alphabetical order. */
static uschar *item_table[] = {
+ US"acl",
US"dlfunc",
US"extract",
US"filter",
US"tr" };
enum {
+ EITEM_ACL,
EITEM_DLFUNC,
EITEM_EXTRACT,
EITEM_FILTER,
US"h",
US"hash",
US"hex2b64",
+ US"hexquote",
US"l",
US"lc",
US"length",
+ US"listcount",
+ US"listnamed",
US"mask",
US"md5",
US"nh",
EOP_H,
EOP_HASH,
EOP_HEX2B64,
+ EOP_HEXQUOTE,
EOP_L,
EOP_LC,
EOP_LENGTH,
+ EOP_LISTCOUNT,
+ EOP_LISTNAMED,
EOP_MASK,
EOP_MD5,
EOP_NH,
US"==", /* Backward compatibility */
US">",
US">=",
+ US"acl",
US"and",
US"bool",
US"bool_lax",
ECOND_NUM_EE,
ECOND_NUM_G,
ECOND_NUM_GE,
+ ECOND_ACL,
ECOND_AND,
ECOND_BOOL,
ECOND_BOOL_LAX,
vtype_ino, /* value is address of ino_t (not always an int) */
vtype_uid, /* value is address of uid_t (not always an int) */
vtype_gid, /* value is address of gid_t (not always an int) */
+ vtype_bool, /* value is address of bool */
vtype_stringptr, /* value is address of pointer to string */
vtype_msgbody, /* as stringptr, but read when first required */
vtype_msgbody_end, /* ditto, the end of the message */
vtype_msgheaders_raw, /* the message's headers, unprocessed */
vtype_localpart, /* extract local part from string */
vtype_domain, /* extract domain from string */
- vtype_recipients, /* extract recipients from recipients list */
- /* (available only in system filters, ACLs, and */
- /* local_scan()) */
+ vtype_string_func, /* value is string returned by given function */
vtype_todbsdin, /* value not used; generate BSD inbox tod */
vtype_tode, /* value not used; generate tod in epoch format */
+ vtype_todel, /* value not used; generate tod in epoch/usec format */
vtype_todf, /* value not used; generate full tod */
vtype_todl, /* value not used; generate log tod */
vtype_todlf, /* value not used; generate log file datestamp tod */
#endif
};
+static uschar * fn_recipients(void);
+
/* This table must be kept in alphabetical order. */
static var_entry var_table[] = {
/* WARNING: Do not invent variables whose names start acl_c or acl_m because
they will be confused with user-creatable ACL variables. */
+ { "acl_arg1", vtype_stringptr, &acl_arg[0] },
+ { "acl_arg2", vtype_stringptr, &acl_arg[1] },
+ { "acl_arg3", vtype_stringptr, &acl_arg[2] },
+ { "acl_arg4", vtype_stringptr, &acl_arg[3] },
+ { "acl_arg5", vtype_stringptr, &acl_arg[4] },
+ { "acl_arg6", vtype_stringptr, &acl_arg[5] },
+ { "acl_arg7", vtype_stringptr, &acl_arg[6] },
+ { "acl_arg8", vtype_stringptr, &acl_arg[7] },
+ { "acl_arg9", vtype_stringptr, &acl_arg[8] },
+ { "acl_narg", vtype_int, &acl_narg },
{ "acl_verify_message", vtype_stringptr, &acl_verify_message },
{ "address_data", vtype_stringptr, &deliver_address_data },
{ "address_file", vtype_stringptr, &address_file },
{ "address_pipe", vtype_stringptr, &address_pipe },
+ { "authenticated_fail_id",vtype_stringptr, &authenticated_fail_id },
{ "authenticated_id", vtype_stringptr, &authenticated_id },
{ "authenticated_sender",vtype_stringptr, &authenticated_sender },
{ "authentication_failed",vtype_int, &authentication_failed },
{ "dkim_signers", vtype_stringptr, &dkim_signers },
{ "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
{ "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
+#endif
+#ifdef EXPERIMENTAL_DMARC
+ { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
+ { "dmarc_status", vtype_stringptr, &dmarc_status },
+ { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
+ { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
#endif
{ "dnslist_domain", vtype_stringptr, &dnslist_domain },
{ "dnslist_matched", vtype_stringptr, &dnslist_matched },
#ifdef WITH_OLD_DEMIME
{ "found_extension", vtype_stringptr, &found_extension },
#endif
+ { "headers_added", vtype_string_func, &fn_hdrs_added },
{ "home", vtype_stringptr, &deliver_home },
{ "host", vtype_stringptr, &deliver_host },
{ "host_address", vtype_stringptr, &deliver_host_address },
{ "received_time", vtype_int, &received_time },
{ "recipient_data", vtype_stringptr, &recipient_data },
{ "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
- { "recipients", vtype_recipients, NULL },
+ { "recipients", vtype_string_func, &fn_recipients },
{ "recipients_count", vtype_int, &recipients_count },
#ifdef WITH_CONTENT_SCAN
{ "regex_match_string", vtype_stringptr, ®ex_match_string },
{ "reply_address", vtype_reply, NULL },
{ "return_path", vtype_stringptr, &return_path },
{ "return_size_limit", vtype_int, &bounce_return_size_limit },
+ { "router_name", vtype_stringptr, &router_name },
{ "runrc", vtype_int, &runrc },
{ "self_hostname", vtype_stringptr, &self_hostname },
{ "sender_address", vtype_stringptr, &sender_address },
{ "sender_helo_name", vtype_stringptr, &sender_helo_name },
{ "sender_host_address", vtype_stringptr, &sender_host_address },
{ "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
+ { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
{ "sender_host_name", vtype_host_lookup, NULL },
{ "sender_host_port", vtype_int, &sender_host_port },
{ "sender_ident", vtype_stringptr, &sender_ident },
{ "srs_status", vtype_stringptr, &srs_status },
#endif
{ "thisaddress", vtype_stringptr, &filter_thisaddress },
- { "tls_bits", vtype_int, &tls_bits },
- { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
- { "tls_cipher", vtype_stringptr, &tls_cipher },
- { "tls_peerdn", vtype_stringptr, &tls_peerdn },
-#ifdef SUPPORT_TLS
- { "tls_sni", vtype_stringptr, &tls_sni },
+
+ /* The non-(in,out) variables are now deprecated */
+ { "tls_bits", vtype_int, &tls_in.bits },
+ { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
+ { "tls_cipher", vtype_stringptr, &tls_in.cipher },
+
+ { "tls_in_bits", vtype_int, &tls_in.bits },
+ { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
+ { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
+ { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+ { "tls_in_sni", vtype_stringptr, &tls_in.sni },
#endif
+ { "tls_out_bits", vtype_int, &tls_out.bits },
+ { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
+ { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
+ { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+ { "tls_out_sni", vtype_stringptr, &tls_out.sni },
+#endif
+
+ { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+ { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
+#endif
+
{ "tod_bsdinbox", vtype_todbsdin, NULL },
{ "tod_epoch", vtype_tode, NULL },
+ { "tod_epoch_l", vtype_todel, NULL },
{ "tod_full", vtype_todf, NULL },
{ "tod_log", vtype_todl, NULL },
{ "tod_logfile", vtype_todlf, NULL },
{ "tod_zone", vtype_todzone, NULL },
{ "tod_zulu", vtype_todzulu, NULL },
+#ifdef EXPERIMENTAL_TPDA
+ { "tpda_defer_errno", vtype_int, &tpda_defer_errno },
+ { "tpda_defer_errstr", vtype_stringptr, &tpda_defer_errstr },
+ { "tpda_delivery_confirmation", vtype_stringptr, &tpda_delivery_confirmation },
+ { "tpda_delivery_domain", vtype_stringptr, &tpda_delivery_domain },
+ { "tpda_delivery_fqdn", vtype_stringptr, &tpda_delivery_fqdn },
+ { "tpda_delivery_ip", vtype_stringptr, &tpda_delivery_ip },
+ { "tpda_delivery_local_part",vtype_stringptr,&tpda_delivery_local_part },
+ { "tpda_delivery_port", vtype_int, &tpda_delivery_port },
+#endif
+ { "transport_name", vtype_stringptr, &transport_name },
{ "value", vtype_stringptr, &lookup_value },
{ "version_number", vtype_stringptr, &version_string },
{ "warn_message_delay", vtype_stringptr, &warnmsg_delay },
/* This function is called to expand a string, and test the result for a "true"
or "false" value. Failure of the expansion yields FALSE; logged unless it was a
-forced fail or lookup defer. All store used by the function can be released on
-exit.
+forced fail or lookup defer.
+
+We used to release all store used, but this is not not safe due
+to ${dlfunc } and ${acl }. In any case expand_string_internal()
+is reasonably careful to release what it can.
The actual false-value tests should be replicated for ECOND_BOOL_LAX.
expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
{
int rc;
-void *reset_point = store_get(0);
uschar *ss = expand_string(condition);
if (ss == NULL)
{
}
rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
strcmpic(ss, US"false") != 0;
-store_reset(reset_point);
return rc;
}
+/*************************************************
+* Return list of recipients *
+*************************************************/
+/* A recipients list is available only during system message filtering,
+during ACL processing after DATA, and while expanding pipe commands
+generated from a system filter, but not elsewhere. */
+
+static uschar *
+fn_recipients(void)
+{
+if (!enable_dollar_recipients) return NULL; else
+ {
+ int size = 128;
+ int ptr = 0;
+ int i;
+ uschar * s = store_get(size);
+ for (i = 0; i < recipients_count; i++)
+ {
+ if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
+ s = string_cat(s, &size, &ptr, recipients_list[i].address,
+ Ustrlen(recipients_list[i].address));
+ }
+ s[ptr] = 0; /* string_cat() leaves room */
+ return s;
+ }
+}
+
+
/*************************************************
* Find value of a variable *
*************************************************/
sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
return var_buffer;
+ case vtype_bool:
+ sprintf(CS var_buffer, "%s", *(BOOL *)(var_table[middle].value) ? "yes" : "no"); /* bool */
+ return var_buffer;
+
case vtype_stringptr: /* Pointer to string */
s = *((uschar **)(var_table[middle].value));
return (s == NULL)? US"" : s;
domain = Ustrrchr(s, '@');
if (domain == NULL) return s;
if (domain - s > sizeof(var_buffer) - 1)
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than %d in "
- "string expansion", sizeof(var_buffer));
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "local part longer than " SIZE_T_FMT
+ " in string expansion", sizeof(var_buffer));
Ustrncpy(var_buffer, s, domain - s);
var_buffer[domain - s] = 0;
return var_buffer;
case vtype_tode: /* Unix epoch time of day */
return tod_stamp(tod_epoch);
+ case vtype_todel: /* Unix epoch/usec time of day */
+ return tod_stamp(tod_epoch_l);
+
case vtype_todf: /* Full time of day */
return tod_stamp(tod_full);
}
return (s == NULL)? US"" : s;
- /* A recipients list is available only during system message filtering,
- during ACL processing after DATA, and while expanding pipe commands
- generated from a system filter, but not elsewhere. */
-
- case vtype_recipients:
- if (!enable_dollar_recipients) return NULL; else
+ case vtype_string_func:
{
- int size = 128;
- int ptr = 0;
- int i;
- s = store_get(size);
- for (i = 0; i < recipients_count; i++)
- {
- if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
- s = string_cat(s, &size, &ptr, recipients_list[i].address,
- Ustrlen(recipients_list[i].address));
- }
- s[ptr] = 0; /* string_cat() leaves room */
+ uschar * (*fn)() = var_table[middle].value;
+ return fn();
}
- return s;
case vtype_pspace:
{
+void
+modify_variable(uschar *name, void * value)
+{
+int first = 0;
+int last = var_table_size;
+
+while (last > first)
+ {
+ int middle = (first + last)/2;
+ int c = Ustrcmp(name, var_table[middle].name);
+
+ if (c > 0) { first = middle + 1; continue; }
+ if (c < 0) { last = middle; continue; }
+
+ /* Found an existing variable; change the item it refers to */
+ var_table[middle].value = value;
+ return;
+ }
+return; /* Unknown variable name, fail silently */
+}
+
+
+
+
+
/*************************************************
* Read and expand substrings *
*************************************************/
+/*
+Load args from sub array to globals, and call acl_check().
+Sub array will be corrupted on return.
+
+Returns: OK access is granted by an ACCEPT verb
+ DISCARD access is granted by a DISCARD verb
+ FAIL access is denied
+ FAIL_DROP access is denied; drop the connection
+ DEFER can't tell at the moment
+ ERROR disaster
+*/
+static int
+eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
+{
+int i;
+uschar *tmp;
+int sav_narg = acl_narg;
+int ret;
+extern int acl_where;
+
+if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg);
+for (i = 0; i < nsub && sub[i+1]; i++)
+ {
+ tmp = acl_arg[i];
+ acl_arg[i] = sub[i+1]; /* place callers args in the globals */
+ sub[i+1] = tmp; /* stash the old args using our caller's storage */
+ }
+acl_narg = i;
+while (i < nsub)
+ {
+ sub[i+1] = acl_arg[i];
+ acl_arg[i++] = NULL;
+ }
+
+DEBUG(D_expand)
+ debug_printf("expanding: acl: %s arg: %s%s\n",
+ sub[0],
+ acl_narg>0 ? acl_arg[0] : US"<none>",
+ acl_narg>1 ? " +more" : "");
+
+ret = acl_eval(acl_where, sub[0], user_msgp, &tmp);
+
+for (i = 0; i < nsub; i++)
+ acl_arg[i] = sub[i+1]; /* restore old args */
+acl_narg = sav_narg;
+
+return ret;
+}
+
+
+
+
/*************************************************
* Read and evaluate a condition *
*************************************************/
int_eximarith_t num[2];
struct stat statbuf;
uschar name[256];
-uschar *sub[4];
+uschar *sub[10];
const pcre *re;
const uschar *rerror;
Ustrncmp(name, "bheader_", 8) == 0)
{
s = read_header_name(name, 256, s);
+ /* {-for-text-editors */
if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
if (yield != NULL) *yield =
(find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
case ECOND_PWCHECK:
while (isspace(*s)) s++;
- if (*s != '{') goto COND_FAILED_CURLY_START;
+ if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE);
if (sub[0] == NULL) return NULL;
+ /* {-for-text-editors */
if (*s++ != '}') goto COND_FAILED_CURLY_END;
if (yield == NULL) return s; /* No need to run the test if skipping */
return s;
+ /* call ACL (in a conditional context). Accept true, deny false.
+ Defer is a forced-fail. Anything set by message= goes to $value.
+ Up to ten parameters are used; we use the braces round the name+args
+ like the saslauthd condition does, to permit a variable number of args.
+ See also the expansion-item version EITEM_ACL and the traditional
+ acl modifier ACLC_ACL.
+ */
+
+ case ECOND_ACL:
+ /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
+ {
+ uschar *user_msg;
+ BOOL cond = FALSE;
+ int size = 0;
+ int ptr = 0;
+
+ while (isspace(*s)) s++;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
+
+ switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1,
+ &s, yield == NULL, TRUE, US"acl"))
+ {
+ case 1: expand_string_message = US"too few arguments or bracketing "
+ "error for acl";
+ case 2:
+ case 3: return NULL;
+ }
+
+ if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
+ {
+ case OK:
+ cond = TRUE;
+ case FAIL:
+ lookup_value = NULL;
+ if (user_msg)
+ {
+ lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
+ lookup_value[ptr] = '\0';
+ }
+ *yield = cond == testfor;
+ break;
+
+ case DEFER:
+ expand_string_forcedfail = TRUE;
+ default:
+ expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
+ return NULL;
+ }
+ return s;
+ }
+
+
/* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
However, the last two are optional. That is why the whole set is enclosed
- in their own set or braces. */
+ in their own set of braces. */
case ECOND_SASLAUTHD:
#ifndef CYRUS_SASLAUTHD_SOCKET
goto COND_FAILED_NOT_COMPILED;
#else
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
{
case 1: expand_string_message = US"too few arguments or bracketing "
{
case ECOND_NUM_E:
case ECOND_NUM_EE:
- *yield = (num[0] == num[1]) == testfor;
+ tempcond = (num[0] == num[1]);
break;
case ECOND_NUM_G:
- *yield = (num[0] > num[1]) == testfor;
+ tempcond = (num[0] > num[1]);
break;
case ECOND_NUM_GE:
- *yield = (num[0] >= num[1]) == testfor;
+ tempcond = (num[0] >= num[1]);
break;
case ECOND_NUM_L:
- *yield = (num[0] < num[1]) == testfor;
+ tempcond = (num[0] < num[1]);
break;
case ECOND_NUM_LE:
- *yield = (num[0] <= num[1]) == testfor;
+ tempcond = (num[0] <= num[1]);
break;
case ECOND_STR_LT:
- *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
break;
case ECOND_STR_LTI:
- *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) < 0);
break;
case ECOND_STR_LE:
- *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
break;
case ECOND_STR_LEI:
- *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) <= 0);
break;
case ECOND_STR_EQ:
- *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
break;
case ECOND_STR_EQI:
- *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) == 0);
break;
case ECOND_STR_GT:
- *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
break;
case ECOND_STR_GTI:
- *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) > 0);
break;
case ECOND_STR_GE:
- *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
break;
case ECOND_STR_GEI:
- *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) >= 0);
break;
case ECOND_MATCH: /* Regular expression match */
"\"%s\": %s at offset %d", sub[1], rerror, roffset);
return NULL;
}
- *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
+ tempcond = regex_match_and_setup(re, sub[0], 0, -1);
break;
case ECOND_MATCH_ADDRESS: /* Match in an address list */
switch(rc)
{
case OK:
- *yield = testfor;
+ tempcond = TRUE;
break;
case FAIL:
- *yield = !testfor;
+ tempcond = FALSE;
break;
case DEFER:
/* Various "encrypted" comparisons. If the second string starts with
"{" then an encryption type is given. Default to crypt() or crypt16()
(build-time choice). */
+ /* }-for-text-editors */
case ECOND_CRYPTEQ:
#ifndef SUPPORT_CRYPTEQ
uschar *coded = auth_b64encode((uschar *)digest, 16);
DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+5);
- *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
+ tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
}
else if (sublen == 32)
{
coded[32] = 0;
DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+5);
- *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
+ tempcond = (strcmpic(coded, sub[1]+5) == 0);
}
else
{
DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
"fail\n crypted=%s\n", sub[1]+5);
- *yield = !testfor;
+ tempcond = FALSE;
}
}
uschar *coded = auth_b64encode((uschar *)digest, 20);
DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+6);
- *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
+ tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
}
else if (sublen == 40)
{
coded[40] = 0;
DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+6);
- *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
+ tempcond = (strcmpic(coded, sub[1]+6) == 0);
}
else
{
DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
"fail\n crypted=%s\n", sub[1]+6);
- *yield = !testfor;
+ tempcond = FALSE;
}
}
sub[1] += 9;
which = 2;
}
- else if (sub[1][0] == '{')
+ else if (sub[1][0] == '{') /* }-for-text-editors */
{
expand_string_message = string_sprintf("unknown encryption mechanism "
"in \"%s\"", sub[1]);
salt), force failure. Otherwise we get false positives: with an empty
string the yield of crypt() is an empty string! */
- *yield = (Ustrlen(sub[1]) < 2)? !testfor :
- (Ustrcmp(coded, sub[1]) == 0) == testfor;
+ tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
+ (Ustrcmp(coded, sub[1]) == 0);
}
break;
#endif /* SUPPORT_CRYPTEQ */
case ECOND_INLISTI:
{
int sep = 0;
- BOOL found = FALSE;
uschar *save_iterate_item = iterate_item;
int (*compare)(const uschar *, const uschar *);
+ tempcond = FALSE;
if (cond_type == ECOND_INLISTI)
compare = strcmpic;
else
while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
if (compare(sub[0], iterate_item) == 0)
{
- found = TRUE;
+ tempcond = TRUE;
break;
}
iterate_item = save_iterate_item;
- *yield = found;
}
} /* Switch for comparison conditions */
+ *yield = tempcond == testfor;
return s; /* End of comparison conditions */
combined_cond = (cond_type == ECOND_AND);
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
for (;;)
{
while (isspace(*s)) s++;
+ /* {-for-text-editors */
if (*s == '}') break;
- if (*s != '{')
+ if (*s != '{') /* }-for-text-editors */
{
expand_string_message = string_sprintf("each subcondition "
"inside an \"%s{...}\" condition must be in its own {}", name);
}
while (isspace(*s)) s++;
+ /* {-for-text-editors */
if (*s++ != '}')
{
+ /* {-for-text-editors */
expand_string_message = string_sprintf("missing } at end of condition "
"inside \"%s\" group", name);
return NULL;
uschar *save_iterate_item = iterate_item;
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE);
if (sub[0] == NULL) return NULL;
+ /* {-for-text-editors */
if (*s++ != '}') goto COND_FAILED_CURLY_END;
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
sub[1] = s;
}
while (isspace(*s)) s++;
+ /* {-for-text-editors */
if (*s++ != '}')
{
+ /* {-for-text-editors */
expand_string_message = string_sprintf("missing } at end of condition "
"inside \"%s\"", name);
return NULL;
size_t len;
BOOL boolvalue = FALSE;
while (isspace(*s)) s++;
- if (*s != '{') goto COND_FAILED_CURLY_START;
+ if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname))
{
* can just let the other invalid results occur otherwise, as they have
* until now. For this one case, we can coerce.
*/
- if (y == -1 && x == LLONG_MIN && op != '*')
+ if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
{
DEBUG(D_expand)
debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
- LLONG_MIN, op, LLONG_MAX);
- x = LLONG_MAX;
+ EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
+ x = EXIM_ARITH_MAX;
continue;
}
if (op == '*')
There's a problem if a ${dlfunc item has side-effects that cause allocation,
since resetting the store at the end of the expansion will free store that was
allocated by the plugin code as well as the slop after the expanded string. So
-we skip any resets if ${dlfunc has been used. This is an unfortunate
-consequence of string expansion becoming too powerful.
+we skip any resets if ${dlfunc has been used. The same applies for ${acl. This
+is an unfortunate consequence of string expansion becoming too powerful.
Arguments:
string the string to be expanded
switch(item_type)
{
+ /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
+ If the ACL returns accept or reject we return content set by "message ="
+ There is currently no limit on recursion; this would have us call
+ acl_check_internal() directly and get a current level from somewhere.
+ See also the acl expansion condition ECOND_ACL and the traditional
+ acl modifier ACLC_ACL.
+ Assume that the function has side-effects on the store that must be preserved.
+ */
+
+ case EITEM_ACL:
+ /* ${acl {name} {arg1}{arg2}...} */
+ {
+ uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */
+ uschar *user_msg;
+
+ switch(read_subs(sub, 10, 1, &s, skipping, TRUE, US"acl"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+ if (skipping) continue;
+
+ resetok = FALSE;
+ switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
+ {
+ case OK:
+ case FAIL:
+ if (user_msg)
+ yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
+ continue;
+
+ case DEFER:
+ expand_string_forcedfail = TRUE;
+ default:
+ expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
+ goto EXPAND_FAILED;
+ }
+ }
+
/* Handle conditionals - preserve the values of the numerical expansion
variables in case they get changed by a regular expression match in the
condition. If not, they retain their external settings. At the end
continue;
}
+ /* Convert octets outside 0x21..0x7E to \xXX form */
+
+ case EOP_HEXQUOTE:
+ {
+ uschar *t = sub - 1;
+ while (*(++t) != 0)
+ {
+ if (*t < 0x21 || 0x7E < *t)
+ yield = string_cat(yield, &size, &ptr,
+ string_sprintf("\\x%02x", *t), 4);
+ else
+ yield = string_cat(yield, &size, &ptr, t, 1);
+ }
+ continue;
+ }
+
+ /* count the number of list elements */
+
+ case EOP_LISTCOUNT:
+ {
+ int cnt = 0;
+ int sep = 0;
+ uschar * cp;
+ uschar buffer[256];
+
+ while (string_nextinlist(&sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
+ cp = string_sprintf("%d", cnt);
+ yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
+ continue;
+ }
+
+ /* expand a named list given the name */
+ /* handles nested named lists; requotes as colon-sep list */
+
+ case EOP_LISTNAMED:
+ {
+ tree_node *t = NULL;
+ uschar * list;
+ int sep = 0;
+ uschar * item;
+ uschar * suffix = US"";
+ BOOL needsep = FALSE;
+ uschar buffer[256];
+
+ if (*sub == '+') sub++;
+ if (arg == NULL) /* no-argument version */
+ {
+ if (!(t = tree_search(addresslist_anchor, sub)) &&
+ !(t = tree_search(domainlist_anchor, sub)) &&
+ !(t = tree_search(hostlist_anchor, sub)))
+ t = tree_search(localpartlist_anchor, sub);
+ }
+ else switch(*arg) /* specific list-type version */
+ {
+ case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break;
+ case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break;
+ case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break;
+ case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
+ default:
+ expand_string_message = string_sprintf("bad suffix on \"list\" operator");
+ goto EXPAND_FAILED;
+ }
+
+ if(!t)
+ {
+ expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
+ sub, !arg?""
+ : *arg=='a'?"address "
+ : *arg=='d'?"domain "
+ : *arg=='h'?"host "
+ : *arg=='l'?"localpart "
+ : 0);
+ goto EXPAND_FAILED;
+ }
+
+ list = ((namedlist_block *)(t->data.ptr))->string;
+
+ while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
+ {
+ uschar * buf = US" : ";
+ if (needsep)
+ yield = string_cat(yield, &size, &ptr, buf, 3);
+ else
+ needsep = TRUE;
+
+ if (*item == '+') /* list item is itself a named list */
+ {
+ uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
+ item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE);
+ }
+ else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
+ {
+ char * cp;
+ char tok[3];
+ tok[0] = sep; tok[1] = ':'; tok[2] = 0;
+ while ((cp= strpbrk((const char *)item, tok)))
+ {
+ yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
+ if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
+ {
+ yield = string_cat(yield, &size, &ptr, US"::", 2);
+ item = (uschar *)cp;
+ }
+ else /* sep in item; should already be doubled; emit once */
+ {
+ yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
+ if (*cp == sep) cp++;
+ item = (uschar *)cp;
+ }
+ }
+ }
+ yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
+ }
+ continue;
+ }
+
/* mask applies a mask to an IP address; for example the result of
${mask:131.111.10.206/28} is 131.111.10.192/28. */
}
else
{
- if (tolower(*endptr) == 'k')
+ switch (tolower(*endptr))
{
- if (value > LLONG_MAX/1024 || value < LLONG_MIN/1024) errno = ERANGE;
+ default:
+ break;
+ case 'k':
+ if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE;
else value *= 1024;
- endptr++;
- }
- else if (tolower(*endptr) == 'm')
- {
- if (value > LLONG_MAX/(1024*1024) || value < LLONG_MIN/(1024*1024))
- errno = ERANGE;
- else value *= 1024*1024;
- endptr++;
+ endptr++;
+ break;
+ case 'm':
+ if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE;
+ else value *= 1024*1024;
+ endptr++;
+ break;
+ case 'g':
+ if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE;
+ else value *= 1024*1024*1024;
+ endptr++;
+ break;
}
if (errno == ERANGE)
msg = US"absolute value of integer \"%s\" is too large (overflow)";
else
{
while (isspace(*endptr)) endptr++;
- if (*endptr == 0) return (int)value;
+ if (*endptr == 0) return value;
}
}
#ifdef LOOKUP_PGSQL
pgsql_servers = argv[i];
#endif
+ #ifdef EXPERIMENTAL_REDIS
+ redis_servers = argv[i];
+ #endif
}
#ifdef EXIM_PERL
else opt_perl_startup = argv[i];