
3278 are two cases: if something collapsed syntactically, or if "fail" was given
3279 as the action on a lookup failure. These can be distinguised by looking at the
3280 variable expand_string_forcedfail, which is TRUE in the latter case.
3281
3282 The skipping flag is set true when expanding a substring that isn't actually
3283 going to be used (after "if" or "lookup") and it prevents lookups from
3284 happening lower down.
3285
3286 Store usage: At start, a store block of the length of the input plus 64
3287 is obtained. This is expanded as necessary by string_cat(), which might have to
3288 get a new block, or might be able to expand the original. At the end of the
3289 function we can release any store above that portion of the yield block that
3290 was actually used. In many cases this will be optimal.
3291
3292 However: if the first item in the expansion is a variable name or header name,
3293 we reset the store before processing it; if the result is in fresh store, we
3294 use that without copying. This is helpful for expanding strings like
3295 $message_headers which can get very long.
3296
3297 There's a problem if a ${dlfunc item has side-effects that cause allocation,
3298 since resetting the store at the end of the expansion will free store that was
3299 allocated by the plugin code as well as the slop after the expanded string. So
3300 we skip any resets if ${dlfunc has been used. This is an unfortunate
3301 consequence of string expansion becoming too powerful.
3302
3303 Arguments:
3304 string the string to be expanded
3305 ket_ends true if expansion is to stop at }
3306 left if not NULL, a pointer to the first character after the
3307 expansion is placed here (typically used with ket_ends)
3308 skipping TRUE for recursive calls when the value isn't actually going
3309 to be used (to allow for optimisation)
3310
3311 Returns: NULL if expansion fails:
3312 expand_string_forcedfail is set TRUE if failure was forced
3313 expand_string_message contains a textual error message
3314 a pointer to the expanded string on success
3315 */
3316
3317 static uschar *
3318 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
3319 BOOL skipping)
3320 {
3321 int ptr = 0;
3322 int size = Ustrlen(string)+ 64;
3323 int item_type;
3324 uschar *yield = store_get(size);
3325 uschar *s = string;
3326 uschar *save_expand_nstring[EXPAND_MAXN+1];
3327 int save_expand_nlength[EXPAND_MAXN+1];
3328 BOOL resetok = TRUE;
3329
3330 expand_string_forcedfail = FALSE;
3331 expand_string_message = US"";
3332
3333 while (*s != 0)
3334 {
3335 uschar *value;
3336 uschar name[256];
3337
3338 /* \ escapes the next character, which must exist, or else
3339 the expansion fails. There's a special escape, \N, which causes
3340 copying of the subject verbatim up to the next \N. Otherwise,
3341 the escapes are the standard set. */
3342
3343 if (*s == '\\')
3344 {
3345 if (s[1] == 0)
3346 {
3347 expand_string_message = US"\\ at end of string";
3348 goto EXPAND_FAILED;
3349 }
3350
3351 if (s[1] == 'N')
3352 {
3353 uschar *t = s + 2;
3354 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3355 yield = string_cat(yield, &size, &ptr, t, s - t);
3356 if (*s != 0) s += 2;
3357 }
3358
3359 else
3360 {
3361 uschar ch[1];
3362 ch[0] = string_interpret_escape(&s);
3363 s++;
3364 yield = string_cat(yield, &size, &ptr, ch, 1);
3365 }
3366
3367 continue;
3368 }
3369
3370 /* Anything other than $ is just copied verbatim, unless we are
3371 looking for a terminating } character. */
3372
3373 if (ket_ends && *s == '}') break;
3374
3375 if (*s != '$')
3376 {
3377 yield = string_cat(yield, &size, &ptr, s++, 1);
3378 continue;
3379 }
3380
3381 /* No { after the $ - must be a plain name or a number for string
3382 match variable. There has to be a fudge for variables that are the
3383 names of header fields preceded by "$header_" because header field
3384 names can contain any printing characters except space and colon.
3385 For those that don't like typing this much, "$h_" is a synonym for
3386 "$header_". A non-existent header yields a NULL value; nothing is
3387 inserted. */
3388
3389 if (isalpha((*(++s))))
3390 {
3391 int len;
3392 int newsize = 0;
3393
3394 s = read_name(name, sizeof(name), s, US"_");
3395
3396 /* If this is the first thing to be expanded, release the pre-allocated
3397 buffer. */
3398
3399 if (ptr == 0 && yield != NULL)
3400 {
3401 if (resetok) store_reset(yield);
3402 yield = NULL;
3403 size = 0;
3404 }
3405
3406 /* Header */
3407
3408 if (Ustrncmp(name, "h_", 2) == 0 ||
3409 Ustrncmp(name, "rh_", 3) == 0 ||
3410 Ustrncmp(name, "bh_", 3) == 0 ||
3411 Ustrncmp(name, "header_", 7) == 0 ||
3412 Ustrncmp(name, "rheader_", 8) == 0 ||
3413 Ustrncmp(name, "bheader_", 8) == 0)
3414 {
3415 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3416 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3417 s = read_header_name(name, sizeof(name), s);
3418 value = find_header(name, FALSE, &newsize, want_raw, charset);
3419
3420 /* If we didn't find the header, and the header contains a closing brace
3421 character, this may be a user error where the terminating colon
3422 has been omitted. Set a flag to adjust the error message in this case.
3423 But there is no error here - nothing gets inserted. */
3424
3425 if (value == NULL)
3426 {
3427 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3428 continue;
3429 }
3430 }
3431
3432 /* Variable */
3433
3434 else
3435 {
3436 value = find_variable(name, FALSE, skipping, &newsize);
3437 if (value == NULL)
3438 {
3439 expand_string_message =
3440 string_sprintf("unknown variable name \"%s\"", name);
3441 check_variable_error_message(name);
3442 goto EXPAND_FAILED;
3443 }
3444 }
3445
3446 /* If the data is known to be in a new buffer, newsize will be set to the
3447 size of that buffer. If this is the first thing in an expansion string,
3448 yield will be NULL; just point it at the new store instead of copying. Many
3449 expansion strings contain just one reference, so this is a useful
3450 optimization, especially for humungous headers. */
3451
3452 len = Ustrlen(value);
3453 if (yield == NULL && newsize != 0)
3454 {
3455 yield = value;
3456 size = newsize;
3457 ptr = len;
3458 }
3459 else yield = string_cat(yield, &size, &ptr, value, len);
3460
3461 continue;
3462 }
3463
3464 if (isdigit(*s))
3465 {
3466 int n;
3467 s = read_number(&n, s);
3468 if (n >= 0 && n <= expand_nmax)
3469 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3470 expand_nlength[n]);
3471 continue;
3472 }
3473
3474 /* Otherwise, if there's no '{' after $ it's an error. */
3475
3476 if (*s != '{')
3477 {
3478 expand_string_message = US"$ not followed by letter, digit, or {";
3479 goto EXPAND_FAILED;
3480 }
3481
3482 /* After { there can be various things, but they all start with
3483 an initial word, except for a number for a string match variable. */
3484
3485 if (isdigit((*(++s))))
3486 {
3487 int n;
3488 s = read_number(&n, s);
3489 if (*s++ != '}')
3490 {
3491 expand_string_message = US"} expected after number";
3492 goto EXPAND_FAILED;
3493 }
3494 if (n >= 0 && n <= expand_nmax)
3495 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3496 expand_nlength[n]);
3497 continue;
3498 }
3499
3500 if (!isalpha(*s))
3501 {
3502 expand_string_message = US"letter or digit expected after ${";
3503 goto EXPAND_FAILED;
3504 }
3505
3506 /* Allow "-" in names to cater for substrings with negative
3507 arguments. Since we are checking for known names after { this is
3508 OK. */
3509
3510 s = read_name(name, sizeof(name), s, US"_-");
3511 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3512
3513 switch(item_type)
3514 {
3515 /* Handle conditionals - preserve the values of the numerical expansion
3516 variables in case they get changed by a regular expression match in the
3517 condition. If not, they retain their external settings. At the end
3518 of this "if" section, they get restored to their previous values. */
3519
3520 case EITEM_IF:
3521 {
3522 BOOL cond = FALSE;
3523 uschar *next_s;
3524 int save_expand_nmax =
3525 save_expand_strings(save_expand_nstring, save_expand_nlength);
3526
3527 while (isspace(*s)) s++;
3528 next_s = eval_condition(s, skipping? NULL : &cond);
3529 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3530
3531 DEBUG(D_expand)
3532 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3533 cond? "true" : "false");
3534
3535 s = next_s;
3536
3537 /* The handling of "yes" and "no" result strings is now in a separate
3538 function that is also used by ${lookup} and ${extract} and ${run}. */
3539
3540 switch(process_yesno(
3541 skipping, /* were previously skipping */
3542 cond, /* success/failure indicator */
3543 lookup_value, /* value to reset for string2 */
3544 &s, /* input pointer */
3545 &yield, /* output pointer */
3546 &size, /* output size */
3547 &ptr, /* output current point */
3548 US"if")) /* condition type */
3549 {
3550 case 1: goto EXPAND_FAILED; /* when all is well, the */
3551 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3552 }
3553
3554 /* Restore external setting of expansion variables for continuation
3555 at this level. */
3556
3557 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3558 save_expand_nlength);
3559 continue;
3560 }
3561
3562 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3563 expanding an internal string that isn't actually going to be used. All we
3564 need to do is check the syntax, so don't do a lookup at all. Preserve the
3565 values of the numerical expansion variables in case they get changed by a
3566 partial lookup. If not, they retain their external settings. At the end
3567 of this "lookup" section, they get restored to their previous values. */
3568
3569 case EITEM_LOOKUP:
3570 {
3571 int stype, partial, affixlen, starflags;
3572 int expand_setup = 0;
3573 int nameptr = 0;
3574 uschar *key, *filename, *affix;
3575 uschar *save_lookup_value = lookup_value;
3576 int save_expand_nmax =
3577 save_expand_strings(save_expand_nstring, save_expand_nlength);
3578
3579 if ((expand_forbid & RDO_LOOKUP) != 0)
3580 {
3581 expand_string_message = US"lookup expansions are not permitted";
3582 goto EXPAND_FAILED;
3583 }
3584
3585 /* Get the key we are to look up for single-key+file style lookups.
3586 Otherwise set the key NULL pro-tem. */
3587
3588 while (isspace(*s)) s++;
3589 if (*s == '{')
3590 {
3591 key = expand_string_internal(s+1, TRUE, &s, skipping);
3592 if (key == NULL) goto EXPAND_FAILED;
3593 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3594 while (isspace(*s)) s++;
3595 }
3596 else key = NULL;
3597
3598 /* Find out the type of database */
3599
3600 if (!isalpha(*s))
3601 {
3602 expand_string_message = US"missing lookup type";
3603 goto EXPAND_FAILED;
3604 }
3605
3606 /* The type is a string that may contain special characters of various
3607 kinds. Allow everything except space or { to appear; the actual content
3608 is checked by search_findtype_partial. */
3609
3610 while (*s != 0 && *s != '{' && !isspace(*s))
3611 {
3612 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3613 s++;
3614 }
3615 name[nameptr] = 0;
3616 while (isspace(*s)) s++;
3617
3618 /* Now check for the individual search type and any partial or default
3619 options. Only those types that are actually in the binary are valid. */
3620
3621 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3622 &starflags);
3623 if (stype < 0)
3624 {
3625 expand_string_message = search_error_message;
3626 goto EXPAND_FAILED;
3627 }
3628
3629 /* Check that a key was provided for those lookup types that need it,
3630 and was not supplied for those that use the query style. */
3631
3632 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
3633 {
3634 if (key == NULL)
3635 {
3636 expand_string_message = string_sprintf("missing {key} for single-"
3637 "key \"%s\" lookup", name);
3638 goto EXPAND_FAILED;
3639 }
3640 }
3641 else
3642 {
3643 if (key != NULL)
3644 {
3645 expand_string_message = string_sprintf("a single key was given for "
3646 "lookup type \"%s\", which is not a single-key lookup type", name);
3647 goto EXPAND_FAILED;
3648 }
3649 }
3650
3651 /* Get the next string in brackets and expand it. It is the file name for
3652 single-key+file lookups, and the whole query otherwise. In the case of
3653 queries that also require a file name (e.g. sqlite), the file name comes
3654 first. */
3655
3656 if (*s != '{') goto EXPAND_FAILED_CURLY;
3657 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3658 if (filename == NULL) goto EXPAND_FAILED;
3659 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3660 while (isspace(*s)) s++;
3661
3662 /* If this isn't a single-key+file lookup, re-arrange the variables
3663 to be appropriate for the search_ functions. For query-style lookups,
3664 there is just a "key", and no file name. For the special query-style +
3665 file types, the query (i.e. "key") starts with a file name. */
3666
3667 if (key == NULL)
3668 {
3669 while (isspace(*filename)) filename++;
3670 key = filename;
3671
3672 if (mac_islookup(stype, lookup_querystyle))
3673 {
3674 filename = NULL;
3675 }
3676 else
3677 {
3678 if (*filename != '/')
3679 {
3680 expand_string_message = string_sprintf(
3681 "absolute file name expected for \"%s\" lookup", name);
3682 goto EXPAND_FAILED;
3683 }
3684 while (*key != 0 && !isspace(*key)) key++;
3685 if (*key != 0) *key++ = 0;
3686 }
3687 }
3688
3689 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3690 the entry was not found. Note that there is no search_close() function.
3691 Files are left open in case of re-use. At suitable places in higher logic,
3692 search_tidyup() is called to tidy all open files. This can save opening
3693 the same file several times. However, files may also get closed when
3694 others are opened, if too many are open at once. The rule is that a
3695 handle should not be used after a second search_open().
3696
3697 Request that a partial search sets up $1 and maybe $2 by passing
3698 expand_setup containing zero. If its value changes, reset expand_nmax,
3699 since new variables will have been set. Note that at the end of this
3700 "lookup" section, the old numeric variables are restored. */
3701
3702 if (skipping)
3703 lookup_value = NULL;
3704 else
3705 {
3706 void *handle = search_open(filename, stype, 0, NULL, NULL);
3707 if (handle == NULL)
3708 {
3709 expand_string_message = search_error_message;
3710 goto EXPAND_FAILED;
3711 }
3712 lookup_value = search_find(handle, filename, key, partial, affix,
3713 affixlen, starflags, &expand_setup);
3714 if (search_find_defer)
3715 {
3716 expand_string_message =
3717 string_sprintf("lookup of \"%s\" gave DEFER: %s",
3718 string_printing2(key, FALSE), search_error_message);
3719 goto EXPAND_FAILED;
3720 }
3721 if (expand_setup > 0) expand_nmax = expand_setup;
3722 }
3723
3724 /* The handling of "yes" and "no" result strings is now in a separate
3725 function that is also used by ${if} and ${extract}. */
3726
3727 switch(process_yesno(
3728 skipping, /* were previously skipping */
3729 lookup_value != NULL, /* success/failure indicator */
3730 save_lookup_value, /* value to reset for string2 */
3731 &s, /* input pointer */
3732 &yield, /* output pointer */
3733 &size, /* output size */
3734 &ptr, /* output current point */
3735 US"lookup")) /* condition type */
3736 {
3737 case 1: goto EXPAND_FAILED; /* when all is well, the */
3738 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3739 }
3740
3741 /* Restore external setting of expansion variables for carrying on
3742 at this level, and continue. */
3743
3744 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3745 save_expand_nlength);
3746 continue;
3747 }
3748
3749 /* If Perl support is configured, handle calling embedded perl subroutines,
3750 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3751 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3752 arguments (defined below). */
3753
3754 #define EXIM_PERL_MAX_ARGS 8
3755
3756 case EITEM_PERL:
3757 #ifndef EXIM_PERL
3758 expand_string_message = US"\"${perl\" encountered, but this facility "
3759 "is not included in this binary";
3760 goto EXPAND_FAILED;
3761
3762 #else /* EXIM_PERL */
3763 {
3764 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3765 uschar *new_yield;
3766
3767 if ((expand_forbid & RDO_PERL) != 0)
3768 {
3769 expand_string_message = US"Perl calls are not permitted";
3770 goto EXPAND_FAILED;
3771 }
3772
3773 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3774 US"perl"))
3775 {
3776 case 1: goto EXPAND_FAILED_CURLY;
3777 case 2:
3778 case 3: goto EXPAND_FAILED;
3779 }
3780
3781 /* If skipping, we don't actually do anything */
3782
3783 if (skipping) continue;
3784
3785 /* Start the interpreter if necessary */
3786
3787 if (!opt_perl_started)
3788 {
3789 uschar *initerror;
3790 if (opt_perl_startup == NULL)
3791 {
3792 expand_string_message = US"A setting of perl_startup is needed when "
3793 "using the Perl interpreter";
3794 goto EXPAND_FAILED;
3795 }
3796 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3797 initerror = init_perl(opt_perl_startup);
3798 if (initerror != NULL)
3799 {
3800 expand_string_message =
3801 string_sprintf("error in perl_startup code: %s\n", initerror);
3802 goto EXPAND_FAILED;
3803 }
3804 opt_perl_started = TRUE;
3805 }
3806
3807 /* Call the function */
3808
3809 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3810 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3811 sub_arg[0], sub_arg + 1);
3812
3813 /* NULL yield indicates failure; if the message pointer has been set to
3814 NULL, the yield was undef, indicating a forced failure. Otherwise the
3815 message will indicate some kind of Perl error. */
3816
3817 if (new_yield == NULL)
3818 {
3819 if (expand_string_message == NULL)
3820 {
3821 expand_string_message =
3822 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3823 "failure", sub_arg[0]);
3824 expand_string_forcedfail = TRUE;
3825 }
3826 goto EXPAND_FAILED;
3827 }
3828
3829 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3830 set during a callback from Perl. */
3831
3832 expand_string_forcedfail = FALSE;
3833 yield = new_yield;
3834 continue;
3835 }
3836 #endif /* EXIM_PERL */
3837
3838 /* Transform email address to "prvs" scheme to use
3839 as BATV-signed return path */
3840
3841 case EITEM_PRVS:
3842 {
3843 uschar *sub_arg[3];
3844 uschar *p,*domain;
3845
3846 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3847 {
3848 case 1: goto EXPAND_FAILED_CURLY;
3849 case 2:
3850 case 3: goto EXPAND_FAILED;
3851 }
3852
3853 /* If skipping, we don't actually do anything */
3854 if (skipping) continue;
3855
3856 /* sub_arg[0] is the address */
3857 domain = Ustrrchr(sub_arg[0],'@');
3858 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3859 {
3860 expand_string_message = US"prvs first argument must be a qualified email address";
3861 goto EXPAND_FAILED;
3862 }
3863
3864 /* Calculate the hash. The second argument must be a single-digit
3865 key number, or unset. */
3866
3867 if (sub_arg[2] != NULL &&
3868 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
3869 {
3870 expand_string_message = US"prvs second argument must be a single digit";
3871 goto EXPAND_FAILED;
3872 }
3873
3874 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3875 if (p == NULL)
3876 {
3877 expand_string_message = US"prvs hmac-sha1 conversion failed";
3878 goto EXPAND_FAILED;
3879 }
3880
3881 /* Now separate the domain from the local part */
3882 *domain++ = '\0';
3883
3884 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3885 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3886 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3887 string_cat(yield,&size,&ptr,p,6);
3888 string_cat(yield,&size,&ptr,US"=",1);
3889 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3890 string_cat(yield,&size,&ptr,US"@",1);
3891 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3892
3893 continue;
3894 }
3895
3896 /* Check a prvs-encoded address for validity */
3897
3898 case EITEM_PRVSCHECK:
3899 {
3900 uschar *sub_arg[3];
3901 int mysize = 0, myptr = 0;
3902 const pcre *re;
3903 uschar *p;
3904
3905 /* TF: Ugliness: We want to expand parameter 1 first, then set
3906 up expansion variables that are used in the expansion of
3907 parameter 2. So we clone the string for the first
3908 expansion, where we only expand parameter 1.
3909
3910 PH: Actually, that isn't necessary. The read_subs() function is
3911 designed to work this way for the ${if and ${lookup expansions. I've
3912 tidied the code.
3913 */
3914
3915 /* Reset expansion variables */
3916 prvscheck_result = NULL;
3917 prvscheck_address = NULL;
3918 prvscheck_keynum = NULL;
3919
3920 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
3921 {
3922 case 1: goto EXPAND_FAILED_CURLY;
3923 case 2:
3924 case 3: goto EXPAND_FAILED;
3925 }
3926
3927 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
3928 TRUE,FALSE);
3929
3930 if (regex_match_and_setup(re,sub_arg[0],0,-1))
3931 {
3932 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
3933 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
3934 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
3935 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
3936 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3937
3938 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3939 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3940 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3941 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3942 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3943
3944 /* Set up expansion variables */
3945 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
3946 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
3947 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3948 prvscheck_address[myptr] = '\0';
3949 prvscheck_keynum = string_copy(key_num);
3950
3951 /* Now expand the second argument */
3952 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
3953 {
3954 case 1: goto EXPAND_FAILED_CURLY;
3955 case 2:
3956 case 3: goto EXPAND_FAILED;
3957 }
3958
3959 /* Now we have the key and can check the address. */
3960
3961 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
3962 daystamp);
3963
3964 if (p == NULL)
3965 {
3966 expand_string_message = US"hmac-sha1 conversion failed";
3967 goto EXPAND_FAILED;
3968 }
3969
3970 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
3971 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
3972
3973 if (Ustrcmp(p,hash) == 0)
3974 {
3975 /* Success, valid BATV address. Now check the expiry date. */
3976 uschar *now = prvs_daystamp(0);
3977 unsigned int inow = 0,iexpire = 1;
3978
3979 (void)sscanf(CS now,"%u",&inow);
3980 (void)sscanf(CS daystamp,"%u",&iexpire);
3981
3982 /* When "iexpire" is < 7, a "flip" has occured.
3983 Adjust "inow" accordingly. */
3984 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
3985
3986 if (iexpire >= inow)
3987 {
3988 prvscheck_result = US"1";
3989 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
3990 }
3991 else
3992 {
3993 prvscheck_result = NULL;
3994 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
3995 }
3996 }
3997 else
3998 {
3999 prvscheck_result = NULL;
4000 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
4001 }
4002
4003 /* Now expand the final argument. We leave this till now so that
4004 it can include $prvscheck_result. */
4005
4006 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
4007 {
4008 case 1: goto EXPAND_FAILED_CURLY;
4009 case 2:
4010 case 3: goto EXPAND_FAILED;
4011 }
4012
4013 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
4014 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
4015 else
4016 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
4017
4018 /* Reset the "internal" variables afterwards, because they are in
4019 dynamic store that will be reclaimed if the expansion succeeded. */
4020
4021 prvscheck_address = NULL;
4022 prvscheck_keynum = NULL;
4023 }
4024 else
4025 {
4026 /* Does not look like a prvs encoded address, return the empty string.
4027 We need to make sure all subs are expanded first, so as to skip over
4028 the entire item. */
4029
4030 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
4031 {
4032 case 1: goto EXPAND_FAILED_CURLY;
4033 case 2:
4034 case 3: goto EXPAND_FAILED;
4035 }
4036 }
4037
4038 continue;
4039 }
4040
4041 /* Handle "readfile" to insert an entire file */
4042
4043 case EITEM_READFILE:
4044 {
4045 FILE *f;
4046 uschar *sub_arg[2];
4047
4048 if ((expand_forbid & RDO_READFILE) != 0)
4049 {
4050 expand_string_message = US"file insertions are not permitted";
4051 goto EXPAND_FAILED;
4052 }
4053
4054 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
4055 {
4056 case 1: goto EXPAND_FAILED_CURLY;
4057 case 2:
4058 case 3: goto EXPAND_FAILED;
4059 }
4060
4061 /* If skipping, we don't actually do anything */
4062
4063 if (skipping) continue;
4064
4065 /* Open the file and read it */
4066
4067 f = Ufopen(sub_arg[0], "rb");
4068 if (f == NULL)
4069 {
4070 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
4071 goto EXPAND_FAILED;
4072 }
4073
4074 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
4075 (void)fclose(f);
4076 continue;
4077 }
4078
4079 /* Handle "readsocket" to insert data from a Unix domain socket */
4080
4081 case EITEM_READSOCK:
4082 {
4083 int fd;
4084 int timeout = 5;
4085 int save_ptr = ptr;
4086 FILE *f;
4087 struct sockaddr_un sockun; /* don't call this "sun" ! */
4088 uschar *arg;
4089 uschar *sub_arg[4];
4090
4091 if ((expand_forbid & RDO_READSOCK) != 0)
4092 {
4093 expand_string_message = US"socket insertions are not permitted";
4094 goto EXPAND_FAILED;
4095 }
4096
4097 /* Read up to 4 arguments, but don't do the end of item check afterwards,
4098 because there may be a string for expansion on failure. */
4099
4100 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
4101 {
4102 case 1: goto EXPAND_FAILED_CURLY;
4103 case 2: /* Won't occur: no end check */
4104 case 3: goto EXPAND_FAILED;
4105 }
4106
4107 /* Sort out timeout, if given */
4108
4109 if (sub_arg[2] != NULL)
4110 {
4111 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
4112 if (timeout < 0)
4113 {
4114 expand_string_message = string_sprintf("bad time value %s",
4115 sub_arg[2]);
4116 goto EXPAND_FAILED;
4117 }
4118 }
4119 else sub_arg[3] = NULL; /* No eol if no timeout */
4120
4121 /* If skipping, we don't actually do anything. Otherwise, arrange to
4122 connect to either an IP or a Unix socket. */
4123
4124 if (!skipping)
4125 {
4126 /* Handle an IP (internet) domain */
4127
4128 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
4129 {
4130 BOOL connected = FALSE;
4131 int namelen, port;
4132 host_item shost;
4133 host_item *h;
4134 uschar *server_name = sub_arg[0] + 5;
4135 uschar *port_name = Ustrrchr(server_name, ':');
4136
4137 /* Sort out the port */
4138
4139 if (port_name == NULL)
4140 {
4141 expand_string_message =
4142 string_sprintf("missing port for readsocket %s", sub_arg[0]);
4143 goto EXPAND_FAILED;
4144 }
4145 *port_name++ = 0; /* Terminate server name */
4146
4147 if (isdigit(*port_name))
4148 {
4149 uschar *end;
4150 port = Ustrtol(port_name, &end, 0);
4151 if (end != port_name + Ustrlen(port_name))
4152 {
4153 expand_string_message =
4154 string_sprintf("invalid port number %s", port_name);
4155 goto EXPAND_FAILED;
4156 }
4157 }
4158 else
4159 {
4160 struct servent *service_info = getservbyname(CS port_name, "tcp");
4161 if (service_info == NULL)
4162 {
4163 expand_string_message = string_sprintf("unknown port \"%s\"",
4164 port_name);
4165 goto EXPAND_FAILED;
4166 }
4167 port = ntohs(service_info->s_port);
4168 }
4169
4170 /* Sort out the server. */
4171
4172 shost.next = NULL;
4173 shost.address = NULL;
4174 shost.port = port;
4175 shost.mx = -1;
4176
4177 namelen = Ustrlen(server_name);
4178
4179 /* Anything enclosed in [] must be an IP address. */
4180
4181 if (server_name[0] == '[' &&
4182 server_name[namelen - 1] == ']')
4183 {
4184 server_name[namelen - 1] = 0;
4185 server_name++;
4186 if (string_is_ip_address(server_name, NULL) == 0)
4187 {
4188 expand_string_message =
4189 string_sprintf("malformed IP address \"%s\"", server_name);
4190 goto EXPAND_FAILED;
4191 }
4192 shost.name = shost.address = server_name;
4193 }
4194
4195 /* Otherwise check for an unadorned IP address */
4196
4197 else if (string_is_ip_address(server_name, NULL) != 0)
4198 shost.name = shost.address = server_name;
4199
4200 /* Otherwise lookup IP address(es) from the name */
4201
4202 else
4203 {
4204 shost.name = server_name;
4205 if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
4206 FALSE) != HOST_FOUND)
4207 {
4208 expand_string_message =
4209 string_sprintf("no IP address found for host %s", shost.name);
4210 goto EXPAND_FAILED;
4211 }
4212 }
4213
4214 /* Try to connect to the server - test each IP till one works */
4215
4216 for (h = &shost; h != NULL; h = h->next)
4217 {
4218 int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
4219 if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
4220 {
4221 expand_string_message = string_sprintf("failed to create socket: "
4222 "%s", strerror(errno));
4223 goto SOCK_FAIL;
4224 }
4225
4226 if (ip_connect(fd, af, h->address, port, timeout) == 0)
4227 {
4228 connected = TRUE;
4229 break;
4230 }
4231 }
4232
4233 if (!connected)
4234 {
4235 expand_string_message = string_sprintf("failed to connect to "
4236 "socket %s: couldn't connect to any host", sub_arg[0],
4237 strerror(errno));
4238 goto SOCK_FAIL;
4239 }
4240 }
4241
4242 /* Handle a Unix domain socket */
4243
4244 else
4245 {
4246 int rc;
4247 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4248 {
4249 expand_string_message = string_sprintf("failed to create socket: %s",
4250 strerror(errno));
4251 goto SOCK_FAIL;
4252 }
4253
4254 sockun.sun_family = AF_UNIX;
4255 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4256 sub_arg[0]);
4257
4258 sigalrm_seen = FALSE;
4259 alarm(timeout);
4260 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4261 alarm(0);
4262 if (sigalrm_seen)
4263 {
4264 expand_string_message = US "socket connect timed out";
4265 goto SOCK_FAIL;
4266 }
4267 if (rc < 0)
4268 {
4269 expand_string_message = string_sprintf("failed to connect to socket "
4270 "%s: %s", sub_arg[0], strerror(errno));
4271 goto SOCK_FAIL;
4272 }
4273 }
4274
4275 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4276
4277 /* Write the request string, if not empty */
4278
4279 if (sub_arg[1][0] != 0)
4280 {
4281 int len = Ustrlen(sub_arg[1]);
4282 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4283 sub_arg[1]);
4284 if (write(fd, sub_arg[1], len) != len)
4285 {
4286 expand_string_message = string_sprintf("request write to socket "
4287 "failed: %s", strerror(errno));
4288 goto SOCK_FAIL;
4289 }
4290 }
4291
4292 /* Shut down the sending side of the socket. This helps some servers to
4293 recognise that it is their turn to do some work. Just in case some
4294 system doesn't have this function, make it conditional. */
4295
4296 #ifdef SHUT_WR
4297 shutdown(fd, SHUT_WR);
4298 #endif
4299
4300 /* Now we need to read from the socket, under a timeout. The function
4301 that reads a file can be used. */
4302
4303 f = fdopen(fd, "rb");
4304 sigalrm_seen = FALSE;
4305 alarm(timeout);
4306 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4307 alarm(0);
4308 (void)fclose(f);
4309
4310 /* After a timeout, we restore the pointer in the result, that is,
4311 make sure we add nothing from the socket. */
4312
4313 if (sigalrm_seen)
4314 {
4315 ptr = save_ptr;
4316 expand_string_message = US "socket read timed out";
4317 goto SOCK_FAIL;
4318 }
4319 }
4320
4321 /* The whole thing has worked (or we were skipping). If there is a
4322 failure string following, we need to skip it. */
4323
4324 if (*s == '{')
4325 {
4326 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
4327 goto EXPAND_FAILED;
4328 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4329 while (isspace(*s)) s++;
4330 }
4331 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4332 continue;
4333
4334 /* Come here on failure to create socket, connect socket, write to the
4335 socket, or timeout on reading. If another substring follows, expand and
4336 use it. Otherwise, those conditions give expand errors. */
4337
4338 SOCK_FAIL:
4339 if (*s != '{') goto EXPAND_FAILED;
4340 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
4341 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
4342 if (arg == NULL) goto EXPAND_FAILED;
4343 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4344 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4345 while (isspace(*s)) s++;
4346 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4347 continue;
4348 }
4349
4350 /* Handle "run" to execute a program. */
4351
4352 case EITEM_RUN:
4353 {
4354 FILE *f;
4355 uschar *arg;
4356 uschar **argv;
4357 pid_t pid;
4358 int fd_in, fd_out;
4359 int lsize = 0;
4360 int lptr = 0;
4361
4362 if ((expand_forbid & RDO_RUN) != 0)
4363 {
4364 expand_string_message = US"running a command is not permitted";
4365 goto EXPAND_FAILED;
4366 }
4367
4368 while (isspace(*s)) s++;
4369 if (*s != '{') goto EXPAND_FAILED_CURLY;
4370 arg = expand_string_internal(s+1, TRUE, &s, skipping);
4371 if (arg == NULL) goto EXPAND_FAILED;
4372 while (isspace(*s)) s++;
4373 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4374
4375 if (skipping) /* Just pretend it worked when we're skipping */
4376 {
4377 runrc = 0;
4378 }
4379 else
4380 {
4381 if (!transport_set_up_command(&argv, /* anchor for arg list */
4382 arg, /* raw command */
4383 FALSE, /* don't expand the arguments */
4384 0, /* not relevant when... */
4385 NULL, /* no transporting address */
4386 US"${run} expansion", /* for error messages */
4387 &expand_string_message)) /* where to put error message */
4388 {
4389 goto EXPAND_FAILED;
4390 }
4391
4392 /* Create the child process, making it a group leader. */
4393
4394 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
4395
4396 if (pid < 0)
4397 {
4398 expand_string_message =
4399 string_sprintf("couldn't create child process: %s", strerror(errno));
4400 goto EXPAND_FAILED;
4401 }
4402
4403 /* Nothing is written to the standard input. */
4404
4405 (void)close(fd_in);
4406
4407 /* Wait for the process to finish, applying the timeout, and inspect its
4408 return code for serious disasters. Simple non-zero returns are passed on.
4409 */
4410
4411 if ((runrc = child_close(pid, 60)) < 0)
4412 {
4413 if (runrc == -256)
4414 {
4415 expand_string_message = string_sprintf("command timed out");
4416 killpg(pid, SIGKILL); /* Kill the whole process group */
4417 }
4418
4419 else if (runrc == -257)
4420 expand_string_message = string_sprintf("wait() failed: %s",
4421 strerror(errno));
4422
4423 else
4424 expand_string_message = string_sprintf("command killed by signal %d",
4425 -runrc);
4426
4427 goto EXPAND_FAILED;
4428 }
4429
4430 /* Read the pipe to get the command's output into $value (which is kept
4431 in lookup_value). */
4432
4433 f = fdopen(fd_out, "rb");
4434 lookup_value = NULL;
4435 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4436 (void)fclose(f);
4437 }
4438
4439 /* Process the yes/no strings; $value may be useful in both cases */
4440
4441 switch(process_yesno(
4442 skipping, /* were previously skipping */
4443 runrc == 0, /* success/failure indicator */
4444 lookup_value, /* value to reset for string2 */
4445 &s, /* input pointer */
4446 &yield, /* output pointer */
4447 &size, /* output size */
4448 &ptr, /* output current point */
4449 US"run")) /* condition type */
4450 {
4451 case 1: goto EXPAND_FAILED; /* when all is well, the */
4452 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4453 }
4454
4455 continue;
4456 }
4457
4458 /* Handle character translation for "tr" */
4459
4460 case EITEM_TR:
4461 {
4462 int oldptr = ptr;
4463 int o2m;
4464 uschar *sub[3];
4465
4466 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
4467 {
4468 case 1: goto EXPAND_FAILED_CURLY;
4469 case 2:
4470 case 3: goto EXPAND_FAILED;
4471 }
4472
4473 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4474 o2m = Ustrlen(sub[2]) - 1;
4475
4476 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4477 {
4478 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4479 if (m != NULL)
4480 {
4481 int o = m - sub[1];
4482 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4483 }
4484 }
4485
4486 continue;
4487 }
4488
4489 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4490 expanded arguments. */
4491
4492 case EITEM_HASH:
4493 case EITEM_LENGTH:
4494 case EITEM_NHASH:
4495 case EITEM_SUBSTR:
4496 {
4497 int i;
4498 int len;
4499 uschar *ret;
4500 int val[2] = { 0, -1 };
4501 uschar *sub[3];
4502
4503 /* "length" takes only 2 arguments whereas the others take 2 or 3.
4504 Ensure that sub[2] is set in the ${length case. */
4505
4506 sub[2] = NULL;
4507 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
4508 TRUE, name))
4509 {
4510 case 1: goto EXPAND_FAILED_CURLY;
4511 case 2:
4512 case 3: goto EXPAND_FAILED;
4513 }
4514
4515 /* Juggle the arguments if there are only two of them: always move the
4516 string to the last position and make ${length{n}{str}} equivalent to
4517 ${substr{0}{n}{str}}. See the defaults for val[] above. */
4518
4519 if (sub[2] == NULL)
4520 {
4521 sub[2] = sub[1];
4522 sub[1] = NULL;
4523 if (item_type == EITEM_LENGTH)
4524 {
4525 sub[1] = sub[0];
4526 sub[0] = NULL;
4527 }
4528 }
4529
4530 for (i = 0; i < 2; i++)
4531 {
4532 if (sub[i] == NULL) continue;
4533 val[i] = (int)Ustrtol(sub[i], &ret, 10);
4534 if (*ret != 0 || (i != 0 && val[i] < 0))
4535 {
4536 expand_string_message = string_sprintf("\"%s\" is not a%s number "
4537 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
4538 goto EXPAND_FAILED;
4539 }
4540 }
4541
4542 ret =
4543 (item_type == EITEM_HASH)?
4544 compute_hash(sub[2], val[0], val[1], &len) :
4545 (item_type == EITEM_NHASH)?
4546 compute_nhash(sub[2], val[0], val[1], &len) :
4547 extract_substr(sub[2], val[0], val[1], &len);
4548
4549 if (ret == NULL) goto EXPAND_FAILED;
4550 yield = string_cat(yield, &size, &ptr, ret, len);
4551 continue;
4552 }
4553
4554 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
4555 This code originally contributed by Steve Haslam. It currently supports
4556 the use of MD5 and SHA-1 hashes.
4557
4558 We need some workspace that is large enough to handle all the supported
4559 hash types. Use macros to set the sizes rather than be too elaborate. */
4560
4561 #define MAX_HASHLEN 20
4562 #define MAX_HASHBLOCKLEN 64
4563
4564 case EITEM_HMAC:
4565 {
4566 uschar *sub[3];
4567 md5 md5_base;
4568 sha1 sha1_base;
4569 void *use_base;
4570 int type, i;
4571 int hashlen; /* Number of octets for the hash algorithm's output */
4572 int hashblocklen; /* Number of octets the hash algorithm processes */
4573 uschar *keyptr, *p;
4574 unsigned int keylen;
4575
4576 uschar keyhash[MAX_HASHLEN];
4577 uschar innerhash[MAX_HASHLEN];
4578 uschar finalhash[MAX_HASHLEN];
4579 uschar finalhash_hex[2*MAX_HASHLEN];
4580 uschar innerkey[MAX_HASHBLOCKLEN];
4581 uschar outerkey[MAX_HASHBLOCKLEN];
4582
4583 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
4584 {
4585 case 1: goto EXPAND_FAILED_CURLY;
4586 case 2:
4587 case 3: goto EXPAND_FAILED;
4588 }
4589
4590 if (Ustrcmp(sub[0], "md5") == 0)
4591 {
4592 type = HMAC_MD5;
4593 use_base = &md5_base;
4594 hashlen = 16;
4595 hashblocklen = 64;
4596 }
4597 else if (Ustrcmp(sub[0], "sha1") == 0)
4598 {
4599 type = HMAC_SHA1;
4600 use_base = &sha1_base;
4601 hashlen = 20;
4602 hashblocklen = 64;
4603 }
4604 else
4605 {
4606 expand_string_message =
4607 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
4608 goto EXPAND_FAILED;
4609 }
4610
4611 keyptr = sub[1];
4612 keylen = Ustrlen(keyptr);
4613
4614 /* If the key is longer than the hash block length, then hash the key
4615 first */
4616
4617 if (keylen > hashblocklen)
4618 {
4619 chash_start(type, use_base);
4620 chash_end(type, use_base, keyptr, keylen, keyhash);
4621 keyptr = keyhash;
4622 keylen = hashlen;
4623 }
4624
4625 /* Now make the inner and outer key values */
4626
4627 memset(innerkey, 0x36, hashblocklen);
4628 memset(outerkey, 0x5c, hashblocklen);
4629
4630 for (i = 0; i < keylen; i++)
4631 {
4632 innerkey[i] ^= keyptr[i];
4633 outerkey[i] ^= keyptr[i];
4634 }
4635
4636 /* Now do the hashes */
4637
4638 chash_start(type, use_base);
4639 chash_mid(type, use_base, innerkey);
4640 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
4641
4642 chash_start(type, use_base);
4643 chash_mid(type, use_base, outerkey);
4644 chash_end(type, use_base, innerhash, hashlen, finalhash);
4645
4646 /* Encode the final hash as a hex string */
4647
4648 p = finalhash_hex;
4649 for (i = 0; i < hashlen; i++)
4650 {
4651 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
4652 *p++ = hex_digits[finalhash[i] & 0x0f];
4653 }
4654
4655 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
4656 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
4657
4658 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
4659 }
4660
4661 continue;
4662
4663 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
4664 We have to save the numerical variables and restore them afterwards. */
4665
4666 case EITEM_SG:
4667 {
4668 const pcre *re;
4669 int moffset, moffsetextra, slen;
4670 int roffset;
4671 int emptyopt;
4672 const uschar *rerror;
4673 uschar *subject;
4674 uschar *sub[3];
4675 int save_expand_nmax =
4676 save_expand_strings(save_expand_nstring, save_expand_nlength);
4677
4678 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
4679 {
4680 case 1: goto EXPAND_FAILED_CURLY;
4681 case 2:
4682 case 3: goto EXPAND_FAILED;
4683 }
4684
4685 /* Compile the regular expression */
4686
4687 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
4688 NULL);
4689
4690 if (re == NULL)
4691 {
4692 expand_string_message = string_sprintf("regular expression error in "
4693 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
4694 goto EXPAND_FAILED;
4695 }
4696
4697 /* Now run a loop to do the substitutions as often as necessary. It ends
4698 when there are no more matches. Take care over matches of the null string;
4699 do the same thing as Perl does. */
4700
4701 subject = sub[0];
4702 slen = Ustrlen(sub[0]);
4703 moffset = moffsetextra = 0;
4704 emptyopt = 0;
4705
4706 for (;;)
4707 {
4708 int ovector[3*(EXPAND_MAXN+1)];
4709 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
4710 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
4711 int nn;
4712 uschar *insert;
4713
4714 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
4715 is not necessarily the end. We want to repeat the match from one
4716 character further along, but leaving the basic offset the same (for
4717 copying below). We can't be at the end of the string - that was checked
4718 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
4719 finished; copy the remaining string and end the loop. */
4720
4721 if (n < 0)
4722 {
4723 if (emptyopt != 0)
4724 {
4725 moffsetextra = 1;
4726 emptyopt = 0;
4727 continue;
4728 }
4729 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
4730 break;
4731 }
4732
4733 /* Match - set up for expanding the replacement. */
4734
4735 if (n == 0) n = EXPAND_MAXN + 1;
4736 expand_nmax = 0;
4737 for (nn = 0; nn < n*2; nn += 2)
4738 {
4739 expand_nstring[expand_nmax] = subject + ovector[nn];
4740 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4741 }
4742 expand_nmax--;
4743
4744 /* Copy the characters before the match, plus the expanded insertion. */
4745
4746 yield = string_cat(yield, &size, &ptr, subject + moffset,
4747 ovector[0] - moffset);
4748 insert = expand_string(sub[2]);
4749 if (insert == NULL) goto EXPAND_FAILED;
4750 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
4751
4752 moffset = ovector[1];
4753 moffsetextra = 0;
4754 emptyopt = 0;
4755
4756 /* If we have matched an empty string, first check to see if we are at
4757 the end of the subject. If so, the loop is over. Otherwise, mimic
4758 what Perl's /g options does. This turns out to be rather cunning. First
4759 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
4760 string at the same point. If this fails (picked up above) we advance to
4761 the next character. */
4762
4763 if (ovector[0] == ovector[1])
4764 {
4765 if (ovector[0] == slen) break;
4766 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
4767 }
4768 }
4769
4770 /* All done - restore numerical variables. */
4771
4772 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4773 save_expand_nlength);
4774 continue;
4775 }
4776
4777 /* Handle keyed and numbered substring extraction. If the first argument
4778 consists entirely of digits, then a numerical extraction is assumed. */
4779
4780 case EITEM_EXTRACT:
4781 {
4782 int i;
4783 int j = 2;
4784 int field_number = 1;
4785 BOOL field_number_set = FALSE;
4786 uschar *save_lookup_value = lookup_value;
4787 uschar *sub[3];
4788 int save_expand_nmax =
4789 save_expand_strings(save_expand_nstring, save_expand_nlength);
4790
4791 /* Read the arguments */
4792
4793 for (i = 0; i < j; i++)
4794 {
4795 while (isspace(*s)) s++;
4796 if (*s == '{')
4797 {
4798 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
4799 if (sub[i] == NULL) goto EXPAND_FAILED;
4800 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4801
4802 /* After removal of leading and trailing white space, the first
4803 argument must not be empty; if it consists entirely of digits
4804 (optionally preceded by a minus sign), this is a numerical
4805 extraction, and we expect 3 arguments. */
4806
4807 if (i == 0)
4808 {
4809 int len;
4810 int x = 0;
4811 uschar *p = sub[0];
4812
4813 while (isspace(*p)) p++;
4814 sub[0] = p;
4815
4816 len = Ustrlen(p);
4817 while (len > 0 && isspace(p[len-1])) len--;
4818 p[len] = 0;
4819
4820 if (*p == 0 && !skipping)
4821 {
4822 expand_string_message = US"first argument of \"extract\" must "
4823 "not be empty";
4824 goto EXPAND_FAILED;
4825 }
4826
4827 if (*p == '-')
4828 {
4829 field_number = -1;
4830 p++;
4831 }
4832 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
4833 if (*p == 0)
4834 {
4835 field_number *= x;
4836 j = 3; /* Need 3 args */
4837 field_number_set = TRUE;
4838 }
4839 }
4840 }
4841 else goto EXPAND_FAILED_CURLY;
4842 }
4843
4844 /* Extract either the numbered or the keyed substring into $value. If
4845 skipping, just pretend the extraction failed. */
4846
4847 lookup_value = skipping? NULL : field_number_set?
4848 expand_gettokened(field_number, sub[1], sub[2]) :
4849 expand_getkeyed(sub[0], sub[1]);
4850
4851 /* If no string follows, $value gets substituted; otherwise there can
4852 be yes/no strings, as for lookup or if. */
4853
4854 switch(process_yesno(
4855 skipping, /* were previously skipping */
4856 lookup_value != NULL, /* success/failure indicator */
4857 save_lookup_value, /* value to reset for string2 */
4858 &s, /* input pointer */
4859 &yield, /* output pointer */
4860 &size, /* output size */
4861 &ptr, /* output current point */
4862 US"extract")) /* condition type */
4863 {
4864 case 1: goto EXPAND_FAILED; /* when all is well, the */
4865 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4866 }
4867
4868 /* All done - restore numerical variables. */
4869
4870 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4871 save_expand_nlength);
4872
4873 continue;
4874 }
4875
4876
4877 /* Handle list operations */
4878
4879 case EITEM_FILTER:
4880 case EITEM_MAP:
4881 case EITEM_REDUCE:
4882 {
4883 int sep = 0;
4884 int save_ptr = ptr;
4885 uschar outsep[2] = { '\0', '\0' };
4886 uschar *list, *expr, *temp;
4887 uschar *save_iterate_item = iterate_item;
4888 uschar *save_lookup_value = lookup_value;
4889
4890 while (isspace(*s)) s++;
4891 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
4892
4893 list = expand_string_internal(s, TRUE, &s, skipping);
4894 if (list == NULL) goto EXPAND_FAILED;
4895 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4896
4897 if (item_type == EITEM_REDUCE)
4898 {
4899 while (isspace(*s)) s++;
4900 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
4901 temp = expand_string_internal(s, TRUE, &s, skipping);
4902 if (temp == NULL) goto EXPAND_FAILED;
4903 lookup_value = temp;
4904 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4905 }
4906
4907 while (isspace(*s)) s++;
4908 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
4909
4910 expr = s;
4911
4912 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
4913 if scanning a "false" part). This allows us to find the end of the
4914 condition, because if the list is empty, we won't actually evaluate the
4915 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
4916 the normal internal expansion function. */
4917
4918 if (item_type == EITEM_FILTER)
4919 {
4920 temp = eval_condition(expr, NULL);
4921 if (temp != NULL) s = temp;
4922 }
4923 else
4924 {
4925 temp = expand_string_internal(s, TRUE, &s, TRUE);
4926 }
4927
4928 if (temp == NULL)
4929 {
4930 expand_string_message = string_sprintf("%s inside \"%s\" item",
4931 expand_string_message, name);
4932 goto EXPAND_FAILED;
4933 }
4934
4935 while (isspace(*s)) s++;
4936 if (*s++ != '}')
4937 {
4938 expand_string_message = string_sprintf("missing } at end of condition "
4939 "or expression inside \"%s\"", name);
4940 goto EXPAND_FAILED;
4941 }
4942
4943 while (isspace(*s)) s++;
4944 if (*s++ != '}')
4945 {
4946 expand_string_message = string_sprintf("missing } at end of \"%s\"",
4947 name);
4948 goto EXPAND_FAILED;
4949 }
4950
4951 /* If we are skipping, we can now just move on to the next item. When
4952 processing for real, we perform the iteration. */
4953
4954 if (skipping) continue;
4955 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
4956 {
4957 *outsep = (uschar)sep; /* Separator as a string */
4958
4959 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
4960
4961 if (item_type == EITEM_FILTER)
4962 {
4963 BOOL condresult;
4964 if (eval_condition(expr, &condresult) == NULL)
4965 {
4966 iterate_item = save_iterate_item;
4967 lookup_value = save_lookup_value;
4968 expand_string_message = string_sprintf("%s inside \"%s\" condition",
4969 expand_string_message, name);
4970 goto EXPAND_FAILED;
4971 }
4972 DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
4973 condresult? "true":"false");
4974 if (condresult)
4975 temp = iterate_item; /* TRUE => include this item */
4976 else
4977 continue; /* FALSE => skip this item */
4978 }
4979
4980 /* EITEM_MAP and EITEM_REDUCE */
4981
4982 else
4983 {
4984 temp = expand_string_internal(expr, TRUE, NULL, skipping);
4985 if (temp == NULL)
4986 {
4987 iterate_item = save_iterate_item;
4988 expand_string_message = string_sprintf("%s inside \"%s\" item",
4989 expand_string_message, name);
4990 goto EXPAND_FAILED;
4991 }
4992 if (item_type == EITEM_REDUCE)
4993 {
4994 lookup_value = temp; /* Update the value of $value */
4995 continue; /* and continue the iteration */
4996 }
4997 }
4998
4999 /* We reach here for FILTER if the condition is true, always for MAP,
5000 and never for REDUCE. The value in "temp" is to be added to the output
5001 list that is being created, ensuring that any occurrences of the
5002 separator character are doubled. Unless we are dealing with the first
5003 item of the output list, add in a space if the new item begins with the
5004 separator character, or is an empty string. */
5005
5006 if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
5007 yield = string_cat(yield, &size, &ptr, US" ", 1);
5008
5009 /* Add the string in "temp" to the output list that we are building,
5010 This is done in chunks by searching for the separator character. */
5011
5012 for (;;)
5013 {
5014 size_t seglen = Ustrcspn(temp, outsep);
5015 yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
5016
5017 /* If we got to the end of the string we output one character
5018 too many; backup and end the loop. Otherwise arrange to double the
5019 separator. */
5020
5021 if (temp[seglen] == '\0') { ptr--; break; }
5022 yield = string_cat(yield, &size, &ptr, outsep, 1);
5023 temp += seglen + 1;
5024 }
5025
5026 /* Output a separator after the string: we will remove the redundant
5027 final one at the end. */
5028
5029 yield = string_cat(yield, &size, &ptr, outsep, 1);
5030 } /* End of iteration over the list loop */
5031
5032 /* REDUCE has generated no output above: output the final value of
5033 $value. */
5034
5035 if (item_type == EITEM_REDUCE)
5036 {
5037 yield = string_cat(yield, &size, &ptr, lookup_value,
5038 Ustrlen(lookup_value));
5039 lookup_value = save_lookup_value; /* Restore $value */
5040 }
5041
5042 /* FILTER and MAP generate lists: if they have generated anything, remove
5043 the redundant final separator. Even though an empty item at the end of a
5044 list does not count, this is tidier. */
5045
5046 else if (ptr != save_ptr) ptr--;
5047
5048 /* Restore preserved $item */
5049
5050 iterate_item = save_iterate_item;
5051 continue;
5052 }
5053
5054
5055 /* If ${dlfunc support is configured, handle calling dynamically-loaded
5056 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
5057 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
5058 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
5059
5060 #define EXPAND_DLFUNC_MAX_ARGS 8
5061
5062 case EITEM_DLFUNC:
5063 #ifndef EXPAND_DLFUNC
5064 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
5065 "is not included in this binary";
5066 goto EXPAND_FAILED;
5067
5068 #else /* EXPAND_DLFUNC */
5069 {
5070 tree_node *t;
5071 exim_dlfunc_t *func;
5072 uschar *result;
5073 int status, argc;
5074 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
5075
5076 if ((expand_forbid & RDO_DLFUNC) != 0)
5077 {
5078 expand_string_message =
5079 US"dynamically-loaded functions are not permitted";
5080 goto EXPAND_FAILED;
5081 }
5082
5083 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
5084 TRUE, US"dlfunc"))
5085 {
5086 case 1: goto EXPAND_FAILED_CURLY;
5087 case 2:
5088 case 3: goto EXPAND_FAILED;
5089 }
5090
5091 /* If skipping, we don't actually do anything */
5092
5093 if (skipping) continue;
5094
5095 /* Look up the dynamically loaded object handle in the tree. If it isn't
5096 found, dlopen() the file and put the handle in the tree for next time. */
5097
5098 t = tree_search(dlobj_anchor, argv[0]);
5099 if (t == NULL)
5100 {
5101 void *handle = dlopen(CS argv[0], RTLD_LAZY);
5102 if (handle == NULL)
5103 {
5104 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
5105 argv[0], dlerror());
5106 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5107 goto EXPAND_FAILED;
5108 }
5109 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
5110 Ustrcpy(t->name, argv[0]);
5111 t->data.ptr = handle;
5112 (void)tree_insertnode(&dlobj_anchor, t);
5113 }
5114
5115 /* Having obtained the dynamically loaded object handle, look up the
5116 function pointer. */
5117
5118 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
5119 if (func == NULL)
5120 {
5121 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
5122 "%s", argv[1], argv[0], dlerror());
5123 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
5124 goto EXPAND_FAILED;
5125 }
5126
5127 /* Call the function and work out what to do with the result. If it
5128 returns OK, we have a replacement string; if it returns DEFER then
5129 expansion has failed in a non-forced manner; if it returns FAIL then
5130 failure was forced; if it returns ERROR or any other value there's a
5131 problem, so panic slightly. In any case, assume that the function has
5132 side-effects on the store that must be preserved. */
5133
5134 resetok = FALSE;
5135 result = NULL;
5136 for (argc = 0; argv[argc] != NULL; argc++);
5137 status = func(&result, argc - 2, &argv[2]);
5138 if(status == OK)
5139 {
5140 if (result == NULL) result = US"";
5141 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
5142 continue;
5143 }
5144 else
5145 {
5146 expand_string_message = result == NULL ? US"(no message)" : result;
5147 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
5148 else if(status != FAIL)
5149 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
5150 argv[0], argv[1], status, expand_string_message);
5151 goto EXPAND_FAILED;
5152 }
5153 }
5154 #endif /* EXPAND_DLFUNC */
5155 }
5156
5157 /* Control reaches here if the name is not recognized as one of the more
5158 complicated expansion items. Check for the "operator" syntax (name terminated
5159 by a colon). Some of the operators have arguments, separated by _ from the
5160 name. */
5161
5162 if (*s == ':')
5163 {
5164 int c;
5165 uschar *arg = NULL;
5166 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
5167 if (sub == NULL) goto EXPAND_FAILED;
5168 s++;
5169
5170 /* Owing to an historical mis-design, an underscore may be part of the
5171 operator name, or it may introduce arguments. We therefore first scan the
5172 table of names that contain underscores. If there is no match, we cut off
5173 the arguments and then scan the main table. */
5174
5175 c = chop_match(name, op_table_underscore,
5176 sizeof(op_table_underscore)/sizeof(uschar *));
5177
5178 if (c < 0)
5179 {
5180 arg = Ustrchr(name, '_');
5181 if (arg != NULL) *arg = 0;
5182 c = chop_match(name, op_table_main,
5183 sizeof(op_table_main)/sizeof(uschar *));
5184 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
5185 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
5186 }
5187
5188 /* If we are skipping, we don't need to perform the operation at all.
5189 This matters for operations like "mask", because the data may not be
5190 in the correct format when skipping. For example, the expression may test
5191 for the existence of $sender_host_address before trying to mask it. For
5192 other operations, doing them may not fail, but it is a waste of time. */
5193
5194 if (skipping && c >= 0) continue;
5195
5196 /* Otherwise, switch on the operator type */
5197
5198 switch(c)
5199 {
5200 case EOP_BASE62:
5201 {
5202 uschar *t;
5203 unsigned long int n = Ustrtoul(sub, &t, 10);
5204 if (*t != 0)
5205 {
5206 expand_string_message = string_sprintf("argument for base62 "
5207 "operator is \"%s\", which is not a decimal number", sub);
5208 goto EXPAND_FAILED;
5209 }
5210 t = string_base62(n);
5211 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5212 continue;
5213 }
5214
5215 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
5216
5217 case EOP_BASE62D:
5218 {
5219 uschar buf[16];
5220 uschar *tt = sub;
5221 unsigned long int n = 0;
5222 while (*tt != 0)
5223 {
5224 uschar *t = Ustrchr(base62_chars, *tt++);
5225 if (t == NULL)
5226 {
5227 expand_string_message = string_sprintf("argument for base62d "
5228 "operator is \"%s\", which is not a base %d number", sub,
5229 BASE_62);
5230 goto EXPAND_FAILED;
5231 }
5232 n = n * BASE_62 + (t - base62_chars);
5233 }
5234 (void)sprintf(CS buf, "%ld", n);
5235 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
5236 continue;
5237 }
5238
5239 case EOP_EXPAND:
5240 {
5241 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
5242 if (expanded == NULL)
5243 {
5244 expand_string_message =
5245 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
5246 expand_string_message);
5247 goto EXPAND_FAILED;
5248 }
5249 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
5250 continue;
5251 }
5252
5253 case EOP_LC:
5254 {
5255 int count = 0;
5256 uschar *t = sub - 1;
5257 while (*(++t) != 0) { *t = tolower(*t); count++; }
5258 yield = string_cat(yield, &size, &ptr, sub, count);
5259 continue;
5260 }
5261
5262 case EOP_UC:
5263 {
5264 int count = 0;
5265 uschar *t = sub - 1;
5266 while (*(++t) != 0) { *t = toupper(*t); count++; }
5267 yield = string_cat(yield, &size, &ptr, sub, count);
5268 continue;
5269 }
5270
5271 case EOP_MD5:
5272 {
5273 md5 base;
5274 uschar digest[16];
5275 int j;
5276 char st[33];
5277 md5_start(&base);
5278 md5_end(&base, sub, Ustrlen(sub), digest);
5279 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
5280 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5281 continue;
5282 }
5283
5284 case EOP_SHA1:
5285 {
5286 sha1 base;
5287 uschar digest[20];
5288 int j;
5289 char st[41];
5290 sha1_start(&base);
5291 sha1_end(&base, sub, Ustrlen(sub), digest);
5292 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
5293 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5294 continue;
5295 }
5296
5297 /* Convert hex encoding to base64 encoding */
5298
5299 case EOP_HEX2B64:
5300 {
5301 int c = 0;
5302 int b = -1;
5303 uschar *in = sub;
5304 uschar *out = sub;
5305 uschar *enc;
5306
5307 for (enc = sub; *enc != 0; enc++)
5308 {
5309 if (!isxdigit(*enc))
5310 {
5311 expand_string_message = string_sprintf("\"%s\" is not a hex "
5312 "string", sub);
5313 goto EXPAND_FAILED;
5314 }
5315 c++;
5316 }
5317
5318 if ((c & 1) != 0)
5319 {
5320 expand_string_message = string_sprintf("\"%s\" contains an odd "
5321 "number of characters", sub);
5322 goto EXPAND_FAILED;
5323 }
5324
5325 while ((c = *in++) != 0)
5326 {
5327 if (isdigit(c)) c -= '0';
5328 else c = toupper(c) - 'A' + 10;
5329 if (b == -1)
5330 {
5331 b = c << 4;
5332 }
5333 else
5334 {
5335 *out++ = b | c;
5336 b = -1;
5337 }
5338 }
5339
5340 enc = auth_b64encode(sub, out - sub);
5341 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
5342 continue;
5343 }
5344
5345 /* mask applies a mask to an IP address; for example the result of
5346 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
5347
5348 case EOP_MASK:
5349 {
5350 int count;
5351 uschar *endptr;
5352 int binary[4];
5353 int mask, maskoffset;
5354 int type = string_is_ip_address(sub, &maskoffset);
5355 uschar buffer[64];
5356
5357 if (type == 0)
5358 {
5359 expand_string_message = string_sprintf("\"%s\" is not an IP address",
5360 sub);
5361 goto EXPAND_FAILED;
5362 }
5363
5364 if (maskoffset == 0)
5365 {
5366 expand_string_message = string_sprintf("missing mask value in \"%s\"",
5367 sub);
5368 goto EXPAND_FAILED;
5369 }
5370
5371 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
5372
5373 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
5374 {
5375 expand_string_message = string_sprintf("mask value too big in \"%s\"",
5376 sub);
5377 goto EXPAND_FAILED;
5378 }
5379
5380 /* Convert the address to binary integer(s) and apply the mask */
5381
5382 sub[maskoffset] = 0;
5383 count = host_aton(sub, binary);
5384 host_mask(count, binary, mask);
5385
5386 /* Convert to masked textual format and add to output. */
5387
5388 yield = string_cat(yield, &size, &ptr, buffer,
5389 host_nmtoa(count, binary, mask, buffer, '.'));
5390 continue;
5391 }
5392
5393 case EOP_ADDRESS:
5394 case EOP_LOCAL_PART:
5395 case EOP_DOMAIN:
5396 {
5397 uschar *error;
5398 int start, end, domain;
5399 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
5400 FALSE);
5401 if (t != NULL)
5402 {
5403 if (c != EOP_DOMAIN)
5404 {
5405 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
5406 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
5407 }
5408 else if (domain != 0)
5409 {
5410 domain += start;
5411 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
5412 }
5413 }
5414 continue;
5415 }
5416
5417 case EOP_ADDRESSES:
5418 {
5419 uschar outsep[2] = { ':', '\0' };
5420 uschar *address, *error;
5421 int save_ptr = ptr;
5422 int start, end, domain; /* Not really used */
5423
5424 while (isspace(*sub)) sub++;
5425 if (*sub == '>') { *outsep = *++sub; ++sub; }
5426 parse_allow_group = TRUE;
5427
5428 for (;;)
5429 {
5430 uschar *p = parse_find_address_end(sub, FALSE);
5431 uschar saveend = *p;
5432 *p = '\0';
5433 address = parse_extract_address(sub, &error, &start, &end, &domain,
5434 FALSE);
5435 *p = saveend;
5436
5437 /* Add the address to the output list that we are building. This is
5438 done in chunks by searching for the separator character. At the
5439 start, unless we are dealing with the first address of the output
5440 list, add in a space if the new address begins with the separator
5441 character, or is an empty string. */
5442
5443 if (address != NULL)
5444 {
5445 if (ptr != save_ptr && address[0] == *outsep)
5446 yield = string_cat(yield, &size, &ptr, US" ", 1);
5447
5448 for (;;)
5449 {
5450 size_t seglen = Ustrcspn(address, outsep);
5451 yield = string_cat(yield, &size, &ptr, address, seglen + 1);
5452
5453 /* If we got to the end of the string we output one character
5454 too many. */
5455
5456 if (address[seglen] == '\0') { ptr--; break; }
5457 yield = string_cat(yield, &size, &ptr, outsep, 1);
5458 address += seglen + 1;
5459 }
5460
5461 /* Output a separator after the string: we will remove the
5462 redundant final one at the end. */
5463
5464 yield = string_cat(yield, &size, &ptr, outsep, 1);
5465 }
5466
5467 if (saveend == '\0') break;
5468 sub = p + 1;
5469 }
5470
5471 /* If we have generated anything, remove the redundant final
5472 separator. */
5473
5474 if (ptr != save_ptr) ptr--;
5475 parse_allow_group = FALSE;
5476 continue;
5477 }
5478
5479
5480 /* quote puts a string in quotes if it is empty or contains anything
5481 other than alphamerics, underscore, dot, or hyphen.
5482
5483 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
5484 be quoted in order to be a valid local part.
5485
5486 In both cases, newlines and carriage returns are converted into \n and \r
5487 respectively */
5488
5489 case EOP_QUOTE:
5490 case EOP_QUOTE_LOCAL_PART:
5491 if (arg == NULL)
5492 {
5493 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
5494 uschar *t = sub - 1;
5495
5496 if (c == EOP_QUOTE)
5497 {
5498 while (!needs_quote && *(++t) != 0)
5499 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
5500 }
5501 else /* EOP_QUOTE_LOCAL_PART */
5502 {
5503 while (!needs_quote && *(++t) != 0)
5504 needs_quote = !isalnum(*t) &&
5505 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
5506 (*t != '.' || t == sub || t[1] == 0);
5507 }
5508
5509 if (needs_quote)
5510 {
5511 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5512 t = sub - 1;
5513 while (*(++t) != 0)
5514 {
5515 if (*t == '\n')
5516 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
5517 else if (*t == '\r')
5518 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
5519 else
5520 {
5521 if (*t == '\\' || *t == '"')
5522 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5523 yield = string_cat(yield, &size, &ptr, t, 1);
5524 }
5525 }
5526 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5527 }
5528 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5529 continue;
5530 }
5531
5532 /* quote_lookuptype does lookup-specific quoting */
5533
5534 else
5535 {
5536 int n;
5537 uschar *opt = Ustrchr(arg, '_');
5538
5539 if (opt != NULL) *opt++ = 0;
5540
5541 n = search_findtype(arg, Ustrlen(arg));
5542 if (n < 0)
5543 {
5544 expand_string_message = search_error_message;
5545 goto EXPAND_FAILED;
5546 }
5547
5548 if (lookup_list[n]->quote != NULL)
5549 sub = (lookup_list[n]->quote)(sub, opt);
5550 else if (opt != NULL) sub = NULL;
5551
5552 if (sub == NULL)
5553 {
5554 expand_string_message = string_sprintf(
5555 "\"%s\" unrecognized after \"${quote_%s\"",
5556 opt, arg);
5557 goto EXPAND_FAILED;
5558 }
5559
5560 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5561 continue;
5562 }
5563
5564 /* rx quote sticks in \ before any non-alphameric character so that
5565 the insertion works in a regular expression. */
5566
5567 case EOP_RXQUOTE:
5568 {
5569 uschar *t = sub - 1;
5570 while (*(++t) != 0)
5571 {
5572 if (!isalnum(*t))
5573 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5574 yield = string_cat(yield, &size, &ptr, t, 1);
5575 }
5576 continue;
5577 }
5578
5579 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
5580 prescribed by the RFC, if there are characters that need to be encoded */
5581
5582 case EOP_RFC2047:
5583 {
5584 uschar buffer[2048];
5585 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
5586 buffer, sizeof(buffer), FALSE);
5587 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
5588 continue;
5589 }
5590
5591 /* RFC 2047 decode */
5592
5593 case EOP_RFC2047D:
5594 {
5595 int len;
5596 uschar *error;
5597 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
5598 headers_charset, '?', &len, &error);
5599 if (error != NULL)
5600 {
5601 expand_string_message = error;
5602 goto EXPAND_FAILED;
5603 }
5604 yield = string_cat(yield, &size, &ptr, decoded, len);
5605 continue;
5606 }
5607
5608 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
5609 underscores */
5610
5611 case EOP_FROM_UTF8:
5612 {
5613 while (*sub != 0)
5614 {
5615 int c;
5616 uschar buff[4];
5617 GETUTF8INC(c, sub);
5618 if (c > 255) c = '_';
5619 buff[0] = c;
5620 yield = string_cat(yield, &size, &ptr, buff, 1);
5621 }
5622 continue;
5623 }
5624
5625 /* escape turns all non-printing characters into escape sequences. */
5626
5627 case EOP_ESCAPE:
5628 {
5629 uschar *t = string_printing(sub);
5630 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5631 continue;
5632 }
5633
5634 /* Handle numeric expression evaluation */
5635
5636 case EOP_EVAL:
5637 case EOP_EVAL10:
5638 {
5639 uschar *save_sub = sub;
5640 uschar *error = NULL;
5641 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
5642 if (error != NULL)
5643 {
5644 expand_string_message = string_sprintf("error in expression "
5645 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
5646 save_sub);
5647 goto EXPAND_FAILED;
5648 }
5649 sprintf(CS var_buffer, "%d", n);
5650 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5651 continue;
5652 }
5653
5654 /* Handle time period formating */
5655
5656 case EOP_TIME_EVAL:
5657 {
5658 int n = readconf_readtime(sub, 0, FALSE);
5659 if (n < 0)
5660 {
5661 expand_string_message = string_sprintf("string \"%s\" is not an "
5662 "Exim time interval in \"%s\" operator", sub, name);
5663 goto EXPAND_FAILED;
5664 }
5665 sprintf(CS var_buffer, "%d", n);
5666 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5667 continue;
5668 }
5669
5670 case EOP_TIME_INTERVAL:
5671 {
5672 int n;
5673 uschar *t = read_number(&n, sub);
5674 if (*t != 0) /* Not A Number*/
5675 {
5676 expand_string_message = string_sprintf("string \"%s\" is not a "
5677 "positive number in \"%s\" operator", sub, name);
5678 goto EXPAND_FAILED;
5679 }
5680 t = readconf_printtime(n);
5681 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5682 continue;
5683 }
5684
5685 /* Convert string to base64 encoding */
5686
5687 case EOP_STR2B64:
5688 {
5689 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
5690 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
5691 continue;
5692 }
5693
5694 /* strlen returns the length of the string */
5695
5696 case EOP_STRLEN:
5697 {
5698 uschar buff[24];
5699 (void)sprintf(CS buff, "%d", Ustrlen(sub));
5700 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
5701 continue;
5702 }
5703
5704 /* length_n or l_n takes just the first n characters or the whole string,
5705 whichever is the shorter;
5706
5707 substr_m_n, and s_m_n take n characters from offset m; negative m take
5708 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
5709 takes the rest, either to the right or to the left.
5710
5711 hash_n or h_n makes a hash of length n from the string, yielding n
5712 characters from the set a-z; hash_n_m makes a hash of length n, but
5713 uses m characters from the set a-zA-Z0-9.
5714
5715 nhash_n returns a single number between 0 and n-1 (in text form), while
5716 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
5717 between 0 and n-1 and the second between 0 and m-1. */
5718
5719 case EOP_LENGTH:
5720 case EOP_L:
5721 case EOP_SUBSTR:
5722 case EOP_S:
5723 case EOP_HASH:
5724 case EOP_H:
5725 case EOP_NHASH:
5726 case EOP_NH:
5727 {
5728 int sign = 1;
5729 int value1 = 0;
5730 int value2 = -1;
5731 int *pn;
5732 int len;
5733 uschar *ret;
5734
5735 if (arg == NULL)
5736 {
5737 expand_string_message = string_sprintf("missing values after %s",
5738 name);
5739 goto EXPAND_FAILED;
5740 }
5741
5742 /* "length" has only one argument, effectively being synonymous with
5743 substr_0_n. */
5744
5745 if (c == EOP_LENGTH || c == EOP_L)
5746 {
5747 pn = &value2;
5748 value2 = 0;
5749 }
5750
5751 /* The others have one or two arguments; for "substr" the first may be
5752 negative. The second being negative means "not supplied". */
5753
5754 else
5755 {
5756 pn = &value1;
5757 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
5758 }
5759
5760 /* Read up to two numbers, separated by underscores */
5761
5762 ret = arg;
5763 while (*arg != 0)
5764 {
5765 if (arg != ret && *arg == '_' && pn == &value1)
5766 {
5767 pn = &value2;
5768 value2 = 0;
5769 if (arg[1] != 0) arg++;
5770 }
5771 else if (!isdigit(*arg))
5772 {
5773 expand_string_message =
5774 string_sprintf("non-digit after underscore in \"%s\"", name);
5775 goto EXPAND_FAILED;
5776 }
5777 else *pn = (*pn)*10 + *arg++ - '0';
5778 }
5779 value1 *= sign;
5780
5781 /* Perform the required operation */
5782
5783 ret =
5784 (c == EOP_HASH || c == EOP_H)?
5785 compute_hash(sub, value1, value2, &len) :
5786 (c == EOP_NHASH || c == EOP_NH)?
5787 compute_nhash(sub, value1, value2, &len) :
5788 extract_substr(sub, value1, value2, &len);
5789
5790 if (ret == NULL) goto EXPAND_FAILED;
5791 yield = string_cat(yield, &size, &ptr, ret, len);
5792 continue;
5793 }
5794
5795 /* Stat a path */
5796
5797 case EOP_STAT:
5798 {
5799 uschar *s;
5800 uschar smode[12];
5801 uschar **modetable[3];
5802 int i;
5803 mode_t mode;
5804 struct stat st;
5805
5806 if ((expand_forbid & RDO_EXISTS) != 0)
5807 {
5808 expand_string_message = US"Use of the stat() expansion is not permitted";
5809 goto EXPAND_FAILED;
5810 }
5811
5812 if (stat(CS sub, &st) < 0)
5813 {
5814 expand_string_message = string_sprintf("stat(%s) failed: %s",
5815 sub, strerror(errno));
5816 goto EXPAND_FAILED;
5817 }
5818 mode = st.st_mode;
5819 switch (mode & S_IFMT)
5820 {
5821 case S_IFIFO: smode[0] = 'p'; break;
5822 case S_IFCHR: smode[0] = 'c'; break;
5823 case S_IFDIR: smode[0] = 'd'; break;
5824 case S_IFBLK: smode[0] = 'b'; break;
5825 case S_IFREG: smode[0] = '-'; break;
5826 default: smode[0] = '?'; break;
5827 }
5828
5829 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
5830 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
5831 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
5832
5833 for (i = 0; i < 3; i++)
5834 {
5835 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
5836 mode >>= 3;
5837 }
5838
5839 smode[10] = 0;
5840 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
5841 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
5842 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
5843 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
5844 (long)st.st_gid, st.st_size, (long)st.st_atime,
5845 (long)st.st_mtime, (long)st.st_ctime);
5846 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
5847 continue;
5848 }
5849
5850 /* pseudo-random number less than N */
5851
5852 case EOP_RANDINT:
5853 {
5854 int max;
5855 uschar *s;
5856
5857 max = expand_string_integer(sub, TRUE);
5858 if (expand_string_message != NULL)
5859 goto EXPAND_FAILED;
5860 s = string_sprintf("%d", pseudo_random_number(max));
5861 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
5862 continue;
5863 }
5864
5865 /* Reverse IP, including IPv6 to dotted-nibble */
5866
5867 case EOP_REVERSE_IP:
5868 {
5869 int family, maskptr;
5870 uschar reversed[128];
5871
5872 family = string_is_ip_address(sub, &maskptr);
5873 if (family == 0)
5874 {
5875 expand_string_message = string_sprintf(
5876 "reverse_ip() not given an IP address [%s]", sub);
5877 goto EXPAND_FAILED;
5878 }
5879 invert_address(reversed, sub);
5880 yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed));
5881 continue;
5882 }
5883
5884 /* Unknown operator */
5885
5886 default:
5887 expand_string_message =
5888 string_sprintf("unknown expansion operator \"%s\"", name);
5889 goto EXPAND_FAILED;
5890 }
5891 }
5892
5893 /* Handle a plain name. If this is the first thing in the expansion, release
5894 the pre-allocated buffer. If the result data is known to be in a new buffer,
5895 newsize will be set to the size of that buffer, and we can just point at that
5896 store instead of copying. Many expansion strings contain just one reference,
5897 so this is a useful optimization, especially for humungous headers
5898 ($message_headers). */
5899
5900 if (*s++ == '}')
5901 {
5902 int len;
5903 int newsize = 0;
5904 if (ptr == 0)
5905 {
5906 if (resetok) store_reset(yield);
5907 yield = NULL;
5908 size = 0;
5909 }
5910 value = find_variable(name, FALSE, skipping, &newsize);
5911 if (value == NULL)
5912 {
5913 expand_string_message =
5914 string_sprintf("unknown variable in \"${%s}\"", name);
5915 check_variable_error_message(name);
5916 goto EXPAND_FAILED;
5917 }
5918 len = Ustrlen(value);
5919 if (yield == NULL && newsize != 0)
5920 {
5921 yield = value;
5922 size = newsize;
5923 ptr = len;
5924 }
5925 else yield = string_cat(yield, &size, &ptr, value, len);
5926 continue;
5927 }
5928
5929 /* Else there's something wrong */
5930
5931 expand_string_message =
5932 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
5933 "in a variable reference)", name);
5934 goto EXPAND_FAILED;
5935 }
5936
5937 /* If we hit the end of the string when ket_ends is set, there is a missing
5938 terminating brace. */
5939
5940 if (ket_ends && *s == 0)
5941 {
5942 expand_string_message = malformed_header?
5943 US"missing } at end of string - could be header name not terminated by colon"
5944 :
5945 US"missing } at end of string";
5946 goto EXPAND_FAILED;
5947 }
5948
5949 /* Expansion succeeded; yield may still be NULL here if nothing was actually
5950 added to the string. If so, set up an empty string. Add a terminating zero. If
5951 left != NULL, return a pointer to the terminator. */
5952
5953 if (yield == NULL) yield = store_get(1);
5954 yield[ptr] = 0;
5955 if (left != NULL) *left = s;
5956
5957 /* Any stacking store that was used above the final string is no longer needed.
5958 In many cases the final string will be the first one that was got and so there
5959 will be optimal store usage. */
5960
5961 if (resetok) store_reset(yield + ptr + 1);
5962 DEBUG(D_expand)
5963 {
5964 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
5965 yield);
5966 if (skipping) debug_printf("skipping: result is not used\n");
5967 }
5968 return yield;
5969
5970 /* This is the failure exit: easiest to program with a goto. We still need
5971 to update the pointer to the terminator, for cases of nested calls with "fail".
5972 */
5973
5974 EXPAND_FAILED_CURLY:
5975 expand_string_message = malformed_header?
5976 US"missing or misplaced { or } - could be header name not terminated by colon"
5977 :
5978 US"missing or misplaced { or }";
5979
5980 /* At one point, Exim reset the store to yield (if yield was not NULL), but
5981 that is a bad idea, because expand_string_message is in dynamic store. */
5982
5983 EXPAND_FAILED:
5984 if (left != NULL) *left = s;
5985 DEBUG(D_expand)
5986 {
5987 debug_printf("failed to expand: %s\n", string);
5988 debug_printf(" error message: %s\n", expand_string_message);
5989 if (expand_string_forcedfail) debug_printf("failure was forced\n");
5990 }
5991 return NULL;
5992 }
5993
5994
5995 /* This is the external function call. Do a quick check for any expansion
5996 metacharacters, and if there are none, just return the input string.
5997
5998 Argument: the string to be expanded
5999 Returns: the expanded string, or NULL if expansion failed; if failure was
6000 due to a lookup deferring, search_find_defer will be TRUE
6001 */
6002
6003 uschar *
6004 expand_string(uschar *string)
6005 {
6006 search_find_defer = FALSE;
6007 malformed_header = FALSE;
6008 return (Ustrpbrk(string, "$\\") == NULL)? string :
6009 expand_string_internal(string, FALSE, NULL, FALSE);
6010 }
6011
6012
6013
6014 /*************************************************
6015 * Expand and copy *
6016 *************************************************/
6017
6018 /* Now and again we want to expand a string and be sure that the result is in a
6019 new bit of store. This function does that.
6020
6021 Argument: the string to be expanded
6022 Returns: the expanded string, always in a new bit of store, or NULL
6023 */
6024
6025 uschar *
6026 expand_string_copy(uschar *string)
6027 {
6028 uschar *yield = expand_string(string);
6029 if (yield == string) yield = string_copy(string);
6030 return yield;
6031 }
6032
6033
6034
6035 /*************************************************
6036 * Expand and interpret as an integer *
6037 *************************************************/
6038
6039 /* Expand a string, and convert the result into an integer.
6040
6041 Arguments:
6042 string the string to be expanded
6043 isplus TRUE if a non-negative number is expected
6044
6045 Returns: the integer value, or
6046 -1 for an expansion error ) in both cases, message in
6047 -2 for an integer interpretation error ) expand_string_message
6048 expand_string_message is set NULL for an OK integer
6049 */
6050
6051 int
6052 expand_string_integer(uschar *string, BOOL isplus)
6053 {
6054 long int value;
6055 uschar *s = expand_string(string);
6056 uschar *msg = US"invalid integer \"%s\"";
6057 uschar *endptr;
6058
6059 /* If expansion failed, expand_string_message will be set. */
6060
6061 if (s == NULL) return -1;
6062
6063 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
6064 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
6065 systems, so we set it zero ourselves. */
6066
6067 errno = 0;
6068 expand_string_message = NULL; /* Indicates no error */
6069
6070 /* Before Exim 4.64, strings consisting entirely of whitespace compared
6071 equal to 0. Unfortunately, people actually relied upon that, so preserve
6072 the behaviour explicitly. Stripping leading whitespace is a harmless
6073 noop change since strtol skips it anyway (provided that there is a number
6074 to find at all). */
6075 if (isspace(*s))
6076 {
6077 while (isspace(*s)) ++s;
6078 if (*s == '\0')
6079 {
6080 DEBUG(D_expand)
6081 debug_printf("treating blank string as number 0\n");
6082 return 0;
6083 }
6084 }
6085
6086 value = strtol(CS s, CSS &endptr, 10);
6087
6088 if (endptr == s)
6089 {
6090 msg = US"integer expected but \"%s\" found";
6091 }
6092 else if (value < 0 && isplus)
6093 {
6094 msg = US"non-negative integer expected but \"%s\" found";
6095 }
6096 else
6097 {
6098 /* Ensure we can cast this down to an int */
6099 if (value > INT_MAX || value < INT_MIN) errno = ERANGE;
6100
6101 if (errno != ERANGE)
6102 {
6103 if (tolower(*endptr) == 'k')
6104 {
6105 if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE;
6106 else value *= 1024;
6107 endptr++;
6108 }
6109 else if (tolower(*endptr) == 'm')
6110 {
6111 if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024))
6112 errno = ERANGE;
6113 else value *= 1024*1024;
6114 endptr++;
6115 }
6116 }
6117 if (errno == ERANGE)
6118 msg = US"absolute value of integer \"%s\" is too large (overflow)";
6119 else
6120 {
6121 while (isspace(*endptr)) endptr++;
6122 if (*endptr == 0) return (int)value;
6123 }
6124 }
6125
6126 expand_string_message = string_sprintf(CS msg, s);
6127 return -2;
6128 }
6129
6130
6131 /*************************************************
6132 **************************************************
6133 * Stand-alone test program *
6134 **************************************************
6135 *************************************************/
6136
6137 #ifdef STAND_ALONE
6138
6139
6140 BOOL
6141 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
6142 {
6143 int ovector[3*(EXPAND_MAXN+1)];
6144 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
6145 ovector, sizeof(ovector)/sizeof(int));
6146 BOOL yield = n >= 0;
6147 if (n == 0) n = EXPAND_MAXN + 1;
6148 if (yield)
6149 {
6150 int nn;
6151 expand_nmax = (setup < 0)? 0 : setup + 1;
6152 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
6153 {
6154 expand_nstring[expand_nmax] = subject + ovector[nn];
6155 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
6156 }
6157 expand_nmax--;
6158 }
6159 return yield;
6160 }
6161
6162
6163 int main(int argc, uschar **argv)
6164 {
6165 int i;
6166 uschar buffer[1024];
6167
6168 debug_selector = D_v;
6169 debug_file = stderr;
6170 debug_fd = fileno(debug_file);
6171 big_buffer = malloc(big_buffer_size);
6172
6173 for (i = 1; i < argc; i++)
6174 {
6175 if (argv[i][0] == '+')
6176 {
6177 debug_trace_memory = 2;
6178 argv[i]++;
6179 }
6180 if (isdigit(argv[i][0]))
6181 debug_selector = Ustrtol(argv[i], NULL, 0);
6182 else
6183 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
6184 Ustrlen(argv[i]))
6185 {
6186 #ifdef LOOKUP_LDAP
6187 eldap_default_servers = argv[i];
6188 #endif
6189 #ifdef LOOKUP_MYSQL
6190 mysql_servers = argv[i];
6191 #endif
6192 #ifdef LOOKUP_PGSQL
6193 pgsql_servers = argv[i];
6194 #endif
6195 }
6196 #ifdef EXIM_PERL
6197 else opt_perl_startup = argv[i];
6198 #endif
6199 }
6200
6201 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
6202
6203 expand_nstring[1] = US"string 1....";
6204 expand_nlength[1] = 8;
6205 expand_nmax = 1;
6206
6207 #ifdef EXIM_PERL
6208 if (opt_perl_startup != NULL)
6209 {
6210 uschar *errstr;
6211 printf("Starting Perl interpreter\n");
6212 errstr = init_perl(opt_perl_startup);
6213 if (errstr != NULL)
6214 {
6215 printf("** error in perl_startup code: %s\n", errstr);
6216 return EXIT_FAILURE;
6217 }
6218 }
6219 #endif /* EXIM_PERL */
6220
6221 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
6222 {
6223 void *reset_point = store_get(0);
6224 uschar *yield = expand_string(buffer);
6225 if (yield != NULL)
6226 {
6227 printf("%s\n", yield);
6228 store_reset(reset_point);
6229 }
6230 else
6231 {
6232 if (search_find_defer) printf("search_find deferred\n");
6233 printf("Failed: %s\n", expand_string_message);
6234 if (expand_string_forcedfail) printf("Forced failure\n");
6235 printf("\n");
6236 }
6237 }
6238
6239 search_tidyup();
6240
6241 return 0;
6242 }
6243
6244 #endif
6245
6246 /* End of expand.c */
Unnamed repository; edit this file 'description' to name the repository.