1 /* $Cambridge: exim/src/src/expand.c,v 1.89 2007/08/22 10:10:23 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2007 */
8 /* See the file NOTICE for conditions of use and distribution. */
11 /* Functions for handling string expansion. */
16 /* Recursively called function */
18 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
21 #ifndef SUPPORT_CRYPTEQ
22 #define SUPPORT_CRYPTEQ
27 #include "lookups/ldap.h"
30 #ifdef SUPPORT_CRYPTEQ
35 extern char* crypt16(char*, char*);
39 /* The handling of crypt16() is a mess. I will record below the analysis of the
40 mess that was sent to me. We decided, however, to make changing this very low
41 priority, because in practice people are moving away from the crypt()
42 algorithms nowadays, so it doesn't seem worth it.
45 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
46 the first 8 characters of the password using a 20-round version of crypt
47 (standard crypt does 25 rounds). It then crypts the next 8 characters,
48 or an empty block if the password is less than 9 characters, using a
49 20-round version of crypt and the same salt as was used for the first
50 block. Charaters after the first 16 are ignored. It always generates
51 a 16-byte hash, which is expressed together with the salt as a string
52 of 24 base 64 digits. Here are some links to peruse:
54 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
55 http://seclists.org/bugtraq/1999/Mar/0076.html
57 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
58 and OSF/1. This is the same as the standard crypt if given a password
59 of 8 characters or less. If given more, it first does the same as crypt
60 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
61 using as salt the first two base 64 digits from the first hash block.
62 If the password is more than 16 characters then it crypts the 17th to 24th
63 characters using as salt the first two base 64 digits from the second hash
64 block. And so on: I've seen references to it cutting off the password at
65 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
67 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
68 http://seclists.org/bugtraq/1999/Mar/0109.html
69 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
70 TET1_html/sec.c222.html#no_id_208
72 Exim has something it calls "crypt16". It will either use a native
73 crypt16 or its own implementation. A native crypt16 will presumably
74 be the one that I called "crypt16" above. The internal "crypt16"
75 function, however, is a two-block-maximum implementation of what I called
76 "bigcrypt". The documentation matches the internal code.
78 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
79 that crypt16 and bigcrypt were different things.
81 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
82 to whatever it is using under that name. This unfortunately sets a
83 precedent for using "{crypt16}" to identify two incompatible algorithms
84 whose output can't be distinguished. With "{crypt16}" thus rendered
85 ambiguous, I suggest you deprecate it and invent two new identifiers
86 for the two algorithms.
88 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
89 of the password separately means they can be cracked separately, so
90 the double-length hash only doubles the cracking effort instead of
91 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
99 /*************************************************
100 * Local statics and tables *
101 *************************************************/
103 /* Table of item names, and corresponding switch numbers. The names must be in
104 alphabetical order. */
106 static uschar *item_table[] = {
150 /* Tables of operator names, and corresponding switch numbers. The names must be
151 in alphabetical order. There are two tables, because underscore is used in some
152 cases to introduce arguments, whereas for other it is part of the name. This is
153 an historical mis-design. */
155 static uschar *op_table_underscore[] = {
158 US"quote_local_part",
165 EOP_QUOTE_LOCAL_PART,
169 static uschar *op_table_main[] = {
202 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
234 /* Table of condition names, and corresponding switch numbers. The names must
235 be in alphabetical order. */
237 static uschar *cond_table[] = {
241 US"==", /* Backward compatibility */
269 US"match_local_part",
291 ECOND_FIRST_DELIVERY,
310 ECOND_MATCH_LOCAL_PART,
320 /* Type for main variable table */
328 /* Type for entries pointing to address/length pairs. Not currently
336 /* Types of table entry */
339 vtype_int, /* value is address of int */
340 vtype_filter_int, /* ditto, but recognized only when filtering */
341 vtype_ino, /* value is address of ino_t (not always an int) */
342 vtype_uid, /* value is address of uid_t (not always an int) */
343 vtype_gid, /* value is address of gid_t (not always an int) */
344 vtype_stringptr, /* value is address of pointer to string */
345 vtype_msgbody, /* as stringptr, but read when first required */
346 vtype_msgbody_end, /* ditto, the end of the message */
347 vtype_msgheaders, /* the message's headers, processed */
348 vtype_msgheaders_raw, /* the message's headers, unprocessed */
349 vtype_localpart, /* extract local part from string */
350 vtype_domain, /* extract domain from string */
351 vtype_recipients, /* extract recipients from recipients list */
352 /* (available only in system filters, ACLs, and */
354 vtype_todbsdin, /* value not used; generate BSD inbox tod */
355 vtype_tode, /* value not used; generate tod in epoch format */
356 vtype_todf, /* value not used; generate full tod */
357 vtype_todl, /* value not used; generate log tod */
358 vtype_todlf, /* value not used; generate log file datestamp tod */
359 vtype_todzone, /* value not used; generate time zone only */
360 vtype_todzulu, /* value not used; generate zulu tod */
361 vtype_reply, /* value not used; get reply from headers */
362 vtype_pid, /* value not used; result is pid */
363 vtype_host_lookup, /* value not used; get host name */
364 vtype_load_avg, /* value not used; result is int from os_getloadavg */
365 vtype_pspace, /* partition space; value is T/F for spool/log */
366 vtype_pinodes /* partition inodes; value is T/F for spool/log */
367 #ifdef EXPERIMENTAL_DOMAINKEYS
368 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
372 /* This table must be kept in alphabetical order. */
374 static var_entry var_table[] = {
375 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
376 they will be confused with user-creatable ACL variables. */
377 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
378 { "address_data", vtype_stringptr, &deliver_address_data },
379 { "address_file", vtype_stringptr, &address_file },
380 { "address_pipe", vtype_stringptr, &address_pipe },
381 { "authenticated_id", vtype_stringptr, &authenticated_id },
382 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
383 { "authentication_failed",vtype_int, &authentication_failed },
384 #ifdef EXPERIMENTAL_BRIGHTMAIL
385 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
386 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
387 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
388 { "bmi_deliver", vtype_int, &bmi_deliver },
390 { "body_linecount", vtype_int, &body_linecount },
391 { "body_zerocount", vtype_int, &body_zerocount },
392 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
393 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
394 { "caller_gid", vtype_gid, &real_gid },
395 { "caller_uid", vtype_uid, &real_uid },
396 { "compile_date", vtype_stringptr, &version_date },
397 { "compile_number", vtype_stringptr, &version_cnumber },
398 { "csa_status", vtype_stringptr, &csa_status },
399 #ifdef WITH_OLD_DEMIME
400 { "demime_errorlevel", vtype_int, &demime_errorlevel },
401 { "demime_reason", vtype_stringptr, &demime_reason },
403 #ifdef EXPERIMENTAL_DOMAINKEYS
404 { "dk_domain", vtype_stringptr, &dk_signing_domain },
405 { "dk_is_signed", vtype_dk_verify, NULL },
406 { "dk_result", vtype_dk_verify, NULL },
407 { "dk_selector", vtype_stringptr, &dk_signing_selector },
408 { "dk_sender", vtype_dk_verify, NULL },
409 { "dk_sender_domain", vtype_dk_verify, NULL },
410 { "dk_sender_local_part",vtype_dk_verify, NULL },
411 { "dk_sender_source", vtype_dk_verify, NULL },
412 { "dk_signsall", vtype_dk_verify, NULL },
413 { "dk_status", vtype_dk_verify, NULL },
414 { "dk_testing", vtype_dk_verify, NULL },
416 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
417 { "dnslist_matched", vtype_stringptr, &dnslist_matched },
418 { "dnslist_text", vtype_stringptr, &dnslist_text },
419 { "dnslist_value", vtype_stringptr, &dnslist_value },
420 { "domain", vtype_stringptr, &deliver_domain },
421 { "domain_data", vtype_stringptr, &deliver_domain_data },
422 { "exim_gid", vtype_gid, &exim_gid },
423 { "exim_path", vtype_stringptr, &exim_path },
424 { "exim_uid", vtype_uid, &exim_uid },
425 #ifdef WITH_OLD_DEMIME
426 { "found_extension", vtype_stringptr, &found_extension },
428 { "home", vtype_stringptr, &deliver_home },
429 { "host", vtype_stringptr, &deliver_host },
430 { "host_address", vtype_stringptr, &deliver_host_address },
431 { "host_data", vtype_stringptr, &host_data },
432 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
433 { "host_lookup_failed", vtype_int, &host_lookup_failed },
434 { "inode", vtype_ino, &deliver_inode },
435 { "interface_address", vtype_stringptr, &interface_address },
436 { "interface_port", vtype_int, &interface_port },
437 { "item", vtype_stringptr, &iterate_item },
439 { "ldap_dn", vtype_stringptr, &eldap_dn },
441 { "load_average", vtype_load_avg, NULL },
442 { "local_part", vtype_stringptr, &deliver_localpart },
443 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
444 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
445 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
446 { "local_scan_data", vtype_stringptr, &local_scan_data },
447 { "local_user_gid", vtype_gid, &local_user_gid },
448 { "local_user_uid", vtype_uid, &local_user_uid },
449 { "localhost_number", vtype_int, &host_number },
450 { "log_inodes", vtype_pinodes, (void *)FALSE },
451 { "log_space", vtype_pspace, (void *)FALSE },
452 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
453 #ifdef WITH_CONTENT_SCAN
454 { "malware_name", vtype_stringptr, &malware_name },
456 { "max_received_linelength", vtype_int, &max_received_linelength },
457 { "message_age", vtype_int, &message_age },
458 { "message_body", vtype_msgbody, &message_body },
459 { "message_body_end", vtype_msgbody_end, &message_body_end },
460 { "message_body_size", vtype_int, &message_body_size },
461 { "message_exim_id", vtype_stringptr, &message_id },
462 { "message_headers", vtype_msgheaders, NULL },
463 { "message_headers_raw", vtype_msgheaders_raw, NULL },
464 { "message_id", vtype_stringptr, &message_id },
465 { "message_linecount", vtype_int, &message_linecount },
466 { "message_size", vtype_int, &message_size },
467 #ifdef WITH_CONTENT_SCAN
468 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
469 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
470 { "mime_boundary", vtype_stringptr, &mime_boundary },
471 { "mime_charset", vtype_stringptr, &mime_charset },
472 { "mime_content_description", vtype_stringptr, &mime_content_description },
473 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
474 { "mime_content_id", vtype_stringptr, &mime_content_id },
475 { "mime_content_size", vtype_int, &mime_content_size },
476 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
477 { "mime_content_type", vtype_stringptr, &mime_content_type },
478 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
479 { "mime_filename", vtype_stringptr, &mime_filename },
480 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
481 { "mime_is_multipart", vtype_int, &mime_is_multipart },
482 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
483 { "mime_part_count", vtype_int, &mime_part_count },
485 { "n0", vtype_filter_int, &filter_n[0] },
486 { "n1", vtype_filter_int, &filter_n[1] },
487 { "n2", vtype_filter_int, &filter_n[2] },
488 { "n3", vtype_filter_int, &filter_n[3] },
489 { "n4", vtype_filter_int, &filter_n[4] },
490 { "n5", vtype_filter_int, &filter_n[5] },
491 { "n6", vtype_filter_int, &filter_n[6] },
492 { "n7", vtype_filter_int, &filter_n[7] },
493 { "n8", vtype_filter_int, &filter_n[8] },
494 { "n9", vtype_filter_int, &filter_n[9] },
495 { "original_domain", vtype_stringptr, &deliver_domain_orig },
496 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
497 { "originator_gid", vtype_gid, &originator_gid },
498 { "originator_uid", vtype_uid, &originator_uid },
499 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
500 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
501 { "pid", vtype_pid, NULL },
502 { "primary_hostname", vtype_stringptr, &primary_hostname },
503 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
504 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
505 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
506 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
507 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
508 { "rcpt_count", vtype_int, &rcpt_count },
509 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
510 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
511 { "received_count", vtype_int, &received_count },
512 { "received_for", vtype_stringptr, &received_for },
513 { "received_ip_address", vtype_stringptr, &interface_address },
514 { "received_port", vtype_int, &interface_port },
515 { "received_protocol", vtype_stringptr, &received_protocol },
516 { "received_time", vtype_int, &received_time },
517 { "recipient_data", vtype_stringptr, &recipient_data },
518 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
519 { "recipients", vtype_recipients, NULL },
520 { "recipients_count", vtype_int, &recipients_count },
521 #ifdef WITH_CONTENT_SCAN
522 { "regex_match_string", vtype_stringptr, ®ex_match_string },
524 { "reply_address", vtype_reply, NULL },
525 { "return_path", vtype_stringptr, &return_path },
526 { "return_size_limit", vtype_int, &bounce_return_size_limit },
527 { "runrc", vtype_int, &runrc },
528 { "self_hostname", vtype_stringptr, &self_hostname },
529 { "sender_address", vtype_stringptr, &sender_address },
530 { "sender_address_data", vtype_stringptr, &sender_address_data },
531 { "sender_address_domain", vtype_domain, &sender_address },
532 { "sender_address_local_part", vtype_localpart, &sender_address },
533 { "sender_data", vtype_stringptr, &sender_data },
534 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
535 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
536 { "sender_host_address", vtype_stringptr, &sender_host_address },
537 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
538 { "sender_host_name", vtype_host_lookup, NULL },
539 { "sender_host_port", vtype_int, &sender_host_port },
540 { "sender_ident", vtype_stringptr, &sender_ident },
541 { "sender_rate", vtype_stringptr, &sender_rate },
542 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
543 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
544 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
545 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
546 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
547 { "sending_port", vtype_int, &sending_port },
548 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
549 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
550 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
551 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
552 { "smtp_notquit_reason", vtype_stringptr, &smtp_notquit_reason },
553 { "sn0", vtype_filter_int, &filter_sn[0] },
554 { "sn1", vtype_filter_int, &filter_sn[1] },
555 { "sn2", vtype_filter_int, &filter_sn[2] },
556 { "sn3", vtype_filter_int, &filter_sn[3] },
557 { "sn4", vtype_filter_int, &filter_sn[4] },
558 { "sn5", vtype_filter_int, &filter_sn[5] },
559 { "sn6", vtype_filter_int, &filter_sn[6] },
560 { "sn7", vtype_filter_int, &filter_sn[7] },
561 { "sn8", vtype_filter_int, &filter_sn[8] },
562 { "sn9", vtype_filter_int, &filter_sn[9] },
563 #ifdef WITH_CONTENT_SCAN
564 { "spam_bar", vtype_stringptr, &spam_bar },
565 { "spam_report", vtype_stringptr, &spam_report },
566 { "spam_score", vtype_stringptr, &spam_score },
567 { "spam_score_int", vtype_stringptr, &spam_score_int },
569 #ifdef EXPERIMENTAL_SPF
570 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
571 { "spf_received", vtype_stringptr, &spf_received },
572 { "spf_result", vtype_stringptr, &spf_result },
573 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
575 { "spool_directory", vtype_stringptr, &spool_directory },
576 { "spool_inodes", vtype_pinodes, (void *)TRUE },
577 { "spool_space", vtype_pspace, (void *)TRUE },
578 #ifdef EXPERIMENTAL_SRS
579 { "srs_db_address", vtype_stringptr, &srs_db_address },
580 { "srs_db_key", vtype_stringptr, &srs_db_key },
581 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
582 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
583 { "srs_recipient", vtype_stringptr, &srs_recipient },
584 { "srs_status", vtype_stringptr, &srs_status },
586 { "thisaddress", vtype_stringptr, &filter_thisaddress },
587 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
588 { "tls_cipher", vtype_stringptr, &tls_cipher },
589 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
590 { "tod_bsdinbox", vtype_todbsdin, NULL },
591 { "tod_epoch", vtype_tode, NULL },
592 { "tod_full", vtype_todf, NULL },
593 { "tod_log", vtype_todl, NULL },
594 { "tod_logfile", vtype_todlf, NULL },
595 { "tod_zone", vtype_todzone, NULL },
596 { "tod_zulu", vtype_todzulu, NULL },
597 { "value", vtype_stringptr, &lookup_value },
598 { "version_number", vtype_stringptr, &version_string },
599 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
600 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
601 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
602 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
603 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
604 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
607 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
608 static uschar var_buffer[256];
609 static BOOL malformed_header;
611 /* For textual hashes */
613 static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
614 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
617 enum { HMAC_MD5, HMAC_SHA1 };
619 /* For numeric hashes */
621 static unsigned int prime[] = {
622 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
623 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
624 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
626 /* For printing modes in symbolic form */
628 static uschar *mtable_normal[] =
629 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
631 static uschar *mtable_setid[] =
632 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
634 static uschar *mtable_sticky[] =
635 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
639 /*************************************************
640 * Tables for UTF-8 support *
641 *************************************************/
643 /* Table of the number of extra characters, indexed by the first character
644 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
647 static uschar utf8_table1[] = {
648 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
649 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
650 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
651 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
653 /* These are the masks for the data bits in the first byte of a character,
654 indexed by the number of additional bytes. */
656 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
658 /* Get the next UTF-8 character, advancing the pointer. */
660 #define GETUTF8INC(c, ptr) \
662 if ((c & 0xc0) == 0xc0) \
664 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
666 c = (c & utf8_table2[a]) << s; \
670 c |= (*ptr++ & 0x3f) << s; \
675 /*************************************************
676 * Binary chop search on a table *
677 *************************************************/
679 /* This is used for matching expansion items and operators.
682 name the name that is being sought
683 table the table to search
684 table_size the number of items in the table
686 Returns: the offset in the table, or -1
690 chop_match(uschar *name, uschar **table, int table_size)
692 uschar **bot = table;
693 uschar **top = table + table_size;
697 uschar **mid = bot + (top - bot)/2;
698 int c = Ustrcmp(name, *mid);
699 if (c == 0) return mid - table;
700 if (c > 0) bot = mid + 1; else top = mid;
708 /*************************************************
709 * Check a condition string *
710 *************************************************/
712 /* This function is called to expand a string, and test the result for a "true"
713 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
714 forced fail or lookup defer. All store used by the function can be released on
718 condition the condition string
719 m1 text to be incorporated in panic error
722 Returns: TRUE if condition is met, FALSE if not
726 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
729 void *reset_point = store_get(0);
730 uschar *ss = expand_string(condition);
733 if (!expand_string_forcedfail && !search_find_defer)
734 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
735 "for %s %s: %s", condition, m1, m2, expand_string_message);
738 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
739 strcmpic(ss, US"false") != 0;
740 store_reset(reset_point);
746 /*************************************************
747 * Pick out a name from a string *
748 *************************************************/
750 /* If the name is too long, it is silently truncated.
753 name points to a buffer into which to put the name
754 max is the length of the buffer
755 s points to the first alphabetic character of the name
756 extras chars other than alphanumerics to permit
758 Returns: pointer to the first character after the name
760 Note: The test for *s != 0 in the while loop is necessary because
761 Ustrchr() yields non-NULL if the character is zero (which is not something
765 read_name(uschar *name, int max, uschar *s, uschar *extras)
768 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
770 if (ptr < max-1) name[ptr++] = *s;
779 /*************************************************
780 * Pick out the rest of a header name *
781 *************************************************/
783 /* A variable name starting $header_ (or just $h_ for those who like
784 abbreviations) might not be the complete header name because headers can
785 contain any printing characters in their names, except ':'. This function is
786 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
787 on the end, if the name was terminated by white space.
790 name points to a buffer in which the name read so far exists
791 max is the length of the buffer
792 s points to the first character after the name so far, i.e. the
793 first non-alphameric character after $header_xxxxx
795 Returns: a pointer to the first character after the header name
799 read_header_name(uschar *name, int max, uschar *s)
801 int prelen = Ustrchr(name, '_') - name + 1;
802 int ptr = Ustrlen(name) - prelen;
803 if (ptr > 0) memmove(name, name+prelen, ptr);
804 while (mac_isgraph(*s) && *s != ':')
806 if (ptr < max-1) name[ptr++] = *s;
817 /*************************************************
818 * Pick out a number from a string *
819 *************************************************/
822 n points to an integer into which to put the number
823 s points to the first digit of the number
825 Returns: a pointer to the character after the last digit
829 read_number(int *n, uschar *s)
832 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
838 /*************************************************
839 * Extract keyed subfield from a string *
840 *************************************************/
842 /* The yield is in dynamic store; NULL means that the key was not found.
845 key points to the name of the key
846 s points to the string from which to extract the subfield
848 Returns: NULL if the subfield was not found, or
849 a pointer to the subfield's data
853 expand_getkeyed(uschar *key, uschar *s)
855 int length = Ustrlen(key);
856 while (isspace(*s)) s++;
858 /* Loop to search for the key */
866 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
867 dkeylength = s - dkey;
868 while (isspace(*s)) s++;
869 if (*s == '=') while (isspace((*(++s))));
871 data = string_dequote(&s);
872 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
875 while (isspace(*s)) s++;
884 /*************************************************
885 * Extract numbered subfield from string *
886 *************************************************/
888 /* Extracts a numbered field from a string that is divided by tokens - for
889 example a line from /etc/passwd is divided by colon characters. First field is
890 numbered one. Negative arguments count from the right. Zero returns the whole
891 string. Returns NULL if there are insufficient tokens in the string
894 Modifies final argument - this is a dynamically generated string, so that's OK.
897 field number of field to be extracted,
898 first field = 1, whole string = 0, last field = -1
899 separators characters that are used to break string into tokens
900 s points to the string from which to extract the subfield
902 Returns: NULL if the field was not found,
903 a pointer to the field's data inside s (modified to add 0)
907 expand_gettokened (int field, uschar *separators, uschar *s)
912 uschar *fieldtext = NULL;
914 if (field == 0) return s;
916 /* Break the line up into fields in place; for field > 0 we stop when we have
917 done the number of fields we want. For field < 0 we continue till the end of
918 the string, counting the number of fields. */
920 count = (field > 0)? field : INT_MAX;
926 /* Previous field was the last one in the string. For a positive field
927 number, this means there are not enough fields. For a negative field number,
928 check that there are enough, and scan back to find the one that is wanted. */
932 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
933 if ((-field) == (INT_MAX - count - 1)) return s;
937 while (ss[-1] != 0) ss--;
943 /* Previous field was not last in the string; save its start and put a
947 len = Ustrcspn(ss, separators);
958 /*************************************************
959 * Extract a substring from a string *
960 *************************************************/
962 /* Perform the ${substr or ${length expansion operations.
965 subject the input string
966 value1 the offset from the start of the input string to the start of
967 the output string; if negative, count from the right.
968 value2 the length of the output string, or negative (-1) for unset
969 if value1 is positive, unset means "all after"
970 if value1 is negative, unset means "all before"
971 len set to the length of the returned string
973 Returns: pointer to the output string, or NULL if there is an error
977 extract_substr(uschar *subject, int value1, int value2, int *len)
979 int sublen = Ustrlen(subject);
981 if (value1 < 0) /* count from right */
985 /* If the position is before the start, skip to the start, and adjust the
986 length. If the length ends up negative, the substring is null because nothing
987 can precede. This falls out naturally when the length is unset, meaning "all
993 if (value2 < 0) value2 = 0;
997 /* Otherwise an unset length => characters before value1 */
1006 /* For a non-negative offset, if the starting position is past the end of the
1007 string, the result will be the null string. Otherwise, an unset length means
1008 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1012 if (value1 > sublen)
1017 else if (value2 < 0) value2 = sublen;
1020 /* Cut the length down to the maximum possible for the offset value, and get
1021 the required characters. */
1023 if (value1 + value2 > sublen) value2 = sublen - value1;
1025 return subject + value1;
1031 /*************************************************
1032 * Old-style hash of a string *
1033 *************************************************/
1035 /* Perform the ${hash expansion operation.
1038 subject the input string (an expanded substring)
1039 value1 the length of the output string; if greater or equal to the
1040 length of the input string, the input string is returned
1041 value2 the number of hash characters to use, or 26 if negative
1042 len set to the length of the returned string
1044 Returns: pointer to the output string, or NULL if there is an error
1048 compute_hash(uschar *subject, int value1, int value2, int *len)
1050 int sublen = Ustrlen(subject);
1052 if (value2 < 0) value2 = 26;
1053 else if (value2 > Ustrlen(hashcodes))
1055 expand_string_message =
1056 string_sprintf("hash count \"%d\" too big", value2);
1060 /* Calculate the hash text. We know it is shorter than the original string, so
1061 can safely place it in subject[] (we know that subject is always itself an
1062 expanded substring). */
1064 if (value1 < sublen)
1069 while ((c = (subject[j])) != 0)
1071 int shift = (c + j++) & 7;
1072 subject[i] ^= (c << shift) | (c >> (8-shift));
1073 if (++i >= value1) i = 0;
1075 for (i = 0; i < value1; i++)
1076 subject[i] = hashcodes[(subject[i]) % value2];
1078 else value1 = sublen;
1087 /*************************************************
1088 * Numeric hash of a string *
1089 *************************************************/
1091 /* Perform the ${nhash expansion operation. The first characters of the
1092 string are treated as most important, and get the highest prime numbers.
1095 subject the input string
1096 value1 the maximum value of the first part of the result
1097 value2 the maximum value of the second part of the result,
1098 or negative to produce only a one-part result
1099 len set to the length of the returned string
1101 Returns: pointer to the output string, or NULL if there is an error.
1105 compute_nhash (uschar *subject, int value1, int value2, int *len)
1107 uschar *s = subject;
1109 unsigned long int total = 0; /* no overflow */
1113 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1114 total += prime[i--] * (unsigned int)(*s++);
1117 /* If value2 is unset, just compute one number */
1121 s = string_sprintf("%d", total % value1);
1124 /* Otherwise do a div/mod hash */
1128 total = total % (value1 * value2);
1129 s = string_sprintf("%d/%d", total/value2, total % value2);
1140 /*************************************************
1141 * Find the value of a header or headers *
1142 *************************************************/
1144 /* Multiple instances of the same header get concatenated, and this function
1145 can also return a concatenation of all the header lines. When concatenating
1146 specific headers that contain lists of addresses, a comma is inserted between
1147 them. Otherwise we use a straight concatenation. Because some messages can have
1148 pathologically large number of lines, there is a limit on the length that is
1149 returned. Also, to avoid massive store use which would result from using
1150 string_cat() as it copies and extends strings, we do a preliminary pass to find
1151 out exactly how much store will be needed. On "normal" messages this will be
1155 name the name of the header, without the leading $header_ or $h_,
1156 or NULL if a concatenation of all headers is required
1157 exists_only TRUE if called from a def: test; don't need to build a string;
1158 just return a string that is not "" and not "0" if the header
1160 newsize return the size of memory block that was obtained; may be NULL
1161 if exists_only is TRUE
1162 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1163 other than concatenating, will be done on the header. Also used
1164 for $message_headers_raw.
1165 charset name of charset to translate MIME words to; used only if
1166 want_raw is false; if NULL, no translation is done (this is
1167 used for $bh_ and $bheader_)
1169 Returns: NULL if the header does not exist, else a pointer to a new
1174 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1177 BOOL found = name == NULL;
1179 int len = found? 0 : Ustrlen(name);
1181 uschar *yield = NULL;
1184 /* Loop for two passes - saves code repetition */
1186 for (i = 0; i < 2; i++)
1191 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1193 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1195 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1200 if (exists_only) return US"1"; /* don't need actual string */
1202 t = h->text + len; /* text to insert */
1203 if (!want_raw) /* unless wanted raw, */
1204 while (isspace(*t)) t++; /* remove leading white space */
1205 ilen = h->slen - (t - h->text); /* length to insert */
1207 /* Unless wanted raw, remove trailing whitespace, including the
1211 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1213 /* Set comma = 1 if handling a single header and it's one of those
1214 that contains an address list, except when asked for raw headers. Only
1215 need to do this once. */
1217 if (!want_raw && name != NULL && comma == 0 &&
1218 Ustrchr("BCFRST", h->type) != NULL)
1221 /* First pass - compute total store needed; second pass - compute
1222 total store used, including this header. */
1224 size += ilen + comma + 1; /* +1 for the newline */
1226 /* Second pass - concatentate the data, up to a maximum. Note that
1227 the loop stops when size hits the limit. */
1231 if (size > header_insert_maxlen)
1233 ilen -= size - header_insert_maxlen - 1;
1236 Ustrncpy(ptr, t, ilen);
1239 /* For a non-raw header, put in the comma if needed, then add
1240 back the newline we removed above, provided there was some text in
1243 if (!want_raw && ilen > 0)
1245 if (comma != 0) *ptr++ = ',';
1253 /* At end of first pass, return NULL if no header found. Then truncate size
1254 if necessary, and get the buffer to hold the data, returning the buffer size.
1259 if (!found) return NULL;
1260 if (size > header_insert_maxlen) size = header_insert_maxlen;
1261 *newsize = size + 1;
1262 ptr = yield = store_get(*newsize);
1266 /* That's all we do for raw header expansion. */
1273 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1274 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1275 function can return an error with decoded data if the charset translation
1276 fails. If decoding fails, it returns NULL. */
1280 uschar *decoded, *error;
1281 if (ptr > yield && ptr[-1] == '\n') ptr--;
1282 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1284 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1288 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1289 " input was: %s\n", error, yield);
1291 if (decoded != NULL) yield = decoded;
1300 /*************************************************
1301 * Find value of a variable *
1302 *************************************************/
1304 /* The table of variables is kept in alphabetic order, so we can search it
1305 using a binary chop. The "choplen" variable is nothing to do with the binary
1309 name the name of the variable being sought
1310 exists_only TRUE if this is a def: test; passed on to find_header()
1311 skipping TRUE => skip any processing evaluation; this is not the same as
1312 exists_only because def: may test for values that are first
1314 newsize pointer to an int which is initially zero; if the answer is in
1315 a new memory buffer, *newsize is set to its size
1317 Returns: NULL if the variable does not exist, or
1318 a pointer to the variable's contents, or
1319 something non-NULL if exists_only is TRUE
1323 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1326 int last = var_table_size;
1328 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1329 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1330 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1331 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1332 (this gave backwards compatibility at the changeover). There may be built-in
1333 variables whose names start acl_ but they should never start in this way. This
1334 slightly messy specification is a consequence of the history, needless to say.
1336 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1337 set, in which case give an error. */
1339 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1343 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1344 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1347 /* Handle $auth<n> variables. */
1349 if (Ustrncmp(name, "auth", 4) == 0)
1352 int n = Ustrtoul(name + 4, &endptr, 10);
1353 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1354 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1357 /* For all other variables, search the table */
1359 while (last > first)
1363 int middle = (first + last)/2;
1364 int c = Ustrcmp(name, var_table[middle].name);
1366 if (c > 0) { first = middle + 1; continue; }
1367 if (c < 0) { last = middle; continue; }
1369 /* Found an existing variable. If in skipping state, the value isn't needed,
1370 and we want to avoid processing (such as looking up the host name). */
1372 if (skipping) return US"";
1374 switch (var_table[middle].type)
1376 #ifdef EXPERIMENTAL_DOMAINKEYS
1378 case vtype_dk_verify:
1379 if (dk_verify_block == NULL) return US"";
1381 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1382 s = dk_verify_block->result_string;
1383 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1384 s = dk_verify_block->address;
1385 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1386 s = dk_verify_block->domain;
1387 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1388 s = dk_verify_block->local_part;
1390 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1391 switch(dk_verify_block->address_source) {
1392 case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
1393 case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
1394 case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
1397 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1398 switch(dk_verify_block->result) {
1399 case DK_EXIM_RESULT_ERR: s = US"error"; break;
1400 case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
1401 case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
1402 case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
1403 case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
1404 case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
1405 case DK_EXIM_RESULT_GOOD: s = US"good"; break;
1406 case DK_EXIM_RESULT_BAD: s = US"bad"; break;
1409 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
1410 s = (dk_verify_block->signsall)? US"1" : US"0";
1412 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
1413 s = (dk_verify_block->testing)? US"1" : US"0";
1415 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
1416 s = (dk_verify_block->is_signed)? US"1" : US"0";
1418 return (s == NULL)? US"" : s;
1421 case vtype_filter_int:
1422 if (!filter_running) return NULL;
1426 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1430 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1434 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1438 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1441 case vtype_stringptr: /* Pointer to string */
1442 s = *((uschar **)(var_table[middle].value));
1443 return (s == NULL)? US"" : s;
1446 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1449 case vtype_load_avg:
1450 sprintf(CS var_buffer, "%d", OS_GETLOADAVG()); /* load_average */
1453 case vtype_host_lookup: /* Lookup if not done so */
1454 if (sender_host_name == NULL && sender_host_address != NULL &&
1455 !host_lookup_failed && host_name_lookup() == OK)
1456 host_build_sender_fullhost();
1457 return (sender_host_name == NULL)? US"" : sender_host_name;
1459 case vtype_localpart: /* Get local part from address */
1460 s = *((uschar **)(var_table[middle].value));
1461 if (s == NULL) return US"";
1462 domain = Ustrrchr(s, '@');
1463 if (domain == NULL) return s;
1464 if (domain - s > sizeof(var_buffer) - 1)
1465 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1466 "string expansion", sizeof(var_buffer));
1467 Ustrncpy(var_buffer, s, domain - s);
1468 var_buffer[domain - s] = 0;
1471 case vtype_domain: /* Get domain from address */
1472 s = *((uschar **)(var_table[middle].value));
1473 if (s == NULL) return US"";
1474 domain = Ustrrchr(s, '@');
1475 return (domain == NULL)? US"" : domain + 1;
1477 case vtype_msgheaders:
1478 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1480 case vtype_msgheaders_raw:
1481 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1483 case vtype_msgbody: /* Pointer to msgbody string */
1484 case vtype_msgbody_end: /* Ditto, the end of the msg */
1485 ss = (uschar **)(var_table[middle].value);
1486 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1489 off_t start_offset = SPOOL_DATA_START_OFFSET;
1490 int len = message_body_visible;
1491 if (len > message_size) len = message_size;
1492 *ss = body = store_malloc(len+1);
1494 if (var_table[middle].type == vtype_msgbody_end)
1496 struct stat statbuf;
1497 if (fstat(deliver_datafile, &statbuf) == 0)
1499 start_offset = statbuf.st_size - len;
1500 if (start_offset < SPOOL_DATA_START_OFFSET)
1501 start_offset = SPOOL_DATA_START_OFFSET;
1504 lseek(deliver_datafile, start_offset, SEEK_SET);
1505 len = read(deliver_datafile, body, len);
1511 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1515 return (*ss == NULL)? US"" : *ss;
1517 case vtype_todbsdin: /* BSD inbox time of day */
1518 return tod_stamp(tod_bsdin);
1520 case vtype_tode: /* Unix epoch time of day */
1521 return tod_stamp(tod_epoch);
1523 case vtype_todf: /* Full time of day */
1524 return tod_stamp(tod_full);
1526 case vtype_todl: /* Log format time of day */
1527 return tod_stamp(tod_log_bare); /* (without timezone) */
1529 case vtype_todzone: /* Time zone offset only */
1530 return tod_stamp(tod_zone);
1532 case vtype_todzulu: /* Zulu time */
1533 return tod_stamp(tod_zulu);
1535 case vtype_todlf: /* Log file datestamp tod */
1536 return tod_stamp(tod_log_datestamp);
1538 case vtype_reply: /* Get reply address */
1539 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1541 if (s != NULL) while (isspace(*s)) s++;
1542 if (s == NULL || *s == 0)
1544 *newsize = 0; /* For the *s==0 case */
1545 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1550 while (isspace(*s)) s++;
1551 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1552 while (t > s && isspace(t[-1])) t--;
1555 return (s == NULL)? US"" : s;
1557 /* A recipients list is available only during system message filtering,
1558 during ACL processing after DATA, and while expanding pipe commands
1559 generated from a system filter, but not elsewhere. */
1561 case vtype_recipients:
1562 if (!enable_dollar_recipients) return NULL; else
1567 s = store_get(size);
1568 for (i = 0; i < recipients_count; i++)
1570 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1571 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1572 Ustrlen(recipients_list[i].address));
1574 s[ptr] = 0; /* string_cat() leaves room */
1581 sprintf(CS var_buffer, "%d",
1582 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1589 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1590 sprintf(CS var_buffer, "%d", inodes);
1596 return NULL; /* Unknown variable name */
1602 /*************************************************
1603 * Read and expand substrings *
1604 *************************************************/
1606 /* This function is called to read and expand argument substrings for various
1607 expansion items. Some have a minimum requirement that is less than the maximum;
1608 in these cases, the first non-present one is set to NULL.
1611 sub points to vector of pointers to set
1612 n maximum number of substrings
1614 sptr points to current string pointer
1615 skipping the skipping flag
1616 check_end if TRUE, check for final '}'
1617 name name of item, for error message
1619 Returns: 0 OK; string pointer updated
1620 1 curly bracketing error (too few arguments)
1621 2 too many arguments (only if check_end is set); message set
1622 3 other error (expansion failure)
1626 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1627 BOOL check_end, uschar *name)
1632 while (isspace(*s)) s++;
1633 for (i = 0; i < n; i++)
1637 if (i < m) return 1;
1641 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1642 if (sub[i] == NULL) return 3;
1643 if (*s++ != '}') return 1;
1644 while (isspace(*s)) s++;
1646 if (check_end && *s++ != '}')
1650 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1651 "(max is %d)", name, n);
1664 /*************************************************
1665 * Elaborate message for bad variable *
1666 *************************************************/
1668 /* For the "unknown variable" message, take a look at the variable's name, and
1669 give additional information about possible ACL variables. The extra information
1670 is added on to expand_string_message.
1672 Argument: the name of the variable
1677 check_variable_error_message(uschar *name)
1679 if (Ustrncmp(name, "acl_", 4) == 0)
1680 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1681 (name[4] == 'c' || name[4] == 'm')?
1683 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1684 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1686 US"user-defined ACL variables must start acl_c or acl_m");
1691 /*************************************************
1692 * Read and evaluate a condition *
1693 *************************************************/
1697 s points to the start of the condition text
1698 yield points to a BOOL to hold the result of the condition test;
1699 if NULL, we are just reading through a condition that is
1700 part of an "or" combination to check syntax, or in a state
1701 where the answer isn't required
1703 Returns: a pointer to the first character after the condition, or
1708 eval_condition(uschar *s, BOOL *yield)
1710 BOOL testfor = TRUE;
1711 BOOL tempcond, combined_cond;
1713 int i, rc, cond_type, roffset;
1715 struct stat statbuf;
1720 const uschar *rerror;
1724 while (isspace(*s)) s++;
1725 if (*s == '!') { testfor = !testfor; s++; } else break;
1728 /* Numeric comparisons are symbolic */
1730 if (*s == '=' || *s == '>' || *s == '<')
1742 /* All other conditions are named */
1744 else s = read_name(name, 256, s, US"_");
1746 /* If we haven't read a name, it means some non-alpha character is first. */
1750 expand_string_message = string_sprintf("condition name expected, "
1751 "but found \"%.16s\"", s);
1755 /* Find which condition we are dealing with, and switch on it */
1757 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1760 /* def: tests for a non-empty variable, or for the existence of a header. If
1761 yield == NULL we are in a skipping state, and don't care about the answer. */
1766 expand_string_message = US"\":\" expected after \"def\"";
1770 s = read_name(name, 256, s+1, US"_");
1772 /* Test for a header's existence. If the name contains a closing brace
1773 character, this may be a user error where the terminating colon has been
1774 omitted. Set a flag to adjust a subsequent error message in this case. */
1776 if (Ustrncmp(name, "h_", 2) == 0 ||
1777 Ustrncmp(name, "rh_", 3) == 0 ||
1778 Ustrncmp(name, "bh_", 3) == 0 ||
1779 Ustrncmp(name, "header_", 7) == 0 ||
1780 Ustrncmp(name, "rheader_", 8) == 0 ||
1781 Ustrncmp(name, "bheader_", 8) == 0)
1783 s = read_header_name(name, 256, s);
1784 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
1785 if (yield != NULL) *yield =
1786 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1789 /* Test for a variable's having a non-empty value. A non-existent variable
1790 causes an expansion failure. */
1794 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1797 expand_string_message = (name[0] == 0)?
1798 string_sprintf("variable name omitted after \"def:\"") :
1799 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1800 check_variable_error_message(name);
1803 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1809 /* first_delivery tests for first delivery attempt */
1811 case ECOND_FIRST_DELIVERY:
1812 if (yield != NULL) *yield = deliver_firsttime == testfor;
1816 /* queue_running tests for any process started by a queue runner */
1818 case ECOND_QUEUE_RUNNING:
1819 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1823 /* exists: tests for file existence
1824 isip: tests for any IP address
1825 isip4: tests for an IPv4 address
1826 isip6: tests for an IPv6 address
1827 pam: does PAM authentication
1828 radius: does RADIUS authentication
1829 ldapauth: does LDAP authentication
1830 pwcheck: does Cyrus SASL pwcheck authentication
1839 case ECOND_LDAPAUTH:
1842 while (isspace(*s)) s++;
1843 if (*s != '{') goto COND_FAILED_CURLY_START;
1845 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1846 if (sub[0] == NULL) return NULL;
1847 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1849 if (yield == NULL) return s; /* No need to run the test if skipping */
1854 if ((expand_forbid & RDO_EXISTS) != 0)
1856 expand_string_message = US"File existence tests are not permitted";
1859 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1865 rc = string_is_ip_address(sub[0], NULL);
1866 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
1867 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1870 /* Various authentication tests - all optionally compiled */
1874 rc = auth_call_pam(sub[0], &expand_string_message);
1877 goto COND_FAILED_NOT_COMPILED;
1878 #endif /* SUPPORT_PAM */
1881 #ifdef RADIUS_CONFIG_FILE
1882 rc = auth_call_radius(sub[0], &expand_string_message);
1885 goto COND_FAILED_NOT_COMPILED;
1886 #endif /* RADIUS_CONFIG_FILE */
1888 case ECOND_LDAPAUTH:
1891 /* Just to keep the interface the same */
1893 int old_pool = store_pool;
1894 store_pool = POOL_SEARCH;
1895 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1896 &expand_string_message, &do_cache);
1897 store_pool = old_pool;
1901 goto COND_FAILED_NOT_COMPILED;
1902 #endif /* LOOKUP_LDAP */
1905 #ifdef CYRUS_PWCHECK_SOCKET
1906 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1909 goto COND_FAILED_NOT_COMPILED;
1910 #endif /* CYRUS_PWCHECK_SOCKET */
1912 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1913 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1915 if (rc == ERROR || rc == DEFER) return NULL;
1916 *yield = (rc == OK) == testfor;
1922 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1924 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1926 However, the last two are optional. That is why the whole set is enclosed
1927 in their own set or braces. */
1929 case ECOND_SASLAUTHD:
1930 #ifndef CYRUS_SASLAUTHD_SOCKET
1931 goto COND_FAILED_NOT_COMPILED;
1933 while (isspace(*s)) s++;
1934 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1935 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1937 case 1: expand_string_message = US"too few arguments or bracketing "
1938 "error for saslauthd";
1940 case 3: return NULL;
1942 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1946 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1947 &expand_string_message);
1948 if (rc == ERROR || rc == DEFER) return NULL;
1949 *yield = (rc == OK) == testfor;
1952 #endif /* CYRUS_SASLAUTHD_SOCKET */
1955 /* symbolic operators for numeric and string comparison, and a number of
1956 other operators, all requiring two arguments.
1958 match: does a regular expression match and sets up the numerical
1959 variables if it succeeds
1960 match_address: matches in an address list
1961 match_domain: matches in a domain list
1962 match_ip: matches a host list that is restricted to IP addresses
1963 match_local_part: matches in a local part list
1964 crypteq: encrypts plaintext and compares against an encrypted text,
1965 using crypt(), crypt16(), MD5 or SHA-1
1969 case ECOND_MATCH_ADDRESS:
1970 case ECOND_MATCH_DOMAIN:
1971 case ECOND_MATCH_IP:
1972 case ECOND_MATCH_LOCAL_PART:
1975 case ECOND_NUM_L: /* Numerical comparisons */
1982 case ECOND_STR_LT: /* String comparisons */
1993 for (i = 0; i < 2; i++)
1995 while (isspace(*s)) s++;
1998 if (i == 0) goto COND_FAILED_CURLY_START;
1999 expand_string_message = string_sprintf("missing 2nd string in {} "
2000 "after \"%s\"", name);
2003 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
2004 if (sub[i] == NULL) return NULL;
2005 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2007 /* Convert to numerical if required; we know that the names of all the
2008 conditions that compare numbers do not start with a letter. This just saves
2009 checking for them individually. */
2011 if (!isalpha(name[0]) && yield != NULL)
2017 debug_printf("empty string cast to zero for numerical comparison\n");
2021 num[i] = expand_string_integer(sub[i], FALSE);
2022 if (expand_string_message != NULL) return NULL;
2027 /* Result not required */
2029 if (yield == NULL) return s;
2031 /* Do an appropriate comparison */
2037 *yield = (num[0] == num[1]) == testfor;
2041 *yield = (num[0] > num[1]) == testfor;
2045 *yield = (num[0] >= num[1]) == testfor;
2049 *yield = (num[0] < num[1]) == testfor;
2053 *yield = (num[0] <= num[1]) == testfor;
2057 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
2061 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
2065 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
2069 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
2073 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
2077 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
2081 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
2085 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
2089 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2093 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2096 case ECOND_MATCH: /* Regular expression match */
2097 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2101 expand_string_message = string_sprintf("regular expression error in "
2102 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2105 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2108 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2109 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2110 goto MATCHED_SOMETHING;
2112 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2113 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2114 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2115 goto MATCHED_SOMETHING;
2117 case ECOND_MATCH_IP: /* Match IP address in a host list */
2118 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2120 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2126 unsigned int *nullcache = NULL;
2127 check_host_block cb;
2129 cb.host_name = US"";
2130 cb.host_address = sub[0];
2132 /* If the host address starts off ::ffff: it is an IPv6 address in
2133 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2136 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2137 cb.host_address + 7 : cb.host_address;
2139 rc = match_check_list(
2140 &sub[1], /* the list */
2141 0, /* separator character */
2142 &hostlist_anchor, /* anchor pointer */
2143 &nullcache, /* cache pointer */
2144 check_host, /* function for testing */
2145 &cb, /* argument for function */
2146 MCL_HOST, /* type of check */
2147 sub[0], /* text for debugging */
2148 NULL); /* where to pass back data */
2150 goto MATCHED_SOMETHING;
2152 case ECOND_MATCH_LOCAL_PART:
2153 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2154 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2169 expand_string_message = string_sprintf("unable to complete match "
2170 "against \"%s\": %s", sub[1], search_error_message);
2176 /* Various "encrypted" comparisons. If the second string starts with
2177 "{" then an encryption type is given. Default to crypt() or crypt16()
2178 (build-time choice). */
2181 #ifndef SUPPORT_CRYPTEQ
2182 goto COND_FAILED_NOT_COMPILED;
2184 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2186 int sublen = Ustrlen(sub[1]+5);
2191 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2193 /* If the length that we are comparing against is 24, the MD5 digest
2194 is expressed as a base64 string. This is the way LDAP does it. However,
2195 some other software uses a straightforward hex representation. We assume
2196 this if the length is 32. Other lengths fail. */
2200 uschar *coded = auth_b64encode((uschar *)digest, 16);
2201 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2202 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2203 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2205 else if (sublen == 32)
2209 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2211 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2212 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2213 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2217 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2218 "fail\n crypted=%s\n", sub[1]+5);
2223 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2225 int sublen = Ustrlen(sub[1]+6);
2230 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2232 /* If the length that we are comparing against is 28, assume the SHA1
2233 digest is expressed as a base64 string. If the length is 40, assume a
2234 straightforward hex representation. Other lengths fail. */
2238 uschar *coded = auth_b64encode((uschar *)digest, 20);
2239 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2240 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2241 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2243 else if (sublen == 40)
2247 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2249 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2250 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2251 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2255 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2256 "fail\n crypted=%s\n", sub[1]+6);
2261 else /* {crypt} or {crypt16} and non-{ at start */
2266 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2271 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2276 else if (sub[1][0] == '{')
2278 expand_string_message = string_sprintf("unknown encryption mechanism "
2279 "in \"%s\"", sub[1]);
2285 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2286 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2287 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2291 #define XSTR(s) STR(s)
2292 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2293 " subject=%s\n crypted=%s\n",
2294 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2299 /* If the encrypted string contains fewer than two characters (for the
2300 salt), force failure. Otherwise we get false positives: with an empty
2301 string the yield of crypt() is an empty string! */
2303 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2304 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2307 #endif /* SUPPORT_CRYPTEQ */
2308 } /* Switch for comparison conditions */
2310 return s; /* End of comparison conditions */
2313 /* and/or: computes logical and/or of several conditions */
2317 subcondptr = (yield == NULL)? NULL : &tempcond;
2318 combined_cond = (cond_type == ECOND_AND);
2320 while (isspace(*s)) s++;
2321 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2325 while (isspace(*s)) s++;
2326 if (*s == '}') break;
2329 expand_string_message = string_sprintf("each subcondition "
2330 "inside an \"%s{...}\" condition must be in its own {}", name);
2334 s = eval_condition(s+1, subcondptr);
2337 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2338 expand_string_message, name);
2341 while (isspace(*s)) s++;
2345 expand_string_message = string_sprintf("missing } at end of condition "
2346 "inside \"%s\" group", name);
2352 if (cond_type == ECOND_AND)
2354 combined_cond &= tempcond;
2355 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2356 } /* evaluate any more */
2359 combined_cond |= tempcond;
2360 if (combined_cond) subcondptr = NULL; /* once true, don't */
2361 } /* evaluate any more */
2365 if (yield != NULL) *yield = (combined_cond == testfor);
2369 /* forall/forany: iterates a condition with different values */
2375 uschar *save_iterate_item = iterate_item;
2377 while (isspace(*s)) s++;
2378 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2379 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL));
2380 if (sub[0] == NULL) return NULL;
2381 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2383 while (isspace(*s)) s++;
2384 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2388 /* Call eval_condition once, with result discarded (as if scanning a
2389 "false" part). This allows us to find the end of the condition, because if
2390 the list it empty, we won't actually evaluate the condition for real. */
2392 s = eval_condition(sub[1], NULL);
2395 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2396 expand_string_message, name);
2399 while (isspace(*s)) s++;
2403 expand_string_message = string_sprintf("missing } at end of condition "
2404 "inside \"%s\"", name);
2408 if (yield != NULL) *yield = !testfor;
2409 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2411 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2412 if (eval_condition(sub[1], &tempcond) == NULL)
2414 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2415 expand_string_message, name);
2416 iterate_item = save_iterate_item;
2419 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2420 tempcond? "true":"false");
2422 if (yield != NULL) *yield = (tempcond == testfor);
2423 if (tempcond == (cond_type == ECOND_FORANY)) break;
2426 iterate_item = save_iterate_item;
2431 /* Unknown condition */
2434 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2436 } /* End switch on condition type */
2438 /* Missing braces at start and end of data */
2440 COND_FAILED_CURLY_START:
2441 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2444 COND_FAILED_CURLY_END:
2445 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2449 /* A condition requires code that is not compiled */
2451 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2452 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2453 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2454 COND_FAILED_NOT_COMPILED:
2455 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2464 /*************************************************
2465 * Save numerical variables *
2466 *************************************************/
2468 /* This function is called from items such as "if" that want to preserve and
2469 restore the numbered variables.
2472 save_expand_string points to an array of pointers to set
2473 save_expand_nlength points to an array of ints for the lengths
2475 Returns: the value of expand max to save
2479 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2482 for (i = 0; i <= expand_nmax; i++)
2484 save_expand_nstring[i] = expand_nstring[i];
2485 save_expand_nlength[i] = expand_nlength[i];
2492 /*************************************************
2493 * Restore numerical variables *
2494 *************************************************/
2496 /* This function restored saved values of numerical strings.
2499 save_expand_nmax the number of strings to restore
2500 save_expand_string points to an array of pointers
2501 save_expand_nlength points to an array of ints
2507 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2508 int *save_expand_nlength)
2511 expand_nmax = save_expand_nmax;
2512 for (i = 0; i <= expand_nmax; i++)
2514 expand_nstring[i] = save_expand_nstring[i];
2515 expand_nlength[i] = save_expand_nlength[i];
2523 /*************************************************
2524 * Handle yes/no substrings *
2525 *************************************************/
2527 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2528 alternative substrings that depend on whether or not the condition was true,
2529 or the lookup or extraction succeeded. The substrings always have to be
2530 expanded, to check their syntax, but "skipping" is set when the result is not
2531 needed - this avoids unnecessary nested lookups.
2534 skipping TRUE if we were skipping when this item was reached
2535 yes TRUE if the first string is to be used, else use the second
2536 save_lookup a value to put back into lookup_value before the 2nd expansion
2537 sptr points to the input string pointer
2538 yieldptr points to the output string pointer
2539 sizeptr points to the output string size
2540 ptrptr points to the output string pointer
2541 type "lookup" or "if" or "extract" or "run", for error message
2543 Returns: 0 OK; lookup_value has been reset to save_lookup
2545 2 expansion failed because of bracketing error
2549 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2550 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2553 uschar *s = *sptr; /* Local value */
2554 uschar *sub1, *sub2;
2556 /* If there are no following strings, we substitute the contents of $value for
2557 lookups and for extractions in the success case. For the ${if item, the string
2558 "true" is substituted. In the fail case, nothing is substituted for all three
2561 while (isspace(*s)) s++;
2566 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2570 if (yes && lookup_value != NULL)
2571 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2572 Ustrlen(lookup_value));
2573 lookup_value = save_lookup;
2579 /* The first following string must be braced. */
2581 if (*s++ != '{') goto FAILED_CURLY;
2583 /* Expand the first substring. Forced failures are noticed only if we actually
2584 want this string. Set skipping in the call in the fail case (this will always
2585 be the case if we were already skipping). */
2587 sub1 = expand_string_internal(s, TRUE, &s, !yes);
2588 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2589 expand_string_forcedfail = FALSE;
2590 if (*s++ != '}') goto FAILED_CURLY;
2592 /* If we want the first string, add it to the output */
2595 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2597 /* If this is called from a lookup or an extract, we want to restore $value to
2598 what it was at the start of the item, so that it has this value during the
2599 second string expansion. For the call from "if" or "run" to this function,
2600 save_lookup is set to lookup_value, so that this statement does nothing. */
2602 lookup_value = save_lookup;
2604 /* There now follows either another substring, or "fail", or nothing. This
2605 time, forced failures are noticed only if we want the second string. We must
2606 set skipping in the nested call if we don't want this string, or if we were
2607 already skipping. */
2609 while (isspace(*s)) s++;
2612 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2613 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2614 expand_string_forcedfail = FALSE;
2615 if (*s++ != '}') goto FAILED_CURLY;
2617 /* If we want the second string, add it to the output */
2620 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2623 /* If there is no second string, but the word "fail" is present when the use of
2624 the second string is wanted, set a flag indicating it was a forced failure
2625 rather than a syntactic error. Swallow the terminating } in case this is nested
2626 inside another lookup or if or extract. */
2631 s = read_name(name, sizeof(name), s, US"_");
2632 if (Ustrcmp(name, "fail") == 0)
2634 if (!yes && !skipping)
2636 while (isspace(*s)) s++;
2637 if (*s++ != '}') goto FAILED_CURLY;
2638 expand_string_message =
2639 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2640 expand_string_forcedfail = TRUE;
2646 expand_string_message =
2647 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2652 /* All we have to do now is to check on the final closing brace. */
2654 while (isspace(*s)) s++;
2655 if (*s++ == '}') goto RETURN;
2657 /* Get here if there is a bracketing failure */
2662 /* Get here for other failures */
2667 /* Update the input pointer value before returning */
2677 /*************************************************
2678 * Handle MD5 or SHA-1 computation for HMAC *
2679 *************************************************/
2681 /* These are some wrapping functions that enable the HMAC code to be a bit
2682 cleaner. A good compiler will spot the tail recursion.
2685 type HMAC_MD5 or HMAC_SHA1
2686 remaining are as for the cryptographic hash functions
2692 chash_start(int type, void *base)
2694 if (type == HMAC_MD5)
2695 md5_start((md5 *)base);
2697 sha1_start((sha1 *)base);
2701 chash_mid(int type, void *base, uschar *string)
2703 if (type == HMAC_MD5)
2704 md5_mid((md5 *)base, string);
2706 sha1_mid((sha1 *)base, string);
2710 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2712 if (type == HMAC_MD5)
2713 md5_end((md5 *)base, string, length, digest);
2715 sha1_end((sha1 *)base, string, length, digest);
2722 /********************************************************
2723 * prvs: Get last three digits of days since Jan 1, 1970 *
2724 ********************************************************/
2726 /* This is needed to implement the "prvs" BATV reverse
2729 Argument: integer "days" offset to add or substract to
2730 or from the current number of days.
2732 Returns: pointer to string containing the last three
2733 digits of the number of days since Jan 1, 1970,
2734 modified by the offset argument, NULL if there
2735 was an error in the conversion.
2740 prvs_daystamp(int day_offset)
2742 uschar *days = store_get(32); /* Need at least 24 for cases */
2743 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
2744 (time(NULL) + day_offset*86400)/86400);
2745 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
2750 /********************************************************
2751 * prvs: perform HMAC-SHA1 computation of prvs bits *
2752 ********************************************************/
2754 /* This is needed to implement the "prvs" BATV reverse
2758 address RFC2821 Address to use
2759 key The key to use (must be less than 64 characters
2761 key_num Single-digit key number to use. Defaults to
2764 Returns: pointer to string containing the first three
2765 bytes of the final hash in hex format, NULL if
2766 there was an error in the process.
2770 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2772 uschar *hash_source, *p;
2773 int size = 0,offset = 0,i;
2775 void *use_base = &sha1_base;
2776 uschar innerhash[20];
2777 uschar finalhash[20];
2778 uschar innerkey[64];
2779 uschar outerkey[64];
2780 uschar *finalhash_hex = store_get(40);
2782 if (key_num == NULL)
2785 if (Ustrlen(key) > 64)
2788 hash_source = string_cat(NULL,&size,&offset,key_num,1);
2789 string_cat(hash_source,&size,&offset,daystamp,3);
2790 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2791 hash_source[offset] = '\0';
2793 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2795 memset(innerkey, 0x36, 64);
2796 memset(outerkey, 0x5c, 64);
2798 for (i = 0; i < Ustrlen(key); i++)
2800 innerkey[i] ^= key[i];
2801 outerkey[i] ^= key[i];
2804 chash_start(HMAC_SHA1, use_base);
2805 chash_mid(HMAC_SHA1, use_base, innerkey);
2806 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2808 chash_start(HMAC_SHA1, use_base);
2809 chash_mid(HMAC_SHA1, use_base, outerkey);
2810 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2813 for (i = 0; i < 3; i++)
2815 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2816 *p++ = hex_digits[finalhash[i] & 0x0f];
2820 return finalhash_hex;
2826 /*************************************************
2827 * Join a file onto the output string *
2828 *************************************************/
2830 /* This is used for readfile and after a run expansion. It joins the contents
2831 of a file onto the output string, globally replacing newlines with a given
2832 string (optionally). The file is closed at the end.
2836 yield pointer to the expandable string
2837 sizep pointer to the current size
2838 ptrp pointer to the current position
2839 eol newline replacement string, or NULL
2841 Returns: new value of string pointer
2845 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2848 uschar buffer[1024];
2850 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2852 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2854 int len = Ustrlen(buffer);
2855 if (eol != NULL && buffer[len-1] == '\n') len--;
2856 yield = string_cat(yield, sizep, ptrp, buffer, len);
2857 if (buffer[len] != 0)
2858 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2861 if (yield != NULL) yield[*ptrp] = 0;
2869 /*************************************************
2870 * Evaluate numeric expression *
2871 *************************************************/
2873 /* This is a set of mutually recursive functions that evaluate an arithmetic
2874 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
2875 these functions that is called from elsewhere is eval_expr, whose interface is:
2878 sptr pointer to the pointer to the string - gets updated
2879 decimal TRUE if numbers are to be assumed decimal
2880 error pointer to where to put an error message - must be NULL on input
2881 endket TRUE if ')' must terminate - FALSE for external call
2883 Returns: on success: the value of the expression, with *error still NULL
2884 on failure: an undefined value, with *error = a message
2887 static int eval_op_or(uschar **, BOOL, uschar **);
2891 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2894 int x = eval_op_or(&s, decimal, error);
2900 *error = US"expecting closing parenthesis";
2902 while (isspace(*(++s)));
2904 else if (*s != 0) *error = US"expecting operator";
2912 eval_number(uschar **sptr, BOOL decimal, uschar **error)
2917 while (isspace(*s)) s++;
2922 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2924 if (tolower(*s) == 'k') { n *= 1024; s++; }
2925 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2926 while (isspace (*s)) s++;
2931 n = eval_expr(&s, decimal, error, 1);
2935 *error = US"expecting number or opening parenthesis";
2943 static int eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
2947 while (isspace(*s)) s++;
2948 if (*s == '+' || *s == '-' || *s == '~')
2951 x = eval_op_unary(&s, decimal, error);
2952 if (op == '-') x = -x;
2953 else if (op == '~') x = ~x;
2957 x = eval_number(&s, decimal, error);
2964 static int eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
2967 int x = eval_op_unary(&s, decimal, error);
2970 while (*s == '*' || *s == '/' || *s == '%')
2973 int y = eval_op_unary(&s, decimal, error);
2974 if (*error != NULL) break;
2975 if (op == '*') x *= y;
2976 else if (op == '/') x /= y;
2985 static int eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
2988 int x = eval_op_mult(&s, decimal, error);
2991 while (*s == '+' || *s == '-')
2994 int y = eval_op_mult(&s, decimal, error);
2995 if (*error != NULL) break;
2996 if (op == '+') x += y; else x -= y;
3004 static int eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
3007 int x = eval_op_sum(&s, decimal, error);
3010 while ((*s == '<' || *s == '>') && s[1] == s[0])
3015 y = eval_op_sum(&s, decimal, error);
3016 if (*error != NULL) break;
3017 if (op == '<') x <<= y; else x >>= y;
3025 static int eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3028 int x = eval_op_shift(&s, decimal, error);
3035 y = eval_op_shift(&s, decimal, error);
3036 if (*error != NULL) break;
3045 static int eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3048 int x = eval_op_and(&s, decimal, error);
3055 y = eval_op_and(&s, decimal, error);
3056 if (*error != NULL) break;
3065 static int eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3068 int x = eval_op_xor(&s, decimal, error);
3075 y = eval_op_xor(&s, decimal, error);
3076 if (*error != NULL) break;
3086 /*************************************************
3088 *************************************************/
3090 /* Returns either an unchanged string, or the expanded string in stacking pool
3091 store. Interpreted sequences are:
3093 \... normal escaping rules
3094 $name substitutes the variable
3096 ${op:string} operates on the expanded string value
3097 ${item{arg1}{arg2}...} expands the args and then does the business
3098 some literal args are not enclosed in {}
3100 There are now far too many operators and item types to make it worth listing
3101 them here in detail any more.
3103 We use an internal routine recursively to handle embedded substrings. The
3104 external function follows. The yield is NULL if the expansion failed, and there
3105 are two cases: if something collapsed syntactically, or if "fail" was given
3106 as the action on a lookup failure. These can be distinguised by looking at the
3107 variable expand_string_forcedfail, which is TRUE in the latter case.
3109 The skipping flag is set true when expanding a substring that isn't actually
3110 going to be used (after "if" or "lookup") and it prevents lookups from
3111 happening lower down.
3113 Store usage: At start, a store block of the length of the input plus 64
3114 is obtained. This is expanded as necessary by string_cat(), which might have to
3115 get a new block, or might be able to expand the original. At the end of the
3116 function we can release any store above that portion of the yield block that
3117 was actually used. In many cases this will be optimal.
3119 However: if the first item in the expansion is a variable name or header name,
3120 we reset the store before processing it; if the result is in fresh store, we
3121 use that without copying. This is helpful for expanding strings like
3122 $message_headers which can get very long.
3125 string the string to be expanded
3126 ket_ends true if expansion is to stop at }
3127 left if not NULL, a pointer to the first character after the
3128 expansion is placed here (typically used with ket_ends)
3129 skipping TRUE for recursive calls when the value isn't actually going
3130 to be used (to allow for optimisation)
3132 Returns: NULL if expansion fails:
3133 expand_string_forcedfail is set TRUE if failure was forced
3134 expand_string_message contains a textual error message
3135 a pointer to the expanded string on success
3139 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
3143 int size = Ustrlen(string)+ 64;
3145 uschar *yield = store_get(size);
3147 uschar *save_expand_nstring[EXPAND_MAXN+1];
3148 int save_expand_nlength[EXPAND_MAXN+1];
3150 expand_string_forcedfail = FALSE;
3151 expand_string_message = US"";
3158 /* \ escapes the next character, which must exist, or else
3159 the expansion fails. There's a special escape, \N, which causes
3160 copying of the subject verbatim up to the next \N. Otherwise,
3161 the escapes are the standard set. */
3167 expand_string_message = US"\\ at end of string";
3174 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3175 yield = string_cat(yield, &size, &ptr, t, s - t);
3176 if (*s != 0) s += 2;
3182 ch[0] = string_interpret_escape(&s);
3184 yield = string_cat(yield, &size, &ptr, ch, 1);
3190 /* Anything other than $ is just copied verbatim, unless we are
3191 looking for a terminating } character. */
3193 if (ket_ends && *s == '}') break;
3197 yield = string_cat(yield, &size, &ptr, s++, 1);
3201 /* No { after the $ - must be a plain name or a number for string
3202 match variable. There has to be a fudge for variables that are the
3203 names of header fields preceded by "$header_" because header field
3204 names can contain any printing characters except space and colon.
3205 For those that don't like typing this much, "$h_" is a synonym for
3206 "$header_". A non-existent header yields a NULL value; nothing is
3209 if (isalpha((*(++s))))
3214 s = read_name(name, sizeof(name), s, US"_");
3216 /* If this is the first thing to be expanded, release the pre-allocated
3219 if (ptr == 0 && yield != NULL)
3228 if (Ustrncmp(name, "h_", 2) == 0 ||
3229 Ustrncmp(name, "rh_", 3) == 0 ||
3230 Ustrncmp(name, "bh_", 3) == 0 ||
3231 Ustrncmp(name, "header_", 7) == 0 ||
3232 Ustrncmp(name, "rheader_", 8) == 0 ||
3233 Ustrncmp(name, "bheader_", 8) == 0)
3235 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3236 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3237 s = read_header_name(name, sizeof(name), s);
3238 value = find_header(name, FALSE, &newsize, want_raw, charset);
3240 /* If we didn't find the header, and the header contains a closing brace
3241 character, this may be a user error where the terminating colon
3242 has been omitted. Set a flag to adjust the error message in this case.
3243 But there is no error here - nothing gets inserted. */
3247 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3256 value = find_variable(name, FALSE, skipping, &newsize);
3259 expand_string_message =
3260 string_sprintf("unknown variable name \"%s\"", name);
3261 check_variable_error_message(name);
3266 /* If the data is known to be in a new buffer, newsize will be set to the
3267 size of that buffer. If this is the first thing in an expansion string,
3268 yield will be NULL; just point it at the new store instead of copying. Many
3269 expansion strings contain just one reference, so this is a useful
3270 optimization, especially for humungous headers. */
3272 len = Ustrlen(value);
3273 if (yield == NULL && newsize != 0)
3279 else yield = string_cat(yield, &size, &ptr, value, len);
3287 s = read_number(&n, s);
3288 if (n >= 0 && n <= expand_nmax)
3289 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3294 /* Otherwise, if there's no '{' after $ it's an error. */
3298 expand_string_message = US"$ not followed by letter, digit, or {";
3302 /* After { there can be various things, but they all start with
3303 an initial word, except for a number for a string match variable. */
3305 if (isdigit((*(++s))))
3308 s = read_number(&n, s);
3311 expand_string_message = US"} expected after number";
3314 if (n >= 0 && n <= expand_nmax)
3315 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3322 expand_string_message = US"letter or digit expected after ${";
3326 /* Allow "-" in names to cater for substrings with negative
3327 arguments. Since we are checking for known names after { this is
3330 s = read_name(name, sizeof(name), s, US"_-");
3331 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3335 /* Handle conditionals - preserve the values of the numerical expansion
3336 variables in case they get changed by a regular expression match in the
3337 condition. If not, they retain their external settings. At the end
3338 of this "if" section, they get restored to their previous values. */
3344 int save_expand_nmax =
3345 save_expand_strings(save_expand_nstring, save_expand_nlength);
3347 while (isspace(*s)) s++;
3348 next_s = eval_condition(s, skipping? NULL : &cond);
3349 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3352 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3353 cond? "true" : "false");
3357 /* The handling of "yes" and "no" result strings is now in a separate
3358 function that is also used by ${lookup} and ${extract} and ${run}. */
3360 switch(process_yesno(
3361 skipping, /* were previously skipping */
3362 cond, /* success/failure indicator */
3363 lookup_value, /* value to reset for string2 */
3364 &s, /* input pointer */
3365 &yield, /* output pointer */
3366 &size, /* output size */
3367 &ptr, /* output current point */
3368 US"if")) /* condition type */
3370 case 1: goto EXPAND_FAILED; /* when all is well, the */
3371 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3374 /* Restore external setting of expansion variables for continuation
3377 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3378 save_expand_nlength);
3382 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3383 expanding an internal string that isn't actually going to be used. All we
3384 need to do is check the syntax, so don't do a lookup at all. Preserve the
3385 values of the numerical expansion variables in case they get changed by a
3386 partial lookup. If not, they retain their external settings. At the end
3387 of this "lookup" section, they get restored to their previous values. */
3391 int stype, partial, affixlen, starflags;
3392 int expand_setup = 0;
3394 uschar *key, *filename, *affix;
3395 uschar *save_lookup_value = lookup_value;
3396 int save_expand_nmax =
3397 save_expand_strings(save_expand_nstring, save_expand_nlength);
3399 if ((expand_forbid & RDO_LOOKUP) != 0)
3401 expand_string_message = US"lookup expansions are not permitted";
3405 /* Get the key we are to look up for single-key+file style lookups.
3406 Otherwise set the key NULL pro-tem. */
3408 while (isspace(*s)) s++;
3411 key = expand_string_internal(s+1, TRUE, &s, skipping);
3412 if (key == NULL) goto EXPAND_FAILED;
3413 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3414 while (isspace(*s)) s++;
3418 /* Find out the type of database */
3422 expand_string_message = US"missing lookup type";
3426 /* The type is a string that may contain special characters of various
3427 kinds. Allow everything except space or { to appear; the actual content
3428 is checked by search_findtype_partial. */
3430 while (*s != 0 && *s != '{' && !isspace(*s))
3432 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3436 while (isspace(*s)) s++;
3438 /* Now check for the individual search type and any partial or default
3439 options. Only those types that are actually in the binary are valid. */
3441 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3445 expand_string_message = search_error_message;
3449 /* Check that a key was provided for those lookup types that need it,
3450 and was not supplied for those that use the query style. */
3452 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
3456 expand_string_message = string_sprintf("missing {key} for single-"
3457 "key \"%s\" lookup", name);
3465 expand_string_message = string_sprintf("a single key was given for "
3466 "lookup type \"%s\", which is not a single-key lookup type", name);
3471 /* Get the next string in brackets and expand it. It is the file name for
3472 single-key+file lookups, and the whole query otherwise. In the case of
3473 queries that also require a file name (e.g. sqlite), the file name comes
3476 if (*s != '{') goto EXPAND_FAILED_CURLY;
3477 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3478 if (filename == NULL) goto EXPAND_FAILED;
3479 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3480 while (isspace(*s)) s++;
3482 /* If this isn't a single-key+file lookup, re-arrange the variables
3483 to be appropriate for the search_ functions. For query-style lookups,
3484 there is just a "key", and no file name. For the special query-style +
3485 file types, the query (i.e. "key") starts with a file name. */
3489 while (isspace(*filename)) filename++;
3492 if (mac_islookup(stype, lookup_querystyle))
3498 if (*filename != '/')
3500 expand_string_message = string_sprintf(
3501 "absolute file name expected for \"%s\" lookup", name);
3504 while (*key != 0 && !isspace(*key)) key++;
3505 if (*key != 0) *key++ = 0;
3509 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3510 the entry was not found. Note that there is no search_close() function.
3511 Files are left open in case of re-use. At suitable places in higher logic,
3512 search_tidyup() is called to tidy all open files. This can save opening
3513 the same file several times. However, files may also get closed when
3514 others are opened, if too many are open at once. The rule is that a
3515 handle should not be used after a second search_open().
3517 Request that a partial search sets up $1 and maybe $2 by passing
3518 expand_setup containing zero. If its value changes, reset expand_nmax,
3519 since new variables will have been set. Note that at the end of this
3520 "lookup" section, the old numeric variables are restored. */
3523 lookup_value = NULL;
3526 void *handle = search_open(filename, stype, 0, NULL, NULL);
3529 expand_string_message = search_error_message;
3532 lookup_value = search_find(handle, filename, key, partial, affix,
3533 affixlen, starflags, &expand_setup);
3534 if (search_find_defer)
3536 expand_string_message =
3537 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3538 search_error_message);
3541 if (expand_setup > 0) expand_nmax = expand_setup;
3544 /* The handling of "yes" and "no" result strings is now in a separate
3545 function that is also used by ${if} and ${extract}. */
3547 switch(process_yesno(
3548 skipping, /* were previously skipping */
3549 lookup_value != NULL, /* success/failure indicator */
3550 save_lookup_value, /* value to reset for string2 */
3551 &s, /* input pointer */
3552 &yield, /* output pointer */
3553 &size, /* output size */
3554 &ptr, /* output current point */
3555 US"lookup")) /* condition type */
3557 case 1: goto EXPAND_FAILED; /* when all is well, the */
3558 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3561 /* Restore external setting of expansion variables for carrying on
3562 at this level, and continue. */
3564 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3565 save_expand_nlength);
3569 /* If Perl support is configured, handle calling embedded perl subroutines,
3570 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3571 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3572 arguments (defined below). */
3574 #define EXIM_PERL_MAX_ARGS 8
3578 expand_string_message = US"\"${perl\" encountered, but this facility "
3579 "is not included in this binary";
3582 #else /* EXIM_PERL */
3584 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3587 if ((expand_forbid & RDO_PERL) != 0)
3589 expand_string_message = US"Perl calls are not permitted";
3593 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3596 case 1: goto EXPAND_FAILED_CURLY;
3598 case 3: goto EXPAND_FAILED;
3601 /* If skipping, we don't actually do anything */
3603 if (skipping) continue;
3605 /* Start the interpreter if necessary */
3607 if (!opt_perl_started)
3610 if (opt_perl_startup == NULL)
3612 expand_string_message = US"A setting of perl_startup is needed when "
3613 "using the Perl interpreter";
3616 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3617 initerror = init_perl(opt_perl_startup);
3618 if (initerror != NULL)
3620 expand_string_message =
3621 string_sprintf("error in perl_startup code: %s\n", initerror);
3624 opt_perl_started = TRUE;
3627 /* Call the function */
3629 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3630 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3631 sub_arg[0], sub_arg + 1);
3633 /* NULL yield indicates failure; if the message pointer has been set to
3634 NULL, the yield was undef, indicating a forced failure. Otherwise the
3635 message will indicate some kind of Perl error. */
3637 if (new_yield == NULL)
3639 if (expand_string_message == NULL)
3641 expand_string_message =
3642 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3643 "failure", sub_arg[0]);
3644 expand_string_forcedfail = TRUE;
3649 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3650 set during a callback from Perl. */
3652 expand_string_forcedfail = FALSE;
3656 #endif /* EXIM_PERL */
3658 /* Transform email address to "prvs" scheme to use
3659 as BATV-signed return path */
3666 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3668 case 1: goto EXPAND_FAILED_CURLY;
3670 case 3: goto EXPAND_FAILED;
3673 /* If skipping, we don't actually do anything */
3674 if (skipping) continue;
3676 /* sub_arg[0] is the address */
3677 domain = Ustrrchr(sub_arg[0],'@');
3678 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3680 expand_string_message = US"prvs first argument must be a qualified email address";
3684 /* Calculate the hash. The second argument must be a single-digit
3685 key number, or unset. */
3687 if (sub_arg[2] != NULL &&
3688 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
3690 expand_string_message = US"prvs second argument must be a single digit";
3694 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3697 expand_string_message = US"prvs hmac-sha1 conversion failed";
3701 /* Now separate the domain from the local part */
3704 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3705 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3706 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3707 string_cat(yield,&size,&ptr,p,6);
3708 string_cat(yield,&size,&ptr,US"=",1);
3709 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3710 string_cat(yield,&size,&ptr,US"@",1);
3711 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3716 /* Check a prvs-encoded address for validity */
3718 case EITEM_PRVSCHECK:
3721 int mysize = 0, myptr = 0;
3725 /* TF: Ugliness: We want to expand parameter 1 first, then set
3726 up expansion variables that are used in the expansion of
3727 parameter 2. So we clone the string for the first
3728 expansion, where we only expand parameter 1.
3730 PH: Actually, that isn't necessary. The read_subs() function is
3731 designed to work this way for the ${if and ${lookup expansions. I've
3735 /* Reset expansion variables */
3736 prvscheck_result = NULL;
3737 prvscheck_address = NULL;
3738 prvscheck_keynum = NULL;
3740 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
3742 case 1: goto EXPAND_FAILED_CURLY;
3744 case 3: goto EXPAND_FAILED;
3747 re = regex_must_compile(US"^prvs\\=([0-9])([0-9]{3})([A-F0-9]{6})\\=(.+)\\@(.+)$",
3750 if (regex_match_and_setup(re,sub_arg[0],0,-1))
3752 uschar *local_part = string_copyn(expand_nstring[4],expand_nlength[4]);
3753 uschar *key_num = string_copyn(expand_nstring[1],expand_nlength[1]);
3754 uschar *daystamp = string_copyn(expand_nstring[2],expand_nlength[2]);
3755 uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
3756 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3758 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3759 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3760 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3761 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3762 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3764 /* Set up expansion variables */
3765 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
3766 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
3767 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3768 prvscheck_address[myptr] = '\0';
3769 prvscheck_keynum = string_copy(key_num);
3771 /* Now expand the second argument */
3772 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
3774 case 1: goto EXPAND_FAILED_CURLY;
3776 case 3: goto EXPAND_FAILED;
3779 /* Now we have the key and can check the address. */
3781 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
3786 expand_string_message = US"hmac-sha1 conversion failed";
3790 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
3791 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
3793 if (Ustrcmp(p,hash) == 0)
3795 /* Success, valid BATV address. Now check the expiry date. */
3796 uschar *now = prvs_daystamp(0);
3797 unsigned int inow = 0,iexpire = 1;
3799 (void)sscanf(CS now,"%u",&inow);
3800 (void)sscanf(CS daystamp,"%u",&iexpire);
3802 /* When "iexpire" is < 7, a "flip" has occured.
3803 Adjust "inow" accordingly. */
3804 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
3808 prvscheck_result = US"1";
3809 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
3813 prvscheck_result = NULL;
3814 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
3819 prvscheck_result = NULL;
3820 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
3823 /* Now expand the final argument. We leave this till now so that
3824 it can include $prvscheck_result. */
3826 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
3828 case 1: goto EXPAND_FAILED_CURLY;
3830 case 3: goto EXPAND_FAILED;
3833 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
3834 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
3836 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3838 /* Reset the "internal" variables afterwards, because they are in
3839 dynamic store that will be reclaimed if the expansion succeeded. */
3841 prvscheck_address = NULL;
3842 prvscheck_keynum = NULL;
3846 /* Does not look like a prvs encoded address, return the empty string.
3847 We need to make sure all subs are expanded first, so as to skip over
3850 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
3852 case 1: goto EXPAND_FAILED_CURLY;
3854 case 3: goto EXPAND_FAILED;
3861 /* Handle "readfile" to insert an entire file */
3863 case EITEM_READFILE:
3868 if ((expand_forbid & RDO_READFILE) != 0)
3870 expand_string_message = US"file insertions are not permitted";
3874 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3876 case 1: goto EXPAND_FAILED_CURLY;
3878 case 3: goto EXPAND_FAILED;
3881 /* If skipping, we don't actually do anything */
3883 if (skipping) continue;
3885 /* Open the file and read it */
3887 f = Ufopen(sub_arg[0], "rb");
3890 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3894 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3899 /* Handle "readsocket" to insert data from a Unix domain socket */
3901 case EITEM_READSOCK:
3907 struct sockaddr_un sockun; /* don't call this "sun" ! */
3911 if ((expand_forbid & RDO_READSOCK) != 0)
3913 expand_string_message = US"socket insertions are not permitted";
3917 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3918 because there may be a string for expansion on failure. */
3920 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3922 case 1: goto EXPAND_FAILED_CURLY;
3923 case 2: /* Won't occur: no end check */
3924 case 3: goto EXPAND_FAILED;
3927 /* Sort out timeout, if given */
3929 if (sub_arg[2] != NULL)
3931 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3934 expand_string_message = string_sprintf("bad time value %s",
3939 else sub_arg[3] = NULL; /* No eol if no timeout */
3941 /* If skipping, we don't actually do anything. Otherwise, arrange to
3942 connect to either an IP or a Unix socket. */
3946 /* Handle an IP (internet) domain */
3948 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
3950 BOOL connected = FALSE;
3954 uschar *server_name = sub_arg[0] + 5;
3955 uschar *port_name = Ustrrchr(server_name, ':');
3957 /* Sort out the port */
3959 if (port_name == NULL)
3961 expand_string_message =
3962 string_sprintf("missing port for readsocket %s", sub_arg[0]);
3965 *port_name++ = 0; /* Terminate server name */
3967 if (isdigit(*port_name))
3970 port = Ustrtol(port_name, &end, 0);
3971 if (end != port_name + Ustrlen(port_name))
3973 expand_string_message =
3974 string_sprintf("invalid port number %s", port_name);
3980 struct servent *service_info = getservbyname(CS port_name, "tcp");
3981 if (service_info == NULL)
3983 expand_string_message = string_sprintf("unknown port \"%s\"",
3987 port = ntohs(service_info->s_port);
3990 /* Sort out the server. */
3993 shost.address = NULL;
3997 namelen = Ustrlen(server_name);
3999 /* Anything enclosed in [] must be an IP address. */
4001 if (server_name[0] == '[' &&
4002 server_name[namelen - 1] == ']')
4004 server_name[namelen - 1] = 0;
4006 if (string_is_ip_address(server_name, NULL) == 0)
4008 expand_string_message =
4009 string_sprintf("malformed IP address \"%s\"", server_name);
4012 shost.name = shost.address = server_name;
4015 /* Otherwise check for an unadorned IP address */
4017 else if (string_is_ip_address(server_name, NULL) != 0)
4018 shost.name = shost.address = server_name;
4020 /* Otherwise lookup IP address(es) from the name */
4024 shost.name = server_name;
4025 if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
4026 FALSE) != HOST_FOUND)
4028 expand_string_message =
4029 string_sprintf("no IP address found for host %s", shost.name);
4034 /* Try to connect to the server - test each IP till one works */
4036 for (h = &shost; h != NULL; h = h->next)
4038 int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
4039 if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
4041 expand_string_message = string_sprintf("failed to create socket: "
4042 "%s", strerror(errno));
4046 if (ip_connect(fd, af, h->address, port, timeout) == 0)
4055 expand_string_message = string_sprintf("failed to connect to "
4056 "socket %s: couldn't connect to any host", sub_arg[0],
4062 /* Handle a Unix domain socket */
4067 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4069 expand_string_message = string_sprintf("failed to create socket: %s",
4074 sockun.sun_family = AF_UNIX;
4075 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4078 sigalrm_seen = FALSE;
4080 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4084 expand_string_message = US "socket connect timed out";
4089 expand_string_message = string_sprintf("failed to connect to socket "
4090 "%s: %s", sub_arg[0], strerror(errno));
4095 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4097 /* Write the request string, if not empty */
4099 if (sub_arg[1][0] != 0)
4101 int len = Ustrlen(sub_arg[1]);
4102 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4104 if (write(fd, sub_arg[1], len) != len)
4106 expand_string_message = string_sprintf("request write to socket "
4107 "failed: %s", strerror(errno));
4112 /* Shut down the sending side of the socket. This helps some servers to
4113 recognise that it is their turn to do some work. Just in case some
4114 system doesn't have this function, make it conditional. */
4117 shutdown(fd, SHUT_WR);
4120 /* Now we need to read from the socket, under a timeout. The function
4121 that reads a file can be used. */
4123 f = fdopen(fd, "rb");
4124 sigalrm_seen = FALSE;
4126 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4130 /* After a timeout, we restore the pointer in the result, that is,
4131 make sure we add nothing from the socket. */
4136 expand_string_message = US "socket read timed out";
4141 /* The whole thing has worked (or we were skipping). If there is a
4142 failure string following, we need to skip it. */
4146 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
4148 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4149 while (isspace(*s)) s++;
4151 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4154 /* Come here on failure to create socket, connect socket, write to the
4155 socket, or timeout on reading. If another substring follows, expand and
4156 use it. Otherwise, those conditions give expand errors. */
4159 if (*s != '{') goto EXPAND_FAILED;
4160 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
4161 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
4162 if (arg == NULL) goto EXPAND_FAILED;
4163 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4164 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4165 while (isspace(*s)) s++;
4166 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4170 /* Handle "run" to execute a program. */
4182 if ((expand_forbid & RDO_RUN) != 0)
4184 expand_string_message = US"running a command is not permitted";
4188 while (isspace(*s)) s++;
4189 if (*s != '{') goto EXPAND_FAILED_CURLY;
4190 arg = expand_string_internal(s+1, TRUE, &s, skipping);
4191 if (arg == NULL) goto EXPAND_FAILED;
4192 while (isspace(*s)) s++;
4193 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4195 if (skipping) /* Just pretend it worked when we're skipping */
4201 if (!transport_set_up_command(&argv, /* anchor for arg list */
4202 arg, /* raw command */
4203 FALSE, /* don't expand the arguments */
4204 0, /* not relevant when... */
4205 NULL, /* no transporting address */
4206 US"${run} expansion", /* for error messages */
4207 &expand_string_message)) /* where to put error message */
4212 /* Create the child process, making it a group leader. */
4214 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
4218 expand_string_message =
4219 string_sprintf("couldn't create child process: %s", strerror(errno));
4223 /* Nothing is written to the standard input. */
4227 /* Wait for the process to finish, applying the timeout, and inspect its
4228 return code for serious disasters. Simple non-zero returns are passed on.
4231 if ((runrc = child_close(pid, 60)) < 0)
4235 expand_string_message = string_sprintf("command timed out");
4236 killpg(pid, SIGKILL); /* Kill the whole process group */
4239 else if (runrc == -257)
4240 expand_string_message = string_sprintf("wait() failed: %s",
4244 expand_string_message = string_sprintf("command killed by signal %d",
4250 /* Read the pipe to get the command's output into $value (which is kept
4251 in lookup_value). */
4253 f = fdopen(fd_out, "rb");
4254 lookup_value = NULL;
4255 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4259 /* Process the yes/no strings; $value may be useful in both cases */
4261 switch(process_yesno(
4262 skipping, /* were previously skipping */
4263 runrc == 0, /* success/failure indicator */
4264 lookup_value, /* value to reset for string2 */
4265 &s, /* input pointer */
4266 &yield, /* output pointer */
4267 &size, /* output size */
4268 &ptr, /* output current point */
4269 US"run")) /* condition type */
4271 case 1: goto EXPAND_FAILED; /* when all is well, the */
4272 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4278 /* Handle character translation for "tr" */
4286 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
4288 case 1: goto EXPAND_FAILED_CURLY;
4290 case 3: goto EXPAND_FAILED;
4293 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4294 o2m = Ustrlen(sub[2]) - 1;
4296 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4298 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4302 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4309 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4310 expanded arguments. */
4320 int val[2] = { 0, -1 };
4323 /* "length" takes only 2 arguments whereas the others take 2 or 3.
4324 Ensure that sub[2] is set in the ${length case. */
4327 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
4330 case 1: goto EXPAND_FAILED_CURLY;
4332 case 3: goto EXPAND_FAILED;
4335 /* Juggle the arguments if there are only two of them: always move the
4336 string to the last position and make ${length{n}{str}} equivalent to
4337 ${substr{0}{n}{str}}. See the defaults for val[] above. */
4343 if (item_type == EITEM_LENGTH)
4350 for (i = 0; i < 2; i++)
4352 if (sub[i] == NULL) continue;
4353 val[i] = (int)Ustrtol(sub[i], &ret, 10);
4354 if (*ret != 0 || (i != 0 && val[i] < 0))
4356 expand_string_message = string_sprintf("\"%s\" is not a%s number "
4357 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
4363 (item_type == EITEM_HASH)?
4364 compute_hash(sub[2], val[0], val[1], &len) :
4365 (item_type == EITEM_NHASH)?
4366 compute_nhash(sub[2], val[0], val[1], &len) :
4367 extract_substr(sub[2], val[0], val[1], &len);
4369 if (ret == NULL) goto EXPAND_FAILED;
4370 yield = string_cat(yield, &size, &ptr, ret, len);
4374 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
4375 This code originally contributed by Steve Haslam. It currently supports
4376 the use of MD5 and SHA-1 hashes.
4378 We need some workspace that is large enough to handle all the supported
4379 hash types. Use macros to set the sizes rather than be too elaborate. */
4381 #define MAX_HASHLEN 20
4382 #define MAX_HASHBLOCKLEN 64
4391 int hashlen; /* Number of octets for the hash algorithm's output */
4392 int hashblocklen; /* Number of octets the hash algorithm processes */
4394 unsigned int keylen;
4396 uschar keyhash[MAX_HASHLEN];
4397 uschar innerhash[MAX_HASHLEN];
4398 uschar finalhash[MAX_HASHLEN];
4399 uschar finalhash_hex[2*MAX_HASHLEN];
4400 uschar innerkey[MAX_HASHBLOCKLEN];
4401 uschar outerkey[MAX_HASHBLOCKLEN];
4403 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
4405 case 1: goto EXPAND_FAILED_CURLY;
4407 case 3: goto EXPAND_FAILED;
4410 if (Ustrcmp(sub[0], "md5") == 0)
4413 use_base = &md5_base;
4417 else if (Ustrcmp(sub[0], "sha1") == 0)
4420 use_base = &sha1_base;
4426 expand_string_message =
4427 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
4432 keylen = Ustrlen(keyptr);
4434 /* If the key is longer than the hash block length, then hash the key
4437 if (keylen > hashblocklen)
4439 chash_start(type, use_base);
4440 chash_end(type, use_base, keyptr, keylen, keyhash);
4445 /* Now make the inner and outer key values */
4447 memset(innerkey, 0x36, hashblocklen);
4448 memset(outerkey, 0x5c, hashblocklen);
4450 for (i = 0; i < keylen; i++)
4452 innerkey[i] ^= keyptr[i];
4453 outerkey[i] ^= keyptr[i];
4456 /* Now do the hashes */
4458 chash_start(type, use_base);
4459 chash_mid(type, use_base, innerkey);
4460 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
4462 chash_start(type, use_base);
4463 chash_mid(type, use_base, outerkey);
4464 chash_end(type, use_base, innerhash, hashlen, finalhash);
4466 /* Encode the final hash as a hex string */
4469 for (i = 0; i < hashlen; i++)
4471 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
4472 *p++ = hex_digits[finalhash[i] & 0x0f];
4475 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
4476 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
4478 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
4483 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
4484 We have to save the numerical variables and restore them afterwards. */
4489 int moffset, moffsetextra, slen;
4492 const uschar *rerror;
4495 int save_expand_nmax =
4496 save_expand_strings(save_expand_nstring, save_expand_nlength);
4498 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
4500 case 1: goto EXPAND_FAILED_CURLY;
4502 case 3: goto EXPAND_FAILED;
4505 /* Compile the regular expression */
4507 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
4512 expand_string_message = string_sprintf("regular expression error in "
4513 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
4517 /* Now run a loop to do the substitutions as often as necessary. It ends
4518 when there are no more matches. Take care over matches of the null string;
4519 do the same thing as Perl does. */
4522 slen = Ustrlen(sub[0]);
4523 moffset = moffsetextra = 0;
4528 int ovector[3*(EXPAND_MAXN+1)];
4529 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
4530 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
4534 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
4535 is not necessarily the end. We want to repeat the match from one
4536 character further along, but leaving the basic offset the same (for
4537 copying below). We can't be at the end of the string - that was checked
4538 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
4539 finished; copy the remaining string and end the loop. */
4549 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
4553 /* Match - set up for expanding the replacement. */
4555 if (n == 0) n = EXPAND_MAXN + 1;
4557 for (nn = 0; nn < n*2; nn += 2)
4559 expand_nstring[expand_nmax] = subject + ovector[nn];
4560 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4564 /* Copy the characters before the match, plus the expanded insertion. */
4566 yield = string_cat(yield, &size, &ptr, subject + moffset,
4567 ovector[0] - moffset);
4568 insert = expand_string(sub[2]);
4569 if (insert == NULL) goto EXPAND_FAILED;
4570 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
4572 moffset = ovector[1];
4576 /* If we have matched an empty string, first check to see if we are at
4577 the end of the subject. If so, the loop is over. Otherwise, mimic
4578 what Perl's /g options does. This turns out to be rather cunning. First
4579 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
4580 string at the same point. If this fails (picked up above) we advance to
4581 the next character. */
4583 if (ovector[0] == ovector[1])
4585 if (ovector[0] == slen) break;
4586 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
4590 /* All done - restore numerical variables. */
4592 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4593 save_expand_nlength);
4597 /* Handle keyed and numbered substring extraction. If the first argument
4598 consists entirely of digits, then a numerical extraction is assumed. */
4604 int field_number = 1;
4605 BOOL field_number_set = FALSE;
4606 uschar *save_lookup_value = lookup_value;
4608 int save_expand_nmax =
4609 save_expand_strings(save_expand_nstring, save_expand_nlength);
4611 /* Read the arguments */
4613 for (i = 0; i < j; i++)
4615 while (isspace(*s)) s++;
4618 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
4619 if (sub[i] == NULL) goto EXPAND_FAILED;
4620 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4622 /* After removal of leading and trailing white space, the first
4623 argument must not be empty; if it consists entirely of digits
4624 (optionally preceded by a minus sign), this is a numerical
4625 extraction, and we expect 3 arguments. */
4633 while (isspace(*p)) p++;
4637 while (len > 0 && isspace(p[len-1])) len--;
4642 expand_string_message = US"first argument of \"extract\" must "
4652 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
4656 j = 3; /* Need 3 args */
4657 field_number_set = TRUE;
4661 else goto EXPAND_FAILED_CURLY;
4664 /* Extract either the numbered or the keyed substring into $value. If
4665 skipping, just pretend the extraction failed. */
4667 lookup_value = skipping? NULL : field_number_set?
4668 expand_gettokened(field_number, sub[1], sub[2]) :
4669 expand_getkeyed(sub[0], sub[1]);
4671 /* If no string follows, $value gets substituted; otherwise there can
4672 be yes/no strings, as for lookup or if. */
4674 switch(process_yesno(
4675 skipping, /* were previously skipping */
4676 lookup_value != NULL, /* success/failure indicator */
4677 save_lookup_value, /* value to reset for string2 */
4678 &s, /* input pointer */
4679 &yield, /* output pointer */
4680 &size, /* output size */
4681 &ptr, /* output current point */
4682 US"extract")) /* condition type */
4684 case 1: goto EXPAND_FAILED; /* when all is well, the */
4685 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4688 /* All done - restore numerical variables. */
4690 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4691 save_expand_nlength);
4697 /* Handle list operations */
4705 uschar outsep[2] = { '\0', '\0' };
4706 uschar *list, *expr, *temp;
4707 uschar *save_iterate_item = iterate_item;
4708 uschar *save_lookup_value = lookup_value;
4710 while (isspace(*s)) s++;
4711 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
4713 list = expand_string_internal(s, TRUE, &s, skipping);
4714 if (list == NULL) goto EXPAND_FAILED;
4715 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4717 if (item_type == EITEM_REDUCE)
4719 while (isspace(*s)) s++;
4720 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
4721 temp = expand_string_internal(s, TRUE, &s, skipping);
4722 if (temp == NULL) goto EXPAND_FAILED;
4723 lookup_value = temp;
4724 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4727 while (isspace(*s)) s++;
4728 if (*s++ != '{') goto EXPAND_FAILED_CURLY;
4732 /* For EITEM_FILTER, call eval_condition once, with result discarded (as
4733 if scanning a "false" part). This allows us to find the end of the
4734 condition, because if the list is empty, we won't actually evaluate the
4735 condition for real. For EITEM_MAP and EITEM_REDUCE, do the same, using
4736 the normal internal expansion function. */
4738 if (item_type == EITEM_FILTER)
4740 temp = eval_condition(expr, NULL);
4741 if (temp != NULL) s = temp;
4745 temp = expand_string_internal(s, TRUE, &s, TRUE);
4750 expand_string_message = string_sprintf("%s inside \"%s\" item",
4751 expand_string_message, name);
4755 while (isspace(*s)) s++;
4758 expand_string_message = string_sprintf("missing } at end of condition "
4759 "or expression inside \"%s\"", name);
4763 while (isspace(*s)) s++;
4766 expand_string_message = string_sprintf("missing } at end of \"%s\"",
4771 /* If we are skipping, we can now just move on to the next item. When
4772 processing for real, we perform the iteration. */
4774 if (skipping) continue;
4775 while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
4777 *outsep = (uschar)sep; /* Separator as a string */
4779 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
4781 if (item_type == EITEM_FILTER)
4784 if (eval_condition(expr, &condresult) == NULL)
4786 iterate_item = save_iterate_item;
4787 lookup_value = save_lookup_value;
4788 expand_string_message = string_sprintf("%s inside \"%s\" condition",
4789 expand_string_message, name);
4792 DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
4793 condresult? "true":"false");
4795 temp = iterate_item; /* TRUE => include this item */
4797 continue; /* FALSE => skip this item */
4800 /* EITEM_MAP and EITEM_REDUCE */
4804 temp = expand_string_internal(expr, TRUE, NULL, skipping);
4807 iterate_item = save_iterate_item;
4808 expand_string_message = string_sprintf("%s inside \"%s\" item",
4809 expand_string_message, name);
4812 if (item_type == EITEM_REDUCE)
4814 lookup_value = temp; /* Update the value of $value */
4815 continue; /* and continue the iteration */
4819 /* We reach here for FILTER if the condition is true, always for MAP,
4820 and never for REDUCE. The value in "temp" is to be added to the output
4821 list that is being created, ensuring that any occurrences of the
4822 separator character are doubled. Unless we are dealing with the first
4823 item of the output list, add in a space if the new item begins with the
4824 separator character, or is an empty string. */
4826 if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
4827 yield = string_cat(yield, &size, &ptr, US" ", 1);
4829 /* Add the string in "temp" to the output list that we are building,
4830 This is done in chunks by searching for the separator character. */
4834 size_t seglen = Ustrcspn(temp, outsep);
4835 yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
4837 /* If we got to the end of the string we output one character
4838 too many; backup and end the loop. Otherwise arrange to double the
4841 if (temp[seglen] == '\0') { ptr--; break; }
4842 yield = string_cat(yield, &size, &ptr, outsep, 1);
4846 /* Output a separator after the string: we will remove the redundant
4847 final one at the end. */
4849 yield = string_cat(yield, &size, &ptr, outsep, 1);
4850 } /* End of iteration over the list loop */
4852 /* REDUCE has generated no output above: output the final value of
4855 if (item_type == EITEM_REDUCE)
4857 yield = string_cat(yield, &size, &ptr, lookup_value,
4858 Ustrlen(lookup_value));
4859 lookup_value = save_lookup_value; /* Restore $value */
4862 /* FILTER and MAP generate lists: if they have generated anything, remove
4863 the redundant final separator. Even though an empty item at the end of a
4864 list does not count, this is tidier. */
4866 else if (ptr != save_ptr) ptr--;
4868 /* Restore preserved $item */
4870 iterate_item = save_iterate_item;
4875 /* If ${dlfunc support is configured, handle calling dynamically-loaded
4876 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
4877 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
4878 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
4880 #define EXPAND_DLFUNC_MAX_ARGS 8
4883 #ifndef EXPAND_DLFUNC
4884 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
4885 "is not included in this binary";
4888 #else /* EXPAND_DLFUNC */
4891 exim_dlfunc_t *func;
4894 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
4896 if ((expand_forbid & RDO_DLFUNC) != 0)
4898 expand_string_message =
4899 US"dynamically-loaded functions are not permitted";
4903 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
4906 case 1: goto EXPAND_FAILED_CURLY;
4908 case 3: goto EXPAND_FAILED;
4911 /* If skipping, we don't actually do anything */
4913 if (skipping) continue;
4915 /* Look up the dynamically loaded object handle in the tree. If it isn't
4916 found, dlopen() the file and put the handle in the tree for next time. */
4918 t = tree_search(dlobj_anchor, argv[0]);
4921 void *handle = dlopen(CS argv[0], RTLD_LAZY);
4924 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
4925 argv[0], dlerror());
4926 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4929 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
4930 Ustrcpy(t->name, argv[0]);
4931 t->data.ptr = handle;
4932 (void)tree_insertnode(&dlobj_anchor, t);
4935 /* Having obtained the dynamically loaded object handle, look up the
4936 function pointer. */
4938 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
4941 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
4942 "%s", argv[1], argv[0], dlerror());
4943 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4947 /* Call the function and work out what to do with the result. If it
4948 returns OK, we have a replacement string; if it returns DEFER then
4949 expansion has failed in a non-forced manner; if it returns FAIL then
4950 failure was forced; if it returns ERROR or any other value there's a
4951 problem, so panic slightly. */
4954 for (argc = 0; argv[argc] != NULL; argc++);
4955 status = func(&result, argc - 2, &argv[2]);
4958 if (result == NULL) result = US"";
4959 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
4964 expand_string_message = result == NULL ? US"(no message)" : result;
4965 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
4966 else if(status != FAIL)
4967 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
4968 argv[0], argv[1], status, expand_string_message);
4972 #endif /* EXPAND_DLFUNC */
4975 /* Control reaches here if the name is not recognized as one of the more
4976 complicated expansion items. Check for the "operator" syntax (name terminated
4977 by a colon). Some of the operators have arguments, separated by _ from the
4984 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
4985 if (sub == NULL) goto EXPAND_FAILED;
4988 /* Owing to an historical mis-design, an underscore may be part of the
4989 operator name, or it may introduce arguments. We therefore first scan the
4990 table of names that contain underscores. If there is no match, we cut off
4991 the arguments and then scan the main table. */
4993 c = chop_match(name, op_table_underscore,
4994 sizeof(op_table_underscore)/sizeof(uschar *));
4998 arg = Ustrchr(name, '_');
4999 if (arg != NULL) *arg = 0;
5000 c = chop_match(name, op_table_main,
5001 sizeof(op_table_main)/sizeof(uschar *));
5002 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
5003 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
5006 /* If we are skipping, we don't need to perform the operation at all.
5007 This matters for operations like "mask", because the data may not be
5008 in the correct format when skipping. For example, the expression may test
5009 for the existence of $sender_host_address before trying to mask it. For
5010 other operations, doing them may not fail, but it is a waste of time. */
5012 if (skipping && c >= 0) continue;
5014 /* Otherwise, switch on the operator type */
5021 unsigned long int n = Ustrtoul(sub, &t, 10);
5024 expand_string_message = string_sprintf("argument for base62 "
5025 "operator is \"%s\", which is not a decimal number", sub);
5028 t = string_base62(n);
5029 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5033 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
5039 unsigned long int n = 0;
5042 uschar *t = Ustrchr(base62_chars, *tt++);
5045 expand_string_message = string_sprintf("argument for base62d "
5046 "operator is \"%s\", which is not a base %d number", sub,
5050 n = n * BASE_62 + (t - base62_chars);
5052 (void)sprintf(CS buf, "%ld", n);
5053 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
5059 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
5060 if (expanded == NULL)
5062 expand_string_message =
5063 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
5064 expand_string_message);
5067 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
5074 uschar *t = sub - 1;
5075 while (*(++t) != 0) { *t = tolower(*t); count++; }
5076 yield = string_cat(yield, &size, &ptr, sub, count);
5083 uschar *t = sub - 1;
5084 while (*(++t) != 0) { *t = toupper(*t); count++; }
5085 yield = string_cat(yield, &size, &ptr, sub, count);
5096 md5_end(&base, sub, Ustrlen(sub), digest);
5097 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
5098 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5109 sha1_end(&base, sub, Ustrlen(sub), digest);
5110 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
5111 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
5115 /* Convert hex encoding to base64 encoding */
5125 for (enc = sub; *enc != 0; enc++)
5127 if (!isxdigit(*enc))
5129 expand_string_message = string_sprintf("\"%s\" is not a hex "
5138 expand_string_message = string_sprintf("\"%s\" contains an odd "
5139 "number of characters", sub);
5143 while ((c = *in++) != 0)
5145 if (isdigit(c)) c -= '0';
5146 else c = toupper(c) - 'A' + 10;
5158 enc = auth_b64encode(sub, out - sub);
5159 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
5163 /* mask applies a mask to an IP address; for example the result of
5164 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
5171 int mask, maskoffset;
5172 int type = string_is_ip_address(sub, &maskoffset);
5177 expand_string_message = string_sprintf("\"%s\" is not an IP address",
5182 if (maskoffset == 0)
5184 expand_string_message = string_sprintf("missing mask value in \"%s\"",
5189 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
5191 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
5193 expand_string_message = string_sprintf("mask value too big in \"%s\"",
5198 /* Convert the address to binary integer(s) and apply the mask */
5200 sub[maskoffset] = 0;
5201 count = host_aton(sub, binary);
5202 host_mask(count, binary, mask);
5204 /* Convert to masked textual format and add to output. */
5206 yield = string_cat(yield, &size, &ptr, buffer,
5207 host_nmtoa(count, binary, mask, buffer, '.'));
5212 case EOP_LOCAL_PART:
5216 int start, end, domain;
5217 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
5221 if (c != EOP_DOMAIN)
5223 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
5224 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
5226 else if (domain != 0)
5229 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
5237 uschar outsep[2] = { ':', '\0' };
5238 uschar *address, *error;
5240 int start, end, domain; /* Not really used */
5242 while (isspace(*sub)) sub++;
5243 if (*sub == '>') { *outsep = *++sub; ++sub; }
5244 parse_allow_group = TRUE;
5248 uschar *p = parse_find_address_end(sub, FALSE);
5249 uschar saveend = *p;
5251 address = parse_extract_address(sub, &error, &start, &end, &domain,
5255 /* Add the address to the output list that we are building. This is
5256 done in chunks by searching for the separator character. At the
5257 start, unless we are dealing with the first address of the output
5258 list, add in a space if the new address begins with the separator
5259 character, or is an empty string. */
5261 if (address != NULL)
5263 if (ptr != save_ptr && address[0] == *outsep)
5264 yield = string_cat(yield, &size, &ptr, US" ", 1);
5268 size_t seglen = Ustrcspn(address, outsep);
5269 yield = string_cat(yield, &size, &ptr, address, seglen + 1);
5271 /* If we got to the end of the string we output one character
5274 if (address[seglen] == '\0') { ptr--; break; }
5275 yield = string_cat(yield, &size, &ptr, outsep, 1);
5276 address += seglen + 1;
5279 /* Output a separator after the string: we will remove the
5280 redundant final one at the end. */
5282 yield = string_cat(yield, &size, &ptr, outsep, 1);
5285 if (saveend == '\0') break;
5289 /* If we have generated anything, remove the redundant final
5292 if (ptr != save_ptr) ptr--;
5293 parse_allow_group = FALSE;
5298 /* quote puts a string in quotes if it is empty or contains anything
5299 other than alphamerics, underscore, dot, or hyphen.
5301 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
5302 be quoted in order to be a valid local part.
5304 In both cases, newlines and carriage returns are converted into \n and \r
5308 case EOP_QUOTE_LOCAL_PART:
5311 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
5312 uschar *t = sub - 1;
5316 while (!needs_quote && *(++t) != 0)
5317 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
5319 else /* EOP_QUOTE_LOCAL_PART */
5321 while (!needs_quote && *(++t) != 0)
5322 needs_quote = !isalnum(*t) &&
5323 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
5324 (*t != '.' || t == sub || t[1] == 0);
5329 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5334 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
5335 else if (*t == '\r')
5336 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
5339 if (*t == '\\' || *t == '"')
5340 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5341 yield = string_cat(yield, &size, &ptr, t, 1);
5344 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5346 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5350 /* quote_lookuptype does lookup-specific quoting */
5355 uschar *opt = Ustrchr(arg, '_');
5357 if (opt != NULL) *opt++ = 0;
5359 n = search_findtype(arg, Ustrlen(arg));
5362 expand_string_message = search_error_message;
5366 if (lookup_list[n].quote != NULL)
5367 sub = (lookup_list[n].quote)(sub, opt);
5368 else if (opt != NULL) sub = NULL;
5372 expand_string_message = string_sprintf(
5373 "\"%s\" unrecognized after \"${quote_%s\"",
5378 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5382 /* rx quote sticks in \ before any non-alphameric character so that
5383 the insertion works in a regular expression. */
5387 uschar *t = sub - 1;
5391 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5392 yield = string_cat(yield, &size, &ptr, t, 1);
5397 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
5398 prescribed by the RFC, if there are characters that need to be encoded */
5402 uschar buffer[2048];
5403 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
5404 buffer, sizeof(buffer), FALSE);
5405 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
5409 /* RFC 2047 decode */
5415 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
5416 headers_charset, '?', &len, &error);
5419 expand_string_message = error;
5422 yield = string_cat(yield, &size, &ptr, decoded, len);
5426 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
5436 if (c > 255) c = '_';
5438 yield = string_cat(yield, &size, &ptr, buff, 1);
5443 /* escape turns all non-printing characters into escape sequences. */
5447 uschar *t = string_printing(sub);
5448 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5452 /* Handle numeric expression evaluation */
5457 uschar *save_sub = sub;
5458 uschar *error = NULL;
5459 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
5462 expand_string_message = string_sprintf("error in expression "
5463 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
5467 sprintf(CS var_buffer, "%d", n);
5468 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5472 /* Handle time period formating */
5476 int n = readconf_readtime(sub, 0, FALSE);
5479 expand_string_message = string_sprintf("string \"%s\" is not an "
5480 "Exim time interval in \"%s\" operator", sub, name);
5483 sprintf(CS var_buffer, "%d", n);
5484 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5488 case EOP_TIME_INTERVAL:
5491 uschar *t = read_number(&n, sub);
5492 if (*t != 0) /* Not A Number*/
5494 expand_string_message = string_sprintf("string \"%s\" is not a "
5495 "positive number in \"%s\" operator", sub, name);
5498 t = readconf_printtime(n);
5499 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5503 /* Convert string to base64 encoding */
5507 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
5508 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
5512 /* strlen returns the length of the string */
5517 (void)sprintf(CS buff, "%d", Ustrlen(sub));
5518 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
5522 /* length_n or l_n takes just the first n characters or the whole string,
5523 whichever is the shorter;
5525 substr_m_n, and s_m_n take n characters from offset m; negative m take
5526 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
5527 takes the rest, either to the right or to the left.
5529 hash_n or h_n makes a hash of length n from the string, yielding n
5530 characters from the set a-z; hash_n_m makes a hash of length n, but
5531 uses m characters from the set a-zA-Z0-9.
5533 nhash_n returns a single number between 0 and n-1 (in text form), while
5534 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
5535 between 0 and n-1 and the second between 0 and m-1. */
5555 expand_string_message = string_sprintf("missing values after %s",
5560 /* "length" has only one argument, effectively being synonymous with
5563 if (c == EOP_LENGTH || c == EOP_L)
5569 /* The others have one or two arguments; for "substr" the first may be
5570 negative. The second being negative means "not supplied". */
5575 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
5578 /* Read up to two numbers, separated by underscores */
5583 if (arg != ret && *arg == '_' && pn == &value1)
5587 if (arg[1] != 0) arg++;
5589 else if (!isdigit(*arg))
5591 expand_string_message =
5592 string_sprintf("non-digit after underscore in \"%s\"", name);
5595 else *pn = (*pn)*10 + *arg++ - '0';
5599 /* Perform the required operation */
5602 (c == EOP_HASH || c == EOP_H)?
5603 compute_hash(sub, value1, value2, &len) :
5604 (c == EOP_NHASH || c == EOP_NH)?
5605 compute_nhash(sub, value1, value2, &len) :
5606 extract_substr(sub, value1, value2, &len);
5608 if (ret == NULL) goto EXPAND_FAILED;
5609 yield = string_cat(yield, &size, &ptr, ret, len);
5619 uschar **modetable[3];
5624 if ((expand_forbid & RDO_EXISTS) != 0)
5626 expand_string_message = US"Use of the stat() expansion is not permitted";
5630 if (stat(CS sub, &st) < 0)
5632 expand_string_message = string_sprintf("stat(%s) failed: %s",
5633 sub, strerror(errno));
5637 switch (mode & S_IFMT)
5639 case S_IFIFO: smode[0] = 'p'; break;
5640 case S_IFCHR: smode[0] = 'c'; break;
5641 case S_IFDIR: smode[0] = 'd'; break;
5642 case S_IFBLK: smode[0] = 'b'; break;
5643 case S_IFREG: smode[0] = '-'; break;
5644 default: smode[0] = '?'; break;
5647 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
5648 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
5649 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
5651 for (i = 0; i < 3; i++)
5653 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
5658 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
5659 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
5660 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
5661 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
5662 (long)st.st_gid, st.st_size, (long)st.st_atime,
5663 (long)st.st_mtime, (long)st.st_ctime);
5664 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
5668 /* Unknown operator */
5671 expand_string_message =
5672 string_sprintf("unknown expansion operator \"%s\"", name);
5677 /* Handle a plain name. If this is the first thing in the expansion, release
5678 the pre-allocated buffer. If the result data is known to be in a new buffer,
5679 newsize will be set to the size of that buffer, and we can just point at that
5680 store instead of copying. Many expansion strings contain just one reference,
5681 so this is a useful optimization, especially for humungous headers
5682 ($message_headers). */
5694 value = find_variable(name, FALSE, skipping, &newsize);
5697 expand_string_message =
5698 string_sprintf("unknown variable in \"${%s}\"", name);
5699 check_variable_error_message(name);
5702 len = Ustrlen(value);
5703 if (yield == NULL && newsize != 0)
5709 else yield = string_cat(yield, &size, &ptr, value, len);
5713 /* Else there's something wrong */
5715 expand_string_message =
5716 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
5717 "in a variable reference)", name);
5721 /* If we hit the end of the string when ket_ends is set, there is a missing
5722 terminating brace. */
5724 if (ket_ends && *s == 0)
5726 expand_string_message = malformed_header?
5727 US"missing } at end of string - could be header name not terminated by colon"
5729 US"missing } at end of string";
5733 /* Expansion succeeded; yield may still be NULL here if nothing was actually
5734 added to the string. If so, set up an empty string. Add a terminating zero. If
5735 left != NULL, return a pointer to the terminator. */
5737 if (yield == NULL) yield = store_get(1);
5739 if (left != NULL) *left = s;
5741 /* Any stacking store that was used above the final string is no longer needed.
5742 In many cases the final string will be the first one that was got and so there
5743 will be optimal store usage. */
5745 store_reset(yield + ptr + 1);
5748 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
5750 if (skipping) debug_printf("skipping: result is not used\n");
5754 /* This is the failure exit: easiest to program with a goto. We still need
5755 to update the pointer to the terminator, for cases of nested calls with "fail".
5758 EXPAND_FAILED_CURLY:
5759 expand_string_message = malformed_header?
5760 US"missing or misplaced { or } - could be header name not terminated by colon"
5762 US"missing or misplaced { or }";
5764 /* At one point, Exim reset the store to yield (if yield was not NULL), but
5765 that is a bad idea, because expand_string_message is in dynamic store. */
5768 if (left != NULL) *left = s;
5771 debug_printf("failed to expand: %s\n", string);
5772 debug_printf(" error message: %s\n", expand_string_message);
5773 if (expand_string_forcedfail) debug_printf("failure was forced\n");
5779 /* This is the external function call. Do a quick check for any expansion
5780 metacharacters, and if there are none, just return the input string.
5782 Argument: the string to be expanded
5783 Returns: the expanded string, or NULL if expansion failed; if failure was
5784 due to a lookup deferring, search_find_defer will be TRUE
5788 expand_string(uschar *string)
5790 search_find_defer = FALSE;
5791 malformed_header = FALSE;
5792 return (Ustrpbrk(string, "$\\") == NULL)? string :
5793 expand_string_internal(string, FALSE, NULL, FALSE);
5798 /*************************************************
5800 *************************************************/
5802 /* Now and again we want to expand a string and be sure that the result is in a
5803 new bit of store. This function does that.
5805 Argument: the string to be expanded
5806 Returns: the expanded string, always in a new bit of store, or NULL
5810 expand_string_copy(uschar *string)
5812 uschar *yield = expand_string(string);
5813 if (yield == string) yield = string_copy(string);
5819 /*************************************************
5820 * Expand and interpret as an integer *
5821 *************************************************/
5823 /* Expand a string, and convert the result into an integer.
5826 string the string to be expanded
5827 isplus TRUE if a non-negative number is expected
5829 Returns: the integer value, or
5830 -1 for an expansion error ) in both cases, message in
5831 -2 for an integer interpretation error ) expand_string_message
5832 expand_string_message is set NULL for an OK integer
5836 expand_string_integer(uschar *string, BOOL isplus)
5839 uschar *s = expand_string(string);
5840 uschar *msg = US"invalid integer \"%s\"";
5843 /* If expansion failed, expand_string_message will be set. */
5845 if (s == NULL) return -1;
5847 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
5848 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
5849 systems, so we set it zero ourselves. */
5852 expand_string_message = NULL; /* Indicates no error */
5853 value = strtol(CS s, CSS &endptr, 10);
5857 msg = US"integer expected but \"%s\" found";
5859 else if (value < 0 && isplus)
5861 msg = US"non-negative integer expected but \"%s\" found";
5865 /* Ensure we can cast this down to an int */
5866 if (value > INT_MAX || value < INT_MIN) errno = ERANGE;
5868 if (errno != ERANGE)
5870 if (tolower(*endptr) == 'k')
5872 if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE;
5876 else if (tolower(*endptr) == 'm')
5878 if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024))
5880 else value *= 1024*1024;
5884 if (errno == ERANGE)
5885 msg = US"absolute value of integer \"%s\" is too large (overflow)";
5888 while (isspace(*endptr)) endptr++;
5889 if (*endptr == 0) return (int)value;
5893 expand_string_message = string_sprintf(CS msg, s);
5898 /*************************************************
5899 **************************************************
5900 * Stand-alone test program *
5901 **************************************************
5902 *************************************************/
5908 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
5910 int ovector[3*(EXPAND_MAXN+1)];
5911 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
5912 ovector, sizeof(ovector)/sizeof(int));
5913 BOOL yield = n >= 0;
5914 if (n == 0) n = EXPAND_MAXN + 1;
5918 expand_nmax = (setup < 0)? 0 : setup + 1;
5919 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
5921 expand_nstring[expand_nmax] = subject + ovector[nn];
5922 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5930 int main(int argc, uschar **argv)
5933 uschar buffer[1024];
5935 debug_selector = D_v;
5936 debug_file = stderr;
5937 debug_fd = fileno(debug_file);
5938 big_buffer = malloc(big_buffer_size);
5940 for (i = 1; i < argc; i++)
5942 if (argv[i][0] == '+')
5944 debug_trace_memory = 2;
5947 if (isdigit(argv[i][0]))
5948 debug_selector = Ustrtol(argv[i], NULL, 0);
5950 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
5954 eldap_default_servers = argv[i];
5957 mysql_servers = argv[i];
5960 pgsql_servers = argv[i];
5964 else opt_perl_startup = argv[i];
5968 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
5970 expand_nstring[1] = US"string 1....";
5971 expand_nlength[1] = 8;
5975 if (opt_perl_startup != NULL)
5978 printf("Starting Perl interpreter\n");
5979 errstr = init_perl(opt_perl_startup);
5982 printf("** error in perl_startup code: %s\n", errstr);
5983 return EXIT_FAILURE;
5986 #endif /* EXIM_PERL */
5988 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
5990 void *reset_point = store_get(0);
5991 uschar *yield = expand_string(buffer);
5994 printf("%s\n", yield);
5995 store_reset(reset_point);
5999 if (search_find_defer) printf("search_find deferred\n");
6000 printf("Failed: %s\n", expand_string_message);
6001 if (expand_string_forcedfail) printf("Forced failure\n");
6013 /* End of expand.c */