-/* $Cambridge: exim/src/src/expand.c,v 1.13 2005/02/17 11:58:26 ph10 Exp $ */
+/* $Cambridge: exim/src/src/expand.c,v 1.66 2006/10/30 14:59:15 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2006 */
/* See the file NOTICE for conditions of use and distribution. */
alphabetical order. */
static uschar *item_table[] = {
+ US"dlfunc",
US"extract",
US"hash",
US"hmac",
US"length",
US"lookup",
US"nhash",
- #ifdef EXIM_PERL
- US"perl",
- #endif
+ US"perl",
+ US"prvs",
+ US"prvscheck",
US"readfile",
US"readsocket",
US"run",
US"tr" };
enum {
+ EITEM_DLFUNC,
EITEM_EXTRACT,
EITEM_HASH,
EITEM_HMAC,
EITEM_LENGTH,
EITEM_LOOKUP,
EITEM_NHASH,
- #ifdef EXIM_PERL
- EITEM_PERL,
- #endif
+ EITEM_PERL,
+ EITEM_PRVS,
+ EITEM_PRVSCHECK,
EITEM_READFILE,
EITEM_READSOCK,
EITEM_RUN,
US"from_utf8",
US"local_part",
US"quote_local_part",
+ US"time_eval",
US"time_interval"};
enum {
EOP_FROM_UTF8,
EOP_LOCAL_PART,
EOP_QUOTE_LOCAL_PART,
+ EOP_TIME_EVAL,
EOP_TIME_INTERVAL };
static uschar *op_table_main[] = {
US"match",
US"match_address",
US"match_domain",
+ US"match_ip",
US"match_local_part",
US"or",
US"pam",
ECOND_MATCH,
ECOND_MATCH_ADDRESS,
ECOND_MATCH_DOMAIN,
+ ECOND_MATCH_IP,
ECOND_MATCH_LOCAL_PART,
ECOND_OR,
ECOND_PAM,
vtype_stringptr, /* value is address of pointer to string */
vtype_msgbody, /* as stringptr, but read when first required */
vtype_msgbody_end, /* ditto, the end of the message */
- vtype_msgheaders, /* the message's headers */
+ vtype_msgheaders, /* the message's headers, processed */
+ vtype_msgheaders_raw, /* the message's headers, unprocessed */
vtype_localpart, /* extract local part from string */
vtype_domain, /* extract domain from string */
vtype_recipients, /* extract recipients from recipients list */
vtype_load_avg, /* value not used; result is int from os_getloadavg */
vtype_pspace, /* partition space; value is T/F for spool/log */
vtype_pinodes /* partition inodes; value is T/F for spool/log */
+#ifdef EXPERIMENTAL_DOMAINKEYS
+ ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
+#endif
};
/* This table must be kept in alphabetical order. */
static var_entry var_table[] = {
- { "acl_c0", vtype_stringptr, &acl_var[0] },
- { "acl_c1", vtype_stringptr, &acl_var[1] },
- { "acl_c2", vtype_stringptr, &acl_var[2] },
- { "acl_c3", vtype_stringptr, &acl_var[3] },
- { "acl_c4", vtype_stringptr, &acl_var[4] },
- { "acl_c5", vtype_stringptr, &acl_var[5] },
- { "acl_c6", vtype_stringptr, &acl_var[6] },
- { "acl_c7", vtype_stringptr, &acl_var[7] },
- { "acl_c8", vtype_stringptr, &acl_var[8] },
- { "acl_c9", vtype_stringptr, &acl_var[9] },
- { "acl_m0", vtype_stringptr, &acl_var[10] },
- { "acl_m1", vtype_stringptr, &acl_var[11] },
- { "acl_m2", vtype_stringptr, &acl_var[12] },
- { "acl_m3", vtype_stringptr, &acl_var[13] },
- { "acl_m4", vtype_stringptr, &acl_var[14] },
- { "acl_m5", vtype_stringptr, &acl_var[15] },
- { "acl_m6", vtype_stringptr, &acl_var[16] },
- { "acl_m7", vtype_stringptr, &acl_var[17] },
- { "acl_m8", vtype_stringptr, &acl_var[18] },
- { "acl_m9", vtype_stringptr, &acl_var[19] },
+ /* WARNING: Do not invent variables whose names start acl_c or acl_m because
+ they will be confused with user-creatable ACL variables. */
{ "acl_verify_message", vtype_stringptr, &acl_verify_message },
{ "address_data", vtype_stringptr, &deliver_address_data },
{ "address_file", vtype_stringptr, &address_file },
{ "caller_uid", vtype_uid, &real_uid },
{ "compile_date", vtype_stringptr, &version_date },
{ "compile_number", vtype_stringptr, &version_cnumber },
+ { "csa_status", vtype_stringptr, &csa_status },
#ifdef WITH_OLD_DEMIME
{ "demime_errorlevel", vtype_int, &demime_errorlevel },
{ "demime_reason", vtype_stringptr, &demime_reason },
+#endif
+#ifdef EXPERIMENTAL_DOMAINKEYS
+ { "dk_domain", vtype_stringptr, &dk_signing_domain },
+ { "dk_is_signed", vtype_dk_verify, NULL },
+ { "dk_result", vtype_dk_verify, NULL },
+ { "dk_selector", vtype_stringptr, &dk_signing_selector },
+ { "dk_sender", vtype_dk_verify, NULL },
+ { "dk_sender_domain", vtype_dk_verify, NULL },
+ { "dk_sender_local_part",vtype_dk_verify, NULL },
+ { "dk_sender_source", vtype_dk_verify, NULL },
+ { "dk_signsall", vtype_dk_verify, NULL },
+ { "dk_status", vtype_dk_verify, NULL },
+ { "dk_testing", vtype_dk_verify, NULL },
#endif
{ "dnslist_domain", vtype_stringptr, &dnslist_domain },
{ "dnslist_text", vtype_stringptr, &dnslist_text },
{ "message_body", vtype_msgbody, &message_body },
{ "message_body_end", vtype_msgbody_end, &message_body_end },
{ "message_body_size", vtype_int, &message_body_size },
+ { "message_exim_id", vtype_stringptr, &message_id },
{ "message_headers", vtype_msgheaders, NULL },
+ { "message_headers_raw", vtype_msgheaders_raw, NULL },
{ "message_id", vtype_stringptr, &message_id },
+ { "message_linecount", vtype_int, &message_linecount },
{ "message_size", vtype_int, &message_size },
#ifdef WITH_CONTENT_SCAN
{ "mime_anomaly_level", vtype_int, &mime_anomaly_level },
{ "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
{ "pid", vtype_pid, NULL },
{ "primary_hostname", vtype_stringptr, &primary_hostname },
+ { "prvscheck_address", vtype_stringptr, &prvscheck_address },
+ { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
+ { "prvscheck_result", vtype_stringptr, &prvscheck_result },
{ "qualify_domain", vtype_stringptr, &qualify_domain_sender },
{ "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
{ "rcpt_count", vtype_int, &rcpt_count },
{ "received_count", vtype_int, &received_count },
{ "received_for", vtype_stringptr, &received_for },
{ "received_protocol", vtype_stringptr, &received_protocol },
+ { "received_time", vtype_int, &received_time },
{ "recipient_data", vtype_stringptr, &recipient_data },
{ "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
{ "recipients", vtype_recipients, NULL },
{ "sender_host_name", vtype_host_lookup, NULL },
{ "sender_host_port", vtype_int, &sender_host_port },
{ "sender_ident", vtype_stringptr, &sender_ident },
+ { "sender_rate", vtype_stringptr, &sender_rate },
+ { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
+ { "sender_rate_period", vtype_stringptr, &sender_rate_period },
{ "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
{ "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
{ "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
- { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
+ { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
+ { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
{ "sn0", vtype_filter_int, &filter_sn[0] },
{ "sn1", vtype_filter_int, &filter_sn[1] },
{ "sn2", vtype_filter_int, &filter_sn[2] },
newsize return the size of memory block that was obtained; may be NULL
if exists_only is TRUE
want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
- other than concatenating, will be done on the header
+ other than concatenating, will be done on the header. Also used
+ for $message_headers_raw.
charset name of charset to translate MIME words to; used only if
want_raw is false; if NULL, no translation is done (this is
used for $bh_ and $bheader_)
while (isspace(*t)) t++; /* remove leading white space */
ilen = h->slen - (t - h->text); /* length to insert */
+ /* Unless wanted raw, remove trailing whitespace, including the
+ newline. */
+
+ if (!want_raw)
+ while (ilen > 0 && isspace(t[ilen-1])) ilen--;
+
/* Set comma = 1 if handling a single header and it's one of those
that contains an address list, except when asked for raw headers. Only
need to do this once. */
/* First pass - compute total store needed; second pass - compute
total store used, including this header. */
- size += ilen + comma;
+ size += ilen + comma + 1; /* +1 for the newline */
/* Second pass - concatentate the data, up to a maximum. Note that
the loop stops when size hits the limit. */
{
if (size > header_insert_maxlen)
{
- ilen -= size - header_insert_maxlen;
+ ilen -= size - header_insert_maxlen - 1;
comma = 0;
}
Ustrncpy(ptr, t, ilen);
ptr += ilen;
- if (comma != 0 && ilen > 0)
+
+ /* For a non-raw header, put in the comma if needed, then add
+ back the newline we removed above, provided there was some text in
+ the header. */
+
+ if (!want_raw && ilen > 0)
{
- ptr[-1] = ',';
+ if (comma != 0) *ptr++ = ',';
*ptr++ = '\n';
}
}
}
}
- /* At end of first pass, truncate size if necessary, and get the buffer
- to hold the data, returning the buffer size. */
+ /* At end of first pass, return NULL if no header found. Then truncate size
+ if necessary, and get the buffer to hold the data, returning the buffer size.
+ */
if (i == 0)
{
}
}
-/* Remove a redundant added comma if present */
-
-if (comma != 0 && ptr > yield) ptr -= 2;
-
/* That's all we do for raw header expansion. */
if (want_raw)
*ptr = 0;
}
-/* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
-2047 decoding, translating the charset if requested. The rfc2047_decode2()
+/* Otherwise, remove a final newline and a redundant added comma. Then we do
+RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
function can return an error with decoded data if the charset translation
fails. If decoding fails, it returns NULL. */
else
{
uschar *decoded, *error;
- while (ptr > yield && isspace(ptr[-1])) ptr--;
+ if (ptr > yield && ptr[-1] == '\n') ptr--;
+ if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
*ptr = 0;
- decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
+ decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
+ newsize, &error);
if (error != NULL)
{
DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
int first = 0;
int last = var_table_size;
+/* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
+Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
+release 4.64 onwards arbitrary names are permitted, as long as the first 5
+characters are acl_c or acl_m and the sixth is either a digit or an underscore
+(this gave backwards compatibility at the changeover). There may be built-in
+variables whose names start acl_ but they should never start in this way. This
+slightly messy specification is a consequence of the history, needless to say.
+
+If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
+set, in which case give an error. */
+
+if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
+ !isalpha(name[5]))
+ {
+ tree_node *node =
+ tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
+ return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
+ }
+
+/* Handle $auth<n> variables. */
+
+if (Ustrncmp(name, "auth", 4) == 0)
+ {
+ uschar *endptr;
+ int n = Ustrtoul(name + 4, &endptr, 10);
+ if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
+ return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
+ }
+
+/* For all other variables, search the table */
+
while (last > first)
{
uschar *s, *domain;
if (c < 0) { last = middle; continue; }
/* Found an existing variable. If in skipping state, the value isn't needed,
- and we want to avoid processing (such as looking up up the host name). */
+ and we want to avoid processing (such as looking up the host name). */
if (skipping) return US"";
switch (var_table[middle].type)
{
+#ifdef EXPERIMENTAL_DOMAINKEYS
+
+ case vtype_dk_verify:
+ if (dk_verify_block == NULL) return US"";
+ s = NULL;
+ if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
+ s = dk_verify_block->result_string;
+ if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
+ s = dk_verify_block->address;
+ if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
+ s = dk_verify_block->domain;
+ if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
+ s = dk_verify_block->local_part;
+
+ if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
+ switch(dk_verify_block->address_source) {
+ case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
+ case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
+ case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
+ }
+
+ if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
+ switch(dk_verify_block->result) {
+ case DK_EXIM_RESULT_ERR: s = US"error"; break;
+ case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
+ case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
+ case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
+ case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
+ case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
+ case DK_EXIM_RESULT_GOOD: s = US"good"; break;
+ case DK_EXIM_RESULT_BAD: s = US"bad"; break;
+ }
+
+ if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
+ s = (dk_verify_block->signsall)? US"1" : US"0";
+
+ if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
+ s = (dk_verify_block->testing)? US"1" : US"0";
+
+ if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
+ s = (dk_verify_block->is_signed)? US"1" : US"0";
+
+ return (s == NULL)? US"" : s;
+#endif
+
case vtype_filter_int:
if (!filter_running) return NULL;
/* Fall through */
-
+ /* VVVVVVVVVVVV */
case vtype_int:
sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
return var_buffer;
case vtype_msgheaders:
return find_header(NULL, exists_only, newsize, FALSE, NULL);
+ case vtype_msgheaders_raw:
+ return find_header(NULL, exists_only, newsize, TRUE, NULL);
+
case vtype_msgbody: /* Pointer to msgbody string */
case vtype_msgbody_end: /* Ditto, the end of the msg */
ss = (uschar **)(var_table[middle].value);
if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
{
uschar *body;
- int start_offset = SPOOL_DATA_START_OFFSET;
+ off_t start_offset = SPOOL_DATA_START_OFFSET;
int len = message_body_visible;
if (len > message_size) len = message_size;
*ss = body = store_malloc(len+1);
return tod_stamp(tod_log_datestamp);
case vtype_reply: /* Get reply address */
- s = find_header(US"reply-to:", exists_only, newsize, FALSE,
+ s = find_header(US"reply-to:", exists_only, newsize, TRUE,
headers_charset);
+ if (s != NULL) while (isspace(*s)) s++;
if (s == NULL || *s == 0)
- s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
+ {
+ *newsize = 0; /* For the *s==0 case */
+ s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
+ }
+ if (s != NULL)
+ {
+ uschar *t;
+ while (isspace(*s)) s++;
+ for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
+ while (t > s && isspace(t[-1])) t--;
+ *t = 0;
+ }
return (s == NULL)? US"" : s;
/* A recipients list is available only during system message filtering,
+/*************************************************
+* Elaborate message for bad variable *
+*************************************************/
+
+/* For the "unknown variable" message, take a look at the variable's name, and
+give additional information about possible ACL variables. The extra information
+is added on to expand_string_message.
+
+Argument: the name of the variable
+Returns: nothing
+*/
+
+static void
+check_variable_error_message(uschar *name)
+{
+if (Ustrncmp(name, "acl_", 4) == 0)
+ expand_string_message = string_sprintf("%s (%s)", expand_string_message,
+ (name[4] == 'c' || name[4] == 'm')?
+ (isalpha(name[5])?
+ US"6th character of a user-defined ACL variable must be a digit or underscore" :
+ US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
+ ) :
+ US"user-defined ACL variables must start acl_c or acl_m");
+}
+
+
+
/*************************************************
* Read and evaluate a condition *
*************************************************/
cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
switch(cond_type)
{
- /* def: tests for a non-zero or non-NULL variable, or for an existing
- header */
+ /* def: tests for a non-empty variable, or for the existence of a header. If
+ yield == NULL we are in a skipping state, and don't care about the answer. */
case ECOND_DEF:
if (*s != ':')
(find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
}
- /* Test for a variable's having a non-empty value. If yield == NULL we
- are in a skipping state, and don't care about the answer. */
+ /* Test for a variable's having a non-empty value. A non-existent variable
+ causes an expansion failure. */
else
{
expand_string_message = (name[0] == 0)?
string_sprintf("variable name omitted after \"def:\"") :
string_sprintf("unknown variable \"%s\" after \"def:\"", name);
+ check_variable_error_message(name);
return NULL;
}
- if (yield != NULL)
- *yield = (value[0] != 0 && Ustrcmp(value, "0") != 0) == testfor;
+ if (yield != NULL) *yield = (value[0] != 0) == testfor;
}
return s;
case ECOND_ISIP4:
case ECOND_ISIP6:
rc = string_is_ip_address(sub[0], NULL);
- *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
+ *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
(cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
break;
variables if it succeeds
match_address: matches in an address list
match_domain: matches in a domain list
+ match_ip: matches a host list that is restricted to IP addresses
match_local_part: matches in a local part list
crypteq: encrypts plaintext and compares against an encrypted text,
using crypt(), crypt16(), MD5 or SHA-1
case ECOND_MATCH:
case ECOND_MATCH_ADDRESS:
case ECOND_MATCH_DOMAIN:
+ case ECOND_MATCH_IP:
case ECOND_MATCH_LOCAL_PART:
case ECOND_CRYPTEQ:
if (!isalpha(name[0]))
{
- uschar *endptr;
- num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
- if (tolower(*endptr) == 'k')
- {
- num[i] *= 1024;
- endptr++;
- }
- else if (tolower(*endptr) == 'm')
- {
- num[i] *= 1024*1024;
- endptr++;
- }
- while (isspace(*endptr)) endptr++;
- if (*endptr != 0)
- {
- expand_string_message = string_sprintf("\"%s\" is not a number",
- sub[i]);
- return NULL;
- }
+ num[i] = expand_string_integer(sub[i], FALSE);
+ if (expand_string_message != NULL) return NULL;
}
}
MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
goto MATCHED_SOMETHING;
+ case ECOND_MATCH_IP: /* Match IP address in a host list */
+ if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
+ {
+ expand_string_message = string_sprintf("\"%s\" is not an IP address",
+ sub[0]);
+ return NULL;
+ }
+ else
+ {
+ unsigned int *nullcache = NULL;
+ check_host_block cb;
+
+ cb.host_name = US"";
+ cb.host_address = sub[0];
+
+ /* If the host address starts off ::ffff: it is an IPv6 address in
+ IPv4-compatible mode. Find the IPv4 part for checking against IPv4
+ addresses. */
+
+ cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
+ cb.host_address + 7 : cb.host_address;
+
+ rc = match_check_list(
+ &sub[1], /* the list */
+ 0, /* separator character */
+ &hostlist_anchor, /* anchor pointer */
+ &nullcache, /* cache pointer */
+ check_host, /* function for testing */
+ &cb, /* argument for function */
+ MCL_HOST, /* type of check */
+ sub[0], /* text for debugging */
+ NULL); /* where to pass back data */
+ }
+ goto MATCHED_SOMETHING;
+
case ECOND_MATCH_LOCAL_PART:
rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
/* Fall through */
-
+ /* VVVVVVVVVVVV */
MATCHED_SOMETHING:
switch(rc)
{
goto RETURN;
}
+/* The first following string must be braced. */
+
+if (*s++ != '{') goto FAILED_CURLY;
+
/* Expand the first substring. Forced failures are noticed only if we actually
want this string. Set skipping in the call in the fail case (this will always
be the case if we were already skipping). */
-sub1 = expand_string_internal(s+1, TRUE, &s, !yes);
+sub1 = expand_string_internal(s, TRUE, &s, !yes);
if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
expand_string_forcedfail = FALSE;
if (*s++ != '}') goto FAILED_CURLY;
/* If this is called from a lookup or an extract, we want to restore $value to
what it was at the start of the item, so that it has this value during the
-second string expansion. For the call from "if" to this function, save_lookup
-is set to lookup_value, so that this statement does nothing. */
+second string expansion. For the call from "if" or "run" to this function,
+save_lookup is set to lookup_value, so that this statement does nothing. */
lookup_value = save_lookup;
-
-
/*************************************************
* Handle MD5 or SHA-1 computation for HMAC *
*************************************************/
+/********************************************************
+* prvs: Get last three digits of days since Jan 1, 1970 *
+********************************************************/
+
+/* This is needed to implement the "prvs" BATV reverse
+ path signing scheme
+
+Argument: integer "days" offset to add or substract to
+ or from the current number of days.
+
+Returns: pointer to string containing the last three
+ digits of the number of days since Jan 1, 1970,
+ modified by the offset argument, NULL if there
+ was an error in the conversion.
+
+*/
+
+static uschar *
+prvs_daystamp(int day_offset)
+{
+uschar *days = store_get(32); /* Need at least 24 for cases */
+(void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
+ (time(NULL) + day_offset*86400)/86400);
+return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
+}
+
+
+
+/********************************************************
+* prvs: perform HMAC-SHA1 computation of prvs bits *
+********************************************************/
+
+/* This is needed to implement the "prvs" BATV reverse
+ path signing scheme
+
+Arguments:
+ address RFC2821 Address to use
+ key The key to use (must be less than 64 characters
+ in size)
+ key_num Single-digit key number to use. Defaults to
+ '0' when NULL.
+
+Returns: pointer to string containing the first three
+ bytes of the final hash in hex format, NULL if
+ there was an error in the process.
+*/
+
+static uschar *
+prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
+{
+uschar *hash_source, *p;
+int size = 0,offset = 0,i;
+sha1 sha1_base;
+void *use_base = &sha1_base;
+uschar innerhash[20];
+uschar finalhash[20];
+uschar innerkey[64];
+uschar outerkey[64];
+uschar *finalhash_hex = store_get(40);
+
+if (key_num == NULL)
+ key_num = US"0";
+
+if (Ustrlen(key) > 64)
+ return NULL;
+
+hash_source = string_cat(NULL,&size,&offset,key_num,1);
+string_cat(hash_source,&size,&offset,daystamp,3);
+string_cat(hash_source,&size,&offset,address,Ustrlen(address));
+hash_source[offset] = '\0';
+
+DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
+
+memset(innerkey, 0x36, 64);
+memset(outerkey, 0x5c, 64);
+
+for (i = 0; i < Ustrlen(key); i++)
+ {
+ innerkey[i] ^= key[i];
+ outerkey[i] ^= key[i];
+ }
+
+chash_start(HMAC_SHA1, use_base);
+chash_mid(HMAC_SHA1, use_base, innerkey);
+chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
+
+chash_start(HMAC_SHA1, use_base);
+chash_mid(HMAC_SHA1, use_base, outerkey);
+chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
+
+p = finalhash_hex;
+for (i = 0; i < 3; i++)
+ {
+ *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
+ *p++ = hex_digits[finalhash[i] & 0x0f];
+ }
+*p = '\0';
+
+return finalhash_hex;
+}
+
+
+
+
/*************************************************
* Join a file onto the output string *
*************************************************/
int x = eval_term(&s, decimal, error);
if (*error == NULL)
{
- while (*s == '*' || *s == '/')
+ while (*s == '*' || *s == '/' || *s == '%')
{
int op = *s++;
int y = eval_term(&s, decimal, error);
if (*error != NULL) break;
- if (op == '*') x *= y; else x /= y;
+ if (op == '*') x *= y;
+ else if (op == '/') x /= y;
+ else x %= y;
}
}
*sptr = s;
{
expand_string_message =
string_sprintf("unknown variable name \"%s\"", name);
+ check_variable_error_message(name);
goto EXPAND_FAILED;
}
}
/* Check that a key was provided for those lookup types that need it,
and was not supplied for those that use the query style. */
- if (!mac_islookup(stype, lookup_querystyle))
+ if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
{
if (key == NULL)
{
}
/* Get the next string in brackets and expand it. It is the file name for
- single-key+file lookups, and the whole query otherwise. */
+ single-key+file lookups, and the whole query otherwise. In the case of
+ queries that also require a file name (e.g. sqlite), the file name comes
+ first. */
if (*s != '{') goto EXPAND_FAILED_CURLY;
filename = expand_string_internal(s+1, TRUE, &s, skipping);
while (isspace(*s)) s++;
/* If this isn't a single-key+file lookup, re-arrange the variables
- to be appropriate for the search_ functions. */
+ to be appropriate for the search_ functions. For query-style lookups,
+ there is just a "key", and no file name. For the special query-style +
+ file types, the query (i.e. "key") starts with a file name. */
if (key == NULL)
{
+ while (isspace(*filename)) filename++;
key = filename;
- filename = NULL;
+
+ if (mac_islookup(stype, lookup_querystyle))
+ {
+ filename = NULL;
+ }
+ else
+ {
+ if (*filename != '/')
+ {
+ expand_string_message = string_sprintf(
+ "absolute file name expected for \"%s\" lookup", name);
+ goto EXPAND_FAILED;
+ }
+ while (*key != 0 && !isspace(*key)) key++;
+ if (*key != 0) *key++ = 0;
+ }
}
/* If skipping, don't do the next bit - just lookup_value == NULL, as if
or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
arguments (defined below). */
- #ifdef EXIM_PERL
#define EXIM_PERL_MAX_ARGS 8
case EITEM_PERL:
+ #ifndef EXIM_PERL
+ expand_string_message = US"\"${perl\" encountered, but this facility "
+ "is not included in this binary";
+ goto EXPAND_FAILED;
+
+ #else /* EXIM_PERL */
{
uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
uschar *new_yield;
}
#endif /* EXIM_PERL */
+ /* Transform email address to "prvs" scheme to use
+ as BATV-signed return path */
+
+ case EITEM_PRVS:
+ {
+ uschar *sub_arg[3];
+ uschar *p,*domain;
+
+ switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+
+ /* If skipping, we don't actually do anything */
+ if (skipping) continue;
+
+ /* sub_arg[0] is the address */
+ domain = Ustrrchr(sub_arg[0],'@');
+ if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
+ {
+ expand_string_message = US"prvs first argument must be a qualified email address";
+ goto EXPAND_FAILED;
+ }
+
+ /* Calculate the hash. The second argument must be a single-digit
+ key number, or unset. */
+
+ if (sub_arg[2] != NULL &&
+ (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
+ {
+ expand_string_message = US"prvs second argument must be a single digit";
+ goto EXPAND_FAILED;
+ }
+
+ p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
+ if (p == NULL)
+ {
+ expand_string_message = US"prvs hmac-sha1 conversion failed";
+ goto EXPAND_FAILED;
+ }
+
+ /* Now separate the domain from the local part */
+ *domain++ = '\0';
+
+ yield = string_cat(yield,&size,&ptr,US"prvs=",5);
+ string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
+ string_cat(yield,&size,&ptr,US"/",1);
+ string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
+ string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
+ string_cat(yield,&size,&ptr,p,6);
+ string_cat(yield,&size,&ptr,US"@",1);
+ string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
+
+ continue;
+ }
+
+ /* Check a prvs-encoded address for validity */
+
+ case EITEM_PRVSCHECK:
+ {
+ uschar *sub_arg[3];
+ int mysize = 0, myptr = 0;
+ const pcre *re;
+ uschar *p;
+
+ /* TF: Ugliness: We want to expand parameter 1 first, then set
+ up expansion variables that are used in the expansion of
+ parameter 2. So we clone the string for the first
+ expansion, where we only expand parameter 1.
+
+ PH: Actually, that isn't necessary. The read_subs() function is
+ designed to work this way for the ${if and ${lookup expansions. I've
+ tidied the code.
+ */
+
+ /* Reset expansion variables */
+ prvscheck_result = NULL;
+ prvscheck_address = NULL;
+ prvscheck_keynum = NULL;
+
+ switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+
+ re = regex_must_compile(US"^prvs\\=(.+)\\/([0-9])([0-9]{3})([A-F0-9]{6})\\@(.+)$",
+ TRUE,FALSE);
+
+ if (regex_match_and_setup(re,sub_arg[0],0,-1))
+ {
+ uschar *local_part = string_copyn(expand_nstring[1],expand_nlength[1]);
+ uschar *key_num = string_copyn(expand_nstring[2],expand_nlength[2]);
+ uschar *daystamp = string_copyn(expand_nstring[3],expand_nlength[3]);
+ uschar *hash = string_copyn(expand_nstring[4],expand_nlength[4]);
+ uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
+
+ DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
+ DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
+ DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
+ DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
+ DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
+
+ /* Set up expansion variables */
+ prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
+ string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
+ string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
+ prvscheck_address[myptr] = '\0';
+ prvscheck_keynum = string_copy(key_num);
+
+ /* Now expand the second argument */
+ switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+
+ /* Now we have the key and can check the address. */
+
+ p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
+ daystamp);
+
+ if (p == NULL)
+ {
+ expand_string_message = US"hmac-sha1 conversion failed";
+ goto EXPAND_FAILED;
+ }
+
+ DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
+ DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
+
+ if (Ustrcmp(p,hash) == 0)
+ {
+ /* Success, valid BATV address. Now check the expiry date. */
+ uschar *now = prvs_daystamp(0);
+ unsigned int inow = 0,iexpire = 1;
+
+ (void)sscanf(CS now,"%u",&inow);
+ (void)sscanf(CS daystamp,"%u",&iexpire);
+
+ /* When "iexpire" is < 7, a "flip" has occured.
+ Adjust "inow" accordingly. */
+ if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
+
+ if (iexpire > inow)
+ {
+ prvscheck_result = US"1";
+ DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
+ }
+ else
+ {
+ prvscheck_result = NULL;
+ DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
+ }
+ }
+ else
+ {
+ prvscheck_result = NULL;
+ DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
+ }
+
+ /* Now expand the final argument. We leave this till now so that
+ it can include $prvscheck_result. */
+
+ switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+
+ if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
+ yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
+ else
+ yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
+
+ /* Reset the "internal" variables afterwards, because they are in
+ dynamic store that will be reclaimed if the expansion succeeded. */
+
+ prvscheck_address = NULL;
+ prvscheck_keynum = NULL;
+ }
+ else
+ {
+ /* Does not look like a prvs encoded address, return the empty string.
+ We need to make sure all subs are expanded first, so as to skip over
+ the entire item. */
+
+ switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+ }
+
+ continue;
+ }
+
/* Handle "readfile" to insert an entire file */
case EITEM_READFILE:
}
yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
- fclose(f);
+ (void)fclose(f);
continue;
}
}
else sub_arg[3] = NULL; /* No eol if no timeout */
- /* If skipping, we don't actually do anything */
+ /* If skipping, we don't actually do anything. Otherwise, arrange to
+ connect to either an IP or a Unix socket. */
if (!skipping)
{
- /* Make a connection to the socket */
+ /* Handle an IP (internet) domain */
- if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
+ if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
{
- expand_string_message = string_sprintf("failed to create socket: %s",
- strerror(errno));
- goto SOCK_FAIL;
+ BOOL connected = FALSE;
+ int namelen, port;
+ host_item shost;
+ host_item *h;
+ uschar *server_name = sub_arg[0] + 5;
+ uschar *port_name = Ustrrchr(server_name, ':');
+
+ /* Sort out the port */
+
+ if (port_name == NULL)
+ {
+ expand_string_message =
+ string_sprintf("missing port for readsocket %s", sub_arg[0]);
+ goto EXPAND_FAILED;
+ }
+ *port_name++ = 0; /* Terminate server name */
+
+ if (isdigit(*port_name))
+ {
+ uschar *end;
+ port = Ustrtol(port_name, &end, 0);
+ if (end != port_name + Ustrlen(port_name))
+ {
+ expand_string_message =
+ string_sprintf("invalid port number %s", port_name);
+ goto EXPAND_FAILED;
+ }
+ }
+ else
+ {
+ struct servent *service_info = getservbyname(CS port_name, "tcp");
+ if (service_info == NULL)
+ {
+ expand_string_message = string_sprintf("unknown port \"%s\"",
+ port_name);
+ goto EXPAND_FAILED;
+ }
+ port = ntohs(service_info->s_port);
+ }
+
+ /* Sort out the server. */
+
+ shost.next = NULL;
+ shost.address = NULL;
+ shost.port = port;
+ shost.mx = -1;
+
+ namelen = Ustrlen(server_name);
+
+ /* Anything enclosed in [] must be an IP address. */
+
+ if (server_name[0] == '[' &&
+ server_name[namelen - 1] == ']')
+ {
+ server_name[namelen - 1] = 0;
+ server_name++;
+ if (string_is_ip_address(server_name, NULL) == 0)
+ {
+ expand_string_message =
+ string_sprintf("malformed IP address \"%s\"", server_name);
+ goto EXPAND_FAILED;
+ }
+ shost.name = shost.address = server_name;
+ }
+
+ /* Otherwise check for an unadorned IP address */
+
+ else if (string_is_ip_address(server_name, NULL) != 0)
+ shost.name = shost.address = server_name;
+
+ /* Otherwise lookup IP address(es) from the name */
+
+ else
+ {
+ shost.name = server_name;
+ if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
+ FALSE) != HOST_FOUND)
+ {
+ expand_string_message =
+ string_sprintf("no IP address found for host %s", shost.name);
+ goto EXPAND_FAILED;
+ }
+ }
+
+ /* Try to connect to the server - test each IP till one works */
+
+ for (h = &shost; h != NULL; h = h->next)
+ {
+ int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
+ if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
+ {
+ expand_string_message = string_sprintf("failed to create socket: "
+ "%s", strerror(errno));
+ goto SOCK_FAIL;
+ }
+
+ if (ip_connect(fd, af, h->address, port, timeout) == 0)
+ {
+ connected = TRUE;
+ break;
+ }
+ }
+
+ if (!connected)
+ {
+ expand_string_message = string_sprintf("failed to connect to "
+ "socket %s: couldn't connect to any host", sub_arg[0],
+ strerror(errno));
+ goto SOCK_FAIL;
+ }
}
- sockun.sun_family = AF_UNIX;
- sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
- sub_arg[0]);
- if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
+ /* Handle a Unix domain socket */
+
+ else
{
- expand_string_message = string_sprintf("failed to connect to socket "
- "%s: %s", sub_arg[0], strerror(errno));
- goto SOCK_FAIL;
+ if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
+ {
+ expand_string_message = string_sprintf("failed to create socket: %s",
+ strerror(errno));
+ goto SOCK_FAIL;
+ }
+
+ sockun.sun_family = AF_UNIX;
+ sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
+ sub_arg[0]);
+ if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
+ {
+ expand_string_message = string_sprintf("failed to connect to socket "
+ "%s: %s", sub_arg[0], strerror(errno));
+ goto SOCK_FAIL;
+ }
}
+
DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
/* Write the request string, if not empty */
alarm(timeout);
yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
alarm(0);
- fclose(f);
+ (void)fclose(f);
/* After a timeout, we restore the pointer in the result, that is,
make sure we add nothing from the socket. */
if (sigalrm_seen)
{
ptr = save_ptr;
- expand_string_message = US"socket read timed out";
+ expand_string_message = US "socket read timed out";
goto SOCK_FAIL;
}
}
case EITEM_RUN:
{
FILE *f;
- uschar *old_lookup_value = NULL;
uschar *arg;
uschar **argv;
pid_t pid;
/* Nothing is written to the standard input. */
- close(fd_in);
+ (void)close(fd_in);
/* Wait for the process to finish, applying the timeout, and inspect its
return code for serious disasters. Simple non-zero returns are passed on.
in lookup_value). */
f = fdopen(fd_out, "rb");
- old_lookup_value = lookup_value;
lookup_value = NULL;
lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
- fclose(f);
+ (void)fclose(f);
}
- /* Process the yes/no strings */
+ /* Process the yes/no strings; $value may be useful in both cases */
switch(process_yesno(
skipping, /* were previously skipping */
runrc == 0, /* success/failure indicator */
- old_lookup_value, /* value to reset for string2 */
+ lookup_value, /* value to reset for string2 */
&s, /* input pointer */
&yield, /* output pointer */
&size, /* output size */
if (*p == 0)
{
- expand_string_message = US"first argument of \"expand\" must not "
- "be empty";
+ expand_string_message = US"first argument of \"extract\" must "
+ "not be empty";
goto EXPAND_FAILED;
}
continue;
}
+
+
+ /* If ${dlfunc support is configured, handle calling dynamically-loaded
+ functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
+ or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
+ a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
+
+ #define EXPAND_DLFUNC_MAX_ARGS 8
+
+ case EITEM_DLFUNC:
+ #ifndef EXPAND_DLFUNC
+ expand_string_message = US"\"${dlfunc\" encountered, but this facility "
+ "is not included in this binary";
+ goto EXPAND_FAILED;
+
+ #else /* EXPAND_DLFUNC */
+ {
+ tree_node *t;
+ exim_dlfunc_t *func;
+ uschar *result;
+ int status, argc;
+ uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
+
+ if ((expand_forbid & RDO_DLFUNC) != 0)
+ {
+ expand_string_message =
+ US"dynamically-loaded functions are not permitted";
+ goto EXPAND_FAILED;
+ }
+
+ switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
+ TRUE, US"dlfunc"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+
+ /* If skipping, we don't actually do anything */
+
+ if (skipping) continue;
+
+ /* Look up the dynamically loaded object handle in the tree. If it isn't
+ found, dlopen() the file and put the handle in the tree for next time. */
+
+ t = tree_search(dlobj_anchor, argv[0]);
+ if (t == NULL)
+ {
+ void *handle = dlopen(CS argv[0], RTLD_LAZY);
+ if (handle == NULL)
+ {
+ expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
+ argv[0], dlerror());
+ log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
+ goto EXPAND_FAILED;
+ }
+ t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
+ Ustrcpy(t->name, argv[0]);
+ t->data.ptr = handle;
+ (void)tree_insertnode(&dlobj_anchor, t);
+ }
+
+ /* Having obtained the dynamically loaded object handle, look up the
+ function pointer. */
+
+ func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
+ if (func == NULL)
+ {
+ expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
+ "%s", argv[1], argv[0], dlerror());
+ log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
+ goto EXPAND_FAILED;
+ }
+
+ /* Call the function and work out what to do with the result. If it
+ returns OK, we have a replacement string; if it returns DEFER then
+ expansion has failed in a non-forced manner; if it returns FAIL then
+ failure was forced; if it returns ERROR or any other value there's a
+ problem, so panic slightly. */
+
+ result = NULL;
+ for (argc = 0; argv[argc] != NULL; argc++);
+ status = func(&result, argc - 2, &argv[2]);
+ if(status == OK)
+ {
+ if (result == NULL) result = US"";
+ yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
+ continue;
+ }
+ else
+ {
+ expand_string_message = result == NULL ? US"(no message)" : result;
+ if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
+ else if(status != FAIL)
+ log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
+ argv[0], argv[1], status, expand_string_message);
+ goto EXPAND_FAILED;
+ }
+ }
+ #endif /* EXPAND_DLFUNC */
}
/* Control reaches here if the name is not recognized as one of the more
continue;
}
+ /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
+
case EOP_BASE62D:
{
uschar buf[16];
if (t == NULL)
{
expand_string_message = string_sprintf("argument for base62d "
- "operator is \"%s\", which is not a base 62 number", sub);
+ "operator is \"%s\", which is not a base %d number", sub,
+ BASE_62);
goto EXPAND_FAILED;
}
- n = n * 62 + (t - base62_chars);
+ n = n * BASE_62 + (t - base62_chars);
}
(void)sprintf(CS buf, "%ld", n);
yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
{
uschar buffer[2048];
uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
- buffer, sizeof(buffer));
+ buffer, sizeof(buffer), FALSE);
yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
continue;
}
/* Handle time period formating */
+ case EOP_TIME_EVAL:
+ {
+ int n = readconf_readtime(sub, 0, FALSE);
+ if (n < 0)
+ {
+ expand_string_message = string_sprintf("string \"%s\" is not an "
+ "Exim time interval in \"%s\" operator", sub, name);
+ goto EXPAND_FAILED;
+ }
+ sprintf(CS var_buffer, "%d", n);
+ yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
+ continue;
+ }
+
case EOP_TIME_INTERVAL:
{
int n;
mode_t mode;
struct stat st;
+ if ((expand_forbid & RDO_EXISTS) != 0)
+ {
+ expand_string_message = US"Use of the stat() expansion is not permitted";
+ goto EXPAND_FAILED;
+ }
+
if (stat(CS sub, &st) < 0)
{
expand_string_message = string_sprintf("stat(%s) failed: %s",
smode[10] = 0;
s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
- "uid=%ld gid=%ld size=%ld atime=%ld mtime=%ld ctime=%ld",
+ "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
(long)(st.st_mode & 077777), smode, (long)st.st_ino,
(long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
- (long)st.st_gid, (long)st.st_size, (long)st.st_atime,
+ (long)st.st_gid, st.st_size, (long)st.st_atime,
(long)st.st_mtime, (long)st.st_ctime);
yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
continue;
{
expand_string_message =
string_sprintf("unknown variable in \"${%s}\"", name);
+ check_variable_error_message(name);
goto EXPAND_FAILED;
}
len = Ustrlen(value);
/* Expand a string, and convert the result into an integer.
-Argument: the string to be expanded
+Arguments:
+ string the string to be expanded
+ isplus TRUE if a non-negative number is expected
Returns: the integer value, or
-1 for an expansion error ) in both cases, message in
-2 for an integer interpretation error ) expand_string_message
-
+ expand_string_message is set NULL for an OK integer
*/
int
-expand_string_integer(uschar *string)
+expand_string_integer(uschar *string, BOOL isplus)
{
long int value;
uschar *s = expand_string(string);
uschar *msg = US"invalid integer \"%s\"";
uschar *endptr;
+/* If expansion failed, expand_string_message will be set. */
+
if (s == NULL) return -1;
/* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
systems, so we set it zero ourselves. */
errno = 0;
+expand_string_message = NULL; /* Indicates no error */
value = strtol(CS s, CSS &endptr, 0);
if (endptr == s)
{
msg = US"integer expected but \"%s\" found";
}
+else if (value < 0 && isplus)
+ {
+ msg = US"non-negative integer expected but \"%s\" found";
+ }
else
{
/* Ensure we can cast this down to an int */
}
-
/*************************************************
**************************************************
* Stand-alone test program *
projects / exim.git / blobdiff