1 /* $Cambridge: exim/src/src/expand.c,v 1.81 2007/02/10 23:51:11 magnus Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2007 */
8 /* See the file NOTICE for conditions of use and distribution. */
11 /* Functions for handling string expansion. */
16 /* Recursively called function */
18 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
21 #ifndef SUPPORT_CRYPTEQ
22 #define SUPPORT_CRYPTEQ
27 #include "lookups/ldap.h"
30 #ifdef SUPPORT_CRYPTEQ
35 extern char* crypt16(char*, char*);
39 /* The handling of crypt16() is a mess. I will record below the analysis of the
40 mess that was sent to me. We decided, however, to make changing this very low
41 priority, because in practice people are moving away from the crypt()
42 algorithms nowadays, so it doesn't seem worth it.
45 There is an algorithm named "crypt16" in Ultrix and Tru64. It crypts
46 the first 8 characters of the password using a 20-round version of crypt
47 (standard crypt does 25 rounds). It then crypts the next 8 characters,
48 or an empty block if the password is less than 9 characters, using a
49 20-round version of crypt and the same salt as was used for the first
50 block. Charaters after the first 16 are ignored. It always generates
51 a 16-byte hash, which is expressed together with the salt as a string
52 of 24 base 64 digits. Here are some links to peruse:
54 http://cvs.pld.org.pl/pam/pamcrypt/crypt16.c?rev=1.2
55 http://seclists.org/bugtraq/1999/Mar/0076.html
57 There's a different algorithm named "bigcrypt" in HP-UX, Digital Unix,
58 and OSF/1. This is the same as the standard crypt if given a password
59 of 8 characters or less. If given more, it first does the same as crypt
60 using the first 8 characters, then crypts the next 8 (the 9th to 16th)
61 using as salt the first two base 64 digits from the first hash block.
62 If the password is more than 16 characters then it crypts the 17th to 24th
63 characters using as salt the first two base 64 digits from the second hash
64 block. And so on: I've seen references to it cutting off the password at
65 40 characters (5 blocks), 80 (10 blocks), or 128 (16 blocks). Some links:
67 http://cvs.pld.org.pl/pam/pamcrypt/bigcrypt.c?rev=1.2
68 http://seclists.org/bugtraq/1999/Mar/0109.html
69 http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/HTML/AA-Q0R2D-
70 TET1_html/sec.c222.html#no_id_208
72 Exim has something it calls "crypt16". It will either use a native
73 crypt16 or its own implementation. A native crypt16 will presumably
74 be the one that I called "crypt16" above. The internal "crypt16"
75 function, however, is a two-block-maximum implementation of what I called
76 "bigcrypt". The documentation matches the internal code.
78 I suspect that whoever did the "crypt16" stuff for Exim didn't realise
79 that crypt16 and bigcrypt were different things.
81 Exim uses the LDAP-style scheme identifier "{crypt16}" to refer
82 to whatever it is using under that name. This unfortunately sets a
83 precedent for using "{crypt16}" to identify two incompatible algorithms
84 whose output can't be distinguished. With "{crypt16}" thus rendered
85 ambiguous, I suggest you deprecate it and invent two new identifiers
86 for the two algorithms.
88 Both crypt16 and bigcrypt are very poor algorithms, btw. Hashing parts
89 of the password separately means they can be cracked separately, so
90 the double-length hash only doubles the cracking effort instead of
91 squaring it. I recommend salted SHA-1 ({SSHA}), or the Blowfish-based
99 /*************************************************
100 * Local statics and tables *
101 *************************************************/
103 /* Table of item names, and corresponding switch numbers. The names must be in
104 alphabetical order. */
106 static uschar *item_table[] = {
144 /* Tables of operator names, and corresponding switch numbers. The names must be
145 in alphabetical order. There are two tables, because underscore is used in some
146 cases to introduce arguments, whereas for other it is part of the name. This is
147 an historical mis-design. */
149 static uschar *op_table_underscore[] = {
152 US"quote_local_part",
159 EOP_QUOTE_LOCAL_PART,
163 static uschar *op_table_main[] = {
195 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
226 /* Table of condition names, and corresponding switch numbers. The names must
227 be in alphabetical order. */
229 static uschar *cond_table[] = {
233 US"==", /* Backward compatibility */
261 US"match_local_part",
283 ECOND_FIRST_DELIVERY,
302 ECOND_MATCH_LOCAL_PART,
312 /* Type for main variable table */
320 /* Type for entries pointing to address/length pairs. Not currently
328 /* Types of table entry */
331 vtype_int, /* value is address of int */
332 vtype_filter_int, /* ditto, but recognized only when filtering */
333 vtype_ino, /* value is address of ino_t (not always an int) */
334 vtype_uid, /* value is address of uid_t (not always an int) */
335 vtype_gid, /* value is address of gid_t (not always an int) */
336 vtype_stringptr, /* value is address of pointer to string */
337 vtype_msgbody, /* as stringptr, but read when first required */
338 vtype_msgbody_end, /* ditto, the end of the message */
339 vtype_msgheaders, /* the message's headers, processed */
340 vtype_msgheaders_raw, /* the message's headers, unprocessed */
341 vtype_localpart, /* extract local part from string */
342 vtype_domain, /* extract domain from string */
343 vtype_recipients, /* extract recipients from recipients list */
344 /* (enabled only during system filtering */
345 vtype_todbsdin, /* value not used; generate BSD inbox tod */
346 vtype_tode, /* value not used; generate tod in epoch format */
347 vtype_todf, /* value not used; generate full tod */
348 vtype_todl, /* value not used; generate log tod */
349 vtype_todlf, /* value not used; generate log file datestamp tod */
350 vtype_todzone, /* value not used; generate time zone only */
351 vtype_todzulu, /* value not used; generate zulu tod */
352 vtype_reply, /* value not used; get reply from headers */
353 vtype_pid, /* value not used; result is pid */
354 vtype_host_lookup, /* value not used; get host name */
355 vtype_load_avg, /* value not used; result is int from os_getloadavg */
356 vtype_pspace, /* partition space; value is T/F for spool/log */
357 vtype_pinodes /* partition inodes; value is T/F for spool/log */
358 #ifdef EXPERIMENTAL_DOMAINKEYS
359 ,vtype_dk_verify /* Serve request out of DomainKeys verification structure */
363 /* This table must be kept in alphabetical order. */
365 static var_entry var_table[] = {
366 /* WARNING: Do not invent variables whose names start acl_c or acl_m because
367 they will be confused with user-creatable ACL variables. */
368 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
369 { "address_data", vtype_stringptr, &deliver_address_data },
370 { "address_file", vtype_stringptr, &address_file },
371 { "address_pipe", vtype_stringptr, &address_pipe },
372 { "authenticated_id", vtype_stringptr, &authenticated_id },
373 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
374 { "authentication_failed",vtype_int, &authentication_failed },
375 #ifdef EXPERIMENTAL_BRIGHTMAIL
376 { "bmi_alt_location", vtype_stringptr, &bmi_alt_location },
377 { "bmi_base64_tracker_verdict", vtype_stringptr, &bmi_base64_tracker_verdict },
378 { "bmi_base64_verdict", vtype_stringptr, &bmi_base64_verdict },
379 { "bmi_deliver", vtype_int, &bmi_deliver },
381 { "body_linecount", vtype_int, &body_linecount },
382 { "body_zerocount", vtype_int, &body_zerocount },
383 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
384 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
385 { "caller_gid", vtype_gid, &real_gid },
386 { "caller_uid", vtype_uid, &real_uid },
387 { "compile_date", vtype_stringptr, &version_date },
388 { "compile_number", vtype_stringptr, &version_cnumber },
389 { "csa_status", vtype_stringptr, &csa_status },
390 #ifdef WITH_OLD_DEMIME
391 { "demime_errorlevel", vtype_int, &demime_errorlevel },
392 { "demime_reason", vtype_stringptr, &demime_reason },
394 #ifdef EXPERIMENTAL_DOMAINKEYS
395 { "dk_domain", vtype_stringptr, &dk_signing_domain },
396 { "dk_is_signed", vtype_dk_verify, NULL },
397 { "dk_result", vtype_dk_verify, NULL },
398 { "dk_selector", vtype_stringptr, &dk_signing_selector },
399 { "dk_sender", vtype_dk_verify, NULL },
400 { "dk_sender_domain", vtype_dk_verify, NULL },
401 { "dk_sender_local_part",vtype_dk_verify, NULL },
402 { "dk_sender_source", vtype_dk_verify, NULL },
403 { "dk_signsall", vtype_dk_verify, NULL },
404 { "dk_status", vtype_dk_verify, NULL },
405 { "dk_testing", vtype_dk_verify, NULL },
407 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
408 { "dnslist_text", vtype_stringptr, &dnslist_text },
409 { "dnslist_value", vtype_stringptr, &dnslist_value },
410 { "domain", vtype_stringptr, &deliver_domain },
411 { "domain_data", vtype_stringptr, &deliver_domain_data },
412 { "exim_gid", vtype_gid, &exim_gid },
413 { "exim_path", vtype_stringptr, &exim_path },
414 { "exim_uid", vtype_uid, &exim_uid },
415 #ifdef WITH_OLD_DEMIME
416 { "found_extension", vtype_stringptr, &found_extension },
418 { "home", vtype_stringptr, &deliver_home },
419 { "host", vtype_stringptr, &deliver_host },
420 { "host_address", vtype_stringptr, &deliver_host_address },
421 { "host_data", vtype_stringptr, &host_data },
422 { "host_lookup_deferred",vtype_int, &host_lookup_deferred },
423 { "host_lookup_failed", vtype_int, &host_lookup_failed },
424 { "inode", vtype_ino, &deliver_inode },
425 { "interface_address", vtype_stringptr, &interface_address },
426 { "interface_port", vtype_int, &interface_port },
427 { "item", vtype_stringptr, &iterate_item },
429 { "ldap_dn", vtype_stringptr, &eldap_dn },
431 { "load_average", vtype_load_avg, NULL },
432 { "local_part", vtype_stringptr, &deliver_localpart },
433 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
434 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
435 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
436 { "local_scan_data", vtype_stringptr, &local_scan_data },
437 { "local_user_gid", vtype_gid, &local_user_gid },
438 { "local_user_uid", vtype_uid, &local_user_uid },
439 { "localhost_number", vtype_int, &host_number },
440 { "log_inodes", vtype_pinodes, (void *)FALSE },
441 { "log_space", vtype_pspace, (void *)FALSE },
442 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
443 #ifdef WITH_CONTENT_SCAN
444 { "malware_name", vtype_stringptr, &malware_name },
446 { "message_age", vtype_int, &message_age },
447 { "message_body", vtype_msgbody, &message_body },
448 { "message_body_end", vtype_msgbody_end, &message_body_end },
449 { "message_body_size", vtype_int, &message_body_size },
450 { "message_exim_id", vtype_stringptr, &message_id },
451 { "message_headers", vtype_msgheaders, NULL },
452 { "message_headers_raw", vtype_msgheaders_raw, NULL },
453 { "message_id", vtype_stringptr, &message_id },
454 { "message_linecount", vtype_int, &message_linecount },
455 { "message_size", vtype_int, &message_size },
456 #ifdef WITH_CONTENT_SCAN
457 { "mime_anomaly_level", vtype_int, &mime_anomaly_level },
458 { "mime_anomaly_text", vtype_stringptr, &mime_anomaly_text },
459 { "mime_boundary", vtype_stringptr, &mime_boundary },
460 { "mime_charset", vtype_stringptr, &mime_charset },
461 { "mime_content_description", vtype_stringptr, &mime_content_description },
462 { "mime_content_disposition", vtype_stringptr, &mime_content_disposition },
463 { "mime_content_id", vtype_stringptr, &mime_content_id },
464 { "mime_content_size", vtype_int, &mime_content_size },
465 { "mime_content_transfer_encoding",vtype_stringptr, &mime_content_transfer_encoding },
466 { "mime_content_type", vtype_stringptr, &mime_content_type },
467 { "mime_decoded_filename", vtype_stringptr, &mime_decoded_filename },
468 { "mime_filename", vtype_stringptr, &mime_filename },
469 { "mime_is_coverletter", vtype_int, &mime_is_coverletter },
470 { "mime_is_multipart", vtype_int, &mime_is_multipart },
471 { "mime_is_rfc822", vtype_int, &mime_is_rfc822 },
472 { "mime_part_count", vtype_int, &mime_part_count },
474 { "n0", vtype_filter_int, &filter_n[0] },
475 { "n1", vtype_filter_int, &filter_n[1] },
476 { "n2", vtype_filter_int, &filter_n[2] },
477 { "n3", vtype_filter_int, &filter_n[3] },
478 { "n4", vtype_filter_int, &filter_n[4] },
479 { "n5", vtype_filter_int, &filter_n[5] },
480 { "n6", vtype_filter_int, &filter_n[6] },
481 { "n7", vtype_filter_int, &filter_n[7] },
482 { "n8", vtype_filter_int, &filter_n[8] },
483 { "n9", vtype_filter_int, &filter_n[9] },
484 { "original_domain", vtype_stringptr, &deliver_domain_orig },
485 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
486 { "originator_gid", vtype_gid, &originator_gid },
487 { "originator_uid", vtype_uid, &originator_uid },
488 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
489 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
490 { "pid", vtype_pid, NULL },
491 { "primary_hostname", vtype_stringptr, &primary_hostname },
492 { "prvscheck_address", vtype_stringptr, &prvscheck_address },
493 { "prvscheck_keynum", vtype_stringptr, &prvscheck_keynum },
494 { "prvscheck_result", vtype_stringptr, &prvscheck_result },
495 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
496 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
497 { "rcpt_count", vtype_int, &rcpt_count },
498 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
499 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
500 { "received_count", vtype_int, &received_count },
501 { "received_for", vtype_stringptr, &received_for },
502 { "received_ip_address", vtype_stringptr, &interface_address },
503 { "received_port", vtype_int, &interface_port },
504 { "received_protocol", vtype_stringptr, &received_protocol },
505 { "received_time", vtype_int, &received_time },
506 { "recipient_data", vtype_stringptr, &recipient_data },
507 { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
508 { "recipients", vtype_recipients, NULL },
509 { "recipients_count", vtype_int, &recipients_count },
510 #ifdef WITH_CONTENT_SCAN
511 { "regex_match_string", vtype_stringptr, ®ex_match_string },
513 { "reply_address", vtype_reply, NULL },
514 { "return_path", vtype_stringptr, &return_path },
515 { "return_size_limit", vtype_int, &bounce_return_size_limit },
516 { "runrc", vtype_int, &runrc },
517 { "self_hostname", vtype_stringptr, &self_hostname },
518 { "sender_address", vtype_stringptr, &sender_address },
519 { "sender_address_data", vtype_stringptr, &sender_address_data },
520 { "sender_address_domain", vtype_domain, &sender_address },
521 { "sender_address_local_part", vtype_localpart, &sender_address },
522 { "sender_data", vtype_stringptr, &sender_data },
523 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
524 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
525 { "sender_host_address", vtype_stringptr, &sender_host_address },
526 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
527 { "sender_host_name", vtype_host_lookup, NULL },
528 { "sender_host_port", vtype_int, &sender_host_port },
529 { "sender_ident", vtype_stringptr, &sender_ident },
530 { "sender_rate", vtype_stringptr, &sender_rate },
531 { "sender_rate_limit", vtype_stringptr, &sender_rate_limit },
532 { "sender_rate_period", vtype_stringptr, &sender_rate_period },
533 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
534 { "sender_verify_failure",vtype_stringptr, &sender_verify_failure },
535 { "sending_ip_address", vtype_stringptr, &sending_ip_address },
536 { "sending_port", vtype_int, &sending_port },
537 { "smtp_active_hostname", vtype_stringptr, &smtp_active_hostname },
538 { "smtp_command", vtype_stringptr, &smtp_cmd_buffer },
539 { "smtp_command_argument", vtype_stringptr, &smtp_cmd_argument },
540 { "smtp_count_at_connection_start", vtype_int, &smtp_accept_count },
541 { "sn0", vtype_filter_int, &filter_sn[0] },
542 { "sn1", vtype_filter_int, &filter_sn[1] },
543 { "sn2", vtype_filter_int, &filter_sn[2] },
544 { "sn3", vtype_filter_int, &filter_sn[3] },
545 { "sn4", vtype_filter_int, &filter_sn[4] },
546 { "sn5", vtype_filter_int, &filter_sn[5] },
547 { "sn6", vtype_filter_int, &filter_sn[6] },
548 { "sn7", vtype_filter_int, &filter_sn[7] },
549 { "sn8", vtype_filter_int, &filter_sn[8] },
550 { "sn9", vtype_filter_int, &filter_sn[9] },
551 #ifdef WITH_CONTENT_SCAN
552 { "spam_bar", vtype_stringptr, &spam_bar },
553 { "spam_report", vtype_stringptr, &spam_report },
554 { "spam_score", vtype_stringptr, &spam_score },
555 { "spam_score_int", vtype_stringptr, &spam_score_int },
557 #ifdef EXPERIMENTAL_SPF
558 { "spf_header_comment", vtype_stringptr, &spf_header_comment },
559 { "spf_received", vtype_stringptr, &spf_received },
560 { "spf_result", vtype_stringptr, &spf_result },
561 { "spf_smtp_comment", vtype_stringptr, &spf_smtp_comment },
563 { "spool_directory", vtype_stringptr, &spool_directory },
564 { "spool_inodes", vtype_pinodes, (void *)TRUE },
565 { "spool_space", vtype_pspace, (void *)TRUE },
566 #ifdef EXPERIMENTAL_SRS
567 { "srs_db_address", vtype_stringptr, &srs_db_address },
568 { "srs_db_key", vtype_stringptr, &srs_db_key },
569 { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient },
570 { "srs_orig_sender", vtype_stringptr, &srs_orig_sender },
571 { "srs_recipient", vtype_stringptr, &srs_recipient },
572 { "srs_status", vtype_stringptr, &srs_status },
574 { "thisaddress", vtype_stringptr, &filter_thisaddress },
575 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
576 { "tls_cipher", vtype_stringptr, &tls_cipher },
577 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
578 { "tod_bsdinbox", vtype_todbsdin, NULL },
579 { "tod_epoch", vtype_tode, NULL },
580 { "tod_full", vtype_todf, NULL },
581 { "tod_log", vtype_todl, NULL },
582 { "tod_logfile", vtype_todlf, NULL },
583 { "tod_zone", vtype_todzone, NULL },
584 { "tod_zulu", vtype_todzulu, NULL },
585 { "value", vtype_stringptr, &lookup_value },
586 { "version_number", vtype_stringptr, &version_string },
587 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
588 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
589 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
590 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
591 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
592 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
595 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
596 static uschar var_buffer[256];
597 static BOOL malformed_header;
599 /* For textual hashes */
601 static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
602 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
605 enum { HMAC_MD5, HMAC_SHA1 };
607 /* For numeric hashes */
609 static unsigned int prime[] = {
610 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
611 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
612 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
614 /* For printing modes in symbolic form */
616 static uschar *mtable_normal[] =
617 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
619 static uschar *mtable_setid[] =
620 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
622 static uschar *mtable_sticky[] =
623 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
627 /*************************************************
628 * Tables for UTF-8 support *
629 *************************************************/
631 /* Table of the number of extra characters, indexed by the first character
632 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
635 static uschar utf8_table1[] = {
636 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
637 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
638 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
639 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
641 /* These are the masks for the data bits in the first byte of a character,
642 indexed by the number of additional bytes. */
644 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
646 /* Get the next UTF-8 character, advancing the pointer. */
648 #define GETUTF8INC(c, ptr) \
650 if ((c & 0xc0) == 0xc0) \
652 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
654 c = (c & utf8_table2[a]) << s; \
658 c |= (*ptr++ & 0x3f) << s; \
663 /*************************************************
664 * Binary chop search on a table *
665 *************************************************/
667 /* This is used for matching expansion items and operators.
670 name the name that is being sought
671 table the table to search
672 table_size the number of items in the table
674 Returns: the offset in the table, or -1
678 chop_match(uschar *name, uschar **table, int table_size)
680 uschar **bot = table;
681 uschar **top = table + table_size;
685 uschar **mid = bot + (top - bot)/2;
686 int c = Ustrcmp(name, *mid);
687 if (c == 0) return mid - table;
688 if (c > 0) bot = mid + 1; else top = mid;
696 /*************************************************
697 * Check a condition string *
698 *************************************************/
700 /* This function is called to expand a string, and test the result for a "true"
701 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
702 forced fail or lookup defer. All store used by the function can be released on
706 condition the condition string
707 m1 text to be incorporated in panic error
710 Returns: TRUE if condition is met, FALSE if not
714 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
717 void *reset_point = store_get(0);
718 uschar *ss = expand_string(condition);
721 if (!expand_string_forcedfail && !search_find_defer)
722 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
723 "for %s %s: %s", condition, m1, m2, expand_string_message);
726 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
727 strcmpic(ss, US"false") != 0;
728 store_reset(reset_point);
734 /*************************************************
735 * Pick out a name from a string *
736 *************************************************/
738 /* If the name is too long, it is silently truncated.
741 name points to a buffer into which to put the name
742 max is the length of the buffer
743 s points to the first alphabetic character of the name
744 extras chars other than alphanumerics to permit
746 Returns: pointer to the first character after the name
748 Note: The test for *s != 0 in the while loop is necessary because
749 Ustrchr() yields non-NULL if the character is zero (which is not something
753 read_name(uschar *name, int max, uschar *s, uschar *extras)
756 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
758 if (ptr < max-1) name[ptr++] = *s;
767 /*************************************************
768 * Pick out the rest of a header name *
769 *************************************************/
771 /* A variable name starting $header_ (or just $h_ for those who like
772 abbreviations) might not be the complete header name because headers can
773 contain any printing characters in their names, except ':'. This function is
774 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
775 on the end, if the name was terminated by white space.
778 name points to a buffer in which the name read so far exists
779 max is the length of the buffer
780 s points to the first character after the name so far, i.e. the
781 first non-alphameric character after $header_xxxxx
783 Returns: a pointer to the first character after the header name
787 read_header_name(uschar *name, int max, uschar *s)
789 int prelen = Ustrchr(name, '_') - name + 1;
790 int ptr = Ustrlen(name) - prelen;
791 if (ptr > 0) memmove(name, name+prelen, ptr);
792 while (mac_isgraph(*s) && *s != ':')
794 if (ptr < max-1) name[ptr++] = *s;
805 /*************************************************
806 * Pick out a number from a string *
807 *************************************************/
810 n points to an integer into which to put the number
811 s points to the first digit of the number
813 Returns: a pointer to the character after the last digit
817 read_number(int *n, uschar *s)
820 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
826 /*************************************************
827 * Extract keyed subfield from a string *
828 *************************************************/
830 /* The yield is in dynamic store; NULL means that the key was not found.
833 key points to the name of the key
834 s points to the string from which to extract the subfield
836 Returns: NULL if the subfield was not found, or
837 a pointer to the subfield's data
841 expand_getkeyed(uschar *key, uschar *s)
843 int length = Ustrlen(key);
844 while (isspace(*s)) s++;
846 /* Loop to search for the key */
854 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
855 dkeylength = s - dkey;
856 while (isspace(*s)) s++;
857 if (*s == '=') while (isspace((*(++s))));
859 data = string_dequote(&s);
860 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
863 while (isspace(*s)) s++;
872 /*************************************************
873 * Extract numbered subfield from string *
874 *************************************************/
876 /* Extracts a numbered field from a string that is divided by tokens - for
877 example a line from /etc/passwd is divided by colon characters. First field is
878 numbered one. Negative arguments count from the right. Zero returns the whole
879 string. Returns NULL if there are insufficient tokens in the string
882 Modifies final argument - this is a dynamically generated string, so that's OK.
885 field number of field to be extracted,
886 first field = 1, whole string = 0, last field = -1
887 separators characters that are used to break string into tokens
888 s points to the string from which to extract the subfield
890 Returns: NULL if the field was not found,
891 a pointer to the field's data inside s (modified to add 0)
895 expand_gettokened (int field, uschar *separators, uschar *s)
900 uschar *fieldtext = NULL;
902 if (field == 0) return s;
904 /* Break the line up into fields in place; for field > 0 we stop when we have
905 done the number of fields we want. For field < 0 we continue till the end of
906 the string, counting the number of fields. */
908 count = (field > 0)? field : INT_MAX;
914 /* Previous field was the last one in the string. For a positive field
915 number, this means there are not enough fields. For a negative field number,
916 check that there are enough, and scan back to find the one that is wanted. */
920 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
921 if ((-field) == (INT_MAX - count - 1)) return s;
925 while (ss[-1] != 0) ss--;
931 /* Previous field was not last in the string; save its start and put a
935 len = Ustrcspn(ss, separators);
946 /*************************************************
947 * Extract a substring from a string *
948 *************************************************/
950 /* Perform the ${substr or ${length expansion operations.
953 subject the input string
954 value1 the offset from the start of the input string to the start of
955 the output string; if negative, count from the right.
956 value2 the length of the output string, or negative (-1) for unset
957 if value1 is positive, unset means "all after"
958 if value1 is negative, unset means "all before"
959 len set to the length of the returned string
961 Returns: pointer to the output string, or NULL if there is an error
965 extract_substr(uschar *subject, int value1, int value2, int *len)
967 int sublen = Ustrlen(subject);
969 if (value1 < 0) /* count from right */
973 /* If the position is before the start, skip to the start, and adjust the
974 length. If the length ends up negative, the substring is null because nothing
975 can precede. This falls out naturally when the length is unset, meaning "all
981 if (value2 < 0) value2 = 0;
985 /* Otherwise an unset length => characters before value1 */
994 /* For a non-negative offset, if the starting position is past the end of the
995 string, the result will be the null string. Otherwise, an unset length means
996 "rest"; just set it to the maximum - it will be cut down below if necessary. */
1000 if (value1 > sublen)
1005 else if (value2 < 0) value2 = sublen;
1008 /* Cut the length down to the maximum possible for the offset value, and get
1009 the required characters. */
1011 if (value1 + value2 > sublen) value2 = sublen - value1;
1013 return subject + value1;
1019 /*************************************************
1020 * Old-style hash of a string *
1021 *************************************************/
1023 /* Perform the ${hash expansion operation.
1026 subject the input string (an expanded substring)
1027 value1 the length of the output string; if greater or equal to the
1028 length of the input string, the input string is returned
1029 value2 the number of hash characters to use, or 26 if negative
1030 len set to the length of the returned string
1032 Returns: pointer to the output string, or NULL if there is an error
1036 compute_hash(uschar *subject, int value1, int value2, int *len)
1038 int sublen = Ustrlen(subject);
1040 if (value2 < 0) value2 = 26;
1041 else if (value2 > Ustrlen(hashcodes))
1043 expand_string_message =
1044 string_sprintf("hash count \"%d\" too big", value2);
1048 /* Calculate the hash text. We know it is shorter than the original string, so
1049 can safely place it in subject[] (we know that subject is always itself an
1050 expanded substring). */
1052 if (value1 < sublen)
1057 while ((c = (subject[j])) != 0)
1059 int shift = (c + j++) & 7;
1060 subject[i] ^= (c << shift) | (c >> (8-shift));
1061 if (++i >= value1) i = 0;
1063 for (i = 0; i < value1; i++)
1064 subject[i] = hashcodes[(subject[i]) % value2];
1066 else value1 = sublen;
1075 /*************************************************
1076 * Numeric hash of a string *
1077 *************************************************/
1079 /* Perform the ${nhash expansion operation. The first characters of the
1080 string are treated as most important, and get the highest prime numbers.
1083 subject the input string
1084 value1 the maximum value of the first part of the result
1085 value2 the maximum value of the second part of the result,
1086 or negative to produce only a one-part result
1087 len set to the length of the returned string
1089 Returns: pointer to the output string, or NULL if there is an error.
1093 compute_nhash (uschar *subject, int value1, int value2, int *len)
1095 uschar *s = subject;
1097 unsigned long int total = 0; /* no overflow */
1101 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
1102 total += prime[i--] * (unsigned int)(*s++);
1105 /* If value2 is unset, just compute one number */
1109 s = string_sprintf("%d", total % value1);
1112 /* Otherwise do a div/mod hash */
1116 total = total % (value1 * value2);
1117 s = string_sprintf("%d/%d", total/value2, total % value2);
1128 /*************************************************
1129 * Find the value of a header or headers *
1130 *************************************************/
1132 /* Multiple instances of the same header get concatenated, and this function
1133 can also return a concatenation of all the header lines. When concatenating
1134 specific headers that contain lists of addresses, a comma is inserted between
1135 them. Otherwise we use a straight concatenation. Because some messages can have
1136 pathologically large number of lines, there is a limit on the length that is
1137 returned. Also, to avoid massive store use which would result from using
1138 string_cat() as it copies and extends strings, we do a preliminary pass to find
1139 out exactly how much store will be needed. On "normal" messages this will be
1143 name the name of the header, without the leading $header_ or $h_,
1144 or NULL if a concatenation of all headers is required
1145 exists_only TRUE if called from a def: test; don't need to build a string;
1146 just return a string that is not "" and not "0" if the header
1148 newsize return the size of memory block that was obtained; may be NULL
1149 if exists_only is TRUE
1150 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
1151 other than concatenating, will be done on the header. Also used
1152 for $message_headers_raw.
1153 charset name of charset to translate MIME words to; used only if
1154 want_raw is false; if NULL, no translation is done (this is
1155 used for $bh_ and $bheader_)
1157 Returns: NULL if the header does not exist, else a pointer to a new
1162 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1165 BOOL found = name == NULL;
1167 int len = found? 0 : Ustrlen(name);
1169 uschar *yield = NULL;
1172 /* Loop for two passes - saves code repetition */
1174 for (i = 0; i < 2; i++)
1179 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1181 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1183 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1188 if (exists_only) return US"1"; /* don't need actual string */
1190 t = h->text + len; /* text to insert */
1191 if (!want_raw) /* unless wanted raw, */
1192 while (isspace(*t)) t++; /* remove leading white space */
1193 ilen = h->slen - (t - h->text); /* length to insert */
1195 /* Unless wanted raw, remove trailing whitespace, including the
1199 while (ilen > 0 && isspace(t[ilen-1])) ilen--;
1201 /* Set comma = 1 if handling a single header and it's one of those
1202 that contains an address list, except when asked for raw headers. Only
1203 need to do this once. */
1205 if (!want_raw && name != NULL && comma == 0 &&
1206 Ustrchr("BCFRST", h->type) != NULL)
1209 /* First pass - compute total store needed; second pass - compute
1210 total store used, including this header. */
1212 size += ilen + comma + 1; /* +1 for the newline */
1214 /* Second pass - concatentate the data, up to a maximum. Note that
1215 the loop stops when size hits the limit. */
1219 if (size > header_insert_maxlen)
1221 ilen -= size - header_insert_maxlen - 1;
1224 Ustrncpy(ptr, t, ilen);
1227 /* For a non-raw header, put in the comma if needed, then add
1228 back the newline we removed above, provided there was some text in
1231 if (!want_raw && ilen > 0)
1233 if (comma != 0) *ptr++ = ',';
1241 /* At end of first pass, return NULL if no header found. Then truncate size
1242 if necessary, and get the buffer to hold the data, returning the buffer size.
1247 if (!found) return NULL;
1248 if (size > header_insert_maxlen) size = header_insert_maxlen;
1249 *newsize = size + 1;
1250 ptr = yield = store_get(*newsize);
1254 /* That's all we do for raw header expansion. */
1261 /* Otherwise, remove a final newline and a redundant added comma. Then we do
1262 RFC 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1263 function can return an error with decoded data if the charset translation
1264 fails. If decoding fails, it returns NULL. */
1268 uschar *decoded, *error;
1269 if (ptr > yield && ptr[-1] == '\n') ptr--;
1270 if (ptr > yield && comma != 0 && ptr[-1] == ',') ptr--;
1272 decoded = rfc2047_decode2(yield, check_rfc2047_length, charset, '?', NULL,
1276 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1277 " input was: %s\n", error, yield);
1279 if (decoded != NULL) yield = decoded;
1288 /*************************************************
1289 * Find value of a variable *
1290 *************************************************/
1292 /* The table of variables is kept in alphabetic order, so we can search it
1293 using a binary chop. The "choplen" variable is nothing to do with the binary
1297 name the name of the variable being sought
1298 exists_only TRUE if this is a def: test; passed on to find_header()
1299 skipping TRUE => skip any processing evaluation; this is not the same as
1300 exists_only because def: may test for values that are first
1302 newsize pointer to an int which is initially zero; if the answer is in
1303 a new memory buffer, *newsize is set to its size
1305 Returns: NULL if the variable does not exist, or
1306 a pointer to the variable's contents, or
1307 something non-NULL if exists_only is TRUE
1311 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1314 int last = var_table_size;
1316 /* Handle ACL variables, whose names are of the form acl_cxxx or acl_mxxx.
1317 Originally, xxx had to be a number in the range 0-9 (later 0-19), but from
1318 release 4.64 onwards arbitrary names are permitted, as long as the first 5
1319 characters are acl_c or acl_m and the sixth is either a digit or an underscore
1320 (this gave backwards compatibility at the changeover). There may be built-in
1321 variables whose names start acl_ but they should never start in this way. This
1322 slightly messy specification is a consequence of the history, needless to say.
1324 If an ACL variable does not exist, treat it as empty, unless strict_acl_vars is
1325 set, in which case give an error. */
1327 if ((Ustrncmp(name, "acl_c", 5) == 0 || Ustrncmp(name, "acl_m", 5) == 0) &&
1331 tree_search((name[4] == 'c')? acl_var_c : acl_var_m, name + 4);
1332 return (node == NULL)? (strict_acl_vars? NULL : US"") : node->data.ptr;
1335 /* Handle $auth<n> variables. */
1337 if (Ustrncmp(name, "auth", 4) == 0)
1340 int n = Ustrtoul(name + 4, &endptr, 10);
1341 if (*endptr == 0 && n != 0 && n <= AUTH_VARS)
1342 return (auth_vars[n-1] == NULL)? US"" : auth_vars[n-1];
1345 /* For all other variables, search the table */
1347 while (last > first)
1351 int middle = (first + last)/2;
1352 int c = Ustrcmp(name, var_table[middle].name);
1354 if (c > 0) { first = middle + 1; continue; }
1355 if (c < 0) { last = middle; continue; }
1357 /* Found an existing variable. If in skipping state, the value isn't needed,
1358 and we want to avoid processing (such as looking up the host name). */
1360 if (skipping) return US"";
1362 switch (var_table[middle].type)
1364 #ifdef EXPERIMENTAL_DOMAINKEYS
1366 case vtype_dk_verify:
1367 if (dk_verify_block == NULL) return US"";
1369 if (Ustrcmp(var_table[middle].name, "dk_result") == 0)
1370 s = dk_verify_block->result_string;
1371 if (Ustrcmp(var_table[middle].name, "dk_sender") == 0)
1372 s = dk_verify_block->address;
1373 if (Ustrcmp(var_table[middle].name, "dk_sender_domain") == 0)
1374 s = dk_verify_block->domain;
1375 if (Ustrcmp(var_table[middle].name, "dk_sender_local_part") == 0)
1376 s = dk_verify_block->local_part;
1378 if (Ustrcmp(var_table[middle].name, "dk_sender_source") == 0)
1379 switch(dk_verify_block->address_source) {
1380 case DK_EXIM_ADDRESS_NONE: s = US"0"; break;
1381 case DK_EXIM_ADDRESS_FROM_FROM: s = US"from"; break;
1382 case DK_EXIM_ADDRESS_FROM_SENDER: s = US"sender"; break;
1385 if (Ustrcmp(var_table[middle].name, "dk_status") == 0)
1386 switch(dk_verify_block->result) {
1387 case DK_EXIM_RESULT_ERR: s = US"error"; break;
1388 case DK_EXIM_RESULT_BAD_FORMAT: s = US"bad format"; break;
1389 case DK_EXIM_RESULT_NO_KEY: s = US"no key"; break;
1390 case DK_EXIM_RESULT_NO_SIGNATURE: s = US"no signature"; break;
1391 case DK_EXIM_RESULT_REVOKED: s = US"revoked"; break;
1392 case DK_EXIM_RESULT_NON_PARTICIPANT: s = US"non-participant"; break;
1393 case DK_EXIM_RESULT_GOOD: s = US"good"; break;
1394 case DK_EXIM_RESULT_BAD: s = US"bad"; break;
1397 if (Ustrcmp(var_table[middle].name, "dk_signsall") == 0)
1398 s = (dk_verify_block->signsall)? US"1" : US"0";
1400 if (Ustrcmp(var_table[middle].name, "dk_testing") == 0)
1401 s = (dk_verify_block->testing)? US"1" : US"0";
1403 if (Ustrcmp(var_table[middle].name, "dk_is_signed") == 0)
1404 s = (dk_verify_block->is_signed)? US"1" : US"0";
1406 return (s == NULL)? US"" : s;
1409 case vtype_filter_int:
1410 if (!filter_running) return NULL;
1414 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1418 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1422 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1426 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1429 case vtype_stringptr: /* Pointer to string */
1430 s = *((uschar **)(var_table[middle].value));
1431 return (s == NULL)? US"" : s;
1434 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1437 case vtype_load_avg:
1438 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1441 case vtype_host_lookup: /* Lookup if not done so */
1442 if (sender_host_name == NULL && sender_host_address != NULL &&
1443 !host_lookup_failed && host_name_lookup() == OK)
1444 host_build_sender_fullhost();
1445 return (sender_host_name == NULL)? US"" : sender_host_name;
1447 case vtype_localpart: /* Get local part from address */
1448 s = *((uschar **)(var_table[middle].value));
1449 if (s == NULL) return US"";
1450 domain = Ustrrchr(s, '@');
1451 if (domain == NULL) return s;
1452 if (domain - s > sizeof(var_buffer) - 1)
1453 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1454 "string expansion", sizeof(var_buffer));
1455 Ustrncpy(var_buffer, s, domain - s);
1456 var_buffer[domain - s] = 0;
1459 case vtype_domain: /* Get domain from address */
1460 s = *((uschar **)(var_table[middle].value));
1461 if (s == NULL) return US"";
1462 domain = Ustrrchr(s, '@');
1463 return (domain == NULL)? US"" : domain + 1;
1465 case vtype_msgheaders:
1466 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1468 case vtype_msgheaders_raw:
1469 return find_header(NULL, exists_only, newsize, TRUE, NULL);
1471 case vtype_msgbody: /* Pointer to msgbody string */
1472 case vtype_msgbody_end: /* Ditto, the end of the msg */
1473 ss = (uschar **)(var_table[middle].value);
1474 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1477 off_t start_offset = SPOOL_DATA_START_OFFSET;
1478 int len = message_body_visible;
1479 if (len > message_size) len = message_size;
1480 *ss = body = store_malloc(len+1);
1482 if (var_table[middle].type == vtype_msgbody_end)
1484 struct stat statbuf;
1485 if (fstat(deliver_datafile, &statbuf) == 0)
1487 start_offset = statbuf.st_size - len;
1488 if (start_offset < SPOOL_DATA_START_OFFSET)
1489 start_offset = SPOOL_DATA_START_OFFSET;
1492 lseek(deliver_datafile, start_offset, SEEK_SET);
1493 len = read(deliver_datafile, body, len);
1499 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1503 return (*ss == NULL)? US"" : *ss;
1505 case vtype_todbsdin: /* BSD inbox time of day */
1506 return tod_stamp(tod_bsdin);
1508 case vtype_tode: /* Unix epoch time of day */
1509 return tod_stamp(tod_epoch);
1511 case vtype_todf: /* Full time of day */
1512 return tod_stamp(tod_full);
1514 case vtype_todl: /* Log format time of day */
1515 return tod_stamp(tod_log_bare); /* (without timezone) */
1517 case vtype_todzone: /* Time zone offset only */
1518 return tod_stamp(tod_zone);
1520 case vtype_todzulu: /* Zulu time */
1521 return tod_stamp(tod_zulu);
1523 case vtype_todlf: /* Log file datestamp tod */
1524 return tod_stamp(tod_log_datestamp);
1526 case vtype_reply: /* Get reply address */
1527 s = find_header(US"reply-to:", exists_only, newsize, TRUE,
1529 if (s != NULL) while (isspace(*s)) s++;
1530 if (s == NULL || *s == 0)
1532 *newsize = 0; /* For the *s==0 case */
1533 s = find_header(US"from:", exists_only, newsize, TRUE, headers_charset);
1538 while (isspace(*s)) s++;
1539 for (t = s; *t != 0; t++) if (*t == '\n') *t = ' ';
1540 while (t > s && isspace(t[-1])) t--;
1543 return (s == NULL)? US"" : s;
1545 /* A recipients list is available only during system message filtering,
1546 during ACL processing after DATA, and while expanding pipe commands
1547 generated from a system filter, but not elsewhere. */
1549 case vtype_recipients:
1550 if (!enable_dollar_recipients) return NULL; else
1555 s = store_get(size);
1556 for (i = 0; i < recipients_count; i++)
1558 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1559 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1560 Ustrlen(recipients_list[i].address));
1562 s[ptr] = 0; /* string_cat() leaves room */
1569 sprintf(CS var_buffer, "%d",
1570 receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes));
1577 (void) receive_statvfs(var_table[middle].value == (void *)TRUE, &inodes);
1578 sprintf(CS var_buffer, "%d", inodes);
1584 return NULL; /* Unknown variable name */
1590 /*************************************************
1591 * Read and expand substrings *
1592 *************************************************/
1594 /* This function is called to read and expand argument substrings for various
1595 expansion items. Some have a minimum requirement that is less than the maximum;
1596 in these cases, the first non-present one is set to NULL.
1599 sub points to vector of pointers to set
1600 n maximum number of substrings
1602 sptr points to current string pointer
1603 skipping the skipping flag
1604 check_end if TRUE, check for final '}'
1605 name name of item, for error message
1607 Returns: 0 OK; string pointer updated
1608 1 curly bracketing error (too few arguments)
1609 2 too many arguments (only if check_end is set); message set
1610 3 other error (expansion failure)
1614 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1615 BOOL check_end, uschar *name)
1620 while (isspace(*s)) s++;
1621 for (i = 0; i < n; i++)
1625 if (i < m) return 1;
1629 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1630 if (sub[i] == NULL) return 3;
1631 if (*s++ != '}') return 1;
1632 while (isspace(*s)) s++;
1634 if (check_end && *s++ != '}')
1638 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1639 "(max is %d)", name, n);
1652 /*************************************************
1653 * Elaborate message for bad variable *
1654 *************************************************/
1656 /* For the "unknown variable" message, take a look at the variable's name, and
1657 give additional information about possible ACL variables. The extra information
1658 is added on to expand_string_message.
1660 Argument: the name of the variable
1665 check_variable_error_message(uschar *name)
1667 if (Ustrncmp(name, "acl_", 4) == 0)
1668 expand_string_message = string_sprintf("%s (%s)", expand_string_message,
1669 (name[4] == 'c' || name[4] == 'm')?
1671 US"6th character of a user-defined ACL variable must be a digit or underscore" :
1672 US"strict_acl_vars is set" /* Syntax is OK, it has to be this */
1674 US"user-defined ACL variables must start acl_c or acl_m");
1679 /*************************************************
1680 * Read and evaluate a condition *
1681 *************************************************/
1685 s points to the start of the condition text
1686 yield points to a BOOL to hold the result of the condition test;
1687 if NULL, we are just reading through a condition that is
1688 part of an "or" combination to check syntax, or in a state
1689 where the answer isn't required
1691 Returns: a pointer to the first character after the condition, or
1696 eval_condition(uschar *s, BOOL *yield)
1698 BOOL testfor = TRUE;
1699 BOOL tempcond, combined_cond;
1701 int i, rc, cond_type, roffset;
1703 struct stat statbuf;
1708 const uschar *rerror;
1712 while (isspace(*s)) s++;
1713 if (*s == '!') { testfor = !testfor; s++; } else break;
1716 /* Numeric comparisons are symbolic */
1718 if (*s == '=' || *s == '>' || *s == '<')
1730 /* All other conditions are named */
1732 else s = read_name(name, 256, s, US"_");
1734 /* If we haven't read a name, it means some non-alpha character is first. */
1738 expand_string_message = string_sprintf("condition name expected, "
1739 "but found \"%.16s\"", s);
1743 /* Find which condition we are dealing with, and switch on it */
1745 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1748 /* def: tests for a non-empty variable, or for the existence of a header. If
1749 yield == NULL we are in a skipping state, and don't care about the answer. */
1754 expand_string_message = US"\":\" expected after \"def\"";
1758 s = read_name(name, 256, s+1, US"_");
1760 /* Test for a header's existence. If the name contains a closing brace
1761 character, this may be a user error where the terminating colon has been
1762 omitted. Set a flag to adjust a subsequent error message in this case. */
1764 if (Ustrncmp(name, "h_", 2) == 0 ||
1765 Ustrncmp(name, "rh_", 3) == 0 ||
1766 Ustrncmp(name, "bh_", 3) == 0 ||
1767 Ustrncmp(name, "header_", 7) == 0 ||
1768 Ustrncmp(name, "rheader_", 8) == 0 ||
1769 Ustrncmp(name, "bheader_", 8) == 0)
1771 s = read_header_name(name, 256, s);
1772 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
1773 if (yield != NULL) *yield =
1774 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1777 /* Test for a variable's having a non-empty value. A non-existent variable
1778 causes an expansion failure. */
1782 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1785 expand_string_message = (name[0] == 0)?
1786 string_sprintf("variable name omitted after \"def:\"") :
1787 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1788 check_variable_error_message(name);
1791 if (yield != NULL) *yield = (value[0] != 0) == testfor;
1797 /* first_delivery tests for first delivery attempt */
1799 case ECOND_FIRST_DELIVERY:
1800 if (yield != NULL) *yield = deliver_firsttime == testfor;
1804 /* queue_running tests for any process started by a queue runner */
1806 case ECOND_QUEUE_RUNNING:
1807 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1811 /* exists: tests for file existence
1812 isip: tests for any IP address
1813 isip4: tests for an IPv4 address
1814 isip6: tests for an IPv6 address
1815 pam: does PAM authentication
1816 radius: does RADIUS authentication
1817 ldapauth: does LDAP authentication
1818 pwcheck: does Cyrus SASL pwcheck authentication
1827 case ECOND_LDAPAUTH:
1830 while (isspace(*s)) s++;
1831 if (*s != '{') goto COND_FAILED_CURLY_START;
1833 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1834 if (sub[0] == NULL) return NULL;
1835 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1837 if (yield == NULL) return s; /* No need to run the test if skipping */
1842 if ((expand_forbid & RDO_EXISTS) != 0)
1844 expand_string_message = US"File existence tests are not permitted";
1847 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1853 rc = string_is_ip_address(sub[0], NULL);
1854 *yield = ((cond_type == ECOND_ISIP)? (rc != 0) :
1855 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1858 /* Various authentication tests - all optionally compiled */
1862 rc = auth_call_pam(sub[0], &expand_string_message);
1865 goto COND_FAILED_NOT_COMPILED;
1866 #endif /* SUPPORT_PAM */
1869 #ifdef RADIUS_CONFIG_FILE
1870 rc = auth_call_radius(sub[0], &expand_string_message);
1873 goto COND_FAILED_NOT_COMPILED;
1874 #endif /* RADIUS_CONFIG_FILE */
1876 case ECOND_LDAPAUTH:
1879 /* Just to keep the interface the same */
1881 int old_pool = store_pool;
1882 store_pool = POOL_SEARCH;
1883 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1884 &expand_string_message, &do_cache);
1885 store_pool = old_pool;
1889 goto COND_FAILED_NOT_COMPILED;
1890 #endif /* LOOKUP_LDAP */
1893 #ifdef CYRUS_PWCHECK_SOCKET
1894 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1897 goto COND_FAILED_NOT_COMPILED;
1898 #endif /* CYRUS_PWCHECK_SOCKET */
1900 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1901 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1903 if (rc == ERROR || rc == DEFER) return NULL;
1904 *yield = (rc == OK) == testfor;
1910 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1912 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1914 However, the last two are optional. That is why the whole set is enclosed
1915 in their own set or braces. */
1917 case ECOND_SASLAUTHD:
1918 #ifndef CYRUS_SASLAUTHD_SOCKET
1919 goto COND_FAILED_NOT_COMPILED;
1921 while (isspace(*s)) s++;
1922 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1923 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1925 case 1: expand_string_message = US"too few arguments or bracketing "
1926 "error for saslauthd";
1928 case 3: return NULL;
1930 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1934 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1935 &expand_string_message);
1936 if (rc == ERROR || rc == DEFER) return NULL;
1937 *yield = (rc == OK) == testfor;
1940 #endif /* CYRUS_SASLAUTHD_SOCKET */
1943 /* symbolic operators for numeric and string comparison, and a number of
1944 other operators, all requiring two arguments.
1946 match: does a regular expression match and sets up the numerical
1947 variables if it succeeds
1948 match_address: matches in an address list
1949 match_domain: matches in a domain list
1950 match_ip: matches a host list that is restricted to IP addresses
1951 match_local_part: matches in a local part list
1952 crypteq: encrypts plaintext and compares against an encrypted text,
1953 using crypt(), crypt16(), MD5 or SHA-1
1957 case ECOND_MATCH_ADDRESS:
1958 case ECOND_MATCH_DOMAIN:
1959 case ECOND_MATCH_IP:
1960 case ECOND_MATCH_LOCAL_PART:
1963 case ECOND_NUM_L: /* Numerical comparisons */
1970 case ECOND_STR_LT: /* String comparisons */
1981 for (i = 0; i < 2; i++)
1983 while (isspace(*s)) s++;
1986 if (i == 0) goto COND_FAILED_CURLY_START;
1987 expand_string_message = string_sprintf("missing 2nd string in {} "
1988 "after \"%s\"", name);
1991 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1992 if (sub[i] == NULL) return NULL;
1993 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1995 /* Convert to numerical if required; we know that the names of all the
1996 conditions that compare numbers do not start with a letter. This just saves
1997 checking for them individually. */
1999 if (!isalpha(name[0]) && yield != NULL)
2005 debug_printf("empty string cast to zero for numerical comparison\n");
2009 num[i] = expand_string_integer(sub[i], FALSE);
2010 if (expand_string_message != NULL) return NULL;
2015 /* Result not required */
2017 if (yield == NULL) return s;
2019 /* Do an appropriate comparison */
2025 *yield = (num[0] == num[1]) == testfor;
2029 *yield = (num[0] > num[1]) == testfor;
2033 *yield = (num[0] >= num[1]) == testfor;
2037 *yield = (num[0] < num[1]) == testfor;
2041 *yield = (num[0] <= num[1]) == testfor;
2045 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
2049 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
2053 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
2057 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
2061 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
2065 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
2069 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
2073 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
2077 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
2081 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
2084 case ECOND_MATCH: /* Regular expression match */
2085 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
2089 expand_string_message = string_sprintf("regular expression error in "
2090 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
2093 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
2096 case ECOND_MATCH_ADDRESS: /* Match in an address list */
2097 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
2098 goto MATCHED_SOMETHING;
2100 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
2101 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
2102 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
2103 goto MATCHED_SOMETHING;
2105 case ECOND_MATCH_IP: /* Match IP address in a host list */
2106 if (sub[0][0] != 0 && string_is_ip_address(sub[0], NULL) == 0)
2108 expand_string_message = string_sprintf("\"%s\" is not an IP address",
2114 unsigned int *nullcache = NULL;
2115 check_host_block cb;
2117 cb.host_name = US"";
2118 cb.host_address = sub[0];
2120 /* If the host address starts off ::ffff: it is an IPv6 address in
2121 IPv4-compatible mode. Find the IPv4 part for checking against IPv4
2124 cb.host_ipv4 = (Ustrncmp(cb.host_address, "::ffff:", 7) == 0)?
2125 cb.host_address + 7 : cb.host_address;
2127 rc = match_check_list(
2128 &sub[1], /* the list */
2129 0, /* separator character */
2130 &hostlist_anchor, /* anchor pointer */
2131 &nullcache, /* cache pointer */
2132 check_host, /* function for testing */
2133 &cb, /* argument for function */
2134 MCL_HOST, /* type of check */
2135 sub[0], /* text for debugging */
2136 NULL); /* where to pass back data */
2138 goto MATCHED_SOMETHING;
2140 case ECOND_MATCH_LOCAL_PART:
2141 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
2142 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
2157 expand_string_message = string_sprintf("unable to complete match "
2158 "against \"%s\": %s", sub[1], search_error_message);
2164 /* Various "encrypted" comparisons. If the second string starts with
2165 "{" then an encryption type is given. Default to crypt() or crypt16()
2166 (build-time choice). */
2169 #ifndef SUPPORT_CRYPTEQ
2170 goto COND_FAILED_NOT_COMPILED;
2172 if (strncmpic(sub[1], US"{md5}", 5) == 0)
2174 int sublen = Ustrlen(sub[1]+5);
2179 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2181 /* If the length that we are comparing against is 24, the MD5 digest
2182 is expressed as a base64 string. This is the way LDAP does it. However,
2183 some other software uses a straightforward hex representation. We assume
2184 this if the length is 32. Other lengths fail. */
2188 uschar *coded = auth_b64encode((uschar *)digest, 16);
2189 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
2190 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2191 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
2193 else if (sublen == 32)
2197 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2199 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
2200 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
2201 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
2205 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
2206 "fail\n crypted=%s\n", sub[1]+5);
2211 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
2213 int sublen = Ustrlen(sub[1]+6);
2218 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
2220 /* If the length that we are comparing against is 28, assume the SHA1
2221 digest is expressed as a base64 string. If the length is 40, assume a
2222 straightforward hex representation. Other lengths fail. */
2226 uschar *coded = auth_b64encode((uschar *)digest, 20);
2227 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
2228 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2229 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
2231 else if (sublen == 40)
2235 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
2237 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
2238 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
2239 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
2243 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
2244 "fail\n crypted=%s\n", sub[1]+6);
2249 else /* {crypt} or {crypt16} and non-{ at start */
2254 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
2259 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
2264 else if (sub[1][0] == '{')
2266 expand_string_message = string_sprintf("unknown encryption mechanism "
2267 "in \"%s\"", sub[1]);
2273 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
2274 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
2275 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
2279 #define XSTR(s) STR(s)
2280 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
2281 " subject=%s\n crypted=%s\n",
2282 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
2287 /* If the encrypted string contains fewer than two characters (for the
2288 salt), force failure. Otherwise we get false positives: with an empty
2289 string the yield of crypt() is an empty string! */
2291 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
2292 (Ustrcmp(coded, sub[1]) == 0) == testfor;
2295 #endif /* SUPPORT_CRYPTEQ */
2296 } /* Switch for comparison conditions */
2298 return s; /* End of comparison conditions */
2301 /* and/or: computes logical and/or of several conditions */
2305 subcondptr = (yield == NULL)? NULL : &tempcond;
2306 combined_cond = (cond_type == ECOND_AND);
2308 while (isspace(*s)) s++;
2309 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2313 while (isspace(*s)) s++;
2314 if (*s == '}') break;
2317 expand_string_message = string_sprintf("each subcondition "
2318 "inside an \"%s{...}\" condition must be in its own {}", name);
2322 s = eval_condition(s+1, subcondptr);
2325 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
2326 expand_string_message, name);
2329 while (isspace(*s)) s++;
2333 expand_string_message = string_sprintf("missing } at end of condition "
2334 "inside \"%s\" group", name);
2340 if (cond_type == ECOND_AND)
2342 combined_cond &= tempcond;
2343 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2344 } /* evaluate any more */
2347 combined_cond |= tempcond;
2348 if (combined_cond) subcondptr = NULL; /* once true, don't */
2349 } /* evaluate any more */
2353 if (yield != NULL) *yield = (combined_cond == testfor);
2357 /* forall/forany: iterates a condition with different values */
2363 uschar *save_iterate_item = iterate_item;
2365 while (isspace(*s)) s++;
2366 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2368 sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL));
2369 if (sub[0] == NULL) return NULL;
2370 if (*s++ != '}') goto COND_FAILED_CURLY_END;
2372 while (isspace(*s)) s++;
2373 if (*s++ != '{') goto COND_FAILED_CURLY_START;
2377 /* Call eval_condition once, with result discarded (as if scanning a
2378 "false" part). This allows us to find the end of the condition, because if
2379 the list it empty, we won't actually evaluate the condition for real. */
2381 s = eval_condition(sub[1], NULL);
2384 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2385 expand_string_message, name);
2388 while (isspace(*s)) s++;
2392 expand_string_message = string_sprintf("missing } at end of condition "
2393 "inside \"%s\"", name);
2397 if (yield != NULL) *yield = !testfor;
2398 while ((iterate_item = string_nextinlist(&sub[0], &sep, NULL, 0)) != NULL)
2400 DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
2401 if (eval_condition(sub[1], &tempcond) == NULL)
2403 expand_string_message = string_sprintf("%s inside \"%s\" condition",
2404 expand_string_message, name);
2407 DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
2408 tempcond? "true":"false");
2410 if (yield != NULL) *yield = (tempcond == testfor);
2411 if (tempcond == (cond_type == ECOND_FORANY)) break;
2414 iterate_item = save_iterate_item;
2419 /* Unknown condition */
2422 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2424 } /* End switch on condition type */
2426 /* Missing braces at start and end of data */
2428 COND_FAILED_CURLY_START:
2429 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2432 COND_FAILED_CURLY_END:
2433 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2437 /* A condition requires code that is not compiled */
2439 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2440 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2441 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2442 COND_FAILED_NOT_COMPILED:
2443 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2452 /*************************************************
2453 * Save numerical variables *
2454 *************************************************/
2456 /* This function is called from items such as "if" that want to preserve and
2457 restore the numbered variables.
2460 save_expand_string points to an array of pointers to set
2461 save_expand_nlength points to an array of ints for the lengths
2463 Returns: the value of expand max to save
2467 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2470 for (i = 0; i <= expand_nmax; i++)
2472 save_expand_nstring[i] = expand_nstring[i];
2473 save_expand_nlength[i] = expand_nlength[i];
2480 /*************************************************
2481 * Restore numerical variables *
2482 *************************************************/
2484 /* This function restored saved values of numerical strings.
2487 save_expand_nmax the number of strings to restore
2488 save_expand_string points to an array of pointers
2489 save_expand_nlength points to an array of ints
2495 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2496 int *save_expand_nlength)
2499 expand_nmax = save_expand_nmax;
2500 for (i = 0; i <= expand_nmax; i++)
2502 expand_nstring[i] = save_expand_nstring[i];
2503 expand_nlength[i] = save_expand_nlength[i];
2511 /*************************************************
2512 * Handle yes/no substrings *
2513 *************************************************/
2515 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2516 alternative substrings that depend on whether or not the condition was true,
2517 or the lookup or extraction succeeded. The substrings always have to be
2518 expanded, to check their syntax, but "skipping" is set when the result is not
2519 needed - this avoids unnecessary nested lookups.
2522 skipping TRUE if we were skipping when this item was reached
2523 yes TRUE if the first string is to be used, else use the second
2524 save_lookup a value to put back into lookup_value before the 2nd expansion
2525 sptr points to the input string pointer
2526 yieldptr points to the output string pointer
2527 sizeptr points to the output string size
2528 ptrptr points to the output string pointer
2529 type "lookup" or "if" or "extract" or "run", for error message
2531 Returns: 0 OK; lookup_value has been reset to save_lookup
2533 2 expansion failed because of bracketing error
2537 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2538 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2541 uschar *s = *sptr; /* Local value */
2542 uschar *sub1, *sub2;
2544 /* If there are no following strings, we substitute the contents of $value for
2545 lookups and for extractions in the success case. For the ${if item, the string
2546 "true" is substituted. In the fail case, nothing is substituted for all three
2549 while (isspace(*s)) s++;
2554 if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
2558 if (yes && lookup_value != NULL)
2559 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2560 Ustrlen(lookup_value));
2561 lookup_value = save_lookup;
2567 /* The first following string must be braced. */
2569 if (*s++ != '{') goto FAILED_CURLY;
2571 /* Expand the first substring. Forced failures are noticed only if we actually
2572 want this string. Set skipping in the call in the fail case (this will always
2573 be the case if we were already skipping). */
2575 sub1 = expand_string_internal(s, TRUE, &s, !yes);
2576 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2577 expand_string_forcedfail = FALSE;
2578 if (*s++ != '}') goto FAILED_CURLY;
2580 /* If we want the first string, add it to the output */
2583 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2585 /* If this is called from a lookup or an extract, we want to restore $value to
2586 what it was at the start of the item, so that it has this value during the
2587 second string expansion. For the call from "if" or "run" to this function,
2588 save_lookup is set to lookup_value, so that this statement does nothing. */
2590 lookup_value = save_lookup;
2592 /* There now follows either another substring, or "fail", or nothing. This
2593 time, forced failures are noticed only if we want the second string. We must
2594 set skipping in the nested call if we don't want this string, or if we were
2595 already skipping. */
2597 while (isspace(*s)) s++;
2600 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2601 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2602 expand_string_forcedfail = FALSE;
2603 if (*s++ != '}') goto FAILED_CURLY;
2605 /* If we want the second string, add it to the output */
2608 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2611 /* If there is no second string, but the word "fail" is present when the use of
2612 the second string is wanted, set a flag indicating it was a forced failure
2613 rather than a syntactic error. Swallow the terminating } in case this is nested
2614 inside another lookup or if or extract. */
2619 s = read_name(name, sizeof(name), s, US"_");
2620 if (Ustrcmp(name, "fail") == 0)
2622 if (!yes && !skipping)
2624 while (isspace(*s)) s++;
2625 if (*s++ != '}') goto FAILED_CURLY;
2626 expand_string_message =
2627 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2628 expand_string_forcedfail = TRUE;
2634 expand_string_message =
2635 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2640 /* All we have to do now is to check on the final closing brace. */
2642 while (isspace(*s)) s++;
2643 if (*s++ == '}') goto RETURN;
2645 /* Get here if there is a bracketing failure */
2650 /* Get here for other failures */
2655 /* Update the input pointer value before returning */
2665 /*************************************************
2666 * Handle MD5 or SHA-1 computation for HMAC *
2667 *************************************************/
2669 /* These are some wrapping functions that enable the HMAC code to be a bit
2670 cleaner. A good compiler will spot the tail recursion.
2673 type HMAC_MD5 or HMAC_SHA1
2674 remaining are as for the cryptographic hash functions
2680 chash_start(int type, void *base)
2682 if (type == HMAC_MD5)
2683 md5_start((md5 *)base);
2685 sha1_start((sha1 *)base);
2689 chash_mid(int type, void *base, uschar *string)
2691 if (type == HMAC_MD5)
2692 md5_mid((md5 *)base, string);
2694 sha1_mid((sha1 *)base, string);
2698 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2700 if (type == HMAC_MD5)
2701 md5_end((md5 *)base, string, length, digest);
2703 sha1_end((sha1 *)base, string, length, digest);
2710 /********************************************************
2711 * prvs: Get last three digits of days since Jan 1, 1970 *
2712 ********************************************************/
2714 /* This is needed to implement the "prvs" BATV reverse
2717 Argument: integer "days" offset to add or substract to
2718 or from the current number of days.
2720 Returns: pointer to string containing the last three
2721 digits of the number of days since Jan 1, 1970,
2722 modified by the offset argument, NULL if there
2723 was an error in the conversion.
2728 prvs_daystamp(int day_offset)
2730 uschar *days = store_get(32); /* Need at least 24 for cases */
2731 (void)string_format(days, 32, TIME_T_FMT, /* where TIME_T_FMT is %lld */
2732 (time(NULL) + day_offset*86400)/86400);
2733 return (Ustrlen(days) >= 3) ? &days[Ustrlen(days)-3] : US"100";
2738 /********************************************************
2739 * prvs: perform HMAC-SHA1 computation of prvs bits *
2740 ********************************************************/
2742 /* This is needed to implement the "prvs" BATV reverse
2746 address RFC2821 Address to use
2747 key The key to use (must be less than 64 characters
2749 key_num Single-digit key number to use. Defaults to
2752 Returns: pointer to string containing the first three
2753 bytes of the final hash in hex format, NULL if
2754 there was an error in the process.
2758 prvs_hmac_sha1(uschar *address, uschar *key, uschar *key_num, uschar *daystamp)
2760 uschar *hash_source, *p;
2761 int size = 0,offset = 0,i;
2763 void *use_base = &sha1_base;
2764 uschar innerhash[20];
2765 uschar finalhash[20];
2766 uschar innerkey[64];
2767 uschar outerkey[64];
2768 uschar *finalhash_hex = store_get(40);
2770 if (key_num == NULL)
2773 if (Ustrlen(key) > 64)
2776 hash_source = string_cat(NULL,&size,&offset,key_num,1);
2777 string_cat(hash_source,&size,&offset,daystamp,3);
2778 string_cat(hash_source,&size,&offset,address,Ustrlen(address));
2779 hash_source[offset] = '\0';
2781 DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
2783 memset(innerkey, 0x36, 64);
2784 memset(outerkey, 0x5c, 64);
2786 for (i = 0; i < Ustrlen(key); i++)
2788 innerkey[i] ^= key[i];
2789 outerkey[i] ^= key[i];
2792 chash_start(HMAC_SHA1, use_base);
2793 chash_mid(HMAC_SHA1, use_base, innerkey);
2794 chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
2796 chash_start(HMAC_SHA1, use_base);
2797 chash_mid(HMAC_SHA1, use_base, outerkey);
2798 chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
2801 for (i = 0; i < 3; i++)
2803 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
2804 *p++ = hex_digits[finalhash[i] & 0x0f];
2808 return finalhash_hex;
2814 /*************************************************
2815 * Join a file onto the output string *
2816 *************************************************/
2818 /* This is used for readfile and after a run expansion. It joins the contents
2819 of a file onto the output string, globally replacing newlines with a given
2820 string (optionally). The file is closed at the end.
2824 yield pointer to the expandable string
2825 sizep pointer to the current size
2826 ptrp pointer to the current position
2827 eol newline replacement string, or NULL
2829 Returns: new value of string pointer
2833 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2836 uschar buffer[1024];
2838 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2840 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2842 int len = Ustrlen(buffer);
2843 if (eol != NULL && buffer[len-1] == '\n') len--;
2844 yield = string_cat(yield, sizep, ptrp, buffer, len);
2845 if (buffer[len] != 0)
2846 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2849 if (yield != NULL) yield[*ptrp] = 0;
2857 /*************************************************
2858 * Evaluate numeric expression *
2859 *************************************************/
2861 /* This is a set of mutually recursive functions that evaluate an arithmetic
2862 expression involving + - * / % & | ^ ~ << >> and parentheses. The only one of
2863 these functions that is called from elsewhere is eval_expr, whose interface is:
2866 sptr pointer to the pointer to the string - gets updated
2867 decimal TRUE if numbers are to be assumed decimal
2868 error pointer to where to put an error message - must be NULL on input
2869 endket TRUE if ')' must terminate - FALSE for external call
2871 Returns: on success: the value of the expression, with *error still NULL
2872 on failure: an undefined value, with *error = a message
2875 static int eval_op_or(uschar **, BOOL, uschar **);
2879 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2882 int x = eval_op_or(&s, decimal, error);
2888 *error = US"expecting closing parenthesis";
2890 while (isspace(*(++s)));
2892 else if (*s != 0) *error = US"expecting operator";
2900 eval_number(uschar **sptr, BOOL decimal, uschar **error)
2905 while (isspace(*s)) s++;
2910 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2912 if (tolower(*s) == 'k') { n *= 1024; s++; }
2913 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2914 while (isspace (*s)) s++;
2919 n = eval_expr(&s, decimal, error, 1);
2923 *error = US"expecting number or opening parenthesis";
2931 static int eval_op_unary(uschar **sptr, BOOL decimal, uschar **error)
2935 while (isspace(*s)) s++;
2936 if (*s == '+' || *s == '-' || *s == '~')
2939 x = eval_op_unary(&s, decimal, error);
2940 if (op == '-') x = -x;
2941 else if (op == '~') x = ~x;
2945 x = eval_number(&s, decimal, error);
2952 static int eval_op_mult(uschar **sptr, BOOL decimal, uschar **error)
2955 int x = eval_op_unary(&s, decimal, error);
2958 while (*s == '*' || *s == '/' || *s == '%')
2961 int y = eval_op_unary(&s, decimal, error);
2962 if (*error != NULL) break;
2963 if (op == '*') x *= y;
2964 else if (op == '/') x /= y;
2973 static int eval_op_sum(uschar **sptr, BOOL decimal, uschar **error)
2976 int x = eval_op_mult(&s, decimal, error);
2979 while (*s == '+' || *s == '-')
2982 int y = eval_op_mult(&s, decimal, error);
2983 if (*error != NULL) break;
2984 if (op == '+') x += y; else x -= y;
2992 static int eval_op_shift(uschar **sptr, BOOL decimal, uschar **error)
2995 int x = eval_op_sum(&s, decimal, error);
2998 while ((*s == '<' || *s == '>') && s[1] == s[0])
3003 y = eval_op_sum(&s, decimal, error);
3004 if (*error != NULL) break;
3005 if (op == '<') x <<= y; else x >>= y;
3013 static int eval_op_and(uschar **sptr, BOOL decimal, uschar **error)
3016 int x = eval_op_shift(&s, decimal, error);
3023 y = eval_op_shift(&s, decimal, error);
3024 if (*error != NULL) break;
3033 static int eval_op_xor(uschar **sptr, BOOL decimal, uschar **error)
3036 int x = eval_op_and(&s, decimal, error);
3043 y = eval_op_and(&s, decimal, error);
3044 if (*error != NULL) break;
3053 static int eval_op_or(uschar **sptr, BOOL decimal, uschar **error)
3056 int x = eval_op_xor(&s, decimal, error);
3063 y = eval_op_xor(&s, decimal, error);
3064 if (*error != NULL) break;
3074 /*************************************************
3076 *************************************************/
3078 /* Returns either an unchanged string, or the expanded string in stacking pool
3079 store. Interpreted sequences are:
3081 \... normal escaping rules
3082 $name substitutes the variable
3084 ${op:string} operates on the expanded string value
3085 ${item{arg1}{arg2}...} expands the args and then does the business
3086 some literal args are not enclosed in {}
3088 There are now far too many operators and item types to make it worth listing
3089 them here in detail any more.
3091 We use an internal routine recursively to handle embedded substrings. The
3092 external function follows. The yield is NULL if the expansion failed, and there
3093 are two cases: if something collapsed syntactically, or if "fail" was given
3094 as the action on a lookup failure. These can be distinguised by looking at the
3095 variable expand_string_forcedfail, which is TRUE in the latter case.
3097 The skipping flag is set true when expanding a substring that isn't actually
3098 going to be used (after "if" or "lookup") and it prevents lookups from
3099 happening lower down.
3101 Store usage: At start, a store block of the length of the input plus 64
3102 is obtained. This is expanded as necessary by string_cat(), which might have to
3103 get a new block, or might be able to expand the original. At the end of the
3104 function we can release any store above that portion of the yield block that
3105 was actually used. In many cases this will be optimal.
3107 However: if the first item in the expansion is a variable name or header name,
3108 we reset the store before processing it; if the result is in fresh store, we
3109 use that without copying. This is helpful for expanding strings like
3110 $message_headers which can get very long.
3113 string the string to be expanded
3114 ket_ends true if expansion is to stop at }
3115 left if not NULL, a pointer to the first character after the
3116 expansion is placed here (typically used with ket_ends)
3117 skipping TRUE for recursive calls when the value isn't actually going
3118 to be used (to allow for optimisation)
3120 Returns: NULL if expansion fails:
3121 expand_string_forcedfail is set TRUE if failure was forced
3122 expand_string_message contains a textual error message
3123 a pointer to the expanded string on success
3127 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
3131 int size = Ustrlen(string)+ 64;
3133 uschar *yield = store_get(size);
3135 uschar *save_expand_nstring[EXPAND_MAXN+1];
3136 int save_expand_nlength[EXPAND_MAXN+1];
3138 expand_string_forcedfail = FALSE;
3139 expand_string_message = US"";
3146 /* \ escapes the next character, which must exist, or else
3147 the expansion fails. There's a special escape, \N, which causes
3148 copying of the subject verbatim up to the next \N. Otherwise,
3149 the escapes are the standard set. */
3155 expand_string_message = US"\\ at end of string";
3162 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
3163 yield = string_cat(yield, &size, &ptr, t, s - t);
3164 if (*s != 0) s += 2;
3170 ch[0] = string_interpret_escape(&s);
3172 yield = string_cat(yield, &size, &ptr, ch, 1);
3178 /* Anything other than $ is just copied verbatim, unless we are
3179 looking for a terminating } character. */
3181 if (ket_ends && *s == '}') break;
3185 yield = string_cat(yield, &size, &ptr, s++, 1);
3189 /* No { after the $ - must be a plain name or a number for string
3190 match variable. There has to be a fudge for variables that are the
3191 names of header fields preceded by "$header_" because header field
3192 names can contain any printing characters except space and colon.
3193 For those that don't like typing this much, "$h_" is a synonym for
3194 "$header_". A non-existent header yields a NULL value; nothing is
3197 if (isalpha((*(++s))))
3202 s = read_name(name, sizeof(name), s, US"_");
3204 /* If this is the first thing to be expanded, release the pre-allocated
3207 if (ptr == 0 && yield != NULL)
3216 if (Ustrncmp(name, "h_", 2) == 0 ||
3217 Ustrncmp(name, "rh_", 3) == 0 ||
3218 Ustrncmp(name, "bh_", 3) == 0 ||
3219 Ustrncmp(name, "header_", 7) == 0 ||
3220 Ustrncmp(name, "rheader_", 8) == 0 ||
3221 Ustrncmp(name, "bheader_", 8) == 0)
3223 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
3224 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
3225 s = read_header_name(name, sizeof(name), s);
3226 value = find_header(name, FALSE, &newsize, want_raw, charset);
3228 /* If we didn't find the header, and the header contains a closing brace
3229 character, this may be a user error where the terminating colon
3230 has been omitted. Set a flag to adjust the error message in this case.
3231 But there is no error here - nothing gets inserted. */
3235 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
3244 value = find_variable(name, FALSE, skipping, &newsize);
3247 expand_string_message =
3248 string_sprintf("unknown variable name \"%s\"", name);
3249 check_variable_error_message(name);
3254 /* If the data is known to be in a new buffer, newsize will be set to the
3255 size of that buffer. If this is the first thing in an expansion string,
3256 yield will be NULL; just point it at the new store instead of copying. Many
3257 expansion strings contain just one reference, so this is a useful
3258 optimization, especially for humungous headers. */
3260 len = Ustrlen(value);
3261 if (yield == NULL && newsize != 0)
3267 else yield = string_cat(yield, &size, &ptr, value, len);
3275 s = read_number(&n, s);
3276 if (n >= 0 && n <= expand_nmax)
3277 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3282 /* Otherwise, if there's no '{' after $ it's an error. */
3286 expand_string_message = US"$ not followed by letter, digit, or {";
3290 /* After { there can be various things, but they all start with
3291 an initial word, except for a number for a string match variable. */
3293 if (isdigit((*(++s))))
3296 s = read_number(&n, s);
3299 expand_string_message = US"} expected after number";
3302 if (n >= 0 && n <= expand_nmax)
3303 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
3310 expand_string_message = US"letter or digit expected after ${";
3314 /* Allow "-" in names to cater for substrings with negative
3315 arguments. Since we are checking for known names after { this is
3318 s = read_name(name, sizeof(name), s, US"_-");
3319 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
3323 /* Handle conditionals - preserve the values of the numerical expansion
3324 variables in case they get changed by a regular expression match in the
3325 condition. If not, they retain their external settings. At the end
3326 of this "if" section, they get restored to their previous values. */
3332 int save_expand_nmax =
3333 save_expand_strings(save_expand_nstring, save_expand_nlength);
3335 while (isspace(*s)) s++;
3336 next_s = eval_condition(s, skipping? NULL : &cond);
3337 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
3340 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
3341 cond? "true" : "false");
3345 /* The handling of "yes" and "no" result strings is now in a separate
3346 function that is also used by ${lookup} and ${extract} and ${run}. */
3348 switch(process_yesno(
3349 skipping, /* were previously skipping */
3350 cond, /* success/failure indicator */
3351 lookup_value, /* value to reset for string2 */
3352 &s, /* input pointer */
3353 &yield, /* output pointer */
3354 &size, /* output size */
3355 &ptr, /* output current point */
3356 US"if")) /* condition type */
3358 case 1: goto EXPAND_FAILED; /* when all is well, the */
3359 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3362 /* Restore external setting of expansion variables for continuation
3365 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3366 save_expand_nlength);
3370 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
3371 expanding an internal string that isn't actually going to be used. All we
3372 need to do is check the syntax, so don't do a lookup at all. Preserve the
3373 values of the numerical expansion variables in case they get changed by a
3374 partial lookup. If not, they retain their external settings. At the end
3375 of this "lookup" section, they get restored to their previous values. */
3379 int stype, partial, affixlen, starflags;
3380 int expand_setup = 0;
3382 uschar *key, *filename, *affix;
3383 uschar *save_lookup_value = lookup_value;
3384 int save_expand_nmax =
3385 save_expand_strings(save_expand_nstring, save_expand_nlength);
3387 if ((expand_forbid & RDO_LOOKUP) != 0)
3389 expand_string_message = US"lookup expansions are not permitted";
3393 /* Get the key we are to look up for single-key+file style lookups.
3394 Otherwise set the key NULL pro-tem. */
3396 while (isspace(*s)) s++;
3399 key = expand_string_internal(s+1, TRUE, &s, skipping);
3400 if (key == NULL) goto EXPAND_FAILED;
3401 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3402 while (isspace(*s)) s++;
3406 /* Find out the type of database */
3410 expand_string_message = US"missing lookup type";
3414 /* The type is a string that may contain special characters of various
3415 kinds. Allow everything except space or { to appear; the actual content
3416 is checked by search_findtype_partial. */
3418 while (*s != 0 && *s != '{' && !isspace(*s))
3420 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
3424 while (isspace(*s)) s++;
3426 /* Now check for the individual search type and any partial or default
3427 options. Only those types that are actually in the binary are valid. */
3429 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
3433 expand_string_message = search_error_message;
3437 /* Check that a key was provided for those lookup types that need it,
3438 and was not supplied for those that use the query style. */
3440 if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery))
3444 expand_string_message = string_sprintf("missing {key} for single-"
3445 "key \"%s\" lookup", name);
3453 expand_string_message = string_sprintf("a single key was given for "
3454 "lookup type \"%s\", which is not a single-key lookup type", name);
3459 /* Get the next string in brackets and expand it. It is the file name for
3460 single-key+file lookups, and the whole query otherwise. In the case of
3461 queries that also require a file name (e.g. sqlite), the file name comes
3464 if (*s != '{') goto EXPAND_FAILED_CURLY;
3465 filename = expand_string_internal(s+1, TRUE, &s, skipping);
3466 if (filename == NULL) goto EXPAND_FAILED;
3467 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3468 while (isspace(*s)) s++;
3470 /* If this isn't a single-key+file lookup, re-arrange the variables
3471 to be appropriate for the search_ functions. For query-style lookups,
3472 there is just a "key", and no file name. For the special query-style +
3473 file types, the query (i.e. "key") starts with a file name. */
3477 while (isspace(*filename)) filename++;
3480 if (mac_islookup(stype, lookup_querystyle))
3486 if (*filename != '/')
3488 expand_string_message = string_sprintf(
3489 "absolute file name expected for \"%s\" lookup", name);
3492 while (*key != 0 && !isspace(*key)) key++;
3493 if (*key != 0) *key++ = 0;
3497 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
3498 the entry was not found. Note that there is no search_close() function.
3499 Files are left open in case of re-use. At suitable places in higher logic,
3500 search_tidyup() is called to tidy all open files. This can save opening
3501 the same file several times. However, files may also get closed when
3502 others are opened, if too many are open at once. The rule is that a
3503 handle should not be used after a second search_open().
3505 Request that a partial search sets up $1 and maybe $2 by passing
3506 expand_setup containing zero. If its value changes, reset expand_nmax,
3507 since new variables will have been set. Note that at the end of this
3508 "lookup" section, the old numeric variables are restored. */
3511 lookup_value = NULL;
3514 void *handle = search_open(filename, stype, 0, NULL, NULL);
3517 expand_string_message = search_error_message;
3520 lookup_value = search_find(handle, filename, key, partial, affix,
3521 affixlen, starflags, &expand_setup);
3522 if (search_find_defer)
3524 expand_string_message =
3525 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
3526 search_error_message);
3529 if (expand_setup > 0) expand_nmax = expand_setup;
3532 /* The handling of "yes" and "no" result strings is now in a separate
3533 function that is also used by ${if} and ${extract}. */
3535 switch(process_yesno(
3536 skipping, /* were previously skipping */
3537 lookup_value != NULL, /* success/failure indicator */
3538 save_lookup_value, /* value to reset for string2 */
3539 &s, /* input pointer */
3540 &yield, /* output pointer */
3541 &size, /* output size */
3542 &ptr, /* output current point */
3543 US"lookup")) /* condition type */
3545 case 1: goto EXPAND_FAILED; /* when all is well, the */
3546 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3549 /* Restore external setting of expansion variables for carrying on
3550 at this level, and continue. */
3552 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3553 save_expand_nlength);
3557 /* If Perl support is configured, handle calling embedded perl subroutines,
3558 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
3559 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
3560 arguments (defined below). */
3562 #define EXIM_PERL_MAX_ARGS 8
3566 expand_string_message = US"\"${perl\" encountered, but this facility "
3567 "is not included in this binary";
3570 #else /* EXIM_PERL */
3572 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
3575 if ((expand_forbid & RDO_PERL) != 0)
3577 expand_string_message = US"Perl calls are not permitted";
3581 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
3584 case 1: goto EXPAND_FAILED_CURLY;
3586 case 3: goto EXPAND_FAILED;
3589 /* If skipping, we don't actually do anything */
3591 if (skipping) continue;
3593 /* Start the interpreter if necessary */
3595 if (!opt_perl_started)
3598 if (opt_perl_startup == NULL)
3600 expand_string_message = US"A setting of perl_startup is needed when "
3601 "using the Perl interpreter";
3604 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
3605 initerror = init_perl(opt_perl_startup);
3606 if (initerror != NULL)
3608 expand_string_message =
3609 string_sprintf("error in perl_startup code: %s\n", initerror);
3612 opt_perl_started = TRUE;
3615 /* Call the function */
3617 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
3618 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
3619 sub_arg[0], sub_arg + 1);
3621 /* NULL yield indicates failure; if the message pointer has been set to
3622 NULL, the yield was undef, indicating a forced failure. Otherwise the
3623 message will indicate some kind of Perl error. */
3625 if (new_yield == NULL)
3627 if (expand_string_message == NULL)
3629 expand_string_message =
3630 string_sprintf("Perl subroutine \"%s\" returned undef to force "
3631 "failure", sub_arg[0]);
3632 expand_string_forcedfail = TRUE;
3637 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
3638 set during a callback from Perl. */
3640 expand_string_forcedfail = FALSE;
3644 #endif /* EXIM_PERL */
3646 /* Transform email address to "prvs" scheme to use
3647 as BATV-signed return path */
3654 switch(read_subs(sub_arg, 3, 2, &s, skipping, TRUE, US"prvs"))
3656 case 1: goto EXPAND_FAILED_CURLY;
3658 case 3: goto EXPAND_FAILED;
3661 /* If skipping, we don't actually do anything */
3662 if (skipping) continue;
3664 /* sub_arg[0] is the address */
3665 domain = Ustrrchr(sub_arg[0],'@');
3666 if ( (domain == NULL) || (domain == sub_arg[0]) || (Ustrlen(domain) == 1) )
3668 expand_string_message = US"prvs first argument must be a qualified email address";
3672 /* Calculate the hash. The second argument must be a single-digit
3673 key number, or unset. */
3675 if (sub_arg[2] != NULL &&
3676 (!isdigit(sub_arg[2][0]) || sub_arg[2][1] != 0))
3678 expand_string_message = US"prvs second argument must be a single digit";
3682 p = prvs_hmac_sha1(sub_arg[0],sub_arg[1],sub_arg[2],prvs_daystamp(7));
3685 expand_string_message = US"prvs hmac-sha1 conversion failed";
3689 /* Now separate the domain from the local part */
3692 yield = string_cat(yield,&size,&ptr,US"prvs=",5);
3693 string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3694 string_cat(yield,&size,&ptr,US"/",1);
3695 string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
3696 string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
3697 string_cat(yield,&size,&ptr,p,6);
3698 string_cat(yield,&size,&ptr,US"@",1);
3699 string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
3704 /* Check a prvs-encoded address for validity */
3706 case EITEM_PRVSCHECK:
3709 int mysize = 0, myptr = 0;
3713 /* TF: Ugliness: We want to expand parameter 1 first, then set
3714 up expansion variables that are used in the expansion of
3715 parameter 2. So we clone the string for the first
3716 expansion, where we only expand parameter 1.
3718 PH: Actually, that isn't necessary. The read_subs() function is
3719 designed to work this way for the ${if and ${lookup expansions. I've
3723 /* Reset expansion variables */
3724 prvscheck_result = NULL;
3725 prvscheck_address = NULL;
3726 prvscheck_keynum = NULL;
3728 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
3730 case 1: goto EXPAND_FAILED_CURLY;
3732 case 3: goto EXPAND_FAILED;
3735 re = regex_must_compile(US"^prvs\\=(.+)\\/([0-9])([0-9]{3})([A-F0-9]{6})\\@(.+)$",
3738 if (regex_match_and_setup(re,sub_arg[0],0,-1))
3740 uschar *local_part = string_copyn(expand_nstring[1],expand_nlength[1]);
3741 uschar *key_num = string_copyn(expand_nstring[2],expand_nlength[2]);
3742 uschar *daystamp = string_copyn(expand_nstring[3],expand_nlength[3]);
3743 uschar *hash = string_copyn(expand_nstring[4],expand_nlength[4]);
3744 uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
3746 DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
3747 DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
3748 DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
3749 DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
3750 DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
3752 /* Set up expansion variables */
3753 prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
3754 string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
3755 string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
3756 prvscheck_address[myptr] = '\0';
3757 prvscheck_keynum = string_copy(key_num);
3759 /* Now expand the second argument */
3760 switch(read_subs(sub_arg, 1, 1, &s, skipping, FALSE, US"prvs"))
3762 case 1: goto EXPAND_FAILED_CURLY;
3764 case 3: goto EXPAND_FAILED;
3767 /* Now we have the key and can check the address. */
3769 p = prvs_hmac_sha1(prvscheck_address, sub_arg[0], prvscheck_keynum,
3774 expand_string_message = US"hmac-sha1 conversion failed";
3778 DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
3779 DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
3781 if (Ustrcmp(p,hash) == 0)
3783 /* Success, valid BATV address. Now check the expiry date. */
3784 uschar *now = prvs_daystamp(0);
3785 unsigned int inow = 0,iexpire = 1;
3787 (void)sscanf(CS now,"%u",&inow);
3788 (void)sscanf(CS daystamp,"%u",&iexpire);
3790 /* When "iexpire" is < 7, a "flip" has occured.
3791 Adjust "inow" accordingly. */
3792 if ( (iexpire < 7) && (inow >= 993) ) inow = 0;
3796 prvscheck_result = US"1";
3797 DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
3801 prvscheck_result = NULL;
3802 DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
3807 prvscheck_result = NULL;
3808 DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
3811 /* Now expand the final argument. We leave this till now so that
3812 it can include $prvscheck_result. */
3814 switch(read_subs(sub_arg, 1, 0, &s, skipping, TRUE, US"prvs"))
3816 case 1: goto EXPAND_FAILED_CURLY;
3818 case 3: goto EXPAND_FAILED;
3821 if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
3822 yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
3824 yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
3826 /* Reset the "internal" variables afterwards, because they are in
3827 dynamic store that will be reclaimed if the expansion succeeded. */
3829 prvscheck_address = NULL;
3830 prvscheck_keynum = NULL;
3834 /* Does not look like a prvs encoded address, return the empty string.
3835 We need to make sure all subs are expanded first, so as to skip over
3838 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"prvs"))
3840 case 1: goto EXPAND_FAILED_CURLY;
3842 case 3: goto EXPAND_FAILED;
3849 /* Handle "readfile" to insert an entire file */
3851 case EITEM_READFILE:
3856 if ((expand_forbid & RDO_READFILE) != 0)
3858 expand_string_message = US"file insertions are not permitted";
3862 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3864 case 1: goto EXPAND_FAILED_CURLY;
3866 case 3: goto EXPAND_FAILED;
3869 /* If skipping, we don't actually do anything */
3871 if (skipping) continue;
3873 /* Open the file and read it */
3875 f = Ufopen(sub_arg[0], "rb");
3878 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3882 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3887 /* Handle "readsocket" to insert data from a Unix domain socket */
3889 case EITEM_READSOCK:
3895 struct sockaddr_un sockun; /* don't call this "sun" ! */
3899 if ((expand_forbid & RDO_READSOCK) != 0)
3901 expand_string_message = US"socket insertions are not permitted";
3905 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3906 because there may be a string for expansion on failure. */
3908 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3910 case 1: goto EXPAND_FAILED_CURLY;
3911 case 2: /* Won't occur: no end check */
3912 case 3: goto EXPAND_FAILED;
3915 /* Sort out timeout, if given */
3917 if (sub_arg[2] != NULL)
3919 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3922 expand_string_message = string_sprintf("bad time value %s",
3927 else sub_arg[3] = NULL; /* No eol if no timeout */
3929 /* If skipping, we don't actually do anything. Otherwise, arrange to
3930 connect to either an IP or a Unix socket. */
3934 /* Handle an IP (internet) domain */
3936 if (Ustrncmp(sub_arg[0], "inet:", 5) == 0)
3938 BOOL connected = FALSE;
3942 uschar *server_name = sub_arg[0] + 5;
3943 uschar *port_name = Ustrrchr(server_name, ':');
3945 /* Sort out the port */
3947 if (port_name == NULL)
3949 expand_string_message =
3950 string_sprintf("missing port for readsocket %s", sub_arg[0]);
3953 *port_name++ = 0; /* Terminate server name */
3955 if (isdigit(*port_name))
3958 port = Ustrtol(port_name, &end, 0);
3959 if (end != port_name + Ustrlen(port_name))
3961 expand_string_message =
3962 string_sprintf("invalid port number %s", port_name);
3968 struct servent *service_info = getservbyname(CS port_name, "tcp");
3969 if (service_info == NULL)
3971 expand_string_message = string_sprintf("unknown port \"%s\"",
3975 port = ntohs(service_info->s_port);
3978 /* Sort out the server. */
3981 shost.address = NULL;
3985 namelen = Ustrlen(server_name);
3987 /* Anything enclosed in [] must be an IP address. */
3989 if (server_name[0] == '[' &&
3990 server_name[namelen - 1] == ']')
3992 server_name[namelen - 1] = 0;
3994 if (string_is_ip_address(server_name, NULL) == 0)
3996 expand_string_message =
3997 string_sprintf("malformed IP address \"%s\"", server_name);
4000 shost.name = shost.address = server_name;
4003 /* Otherwise check for an unadorned IP address */
4005 else if (string_is_ip_address(server_name, NULL) != 0)
4006 shost.name = shost.address = server_name;
4008 /* Otherwise lookup IP address(es) from the name */
4012 shost.name = server_name;
4013 if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
4014 FALSE) != HOST_FOUND)
4016 expand_string_message =
4017 string_sprintf("no IP address found for host %s", shost.name);
4022 /* Try to connect to the server - test each IP till one works */
4024 for (h = &shost; h != NULL; h = h->next)
4026 int af = (Ustrchr(h->address, ':') != 0)? AF_INET6 : AF_INET;
4027 if ((fd = ip_socket(SOCK_STREAM, af)) == -1)
4029 expand_string_message = string_sprintf("failed to create socket: "
4030 "%s", strerror(errno));
4034 if (ip_connect(fd, af, h->address, port, timeout) == 0)
4043 expand_string_message = string_sprintf("failed to connect to "
4044 "socket %s: couldn't connect to any host", sub_arg[0],
4050 /* Handle a Unix domain socket */
4055 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
4057 expand_string_message = string_sprintf("failed to create socket: %s",
4062 sockun.sun_family = AF_UNIX;
4063 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
4066 sigalrm_seen = FALSE;
4068 rc = connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun));
4072 expand_string_message = US "socket connect timed out";
4077 expand_string_message = string_sprintf("failed to connect to socket "
4078 "%s: %s", sub_arg[0], strerror(errno));
4083 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
4085 /* Write the request string, if not empty */
4087 if (sub_arg[1][0] != 0)
4089 int len = Ustrlen(sub_arg[1]);
4090 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
4092 if (write(fd, sub_arg[1], len) != len)
4094 expand_string_message = string_sprintf("request write to socket "
4095 "failed: %s", strerror(errno));
4100 /* Shut down the sending side of the socket. This helps some servers to
4101 recognise that it is their turn to do some work. Just in case some
4102 system doesn't have this function, make it conditional. */
4105 shutdown(fd, SHUT_WR);
4108 /* Now we need to read from the socket, under a timeout. The function
4109 that reads a file can be used. */
4111 f = fdopen(fd, "rb");
4112 sigalrm_seen = FALSE;
4114 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
4118 /* After a timeout, we restore the pointer in the result, that is,
4119 make sure we add nothing from the socket. */
4124 expand_string_message = US "socket read timed out";
4129 /* The whole thing has worked (or we were skipping). If there is a
4130 failure string following, we need to skip it. */
4134 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
4136 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4137 while (isspace(*s)) s++;
4139 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4142 /* Come here on failure to create socket, connect socket, write to the
4143 socket, or timeout on reading. If another substring follows, expand and
4144 use it. Otherwise, those conditions give expand errors. */
4147 if (*s != '{') goto EXPAND_FAILED;
4148 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
4149 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
4150 if (arg == NULL) goto EXPAND_FAILED;
4151 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
4152 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4153 while (isspace(*s)) s++;
4154 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4158 /* Handle "run" to execute a program. */
4170 if ((expand_forbid & RDO_RUN) != 0)
4172 expand_string_message = US"running a command is not permitted";
4176 while (isspace(*s)) s++;
4177 if (*s != '{') goto EXPAND_FAILED_CURLY;
4178 arg = expand_string_internal(s+1, TRUE, &s, skipping);
4179 if (arg == NULL) goto EXPAND_FAILED;
4180 while (isspace(*s)) s++;
4181 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4183 if (skipping) /* Just pretend it worked when we're skipping */
4189 if (!transport_set_up_command(&argv, /* anchor for arg list */
4190 arg, /* raw command */
4191 FALSE, /* don't expand the arguments */
4192 0, /* not relevant when... */
4193 NULL, /* no transporting address */
4194 US"${run} expansion", /* for error messages */
4195 &expand_string_message)) /* where to put error message */
4200 /* Create the child process, making it a group leader. */
4202 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
4206 expand_string_message =
4207 string_sprintf("couldn't create child process: %s", strerror(errno));
4211 /* Nothing is written to the standard input. */
4215 /* Wait for the process to finish, applying the timeout, and inspect its
4216 return code for serious disasters. Simple non-zero returns are passed on.
4219 if ((runrc = child_close(pid, 60)) < 0)
4223 expand_string_message = string_sprintf("command timed out");
4224 killpg(pid, SIGKILL); /* Kill the whole process group */
4227 else if (runrc == -257)
4228 expand_string_message = string_sprintf("wait() failed: %s",
4232 expand_string_message = string_sprintf("command killed by signal %d",
4238 /* Read the pipe to get the command's output into $value (which is kept
4239 in lookup_value). */
4241 f = fdopen(fd_out, "rb");
4242 lookup_value = NULL;
4243 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
4247 /* Process the yes/no strings; $value may be useful in both cases */
4249 switch(process_yesno(
4250 skipping, /* were previously skipping */
4251 runrc == 0, /* success/failure indicator */
4252 lookup_value, /* value to reset for string2 */
4253 &s, /* input pointer */
4254 &yield, /* output pointer */
4255 &size, /* output size */
4256 &ptr, /* output current point */
4257 US"run")) /* condition type */
4259 case 1: goto EXPAND_FAILED; /* when all is well, the */
4260 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4266 /* Handle character translation for "tr" */
4274 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
4276 case 1: goto EXPAND_FAILED_CURLY;
4278 case 3: goto EXPAND_FAILED;
4281 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
4282 o2m = Ustrlen(sub[2]) - 1;
4284 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
4286 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
4290 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
4297 /* Handle "hash", "length", "nhash", and "substr" when they are given with
4298 expanded arguments. */
4308 int val[2] = { 0, -1 };
4311 /* "length" takes only 2 arguments whereas the others take 2 or 3.
4312 Ensure that sub[2] is set in the ${length case. */
4315 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
4318 case 1: goto EXPAND_FAILED_CURLY;
4320 case 3: goto EXPAND_FAILED;
4323 /* Juggle the arguments if there are only two of them: always move the
4324 string to the last position and make ${length{n}{str}} equivalent to
4325 ${substr{0}{n}{str}}. See the defaults for val[] above. */
4331 if (item_type == EITEM_LENGTH)
4338 for (i = 0; i < 2; i++)
4340 if (sub[i] == NULL) continue;
4341 val[i] = (int)Ustrtol(sub[i], &ret, 10);
4342 if (*ret != 0 || (i != 0 && val[i] < 0))
4344 expand_string_message = string_sprintf("\"%s\" is not a%s number "
4345 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
4351 (item_type == EITEM_HASH)?
4352 compute_hash(sub[2], val[0], val[1], &len) :
4353 (item_type == EITEM_NHASH)?
4354 compute_nhash(sub[2], val[0], val[1], &len) :
4355 extract_substr(sub[2], val[0], val[1], &len);
4357 if (ret == NULL) goto EXPAND_FAILED;
4358 yield = string_cat(yield, &size, &ptr, ret, len);
4362 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
4363 This code originally contributed by Steve Haslam. It currently supports
4364 the use of MD5 and SHA-1 hashes.
4366 We need some workspace that is large enough to handle all the supported
4367 hash types. Use macros to set the sizes rather than be too elaborate. */
4369 #define MAX_HASHLEN 20
4370 #define MAX_HASHBLOCKLEN 64
4379 int hashlen; /* Number of octets for the hash algorithm's output */
4380 int hashblocklen; /* Number of octets the hash algorithm processes */
4382 unsigned int keylen;
4384 uschar keyhash[MAX_HASHLEN];
4385 uschar innerhash[MAX_HASHLEN];
4386 uschar finalhash[MAX_HASHLEN];
4387 uschar finalhash_hex[2*MAX_HASHLEN];
4388 uschar innerkey[MAX_HASHBLOCKLEN];
4389 uschar outerkey[MAX_HASHBLOCKLEN];
4391 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
4393 case 1: goto EXPAND_FAILED_CURLY;
4395 case 3: goto EXPAND_FAILED;
4398 if (Ustrcmp(sub[0], "md5") == 0)
4401 use_base = &md5_base;
4405 else if (Ustrcmp(sub[0], "sha1") == 0)
4408 use_base = &sha1_base;
4414 expand_string_message =
4415 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
4420 keylen = Ustrlen(keyptr);
4422 /* If the key is longer than the hash block length, then hash the key
4425 if (keylen > hashblocklen)
4427 chash_start(type, use_base);
4428 chash_end(type, use_base, keyptr, keylen, keyhash);
4433 /* Now make the inner and outer key values */
4435 memset(innerkey, 0x36, hashblocklen);
4436 memset(outerkey, 0x5c, hashblocklen);
4438 for (i = 0; i < keylen; i++)
4440 innerkey[i] ^= keyptr[i];
4441 outerkey[i] ^= keyptr[i];
4444 /* Now do the hashes */
4446 chash_start(type, use_base);
4447 chash_mid(type, use_base, innerkey);
4448 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
4450 chash_start(type, use_base);
4451 chash_mid(type, use_base, outerkey);
4452 chash_end(type, use_base, innerhash, hashlen, finalhash);
4454 /* Encode the final hash as a hex string */
4457 for (i = 0; i < hashlen; i++)
4459 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
4460 *p++ = hex_digits[finalhash[i] & 0x0f];
4463 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
4464 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
4466 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
4471 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
4472 We have to save the numerical variables and restore them afterwards. */
4477 int moffset, moffsetextra, slen;
4480 const uschar *rerror;
4483 int save_expand_nmax =
4484 save_expand_strings(save_expand_nstring, save_expand_nlength);
4486 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
4488 case 1: goto EXPAND_FAILED_CURLY;
4490 case 3: goto EXPAND_FAILED;
4493 /* Compile the regular expression */
4495 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
4500 expand_string_message = string_sprintf("regular expression error in "
4501 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
4505 /* Now run a loop to do the substitutions as often as necessary. It ends
4506 when there are no more matches. Take care over matches of the null string;
4507 do the same thing as Perl does. */
4510 slen = Ustrlen(sub[0]);
4511 moffset = moffsetextra = 0;
4516 int ovector[3*(EXPAND_MAXN+1)];
4517 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
4518 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
4522 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
4523 is not necessarily the end. We want to repeat the match from one
4524 character further along, but leaving the basic offset the same (for
4525 copying below). We can't be at the end of the string - that was checked
4526 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
4527 finished; copy the remaining string and end the loop. */
4537 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
4541 /* Match - set up for expanding the replacement. */
4543 if (n == 0) n = EXPAND_MAXN + 1;
4545 for (nn = 0; nn < n*2; nn += 2)
4547 expand_nstring[expand_nmax] = subject + ovector[nn];
4548 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4552 /* Copy the characters before the match, plus the expanded insertion. */
4554 yield = string_cat(yield, &size, &ptr, subject + moffset,
4555 ovector[0] - moffset);
4556 insert = expand_string(sub[2]);
4557 if (insert == NULL) goto EXPAND_FAILED;
4558 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
4560 moffset = ovector[1];
4564 /* If we have matched an empty string, first check to see if we are at
4565 the end of the subject. If so, the loop is over. Otherwise, mimic
4566 what Perl's /g options does. This turns out to be rather cunning. First
4567 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
4568 string at the same point. If this fails (picked up above) we advance to
4569 the next character. */
4571 if (ovector[0] == ovector[1])
4573 if (ovector[0] == slen) break;
4574 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
4578 /* All done - restore numerical variables. */
4580 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4581 save_expand_nlength);
4585 /* Handle keyed and numbered substring extraction. If the first argument
4586 consists entirely of digits, then a numerical extraction is assumed. */
4592 int field_number = 1;
4593 BOOL field_number_set = FALSE;
4594 uschar *save_lookup_value = lookup_value;
4596 int save_expand_nmax =
4597 save_expand_strings(save_expand_nstring, save_expand_nlength);
4599 /* Read the arguments */
4601 for (i = 0; i < j; i++)
4603 while (isspace(*s)) s++;
4606 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
4607 if (sub[i] == NULL) goto EXPAND_FAILED;
4608 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
4610 /* After removal of leading and trailing white space, the first
4611 argument must not be empty; if it consists entirely of digits
4612 (optionally preceded by a minus sign), this is a numerical
4613 extraction, and we expect 3 arguments. */
4621 while (isspace(*p)) p++;
4625 while (len > 0 && isspace(p[len-1])) len--;
4630 expand_string_message = US"first argument of \"extract\" must "
4640 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
4644 j = 3; /* Need 3 args */
4645 field_number_set = TRUE;
4649 else goto EXPAND_FAILED_CURLY;
4652 /* Extract either the numbered or the keyed substring into $value. If
4653 skipping, just pretend the extraction failed. */
4655 lookup_value = skipping? NULL : field_number_set?
4656 expand_gettokened(field_number, sub[1], sub[2]) :
4657 expand_getkeyed(sub[0], sub[1]);
4659 /* If no string follows, $value gets substituted; otherwise there can
4660 be yes/no strings, as for lookup or if. */
4662 switch(process_yesno(
4663 skipping, /* were previously skipping */
4664 lookup_value != NULL, /* success/failure indicator */
4665 save_lookup_value, /* value to reset for string2 */
4666 &s, /* input pointer */
4667 &yield, /* output pointer */
4668 &size, /* output size */
4669 &ptr, /* output current point */
4670 US"extract")) /* condition type */
4672 case 1: goto EXPAND_FAILED; /* when all is well, the */
4673 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
4676 /* All done - restore numerical variables. */
4678 restore_expand_strings(save_expand_nmax, save_expand_nstring,
4679 save_expand_nlength);
4685 /* If ${dlfunc support is configured, handle calling dynamically-loaded
4686 functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
4687 or ${dlfunc{file}{func}{arg}} or ${dlfunc{file}{func}{arg1}{arg2}} or up to
4688 a maximum of EXPAND_DLFUNC_MAX_ARGS arguments (defined below). */
4690 #define EXPAND_DLFUNC_MAX_ARGS 8
4693 #ifndef EXPAND_DLFUNC
4694 expand_string_message = US"\"${dlfunc\" encountered, but this facility "
4695 "is not included in this binary";
4698 #else /* EXPAND_DLFUNC */
4701 exim_dlfunc_t *func;
4704 uschar *argv[EXPAND_DLFUNC_MAX_ARGS + 3];
4706 if ((expand_forbid & RDO_DLFUNC) != 0)
4708 expand_string_message =
4709 US"dynamically-loaded functions are not permitted";
4713 switch(read_subs(argv, EXPAND_DLFUNC_MAX_ARGS + 2, 2, &s, skipping,
4716 case 1: goto EXPAND_FAILED_CURLY;
4718 case 3: goto EXPAND_FAILED;
4721 /* If skipping, we don't actually do anything */
4723 if (skipping) continue;
4725 /* Look up the dynamically loaded object handle in the tree. If it isn't
4726 found, dlopen() the file and put the handle in the tree for next time. */
4728 t = tree_search(dlobj_anchor, argv[0]);
4731 void *handle = dlopen(CS argv[0], RTLD_LAZY);
4734 expand_string_message = string_sprintf("dlopen \"%s\" failed: %s",
4735 argv[0], dlerror());
4736 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4739 t = store_get_perm(sizeof(tree_node) + Ustrlen(argv[0]));
4740 Ustrcpy(t->name, argv[0]);
4741 t->data.ptr = handle;
4742 (void)tree_insertnode(&dlobj_anchor, t);
4745 /* Having obtained the dynamically loaded object handle, look up the
4746 function pointer. */
4748 func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]);
4751 expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: "
4752 "%s", argv[1], argv[0], dlerror());
4753 log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
4757 /* Call the function and work out what to do with the result. If it
4758 returns OK, we have a replacement string; if it returns DEFER then
4759 expansion has failed in a non-forced manner; if it returns FAIL then
4760 failure was forced; if it returns ERROR or any other value there's a
4761 problem, so panic slightly. */
4764 for (argc = 0; argv[argc] != NULL; argc++);
4765 status = func(&result, argc - 2, &argv[2]);
4768 if (result == NULL) result = US"";
4769 yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
4774 expand_string_message = result == NULL ? US"(no message)" : result;
4775 if(status == FAIL_FORCED) expand_string_forcedfail = TRUE;
4776 else if(status != FAIL)
4777 log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s",
4778 argv[0], argv[1], status, expand_string_message);
4782 #endif /* EXPAND_DLFUNC */
4785 /* Control reaches here if the name is not recognized as one of the more
4786 complicated expansion items. Check for the "operator" syntax (name terminated
4787 by a colon). Some of the operators have arguments, separated by _ from the
4794 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
4795 if (sub == NULL) goto EXPAND_FAILED;
4798 /* Owing to an historical mis-design, an underscore may be part of the
4799 operator name, or it may introduce arguments. We therefore first scan the
4800 table of names that contain underscores. If there is no match, we cut off
4801 the arguments and then scan the main table. */
4803 c = chop_match(name, op_table_underscore,
4804 sizeof(op_table_underscore)/sizeof(uschar *));
4808 arg = Ustrchr(name, '_');
4809 if (arg != NULL) *arg = 0;
4810 c = chop_match(name, op_table_main,
4811 sizeof(op_table_main)/sizeof(uschar *));
4812 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
4813 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
4816 /* If we are skipping, we don't need to perform the operation at all.
4817 This matters for operations like "mask", because the data may not be
4818 in the correct format when skipping. For example, the expression may test
4819 for the existence of $sender_host_address before trying to mask it. For
4820 other operations, doing them may not fail, but it is a waste of time. */
4822 if (skipping && c >= 0) continue;
4824 /* Otherwise, switch on the operator type */
4831 unsigned long int n = Ustrtoul(sub, &t, 10);
4834 expand_string_message = string_sprintf("argument for base62 "
4835 "operator is \"%s\", which is not a decimal number", sub);
4838 t = string_base62(n);
4839 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4843 /* Note that for Darwin and Cygwin, BASE_62 actually has the value 36 */
4849 unsigned long int n = 0;
4852 uschar *t = Ustrchr(base62_chars, *tt++);
4855 expand_string_message = string_sprintf("argument for base62d "
4856 "operator is \"%s\", which is not a base %d number", sub,
4860 n = n * BASE_62 + (t - base62_chars);
4862 (void)sprintf(CS buf, "%ld", n);
4863 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
4869 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
4870 if (expanded == NULL)
4872 expand_string_message =
4873 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
4874 expand_string_message);
4877 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
4884 uschar *t = sub - 1;
4885 while (*(++t) != 0) { *t = tolower(*t); count++; }
4886 yield = string_cat(yield, &size, &ptr, sub, count);
4893 uschar *t = sub - 1;
4894 while (*(++t) != 0) { *t = toupper(*t); count++; }
4895 yield = string_cat(yield, &size, &ptr, sub, count);
4906 md5_end(&base, sub, Ustrlen(sub), digest);
4907 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
4908 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
4919 sha1_end(&base, sub, Ustrlen(sub), digest);
4920 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
4921 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
4925 /* Convert hex encoding to base64 encoding */
4935 for (enc = sub; *enc != 0; enc++)
4937 if (!isxdigit(*enc))
4939 expand_string_message = string_sprintf("\"%s\" is not a hex "
4948 expand_string_message = string_sprintf("\"%s\" contains an odd "
4949 "number of characters", sub);
4953 while ((c = *in++) != 0)
4955 if (isdigit(c)) c -= '0';
4956 else c = toupper(c) - 'A' + 10;
4968 enc = auth_b64encode(sub, out - sub);
4969 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
4973 /* mask applies a mask to an IP address; for example the result of
4974 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
4981 int mask, maskoffset;
4982 int type = string_is_ip_address(sub, &maskoffset);
4987 expand_string_message = string_sprintf("\"%s\" is not an IP address",
4992 if (maskoffset == 0)
4994 expand_string_message = string_sprintf("missing mask value in \"%s\"",
4999 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
5001 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
5003 expand_string_message = string_sprintf("mask value too big in \"%s\"",
5008 /* Convert the address to binary integer(s) and apply the mask */
5010 sub[maskoffset] = 0;
5011 count = host_aton(sub, binary);
5012 host_mask(count, binary, mask);
5014 /* Convert to masked textual format and add to output. */
5016 yield = string_cat(yield, &size, &ptr, buffer,
5017 host_nmtoa(count, binary, mask, buffer, '.'));
5022 case EOP_LOCAL_PART:
5026 int start, end, domain;
5027 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
5031 if (c != EOP_DOMAIN)
5033 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
5034 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
5036 else if (domain != 0)
5039 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
5045 /* quote puts a string in quotes if it is empty or contains anything
5046 other than alphamerics, underscore, dot, or hyphen.
5048 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
5049 be quoted in order to be a valid local part.
5051 In both cases, newlines and carriage returns are converted into \n and \r
5055 case EOP_QUOTE_LOCAL_PART:
5058 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
5059 uschar *t = sub - 1;
5063 while (!needs_quote && *(++t) != 0)
5064 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
5066 else /* EOP_QUOTE_LOCAL_PART */
5068 while (!needs_quote && *(++t) != 0)
5069 needs_quote = !isalnum(*t) &&
5070 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
5071 (*t != '.' || t == sub || t[1] == 0);
5076 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5081 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
5082 else if (*t == '\r')
5083 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
5086 if (*t == '\\' || *t == '"')
5087 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5088 yield = string_cat(yield, &size, &ptr, t, 1);
5091 yield = string_cat(yield, &size, &ptr, US"\"", 1);
5093 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5097 /* quote_lookuptype does lookup-specific quoting */
5102 uschar *opt = Ustrchr(arg, '_');
5104 if (opt != NULL) *opt++ = 0;
5106 n = search_findtype(arg, Ustrlen(arg));
5109 expand_string_message = search_error_message;
5113 if (lookup_list[n].quote != NULL)
5114 sub = (lookup_list[n].quote)(sub, opt);
5115 else if (opt != NULL) sub = NULL;
5119 expand_string_message = string_sprintf(
5120 "\"%s\" unrecognized after \"${quote_%s\"",
5125 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
5129 /* rx quote sticks in \ before any non-alphameric character so that
5130 the insertion works in a regular expression. */
5134 uschar *t = sub - 1;
5138 yield = string_cat(yield, &size, &ptr, US"\\", 1);
5139 yield = string_cat(yield, &size, &ptr, t, 1);
5144 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
5145 prescribed by the RFC, if there are characters that need to be encoded */
5149 uschar buffer[2048];
5150 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
5151 buffer, sizeof(buffer), FALSE);
5152 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
5156 /* RFC 2047 decode */
5162 uschar *decoded = rfc2047_decode(sub, check_rfc2047_length,
5163 headers_charset, '?', &len, &error);
5166 expand_string_message = error;
5169 yield = string_cat(yield, &size, &ptr, decoded, len);
5173 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
5183 if (c > 255) c = '_';
5185 yield = string_cat(yield, &size, &ptr, buff, 1);
5190 /* escape turns all non-printing characters into escape sequences. */
5194 uschar *t = string_printing(sub);
5195 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5199 /* Handle numeric expression evaluation */
5204 uschar *save_sub = sub;
5205 uschar *error = NULL;
5206 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
5209 expand_string_message = string_sprintf("error in expression "
5210 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
5214 sprintf(CS var_buffer, "%d", n);
5215 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5219 /* Handle time period formating */
5223 int n = readconf_readtime(sub, 0, FALSE);
5226 expand_string_message = string_sprintf("string \"%s\" is not an "
5227 "Exim time interval in \"%s\" operator", sub, name);
5230 sprintf(CS var_buffer, "%d", n);
5231 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
5235 case EOP_TIME_INTERVAL:
5238 uschar *t = read_number(&n, sub);
5239 if (*t != 0) /* Not A Number*/
5241 expand_string_message = string_sprintf("string \"%s\" is not a "
5242 "positive number in \"%s\" operator", sub, name);
5245 t = readconf_printtime(n);
5246 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
5250 /* Convert string to base64 encoding */
5254 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
5255 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
5259 /* strlen returns the length of the string */
5264 (void)sprintf(CS buff, "%d", Ustrlen(sub));
5265 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
5269 /* length_n or l_n takes just the first n characters or the whole string,
5270 whichever is the shorter;
5272 substr_m_n, and s_m_n take n characters from offset m; negative m take
5273 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
5274 takes the rest, either to the right or to the left.
5276 hash_n or h_n makes a hash of length n from the string, yielding n
5277 characters from the set a-z; hash_n_m makes a hash of length n, but
5278 uses m characters from the set a-zA-Z0-9.
5280 nhash_n returns a single number between 0 and n-1 (in text form), while
5281 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
5282 between 0 and n-1 and the second between 0 and m-1. */
5302 expand_string_message = string_sprintf("missing values after %s",
5307 /* "length" has only one argument, effectively being synonymous with
5310 if (c == EOP_LENGTH || c == EOP_L)
5316 /* The others have one or two arguments; for "substr" the first may be
5317 negative. The second being negative means "not supplied". */
5322 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
5325 /* Read up to two numbers, separated by underscores */
5330 if (arg != ret && *arg == '_' && pn == &value1)
5334 if (arg[1] != 0) arg++;
5336 else if (!isdigit(*arg))
5338 expand_string_message =
5339 string_sprintf("non-digit after underscore in \"%s\"", name);
5342 else *pn = (*pn)*10 + *arg++ - '0';
5346 /* Perform the required operation */
5349 (c == EOP_HASH || c == EOP_H)?
5350 compute_hash(sub, value1, value2, &len) :
5351 (c == EOP_NHASH || c == EOP_NH)?
5352 compute_nhash(sub, value1, value2, &len) :
5353 extract_substr(sub, value1, value2, &len);
5355 if (ret == NULL) goto EXPAND_FAILED;
5356 yield = string_cat(yield, &size, &ptr, ret, len);
5366 uschar **modetable[3];
5371 if ((expand_forbid & RDO_EXISTS) != 0)
5373 expand_string_message = US"Use of the stat() expansion is not permitted";
5377 if (stat(CS sub, &st) < 0)
5379 expand_string_message = string_sprintf("stat(%s) failed: %s",
5380 sub, strerror(errno));
5384 switch (mode & S_IFMT)
5386 case S_IFIFO: smode[0] = 'p'; break;
5387 case S_IFCHR: smode[0] = 'c'; break;
5388 case S_IFDIR: smode[0] = 'd'; break;
5389 case S_IFBLK: smode[0] = 'b'; break;
5390 case S_IFREG: smode[0] = '-'; break;
5391 default: smode[0] = '?'; break;
5394 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
5395 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
5396 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
5398 for (i = 0; i < 3; i++)
5400 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
5405 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
5406 "uid=%ld gid=%ld size=" OFF_T_FMT " atime=%ld mtime=%ld ctime=%ld",
5407 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
5408 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
5409 (long)st.st_gid, st.st_size, (long)st.st_atime,
5410 (long)st.st_mtime, (long)st.st_ctime);
5411 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
5415 /* Unknown operator */
5418 expand_string_message =
5419 string_sprintf("unknown expansion operator \"%s\"", name);
5424 /* Handle a plain name. If this is the first thing in the expansion, release
5425 the pre-allocated buffer. If the result data is known to be in a new buffer,
5426 newsize will be set to the size of that buffer, and we can just point at that
5427 store instead of copying. Many expansion strings contain just one reference,
5428 so this is a useful optimization, especially for humungous headers
5429 ($message_headers). */
5441 value = find_variable(name, FALSE, skipping, &newsize);
5444 expand_string_message =
5445 string_sprintf("unknown variable in \"${%s}\"", name);
5446 check_variable_error_message(name);
5449 len = Ustrlen(value);
5450 if (yield == NULL && newsize != 0)
5456 else yield = string_cat(yield, &size, &ptr, value, len);
5460 /* Else there's something wrong */
5462 expand_string_message =
5463 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
5464 "in a variable reference)", name);
5468 /* If we hit the end of the string when ket_ends is set, there is a missing
5469 terminating brace. */
5471 if (ket_ends && *s == 0)
5473 expand_string_message = malformed_header?
5474 US"missing } at end of string - could be header name not terminated by colon"
5476 US"missing } at end of string";
5480 /* Expansion succeeded; yield may still be NULL here if nothing was actually
5481 added to the string. If so, set up an empty string. Add a terminating zero. If
5482 left != NULL, return a pointer to the terminator. */
5484 if (yield == NULL) yield = store_get(1);
5486 if (left != NULL) *left = s;
5488 /* Any stacking store that was used above the final string is no longer needed.
5489 In many cases the final string will be the first one that was got and so there
5490 will be optimal store usage. */
5492 store_reset(yield + ptr + 1);
5495 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
5497 if (skipping) debug_printf("skipping: result is not used\n");
5501 /* This is the failure exit: easiest to program with a goto. We still need
5502 to update the pointer to the terminator, for cases of nested calls with "fail".
5505 EXPAND_FAILED_CURLY:
5506 expand_string_message = malformed_header?
5507 US"missing or misplaced { or } - could be header name not terminated by colon"
5509 US"missing or misplaced { or }";
5511 /* At one point, Exim reset the store to yield (if yield was not NULL), but
5512 that is a bad idea, because expand_string_message is in dynamic store. */
5515 if (left != NULL) *left = s;
5518 debug_printf("failed to expand: %s\n", string);
5519 debug_printf(" error message: %s\n", expand_string_message);
5520 if (expand_string_forcedfail) debug_printf("failure was forced\n");
5526 /* This is the external function call. Do a quick check for any expansion
5527 metacharacters, and if there are none, just return the input string.
5529 Argument: the string to be expanded
5530 Returns: the expanded string, or NULL if expansion failed; if failure was
5531 due to a lookup deferring, search_find_defer will be TRUE
5535 expand_string(uschar *string)
5537 search_find_defer = FALSE;
5538 malformed_header = FALSE;
5539 return (Ustrpbrk(string, "$\\") == NULL)? string :
5540 expand_string_internal(string, FALSE, NULL, FALSE);
5545 /*************************************************
5547 *************************************************/
5549 /* Now and again we want to expand a string and be sure that the result is in a
5550 new bit of store. This function does that.
5552 Argument: the string to be expanded
5553 Returns: the expanded string, always in a new bit of store, or NULL
5557 expand_string_copy(uschar *string)
5559 uschar *yield = expand_string(string);
5560 if (yield == string) yield = string_copy(string);
5566 /*************************************************
5567 * Expand and interpret as an integer *
5568 *************************************************/
5570 /* Expand a string, and convert the result into an integer.
5573 string the string to be expanded
5574 isplus TRUE if a non-negative number is expected
5576 Returns: the integer value, or
5577 -1 for an expansion error ) in both cases, message in
5578 -2 for an integer interpretation error ) expand_string_message
5579 expand_string_message is set NULL for an OK integer
5583 expand_string_integer(uschar *string, BOOL isplus)
5586 uschar *s = expand_string(string);
5587 uschar *msg = US"invalid integer \"%s\"";
5590 /* If expansion failed, expand_string_message will be set. */
5592 if (s == NULL) return -1;
5594 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
5595 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
5596 systems, so we set it zero ourselves. */
5599 expand_string_message = NULL; /* Indicates no error */
5600 value = strtol(CS s, CSS &endptr, 10);
5604 msg = US"integer expected but \"%s\" found";
5606 else if (value < 0 && isplus)
5608 msg = US"non-negative integer expected but \"%s\" found";
5612 /* Ensure we can cast this down to an int */
5613 if (value > INT_MAX || value < INT_MIN) errno = ERANGE;
5615 if (errno != ERANGE)
5617 if (tolower(*endptr) == 'k')
5619 if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE;
5623 else if (tolower(*endptr) == 'm')
5625 if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024))
5627 else value *= 1024*1024;
5631 if (errno == ERANGE)
5632 msg = US"absolute value of integer \"%s\" is too large (overflow)";
5635 while (isspace(*endptr)) endptr++;
5636 if (*endptr == 0) return (int)value;
5640 expand_string_message = string_sprintf(CS msg, s);
5645 /*************************************************
5646 **************************************************
5647 * Stand-alone test program *
5648 **************************************************
5649 *************************************************/
5655 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
5657 int ovector[3*(EXPAND_MAXN+1)];
5658 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
5659 ovector, sizeof(ovector)/sizeof(int));
5660 BOOL yield = n >= 0;
5661 if (n == 0) n = EXPAND_MAXN + 1;
5665 expand_nmax = (setup < 0)? 0 : setup + 1;
5666 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
5668 expand_nstring[expand_nmax] = subject + ovector[nn];
5669 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
5677 int main(int argc, uschar **argv)
5680 uschar buffer[1024];
5682 debug_selector = D_v;
5683 debug_file = stderr;
5684 debug_fd = fileno(debug_file);
5685 big_buffer = malloc(big_buffer_size);
5687 for (i = 1; i < argc; i++)
5689 if (argv[i][0] == '+')
5691 debug_trace_memory = 2;
5694 if (isdigit(argv[i][0]))
5695 debug_selector = Ustrtol(argv[i], NULL, 0);
5697 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
5701 eldap_default_servers = argv[i];
5704 mysql_servers = argv[i];
5707 pgsql_servers = argv[i];
5711 else opt_perl_startup = argv[i];
5715 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
5717 expand_nstring[1] = US"string 1....";
5718 expand_nlength[1] = 8;
5722 if (opt_perl_startup != NULL)
5725 printf("Starting Perl interpreter\n");
5726 errstr = init_perl(opt_perl_startup);
5729 printf("** error in perl_startup code: %s\n", errstr);
5730 return EXIT_FAILURE;
5733 #endif /* EXIM_PERL */
5735 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
5737 void *reset_point = store_get(0);
5738 uschar *yield = expand_string(buffer);
5741 printf("%s\n", yield);
5742 store_reset(reset_point);
5746 if (search_find_defer) printf("search_find deferred\n");
5747 printf("Failed: %s\n", expand_string_message);
5748 if (expand_string_forcedfail) printf("Forced failure\n");
5760 /* End of expand.c */