1 /* $Cambridge: exim/src/src/expand.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */
3 /*************************************************
4 * Exim - an Internet mail transport agent *
5 *************************************************/
7 /* Copyright (c) University of Cambridge 1995 - 2004 */
8 /* See the file NOTICE for conditions of use and distribution. */
11 /* Functions for handling string expansion. */
17 #ifndef SUPPORT_CRYPTEQ
18 #define SUPPORT_CRYPTEQ
22 #ifdef SUPPORT_CRYPTEQ
27 extern char* crypt16(char*, char*);
32 #include "lookups/ldap.h"
37 /* Recursively called function */
39 static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL);
43 /*************************************************
44 * Local statics and tables *
45 *************************************************/
47 /* Table of item names, and corresponding switch numbers. The names must be in
48 alphabetical order. */
50 static uschar *item_table[] = {
86 /* Tables of operator names, and corresponding switch numbers. The names must be
87 in alphabetical order. There are two tables, because underscore is used in some
88 cases to introduce arguments, whereas for other it is part of the name. This is
89 an historical mis-design. */
91 static uschar *op_table_underscore[] = {
100 EOP_QUOTE_LOCAL_PART,
103 static uschar *op_table_main[] = {
134 EOP_ADDRESS = sizeof(op_table_underscore)/sizeof(uschar *),
164 /* Table of condition names, and corresponding switch numbers. The names must
165 be in alphabetical order. */
167 static uschar *cond_table[] = {
171 US"==", /* Backward compatibility */
196 US"match_local_part",
218 ECOND_FIRST_DELIVERY,
234 ECOND_MATCH_LOCAL_PART,
244 /* Type for main variable table */
252 /* Type for entries pointing to address/length pairs. Not currently
260 /* Types of table entry */
263 vtype_int, /* value is address of int */
264 vtype_filter_int, /* ditto, but recognized only when filtering */
265 vtype_ino, /* value is address of ino_t (not always an int) */
266 vtype_uid, /* value is address of uid_t (not always an int) */
267 vtype_gid, /* value is address of gid_t (not always an int) */
268 vtype_stringptr, /* value is address of pointer to string */
269 vtype_msgbody, /* as stringptr, but read when first required */
270 vtype_msgbody_end, /* ditto, the end of the message */
271 vtype_msgheaders, /* the message's headers */
272 vtype_localpart, /* extract local part from string */
273 vtype_domain, /* extract domain from string */
274 vtype_recipients, /* extract recipients from recipients list */
275 /* (enabled only during system filtering */
276 vtype_todbsdin, /* value not used; generate BSD inbox tod */
277 vtype_tode, /* value not used; generate tod in epoch format */
278 vtype_todf, /* value not used; generate full tod */
279 vtype_todl, /* value not used; generate log tod */
280 vtype_todlf, /* value not used; generate log file datestamp tod */
281 vtype_todzone, /* value not used; generate time zone only */
282 vtype_todzulu, /* value not used; generate zulu tod */
283 vtype_reply, /* value not used; get reply from headers */
284 vtype_pid, /* value not used; result is pid */
285 vtype_host_lookup, /* value not used; get host name */
286 vtype_load_avg /* value not used; result is int from os_getloadavg */
289 /* This table must be kept in alphabetical order. */
291 static var_entry var_table[] = {
292 { "acl_c0", vtype_stringptr, &acl_var[0] },
293 { "acl_c1", vtype_stringptr, &acl_var[1] },
294 { "acl_c2", vtype_stringptr, &acl_var[2] },
295 { "acl_c3", vtype_stringptr, &acl_var[3] },
296 { "acl_c4", vtype_stringptr, &acl_var[4] },
297 { "acl_c5", vtype_stringptr, &acl_var[5] },
298 { "acl_c6", vtype_stringptr, &acl_var[6] },
299 { "acl_c7", vtype_stringptr, &acl_var[7] },
300 { "acl_c8", vtype_stringptr, &acl_var[8] },
301 { "acl_c9", vtype_stringptr, &acl_var[9] },
302 { "acl_m0", vtype_stringptr, &acl_var[10] },
303 { "acl_m1", vtype_stringptr, &acl_var[11] },
304 { "acl_m2", vtype_stringptr, &acl_var[12] },
305 { "acl_m3", vtype_stringptr, &acl_var[13] },
306 { "acl_m4", vtype_stringptr, &acl_var[14] },
307 { "acl_m5", vtype_stringptr, &acl_var[15] },
308 { "acl_m6", vtype_stringptr, &acl_var[16] },
309 { "acl_m7", vtype_stringptr, &acl_var[17] },
310 { "acl_m8", vtype_stringptr, &acl_var[18] },
311 { "acl_m9", vtype_stringptr, &acl_var[19] },
312 { "acl_verify_message", vtype_stringptr, &acl_verify_message },
313 { "address_data", vtype_stringptr, &deliver_address_data },
314 { "address_file", vtype_stringptr, &address_file },
315 { "address_pipe", vtype_stringptr, &address_pipe },
316 { "authenticated_id", vtype_stringptr, &authenticated_id },
317 { "authenticated_sender",vtype_stringptr, &authenticated_sender },
318 { "authentication_failed",vtype_int, &authentication_failed },
319 { "body_linecount", vtype_int, &body_linecount },
320 { "body_zerocount", vtype_int, &body_zerocount },
321 { "bounce_recipient", vtype_stringptr, &bounce_recipient },
322 { "bounce_return_size_limit", vtype_int, &bounce_return_size_limit },
323 { "caller_gid", vtype_gid, &real_gid },
324 { "caller_uid", vtype_uid, &real_uid },
325 { "compile_date", vtype_stringptr, &version_date },
326 { "compile_number", vtype_stringptr, &version_cnumber },
327 { "dnslist_domain", vtype_stringptr, &dnslist_domain },
328 { "dnslist_text", vtype_stringptr, &dnslist_text },
329 { "dnslist_value", vtype_stringptr, &dnslist_value },
330 { "domain", vtype_stringptr, &deliver_domain },
331 { "domain_data", vtype_stringptr, &deliver_domain_data },
332 { "exim_gid", vtype_gid, &exim_gid },
333 { "exim_path", vtype_stringptr, &exim_path },
334 { "exim_uid", vtype_uid, &exim_uid },
335 { "home", vtype_stringptr, &deliver_home },
336 { "host", vtype_stringptr, &deliver_host },
337 { "host_address", vtype_stringptr, &deliver_host_address },
338 { "host_data", vtype_stringptr, &host_data },
339 { "host_lookup_failed", vtype_int, &host_lookup_failed },
340 { "inode", vtype_ino, &deliver_inode },
341 { "interface_address", vtype_stringptr, &interface_address },
342 { "interface_port", vtype_int, &interface_port },
344 { "ldap_dn", vtype_stringptr, &eldap_dn },
346 { "load_average", vtype_load_avg, NULL },
347 { "local_part", vtype_stringptr, &deliver_localpart },
348 { "local_part_data", vtype_stringptr, &deliver_localpart_data },
349 { "local_part_prefix", vtype_stringptr, &deliver_localpart_prefix },
350 { "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
351 { "local_scan_data", vtype_stringptr, &local_scan_data },
352 { "local_user_gid", vtype_gid, &local_user_gid },
353 { "local_user_uid", vtype_uid, &local_user_uid },
354 { "localhost_number", vtype_int, &host_number },
355 { "mailstore_basename", vtype_stringptr, &mailstore_basename },
356 { "message_age", vtype_int, &message_age },
357 { "message_body", vtype_msgbody, &message_body },
358 { "message_body_end", vtype_msgbody_end, &message_body_end },
359 { "message_body_size", vtype_int, &message_body_size },
360 { "message_headers", vtype_msgheaders, NULL },
361 { "message_id", vtype_stringptr, &message_id },
362 { "message_size", vtype_int, &message_size },
363 { "n0", vtype_filter_int, &filter_n[0] },
364 { "n1", vtype_filter_int, &filter_n[1] },
365 { "n2", vtype_filter_int, &filter_n[2] },
366 { "n3", vtype_filter_int, &filter_n[3] },
367 { "n4", vtype_filter_int, &filter_n[4] },
368 { "n5", vtype_filter_int, &filter_n[5] },
369 { "n6", vtype_filter_int, &filter_n[6] },
370 { "n7", vtype_filter_int, &filter_n[7] },
371 { "n8", vtype_filter_int, &filter_n[8] },
372 { "n9", vtype_filter_int, &filter_n[9] },
373 { "original_domain", vtype_stringptr, &deliver_domain_orig },
374 { "original_local_part", vtype_stringptr, &deliver_localpart_orig },
375 { "originator_gid", vtype_gid, &originator_gid },
376 { "originator_uid", vtype_uid, &originator_uid },
377 { "parent_domain", vtype_stringptr, &deliver_domain_parent },
378 { "parent_local_part", vtype_stringptr, &deliver_localpart_parent },
379 { "pid", vtype_pid, NULL },
380 { "primary_hostname", vtype_stringptr, &primary_hostname },
381 { "qualify_domain", vtype_stringptr, &qualify_domain_sender },
382 { "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
383 { "rcpt_count", vtype_int, &rcpt_count },
384 { "rcpt_defer_count", vtype_int, &rcpt_defer_count },
385 { "rcpt_fail_count", vtype_int, &rcpt_fail_count },
386 { "received_count", vtype_int, &received_count },
387 { "received_for", vtype_stringptr, &received_for },
388 { "received_protocol", vtype_stringptr, &received_protocol },
389 { "recipient_data", vtype_stringptr, &recipient_data },
390 { "recipients", vtype_recipients, NULL },
391 { "recipients_count", vtype_int, &recipients_count },
392 { "reply_address", vtype_reply, NULL },
393 { "return_path", vtype_stringptr, &return_path },
394 { "return_size_limit", vtype_int, &bounce_return_size_limit },
395 { "runrc", vtype_int, &runrc },
396 { "self_hostname", vtype_stringptr, &self_hostname },
397 { "sender_address", vtype_stringptr, &sender_address },
398 { "sender_address_domain", vtype_domain, &sender_address },
399 { "sender_address_local_part", vtype_localpart, &sender_address },
400 { "sender_data", vtype_stringptr, &sender_data },
401 { "sender_fullhost", vtype_stringptr, &sender_fullhost },
402 { "sender_helo_name", vtype_stringptr, &sender_helo_name },
403 { "sender_host_address", vtype_stringptr, &sender_host_address },
404 { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
405 { "sender_host_name", vtype_host_lookup, NULL },
406 { "sender_host_port", vtype_int, &sender_host_port },
407 { "sender_ident", vtype_stringptr, &sender_ident },
408 { "sender_rcvhost", vtype_stringptr, &sender_rcvhost },
409 { "smtp_command_argument", vtype_stringptr, &smtp_command_argument },
410 { "sn0", vtype_filter_int, &filter_sn[0] },
411 { "sn1", vtype_filter_int, &filter_sn[1] },
412 { "sn2", vtype_filter_int, &filter_sn[2] },
413 { "sn3", vtype_filter_int, &filter_sn[3] },
414 { "sn4", vtype_filter_int, &filter_sn[4] },
415 { "sn5", vtype_filter_int, &filter_sn[5] },
416 { "sn6", vtype_filter_int, &filter_sn[6] },
417 { "sn7", vtype_filter_int, &filter_sn[7] },
418 { "sn8", vtype_filter_int, &filter_sn[8] },
419 { "sn9", vtype_filter_int, &filter_sn[9] },
420 { "spool_directory", vtype_stringptr, &spool_directory },
421 { "thisaddress", vtype_stringptr, &filter_thisaddress },
422 { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
423 { "tls_cipher", vtype_stringptr, &tls_cipher },
424 { "tls_peerdn", vtype_stringptr, &tls_peerdn },
425 { "tod_bsdinbox", vtype_todbsdin, NULL },
426 { "tod_epoch", vtype_tode, NULL },
427 { "tod_full", vtype_todf, NULL },
428 { "tod_log", vtype_todl, NULL },
429 { "tod_logfile", vtype_todlf, NULL },
430 { "tod_zone", vtype_todzone, NULL },
431 { "tod_zulu", vtype_todzulu, NULL },
432 { "value", vtype_stringptr, &lookup_value },
433 { "version_number", vtype_stringptr, &version_string },
434 { "warn_message_delay", vtype_stringptr, &warnmsg_delay },
435 { "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
436 { "warn_message_recipients",vtype_stringptr,&warnmsg_recipients },
437 { "warnmsg_delay", vtype_stringptr, &warnmsg_delay },
438 { "warnmsg_recipient", vtype_stringptr, &warnmsg_recipients },
439 { "warnmsg_recipients", vtype_stringptr, &warnmsg_recipients }
442 static int var_table_size = sizeof(var_table)/sizeof(var_entry);
443 static uschar var_buffer[256];
444 static BOOL malformed_header;
446 /* For textual hashes */
448 static char *hashcodes = "abcdefghijklmnopqrtsuvwxyz"
449 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
452 enum { HMAC_MD5, HMAC_SHA1 };
454 /* For numeric hashes */
456 static unsigned int prime[] = {
457 2, 3, 5, 7, 11, 13, 17, 19, 23, 29,
458 31, 37, 41, 43, 47, 53, 59, 61, 67, 71,
459 73, 79, 83, 89, 97, 101, 103, 107, 109, 113};
461 /* For printing modes in symbolic form */
463 static uschar *mtable_normal[] =
464 { US"---", US"--x", US"-w-", US"-wx", US"r--", US"r-x", US"rw-", US"rwx" };
466 static uschar *mtable_setid[] =
467 { US"--S", US"--s", US"-wS", US"-ws", US"r-S", US"r-s", US"rwS", US"rws" };
469 static uschar *mtable_sticky[] =
470 { US"--T", US"--t", US"-wT", US"-wt", US"r-T", US"r-t", US"rwT", US"rwt" };
474 /*************************************************
475 * Tables for UTF-8 support *
476 *************************************************/
478 /* Table of the number of extra characters, indexed by the first character
479 masked with 0x3f. The highest number for a valid UTF-8 character is in fact
482 static uschar utf8_table1[] = {
483 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
484 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
485 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
486 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 };
488 /* These are the masks for the data bits in the first byte of a character,
489 indexed by the number of additional bytes. */
491 static int utf8_table2[] = { 0xff, 0x1f, 0x0f, 0x07, 0x03, 0x01};
493 /* Get the next UTF-8 character, advancing the pointer. */
495 #define GETUTF8INC(c, ptr) \
497 if ((c & 0xc0) == 0xc0) \
499 int a = utf8_table1[c & 0x3f]; /* Number of additional bytes */ \
501 c = (c & utf8_table2[a]) << s; \
505 c |= (*ptr++ & 0x3f) << s; \
510 /*************************************************
511 * Binary chop search on a table *
512 *************************************************/
514 /* This is used for matching expansion items and operators.
517 name the name that is being sought
518 table the table to search
519 table_size the number of items in the table
521 Returns: the offset in the table, or -1
525 chop_match(uschar *name, uschar **table, int table_size)
527 uschar **bot = table;
528 uschar **top = table + table_size;
532 uschar **mid = bot + (top - bot)/2;
533 int c = Ustrcmp(name, *mid);
534 if (c == 0) return mid - table;
535 if (c > 0) bot = mid + 1; else top = mid;
543 /*************************************************
544 * Check a condition string *
545 *************************************************/
547 /* This function is called to expand a string, and test the result for a "true"
548 or "false" value. Failure of the expansion yields FALSE; logged unless it was a
549 forced fail or lookup defer. All store used by the function can be released on
553 condition the condition string
554 m1 text to be incorporated in panic error
557 Returns: TRUE if condition is met, FALSE if not
561 expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
564 void *reset_point = store_get(0);
565 uschar *ss = expand_string(condition);
568 if (!expand_string_forcedfail && !search_find_defer)
569 log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" "
570 "for %s %s: %s", condition, m1, m2, expand_string_message);
573 rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
574 strcmpic(ss, US"false") != 0;
575 store_reset(reset_point);
581 /*************************************************
582 * Pick out a name from a string *
583 *************************************************/
585 /* If the name is too long, it is silently truncated.
588 name points to a buffer into which to put the name
589 max is the length of the buffer
590 s points to the first alphabetic character of the name
591 extras chars other than alphanumerics to permit
593 Returns: pointer to the first character after the name
595 Note: The test for *s != 0 in the while loop is necessary because
596 Ustrchr() yields non-NULL if the character is zero (which is not something
600 read_name(uschar *name, int max, uschar *s, uschar *extras)
603 while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL))
605 if (ptr < max-1) name[ptr++] = *s;
614 /*************************************************
615 * Pick out the rest of a header name *
616 *************************************************/
618 /* A variable name starting $header_ (or just $h_ for those who like
619 abbreviations) might not be the complete header name because headers can
620 contain any printing characters in their names, except ':'. This function is
621 called to read the rest of the name, chop h[eader]_ off the front, and put ':'
622 on the end, if the name was terminated by white space.
625 name points to a buffer in which the name read so far exists
626 max is the length of the buffer
627 s points to the first character after the name so far, i.e. the
628 first non-alphameric character after $header_xxxxx
630 Returns: a pointer to the first character after the header name
634 read_header_name(uschar *name, int max, uschar *s)
636 int prelen = Ustrchr(name, '_') - name + 1;
637 int ptr = Ustrlen(name) - prelen;
638 if (ptr > 0) memmove(name, name+prelen, ptr);
639 while (mac_isgraph(*s) && *s != ':')
641 if (ptr < max-1) name[ptr++] = *s;
652 /*************************************************
653 * Pick out a number from a string *
654 *************************************************/
657 n points to an integer into which to put the number
658 s points to the first digit of the number
660 Returns: a pointer to the character after the last digit
664 read_number(int *n, uschar *s)
667 while (isdigit(*s)) *n = *n * 10 + (*s++ - '0');
673 /*************************************************
674 * Extract keyed subfield from a string *
675 *************************************************/
677 /* The yield is in dynamic store; NULL means that the key was not found.
680 key points to the name of the key
681 s points to the string from which to extract the subfield
683 Returns: NULL if the subfield was not found, or
684 a pointer to the subfield's data
688 expand_getkeyed(uschar *key, uschar *s)
690 int length = Ustrlen(key);
691 while (isspace(*s)) s++;
693 /* Loop to search for the key */
701 while (*s != 0 && *s != '=' && !isspace(*s)) s++;
702 dkeylength = s - dkey;
703 while (isspace(*s)) s++;
704 if (*s == '=') while (isspace((*(++s))));
706 data = string_dequote(&s);
707 if (length == dkeylength && strncmpic(key, dkey, length) == 0)
710 while (isspace(*s)) s++;
719 /*************************************************
720 * Extract numbered subfield from string *
721 *************************************************/
723 /* Extracts a numbered field from a string that is divided by tokens - for
724 example a line from /etc/passwd is divided by colon characters. First field is
725 numbered one. Negative arguments count from the right. Zero returns the whole
726 string. Returns NULL if there are insufficient tokens in the string
729 Modifies final argument - this is a dynamically generated string, so that's OK.
732 field number of field to be extracted,
733 first field = 1, whole string = 0, last field = -1
734 separators characters that are used to break string into tokens
735 s points to the string from which to extract the subfield
737 Returns: NULL if the field was not found,
738 a pointer to the field's data inside s (modified to add 0)
742 expand_gettokened (int field, uschar *separators, uschar *s)
747 uschar *fieldtext = NULL;
749 if (field == 0) return s;
751 /* Break the line up into fields in place; for field > 0 we stop when we have
752 done the number of fields we want. For field < 0 we continue till the end of
753 the string, counting the number of fields. */
755 count = (field > 0)? field : INT_MAX;
761 /* Previous field was the last one in the string. For a positive field
762 number, this means there are not enough fields. For a negative field number,
763 check that there are enough, and scan back to find the one that is wanted. */
767 if (field > 0 || (-field) > (INT_MAX - count - 1)) return NULL;
768 if ((-field) == (INT_MAX - count - 1)) return s;
772 while (ss[-1] != 0) ss--;
778 /* Previous field was not last in the string; save its start and put a
782 len = Ustrcspn(ss, separators);
793 /*************************************************
794 * Extract a substring from a string *
795 *************************************************/
797 /* Perform the ${substr or ${length expansion operations.
800 subject the input string
801 value1 the offset from the start of the input string to the start of
802 the output string; if negative, count from the right.
803 value2 the length of the output string, or negative (-1) for unset
804 if value1 is positive, unset means "all after"
805 if value1 is negative, unset means "all before"
806 len set to the length of the returned string
808 Returns: pointer to the output string, or NULL if there is an error
812 extract_substr(uschar *subject, int value1, int value2, int *len)
814 int sublen = Ustrlen(subject);
816 if (value1 < 0) /* count from right */
820 /* If the position is before the start, skip to the start, and adjust the
821 length. If the length ends up negative, the substring is null because nothing
822 can precede. This falls out naturally when the length is unset, meaning "all
828 if (value2 < 0) value2 = 0;
832 /* Otherwise an unset length => characters before value1 */
841 /* For a non-negative offset, if the starting position is past the end of the
842 string, the result will be the null string. Otherwise, an unset length means
843 "rest"; just set it to the maximum - it will be cut down below if necessary. */
852 else if (value2 < 0) value2 = sublen;
855 /* Cut the length down to the maximum possible for the offset value, and get
856 the required characters. */
858 if (value1 + value2 > sublen) value2 = sublen - value1;
860 return subject + value1;
866 /*************************************************
867 * Old-style hash of a string *
868 *************************************************/
870 /* Perform the ${hash expansion operation.
873 subject the input string (an expanded substring)
874 value1 the length of the output string; if greater or equal to the
875 length of the input string, the input string is returned
876 value2 the number of hash characters to use, or 26 if negative
877 len set to the length of the returned string
879 Returns: pointer to the output string, or NULL if there is an error
883 compute_hash(uschar *subject, int value1, int value2, int *len)
885 int sublen = Ustrlen(subject);
887 if (value2 < 0) value2 = 26;
888 else if (value2 > Ustrlen(hashcodes))
890 expand_string_message =
891 string_sprintf("hash count \"%d\" too big", value2);
895 /* Calculate the hash text. We know it is shorter than the original string, so
896 can safely place it in subject[] (we know that subject is always itself an
897 expanded substring). */
904 while ((c = (subject[j])) != 0)
906 int shift = (c + j++) & 7;
907 subject[i] ^= (c << shift) | (c >> (8-shift));
908 if (++i >= value1) i = 0;
910 for (i = 0; i < value1; i++)
911 subject[i] = hashcodes[(subject[i]) % value2];
913 else value1 = sublen;
922 /*************************************************
923 * Numeric hash of a string *
924 *************************************************/
926 /* Perform the ${nhash expansion operation. The first characters of the
927 string are treated as most important, and get the highest prime numbers.
930 subject the input string
931 value1 the maximum value of the first part of the result
932 value2 the maximum value of the second part of the result,
933 or negative to produce only a one-part result
934 len set to the length of the returned string
936 Returns: pointer to the output string, or NULL if there is an error.
940 compute_nhash (uschar *subject, int value1, int value2, int *len)
944 unsigned long int total = 0; /* no overflow */
948 if (i == 0) i = sizeof(prime)/sizeof(int) - 1;
949 total += prime[i--] * (unsigned int)(*s++);
952 /* If value2 is unset, just compute one number */
956 s = string_sprintf("%d", total % value1);
959 /* Otherwise do a div/mod hash */
963 total = total % (value1 * value2);
964 s = string_sprintf("%d/%d", total/value2, total % value2);
975 /*************************************************
976 * Find the value of a header or headers *
977 *************************************************/
979 /* Multiple instances of the same header get concatenated, and this function
980 can also return a concatenation of all the header lines. When concatenating
981 specific headers that contain lists of addresses, a comma is inserted between
982 them. Otherwise we use a straight concatenation. Because some messages can have
983 pathologically large number of lines, there is a limit on the length that is
984 returned. Also, to avoid massive store use which would result from using
985 string_cat() as it copies and extends strings, we do a preliminary pass to find
986 out exactly how much store will be needed. On "normal" messages this will be
990 name the name of the header, without the leading $header_ or $h_,
991 or NULL if a concatenation of all headers is required
992 exists_only TRUE if called from a def: test; don't need to build a string;
993 just return a string that is not "" and not "0" if the header
995 newsize return the size of memory block that was obtained; may be NULL
996 if exists_only is TRUE
997 want_raw TRUE if called for $rh_ or $rheader_ variables; no processing,
998 other than concatenating, will be done on the header
999 charset name of charset to translate MIME words to; used only if
1000 want_raw is false; if NULL, no translation is done (this is
1001 used for $bh_ and $bheader_)
1003 Returns: NULL if the header does not exist, else a pointer to a new
1008 find_header(uschar *name, BOOL exists_only, int *newsize, BOOL want_raw,
1011 BOOL found = name == NULL;
1013 int len = found? 0 : Ustrlen(name);
1015 uschar *yield = NULL;
1018 /* Loop for two passes - saves code repetition */
1020 for (i = 0; i < 2; i++)
1025 for (h = header_list; size < header_insert_maxlen && h != NULL; h = h->next)
1027 if (h->type != htype_old && h->text != NULL) /* NULL => Received: placeholder */
1029 if (name == NULL || (len <= h->slen && strncmpic(name, h->text, len) == 0))
1034 if (exists_only) return US"1"; /* don't need actual string */
1036 t = h->text + len; /* text to insert */
1037 if (!want_raw) /* unless wanted raw, */
1038 while (isspace(*t)) t++; /* remove leading white space */
1039 ilen = h->slen - (t - h->text); /* length to insert */
1041 /* Set comma = 1 if handling a single header and it's one of those
1042 that contains an address list, except when asked for raw headers. Only
1043 need to do this once. */
1045 if (!want_raw && name != NULL && comma == 0 &&
1046 Ustrchr("BCFRST", h->type) != NULL)
1049 /* First pass - compute total store needed; second pass - compute
1050 total store used, including this header. */
1052 size += ilen + comma;
1054 /* Second pass - concatentate the data, up to a maximum. Note that
1055 the loop stops when size hits the limit. */
1059 if (size > header_insert_maxlen)
1061 ilen -= size - header_insert_maxlen;
1064 Ustrncpy(ptr, t, ilen);
1066 if (comma != 0 && ilen > 0)
1076 /* At end of first pass, truncate size if necessary, and get the buffer
1077 to hold the data, returning the buffer size. */
1081 if (!found) return NULL;
1082 if (size > header_insert_maxlen) size = header_insert_maxlen;
1083 *newsize = size + 1;
1084 ptr = yield = store_get(*newsize);
1088 /* Remove a redundant added comma if present */
1090 if (comma != 0 && ptr > yield) ptr -= 2;
1092 /* That's all we do for raw header expansion. */
1099 /* Otherwise, we remove trailing whitespace, including newlines. Then we do RFC
1100 2047 decoding, translating the charset if requested. The rfc2047_decode2()
1101 function can return an error with decoded data if the charset translation
1102 fails. If decoding fails, it returns NULL. */
1106 uschar *decoded, *error;
1107 while (ptr > yield && isspace(ptr[-1])) ptr--;
1109 decoded = rfc2047_decode2(yield, TRUE, charset, '?', NULL, newsize, &error);
1112 DEBUG(D_any) debug_printf("*** error in RFC 2047 decoding: %s\n"
1113 " input was: %s\n", error, yield);
1115 if (decoded != NULL) yield = decoded;
1124 /*************************************************
1125 * Find value of a variable *
1126 *************************************************/
1128 /* The table of variables is kept in alphabetic order, so we can search it
1129 using a binary chop. The "choplen" variable is nothing to do with the binary
1133 name the name of the variable being sought
1134 exists_only TRUE if this is a def: test; passed on to find_header()
1135 skipping TRUE => skip any processing evaluation; this is not the same as
1136 exists_only because def: may test for values that are first
1138 newsize pointer to an int which is initially zero; if the answer is in
1139 a new memory buffer, *newsize is set to its size
1141 Returns: NULL if the variable does not exist, or
1142 a pointer to the variable's contents, or
1143 something non-NULL if exists_only is TRUE
1147 find_variable(uschar *name, BOOL exists_only, BOOL skipping, int *newsize)
1150 int last = var_table_size;
1152 while (last > first)
1156 int middle = (first + last)/2;
1157 int c = Ustrcmp(name, var_table[middle].name);
1159 if (c > 0) { first = middle + 1; continue; }
1160 if (c < 0) { last = middle; continue; }
1162 /* Found an existing variable. If in skipping state, the value isn't needed,
1163 and we want to avoid processing (such as looking up up the host name). */
1165 if (skipping) return US"";
1167 switch (var_table[middle].type)
1169 case vtype_filter_int:
1170 if (!filter_running) return NULL;
1174 sprintf(CS var_buffer, "%d", *(int *)(var_table[middle].value)); /* Integer */
1178 sprintf(CS var_buffer, "%ld", (long int)(*(ino_t *)(var_table[middle].value))); /* Inode */
1182 sprintf(CS var_buffer, "%ld", (long int)(*(gid_t *)(var_table[middle].value))); /* gid */
1186 sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
1189 case vtype_stringptr: /* Pointer to string */
1190 s = *((uschar **)(var_table[middle].value));
1191 return (s == NULL)? US"" : s;
1194 sprintf(CS var_buffer, "%d", (int)getpid()); /* pid */
1197 case vtype_load_avg:
1198 sprintf(CS var_buffer, "%d", os_getloadavg()); /* load_average */
1201 case vtype_host_lookup: /* Lookup if not done so */
1202 if (sender_host_name == NULL && sender_host_address != NULL &&
1203 !host_lookup_failed && host_name_lookup() == OK)
1204 host_build_sender_fullhost();
1205 return (sender_host_name == NULL)? US"" : sender_host_name;
1207 case vtype_localpart: /* Get local part from address */
1208 s = *((uschar **)(var_table[middle].value));
1209 if (s == NULL) return US"";
1210 domain = Ustrrchr(s, '@');
1211 if (domain == NULL) return s;
1212 if (domain - s > sizeof(var_buffer) - 1)
1213 log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
1214 "string expansion", sizeof(var_buffer));
1215 Ustrncpy(var_buffer, s, domain - s);
1216 var_buffer[domain - s] = 0;
1219 case vtype_domain: /* Get domain from address */
1220 s = *((uschar **)(var_table[middle].value));
1221 if (s == NULL) return US"";
1222 domain = Ustrrchr(s, '@');
1223 return (domain == NULL)? US"" : domain + 1;
1225 case vtype_msgheaders:
1226 return find_header(NULL, exists_only, newsize, FALSE, NULL);
1228 case vtype_msgbody: /* Pointer to msgbody string */
1229 case vtype_msgbody_end: /* Ditto, the end of the msg */
1230 ss = (uschar **)(var_table[middle].value);
1231 if (*ss == NULL && deliver_datafile >= 0) /* Read body when needed */
1234 int start_offset = SPOOL_DATA_START_OFFSET;
1235 int len = message_body_visible;
1236 if (len > message_size) len = message_size;
1237 *ss = body = store_malloc(len+1);
1239 if (var_table[middle].type == vtype_msgbody_end)
1241 struct stat statbuf;
1242 if (fstat(deliver_datafile, &statbuf) == 0)
1244 start_offset = statbuf.st_size - len;
1245 if (start_offset < SPOOL_DATA_START_OFFSET)
1246 start_offset = SPOOL_DATA_START_OFFSET;
1249 lseek(deliver_datafile, start_offset, SEEK_SET);
1250 len = read(deliver_datafile, body, len);
1256 if (body[--len] == '\n' || body[len] == 0) body[len] = ' ';
1260 return (*ss == NULL)? US"" : *ss;
1262 case vtype_todbsdin: /* BSD inbox time of day */
1263 return tod_stamp(tod_bsdin);
1265 case vtype_tode: /* Unix epoch time of day */
1266 return tod_stamp(tod_epoch);
1268 case vtype_todf: /* Full time of day */
1269 return tod_stamp(tod_full);
1271 case vtype_todl: /* Log format time of day */
1272 return tod_stamp(tod_log_bare); /* (without timezone) */
1274 case vtype_todzone: /* Time zone offset only */
1275 return tod_stamp(tod_zone);
1277 case vtype_todzulu: /* Zulu time */
1278 return tod_stamp(tod_zulu);
1280 case vtype_todlf: /* Log file datestamp tod */
1281 return tod_stamp(tod_log_datestamp);
1283 case vtype_reply: /* Get reply address */
1284 s = find_header(US"reply-to:", exists_only, newsize, FALSE,
1286 if (s == NULL || *s == 0)
1287 s = find_header(US"from:", exists_only, newsize, FALSE, headers_charset);
1288 return (s == NULL)? US"" : s;
1290 /* A recipients list is available only during system message filtering,
1291 during ACL processing after DATA, and while expanding pipe commands
1292 generated from a system filter, but not elsewhere. */
1294 case vtype_recipients:
1295 if (!enable_dollar_recipients) return NULL; else
1300 s = store_get(size);
1301 for (i = 0; i < recipients_count; i++)
1303 if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
1304 s = string_cat(s, &size, &ptr, recipients_list[i].address,
1305 Ustrlen(recipients_list[i].address));
1307 s[ptr] = 0; /* string_cat() leaves room */
1313 return NULL; /* Unknown variable name */
1319 /*************************************************
1320 * Read and expand substrings *
1321 *************************************************/
1323 /* This function is called to read and expand argument substrings for various
1324 expansion items. Some have a minimum requirement that is less than the maximum;
1325 in these cases, the first non-present one is set to NULL.
1328 sub points to vector of pointers to set
1329 n maximum number of substrings
1331 sptr points to current string pointer
1332 skipping the skipping flag
1333 check_end if TRUE, check for final '}'
1334 name name of item, for error message
1336 Returns: 0 OK; string pointer updated
1337 1 curly bracketing error (too few arguments)
1338 2 too many arguments (only if check_end is set); message set
1339 3 other error (expansion failure)
1343 read_subs(uschar **sub, int n, int m, uschar **sptr, BOOL skipping,
1344 BOOL check_end, uschar *name)
1349 while (isspace(*s)) s++;
1350 for (i = 0; i < n; i++)
1354 if (i < m) return 1;
1358 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
1359 if (sub[i] == NULL) return 3;
1360 if (*s++ != '}') return 1;
1361 while (isspace(*s)) s++;
1363 if (check_end && *s++ != '}')
1367 expand_string_message = string_sprintf("Too many arguments for \"%s\" "
1368 "(max is %d)", name, n);
1381 /*************************************************
1382 * Read and evaluate a condition *
1383 *************************************************/
1387 s points to the start of the condition text
1388 yield points to a BOOL to hold the result of the condition test;
1389 if NULL, we are just reading through a condition that is
1390 part of an "or" combination to check syntax, or in a state
1391 where the answer isn't required
1393 Returns: a pointer to the first character after the condition, or
1398 eval_condition(uschar *s, BOOL *yield)
1400 BOOL testfor = TRUE;
1401 BOOL tempcond, combined_cond;
1403 int i, rc, cond_type, roffset;
1405 struct stat statbuf;
1410 const uschar *rerror;
1414 while (isspace(*s)) s++;
1415 if (*s == '!') { testfor = !testfor; s++; } else break;
1418 /* Numeric comparisons are symbolic */
1420 if (*s == '=' || *s == '>' || *s == '<')
1432 /* All other conditions are named */
1434 else s = read_name(name, 256, s, US"_");
1436 /* If we haven't read a name, it means some non-alpha character is first. */
1440 expand_string_message = string_sprintf("condition name expected, "
1441 "but found \"%.16s\"", s);
1445 /* Find which condition we are dealing with, and switch on it */
1447 cond_type = chop_match(name, cond_table, sizeof(cond_table)/sizeof(uschar *));
1450 /* def: tests for a non-zero or non-NULL variable, or for an existing
1456 expand_string_message = US"\":\" expected after \"def\"";
1460 s = read_name(name, 256, s+1, US"_");
1462 /* Test for a header's existence */
1464 if (Ustrncmp(name, "h_", 2) == 0 ||
1465 Ustrncmp(name, "rh_", 3) == 0 ||
1466 Ustrncmp(name, "bh_", 3) == 0 ||
1467 Ustrncmp(name, "header_", 7) == 0 ||
1468 Ustrncmp(name, "rheader_", 8) == 0 ||
1469 Ustrncmp(name, "bheader_", 8) == 0)
1471 s = read_header_name(name, 256, s);
1472 if (yield != NULL) *yield =
1473 (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
1476 /* Test for a variable's having a non-empty value. If yield == NULL we
1477 are in a skipping state, and don't care about the answer. */
1481 uschar *value = find_variable(name, TRUE, yield == NULL, NULL);
1484 expand_string_message = (name[0] == 0)?
1485 string_sprintf("variable name omitted after \"def:\"") :
1486 string_sprintf("unknown variable \"%s\" after \"def:\"", name);
1490 *yield = (value[0] != 0 && Ustrcmp(value, "0") != 0) == testfor;
1496 /* first_delivery tests for first delivery attempt */
1498 case ECOND_FIRST_DELIVERY:
1499 if (yield != NULL) *yield = deliver_firsttime == testfor;
1503 /* queue_running tests for any process started by a queue runner */
1505 case ECOND_QUEUE_RUNNING:
1506 if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor;
1510 /* exists: tests for file existence
1511 isip: tests for any IP address
1512 isip4: tests for an IPv4 address
1513 isip6: tests for an IPv6 address
1514 pam: does PAM authentication
1515 radius: does RADIUS authentication
1516 ldapauth: does LDAP authentication
1517 pwcheck: does Cyrus SASL pwcheck authentication
1526 case ECOND_LDAPAUTH:
1529 while (isspace(*s)) s++;
1530 if (*s != '{') goto COND_FAILED_CURLY_START;
1532 sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1533 if (sub[0] == NULL) return NULL;
1534 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1536 if (yield == NULL) return s; /* No need to run the test if skipping */
1541 if ((expand_forbid & RDO_EXISTS) != 0)
1543 expand_string_message = US"File existence tests are not permitted";
1546 *yield = (Ustat(sub[0], &statbuf) == 0) == testfor;
1552 rc = string_is_ip_address(sub[0], NULL);
1553 *yield = ((cond_type == ECOND_ISIP)? (rc > 0) :
1554 (cond_type == ECOND_ISIP4)? (rc == 4) : (rc == 6)) == testfor;
1557 /* Various authentication tests - all optionally compiled */
1561 rc = auth_call_pam(sub[0], &expand_string_message);
1564 goto COND_FAILED_NOT_COMPILED;
1565 #endif /* SUPPORT_PAM */
1568 #ifdef RADIUS_CONFIG_FILE
1569 rc = auth_call_radius(sub[0], &expand_string_message);
1572 goto COND_FAILED_NOT_COMPILED;
1573 #endif /* RADIUS_CONFIG_FILE */
1575 case ECOND_LDAPAUTH:
1578 /* Just to keep the interface the same */
1580 int old_pool = store_pool;
1581 store_pool = POOL_SEARCH;
1582 rc = eldapauth_find((void *)(-1), NULL, sub[0], Ustrlen(sub[0]), NULL,
1583 &expand_string_message, &do_cache);
1584 store_pool = old_pool;
1588 goto COND_FAILED_NOT_COMPILED;
1589 #endif /* LOOKUP_LDAP */
1592 #ifdef CYRUS_PWCHECK_SOCKET
1593 rc = auth_call_pwcheck(sub[0], &expand_string_message);
1596 goto COND_FAILED_NOT_COMPILED;
1597 #endif /* CYRUS_PWCHECK_SOCKET */
1599 #if defined(SUPPORT_PAM) || defined(RADIUS_CONFIG_FILE) || \
1600 defined(LOOKUP_LDAP) || defined(CYRUS_PWCHECK_SOCKET)
1602 if (rc == ERROR || rc == DEFER) return NULL;
1603 *yield = (rc == OK) == testfor;
1609 /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
1611 ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
1613 However, the last two are optional. That is why the whole set is enclosed
1614 in their own set or braces. */
1616 case ECOND_SASLAUTHD:
1617 #ifndef CYRUS_SASLAUTHD_SOCKET
1618 goto COND_FAILED_NOT_COMPILED;
1620 while (isspace(*s)) s++;
1621 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1622 switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
1624 case 1: expand_string_message = US"too few arguments or bracketing "
1625 "error for saslauthd";
1627 case 3: return NULL;
1629 if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */
1633 rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3],
1634 &expand_string_message);
1635 if (rc == ERROR || rc == DEFER) return NULL;
1636 *yield = (rc == OK) == testfor;
1639 #endif /* CYRUS_SASLAUTHD_SOCKET */
1642 /* symbolic operators for numeric and string comparison, and a number of
1643 other operators, all requiring two arguments.
1645 match: does a regular expression match and sets up the numerical
1646 variables if it succeeds
1647 match_address: matches in an address list
1648 match_domain: matches in a domain list
1649 match_local_part: matches in a local part list
1650 crypteq: encrypts plaintext and compares against an encrypted text,
1651 using crypt(), crypt16(), MD5 or SHA-1
1655 case ECOND_MATCH_ADDRESS:
1656 case ECOND_MATCH_DOMAIN:
1657 case ECOND_MATCH_LOCAL_PART:
1660 case ECOND_NUM_L: /* Numerical comparisons */
1667 case ECOND_STR_LT: /* String comparisons */
1678 for (i = 0; i < 2; i++)
1680 while (isspace(*s)) s++;
1683 if (i == 0) goto COND_FAILED_CURLY_START;
1684 expand_string_message = string_sprintf("missing 2nd string in {} "
1685 "after \"%s\"", name);
1688 sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL);
1689 if (sub[i] == NULL) return NULL;
1690 if (*s++ != '}') goto COND_FAILED_CURLY_END;
1692 /* Convert to numerical if required; we know that the names of all the
1693 conditions that compare numbers do not start with a letter. This just saves
1694 checking for them individually. */
1696 if (!isalpha(name[0]))
1699 num[i] = (int)Ustrtol((const uschar *)sub[i], &endptr, 10);
1700 if (tolower(*endptr) == 'k')
1705 else if (tolower(*endptr) == 'm')
1707 num[i] *= 1024*1024;
1710 while (isspace(*endptr)) endptr++;
1713 expand_string_message = string_sprintf("\"%s\" is not a number",
1720 /* Result not required */
1722 if (yield == NULL) return s;
1724 /* Do an appropriate comparison */
1730 *yield = (num[0] == num[1]) == testfor;
1734 *yield = (num[0] > num[1]) == testfor;
1738 *yield = (num[0] >= num[1]) == testfor;
1742 *yield = (num[0] < num[1]) == testfor;
1746 *yield = (num[0] <= num[1]) == testfor;
1750 *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
1754 *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
1758 *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
1762 *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
1766 *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
1770 *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
1774 *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
1778 *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
1782 *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
1786 *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
1789 case ECOND_MATCH: /* Regular expression match */
1790 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
1794 expand_string_message = string_sprintf("regular expression error in "
1795 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
1798 *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
1801 case ECOND_MATCH_ADDRESS: /* Match in an address list */
1802 rc = match_address_list(sub[0], TRUE, FALSE, &(sub[1]), NULL, -1, 0, NULL);
1803 goto MATCHED_SOMETHING;
1805 case ECOND_MATCH_DOMAIN: /* Match in a domain list */
1806 rc = match_isinlist(sub[0], &(sub[1]), 0, &domainlist_anchor, NULL,
1807 MCL_DOMAIN + MCL_NOEXPAND, TRUE, NULL);
1808 goto MATCHED_SOMETHING;
1810 case ECOND_MATCH_LOCAL_PART:
1811 rc = match_isinlist(sub[0], &(sub[1]), 0, &localpartlist_anchor, NULL,
1812 MCL_LOCALPART + MCL_NOEXPAND, TRUE, NULL);
1827 expand_string_message = string_sprintf("unable to complete match "
1828 "against \"%s\": %s", sub[1], search_error_message);
1834 /* Various "encrypted" comparisons. If the second string starts with
1835 "{" then an encryption type is given. Default to crypt() or crypt16()
1836 (build-time choice). */
1839 #ifndef SUPPORT_CRYPTEQ
1840 goto COND_FAILED_NOT_COMPILED;
1842 if (strncmpic(sub[1], US"{md5}", 5) == 0)
1844 int sublen = Ustrlen(sub[1]+5);
1849 md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1851 /* If the length that we are comparing against is 24, the MD5 digest
1852 is expressed as a base64 string. This is the way LDAP does it. However,
1853 some other software uses a straightforward hex representation. We assume
1854 this if the length is 32. Other lengths fail. */
1858 uschar *coded = auth_b64encode((uschar *)digest, 16);
1859 DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
1860 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1861 *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
1863 else if (sublen == 32)
1867 for (i = 0; i < 16; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1869 DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
1870 " subject=%s\n crypted=%s\n", coded, sub[1]+5);
1871 *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
1875 DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
1876 "fail\n crypted=%s\n", sub[1]+5);
1881 else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
1883 int sublen = Ustrlen(sub[1]+6);
1888 sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
1890 /* If the length that we are comparing against is 28, assume the SHA1
1891 digest is expressed as a base64 string. If the length is 40, assume a
1892 straightforward hex representation. Other lengths fail. */
1896 uschar *coded = auth_b64encode((uschar *)digest, 20);
1897 DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
1898 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1899 *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
1901 else if (sublen == 40)
1905 for (i = 0; i < 20; i++) sprintf(CS (coded+2*i), "%02X", digest[i]);
1907 DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
1908 " subject=%s\n crypted=%s\n", coded, sub[1]+6);
1909 *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
1913 DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
1914 "fail\n crypted=%s\n", sub[1]+6);
1919 else /* {crypt} or {crypt16} and non-{ at start */
1924 if (strncmpic(sub[1], US"{crypt}", 7) == 0)
1929 else if (strncmpic(sub[1], US"{crypt16}", 9) == 0)
1934 else if (sub[1][0] == '{')
1936 expand_string_message = string_sprintf("unknown encryption mechanism "
1937 "in \"%s\"", sub[1]);
1943 case 0: coded = US DEFAULT_CRYPT(CS sub[0], CS sub[1]); break;
1944 case 1: coded = US crypt(CS sub[0], CS sub[1]); break;
1945 default: coded = US crypt16(CS sub[0], CS sub[1]); break;
1949 #define XSTR(s) STR(s)
1950 DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
1951 " subject=%s\n crypted=%s\n",
1952 (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
1957 /* If the encrypted string contains fewer than two characters (for the
1958 salt), force failure. Otherwise we get false positives: with an empty
1959 string the yield of crypt() is an empty string! */
1961 *yield = (Ustrlen(sub[1]) < 2)? !testfor :
1962 (Ustrcmp(coded, sub[1]) == 0) == testfor;
1965 #endif /* SUPPORT_CRYPTEQ */
1966 } /* Switch for comparison conditions */
1968 return s; /* End of comparison conditions */
1971 /* and/or: computes logical and/or of several conditions */
1975 subcondptr = (yield == NULL)? NULL : &tempcond;
1976 combined_cond = (cond_type == ECOND_AND);
1978 while (isspace(*s)) s++;
1979 if (*s++ != '{') goto COND_FAILED_CURLY_START;
1983 while (isspace(*s)) s++;
1984 if (*s == '}') break;
1987 expand_string_message = string_sprintf("each subcondition "
1988 "inside an \"%s{...}\" condition must be in its own {}", name);
1992 s = eval_condition(s+1, subcondptr);
1995 expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
1996 expand_string_message, name);
1999 while (isspace(*s)) s++;
2003 expand_string_message = string_sprintf("missing } at end of condition "
2004 "inside \"%s\" group", name);
2010 if (cond_type == ECOND_AND)
2012 combined_cond &= tempcond;
2013 if (!combined_cond) subcondptr = NULL; /* once false, don't */
2014 } /* evaluate any more */
2017 combined_cond |= tempcond;
2018 if (combined_cond) subcondptr = NULL; /* once true, don't */
2019 } /* evaluate any more */
2023 if (yield != NULL) *yield = (combined_cond == testfor);
2027 /* Unknown condition */
2030 expand_string_message = string_sprintf("unknown condition \"%s\"", name);
2032 } /* End switch on condition type */
2034 /* Missing braces at start and end of data */
2036 COND_FAILED_CURLY_START:
2037 expand_string_message = string_sprintf("missing { after \"%s\"", name);
2040 COND_FAILED_CURLY_END:
2041 expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
2045 /* A condition requires code that is not compiled */
2047 #if !defined(SUPPORT_PAM) || !defined(RADIUS_CONFIG_FILE) || \
2048 !defined(LOOKUP_LDAP) || !defined(CYRUS_PWCHECK_SOCKET) || \
2049 !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
2050 COND_FAILED_NOT_COMPILED:
2051 expand_string_message = string_sprintf("support for \"%s\" not compiled",
2060 /*************************************************
2061 * Save numerical variables *
2062 *************************************************/
2064 /* This function is called from items such as "if" that want to preserve and
2065 restore the numbered variables.
2068 save_expand_string points to an array of pointers to set
2069 save_expand_nlength points to an array of ints for the lengths
2071 Returns: the value of expand max to save
2075 save_expand_strings(uschar **save_expand_nstring, int *save_expand_nlength)
2078 for (i = 0; i <= expand_nmax; i++)
2080 save_expand_nstring[i] = expand_nstring[i];
2081 save_expand_nlength[i] = expand_nlength[i];
2088 /*************************************************
2089 * Restore numerical variables *
2090 *************************************************/
2092 /* This function restored saved values of numerical strings.
2095 save_expand_nmax the number of strings to restore
2096 save_expand_string points to an array of pointers
2097 save_expand_nlength points to an array of ints
2103 restore_expand_strings(int save_expand_nmax, uschar **save_expand_nstring,
2104 int *save_expand_nlength)
2107 expand_nmax = save_expand_nmax;
2108 for (i = 0; i <= expand_nmax; i++)
2110 expand_nstring[i] = save_expand_nstring[i];
2111 expand_nlength[i] = save_expand_nlength[i];
2119 /*************************************************
2120 * Handle yes/no substrings *
2121 *************************************************/
2123 /* This function is used by ${if}, ${lookup} and ${extract} to handle the
2124 alternative substrings that depend on whether or not the condition was true,
2125 or the lookup or extraction succeeded. The substrings always have to be
2126 expanded, to check their syntax, but "skipping" is set when the result is not
2127 needed - this avoids unnecessary nested lookups.
2130 skipping TRUE if we were skipping when this item was reached
2131 yes TRUE if the first string is to be used, else use the second
2132 save_lookup a value to put back into lookup_value before the 2nd expansion
2133 sptr points to the input string pointer
2134 yieldptr points to the output string pointer
2135 sizeptr points to the output string size
2136 ptrptr points to the output string pointer
2137 type "lookup" or "if" or "extract" or "run", for error message
2139 Returns: 0 OK; lookup_value has been reset to save_lookup
2141 2 expansion failed because of bracketing error
2145 process_yesno(BOOL skipping, BOOL yes, uschar *save_lookup, uschar **sptr,
2146 uschar **yieldptr, int *sizeptr, int *ptrptr, uschar *type)
2149 uschar *s = *sptr; /* Local value */
2150 uschar *sub1, *sub2;
2152 /* If there are no following strings, we substitute the contents of $value for
2153 lookups and for extractions in the success case. In the fail case, nothing is
2154 substituted. In the case of "if", lack of following strings is an error. */
2156 while (isspace(*s)) s++;
2159 if (type[0] == 'i') goto FAILED_CURLY;
2160 if (yes && lookup_value != NULL)
2161 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
2162 Ustrlen(lookup_value));
2163 lookup_value = save_lookup;
2168 /* Expand the first substring. Forced failures are noticed only if we actually
2169 want this string. Set skipping in the call in the fail case (this will always
2170 be the case if we were already skipping). */
2172 sub1 = expand_string_internal(s+1, TRUE, &s, !yes);
2173 if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
2174 expand_string_forcedfail = FALSE;
2175 if (*s++ != '}') goto FAILED_CURLY;
2177 /* If we want the first string, add it to the output */
2180 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
2182 /* If this is called from a lookup or an extract, we want to restore $value to
2183 what it was at the start of the item, so that it has this value during the
2184 second string expansion. For the call from "if" to this function, save_lookup
2185 is set to lookup_value, so that this statement does nothing. */
2187 lookup_value = save_lookup;
2189 /* There now follows either another substring, or "fail", or nothing. This
2190 time, forced failures are noticed only if we want the second string. We must
2191 set skipping in the nested call if we don't want this string, or if we were
2192 already skipping. */
2194 while (isspace(*s)) s++;
2197 sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping);
2198 if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
2199 expand_string_forcedfail = FALSE;
2200 if (*s++ != '}') goto FAILED_CURLY;
2202 /* If we want the second string, add it to the output */
2205 *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
2208 /* If there is no second string, but the word "fail" is present when the use of
2209 the second string is wanted, set a flag indicating it was a forced failure
2210 rather than a syntactic error. Swallow the terminating } in case this is nested
2211 inside another lookup or if or extract. */
2216 s = read_name(name, sizeof(name), s, US"_");
2217 if (Ustrcmp(name, "fail") == 0)
2219 if (!yes && !skipping)
2221 while (isspace(*s)) s++;
2222 if (*s++ != '}') goto FAILED_CURLY;
2223 expand_string_message =
2224 string_sprintf("\"%s\" failed and \"fail\" requested", type);
2225 expand_string_forcedfail = TRUE;
2231 expand_string_message =
2232 string_sprintf("syntax error in \"%s\" item - \"fail\" expected", type);
2237 /* All we have to do now is to check on the final closing brace. */
2239 while (isspace(*s)) s++;
2240 if (*s++ == '}') goto RETURN;
2242 /* Get here if there is a bracketing failure */
2247 /* Get here for other failures */
2252 /* Update the input pointer value before returning */
2264 /*************************************************
2265 * Handle MD5 or SHA-1 computation for HMAC *
2266 *************************************************/
2268 /* These are some wrapping functions that enable the HMAC code to be a bit
2269 cleaner. A good compiler will spot the tail recursion.
2272 type HMAC_MD5 or HMAC_SHA1
2273 remaining are as for the cryptographic hash functions
2279 chash_start(int type, void *base)
2281 if (type == HMAC_MD5)
2282 md5_start((md5 *)base);
2284 sha1_start((sha1 *)base);
2288 chash_mid(int type, void *base, uschar *string)
2290 if (type == HMAC_MD5)
2291 md5_mid((md5 *)base, string);
2293 sha1_mid((sha1 *)base, string);
2297 chash_end(int type, void *base, uschar *string, int length, uschar *digest)
2299 if (type == HMAC_MD5)
2300 md5_end((md5 *)base, string, length, digest);
2302 sha1_end((sha1 *)base, string, length, digest);
2309 /*************************************************
2310 * Join a file onto the output string *
2311 *************************************************/
2313 /* This is used for readfile and after a run expansion. It joins the contents
2314 of a file onto the output string, globally replacing newlines with a given
2315 string (optionally). The file is closed at the end.
2319 yield pointer to the expandable string
2320 sizep pointer to the current size
2321 ptrp pointer to the current position
2322 eol newline replacement string, or NULL
2324 Returns: new value of string pointer
2328 cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
2331 uschar buffer[1024];
2333 eollen = (eol == NULL)? 0 : Ustrlen(eol);
2335 while (Ufgets(buffer, sizeof(buffer), f) != NULL)
2337 int len = Ustrlen(buffer);
2338 if (eol != NULL && buffer[len-1] == '\n') len--;
2339 yield = string_cat(yield, sizep, ptrp, buffer, len);
2340 if (buffer[len] != 0)
2341 yield = string_cat(yield, sizep, ptrp, eol, eollen);
2344 if (yield != NULL) yield[*ptrp] = 0;
2352 /*************************************************
2353 * Evaluate numeric expression *
2354 *************************************************/
2356 /* This is a set of mutually recursive functions that evaluate a simple
2357 arithmetic expression involving only + - * / and parentheses. The only one that
2358 is called from elsewhere is eval_expr, whose interface is:
2361 sptr pointer to the pointer to the string - gets updated
2362 decimal TRUE if numbers are to be assumed decimal
2363 error pointer to where to put an error message - must be NULL on input
2364 endket TRUE if ')' must terminate - FALSE for external call
2367 Returns: on success: the value of the expression, with *error still NULL
2368 on failure: an undefined value, with *error = a message
2371 static int eval_sumterm(uschar **, BOOL, uschar **);
2374 eval_expr(uschar **sptr, BOOL decimal, uschar **error, BOOL endket)
2377 int x = eval_sumterm(&s, decimal, error);
2380 while (*s == '+' || *s == '-')
2383 int y = eval_sumterm(&s, decimal, error);
2384 if (*error != NULL) break;
2385 if (op == '+') x += y; else x -= y;
2392 *error = US"expecting closing parenthesis";
2394 while (isspace(*(++s)));
2396 else if (*s != 0) *error = US"expecting + or -";
2405 eval_term(uschar **sptr, BOOL decimal, uschar **error)
2410 while (isspace(*s)) s++;
2412 if (isdigit(c) || ((c == '-' || c == '+') && isdigit(s[1])))
2415 (void)sscanf(CS s, (decimal? "%d%n" : "%i%n"), &n, &count);
2417 if (tolower(*s) == 'k') { n *= 1024; s++; }
2418 else if (tolower(*s) == 'm') { n *= 1024*1024; s++; }
2419 while (isspace (*s)) s++;
2424 n = eval_expr(&s, decimal, error, 1);
2428 *error = US"expecting number or opening parenthesis";
2435 static int eval_sumterm(uschar **sptr, BOOL decimal, uschar **error)
2438 int x = eval_term(&s, decimal, error);
2441 while (*s == '*' || *s == '/')
2444 int y = eval_term(&s, decimal, error);
2445 if (*error != NULL) break;
2446 if (op == '*') x *= y; else x /= y;
2456 /*************************************************
2458 *************************************************/
2460 /* Returns either an unchanged string, or the expanded string in stacking pool
2461 store. Interpreted sequences are:
2463 \... normal escaping rules
2464 $name substitutes the variable
2466 ${op:string} operates on the expanded string value
2467 ${item{arg1}{arg2}...} expands the args and then does the business
2468 some literal args are not enclosed in {}
2470 There are now far too many operators and item types to make it worth listing
2471 them here in detail any more.
2473 We use an internal routine recursively to handle embedded substrings. The
2474 external function follows. The yield is NULL if the expansion failed, and there
2475 are two cases: if something collapsed syntactically, or if "fail" was given
2476 as the action on a lookup failure. These can be distinguised by looking at the
2477 variable expand_string_forcedfail, which is TRUE in the latter case.
2479 The skipping flag is set true when expanding a substring that isn't actually
2480 going to be used (after "if" or "lookup") and it prevents lookups from
2481 happening lower down.
2483 Store usage: At start, a store block of the length of the input plus 64
2484 is obtained. This is expanded as necessary by string_cat(), which might have to
2485 get a new block, or might be able to expand the original. At the end of the
2486 function we can release any store above that portion of the yield block that
2487 was actually used. In many cases this will be optimal.
2489 However: if the first item in the expansion is a variable name or header name,
2490 we reset the store before processing it; if the result is in fresh store, we
2491 use that without copying. This is helpful for expanding strings like
2492 $message_headers which can get very long.
2495 string the string to be expanded
2496 ket_ends true if expansion is to stop at }
2497 left if not NULL, a pointer to the first character after the
2498 expansion is placed here (typically used with ket_ends)
2499 skipping TRUE for recursive calls when the value isn't actually going
2500 to be used (to allow for optimisation)
2502 Returns: NULL if expansion fails:
2503 expand_string_forcedfail is set TRUE if failure was forced
2504 expand_string_message contains a textual error message
2505 a pointer to the expanded string on success
2509 expand_string_internal(uschar *string, BOOL ket_ends, uschar **left,
2513 int size = Ustrlen(string)+ 64;
2515 uschar *yield = store_get(size);
2517 uschar *save_expand_nstring[EXPAND_MAXN+1];
2518 int save_expand_nlength[EXPAND_MAXN+1];
2520 expand_string_forcedfail = FALSE;
2521 expand_string_message = US"";
2528 /* \ escapes the next character, which must exist, or else
2529 the expansion fails. There's a special escape, \N, which causes
2530 copying of the subject verbatim up to the next \N. Otherwise,
2531 the escapes are the standard set. */
2537 expand_string_message = US"\\ at end of string";
2544 for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
2545 yield = string_cat(yield, &size, &ptr, t, s - t);
2546 if (*s != 0) s += 2;
2552 ch[0] = string_interpret_escape(&s);
2554 yield = string_cat(yield, &size, &ptr, ch, 1);
2560 /* Anything other than $ is just copied verbatim, unless we are
2561 looking for a terminating } character. */
2563 if (ket_ends && *s == '}') break;
2567 yield = string_cat(yield, &size, &ptr, s++, 1);
2571 /* No { after the $ - must be a plain name or a number for string
2572 match variable. There has to be a fudge for variables that are the
2573 names of header fields preceded by "$header_" because header field
2574 names can contain any printing characters except space and colon.
2575 For those that don't like typing this much, "$h_" is a synonym for
2576 "$header_". A non-existent header yields a NULL value; nothing is
2579 if (isalpha((*(++s))))
2584 s = read_name(name, sizeof(name), s, US"_");
2586 /* If this is the first thing to be expanded, release the pre-allocated
2589 if (ptr == 0 && yield != NULL)
2598 if (Ustrncmp(name, "h_", 2) == 0 ||
2599 Ustrncmp(name, "rh_", 3) == 0 ||
2600 Ustrncmp(name, "bh_", 3) == 0 ||
2601 Ustrncmp(name, "header_", 7) == 0 ||
2602 Ustrncmp(name, "rheader_", 8) == 0 ||
2603 Ustrncmp(name, "bheader_", 8) == 0)
2605 BOOL want_raw = (name[0] == 'r')? TRUE : FALSE;
2606 uschar *charset = (name[0] == 'b')? NULL : headers_charset;
2607 s = read_header_name(name, sizeof(name), s);
2608 value = find_header(name, FALSE, &newsize, want_raw, charset);
2610 /* If we didn't find the header, and the header contains a closing brace
2611 characters, this may be a user error where the terminating colon
2612 has been omitted. Set a flag to adjust the error message in this case.
2613 But there is no error here - nothing gets inserted. */
2617 if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
2626 value = find_variable(name, FALSE, skipping, &newsize);
2629 expand_string_message =
2630 string_sprintf("unknown variable name \"%s\"", name);
2635 /* If the data is known to be in a new buffer, newsize will be set to the
2636 size of that buffer. If this is the first thing in an expansion string,
2637 yield will be NULL; just point it at the new store instead of copying. Many
2638 expansion strings contain just one reference, so this is a useful
2639 optimization, especially for humungous headers. */
2641 len = Ustrlen(value);
2642 if (yield == NULL && newsize != 0)
2648 else yield = string_cat(yield, &size, &ptr, value, len);
2656 s = read_number(&n, s);
2657 if (n >= 0 && n <= expand_nmax)
2658 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2663 /* Otherwise, if there's no '{' after $ it's an error. */
2667 expand_string_message = US"$ not followed by letter, digit, or {";
2671 /* After { there can be various things, but they all start with
2672 an initial word, except for a number for a string match variable. */
2674 if (isdigit((*(++s))))
2677 s = read_number(&n, s);
2680 expand_string_message = US"} expected after number";
2683 if (n >= 0 && n <= expand_nmax)
2684 yield = string_cat(yield, &size, &ptr, expand_nstring[n],
2691 expand_string_message = US"letter or digit expected after ${";
2695 /* Allow "-" in names to cater for substrings with negative
2696 arguments. Since we are checking for known names after { this is
2699 s = read_name(name, sizeof(name), s, US"_-");
2700 item_type = chop_match(name, item_table, sizeof(item_table)/sizeof(uschar *));
2704 /* Handle conditionals - preserve the values of the numerical expansion
2705 variables in case they get changed by a regular expression match in the
2706 condition. If not, they retain their external settings. At the end
2707 of this "if" section, they get restored to their previous values. */
2713 int save_expand_nmax =
2714 save_expand_strings(save_expand_nstring, save_expand_nlength);
2716 while (isspace(*s)) s++;
2717 next_s = eval_condition(s, skipping? NULL : &cond);
2718 if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
2721 debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
2722 cond? "true" : "false");
2726 /* The handling of "yes" and "no" result strings is now in a separate
2727 function that is also used by ${lookup} and ${extract} and ${run}. */
2729 switch(process_yesno(
2730 skipping, /* were previously skipping */
2731 cond, /* success/failure indicator */
2732 lookup_value, /* value to reset for string2 */
2733 &s, /* input pointer */
2734 &yield, /* output pointer */
2735 &size, /* output size */
2736 &ptr, /* output current point */
2737 US"if")) /* condition type */
2739 case 1: goto EXPAND_FAILED; /* when all is well, the */
2740 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2743 /* Restore external setting of expansion variables for continuation
2746 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2747 save_expand_nlength);
2751 /* Handle database lookups unless locked out. If "skipping" is TRUE, we are
2752 expanding an internal string that isn't actually going to be used. All we
2753 need to do is check the syntax, so don't do a lookup at all. Preserve the
2754 values of the numerical expansion variables in case they get changed by a
2755 partial lookup. If not, they retain their external settings. At the end
2756 of this "lookup" section, they get restored to their previous values. */
2760 int stype, partial, affixlen, starflags;
2761 int expand_setup = 0;
2763 uschar *key, *filename, *affix;
2764 uschar *save_lookup_value = lookup_value;
2765 int save_expand_nmax =
2766 save_expand_strings(save_expand_nstring, save_expand_nlength);
2768 if ((expand_forbid & RDO_LOOKUP) != 0)
2770 expand_string_message = US"lookup expansions are not permitted";
2774 /* Get the key we are to look up for single-key+file style lookups.
2775 Otherwise set the key NULL pro-tem. */
2777 while (isspace(*s)) s++;
2780 key = expand_string_internal(s+1, TRUE, &s, skipping);
2781 if (key == NULL) goto EXPAND_FAILED;
2782 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2783 while (isspace(*s)) s++;
2787 /* Find out the type of database */
2791 expand_string_message = US"missing lookup type";
2795 /* The type is a string that may contain special characters of various
2796 kinds. Allow everything except space or { to appear; the actual content
2797 is checked by search_findtype_partial. */
2799 while (*s != 0 && *s != '{' && !isspace(*s))
2801 if (nameptr < sizeof(name) - 1) name[nameptr++] = *s;
2805 while (isspace(*s)) s++;
2807 /* Now check for the individual search type and any partial or default
2808 options. Only those types that are actually in the binary are valid. */
2810 stype = search_findtype_partial(name, &partial, &affix, &affixlen,
2814 expand_string_message = search_error_message;
2818 /* Check that a key was provided for those lookup types that need it,
2819 and was not supplied for those that use the query style. */
2821 if (!mac_islookup(stype, lookup_querystyle))
2825 expand_string_message = string_sprintf("missing {key} for single-"
2826 "key \"%s\" lookup", name);
2834 expand_string_message = string_sprintf("a single key was given for "
2835 "lookup type \"%s\", which is not a single-key lookup type", name);
2840 /* Get the next string in brackets and expand it. It is the file name for
2841 single-key+file lookups, and the whole query otherwise. */
2843 if (*s != '{') goto EXPAND_FAILED_CURLY;
2844 filename = expand_string_internal(s+1, TRUE, &s, skipping);
2845 if (filename == NULL) goto EXPAND_FAILED;
2846 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
2847 while (isspace(*s)) s++;
2849 /* If this isn't a single-key+file lookup, re-arrange the variables
2850 to be appropriate for the search_ functions. */
2858 /* If skipping, don't do the next bit - just lookup_value == NULL, as if
2859 the entry was not found. Note that there is no search_close() function.
2860 Files are left open in case of re-use. At suitable places in higher logic,
2861 search_tidyup() is called to tidy all open files. This can save opening
2862 the same file several times. However, files may also get closed when
2863 others are opened, if too many are open at once. The rule is that a
2864 handle should not be used after a second search_open().
2866 Request that a partial search sets up $1 and maybe $2 by passing
2867 expand_setup containing zero. If its value changes, reset expand_nmax,
2868 since new variables will have been set. Note that at the end of this
2869 "lookup" section, the old numeric variables are restored. */
2872 lookup_value = NULL;
2875 void *handle = search_open(filename, stype, 0, NULL, NULL);
2878 expand_string_message = search_error_message;
2881 lookup_value = search_find(handle, filename, key, partial, affix,
2882 affixlen, starflags, &expand_setup);
2883 if (search_find_defer)
2885 expand_string_message =
2886 string_sprintf("lookup of \"%s\" gave DEFER: %s", key,
2887 search_error_message);
2890 if (expand_setup > 0) expand_nmax = expand_setup;
2893 /* The handling of "yes" and "no" result strings is now in a separate
2894 function that is also used by ${if} and ${extract}. */
2896 switch(process_yesno(
2897 skipping, /* were previously skipping */
2898 lookup_value != NULL, /* success/failure indicator */
2899 save_lookup_value, /* value to reset for string2 */
2900 &s, /* input pointer */
2901 &yield, /* output pointer */
2902 &size, /* output size */
2903 &ptr, /* output current point */
2904 US"lookup")) /* condition type */
2906 case 1: goto EXPAND_FAILED; /* when all is well, the */
2907 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
2910 /* Restore external setting of expansion variables for carrying on
2911 at this level, and continue. */
2913 restore_expand_strings(save_expand_nmax, save_expand_nstring,
2914 save_expand_nlength);
2918 /* If Perl support is configured, handle calling embedded perl subroutines,
2919 unless locked out at this time. Syntax is ${perl{sub}} or ${perl{sub}{arg}}
2920 or ${perl{sub}{arg1}{arg2}} or up to a maximum of EXIM_PERL_MAX_ARGS
2921 arguments (defined below). */
2924 #define EXIM_PERL_MAX_ARGS 8
2928 uschar *sub_arg[EXIM_PERL_MAX_ARGS + 2];
2931 if ((expand_forbid & RDO_PERL) != 0)
2933 expand_string_message = US"Perl calls are not permitted";
2937 switch(read_subs(sub_arg, EXIM_PERL_MAX_ARGS + 1, 1, &s, skipping, TRUE,
2940 case 1: goto EXPAND_FAILED_CURLY;
2942 case 3: goto EXPAND_FAILED;
2945 /* If skipping, we don't actually do anything */
2947 if (skipping) continue;
2949 /* Start the interpreter if necessary */
2951 if (!opt_perl_started)
2954 if (opt_perl_startup == NULL)
2956 expand_string_message = US"A setting of perl_startup is needed when "
2957 "using the Perl interpreter";
2960 DEBUG(D_any) debug_printf("Starting Perl interpreter\n");
2961 initerror = init_perl(opt_perl_startup);
2962 if (initerror != NULL)
2964 expand_string_message =
2965 string_sprintf("error in perl_startup code: %s\n", initerror);
2968 opt_perl_started = TRUE;
2971 /* Call the function */
2973 sub_arg[EXIM_PERL_MAX_ARGS + 1] = NULL;
2974 new_yield = call_perl_cat(yield, &size, &ptr, &expand_string_message,
2975 sub_arg[0], sub_arg + 1);
2977 /* NULL yield indicates failure; if the message pointer has been set to
2978 NULL, the yield was undef, indicating a forced failure. Otherwise the
2979 message will indicate some kind of Perl error. */
2981 if (new_yield == NULL)
2983 if (expand_string_message == NULL)
2985 expand_string_message =
2986 string_sprintf("Perl subroutine \"%s\" returned undef to force "
2987 "failure", sub_arg[0]);
2988 expand_string_forcedfail = TRUE;
2993 /* Yield succeeded. Ensure forcedfail is unset, just in case it got
2994 set during a callback from Perl. */
2996 expand_string_forcedfail = FALSE;
3000 #endif /* EXIM_PERL */
3002 /* Handle "readfile" to insert an entire file */
3004 case EITEM_READFILE:
3009 if ((expand_forbid & RDO_READFILE) != 0)
3011 expand_string_message = US"file insertions are not permitted";
3015 switch(read_subs(sub_arg, 2, 1, &s, skipping, TRUE, US"readfile"))
3017 case 1: goto EXPAND_FAILED_CURLY;
3019 case 3: goto EXPAND_FAILED;
3022 /* If skipping, we don't actually do anything */
3024 if (skipping) continue;
3026 /* Open the file and read it */
3028 f = Ufopen(sub_arg[0], "rb");
3031 expand_string_message = string_open_failed(errno, "%s", sub_arg[0]);
3035 yield = cat_file(f, yield, &size, &ptr, sub_arg[1]);
3040 /* Handle "readsocket" to insert data from a Unix domain socket */
3042 case EITEM_READSOCK:
3048 struct sockaddr_un sockun; /* don't call this "sun" ! */
3052 if ((expand_forbid & RDO_READSOCK) != 0)
3054 expand_string_message = US"socket insertions are not permitted";
3058 /* Read up to 4 arguments, but don't do the end of item check afterwards,
3059 because there may be a string for expansion on failure. */
3061 switch(read_subs(sub_arg, 4, 2, &s, skipping, FALSE, US"readsocket"))
3063 case 1: goto EXPAND_FAILED_CURLY;
3064 case 2: /* Won't occur: no end check */
3065 case 3: goto EXPAND_FAILED;
3068 /* Sort out timeout, if given */
3070 if (sub_arg[2] != NULL)
3072 timeout = readconf_readtime(sub_arg[2], 0, FALSE);
3075 expand_string_message = string_sprintf("bad time value %s",
3080 else sub_arg[3] = NULL; /* No eol if no timeout */
3082 /* If skipping, we don't actually do anything */
3086 /* Make a connection to the socket */
3088 if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
3090 expand_string_message = string_sprintf("failed to create socket: %s",
3095 sockun.sun_family = AF_UNIX;
3096 sprintf(sockun.sun_path, "%.*s", (int)(sizeof(sockun.sun_path)-1),
3098 if(connect(fd, (struct sockaddr *)(&sockun), sizeof(sockun)) == -1)
3100 expand_string_message = string_sprintf("failed to connect to socket "
3101 "%s: %s", sub_arg[0], strerror(errno));
3104 DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
3106 /* Write the request string, if not empty */
3108 if (sub_arg[1][0] != 0)
3110 int len = Ustrlen(sub_arg[1]);
3111 DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
3113 if (write(fd, sub_arg[1], len) != len)
3115 expand_string_message = string_sprintf("request write to socket "
3116 "failed: %s", strerror(errno));
3121 /* Now we need to read from the socket, under a timeout. The function
3122 that reads a file can be used. */
3124 f = fdopen(fd, "rb");
3125 sigalrm_seen = FALSE;
3127 yield = cat_file(f, yield, &size, &ptr, sub_arg[3]);
3131 /* After a timeout, we restore the pointer in the result, that is,
3132 make sure we add nothing from the socket. */
3137 expand_string_message = US"socket read timed out";
3142 /* The whole thing has worked (or we were skipping). If there is a
3143 failure string following, we need to skip it. */
3147 if (expand_string_internal(s+1, TRUE, &s, TRUE) == NULL)
3149 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3150 while (isspace(*s)) s++;
3152 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3155 /* Come here on failure to create socket, connect socket, write to the
3156 socket, or timeout on reading. If another substring follows, expand and
3157 use it. Otherwise, those conditions give expand errors. */
3160 if (*s != '{') goto EXPAND_FAILED;
3161 DEBUG(D_any) debug_printf("%s\n", expand_string_message);
3162 arg = expand_string_internal(s+1, TRUE, &s, FALSE);
3163 if (arg == NULL) goto EXPAND_FAILED;
3164 yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
3165 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3166 while (isspace(*s)) s++;
3167 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3171 /* Handle "run" to execute a program. */
3176 uschar *old_lookup_value = NULL;
3184 if ((expand_forbid & RDO_RUN) != 0)
3186 expand_string_message = US"running a command is not permitted";
3190 while (isspace(*s)) s++;
3191 if (*s != '{') goto EXPAND_FAILED_CURLY;
3192 arg = expand_string_internal(s+1, TRUE, &s, skipping);
3193 if (arg == NULL) goto EXPAND_FAILED;
3194 while (isspace(*s)) s++;
3195 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3197 if (skipping) /* Just pretend it worked when we're skipping */
3203 if (!transport_set_up_command(&argv, /* anchor for arg list */
3204 arg, /* raw command */
3205 FALSE, /* don't expand the arguments */
3206 0, /* not relevant when... */
3207 NULL, /* no transporting address */
3208 US"${run} expansion", /* for error messages */
3209 &expand_string_message)) /* where to put error message */
3214 /* Create the child process, making it a group leader. */
3216 pid = child_open(argv, NULL, 0077, &fd_in, &fd_out, TRUE);
3220 expand_string_message =
3221 string_sprintf("couldn't create child process: %s", strerror(errno));
3225 /* Nothing is written to the standard input. */
3229 /* Wait for the process to finish, applying the timeout, and inspect its
3230 return code for serious disasters. Simple non-zero returns are passed on.
3233 if ((runrc = child_close(pid, 60)) < 0)
3237 expand_string_message = string_sprintf("command timed out");
3238 killpg(pid, SIGKILL); /* Kill the whole process group */
3241 else if (runrc == -257)
3242 expand_string_message = string_sprintf("wait() failed: %s",
3246 expand_string_message = string_sprintf("command killed by signal %d",
3252 /* Read the pipe to get the command's output into $value (which is kept
3253 in lookup_value). */
3255 f = fdopen(fd_out, "rb");
3256 old_lookup_value = lookup_value;
3257 lookup_value = NULL;
3258 lookup_value = cat_file(f, lookup_value, &lsize, &lptr, NULL);
3262 /* Process the yes/no strings */
3264 switch(process_yesno(
3265 skipping, /* were previously skipping */
3266 runrc == 0, /* success/failure indicator */
3267 old_lookup_value, /* value to reset for string2 */
3268 &s, /* input pointer */
3269 &yield, /* output pointer */
3270 &size, /* output size */
3271 &ptr, /* output current point */
3272 US"run")) /* condition type */
3274 case 1: goto EXPAND_FAILED; /* when all is well, the */
3275 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3281 /* Handle character translation for "tr" */
3289 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"tr"))
3291 case 1: goto EXPAND_FAILED_CURLY;
3293 case 3: goto EXPAND_FAILED;
3296 yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
3297 o2m = Ustrlen(sub[2]) - 1;
3299 if (o2m >= 0) for (; oldptr < ptr; oldptr++)
3301 uschar *m = Ustrrchr(sub[1], yield[oldptr]);
3305 yield[oldptr] = sub[2][(o < o2m)? o : o2m];
3312 /* Handle "hash", "length", "nhash", and "substr" when they are given with
3313 expanded arguments. */
3323 int val[2] = { 0, -1 };
3326 /* "length" takes only 2 arguments whereas the others take 2 or 3.
3327 Ensure that sub[2] is set in the ${length case. */
3330 switch(read_subs(sub, (item_type == EITEM_LENGTH)? 2:3, 2, &s, skipping,
3333 case 1: goto EXPAND_FAILED_CURLY;
3335 case 3: goto EXPAND_FAILED;
3338 /* Juggle the arguments if there are only two of them: always move the
3339 string to the last position and make ${length{n}{str}} equivalent to
3340 ${substr{0}{n}{str}}. See the defaults for val[] above. */
3346 if (item_type == EITEM_LENGTH)
3353 for (i = 0; i < 2; i++)
3355 if (sub[i] == NULL) continue;
3356 val[i] = (int)Ustrtol(sub[i], &ret, 10);
3357 if (*ret != 0 || (i != 0 && val[i] < 0))
3359 expand_string_message = string_sprintf("\"%s\" is not a%s number "
3360 "(in \"%s\" expansion)", sub[i], (i != 0)? " positive" : "", name);
3366 (item_type == EITEM_HASH)?
3367 compute_hash(sub[2], val[0], val[1], &len) :
3368 (item_type == EITEM_NHASH)?
3369 compute_nhash(sub[2], val[0], val[1], &len) :
3370 extract_substr(sub[2], val[0], val[1], &len);
3372 if (ret == NULL) goto EXPAND_FAILED;
3373 yield = string_cat(yield, &size, &ptr, ret, len);
3377 /* Handle HMAC computation: ${hmac{<algorithm>}{<secret>}{<text>}}
3378 This code originally contributed by Steve Haslam. It currently supports
3379 the use of MD5 and SHA-1 hashes.
3381 We need some workspace that is large enough to handle all the supported
3382 hash types. Use macros to set the sizes rather than be too elaborate. */
3384 #define MAX_HASHLEN 20
3385 #define MAX_HASHBLOCKLEN 64
3394 int hashlen; /* Number of octets for the hash algorithm's output */
3395 int hashblocklen; /* Number of octets the hash algorithm processes */
3397 unsigned int keylen;
3399 uschar keyhash[MAX_HASHLEN];
3400 uschar innerhash[MAX_HASHLEN];
3401 uschar finalhash[MAX_HASHLEN];
3402 uschar finalhash_hex[2*MAX_HASHLEN];
3403 uschar innerkey[MAX_HASHBLOCKLEN];
3404 uschar outerkey[MAX_HASHBLOCKLEN];
3406 switch (read_subs(sub, 3, 3, &s, skipping, TRUE, name))
3408 case 1: goto EXPAND_FAILED_CURLY;
3410 case 3: goto EXPAND_FAILED;
3413 if (Ustrcmp(sub[0], "md5") == 0)
3416 use_base = &md5_base;
3420 else if (Ustrcmp(sub[0], "sha1") == 0)
3423 use_base = &sha1_base;
3429 expand_string_message =
3430 string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
3435 keylen = Ustrlen(keyptr);
3437 /* If the key is longer than the hash block length, then hash the key
3440 if (keylen > hashblocklen)
3442 chash_start(type, use_base);
3443 chash_end(type, use_base, keyptr, keylen, keyhash);
3448 /* Now make the inner and outer key values */
3450 memset(innerkey, 0x36, hashblocklen);
3451 memset(outerkey, 0x5c, hashblocklen);
3453 for (i = 0; i < keylen; i++)
3455 innerkey[i] ^= keyptr[i];
3456 outerkey[i] ^= keyptr[i];
3459 /* Now do the hashes */
3461 chash_start(type, use_base);
3462 chash_mid(type, use_base, innerkey);
3463 chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
3465 chash_start(type, use_base);
3466 chash_mid(type, use_base, outerkey);
3467 chash_end(type, use_base, innerhash, hashlen, finalhash);
3469 /* Encode the final hash as a hex string */
3472 for (i = 0; i < hashlen; i++)
3474 *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
3475 *p++ = hex_digits[finalhash[i] & 0x0f];
3478 DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
3479 (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
3481 yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
3486 /* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
3487 We have to save the numerical variables and restore them afterwards. */
3492 int moffset, moffsetextra, slen;
3495 const uschar *rerror;
3498 int save_expand_nmax =
3499 save_expand_strings(save_expand_nstring, save_expand_nlength);
3501 switch(read_subs(sub, 3, 3, &s, skipping, TRUE, US"sg"))
3503 case 1: goto EXPAND_FAILED_CURLY;
3505 case 3: goto EXPAND_FAILED;
3508 /* Compile the regular expression */
3510 re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset,
3515 expand_string_message = string_sprintf("regular expression error in "
3516 "\"%s\": %s at offset %d", sub[1], rerror, roffset);
3520 /* Now run a loop to do the substitutions as often as necessary. It ends
3521 when there are no more matches. Take care over matches of the null string;
3522 do the same thing as Perl does. */
3525 slen = Ustrlen(sub[0]);
3526 moffset = moffsetextra = 0;
3531 int ovector[3*(EXPAND_MAXN+1)];
3532 int n = pcre_exec(re, NULL, CS subject, slen, moffset + moffsetextra,
3533 PCRE_EOPT | emptyopt, ovector, sizeof(ovector)/sizeof(int));
3537 /* No match - if we previously set PCRE_NOTEMPTY after a null match, this
3538 is not necessarily the end. We want to repeat the match from one
3539 character further along, but leaving the basic offset the same (for
3540 copying below). We can't be at the end of the string - that was checked
3541 before setting PCRE_NOTEMPTY. If PCRE_NOTEMPTY is not set, we are
3542 finished; copy the remaining string and end the loop. */
3552 yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
3556 /* Match - set up for expanding the replacement. */
3558 if (n == 0) n = EXPAND_MAXN + 1;
3560 for (nn = 0; nn < n*2; nn += 2)
3562 expand_nstring[expand_nmax] = subject + ovector[nn];
3563 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
3567 /* Copy the characters before the match, plus the expanded insertion. */
3569 yield = string_cat(yield, &size, &ptr, subject + moffset,
3570 ovector[0] - moffset);
3571 insert = expand_string(sub[2]);
3572 if (insert == NULL) goto EXPAND_FAILED;
3573 yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
3575 moffset = ovector[1];
3579 /* If we have matched an empty string, first check to see if we are at
3580 the end of the subject. If so, the loop is over. Otherwise, mimic
3581 what Perl's /g options does. This turns out to be rather cunning. First
3582 we set PCRE_NOTEMPTY and PCRE_ANCHORED and try the match a non-empty
3583 string at the same point. If this fails (picked up above) we advance to
3584 the next character. */
3586 if (ovector[0] == ovector[1])
3588 if (ovector[0] == slen) break;
3589 emptyopt = PCRE_NOTEMPTY | PCRE_ANCHORED;
3593 /* All done - restore numerical variables. */
3595 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3596 save_expand_nlength);
3600 /* Handle keyed and numbered substring extraction. If the first argument
3601 consists entirely of digits, then a numerical extraction is assumed. */
3607 int field_number = 1;
3608 BOOL field_number_set = FALSE;
3609 uschar *save_lookup_value = lookup_value;
3611 int save_expand_nmax =
3612 save_expand_strings(save_expand_nstring, save_expand_nlength);
3614 /* Read the arguments */
3616 for (i = 0; i < j; i++)
3618 while (isspace(*s)) s++;
3621 sub[i] = expand_string_internal(s+1, TRUE, &s, skipping);
3622 if (sub[i] == NULL) goto EXPAND_FAILED;
3623 if (*s++ != '}') goto EXPAND_FAILED_CURLY;
3625 /* After removal of leading and trailing white space, the first
3626 argument must not be empty; if it consists entirely of digits
3627 (optionally preceded by a minus sign), this is a numerical
3628 extraction, and we expect 3 arguments. */
3636 while (isspace(*p)) p++;
3640 while (len > 0 && isspace(p[len-1])) len--;
3645 expand_string_message = US"first argument of \"expand\" must not "
3655 while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
3659 j = 3; /* Need 3 args */
3660 field_number_set = TRUE;
3664 else goto EXPAND_FAILED_CURLY;
3667 /* Extract either the numbered or the keyed substring into $value. If
3668 skipping, just pretend the extraction failed. */
3670 lookup_value = skipping? NULL : field_number_set?
3671 expand_gettokened(field_number, sub[1], sub[2]) :
3672 expand_getkeyed(sub[0], sub[1]);
3674 /* If no string follows, $value gets substituted; otherwise there can
3675 be yes/no strings, as for lookup or if. */
3677 switch(process_yesno(
3678 skipping, /* were previously skipping */
3679 lookup_value != NULL, /* success/failure indicator */
3680 save_lookup_value, /* value to reset for string2 */
3681 &s, /* input pointer */
3682 &yield, /* output pointer */
3683 &size, /* output size */
3684 &ptr, /* output current point */
3685 US"extract")) /* condition type */
3687 case 1: goto EXPAND_FAILED; /* when all is well, the */
3688 case 2: goto EXPAND_FAILED_CURLY; /* returned value is 0 */
3691 /* All done - restore numerical variables. */
3693 restore_expand_strings(save_expand_nmax, save_expand_nstring,
3694 save_expand_nlength);
3700 /* Control reaches here if the name is not recognized as one of the more
3701 complicated expansion items. Check for the "operator" syntax (name terminated
3702 by a colon). Some of the operators have arguments, separated by _ from the
3709 uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping);
3710 if (sub == NULL) goto EXPAND_FAILED;
3713 /* Owing to an historical mis-design, an underscore may be part of the
3714 operator name, or it may introduce arguments. We therefore first scan the
3715 table of names that contain underscores. If there is no match, we cut off
3716 the arguments and then scan the main table. */
3718 c = chop_match(name, op_table_underscore,
3719 sizeof(op_table_underscore)/sizeof(uschar *));
3723 arg = Ustrchr(name, '_');
3724 if (arg != NULL) *arg = 0;
3725 c = chop_match(name, op_table_main,
3726 sizeof(op_table_main)/sizeof(uschar *));
3727 if (c >= 0) c += sizeof(op_table_underscore)/sizeof(uschar *);
3728 if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
3731 /* If we are skipping, we don't need to perform the operation at all.
3732 This matters for operations like "mask", because the data may not be
3733 in the correct format when skipping. For example, the expression may test
3734 for the existence of $sender_host_address before trying to mask it. For
3735 other operations, doing them may not fail, but it is a waste of time. */
3737 if (skipping && c >= 0) continue;
3739 /* Otherwise, switch on the operator type */
3746 unsigned long int n = Ustrtoul(sub, &t, 10);
3749 expand_string_message = string_sprintf("argument for base62 "
3750 "operator is \"%s\", which is not a decimal number", sub);
3753 t = string_base62(n);
3754 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
3762 unsigned long int n = 0;
3765 uschar *t = Ustrchr(base62_chars, *tt++);
3768 expand_string_message = string_sprintf("argument for base62d "
3769 "operator is \"%s\", which is not a base 62 number", sub);
3772 n = n * 62 + (t - base62_chars);
3774 (void)sprintf(CS buf, "%ld", n);
3775 yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
3781 uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping);
3782 if (expanded == NULL)
3784 expand_string_message =
3785 string_sprintf("internal expansion of \"%s\" failed: %s", sub,
3786 expand_string_message);
3789 yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
3796 uschar *t = sub - 1;
3797 while (*(++t) != 0) { *t = tolower(*t); count++; }
3798 yield = string_cat(yield, &size, &ptr, sub, count);
3805 uschar *t = sub - 1;
3806 while (*(++t) != 0) { *t = toupper(*t); count++; }
3807 yield = string_cat(yield, &size, &ptr, sub, count);
3818 md5_end(&base, sub, Ustrlen(sub), digest);
3819 for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
3820 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
3831 sha1_end(&base, sub, Ustrlen(sub), digest);
3832 for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
3833 yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
3837 /* Convert hex encoding to base64 encoding */
3847 for (enc = sub; *enc != 0; enc++)
3849 if (!isxdigit(*enc))
3851 expand_string_message = string_sprintf("\"%s\" is not a hex "
3860 expand_string_message = string_sprintf("\"%s\" contains an odd "
3861 "number of characters", sub);
3865 while ((c = *in++) != 0)
3867 if (isdigit(c)) c -= '0';
3868 else c = toupper(c) - 'A' + 10;
3880 enc = auth_b64encode(sub, out - sub);
3881 yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
3885 /* mask applies a mask to an IP address; for example the result of
3886 ${mask:131.111.10.206/28} is 131.111.10.192/28. */
3893 int mask, maskoffset;
3894 int type = string_is_ip_address(sub, &maskoffset);
3899 expand_string_message = string_sprintf("\"%s\" is not an IP address",
3904 if (maskoffset == 0)
3906 expand_string_message = string_sprintf("missing mask value in \"%s\"",
3911 mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
3913 if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
3915 expand_string_message = string_sprintf("mask value too big in \"%s\"",
3920 /* Convert the address to binary integer(s) and apply the mask */
3922 sub[maskoffset] = 0;
3923 count = host_aton(sub, binary);
3924 host_mask(count, binary, mask);
3926 /* Convert to masked textual format and add to output. */
3928 yield = string_cat(yield, &size, &ptr, buffer,
3929 host_nmtoa(count, binary, mask, buffer));
3934 case EOP_LOCAL_PART:
3938 int start, end, domain;
3939 uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
3943 if (c != EOP_DOMAIN)
3945 if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
3946 yield = string_cat(yield, &size, &ptr, sub+start, end-start);
3948 else if (domain != 0)
3951 yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
3957 /* quote puts a string in quotes if it is empty or contains anything
3958 other than alphamerics, underscore, dot, or hyphen.
3960 quote_local_part puts a string in quotes if RFC 2821/2822 requires it to
3961 be quoted in order to be a valid local part.
3963 In both cases, newlines and carriage returns are converted into \n and \r
3967 case EOP_QUOTE_LOCAL_PART:
3970 BOOL needs_quote = (*sub == 0); /* TRUE for empty string */
3971 uschar *t = sub - 1;
3975 while (!needs_quote && *(++t) != 0)
3976 needs_quote = !isalnum(*t) && !strchr("_-.", *t);
3978 else /* EOP_QUOTE_LOCAL_PART */
3980 while (!needs_quote && *(++t) != 0)
3981 needs_quote = !isalnum(*t) &&
3982 strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
3983 (*t != '.' || t == sub || t[1] == 0);
3988 yield = string_cat(yield, &size, &ptr, US"\"", 1);
3993 yield = string_cat(yield, &size, &ptr, US"\\n", 2);
3994 else if (*t == '\r')
3995 yield = string_cat(yield, &size, &ptr, US"\\r", 2);
3998 if (*t == '\\' || *t == '"')
3999 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4000 yield = string_cat(yield, &size, &ptr, t, 1);
4003 yield = string_cat(yield, &size, &ptr, US"\"", 1);
4005 else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4009 /* quote_lookuptype does lookup-specific quoting */
4014 uschar *opt = Ustrchr(arg, '_');
4016 if (opt != NULL) *opt++ = 0;
4018 n = search_findtype(arg, Ustrlen(arg));
4021 expand_string_message = search_error_message;
4025 if (lookup_list[n].quote != NULL)
4026 sub = (lookup_list[n].quote)(sub, opt);
4027 else if (opt != NULL) sub = NULL;
4031 expand_string_message = string_sprintf(
4032 "\"%s\" unrecognized after \"${quote_%s\"",
4037 yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
4041 /* rx quote sticks in \ before any non-alphameric character so that
4042 the insertion works in a regular expression. */
4046 uschar *t = sub - 1;
4050 yield = string_cat(yield, &size, &ptr, US"\\", 1);
4051 yield = string_cat(yield, &size, &ptr, t, 1);
4056 /* RFC 2047 encodes, assuming headers_charset (default ISO 8859-1) as
4057 prescribed by the RFC, if there are characters that need to be encoded */
4061 uschar buffer[1024];
4062 uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
4063 buffer, sizeof(buffer));
4064 yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
4068 /* from_utf8 converts UTF-8 to 8859-1, turning non-existent chars into
4078 if (c > 255) c = '_';
4080 yield = string_cat(yield, &size, &ptr, buff, 1);
4085 /* escape turns all non-printing characters into escape sequences. */
4089 uschar *t = string_printing(sub);
4090 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4094 /* Handle numeric expression evaluation */
4099 uschar *save_sub = sub;
4100 uschar *error = NULL;
4101 int n = eval_expr(&sub, (c == EOP_EVAL10), &error, FALSE);
4104 expand_string_message = string_sprintf("error in expression "
4105 "evaluation: %s (after processing \"%.*s\")", error, sub-save_sub,
4109 sprintf(CS var_buffer, "%d", n);
4110 yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
4114 /* Handle time period formating */
4116 case EOP_TIME_INTERVAL:
4119 uschar *t = read_number(&n, sub);
4120 if (*t != 0) /* Not A Number*/
4122 expand_string_message = string_sprintf("string \"%s\" is not a "
4123 "positive number in \"%s\" operator", sub, name);
4126 t = readconf_printtime(n);
4127 yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
4131 /* Convert string to base64 encoding */
4135 uschar *encstr = auth_b64encode(sub, Ustrlen(sub));
4136 yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
4140 /* strlen returns the length of the string */
4145 (void)sprintf(CS buff, "%d", Ustrlen(sub));
4146 yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
4150 /* length_n or l_n takes just the first n characters or the whole string,
4151 whichever is the shorter;
4153 substr_m_n, and s_m_n take n characters from offset m; negative m take
4154 from the end; l_n is synonymous with s_0_n. If n is omitted in substr it
4155 takes the rest, either to the right or to the left.
4157 hash_n or h_n makes a hash of length n from the string, yielding n
4158 characters from the set a-z; hash_n_m makes a hash of length n, but
4159 uses m characters from the set a-zA-Z0-9.
4161 nhash_n returns a single number between 0 and n-1 (in text form), while
4162 nhash_n_m returns a div/mod hash as two numbers "a/b". The first lies
4163 between 0 and n-1 and the second between 0 and m-1. */
4183 expand_string_message = string_sprintf("missing values after %s",
4188 /* "length" has only one argument, effectively being synonymous with
4191 if (c == EOP_LENGTH || c == EOP_L)
4197 /* The others have one or two arguments; for "substr" the first may be
4198 negative. The second being negative means "not supplied". */
4203 if (name[0] == 's' && *arg == '-') { sign = -1; arg++; }
4206 /* Read up to two numbers, separated by underscores */
4211 if (arg != ret && *arg == '_' && pn == &value1)
4215 if (arg[1] != 0) arg++;
4217 else if (!isdigit(*arg))
4219 expand_string_message =
4220 string_sprintf("non-digit after underscore in \"%s\"", name);
4223 else *pn = (*pn)*10 + *arg++ - '0';
4227 /* Perform the required operation */
4230 (c == EOP_HASH || c == EOP_H)?
4231 compute_hash(sub, value1, value2, &len) :
4232 (c == EOP_NHASH || c == EOP_NH)?
4233 compute_nhash(sub, value1, value2, &len) :
4234 extract_substr(sub, value1, value2, &len);
4236 if (ret == NULL) goto EXPAND_FAILED;
4237 yield = string_cat(yield, &size, &ptr, ret, len);
4247 uschar **modetable[3];
4252 if (stat(CS sub, &st) < 0)
4254 expand_string_message = string_sprintf("stat(%s) failed: %s",
4255 sub, strerror(errno));
4259 switch (mode & S_IFMT)
4261 case S_IFIFO: smode[0] = 'p'; break;
4262 case S_IFCHR: smode[0] = 'c'; break;
4263 case S_IFDIR: smode[0] = 'd'; break;
4264 case S_IFBLK: smode[0] = 'b'; break;
4265 case S_IFREG: smode[0] = '-'; break;
4266 default: smode[0] = '?'; break;
4269 modetable[0] = ((mode & 01000) == 0)? mtable_normal : mtable_sticky;
4270 modetable[1] = ((mode & 02000) == 0)? mtable_normal : mtable_setid;
4271 modetable[2] = ((mode & 04000) == 0)? mtable_normal : mtable_setid;
4273 for (i = 0; i < 3; i++)
4275 memcpy(CS(smode + 7 - i*3), CS(modetable[i][mode & 7]), 3);
4280 s = string_sprintf("mode=%04lo smode=%s inode=%ld device=%ld links=%ld "
4281 "uid=%ld gid=%ld size=%ld atime=%ld mtime=%ld ctime=%ld",
4282 (long)(st.st_mode & 077777), smode, (long)st.st_ino,
4283 (long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
4284 (long)st.st_gid, (long)st.st_size, (long)st.st_atime,
4285 (long)st.st_mtime, (long)st.st_ctime);
4286 yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
4290 /* Unknown operator */
4293 expand_string_message =
4294 string_sprintf("unknown expansion operator \"%s\"", name);
4299 /* Handle a plain name. If this is the first thing in the expansion, release
4300 the pre-allocated buffer. If the result data is known to be in a new buffer,
4301 newsize will be set to the size of that buffer, and we can just point at that
4302 store instead of copying. Many expansion strings contain just one reference,
4303 so this is a useful optimization, especially for humungous headers
4304 ($message_headers). */
4316 value = find_variable(name, FALSE, skipping, &newsize);
4319 expand_string_message =
4320 string_sprintf("unknown variable in \"${%s}\"", name);
4323 len = Ustrlen(value);
4324 if (yield == NULL && newsize != 0)
4330 else yield = string_cat(yield, &size, &ptr, value, len);
4334 /* Else there's something wrong */
4336 expand_string_message =
4337 string_sprintf("\"${%s\" is not a known operator (or a } is missing "
4338 "in a variable reference)", name);
4342 /* If we hit the end of the string when ket_ends is set, there is a missing
4343 terminating brace. */
4345 if (ket_ends && *s == 0)
4347 expand_string_message = malformed_header?
4348 US"missing } at end of string - could be header name not terminated by colon"
4350 US"missing } at end of string";
4354 /* Expansion succeeded; yield may still be NULL here if nothing was actually
4355 added to the string. If so, set up an empty string. Add a terminating zero. If
4356 left != NULL, return a pointer to the terminator. */
4358 if (yield == NULL) yield = store_get(1);
4360 if (left != NULL) *left = s;
4362 /* Any stacking store that was used above the final string is no longer needed.
4363 In many cases the final string will be the first one that was got and so there
4364 will be optimal store usage. */
4366 store_reset(yield + ptr + 1);
4369 debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
4371 if (skipping) debug_printf("skipping: result is not used\n");
4375 /* This is the failure exit: easiest to program with a goto. We still need
4376 to update the pointer to the terminator, for cases of nested calls with "fail".
4379 EXPAND_FAILED_CURLY:
4380 expand_string_message = malformed_header?
4381 US"missing or misplaced { or } - could be header name not terminated by colon"
4383 US"missing or misplaced { or }";
4385 /* At one point, Exim reset the store to yield (if yield was not NULL), but
4386 that is a bad idea, because expand_string_message is in dynamic store. */
4389 if (left != NULL) *left = s;
4392 debug_printf("failed to expand: %s\n", string);
4393 debug_printf(" error message: %s\n", expand_string_message);
4394 if (expand_string_forcedfail) debug_printf("failure was forced\n");
4400 /* This is the external function call. Do a quick check for any expansion
4401 metacharacters, and if there are none, just return the input string.
4403 Argument: the string to be expanded
4404 Returns: the expanded string, or NULL if expansion failed; if failure was
4405 due to a lookup deferring, search_find_defer will be TRUE
4409 expand_string(uschar *string)
4411 search_find_defer = FALSE;
4412 malformed_header = FALSE;
4413 return (Ustrpbrk(string, "$\\") == NULL)? string :
4414 expand_string_internal(string, FALSE, NULL, FALSE);
4419 /*************************************************
4421 *************************************************/
4423 /* Now and again we want to expand a string and be sure that the result is in a
4424 new bit of store. This function does that.
4426 Argument: the string to be expanded
4427 Returns: the expanded string, always in a new bit of store, or NULL
4431 expand_string_copy(uschar *string)
4433 uschar *yield = expand_string(string);
4434 if (yield == string) yield = string_copy(string);
4440 /*************************************************
4441 * Expand and interpret as an integer *
4442 *************************************************/
4444 /* Expand a string, and convert the result into an integer.
4446 Argument: the string to be expanded
4448 Returns: the integer value, or
4449 -1 for an expansion error ) in both cases, message in
4450 -2 for an integer interpretation error ) expand_string_message
4455 expand_string_integer(uschar *string)
4458 uschar *s = expand_string(string);
4459 uschar *msg = US"invalid integer \"%s\"";
4462 if (s == NULL) return -1;
4464 /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno
4465 to ERANGE. When there isn't an overflow, errno is not changed, at least on some
4466 systems, so we set it zero ourselves. */
4469 value = strtol(CS s, CSS &endptr, 0);
4473 msg = US"integer expected but \"%s\" found";
4477 /* Ensure we can cast this down to an int */
4478 if (value > INT_MAX || value < INT_MIN) errno = ERANGE;
4480 if (errno != ERANGE)
4482 if (tolower(*endptr) == 'k')
4484 if (value > INT_MAX/1024 || value < INT_MIN/1024) errno = ERANGE;
4488 else if (tolower(*endptr) == 'm')
4490 if (value > INT_MAX/(1024*1024) || value < INT_MIN/(1024*1024))
4492 else value *= 1024*1024;
4496 if (errno == ERANGE)
4497 msg = US"absolute value of integer \"%s\" is too large (overflow)";
4500 while (isspace(*endptr)) endptr++;
4501 if (*endptr == 0) return (int)value;
4505 expand_string_message = string_sprintf(CS msg, s);
4511 /*************************************************
4512 **************************************************
4513 * Stand-alone test program *
4514 **************************************************
4515 *************************************************/
4521 regex_match_and_setup(const pcre *re, uschar *subject, int options, int setup)
4523 int ovector[3*(EXPAND_MAXN+1)];
4524 int n = pcre_exec(re, NULL, subject, Ustrlen(subject), 0, PCRE_EOPT|options,
4525 ovector, sizeof(ovector)/sizeof(int));
4526 BOOL yield = n >= 0;
4527 if (n == 0) n = EXPAND_MAXN + 1;
4531 expand_nmax = (setup < 0)? 0 : setup + 1;
4532 for (nn = (setup < 0)? 0 : 2; nn < n*2; nn += 2)
4534 expand_nstring[expand_nmax] = subject + ovector[nn];
4535 expand_nlength[expand_nmax++] = ovector[nn+1] - ovector[nn];
4543 int main(int argc, uschar **argv)
4546 uschar buffer[1024];
4548 debug_selector = D_v;
4549 debug_file = stderr;
4550 debug_fd = fileno(debug_file);
4551 big_buffer = malloc(big_buffer_size);
4553 for (i = 1; i < argc; i++)
4555 if (argv[i][0] == '+')
4557 debug_trace_memory = 2;
4560 if (isdigit(argv[i][0]))
4561 debug_selector = Ustrtol(argv[i], NULL, 0);
4563 if (Ustrspn(argv[i], "abcdefghijklmnopqrtsuvwxyz0123456789-.:/") ==
4567 eldap_default_servers = argv[i];
4570 mysql_servers = argv[i];
4573 pgsql_servers = argv[i];
4577 else opt_perl_startup = argv[i];
4581 printf("Testing string expansion: debug_level = %d\n\n", debug_level);
4583 expand_nstring[1] = US"string 1....";
4584 expand_nlength[1] = 8;
4588 if (opt_perl_startup != NULL)
4591 printf("Starting Perl interpreter\n");
4592 errstr = init_perl(opt_perl_startup);
4595 printf("** error in perl_startup code: %s\n", errstr);
4596 return EXIT_FAILURE;
4599 #endif /* EXIM_PERL */
4601 while (fgets(buffer, sizeof(buffer), stdin) != NULL)
4603 void *reset_point = store_get(0);
4604 uschar *yield = expand_string(buffer);
4607 printf("%s\n", yield);
4608 store_reset(reset_point);
4612 if (search_find_defer) printf("search_find deferred\n");
4613 printf("Failed: %s\n", expand_string_message);
4614 if (expand_string_forcedfail) printf("Forced failure\n");
4626 /* End of expand.c */