/* Recursively called function */
static uschar *expand_string_internal(uschar *, BOOL, uschar **, BOOL, BOOL, BOOL *);
+static int_eximarith_t expanded_string_integer(uschar *, BOOL);
#ifdef STAND_ALONE
#ifndef SUPPORT_CRYPTEQ
US"reduce",
US"run",
US"sg",
+ US"sort",
US"substr",
US"tr" };
EITEM_REDUCE,
EITEM_RUN,
EITEM_SG,
+ EITEM_SORT,
EITEM_SUBSTR,
EITEM_TR };
US"rxquote",
US"s",
US"sha1",
+ US"sha256",
US"stat",
US"str2b64",
US"strlen",
EOP_RXQUOTE,
EOP_S,
EOP_SHA1,
+ EOP_SHA256,
EOP_STAT,
EOP_STR2B64,
EOP_STRLEN,
};
-/* Type for main variable table */
-
-typedef struct {
- const char *name;
- int type;
- void *value;
-} var_entry;
-
-/* Type for entries pointing to address/length pairs. Not currently
-in use. */
-
-typedef struct {
- uschar **address;
- int *length;
-} alblock;
-
/* Types of table entry */
-enum {
+enum vtypes {
vtype_int, /* value is address of int */
vtype_filter_int, /* ditto, but recognized only when filtering */
vtype_ino, /* value is address of ino_t (not always an int) */
#ifndef DISABLE_DKIM
,vtype_dkim /* Lookup of value in DKIM signature */
#endif
- };
+};
+
+/* Type for main variable table */
+
+typedef struct {
+ const char *name;
+ enum vtypes type;
+ void *value;
+} var_entry;
+
+/* Type for entries pointing to address/length pairs. Not currently
+in use. */
+
+typedef struct {
+ uschar **address;
+ int *length;
+} alblock;
static uschar * fn_recipients(void);
{ "caller_uid", vtype_uid, &real_uid },
{ "compile_date", vtype_stringptr, &version_date },
{ "compile_number", vtype_stringptr, &version_cnumber },
+ { "config_dir", vtype_stringptr, &config_main_directory },
+ { "config_file", vtype_stringptr, &config_main_filename },
{ "csa_status", vtype_stringptr, &csa_status },
#ifdef EXPERIMENTAL_DCC
{ "dcc_header", vtype_stringptr, &dcc_header },
{ "dnslist_value", vtype_stringptr, &dnslist_value },
{ "domain", vtype_stringptr, &deliver_domain },
{ "domain_data", vtype_stringptr, &deliver_domain_data },
+#ifdef EXPERIMENTAL_EVENT
+ { "event_data", vtype_stringptr, &event_data },
+
+ /*XXX want to use generic vars for as many of these as possible*/
+ { "event_defer_errno", vtype_int, &event_defer_errno },
+
+ { "event_name", vtype_stringptr, &event_name },
+#endif
{ "exim_gid", vtype_gid, &exim_gid },
{ "exim_path", vtype_stringptr, &exim_path },
{ "exim_uid", vtype_uid, &exim_uid },
+ { "exim_version", vtype_stringptr, &version_string },
#ifdef WITH_OLD_DEMIME
{ "found_extension", vtype_stringptr, &found_extension },
#endif
{ "host_data", vtype_stringptr, &host_data },
{ "host_lookup_deferred",vtype_int, &host_lookup_deferred },
{ "host_lookup_failed", vtype_int, &host_lookup_failed },
+ { "host_port", vtype_int, &deliver_host_port },
{ "inode", vtype_ino, &deliver_inode },
{ "interface_address", vtype_stringptr, &interface_address },
{ "interface_port", vtype_int, &interface_port },
{ "tls_in_bits", vtype_int, &tls_in.bits },
{ "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
{ "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
+ { "tls_in_ocsp", vtype_int, &tls_in.ocsp },
{ "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
{ "tls_in_peercert", vtype_cert, &tls_in.peercert },
{ "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+#if defined(SUPPORT_TLS)
{ "tls_in_sni", vtype_stringptr, &tls_in.sni },
#endif
{ "tls_out_bits", vtype_int, &tls_out.bits },
{ "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
{ "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
+#ifdef EXPERIMENTAL_DANE
+ { "tls_out_dane", vtype_bool, &tls_out.dane_verified },
+#endif
+ { "tls_out_ocsp", vtype_int, &tls_out.ocsp },
{ "tls_out_ourcert", vtype_cert, &tls_out.ourcert },
{ "tls_out_peercert", vtype_cert, &tls_out.peercert },
{ "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+#if defined(SUPPORT_TLS)
{ "tls_out_sni", vtype_stringptr, &tls_out.sni },
#endif
+#ifdef EXPERIMENTAL_DANE
+ { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage },
+#endif
{ "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
-#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+#if defined(SUPPORT_TLS)
{ "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
#endif
{ "tod_logfile", vtype_todlf, NULL },
{ "tod_zone", vtype_todzone, NULL },
{ "tod_zulu", vtype_todzulu, NULL },
-#ifdef EXPERIMENTAL_TPDA
- { "tpda_defer_errno", vtype_int, &tpda_defer_errno },
- { "tpda_defer_errstr", vtype_stringptr, &tpda_defer_errstr },
- { "tpda_delivery_confirmation", vtype_stringptr, &tpda_delivery_confirmation },
- { "tpda_delivery_domain", vtype_stringptr, &tpda_delivery_domain },
- { "tpda_delivery_fqdn", vtype_stringptr, &tpda_delivery_fqdn },
- { "tpda_delivery_ip", vtype_stringptr, &tpda_delivery_ip },
- { "tpda_delivery_local_part",vtype_stringptr,&tpda_delivery_local_part },
- { "tpda_delivery_port", vtype_int, &tpda_delivery_port },
-#endif
{ "transport_name", vtype_stringptr, &transport_name },
{ "value", vtype_stringptr, &lookup_value },
+ { "verify_mode", vtype_stringptr, &verify_mode },
{ "version_number", vtype_stringptr, &version_string },
{ "warn_message_delay", vtype_stringptr, &warnmsg_delay },
{ "warn_message_recipient",vtype_stringptr, &warnmsg_recipients },
#ifdef HAVE_ARC4RANDOM
/* cryptographically strong randomness, common on *BSD platforms, not
so much elsewhere. Alas. */
+#ifndef NOT_HAVE_ARC4RANDOM_STIR
arc4random_stir();
+#endif
#elif defined(HAVE_SRANDOM) || defined(HAVE_SRANDOMDEV)
#ifdef HAVE_SRANDOMDEV
/* uses random(4) for seeding */
#endif
}
+
+return NULL; /* Unknown variable. Silences static checkers. */
}
eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
{
int i;
-uschar *tmp;
+uschar * tmp = NULL;
int sav_narg = acl_narg;
int ret;
extern int acl_where;
}
else
{
- num[i] = expand_string_integer(sub[i], FALSE);
+ num[i] = expanded_string_integer(sub[i], FALSE);
if (expand_string_message != NULL) return NULL;
}
}
uschar *save_iterate_item = iterate_item;
int (*compare)(const uschar *, const uschar *);
+ DEBUG(D_expand) debug_printf("condition: %s\n", name);
+
tempcond = FALSE;
if (cond_type == ECOND_INLISTI)
compare = strcmpic;
int sep = 0;
uschar *save_iterate_item = iterate_item;
+ DEBUG(D_expand) debug_printf("condition: %s\n", name);
+
while (isspace(*s)) s++;
if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok);
DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
+ /* Allow sequencing of test actions */
+ if (running_in_test_harness) millisleep(100);
+
/* Write the request string, if not empty */
if (sub_arg[1][0] != 0)
shutdown(fd, SHUT_WR);
#endif
+ if (running_in_test_harness) millisleep(100);
+
/* Now we need to read from the socket, under a timeout. The function
that reads a file can be used. */
while (len > 0 && isspace(p[len-1])) len--;
p[len] = 0;
- if (*p == 0 && !skipping)
- {
- expand_string_message = US"first argument of \"extract\" must "
- "not be empty";
- goto EXPAND_FAILED;
- }
+ if (!skipping)
+ {
+ if (*p == 0)
+ {
+ expand_string_message = US"first argument of \"extract\" must "
+ "not be empty";
+ goto EXPAND_FAILED;
+ }
- if (*p == '-')
- {
- field_number = -1;
- p++;
- }
- while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
- if (*p == 0)
- {
- field_number *= x;
- j = 3; /* Need 3 args */
- field_number_set = TRUE;
- }
+ if (*p == '-')
+ {
+ field_number = -1;
+ p++;
+ }
+ while (*p != 0 && isdigit(*p)) x = x * 10 + *p++ - '0';
+ if (*p == 0)
+ {
+ field_number *= x;
+ j = 3; /* Need 3 args */
+ field_number_set = TRUE;
+ }
+ }
}
}
else goto EXPAND_FAILED_CURLY;
#ifdef SUPPORT_TLS
case EITEM_CERTEXTRACT:
{
- int i;
- int field_number = 1;
uschar *save_lookup_value = lookup_value;
uschar *sub[2];
int save_expand_nmax =
/* strip spaces fore & aft */
{
int len;
- int x = 0;
uschar *p = sub[0];
while (isspace(*p)) p++;
continue;
}
+ case EITEM_SORT:
+ {
+ int sep = 0;
+ uschar *srclist, *cmp, *xtract;
+ uschar *srcitem;
+ uschar *dstlist = NULL;
+ uschar *dstkeylist = NULL;
+ uschar * tmp;
+ uschar *save_iterate_item = iterate_item;
+
+ while (isspace(*s)) s++;
+ if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+
+ srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
+ if (!srclist) goto EXPAND_FAILED;
+ if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+
+ while (isspace(*s)) s++;
+ if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+
+ cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok);
+ if (!cmp) goto EXPAND_FAILED;
+ if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+
+ while (isspace(*s)) s++;
+ if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+
+ xtract = s;
+ tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
+ if (!tmp) goto EXPAND_FAILED;
+ xtract = string_copyn(xtract, s - xtract);
+
+ if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ /*{*/
+ if (*s++ != '}')
+ { /*{*/
+ expand_string_message = US"missing } at end of \"sort\"";
+ goto EXPAND_FAILED;
+ }
+
+ if (skipping) continue;
+
+ while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0)))
+ {
+ uschar * dstitem;
+ uschar * newlist = NULL;
+ uschar * newkeylist = NULL;
+ uschar * srcfield;
+
+ DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, srcitem);
+
+ /* extract field for comparisons */
+ iterate_item = srcitem;
+ if ( !(srcfield = expand_string_internal(xtract, FALSE, NULL, FALSE,
+ TRUE, &resetok))
+ || !*srcfield)
+ {
+ expand_string_message = string_sprintf(
+ "field-extract in sort: \"%s\"", xtract);
+ goto EXPAND_FAILED;
+ }
+
+ /* Insertion sort */
+
+ /* copy output list until new-item < list-item */
+ while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
+ {
+ uschar * dstfield;
+ uschar * expr;
+ BOOL before;
+
+ /* field for comparison */
+ if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
+ goto sort_mismatch;
+
+ /* build and run condition string */
+ expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield);
+
+ DEBUG(D_expand) debug_printf("%s: cond = \"%s\"\n", name, expr);
+ if (!eval_condition(expr, &resetok, &before))
+ {
+ expand_string_message = string_sprintf("comparison in sort: %s",
+ expr);
+ goto EXPAND_FAILED;
+ }
+
+ if (before)
+ {
+ /* New-item sorts before this dst-item. Append new-item,
+ then dst-item, then remainder of dst list. */
+
+ newlist = string_append_listele(newlist, sep, srcitem);
+ newkeylist = string_append_listele(newkeylist, sep, srcfield);
+ srcitem = NULL;
+
+ newlist = string_append_listele(newlist, sep, dstitem);
+ newkeylist = string_append_listele(newkeylist, sep, dstfield);
+
+ while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
+ {
+ if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
+ goto sort_mismatch;
+ newlist = string_append_listele(newlist, sep, dstitem);
+ newkeylist = string_append_listele(newkeylist, sep, dstfield);
+ }
+
+ break;
+ }
+
+ newlist = string_append_listele(newlist, sep, dstitem);
+ newkeylist = string_append_listele(newkeylist, sep, dstfield);
+ }
+
+ /* If we ran out of dstlist without consuming srcitem, append it */
+ if (srcitem)
+ {
+ newlist = string_append_listele(newlist, sep, srcitem);
+ newkeylist = string_append_listele(newkeylist, sep, srcfield);
+ }
+
+ dstlist = newlist;
+ dstkeylist = newkeylist;
+
+ DEBUG(D_expand) debug_printf("%s: dstlist = \"%s\"\n", name, dstlist);
+ DEBUG(D_expand) debug_printf("%s: dstkeylist = \"%s\"\n", name, dstkeylist);
+ }
+
+ if (dstlist)
+ yield = string_cat(yield, &size, &ptr, dstlist, Ustrlen(dstlist));
+
+ /* Restore preserved $item */
+ iterate_item = save_iterate_item;
+ continue;
+
+ sort_mismatch:
+ expand_string_message = US"Internal error in sort (list mismatch)";
+ goto EXPAND_FAILED;
+ }
+
/* If ${dlfunc } support is configured, handle calling dynamically-loaded
functions, unless locked out at this time. Syntax is ${dlfunc{file}{func}}
{
int c;
uschar *arg = NULL;
- uschar *sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
- if (sub == NULL) goto EXPAND_FAILED;
- s++;
+ uschar *sub;
+ var_entry *vp = NULL;
/* Owing to an historical mis-design, an underscore may be part of the
operator name, or it may introduce arguments. We therefore first scan the
table of names that contain underscores. If there is no match, we cut off
the arguments and then scan the main table. */
- c = chop_match(name, op_table_underscore,
- sizeof(op_table_underscore)/sizeof(uschar *));
-
- if (c < 0)
+ if ((c = chop_match(name, op_table_underscore,
+ sizeof(op_table_underscore)/sizeof(uschar *))) < 0)
{
arg = Ustrchr(name, '_');
if (arg != NULL) *arg = 0;
if (arg != NULL) *arg++ = '_'; /* Put back for error messages */
}
+ /* Deal specially with operators that might take a certificate variable
+ as we do not want to do the usual expansion. For most, expand the string.*/
+ switch(c)
+ {
+#ifdef SUPPORT_TLS
+ case EOP_MD5:
+ case EOP_SHA1:
+ case EOP_SHA256:
+ if (s[1] == '$')
+ {
+ uschar * s1 = s;
+ sub = expand_string_internal(s+2, TRUE, &s1, skipping,
+ FALSE, &resetok);
+ if (!sub) goto EXPAND_FAILED; /*{*/
+ if (*s1 != '}') goto EXPAND_FAILED_CURLY;
+ if ((vp = find_var_ent(sub)) && vp->type == vtype_cert)
+ {
+ s = s1+1;
+ break;
+ }
+ vp = NULL;
+ }
+ /*FALLTHROUGH*/
+#endif
+ default:
+ sub = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
+ if (!sub) goto EXPAND_FAILED;
+ s++;
+ break;
+ }
+
/* If we are skipping, we don't need to perform the operation at all.
This matters for operations like "mask", because the data may not be
in the correct format when skipping. For example, the expression may test
}
case EOP_MD5:
- {
- md5 base;
- uschar digest[16];
- int j;
- char st[33];
- md5_start(&base);
- md5_end(&base, sub, Ustrlen(sub), digest);
- for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
- yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
+#ifdef SUPPORT_TLS
+ if (vp && *(void **)vp->value)
+ {
+ uschar * cp = tls_cert_fprt_md5(*(void **)vp->value);
+ yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
+ }
+ else
+#endif
+ {
+ md5 base;
+ uschar digest[16];
+ int j;
+ char st[33];
+ md5_start(&base);
+ md5_end(&base, sub, Ustrlen(sub), digest);
+ for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
+ yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
+ }
continue;
- }
case EOP_SHA1:
- {
- sha1 base;
- uschar digest[20];
- int j;
- char st[41];
- sha1_start(&base);
- sha1_end(&base, sub, Ustrlen(sub), digest);
- for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
- yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
+#ifdef SUPPORT_TLS
+ if (vp && *(void **)vp->value)
+ {
+ uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value);
+ yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
+ }
+ else
+#endif
+ {
+ sha1 base;
+ uschar digest[20];
+ int j;
+ char st[41];
+ sha1_start(&base);
+ sha1_end(&base, sub, Ustrlen(sub), digest);
+ for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
+ yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
+ }
+ continue;
+
+ case EOP_SHA256:
+#ifdef SUPPORT_TLS
+ if (vp && *(void **)vp->value)
+ {
+ uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
+ yield = string_cat(yield, &size, &ptr, cp, (int)Ustrlen(cp));
+ }
+ else
+#endif
+ expand_string_message = US"sha256 only supported for certificates";
continue;
- }
/* Convert hex encoding to base64 encoding */
case EOP_UTF8CLEAN:
{
- int seq_len, index = 0;
- int bytes_left = 0;
+ int seq_len = 0, index = 0;
+ int bytes_left = 0;
+ long codepoint = -1;
uschar seq_buff[4]; /* accumulate utf-8 here */
while (*sub != 0)
{
- int complete;
- long codepoint;
- uschar c;
+ int complete = 0;
+ uschar c = *sub++;
- complete = 0;
- c = *sub++;
- if(bytes_left)
+ if (bytes_left)
{
if ((c & 0xc0) != 0x80)
{
if (--bytes_left == 0) /* codepoint complete */
{
if(codepoint > 0x10FFFF) /* is it too large? */
- complete = -1; /* error */
+ complete = -1; /* error (RFC3629 limit) */
else
{ /* finished; output utf-8 sequence */
yield = string_cat(yield, &size, &ptr, seq_buff, seq_len);
int_eximarith_t max;
uschar *s;
- max = expand_string_integer(sub, TRUE);
+ max = expanded_string_integer(sub, TRUE);
if (expand_string_message != NULL)
goto EXPAND_FAILED;
s = string_sprintf("%d", vaguely_random_number((int)max));
int_eximarith_t
expand_string_integer(uschar *string, BOOL isplus)
{
+return expanded_string_integer(expand_string(string), isplus);
+}
+
+
+/*************************************************
+ * Interpret string as an integer *
+ *************************************************/
+
+/* Convert a string (that has already been expanded) into an integer.
+
+This function is used inside the expansion code.
+
+Arguments:
+ s the string to be expanded
+ isplus TRUE if a non-negative number is expected
+
+Returns: the integer value, or
+ -1 if string is NULL (which implies an expansion error)
+ -2 for an integer interpretation error
+ expand_string_message is set NULL for an OK integer
+*/
+
+static int_eximarith_t
+expanded_string_integer(uschar *s, BOOL isplus)
+{
int_eximarith_t value;
-uschar *s = expand_string(string);
uschar *msg = US"invalid integer \"%s\"";
uschar *endptr;
}
+/* These values are usually fixed boolean values, but they are permitted to be
+expanded strings.
+
+Arguments:
+ addr address being routed
+ mtype the module type
+ mname the module name
+ dbg_opt debug selectors
+ oname the option name
+ bvalue the router's boolean value
+ svalue the router's string value
+ rvalue where to put the returned value
+
+Returns: OK value placed in rvalue
+ DEFER expansion failed
+*/
+
+int
+exp_bool(address_item *addr,
+ uschar *mtype, uschar *mname, unsigned dbg_opt,
+ uschar *oname, BOOL bvalue,
+ uschar *svalue, BOOL *rvalue)
+{
+uschar *expanded;
+if (svalue == NULL) { *rvalue = bvalue; return OK; }
+
+expanded = expand_string(svalue);
+if (expanded == NULL)
+ {
+ if (expand_string_forcedfail)
+ {
+ DEBUG(dbg_opt) debug_printf("expansion of \"%s\" forced failure\n", oname);
+ *rvalue = bvalue;
+ return OK;
+ }
+ addr->message = string_sprintf("failed to expand \"%s\" in %s %s: %s",
+ oname, mname, mtype, expand_string_message);
+ DEBUG(dbg_opt) debug_printf("%s\n", addr->message);
+ return DEFER;
+ }
+
+DEBUG(dbg_opt) debug_printf("expansion of \"%s\" yields \"%s\"\n", oname,
+ expanded);
+
+if (strcmpic(expanded, US"true") == 0 || strcmpic(expanded, US"yes") == 0)
+ *rvalue = TRUE;
+else if (strcmpic(expanded, US"false") == 0 || strcmpic(expanded, US"no") == 0)
+ *rvalue = FALSE;
+else
+ {
+ addr->message = string_sprintf("\"%s\" is not a valid value for the "
+ "\"%s\" option in the %s %s", expanded, oname, mname, mtype);
+ return DEFER;
+ }
+
+return OK;
+}
+
+
+
+
/*************************************************
**************************************************
* Stand-alone test program *
git://git.exim.org / exim.git / blobdiff