X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fexpand.c;h=d9ce07e46037f5fa802364eb235f1695e5b8854f;hp=782467ff7bdefc82b7ae0bec345a390a384da42c;hb=ea7b1f162ff084a655dc0a5de87038b542f721f5;hpb=c5db348c5e29e93e51389fa0079f829967c5da82 diff --git a/src/src/expand.c b/src/src/expand.c index 782467ff7..d9ce07e46 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2017 */ +/* Copyright (c) University of Cambridge 1995 - 2018 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -17,22 +17,22 @@ static uschar *expand_string_internal(const uschar *, BOOL, const uschar **, BOO static int_eximarith_t expanded_string_integer(const uschar *, BOOL); #ifdef STAND_ALONE -#ifndef SUPPORT_CRYPTEQ -#define SUPPORT_CRYPTEQ -#endif +# ifndef SUPPORT_CRYPTEQ +# define SUPPORT_CRYPTEQ +# endif #endif #ifdef LOOKUP_LDAP -#include "lookups/ldap.h" +# include "lookups/ldap.h" #endif #ifdef SUPPORT_CRYPTEQ -#ifdef CRYPT_H -#include -#endif -#ifndef HAVE_CRYPT16 +# ifdef CRYPT_H +# include +# endif +# ifndef HAVE_CRYPT16 extern char* crypt16(char*, char*); -#endif +# endif #endif /* The handling of crypt16() is a mess. I will record below the analysis of the @@ -103,6 +103,7 @@ alphabetical order. */ static uschar *item_table[] = { US"acl", + US"authresults", US"certextract", US"dlfunc", US"env", @@ -133,6 +134,7 @@ static uschar *item_table[] = { enum { EITEM_ACL, + EITEM_AUTHRESULTS, EITEM_CERTEXTRACT, EITEM_DLFUNC, EITEM_ENV, @@ -459,6 +461,12 @@ static var_entry var_table[] = { { "address_data", vtype_stringptr, &deliver_address_data }, { "address_file", vtype_stringptr, &address_file }, { "address_pipe", vtype_stringptr, &address_pipe }, +#ifdef EXPERIMENTAL_ARC + { "arc_domains", vtype_string_func, &fn_arc_domains }, + { "arc_oldest_pass", vtype_int, &arc_oldest_pass }, + { "arc_state", vtype_stringptr, &arc_state }, + { "arc_state_reason", vtype_stringptr, &arc_state_reason }, +#endif { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id }, { "authenticated_id", vtype_stringptr, &authenticated_id }, { "authenticated_sender",vtype_stringptr, &authenticated_sender }, @@ -508,11 +516,10 @@ static var_entry var_table[] = { { "dkim_key_testing", vtype_dkim, (void *)DKIM_KEY_TESTING }, { "dkim_selector", vtype_stringptr, &dkim_signing_selector }, { "dkim_signers", vtype_stringptr, &dkim_signers }, - { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON }, - { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS}, + { "dkim_verify_reason", vtype_stringptr, &dkim_verify_reason }, + { "dkim_verify_status", vtype_stringptr, &dkim_verify_status }, #endif #ifdef EXPERIMENTAL_DMARC - { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header }, { "dmarc_domain_policy", vtype_stringptr, &dmarc_domain_policy }, { "dmarc_status", vtype_stringptr, &dmarc_status }, { "dmarc_status_text", vtype_stringptr, &dmarc_status_text }, @@ -557,7 +564,9 @@ static var_entry var_table[] = { { "local_part_data", vtype_stringptr, &deliver_localpart_data }, { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix }, { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix }, +#ifdef HAVE_LOCAL_SCAN { "local_scan_data", vtype_stringptr, &local_scan_data }, +#endif { "local_user_gid", vtype_gid, &local_user_gid }, { "local_user_uid", vtype_uid, &local_user_uid }, { "localhost_number", vtype_int, &host_number }, @@ -700,11 +709,12 @@ static var_entry var_table[] = { { "spam_score", vtype_stringptr, &spam_score }, { "spam_score_int", vtype_stringptr, &spam_score_int }, #endif -#ifdef EXPERIMENTAL_SPF +#ifdef SUPPORT_SPF { "spf_guess", vtype_stringptr, &spf_guess }, { "spf_header_comment", vtype_stringptr, &spf_header_comment }, { "spf_received", vtype_stringptr, &spf_received }, { "spf_result", vtype_stringptr, &spf_result }, + { "spf_result_guessed", vtype_bool, &spf_result_guessed }, { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment }, #endif { "spool_directory", vtype_stringptr, &spool_directory }, @@ -738,7 +748,7 @@ static var_entry var_table[] = { { "tls_out_bits", vtype_int, &tls_out.bits }, { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified }, { "tls_out_cipher", vtype_stringptr, &tls_out.cipher }, -#ifdef EXPERIMENTAL_DANE +#ifdef SUPPORT_DANE { "tls_out_dane", vtype_bool, &tls_out.dane_verified }, #endif { "tls_out_ocsp", vtype_int, &tls_out.ocsp }, @@ -748,7 +758,7 @@ static var_entry var_table[] = { #if defined(SUPPORT_TLS) { "tls_out_sni", vtype_stringptr, &tls_out.sni }, #endif -#ifdef EXPERIMENTAL_DANE +#ifdef SUPPORT_DANE { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage }, #endif @@ -1656,6 +1666,41 @@ return yield; +/* Append a "local" element to an Autherntication-Results: header +if this was a non-smtp message. +*/ + +static gstring * +authres_local(gstring * g, const uschar * sysname) +{ +if (!authentication_local) + return g; +g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")"); +if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id); +return g; +} + + +/* Append an "iprev" element to an Autherntication-Results: header +if we have attempted to get the calling host's name. +*/ + +static gstring * +authres_iprev(gstring * g) +{ +if (sender_host_name) + return string_append(g, sender_host_address ? 5 : 3, + US";\n\tiprev=pass (", sender_host_name, US")", + US" smtp.client-ip=", sender_host_address); +if (host_lookup_deferred) + return string_catn(g, US";\n\tiprev=temperror", 19); +if (host_lookup_failed) + return string_catn(g, US";\n\tiprev=fail", 13); +return g; +} + + + /************************************************* * Return list of recipients * *************************************************/ @@ -1797,10 +1842,10 @@ switch (vp->type) return var_buffer; case vtype_host_lookup: /* Lookup if not done so */ - if (sender_host_name == NULL && sender_host_address != NULL && - !host_lookup_failed && host_name_lookup() == OK) + if ( !sender_host_name && sender_host_address + && !host_lookup_failed && host_name_lookup() == OK) host_build_sender_fullhost(); - return (sender_host_name == NULL)? US"" : sender_host_name; + return sender_host_name ? sender_host_name : US""; case vtype_localpart: /* Get local part from address */ s = *((uschar **)(val)); @@ -1891,13 +1936,13 @@ switch (vp->type) case vtype_reply: /* Get reply address */ s = find_header(US"reply-to:", exists_only, newsize, TRUE, headers_charset); - if (s != NULL) while (isspace(*s)) s++; - if (s == NULL || *s == 0) + if (s) while (isspace(*s)) s++; + if (!s || !*s) { *newsize = 0; /* For the *s==0 case */ s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset); } - if (s != NULL) + if (s) { uschar *t; while (isspace(*s)) s++; @@ -1905,7 +1950,7 @@ switch (vp->type) while (t > s && isspace(t[-1])) t--; *t = 0; } - return (s == NULL)? US"" : s; + return s ? s : US""; case vtype_string_func: { @@ -2498,9 +2543,12 @@ switch(cond_type) "after \"%s\"", name); return NULL; } - sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL, - honour_dollar, resetok); - if (sub[i] == NULL) return NULL; + if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL, + honour_dollar, resetok))) + return NULL; + DEBUG(D_expand) if (i == 1 && !sub2_honour_dollar && Ustrchr(sub[1], '$')) + debug_printf_indent("WARNING: the second arg is NOT expanded," + " for security reasons\n"); if (*s++ != '}') goto COND_FAILED_CURLY_END; /* Convert to numerical if required; we know that the names of all the @@ -4097,6 +4145,41 @@ while (*s != 0) } } + case EITEM_AUTHRESULTS: + /* ${authresults {mysystemname}} */ + { + uschar *sub_arg[1]; + + switch(read_subs(sub_arg, nelem(sub_arg), 1, &s, skipping, TRUE, name, + &resetok)) + { + case 1: goto EXPAND_FAILED_CURLY; + case 2: + case 3: goto EXPAND_FAILED; + } + + yield = string_append(yield, 3, + US"Authentication-Results: ", sub_arg[0], US"; none"); + yield->ptr -= 6; + + yield = authres_local(yield, sub_arg[0]); + yield = authres_iprev(yield); + yield = authres_smtpauth(yield); +#ifdef SUPPORT_SPF + yield = authres_spf(yield); +#endif +#ifndef DISABLE_DKIM + yield = authres_dkim(yield); +#endif +#ifdef EXPERIMENTAL_DMARC + yield = authres_dmarc(yield); +#endif +#ifdef EXPERIMENTAL_ARC + yield = authres_arc(yield); +#endif + continue; + } + /* Handle conditionals - preserve the values of the numerical expansion variables in case they get changed by a regular expression match in the condition. If not, they retain their external settings. At the end @@ -4494,25 +4577,25 @@ while (*s != 0) if (skipping) continue; /* sub_arg[0] is the address */ - domain = Ustrrchr(sub_arg[0],'@'); - if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) ) + if ( !(domain = Ustrrchr(sub_arg[0],'@')) + || domain == sub_arg[0] || Ustrlen(domain) == 1) { expand_string_message = US"prvs first argument must be a qualified email address"; goto EXPAND_FAILED; } - /* Calculate the hash. The second argument must be a single-digit + /* Calculate the hash. The third argument must be a single-digit key number, or unset. */ - if (sub_arg[2] != NULL && - (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0)) + if ( sub_arg[2] + && (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0)) { - expand_string_message = US"prvs second argument must be a single digit"; + expand_string_message = US"prvs third argument must be a single digit"; goto EXPAND_FAILED; } - p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7)); - if (p == NULL) + p = prvs_hmac_sha1(sub_arg[0], sub_arg[1], sub_arg[2], prvs_daystamp(7)); + if (!p) { expand_string_message = US"prvs hmac-sha1 conversion failed"; goto EXPAND_FAILED; @@ -4628,7 +4711,7 @@ while (*s != 0) prvscheck_result = US"1"; DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n"); } - else + else { prvscheck_result = NULL; DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n"); @@ -5790,7 +5873,8 @@ while (*s != 0) if (*s++ != '}') { /*{*/ expand_string_message = string_sprintf("missing } at end of condition " - "or expression inside \"%s\"", name); + "or expression inside \"%s\"; could be an unquoted } in the content", + name); goto EXPAND_FAILED; } @@ -6495,7 +6579,7 @@ while (*s != 0) } continue; #else - expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 +"; + expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 + or OpenSSL 1.1.1 +"; goto EXPAND_FAILED; #endif @@ -7478,10 +7562,9 @@ terminating brace. */ if (ket_ends && *s == 0) { - expand_string_message = malformed_header? - US"missing } at end of string - could be header name not terminated by colon" - : - US"missing } at end of string"; + expand_string_message = malformed_header + ? US"missing } at end of string - could be header name not terminated by colon" + : US"missing } at end of string"; goto EXPAND_FAILED; } @@ -7546,7 +7629,7 @@ DEBUG(D_expand) if (expand_string_forcedfail) debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n"); } -if (resetok_p) *resetok_p = resetok; +if (resetok_p && !resetok) *resetok_p = FALSE; expand_level--; return NULL; } @@ -7560,28 +7643,35 @@ Returns: the expanded string, or NULL if expansion failed; if failure was due to a lookup deferring, search_find_defer will be TRUE */ -uschar * -expand_string(uschar *string) +const uschar * +expand_cstring(const uschar * string) { -search_find_defer = FALSE; -malformed_header = FALSE; -return (Ustrpbrk(string, "$\\") == NULL)? string : - expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL); +if (Ustrpbrk(string, "$\\") != NULL) + { + int old_pool = store_pool; + uschar * s; + + search_find_defer = FALSE; + malformed_header = FALSE; + store_pool = POOL_MAIN; + s = expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL); + store_pool = old_pool; + return s; + } +return string; } - -const uschar * -expand_cstring(const uschar *string) +uschar * +expand_string(uschar * string) { -search_find_defer = FALSE; -malformed_header = FALSE; -return (Ustrpbrk(string, "$\\") == NULL)? string : - expand_string_internal(string, FALSE, NULL, FALSE, TRUE, NULL); +return US expand_cstring(CUS string); } + + /************************************************* * Expand and copy * *************************************************/ @@ -7807,13 +7897,50 @@ return ( ( Ustrstr(s, "failed to expand") != NULL } +/* Read given named file into big_buffer. Use for keying material etc. +The content will have an ascii NUL appended. + +Arguments: + filename as it says + +Return: pointer to buffer, or NULL on error. +*/ + +uschar * +expand_file_big_buffer(const uschar * filename) +{ +int fd, off = 0, len; + +if ((fd = open(CS filename, O_RDONLY)) < 0) + { + log_write(0, LOG_MAIN | LOG_PANIC, "unable to open file for reading: %s", + filename); + return NULL; + } + +do + { + if ((len = read(fd, big_buffer + off, big_buffer_size - 2 - off)) < 0) + { + (void) close(fd); + log_write(0, LOG_MAIN|LOG_PANIC, "unable to read file: %s", filename); + return NULL; + } + off += len; + } +while (len > 0); + +(void) close(fd); +big_buffer[off] = '\0'; +return big_buffer; +} + + /************************************************* * Error-checking for testsuite * *************************************************/ typedef struct { - const char * filename; - int linenumber; uschar * region_start; uschar * region_end; const uschar *var_name; @@ -7834,7 +7961,8 @@ if (var_data >= e->region_start && var_data < e->region_end) void assert_no_variables(void * ptr, int len, const char * filename, int linenumber) { -err_ctx e = {filename, linenumber, ptr, US ptr + len, NULL }; +err_ctx e = { .region_start = ptr, .region_end = US ptr + len, + .var_name = NULL, .var_data = NULL }; int i; var_entry * v; @@ -7855,10 +7983,16 @@ for (v = var_table; v < var_table + var_table_size; v++) if (v->type == vtype_stringptr) assert_variable_notin(US v->name, *(USS v->value), &e); +/* check dns and address trees */ +tree_walk(tree_dns_fails, assert_variable_notin, &e); +tree_walk(tree_duplicates, assert_variable_notin, &e); +tree_walk(tree_nonrecipients, assert_variable_notin, &e); +tree_walk(tree_unusable, assert_variable_notin, &e); + if (e.var_name) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "live variable '%s' destroyed by reset_store at %s:%d\n- value '%.64s'", - e.var_name, e.filename, e.linenumber, e.var_data); + e.var_name, filename, linenumber, e.var_data); }